mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-05-05 19:56:03 +02:00
misc/get_key.py: load vault file without chdir'ing
Now that misc/get_key.py checks if the vault file passed to it exists,
we cannot pass paths only resolvable from the root directory. Instead,
use paths that make sense relative to the current directory and avoid
calling chdir when loading the vault file.
Fixes: 7754214604
("Rewrite get_key.py to use click instead of typer")
This commit is contained in:
parent
9c2ca6851c
commit
faba3a3d7c
|
@ -65,7 +65,7 @@ but for the time being, this is what we're stuck with.
|
|||
The very first time you run terraform on your system, you'll have to init it:
|
||||
|
||||
cd tf-stage1 # and also tf-stage2
|
||||
terraform init -backend-config="conn_str=postgres://terraform:$(../misc/get_key.py group_vars/all/vault_terraform.yml vault_terraform_db_password)@state.archlinux.org"
|
||||
terraform init -backend-config="conn_str=postgres://terraform:$(../misc/get_key.py ../group_vars/all/vault_terraform.yml vault_terraform_db_password)@state.archlinux.org"
|
||||
|
||||
After making changes to the infrastructure in `tf-stage1/archlinux.tf`, run
|
||||
|
||||
|
|
|
@ -40,10 +40,9 @@ with chdir(root):
|
|||
|
||||
|
||||
def load_vault(path):
|
||||
with chdir(root):
|
||||
return yaml.load(
|
||||
vault_lib.decrypt(Path(path).read_text()), Loader=yaml.SafeLoader
|
||||
)
|
||||
return yaml.load(
|
||||
vault_lib.decrypt(Path(path).read_text()), Loader=yaml.SafeLoader
|
||||
)
|
||||
|
||||
|
||||
class OutputFormat(str, Enum):
|
||||
|
|
|
@ -6,7 +6,7 @@ terraform {
|
|||
|
||||
data "external" "vault_hetzner" {
|
||||
program = [
|
||||
"${path.module}/../misc/get_key.py", "misc/vault_hetzner.yml",
|
||||
"${path.module}/../misc/get_key.py", "${path.module}/../misc/vault_hetzner.yml",
|
||||
"hetzner_cloud_api_key",
|
||||
"hetzner_dns_api_key",
|
||||
"--format", "json"
|
||||
|
|
|
@ -5,7 +5,7 @@ terraform {
|
|||
}
|
||||
|
||||
data "external" "vault_keycloak" {
|
||||
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_keycloak.yml",
|
||||
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_keycloak.yml",
|
||||
"vault_keycloak_admin_user",
|
||||
"vault_keycloak_admin_password",
|
||||
"vault_keycloak_smtp_user",
|
||||
|
@ -14,33 +14,33 @@ data "external" "vault_keycloak" {
|
|||
}
|
||||
|
||||
data "external" "vault_google" {
|
||||
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_google.yml",
|
||||
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_google.yml",
|
||||
"vault_google_recaptcha_site_key",
|
||||
"vault_google_recaptcha_secret_key",
|
||||
"--format", "json"]
|
||||
}
|
||||
|
||||
data "external" "vault_github" {
|
||||
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_github.yml",
|
||||
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_github.yml",
|
||||
"vault_github_oauth_app_client_id",
|
||||
"vault_github_oauth_app_client_secret",
|
||||
"--format", "json"]
|
||||
}
|
||||
|
||||
data "external" "vault_monitoring" {
|
||||
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_monitoring.yml",
|
||||
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_monitoring.yml",
|
||||
"vault_monitoring_grafana_client_secret",
|
||||
"--format", "json"]
|
||||
}
|
||||
|
||||
data "external" "vault_hedgedoc" {
|
||||
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_hedgedoc.yml",
|
||||
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_hedgedoc.yml",
|
||||
"vault_hedgedoc_client_secret",
|
||||
"--format", "json"]
|
||||
}
|
||||
|
||||
data "external" "vault_matrix" {
|
||||
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_matrix.yml",
|
||||
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_matrix.yml",
|
||||
"vault_matrix_openid_client_secret",
|
||||
"--format", "json"]
|
||||
}
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
# https://github.com/louy/terraform-provider-uptimerobot/issues/82
|
||||
|
||||
data "external" "vault_uptimerobot" {
|
||||
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_uptimerobot.yml",
|
||||
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_uptimerobot.yml",
|
||||
"vault_uptimerobot_api_key",
|
||||
"vault_uptimerobot_alert_contact",
|
||||
"--format", "json"]
|
||||
|
|
Loading…
Reference in New Issue