Merge branch 'misc-get_key-drop-chdir' into 'master'

misc/get_key.py: load vault file without chdir'ing

See merge request !448

README.md

@@ -65,7 +65,7 @@ but for the time being, this is what we're stuck with.
 The very first time you run terraform on your system, you'll have to init it:
 
     cd tf-stage1  # and also tf-stage2
-    terraform init -backend-config="conn_str=postgres://terraform:$(../misc/get_key.py group_vars/all/vault_terraform.yml vault_terraform_db_password)@state.archlinux.org"
+    terraform init -backend-config="conn_str=postgres://terraform:$(../misc/get_key.py ../group_vars/all/vault_terraform.yml vault_terraform_db_password)@state.archlinux.org"
 
 After making changes to the infrastructure in `tf-stage1/archlinux.tf`, run
 

misc/get_key.py

@@ -40,10 +40,9 @@ with chdir(root):
 
 
 def load_vault(path):
-    with chdir(root):
-        return yaml.load(
-            vault_lib.decrypt(Path(path).read_text()), Loader=yaml.SafeLoader
-        )
+    return yaml.load(
+        vault_lib.decrypt(Path(path).read_text()), Loader=yaml.SafeLoader
+    )
 
 
 class OutputFormat(str, Enum):

tf-stage1/archlinux.tf

@@ -6,7 +6,7 @@ terraform {
 
 data "external" "vault_hetzner" {
   program = [
-    "${path.module}/../misc/get_key.py", "misc/vault_hetzner.yml",
+    "${path.module}/../misc/get_key.py", "${path.module}/../misc/vault_hetzner.yml",
     "hetzner_cloud_api_key",
     "hetzner_dns_api_key",
     "--format", "json"

tf-stage2/keycloak.tf

@@ -5,7 +5,7 @@ terraform {
 }
 
 data "external" "vault_keycloak" {
-  program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_keycloak.yml",
+  program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_keycloak.yml",
     "vault_keycloak_admin_user",
     "vault_keycloak_admin_password",
     "vault_keycloak_smtp_user",
@@ -14,33 +14,33 @@ data "external" "vault_keycloak" {
 }
 
 data "external" "vault_google" {
-  program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_google.yml",
+  program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_google.yml",
     "vault_google_recaptcha_site_key",
     "vault_google_recaptcha_secret_key",
   "--format", "json"]
 }
 
 data "external" "vault_github" {
-  program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_github.yml",
+  program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_github.yml",
     "vault_github_oauth_app_client_id",
     "vault_github_oauth_app_client_secret",
   "--format", "json"]
 }
 
 data "external" "vault_monitoring" {
-  program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_monitoring.yml",
+  program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_monitoring.yml",
     "vault_monitoring_grafana_client_secret",
   "--format", "json"]
 }
 
 data "external" "vault_hedgedoc" {
-  program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_hedgedoc.yml",
+  program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_hedgedoc.yml",
     "vault_hedgedoc_client_secret",
   "--format", "json"]
 }
 
 data "external" "vault_matrix" {
-  program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_matrix.yml",
+  program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_matrix.yml",
     "vault_matrix_openid_client_secret",
   "--format", "json"]
 }

tf-stage2/uptimerobot.tf

@@ -3,7 +3,7 @@
 # https://github.com/louy/terraform-provider-uptimerobot/issues/82
 
 data "external" "vault_uptimerobot" {
-  program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_uptimerobot.yml",
+  program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_uptimerobot.yml",
     "vault_uptimerobot_api_key",
     "vault_uptimerobot_alert_contact",
   "--format", "json"]