From 248f0320dbc4687fd982865bf4365d1e01b1e575 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Fri, 2 Feb 2024 16:50:15 +0000
Subject: [PATCH] Cleanup vault secret paths
---
cesnet-central/playbooks/notebooks.yaml | 4 +++-
cesnet-mcc/playbooks/gateway.yaml | 7 ++++++-
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/cesnet-central/playbooks/notebooks.yaml b/cesnet-central/playbooks/notebooks.yaml
index cf25529..b69c418 100644
--- a/cesnet-central/playbooks/notebooks.yaml
+++ b/cesnet-central/playbooks/notebooks.yaml
@@ -18,8 +18,10 @@
- "../deployments/*.yaml"
- name: Get Secrets from Vault for gateway
set_fact:
- gateways_token: "{{ {'cesnet-mcc': lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/gateway_authtoken:value',
+ gateways_token: "{{ {item: lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/gateway-' + item + ':authtoken',
token_validate=false)} }}"
+ loop:
+ - cesnet-mcc
# - name: Debug Deployments Secrets
# debug:
# msg: "{{ item.key }} = {{ item.value }}"
diff --git a/cesnet-mcc/playbooks/gateway.yaml b/cesnet-mcc/playbooks/gateway.yaml
index fe6a265..d32b84f 100644
--- a/cesnet-mcc/playbooks/gateway.yaml
+++ b/cesnet-mcc/playbooks/gateway.yaml
@@ -6,12 +6,17 @@
namespace: gateway
version: 3.2.2
tasks:
+ - name: Get Secrets from Vault for gateway
+ vars:
+ name: cesnet-mcc
+ set_fact:
+ secrets: "{{ lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/gateway-' + name, token_validate=false) }}"
- name: Enterprise Gateway Configuration
copy:
dest: /tmp/gateway.yaml
mode: 0640
content: |
- authToken: "{{ lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/gateway_authtoken:value', token_validate=true) }}"
+ authToken: "{{ secrets['authtoken'] }}"
global:
rbac: true
deployment:
--
GitLab