Created
August 21, 2020 15:02
-
-
Save iramiller/690ae09eee0441eed5f64439daeca05d to your computer and use it in GitHub Desktop.
Allows editing of a kubernetes secret through an interactive script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This script allows review/patching of data elements in a kubernetes secret. | |
| NAMESPACE=default | |
| echo "Choose a namespace to manage secrets in." | |
| read -p "Namespace (default: $NAMESPACE) ::" NSPROMPT | |
| if [ "$NSPROMPT" != "" ]; then | |
| NAMESPACE=$NSPROMPT | |
| fi | |
| function patchSecret { | |
| if [ $# -ne 7 ]; then | |
| echo "Usage: patchSecret <secret name> <key> <value>: $*" | |
| exit 1 | |
| fi | |
| local __result_var=$1 | |
| local __result_new=$2 | |
| local EXISTING_ARTIFACT=$3 | |
| local SECRET_NAME=$4 | |
| local SECRET_ORIGINAL=$5 | |
| local SECRET_KEY=$6 | |
| local SECRET_VALUE=$7 | |
| # Encode the value | |
| local SECRET_B64=`echo -n "$SECRET_VALUE" | base64` | |
| local SECRET_NEW=" $SECRET_KEY: $SECRET_B64" | |
| PATCHED=`echo "$EXISTING_ARTIFACT" | sed "s/$SECRET_ORIGINAL/$SECRET_NEW/"` | |
| eval $__result_new="'$SECRET_NEW'" | |
| eval $__result_var="'$PATCHED'" | |
| } | |
| function review_secret { | |
| local ARTIFACT=`kubectl get $SNAME -n $NAMESPACE -o yaml` | |
| local SECRET_DATA_KEYS=`kubectl get $SNAME -n $NAMESPACE -o 'go-template={{range $key, $val := $.data}}{{$key}}{{"\n"}}{{end}}'` | |
| local SECRET_DATA_LINES=`kubectl get $SNAME -n $NAMESPACE -o 'go-template={{range $key, $val := $.data}}{{" "}}{{$key}}: {{$val}}{{"\n"}}{{end}}'` | |
| # Give the option to exit. | |
| SECRET_DATA_KEYS="$SECRET_DATA_KEYS Save Exit"; | |
| echo "" | |
| echo "Choose a secret data element from '$SNAME' to edit or exit." | |
| select SKEY in $SECRET_DATA_KEYS; | |
| do | |
| case "$SKEY" in | |
| Save) | |
| echo "" | |
| echo "$ARTIFACT" | kubectl replace -f - | |
| echo "--------------------------------------------------------------------------------" | |
| echo " ᕦ(ò_óˇ)ᕤ Success!" | |
| echo "" | |
| break | |
| ;; | |
| # Done here. | |
| Exit) echo "Thanks for the fish."; exit ;; | |
| # Not a great way to match a valid choice that doesn't make downstream complex, so attempt to match secret, complain on fail. | |
| *) | |
| SLINE=`echo "$SECRET_DATA_LINES" | grep -i "$SKEY:"` | |
| # Check for a match in the secret data lines. | |
| if [ "$SLINE" != "" ]; then | |
| SVAL=`echo -n "$SLINE" | awk '{print $2}' | base64 -D` | |
| read -p "$SLINE ($SVAL):" NEW_VAL | |
| if [ "$NEW_VAL" != "" ]; then | |
| echo "Patching $SKEY in secret" | |
| patchSecret ARTIFACT NEW_VAL "$ARTIFACT" "$SNAME" "$SLINE" "$SKEY" "$NEW_VAL" | |
| # We patch our list of secret data elements so that if someone wanted to review their changes they could... | |
| SECRET_DATA_LINES=`echo "$SECRET_DATA_LINES" | sed "s/$SLINE/$NEW_VAL/"` | |
| read -p " Save and exit [y] or continue editing: " -n 1 -r | |
| if [[ $REPLY =~ ^[Yy]$ ]]; then | |
| echo "" | |
| echo "$ARTIFACT" | kubectl replace -f - | |
| echo "--------------------------------------------------------------------------------" | |
| echo " ᕦ(ò_óˇ)ᕤ Success!" | |
| echo "" | |
| exit | |
| fi | |
| fi | |
| else | |
| echo -e "Invalid choice! (╯°□°)╯︵ ┻━┻\n"; | |
| fi | |
| ;; | |
| esac | |
| done | |
| } | |
| SECRETS=`kubectl get secret -n $NAMESPACE -o name` | |
| SECRETS="$SECRETS exit"; | |
| echo "" | |
| echo "Choose a secret to edit or exit." | |
| select SNAME in $SECRETS; | |
| do | |
| case "$SNAME" in | |
| # Valid choice, get to work | |
| secret*) review_secret ;; | |
| # Done here. | |
| exit) break ;; | |
| # No idea... complain. | |
| *) echo -e "Invalid choice! (╯°□°)╯︵ ┻━┻\n" ;; | |
| esac | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment