madapes/cloudlysis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
cloudlysis/docker/scripts/s3_verify_docs.sh
Vlad Durnea 2595e7f1c5
Some checks failed
ci / ui (push) Failing after 28s
Details
ci / rust (push) Failing after 2m40s
Details
images / build-and-push (push) Failing after 19s
Details
feat(billing): implement tenant subscription entitlements system (milestones 0-6)
2026-03-30 18:41:23 +03:00

78 lines
2.7 KiB
Bash
Raw Permalink Blame History

#!/bin/sh
set -eu
# Verifies Control API S3 document storage permissions using `aws` CLI.
#
# This script is intentionally parameterized so it can run against Hetzner or any S3-compatible backend.
# It does NOT require Control API to be running; it validates the underlying bucket/prefix permissions.
#
# Required env:
# - S3_ENDPOINT (e.g. https://<hetzner-endpoint>)
# - S3_REGION
# - S3_BUCKET_DOCS
# Optional env:
# - S3_PREFIX_DOCS (default docs/)
# - S3_FORCE_PATH_STYLE (true/false; default false)
# - AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY (or AWS_PROFILE)
#
# Notes:
# - For S3-compatible providers, prefer `aws s3api` with `--endpoint-url`.
# - We set `AWS_EC2_METADATA_DISABLED=true` to avoid IMDS delays in containers/CI.
need() {
name="$1"
val="$(printenv "$name" 2>/dev/null || true)"
if [ -z "$val" ]; then
echo "missing env: $name" >&2
exit 2
fi
}
need S3_ENDPOINT
need S3_REGION
need S3_BUCKET_DOCS
S3_PREFIX_DOCS="${S3_PREFIX_DOCS:-docs/}"
case "$S3_PREFIX_DOCS" in
*/) ;;
*) S3_PREFIX_DOCS="${S3_PREFIX_DOCS}/" ;;
esac
S3_FORCE_PATH_STYLE="${S3_FORCE_PATH_STYLE:-false}"
if ! command -v aws >/dev/null 2>&1; then
echo "missing dependency: aws (AWS CLI v2 recommended)" >&2
exit 2
fi
export AWS_EC2_METADATA_DISABLED=true
export AWS_DEFAULT_REGION="$S3_REGION"
export AWS_REGION="$S3_REGION"
endpoint_args="--endpoint-url=$S3_ENDPOINT"
path_style_args=""
if [ "$S3_FORCE_PATH_STYLE" = "true" ] || [ "$S3_FORCE_PATH_STYLE" = "1" ]; then
path_style_args="--no-verify-ssl --cli-connect-timeout 10 --cli-read-timeout 30"
# NOTE: AWS CLI doesn't have a universal "force path style" flag for all s3api calls.
# For S3-compatible endpoints it generally works as long as the endpoint expects path-style.
# If your provider requires it and aws CLI fails, consider setting AWS_S3_FORCE_PATH_STYLE=1
# in newer CLIs or using s3cmd/minio client for validation.
fi
key="${S3_PREFIX_DOCS}smoke/$(date +%s)-$$.txt"
tmp="$(mktemp)"
trap 'rm -f "$tmp" >/dev/null 2>&1 || true' EXIT
printf "cloudlysis s3 verify\n" >"$tmp"
echo "== docs bucket head/list prefix =="
aws s3api head-bucket $endpoint_args --bucket "$S3_BUCKET_DOCS" >/dev/null
aws s3api list-objects-v2 $endpoint_args --bucket "$S3_BUCKET_DOCS" --prefix "$S3_PREFIX_DOCS" --max-items 1 >/dev/null
echo "== put/get/delete object under prefix =="
aws s3api put-object $endpoint_args --bucket "$S3_BUCKET_DOCS" --key "$key" --body "$tmp" >/dev/null
aws s3api get-object $endpoint_args --bucket "$S3_BUCKET_DOCS" --key "$key" /dev/null >/dev/null
aws s3api delete-object $endpoint_args --bucket "$S3_BUCKET_DOCS" --key "$key" >/dev/null
echo "ok: verified S3 docs permissions for s3://$S3_BUCKET_DOCS/$S3_PREFIX_DOCS"
Reference in New Issue View Git Blame Copy Permalink