autonomic-cooperative/dokku-ansible-deploy
Archived
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add sudo pass and trim up vault pass command

Browse Source
This commit is contained in:
Luke Murphy 2020-04-13 13:09:32 +02:00
parent e46a56fe3e
commit 70d3ec94d2
No known key found for this signature in database
GPG Key ID: 5E2EF5A63E3718CC
3 changed files with 35 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
commands
View File

@ -12,6 +12,7 @@ case "$1" in
declare desc="return ansible-deploy plugin help content" declare desc="return ansible-deploy plugin help content"
cat<<help_content cat<<help_content
ansible-deploy:vault-pass appname, Add new app vault password for decrypting secrets ansible-deploy:vault-pass appname, Add new app vault password for decrypting secrets
ansible-deploy:sudo-pass, Add system Dokku user sudo password for sudo escalation
help_content help_content
} }
@ -35,6 +36,10 @@ help_desc
dokku-ansible-deploy-vault-pass-cmd "$@" dokku-ansible-deploy-vault-pass-cmd "$@"
;; ;;
sudo-pass)
dokku-ansible-deploy-sudo-pass-cmd
;;
*) *)
exit "$DOKKU_NOT_IMPLEMENTED_EXIT" exit "$DOKKU_NOT_IMPLEMENTED_EXIT"
;; ;;

29
functions
View File

@ -27,35 +27,50 @@ dokku-ansible-deploy-vault-pass-cmd() {
declare desc="add new app vault password for decryption of passwords" declare desc="add new app vault password for decryption of passwords"
declare APP="$2" declare APP="$2"
declare vault_file="$DOKKU_LIB_ROOT/data/deploy.d/$APP/.vault-password.sh" declare VAULT_FILE="$DOKKU_LIB_ROOT/data/deploy.d/$APP/.vault.sh"
if [[ ! -n "$APP" ]]; then if [[ ! -n "$APP" ]]; then
dokku_col_log_info1_quiet "missing app name, try 'dokku ansible-deploy:vault-pass myappname'" dokku_col_log_info1_quiet "missing app name, try 'dokku ansible-deploy:vault-pass myappname'"
exit 1 exit 1
fi fi
if [[ -f $vault_file ]]; then if [[ -f $VAULT_FILE ]]; then
dokku_col_log_info1_quiet "Vault password already setup for $APP" dokku_col_log_info1_quiet "Vault password already setup for $APP"
exit 0 exit 0
fi fi
# shellcheck disable=SC2162 disable=SC2116 disable=SC2006 # shellcheck disable=SC2162 disable=SC2116 disable=SC2006
read -p "Please enter your vault password for $APP: `echo $'\n> '`" vault_password read -p "Please enter your vault password for $APP: `echo $'\n> '`" VAULT_PASSWD
if [[ ! -d "$DOKKU_LIB_ROOT/data/deploy.d/$APP" ]]; then if [[ ! -d "$DOKKU_LIB_ROOT/data/deploy.d/$APP" ]]; then
dokku_col_log_info1_quiet "Creating $DOKKU_LIB_ROOT/data/deploy.d/$APP"
mkdir -p "$DOKKU_LIB_ROOT/data/deploy.d/$APP" mkdir -p "$DOKKU_LIB_ROOT/data/deploy.d/$APP"
fi fi
dokku_col_log_info1_quiet "Created $DOKKU_LIB_ROOT/data/deploy.d/$APP"
{ echo "#!/bin/bash"; { echo "#!/bin/bash";
echo ""; echo "";
echo "set -eu -o pipefail"; echo "set -eu -o pipefail";
echo ""; echo "";
echo "echo \"$vault_password\""; } > "$vault_file" echo "echo \"$VAULT_PASSWD\""; } > "$VAULT_FILE"
chmod +x "$vault_file" chmod +x "$VAULT_FILE"
dokku_col_log_info1_quiet "Generated $vault_file for $APP" dokku_col_log_info1_quiet "Generated $VAULT_FILE for $APP"
}
dokku-ansible-deploy-sudo-pass-cmd() {
# shellcheck disable=SC2034
declare desc="add new dokku user sudo password for sudo escalation"
declare VARS_FILE="$DOKKU_LIB_ROOT/data/deploy.d/vars.yml"
# shellcheck disable=SC2162 disable=SC2116 disable=SC2006
read -p "Please enter your Dokku system user sudo password: `echo $'\n> '`" SUDO_PASSWD
{ echo "---";
echo "ansible_become_password: \"$SUDO_PASSWD\""; } > "$VARS_FILE"
dokku_col_log_info1_quiet "Generated $VARS_FILE"
} }
dokku-ansible-deploy-dependencies() { dokku-ansible-deploy-dependencies() {

8
subcommands/sudo-pass Executable file
View File

@ -0,0 +1,8 @@
#!/usr/bin/env bash
set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
# shellcheck disable=SC1090
source "$PLUGIN_AVAILABLE_PATH/ansible-deploy/functions"
dokku-ansible-deploy-sudo-pass-cmd "$@"