gitea-admin
/
communication-keys
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

adds auto-find for secrets files, simplifies docs

Browse Source
ADP-216-uat-sops-step2_003
LeeW 10 months ago
parent 84b56f8996
commit 428cf42fc7
2 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File

10
bin/update_sops.sh
Unescape Escape View File

@ -134,6 +134,7 @@ function main(){
groups_def_dir="${repo_root}/groups" groups_def_dir="${repo_root}/groups"
opt_list_groups=0 opt_list_groups=0
groups_list=() groups_list=()
opt_find_secrets=0
secrets_file_list=() secrets_file_list=()
while (( $# >= 1 ));do while (( $# >= 1 ));do
@ -149,6 +150,8 @@ function main(){
-lg|--list_groups) opt_list_groups=1 ;; -lg|--list_groups) opt_list_groups=1 ;;
# ARGS: [optional] [list] specify "groups" which correspond to e.g. job groups, projects, etc # ARGS: [optional] [list] specify "groups" which correspond to e.g. job groups, projects, etc
-g|--group) groups_list+=( "${2}" ); shift ;; -g|--group) groups_list+=( "${2}" ); shift ;;
# ARGS: [optional] update all "secrets.yaml" files found below .sops.yaml location
-f|--find_secrets) opt_find_secrets=1;;
# ARGS: [optional] [list] specify files containing sops-encrypted secrets # ARGS: [optional] [list] specify files containing sops-encrypted secrets
-s|--secrets_file|-f|--file) secrets_file_list+=( "${2}" ); shift ;; -s|--secrets_file|-f|--file) secrets_file_list+=( "${2}" ); shift ;;
# ARGS: [optional] [list] specify files containing sops-encrypted secrets # ARGS: [optional] [list] specify files containing sops-encrypted secrets
@ -182,12 +185,19 @@ function main(){
# locate appropriate sops config if default assumption not found # locate appropriate sops config if default assumption not found
# dev note: '2> /dev/null' to disable debug output # dev note: '2> /dev/null' to disable debug output
sops_config="$(fn_sops_locate_config_in_git_repo 2> /dev/null)" sops_config="$(fn_sops_locate_config_in_git_repo 2> /dev/null)"
sops_config_dir="$(basename "${sops_config}")"
fi fi
# Paths to Secrets Files
if [[ "${#secrets_file_list[@]}" != "0" ]]; then if [[ "${#secrets_file_list[@]}" != "0" ]]; then
for secrets_file in "${secrets_file_list[@]}"; do for secrets_file in "${secrets_file_list[@]}"; do
test -e "${secrets_file}" || (echo "E: could not locate file with secrets, tried: ${secrets_file}" && exit 1) test -e "${secrets_file}" || (echo "E: could not locate file with secrets, tried: ${secrets_file}" && exit 1)
done done
fi fi
if [[ "${opt_find_secrets}" -eq 1 ]]; then
found_secrets_file_list="$(find "${sops_config_dir}" -name secrets.yaml)"
secrets_file_list+=("$(find "${sops_config_dir}" -name secrets.yaml)")
fi
# /VALIDATE INPUTS # /VALIDATE INPUTS
# /OPTIONS: ARGPARSING and VALIDATION # /OPTIONS: ARGPARSING and VALIDATION

27
verify/test.sh
Unescape Escape View File

@ -77,6 +77,33 @@ else
>&2 echo "# INFO: skipping ...." >&2 echo "# INFO: skipping ...."
fi fi
# ---
if [[ 1 -eq 1 ]]; then
>&2 echo -e "# ---\n# TEST: auto-find secrets files"
# SETUP
_tmp_mock_secrets_filepath='mock_hierarchy/secrets.yaml'
mkdir -p "$(dirname "${_tmp_mock_secrets_filepath}")"
touch "${_tmp_mock_secrets_filepath}"
# RUN
# set -x
# suspend strict: check output for errors
set +e
# move 'set -x' within the sub-shell, otherwise all output dumped to tty
# ... bug: stderr still gets printed, not sure why. E.g. '# RUN: sops updatekeys mock_secrets.yaml'
_out="$(set -x; ../bin/update_sops.sh -c "${PWD}" --find_secrets 2>&1 )"
# re-enable strict
set -e
set +x
grep "${_tmp_mock_secrets_filepath}" <<< "${_out}"
set -e
# TEARDOWN
rm -rf "${_tmp_mock_secrets_filepath}"
# enmesh: restore, since this particular one is checked in
git checkout "${PWD}/.sops.yaml" > /dev/null 2>&1
else
>&2 echo "# INFO: skipping ...."
fi
# --- # ---
if [[ 1 -eq 1 ]]; then if [[ 1 -eq 1 ]]; then
>&2 echo -e "# ---\n# TEST: induce error: invalid file" >&2 echo -e "# ---\n# TEST: induce error: invalid file"

Write Preview
Loading…
Cancel
Save