Add credential-change delegated applier flow
This commit is contained in:
@@ -11,6 +11,9 @@ ESO_NAMESPACE="${ESO_NAMESPACE:-external-secrets}"
|
||||
ESO_SERVICE_ACCOUNT="${ESO_SERVICE_ACCOUNT:-external-secrets}"
|
||||
REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
||||
POLICY_FILE="${POLICY_FILE:-$REPO_DIR/openbao/policies/external-secrets-issue-core.hcl}"
|
||||
NEXT_KV_PATH="${OPENBAO_ESO_NEXT_PATH:-platform/workloads/issue-core/issue-core/issue-core-runtime}"
|
||||
NEXT_FIELDS="${OPENBAO_ESO_NEXT_FIELDS:-ISSUE_CORE_API_KEY and GITEA_BACKEND_TOKEN}"
|
||||
NEXT_TARGET="${OPENBAO_ESO_NEXT_TARGET:-ExternalSecret/issue-core-runtime}"
|
||||
DRY_RUN=0
|
||||
|
||||
usage() {
|
||||
@@ -125,13 +128,12 @@ remote_bao "$token" write "auth/kubernetes/role/${ROLE_NAME}" \
|
||||
|
||||
remote_bao "$token" read "auth/kubernetes/role/${ROLE_NAME}"
|
||||
|
||||
cat <<'NEXT'
|
||||
cat <<NEXT
|
||||
|
||||
External Secrets OpenBao role configured.
|
||||
|
||||
Next steps:
|
||||
1. Sync the external-secrets and openbao-secretstore ArgoCD Applications.
|
||||
2. Provision platform/workloads/issue-core/issue-core/issue-core-runtime
|
||||
with ISSUE_CORE_API_KEY and GITEA_BACKEND_TOKEN without printing values.
|
||||
3. Confirm ExternalSecret/issue-core-runtime becomes Ready.
|
||||
2. Provision ${NEXT_KV_PATH} with ${NEXT_FIELDS} without printing values.
|
||||
3. Confirm ${NEXT_TARGET} becomes Ready.
|
||||
NEXT
|
||||
|
||||
Reference in New Issue
Block a user