This commit is contained in:
Stephan D
@@ -20,7 +20,7 @@ steps:
|
||||
VAULT_ROLE_ID: { from_secret: VAULT_APP_ROLE }
|
||||
VAULT_SECRET_ID: { from_secret: VAULT_SECRET_ID }
|
||||
commands:
|
||||
- apk add --no-cache curl bash coreutils sed
|
||||
- apk add --no-cache curl bash coreutils sed python3
|
||||
- mkdir -p secrets
|
||||
# fetch registry creds
|
||||
- ./ci/vlt kv_to_file kv registry user secrets/REGISTRY_USER 600
|
||||
|
||||
15
ci/vlt
15
ci/vlt
@@ -36,9 +36,18 @@ kv_get() {
|
||||
ensure_token
|
||||
url="${VAULT_ADDR%/}/v1/${mount}/data/${path}"
|
||||
resp="$(curl -sfS --connect-timeout 5 --max-time 20 -H "X-Vault-Token: ${VAULT_TOKEN}" "$url")"
|
||||
raw="$(printf '%s' "$resp" | sed -n "s/.*\"${field}\"[[:space:]]*:[[:space:]]*\"\([^\"]*\)\".*/\1/p")"
|
||||
[ -n "$raw" ] || { echo "field not found: ${mount}/${path}:${field}" >&2; exit 2; }
|
||||
printf '%s' "$raw" | sed -e 's/\\n/\n/g' -e 's/\\t/\t/g' -e 's/\\"/"/g' -e 's/\\\\/\\/g'
|
||||
RESP="$resp" python3 - "$field" <<'PY'
|
||||
import json, os, sys
|
||||
field = sys.argv[1]
|
||||
resp = os.environ.get("RESP", "")
|
||||
try:
|
||||
data = json.loads(resp)
|
||||
value = data["data"]["data"][field]
|
||||
except (KeyError, TypeError, json.JSONDecodeError):
|
||||
print(f"field not found or invalid JSON", file=sys.stderr)
|
||||
sys.exit(2)
|
||||
sys.stdout.write(value)
|
||||
PY
|
||||
}
|
||||
|
||||
# kv_to_file <mount> <path> <field> <dest> [mode]
|
||||
|
||||
Reference in New Issue
Block a user