fabric-samples/test-network-k8s-operator/scripts/utils.sh

#!/bin/bash

function print() {
	GREEN='\033[0;32m'
  NC='\033[0m'
  echo
	echo -e "${GREEN}${1}${NC}"
}

SUCCESS="✅"
WARN="⚠️ "

# tests if varname is defined in the env AND it's an existing directory
function must_declare() {
  local varname=$1

  if [[ ${!varname+x} ]]
  then
    printf "\r%s %-30s%s\n" $SUCCESS $varname ${!varname}
  else
    printf "\r%s  %-30s %s\n" $WARN $varname
    EXIT=1
  fi
}

function check() {
  local name=$1
  local message=$2

  printf "🤔 %s" $name

  if $name &>/dev/null ; then
    printf "\r%s %-30s" $SUCCESS $name
  else
    printf "\r%s  %-30s" $WARN $name
    EXIT=1
  fi

  echo $message
}

function wait_for() {
  local type=$1
  local name=$2

  kubectl -n ${NAMESPACE} wait $type $name --for jsonpath='{.status.type}'=Deployed --timeout=3m
  kubectl -n ${NAMESPACE} rollout status deploy $name
}

function apply_template() {
  local template=$1
  cat ${template} | envsubst | kubectl -n ${NAMESPACE} apply -f -
}

# Read a certificate by name from a node connection-profile config map.
function connection_profile_cert() {
  local node=$1
  local path=$2

  kubectl -n ${NAMESPACE} get cm/${node}-connection-profile -o json \
    | jq -r .binaryData.\"profile.json\" \
    | base64 -d \
    | jq -r ${path}
}

# Extract, decode, and save a certificate in .pem format to a local file
function write_pem() {
  local node=$1
  local jq_path=$2
  local to_file=$3

  mkdir -p $(dirname $to_file)

  echo $(connection_profile_cert $node $jq_path) | base64 -d >& $to_file
}

# create an enrollment MSP config.yaml
function write_msp_config() {
  local ca_name=$1
  local ca_cert_name=$2
  local msp_dir=$3

  cat << EOF > ${msp_dir}/config.yaml
NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/${ca_cert_name}
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/${ca_cert_name}
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/${ca_cert_name}
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/${ca_cert_name}
    OrganizationalUnitIdentifier: orderer
EOF
}

# Enroll a user at an org CA.
function enroll() {
  do_enroll msp ca $@
}

# Enroll a user at an org TLS CA
function enroll_tls() {
  do_enroll tls tlsca $@
}

function do_enroll() {
  local msp_type=$1
  local caname=$2
  local org=$3
  local user=$4
  local pazz=$5

  # Skip the enrollment if a previous enrollment key exists.
  local user_dir=$ENROLLMENTS_DIR/$user
  local user_key=$user_dir/$msp_type/keystore/key.pem

  if [ -f "$user_key" ]; then
    print "$user has already been enrolled at $org $caname"
    return
  fi

  print "enrolling $org $caname $user"
  local ca_url=https://${user}:${pazz}@${org}-ca-ca.${org}.localho.st
  local tls_certfile=$ENROLLMENTS_DIR/ca-tls-cert.pem

  fabric-ca-client  enroll \
    --url           $ca_url \
    --tls.certfiles $tls_certfile \
    --mspdir        $user_dir/$msp_type \
    --caname        $caname

  # Enrollment creates a key with a dynamic, hashed file name.  Move this to a predictable location
  mv $user_dir/$msp_type/keystore/*_sk $user_key
}

# Set the peer CLI environment in order to run commands as an org admin
function appear_as() {
  local mspid=$1
  local org=$2
  local peer=$3

  export FABRIC_CFG_PATH=${PWD}/channel-config/config
  export CORE_PEER_ADDRESS=${org}-${peer}-peer.${org}.localho.st:443
  export CORE_PEER_LOCALMSPID=${mspid}
  export CORE_PEER_MSPCONFIGPATH=$PWD/organizations/${org}/enrollments/${org}admin/msp
  export CORE_PEER_TLS_ENABLED=true
  export CORE_PEER_TLS_ROOTCERT_FILE=$PWD/channel-config/organizations/peerOrganizations/${org}.localho.st/msp/tlscacerts/tlsca-signcert.pem
  export CORE_PEER_CLIENT_CONNTIMEOUT=15s
  export CORE_PEER_DELIVERYCLIENT_CONNTIMEOUT=15s

  export ORDERER_ENDPOINT=org0-orderernode1-orderer.org0.localho.st:443
  export ORDERER_TLS_CERT=${PWD}/channel-config/organizations/ordererOrganizations/org0.localho.st/orderers/orderernode1/tls/signcerts/tls-cert.pem
}