gitea-admin
/
communication-keys
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

refactor - consolidate into main function

Browse Source
ADP-216_sops_automation
LeeW 10 months ago
parent 545f5bce21
commit e2c2f77459
1 changed files with 95 additions and 92 deletions
Show Stats Download Patch File Download Diff File

105
bin/update_sops.sh
Unescape Escape View File

@ -113,23 +113,24 @@ fn_sops_updatekeys_and_verify(){
GPG_TTY=$(tty) sops -d "${sops_enc_file}" GPG_TTY=$(tty) sops -d "${sops_enc_file}"
} }
# "anchor" for actions relevant to this script function main(){
repo_root="$(realpath $(dirname "${BASH_SOURCE[0]}")/..)" # "anchor" for actions relevant to this script
# OPTIONS: ARGPARSING and VALIDATION repo_root="$(realpath $(dirname "${BASH_SOURCE[0]}")/..)"
# assume location of script as running directly from repo with keys (instead of as a standalone packaged tool) # OPTIONS: ARGPARSING and VALIDATION
keyfiles_dir="${repo_root}" # assume location of script as running directly from repo with keys (instead of as a standalone packaged tool)
# assume location of secrets config file in pwd keyfiles_dir="${repo_root}"
sops_config_dir="${PWD}" # assume location of secrets config file in pwd
# path to role definitions sops_config_dir="${PWD}"
roles_def_dir="${repo_root}/roles" # path to role definitions
# optional: roles_def_dir="${repo_root}/roles"
opt_list_roles=0 # optional:
# optional: specify "roles" opt_list_roles=0
roles_list=() # optional: specify "roles"
# optional: secrets files to be updated roles_list=()
secrets_file_list=() # optional: secrets files to be updated
secrets_file_list=()
while (( $# >= 1 ));do
while (( $# >= 1 ));do
cur="${1}"; cur="${1}";
case $cur in case $cur in
# ARGS: print this help # ARGS: print this help
@ -148,64 +149,66 @@ while (( $# >= 1 ));do
*) secrets_file_list+=( "${cur}" ) *) secrets_file_list+=( "${cur}" )
esac esac
shift; shift;
done done
# Resolve Parameters # Resolve Parameters
# ... i.e. combine,override,etc options which interact # ... i.e. combine,override,etc options which interact
if [[ "${#roles_list[@]}" -eq 1 ]]; then if [[ "${#roles_list[@]}" -eq 1 ]]; then
# simply change keyfiles_dir to the "roles" dir # simply change keyfiles_dir to the "roles" dir
keyfiles_dir="${roles_def_dir}/${roles_list[0]}" keyfiles_dir="${roles_def_dir}/${roles_list[0]}"
elif [[ "${#roles_list[@]}" -gt 1 ]]; then elif [[ "${#roles_list[@]}" -gt 1 ]]; then
>&2 echo "# ERROR: only specify one role" >&2 echo "# ERROR: only specify one role"
exit 1 exit 1
fi fi
# VALIDATE INPUTS # VALIDATE INPUTS
keyfiles_dir="$(realpath "${keyfiles_dir}")" keyfiles_dir="$(realpath "${keyfiles_dir}")"
test -d "${keyfiles_dir}" || (echo "E: specify dir containing keyfiles; invalid dir: '${keyfiles_dir}'" && exit 1) test -d "${keyfiles_dir}" || (echo "E: specify dir containing keyfiles; invalid dir: '${keyfiles_dir}'" && exit 1)
sops_config_dir="$(realpath "${sops_config_dir}")" sops_config_dir="$(realpath "${sops_config_dir}")"
test -d "${sops_config_dir}" || (echo "E: specify dir containing .sops.yaml, invalid dir: '${sops_config_dir}'" && exit 1) test -d "${sops_config_dir}" || (echo "E: specify dir containing .sops.yaml, invalid dir: '${sops_config_dir}'" && exit 1)
sops_config="${sops_config_dir}/.sops.yaml" sops_config="${sops_config_dir}/.sops.yaml"
# create it! # test -e "${sops_config}" || (echo "E: could not locate .sops.yaml, tried ${sops_config}" && exit 1) # create it! # test -e "${sops_config}" || (echo "E: could not locate .sops.yaml, tried ${sops_config}" && exit 1)
if [[ "${#secrets_file_list[@]}" != "0" ]]; then if [[ "${#secrets_file_list[@]}" != "0" ]]; then
for secrets_file in "${secrets_file_list[@]}"; do for secrets_file in "${secrets_file_list[@]}"; do
test -e "${secrets_file}" || (echo "E: could not locate file with secrets, tried: ${secrets_file}" && exit 1) test -e "${secrets_file}" || (echo "E: could not locate file with secrets, tried: ${secrets_file}" && exit 1)
done done
fi fi
# /VALIDATE INPUTS # /VALIDATE INPUTS
# /OPTIONS: ARGPARSING and VALIDATION # /OPTIONS: ARGPARSING and VALIDATION
# BEGIN # BEGIN
if [[ "${opt_list_roles}" -eq 1 ]]; then if [[ "${opt_list_roles}" -eq 1 ]]; then
# list available roles and exit # list available roles and exit
pushd "${roles_def_dir}" > /dev/null 2>&1 pushd "${roles_def_dir}" > /dev/null 2>&1
>&2 echo "# INFO: listing roles" >&2 echo "# INFO: listing roles"
ls -1d * ls -1d *
exit 0 exit 0
popd > /dev/null 2>&1 popd > /dev/null 2>&1
fi fi
# UPDATE SOPS CONFIG # UPDATE SOPS CONFIG
# locate sops config # locate sops config
if [[ ! -e "${sops_config}" ]]; then if [[ ! -e "${sops_config}" ]]; then
# dev note: '2> /dev/null' to disable debug output # dev note: '2> /dev/null' to disable debug output
sops_config="$(fn_sops_locate_config_in_git_repo 2> /dev/null)" sops_config="$(fn_sops_locate_config_in_git_repo 2> /dev/null)"
fi fi
# update sops config # update sops config
# TODO: remove the 'pushd;popd' workaround and make the functions aware of the dir being read # TODO: remove the 'pushd;popd' workaround and make the functions aware of the dir being read
pushd "${keyfiles_dir}" > /dev/null 2>&1 pushd "${keyfiles_dir}" > /dev/null 2>&1
(fn_sops_generate_config) > "${sops_config}" (fn_sops_generate_config) > "${sops_config}"
popd > /dev/null 2>&1 popd > /dev/null 2>&1
# VERIFY # VERIFY
if [[ "${#secrets_file_list[@]}" != "0" ]]; then if [[ "${#secrets_file_list[@]}" != "0" ]]; then
for secrets_file in "${secrets_file_list[@]}"; do for secrets_file in "${secrets_file_list[@]}"; do
fn_sops_updatekeys_and_verify "${secrets_file}" fn_sops_updatekeys_and_verify "${secrets_file}"
done done
echo "# SUCESS: all users with keys in this dir should have functional keys" echo "# SUCESS: all users with keys in this dir should have functional keys"
else else
echo "# WARN: no secrets file passed in, make sure to call 'sops updatekeys' on secrets files" echo "# WARN: no secrets file passed in, make sure to call 'sops updatekeys' on secrets files"
fi fi
}
main "${@}"
exit exit

Write Preview
Loading…
Cancel
Save