I can execute api-call using terraform, but not bash.
This terraform code works:
curl -X POST https://circleci.com/api/v2/project/gh/some-organization/${var.repository_name}/envvar \
-H 'Content-Type: application/json' \
-H 'Circle-Token: ${data.aws_ssm_parameter.ct[0].value}' \
-d '{"name":"AWS_ACCOUNT_ID_${upper(var.environment)}","value":"${data.aws_caller_identity.current.account_id}"}'
This is my bash code that doesn't work:
#!/bin/bash
user=$1
repo=$2
lower_env=$3
env=$(echo "$lower_env" | tr '[:lower:]' '[:upper:]')
token="1234567890"
......
NEW_ACCESS_KEY_ID="$(aws iam list-access-keys --user-name $user | jq -r '.AccessKeyMetadata[].AccessKeyId')"
......
curl -X POST https://circleci.com/api/v2/project/gh/some-organization/$repo/envvar \
-H 'Content-Type: application/json' \
-H 'Circle-Token:${token}' \
-d '{"name":"AWS_ACCESS_KEY_ID_${env}","value":"\'$NEW_ACCESS_KEY_ID'\"}'
As I understand, main problem happens with passing variable token inside curl, I tried shielding - ' '\ - but no luck.
-H 'Content-Type: application/json' \
-H 'Circle-Token: \'$token'\' \
-d '{"name":"AWS_SECRET_ACCESS_KEY_${upper(\'$env'\}","value":"\'$NEW_SECRET_ACCESS_KEY'\"}'
I tried to echo curl itself from bash, it looks correct:
curl -X POST https://circleci.com/api/v2/project/gh/some-ogranization/repo-from-token/envvar -H 'Circle-Token: 1234567890'
The working code, the solution:
curl -X POST "https://circleci.com/api/v2/project/gh/some-organization/$repo/envvar" \
-H "Content-Type: application/json" \
-H "Circle-Token: $token" \
-d "{\"name\":\"AWS_ACCESS_KEY_ID_${env}\",\"value\":\"$NEW_ACCESS_KEY_ID\"}"
I think the problem is with the syntax for passing the Circle-Token
header,you used ${data.aws_ssm_parameter.ct[0].value}
to interpolate the value of the Circle-Token
header, and you used single quotes ('
) around the Circle-Token
header value, which prevents variable interpolation,so just use double quotes ("
) !
#!/bin/bash
user=$1
repo=$2
lower_env=$3
env=${lower_env^^}
token="1234567890"
......
NEW_ACCESS_KEY_ID="$(aws iam list-access-keys --user-name $user | jq -r '.AccessKeyMetadata[].AccessKeyId')"
......
curl -X POST "https://circleci.com/api/v2/project/gh/some-organization/$repo/envvar" \
-H "Content-Type: application/json" \
-H "Circle-Token: $token" \
-d "{\"name\":\"AWS_ACCESS_KEY_ID_${env}\",\"value\":\"$NEW_ACCESS_KEY_ID\"}"
If you like, you could reduce the escaping in the -d
argument by only exposing the variables to the shell for interpretation rather than the whole argument string either by concatenation:
curl ...
-d '{"name":"AWS_ACCESS_KEY_ID_'"${env}"'","value":"'"$NEW_ACCESS_KEY_ID"'"}'
or calling printf
:
curl ...
-d "$(printf '{"name":"AWS_ACCESS_KEY_ID_%s","value":"%s"}' "$PWD" "$HOME")"
or by populating a variable to be used as that argument:
data='{"name":"AWS_ACCESS_KEY_ID_'"${env}"'","value":"'"$NEW_ACCESS_KEY_ID"'"}'
or:
printf -v data '{"name":"AWS_ACCESS_KEY_ID_%s","value":"%s"}' "$env" "$NEW_ACCESS_KEY_ID"
followed by:
curl ...
-d "$data"