Commit 462ddf3b authored by kawsark's avatar kawsark

removed get_credentials

parent 8ea79a56
Pipeline #90750036 canceled with stages
...@@ -2,7 +2,7 @@ stages: ...@@ -2,7 +2,7 @@ stages:
- create_workspace - create_workspace
- setup_workspace - setup_workspace
# Uncomment get_credentials to fetch temporary credentials from Vault # Uncomment get_credentials to fetch temporary credentials from Vault
- get_credentials # - get_credentials
- run - run
before_script: before_script:
...@@ -11,25 +11,25 @@ before_script: ...@@ -11,25 +11,25 @@ before_script:
- echo "Workspace ID is ${workspace_id}" - echo "Workspace ID is ${workspace_id}"
# Uncomment the get_credentials job to fetch temporary credentials from Vault # Uncomment the get_credentials job to fetch temporary credentials from Vault
get_credentials: # get_credentials:
stage: get_credentials # stage: get_credentials
script: # script:
- echo "Checking if we can reach Vault @ ${VAULT_ADDR}" # - echo "Checking if we can reach Vault @ ${VAULT_ADDR}"
- > # - >
curl ${VAULT_ADDR}/v1/sys/health # curl ${VAULT_ADDR}/v1/sys/health
- echo "Looking up token" # - echo "Looking up token"
- > # - >
curl --header "X-Vault-Token: ${VAULT_TOKEN}" ${VAULT_ADDR}/v1/auth/token/lookup-self # curl --header "X-Vault-Token: ${VAULT_TOKEN}" ${VAULT_ADDR}/v1/auth/token/lookup-self
- echo "Getting new GCP credentials @ ${VAULT_ADDR}/v1/${SECRETS_PATH}" # - echo "Getting new GCP credentials @ ${VAULT_ADDR}/v1/${SECRETS_PATH}"
- > # - >
curl --header "X-Vault-Token: ${VAULT_TOKEN}" ${VAULT_ADDR}/v1/${SECRETS_PATH} | jq -r .data.private_key_data | base64 --decode > temp_creds # curl --header "X-Vault-Token: ${VAULT_TOKEN}" ${VAULT_ADDR}/v1/${SECRETS_PATH} | jq -r .data.private_key_data | base64 --decode > temp_creds
- export GOOGLE_CREDENTIALS=$(tr '\n' ' ' < temp_creds | sed -e 's/\"/\\\\"/g' -e 's/\//\\\//g' -e 's/\\n/\\\\\\\\n/g') # - export GOOGLE_CREDENTIALS=$(tr '\n' ' ' < temp_creds | sed -e 's/\"/\\\\"/g' -e 's/\//\\\//g' -e 's/\\n/\\\\\\\\n/g')
- rm -f temp_creds # - rm -f temp_creds
- sed -e "s/my-key/GOOGLE_CREDENTIALS/" -e "s/my-hcl/false/" -e "s/my-value/${GOOGLE_CREDENTIALS}/" -e "s/my-category/env/" -e "s/my-sensitive/true/" -e "s/my-workspace-id/${workspace_id}/" < api_templates/variable.json.template > variable.json # - sed -e "s/my-key/GOOGLE_CREDENTIALS/" -e "s/my-hcl/false/" -e "s/my-value/${GOOGLE_CREDENTIALS}/" -e "s/my-category/env/" -e "s/my-sensitive/true/" -e "s/my-workspace-id/${workspace_id}/" < api_templates/variable.json.template > variable.json
- > # - >
curl --header "Authorization: Bearer ${TFC_TOKEN}" --header "Content-Type: application/vnd.api+json" --data @variable.json "https://${TFC_ADDR}/api/v2/vars" # curl --header "Authorization: Bearer ${TFC_TOKEN}" --header "Content-Type: application/vnd.api+json" --data @variable.json "https://${TFC_ADDR}/api/v2/vars"
tags: # tags:
- curl # - curl
create_workspace: create_workspace:
stage: create_workspace stage: create_workspace
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment