egullickson/motovaultpro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2e1b588270b97d58e994a8a537fa95efc5ff4991
motovaultpro/scripts/config-validator.sh
Eric Gullickson 040da4c759 k8s redesign complete
2025-09-18 22:44:30 -05:00

294 lines
8.6 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Configuration Management Validator (K8s-equivalent)
# Validates configuration files and secrets before deployment
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Configuration
CONFIG_DIR="$PROJECT_ROOT/config"
SECRETS_DIR="$PROJECT_ROOT/secrets"
echo -e "${BLUE}🔍 Configuration Management Validator${NC}"
echo -e "${BLUE}======================================${NC}"
echo
# Function to validate YAML syntax
validate_yaml() {
local file="$1"
echo -n " Validating $file... "
if command -v yq > /dev/null 2>&1; then
if yq eval '.' "$file" > /dev/null 2>&1; then
echo -e "${GREEN}✅ Valid${NC}"
return 0
else
echo -e "${RED}❌ Invalid YAML${NC}"
return 1
fi
elif command -v python3 > /dev/null 2>&1; then
if python3 -c "import yaml; yaml.safe_load(open('$file'))" > /dev/null 2>&1; then
echo -e "${GREEN}✅ Valid${NC}"
return 0
else
echo -e "${RED}❌ Invalid YAML${NC}"
return 1
fi
else
echo -e "${YELLOW}⚠️ Cannot validate (no yq or python3)${NC}"
return 0
fi
}
# Function to check required secrets
check_secrets() {
local secrets_dir="$1"
local service_name="$2"
echo "📁 Checking $service_name secrets:"
local required_secrets
case "$service_name" in
"app")
required_secrets=(
"postgres-password.txt"
"minio-access-key.txt"
"minio-secret-key.txt"
"platform-vehicles-api-key.txt"
"platform-tenants-api-key.txt"
"service-auth-token.txt"
"auth0-client-secret.txt"
"google-maps-api-key.txt"
)
;;
"platform")
required_secrets=(
"platform-db-password.txt"
"vehicles-db-password.txt"
"vehicles-api-key.txt"
"tenants-api-key.txt"
"allowed-service-tokens.txt"
)
;;
esac
local missing_secrets=()
for secret in "${required_secrets[@]}"; do
local secret_file="$secrets_dir/$secret"
if [[ -f "$secret_file" ]]; then
# Check if file is not empty
if [[ -s "$secret_file" ]]; then
echo -e " $secret: ${GREEN}✅ Present${NC}"
else
echo -e " $secret: ${YELLOW}⚠️ Empty${NC}"
missing_secrets+=("$secret")
fi
else
echo -e " $secret: ${RED}❌ Missing${NC}"
missing_secrets+=("$secret")
fi
done
if [[ ${#missing_secrets[@]} -gt 0 ]]; then
echo -e " ${RED}Missing secrets: ${missing_secrets[*]}${NC}"
return 1
fi
return 0
}
# Function to validate configuration structure
validate_config_structure() {
echo "🏗️ Validating configuration structure:"
local required_configs=(
"$CONFIG_DIR/app/production.yml"
"$CONFIG_DIR/platform/production.yml"
"$CONFIG_DIR/shared/production.yml"
)
local missing_configs=()
for config in "${required_configs[@]}"; do
if [[ -f "$config" ]]; then
echo -e " $(basename "$config"): ${GREEN}✅ Present${NC}"
if ! validate_yaml "$config"; then
missing_configs+=("$config")
fi
else
echo -e " $(basename "$config"): ${RED}❌ Missing${NC}"
missing_configs+=("$config")
fi
done
if [[ ${#missing_configs[@]} -gt 0 ]]; then
echo -e " ${RED}Issues with configs: ${missing_configs[*]}${NC}"
return 1
fi
return 0
}
# Function to validate docker-compose configuration
validate_docker_compose() {
echo "🐳 Validating Docker Compose configuration:"
local compose_file="$PROJECT_ROOT/docker-compose.yml"
if [[ ! -f "$compose_file" ]]; then
echo -e " ${RED}❌ docker-compose.yml not found${NC}"
return 1
fi
echo -n " Checking docker-compose.yml syntax... "
if docker compose -f "$compose_file" config > /dev/null 2>&1; then
echo -e "${GREEN}✅ Valid${NC}"
else
echo -e "${RED}❌ Invalid${NC}"
return 1
fi
# Check for required volume mounts
echo -n " Checking configuration mounts... "
if grep -q "config.*production.yml" "$compose_file" && grep -q "/run/secrets" "$compose_file"; then
echo -e "${GREEN}✅ Configuration mounts present${NC}"
else
echo -e "${YELLOW}⚠️ Configuration mounts may be missing${NC}"
fi
return 0
}
# Function to generate missing secrets template
generate_secrets_template() {
echo "📝 Generating secrets template:"
for service in app platform; do
local secrets_dir="$SECRETS_DIR/$service"
local template_file="$secrets_dir/.secrets-setup.sh"
echo " Creating $service secrets setup script..."
cat > "$template_file" << 'EOF'
#!/bin/bash
# Auto-generated secrets setup script
# Run this script to create placeholder secret files
SECRETS_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
echo "Setting up secrets in $SECRETS_DIR"
EOF
# Add service-specific secret creation commands
case "$service" in
"app")
cat >> "$template_file" << 'EOF'
# Application secrets
echo "localdev123" > "$SECRETS_DIR/postgres-password.txt"
echo "minioadmin" > "$SECRETS_DIR/minio-access-key.txt"
echo "minioadmin123" > "$SECRETS_DIR/minio-secret-key.txt"
echo "mvp-platform-vehicles-secret-key" > "$SECRETS_DIR/platform-vehicles-api-key.txt"
echo "mvp-platform-tenants-secret-key" > "$SECRETS_DIR/platform-tenants-api-key.txt"
echo "admin-backend-service-token" > "$SECRETS_DIR/service-auth-token.txt"
echo "your-auth0-client-secret" > "$SECRETS_DIR/auth0-client-secret.txt"
echo "your-google-maps-api-key" > "$SECRETS_DIR/google-maps-api-key.txt"
EOF
;;
"platform")
cat >> "$template_file" << 'EOF'
# Platform secrets
echo "platform123" > "$SECRETS_DIR/platform-db-password.txt"
echo "platform123" > "$SECRETS_DIR/vehicles-db-password.txt"
echo "mvp-platform-vehicles-secret-key" > "$SECRETS_DIR/vehicles-api-key.txt"
echo "mvp-platform-tenants-secret-key" > "$SECRETS_DIR/tenants-api-key.txt"
echo "admin-backend-service-token,mvp-platform-vehicles-service-token" > "$SECRETS_DIR/allowed-service-tokens.txt"
EOF
;;
esac
cat >> "$template_file" << 'EOF'
echo "✅ Secrets setup complete for this service"
echo "⚠️ Remember to update with real values for production!"
EOF
chmod +x "$template_file"
done
}
# Main validation
main() {
local validation_failed=false
echo "🚀 Starting configuration validation..."
echo
# Validate configuration structure
if ! validate_config_structure; then
validation_failed=true
fi
echo
# Check secrets
echo "🔐 Validating secrets:"
if ! check_secrets "$SECRETS_DIR/app" "app"; then
validation_failed=true
fi
echo
if ! check_secrets "$SECRETS_DIR/platform" "platform"; then
validation_failed=true
fi
echo
# Validate Docker Compose
if ! validate_docker_compose; then
validation_failed=true
fi
echo
if [[ "$validation_failed" == "true" ]]; then
echo -e "${RED}❌ Validation failed!${NC}"
echo
echo "To fix issues:"
echo " 1. Run: ./scripts/config-validator.sh --generate-templates"
echo " 2. Update secret values in secrets/ directories"
echo " 3. Re-run validation"
if [[ "$1" == "--generate-templates" ]]; then
echo
generate_secrets_template
fi
exit 1
else
echo -e "${GREEN}✅ All validations passed!${NC}"
echo -e "${GREEN}🎉 Configuration is ready for K8s-equivalent deployment${NC}"
exit 0
fi
}
# Handle command line arguments
if [[ "$1" == "--generate-templates" ]]; then
generate_secrets_template
echo -e "${GREEN}✅ Secret templates generated${NC}"
echo "Run the generated scripts in secrets/app/ and secrets/platform/"
exit 0
elif [[ "$1" == "--help" ]]; then
echo "Configuration Management Validator"
echo
echo "Usage:"
echo " $0 - Run full validation"
echo " $0 --generate-templates - Generate secret setup scripts"
echo " $0 --help - Show this help"
exit 0
fi
main "$@"
Reference in New Issue View Git Blame Copy Permalink