generated from coulomb/repo-seed
tegwick
efbdab4652
Configure OpenBao auth for both netkingdom and keycape mounts with browser redirect URIs; update verify scripts and runtime architecture notes.
20 lines
783 B
Bash
20 lines
783 B
Bash
#!/usr/bin/env bash
|
|
# Patch the live KeyCape config Secret with non-secret code-defined settings:
|
|
# the OpenBao admin client, browser auth mount callbacks, and LLDAP OU lookup
|
|
# paths.
|
|
# This does not require decrypted bootstrap secrets and does not print existing
|
|
# Secret values.
|
|
|
|
set -euo pipefail
|
|
|
|
NAMESPACE="${KEYCAPE_NAMESPACE:-sso}"
|
|
SECRET="${KEYCAPE_CONFIG_SECRET:-keycape-config}"
|
|
KUBECTL="${KUBECTL:-kubectl}"
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
|
|
"$KUBECTL" get secret "$SECRET" -n "$NAMESPACE" -o json \
|
|
| python3 "$SCRIPT_DIR/openbao-client-config.py" patch \
|
|
| "$KUBECTL" patch secret "$SECRET" -n "$NAMESPACE" --type merge --patch-file /dev/stdin
|
|
|
|
echo "Patched $NAMESPACE/$SECRET with the openbao-admin client and LLDAP OU lookup settings."
|