Verified Commit faba3a3d authored by Evangelos Foutras's avatar Evangelos Foutras 🐱
Browse files

misc/get_key.py: load vault file without chdir'ing

Now that misc/get_key.py checks if the vault file passed to it exists,
we cannot pass paths only resolvable from the root directory. Instead,
use paths that make sense relative to the current directory and avoid
calling chdir when loading the vault file.

Fixes: 77542146 ("Rewrite get_key.py to use click instead of typer")
parent 9c2ca685
......@@ -65,7 +65,7 @@ but for the time being, this is what we're stuck with.
The very first time you run terraform on your system, you'll have to init it:
cd tf-stage1 # and also tf-stage2
terraform init -backend-config="conn_str=postgres://terraform:$(../misc/get_key.py group_vars/all/vault_terraform.yml vault_terraform_db_password)@state.archlinux.org"
terraform init -backend-config="conn_str=postgres://terraform:$(../misc/get_key.py ../group_vars/all/vault_terraform.yml vault_terraform_db_password)@state.archlinux.org"
After making changes to the infrastructure in `tf-stage1/archlinux.tf`, run
......
......@@ -40,10 +40,9 @@ with chdir(root):
def load_vault(path):
with chdir(root):
return yaml.load(
vault_lib.decrypt(Path(path).read_text()), Loader=yaml.SafeLoader
)
return yaml.load(
vault_lib.decrypt(Path(path).read_text()), Loader=yaml.SafeLoader
)
class OutputFormat(str, Enum):
......
......@@ -6,7 +6,7 @@ terraform {
data "external" "vault_hetzner" {
program = [
"${path.module}/../misc/get_key.py", "misc/vault_hetzner.yml",
"${path.module}/../misc/get_key.py", "${path.module}/../misc/vault_hetzner.yml",
"hetzner_cloud_api_key",
"hetzner_dns_api_key",
"--format", "json"
......
......@@ -5,7 +5,7 @@ terraform {
}
data "external" "vault_keycloak" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_keycloak.yml",
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_keycloak.yml",
"vault_keycloak_admin_user",
"vault_keycloak_admin_password",
"vault_keycloak_smtp_user",
......@@ -14,33 +14,33 @@ data "external" "vault_keycloak" {
}
data "external" "vault_google" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_google.yml",
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_google.yml",
"vault_google_recaptcha_site_key",
"vault_google_recaptcha_secret_key",
"--format", "json"]
}
data "external" "vault_github" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_github.yml",
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_github.yml",
"vault_github_oauth_app_client_id",
"vault_github_oauth_app_client_secret",
"--format", "json"]
}
data "external" "vault_monitoring" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_monitoring.yml",
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_monitoring.yml",
"vault_monitoring_grafana_client_secret",
"--format", "json"]
}
data "external" "vault_hedgedoc" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_hedgedoc.yml",
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_hedgedoc.yml",
"vault_hedgedoc_client_secret",
"--format", "json"]
}
data "external" "vault_matrix" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_matrix.yml",
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_matrix.yml",
"vault_matrix_openid_client_secret",
"--format", "json"]
}
......
......@@ -3,7 +3,7 @@
# https://github.com/louy/terraform-provider-uptimerobot/issues/82
data "external" "vault_uptimerobot" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_uptimerobot.yml",
program = ["${path.module}/../misc/get_key.py", "${path.module}/../group_vars/all/vault_uptimerobot.yml",
"vault_uptimerobot_api_key",
"vault_uptimerobot_alert_contact",
"--format", "json"]
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment