Add sudo pass and trim up vault pass command
This commit is contained in:
Luke Murphy
parent
e46a56fe3e
commit
70d3ec94d2
5
commands
5
commands
|
|
@ -12,6 +12,7 @@ case "$1" in
|
|||
declare desc="return ansible-deploy plugin help content"
|
||||
cat<<help_content
|
||||
ansible-deploy:vault-pass appname, Add new app vault password for decrypting secrets
|
||||
ansible-deploy:sudo-pass, Add system Dokku user sudo password for sudo escalation
|
||||
help_content
|
||||
}
|
||||
|
||||
|
|
@ -35,6 +36,10 @@ help_desc
|
|||
dokku-ansible-deploy-vault-pass-cmd "$@"
|
||||
;;
|
||||
|
||||
sudo-pass)
|
||||
dokku-ansible-deploy-sudo-pass-cmd
|
||||
;;
|
||||
|
||||
*)
|
||||
exit "$DOKKU_NOT_IMPLEMENTED_EXIT"
|
||||
;;
|
||||
|
|
|
|||
29
functions
29
functions
|
|
@ -27,35 +27,50 @@ dokku-ansible-deploy-vault-pass-cmd() {
|
|||
declare desc="add new app vault password for decryption of passwords"
|
||||
|
||||
declare APP="$2"
|
||||
declare vault_file="$DOKKU_LIB_ROOT/data/deploy.d/$APP/.vault-password.sh"
|
||||
declare VAULT_FILE="$DOKKU_LIB_ROOT/data/deploy.d/$APP/.vault.sh"
|
||||
|
||||
if [[ ! -n "$APP" ]]; then
|
||||
dokku_col_log_info1_quiet "missing app name, try 'dokku ansible-deploy:vault-pass myappname'"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -f $vault_file ]]; then
|
||||
if [[ -f $VAULT_FILE ]]; then
|
||||
dokku_col_log_info1_quiet "Vault password already setup for $APP"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# shellcheck disable=SC2162 disable=SC2116 disable=SC2006
|
||||
read -p "Please enter your vault password for $APP: `echo $'\n> '`" vault_password
|
||||
read -p "Please enter your vault password for $APP: `echo $'\n> '`" VAULT_PASSWD
|
||||
|
||||
if [[ ! -d "$DOKKU_LIB_ROOT/data/deploy.d/$APP" ]]; then
|
||||
dokku_col_log_info1_quiet "Creating $DOKKU_LIB_ROOT/data/deploy.d/$APP"
|
||||
mkdir -p "$DOKKU_LIB_ROOT/data/deploy.d/$APP"
|
||||
fi
|
||||
dokku_col_log_info1_quiet "Created $DOKKU_LIB_ROOT/data/deploy.d/$APP"
|
||||
|
||||
{ echo "#!/bin/bash";
|
||||
echo "";
|
||||
echo "set -eu -o pipefail";
|
||||
echo "";
|
||||
echo "echo \"$vault_password\""; } > "$vault_file"
|
||||
echo "echo \"$VAULT_PASSWD\""; } > "$VAULT_FILE"
|
||||
|
||||
chmod +x "$vault_file"
|
||||
chmod +x "$VAULT_FILE"
|
||||
|
||||
dokku_col_log_info1_quiet "Generated $vault_file for $APP"
|
||||
dokku_col_log_info1_quiet "Generated $VAULT_FILE for $APP"
|
||||
}
|
||||
|
||||
dokku-ansible-deploy-sudo-pass-cmd() {
|
||||
# shellcheck disable=SC2034
|
||||
declare desc="add new dokku user sudo password for sudo escalation"
|
||||
|
||||
declare VARS_FILE="$DOKKU_LIB_ROOT/data/deploy.d/vars.yml"
|
||||
|
||||
# shellcheck disable=SC2162 disable=SC2116 disable=SC2006
|
||||
read -p "Please enter your Dokku system user sudo password: `echo $'\n> '`" SUDO_PASSWD
|
||||
|
||||
{ echo "---";
|
||||
echo "ansible_become_password: \"$SUDO_PASSWD\""; } > "$VARS_FILE"
|
||||
|
||||
dokku_col_log_info1_quiet "Generated $VARS_FILE"
|
||||
}
|
||||
|
||||
dokku-ansible-deploy-dependencies() {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,8 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
|
||||
|
||||
# shellcheck disable=SC1090
|
||||
source "$PLUGIN_AVAILABLE_PATH/ansible-deploy/functions"
|
||||
|
||||
dokku-ansible-deploy-sudo-pass-cmd "$@"
|
||||
Reference in New Issue