Created
August 8, 2019 14:38
-
-
Save miclip/9e6da1b754a344c83b2ee26781caa993 to your computer and use it in GitHub Desktop.
Concourse Vault Interpolate Task
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -ex | |
vault login $VAULT_TOKEN -no-print=true >/dev/null | |
files=$(find $INTERPOLATION_PATHS -type f -name '*.yml' -follow) | |
for file in $files; do | |
echo -e "Creating interpolated $file \n" | |
output_file=interpolated-env/$(basename $file) | |
cp $file $output_file | |
echo -e "Interpolating $file \n" | |
# get list of vars to interpolate in file | |
variables_to_interpolate=$(cat $file | awk -F '{{|}}' '{print $2}' | sed '/^$/d') | |
# iterate through list of vars and replace with vault values | |
for variable_to_interpolate in $variables_to_interpolate; do | |
echo "Retrieving $variable_to_interpolate from Vault" | |
value_from_vault=$(vault kv get -field=$variable_to_interpolate $PREFIX) | |
# if multiline string (i.e. certificate) use awk otherwise use sed. | |
# also determines intendation for the multiline string by adding "num" number of leading spaces | |
if (($(grep -c . <<<"$value_from_vault") > 1)); then | |
vault kv get -field=$variable_to_interpolate $PREFIX > tmp_$variable_to_interpolate | |
num=$(grep -i $variable_to_interpolate $output_file | awk -F'[^ ]' '{print length($1)}') | |
modified_value_from_vault=$(awk '{printf "%"'$num'"s%s\n", "", $0}' tmp_$variable_to_interpolate) | |
modified_value_from_vault=$(echo "${modified_value_from_vault:$num}") | |
awk -v r="$modified_value_from_vault" -v f="{{$variable_to_interpolate}}" '{gsub(f,r)}1' $output_file > /tmp/tfile && mv /tmp/tfile $output_file | |
#rm tmp_$variable_to_interpolate | |
else | |
sed -i "s|{{$variable_to_interpolate}}|\"$value_from_vault\"|g" $output_file | |
fi | |
done | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
platform: linux | |
image_resource: | |
type: docker-image | |
source: | |
repository: vault | |
inputs: | |
- name: git-repo | |
run: | |
path: ./git-repo/platform-automation/tasks/vault-interpolate.sh | |
outputs: | |
- name: interpolated-env | |
params: | |
VAULT_ADDR: | |
VAULT_TOKEN: | |
VAULT_SKIP_VERIFY: | |
INTERPOLATION_PATHS: | |
PREFIX: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment