generated from coulomb/repo-seed
18 lines
681 B
Bash
18 lines
681 B
Bash
#!/usr/bin/env bash
|
|
# Patch the live KeyCape config Secret with the code-defined OpenBao CLI client.
|
|
# This does not require decrypted bootstrap secrets and does not print existing
|
|
# Secret values.
|
|
|
|
set -euo pipefail
|
|
|
|
NAMESPACE="${KEYCAPE_NAMESPACE:-sso}"
|
|
SECRET="${KEYCAPE_CONFIG_SECRET:-keycape-config}"
|
|
KUBECTL="${KUBECTL:-kubectl}"
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
|
|
"$KUBECTL" get secret "$SECRET" -n "$NAMESPACE" -o json \
|
|
| python3 "$SCRIPT_DIR/openbao-client-config.py" patch \
|
|
| "$KUBECTL" patch secret "$SECRET" -n "$NAMESPACE" --type merge --patch-file /dev/stdin
|
|
|
|
echo "Patched $NAMESPACE/$SECRET with the openbao-admin client definition."
|