adhoc: creds-bootstrap-agent dry-run no longer dies without age key

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
2026-07-02 14:08:33 +02:00
parent 67b4677cea
commit 951ba07c30
2 changed files with 46 additions and 4 deletions

View File

@@ -88,10 +88,19 @@ if [[ ! -f "$AGE_KEY" ]]; then
fi
fi
AGE_PUBKEY=$(grep 'public key:' "$AGE_KEY" | awk '{print $NF}')
[[ -z "$AGE_PUBKEY" ]] && die "could not read public key from $AGE_KEY"
ok "age key ready: ${AGE_PUBKEY:0:20}"
state_set "age_key_present" "true"
if [[ -f "$AGE_KEY" ]]; then
AGE_PUBKEY=$(grep 'public key:' "$AGE_KEY" | awk '{print $NF}')
[[ -z "$AGE_PUBKEY" ]] && die "could not read public key from $AGE_KEY"
ok "age key ready: ${AGE_PUBKEY:0:20}"
state_set "age_key_present" "true"
elif [[ "$DRY_RUN" == true ]]; then
# Dry-run on a machine without the age key (key generation was skipped
# above): continue with a placeholder recipient so later phases can render.
AGE_PUBKEY="age1dryrunplaceholderrecipient"
ok "age key absent — dry-run continues with placeholder recipient"
else
die "could not read public key from $AGE_KEY"
fi
# Cluster reachability
if ! kubectl cluster-info &>/dev/null; then