Commit 2039efbe authored by Evangelos Foutras's avatar Evangelos Foutras 🐱
Browse files

Merge branch 'misc-get_key-drop-chdir' into 'master'

misc/get_key.py: load vault file without chdir'ing

See merge request !448
parents 9c2ca685 faba3a3d
...@@ -65,7 +65,7 @@ but for the time being, this is what we're stuck with. ...@@ -65,7 +65,7 @@ but for the time being, this is what we're stuck with.
The very first time you run terraform on your system, you'll have to init it: The very first time you run terraform on your system, you'll have to init it:
cd tf-stage1 # and also tf-stage2 cd tf-stage1 # and also tf-stage2
terraform init -backend-config="conn_str=postgres://terraform:$(../misc/get_key.py group_vars/all/vault_terraform.yml vault_terraform_db_password)@state.archlinux.org" terraform init -backend-config="conn_str=postgres://terraform:$(../misc/get_key.py ../group_vars/all/vault_terraform.yml vault_terraform_db_password)@state.archlinux.org"
After making changes to the infrastructure in `tf-stage1/archlinux.tf`, run After making changes to the infrastructure in `tf-stage1/archlinux.tf`, run
......
...@@ -40,10 +40,9 @@ with chdir(root): ...@@ -40,10 +40,9 @@ with chdir(root):
def load_vault(path): def load_vault(path):
with chdir(root): return yaml.load(
return yaml.load( vault_lib.decrypt(Path(path).read_text()), Loader=yaml.SafeLoader
vault_lib.decrypt(Path(path).read_text()), Loader=yaml.SafeLoader )
)
class OutputFormat(str, Enum): class OutputFormat(str, Enum):
......
...@@ -6,7 +6,7 @@ terraform { ...@@ -6,7 +6,7 @@ terraform {
data "external" "vault_hetzner" { data "external" "vault_hetzner" {
program = [ program = [
"${path.module}/../misc/get_key.py", "misc/vault_hetzner.yml", "${path.module}/../misc/get_key.py", "${path.module}/../misc/vault_hetzner.yml",
"hetzner_cloud_api_key", "hetzner_cloud_api_key",
"hetzner_dns_api_key", "hetzner_dns_api_key",
"--format", "json" "--format", "json"
......
...@@ -5,7 +5,7 @@ terraform { ...@@ -5,7 +5,7 @@ terraform {
} }
data "external" "vault_keycloak" { data "external" "vault_keycloak" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_keycloak.yml", program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_keycloak.yml",
"vault_keycloak_admin_user", "vault_keycloak_admin_user",
"vault_keycloak_admin_password", "vault_keycloak_admin_password",
"vault_keycloak_smtp_user", "vault_keycloak_smtp_user",
...@@ -14,33 +14,33 @@ data "external" "vault_keycloak" { ...@@ -14,33 +14,33 @@ data "external" "vault_keycloak" {
} }
data "external" "vault_google" { data "external" "vault_google" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_google.yml", program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_google.yml",
"vault_google_recaptcha_site_key", "vault_google_recaptcha_site_key",
"vault_google_recaptcha_secret_key", "vault_google_recaptcha_secret_key",
"--format", "json"] "--format", "json"]
} }
data "external" "vault_github" { data "external" "vault_github" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_github.yml", program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_github.yml",
"vault_github_oauth_app_client_id", "vault_github_oauth_app_client_id",
"vault_github_oauth_app_client_secret", "vault_github_oauth_app_client_secret",
"--format", "json"] "--format", "json"]
} }
data "external" "vault_monitoring" { data "external" "vault_monitoring" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_monitoring.yml", program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_monitoring.yml",
"vault_monitoring_grafana_client_secret", "vault_monitoring_grafana_client_secret",
"--format", "json"] "--format", "json"]
} }
data "external" "vault_hedgedoc" { data "external" "vault_hedgedoc" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_hedgedoc.yml", program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_hedgedoc.yml",
"vault_hedgedoc_client_secret", "vault_hedgedoc_client_secret",
"--format", "json"] "--format", "json"]
} }
data "external" "vault_matrix" { data "external" "vault_matrix" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_matrix.yml", program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_matrix.yml",
"vault_matrix_openid_client_secret", "vault_matrix_openid_client_secret",
"--format", "json"] "--format", "json"]
} }
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
# https://github.com/louy/terraform-provider-uptimerobot/issues/82 # https://github.com/louy/terraform-provider-uptimerobot/issues/82
data "external" "vault_uptimerobot" { data "external" "vault_uptimerobot" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_uptimerobot.yml", program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_uptimerobot.yml",
"vault_uptimerobot_api_key", "vault_uptimerobot_api_key",
"vault_uptimerobot_alert_contact", "vault_uptimerobot_alert_contact",
"--format", "json"] "--format", "json"]
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment