scripts: added temp gpg key script #2893
Conversation
simonklb
left a comment
simonklb
left a comment
There was a problem hiding this comment.
Why can't you use the existing setup?
simonklb
dismissed
their stale review
Sorry I see now this is for the quickstart and not just testing.
scripts/local-cluster.sh
Outdated
| if [[ -z "${CK8S_CONFIG_PATH:-}" ]]; then | ||
| log.fatal "CK8S_CONFIG_PATH is unset" | ||
| config_path_was_unset=true | ||
| export CK8S_CONFIG_PATH="${HOME}/welkin-quick-start" |
There was a problem hiding this comment.
Let's not pollute the home directory 😆
| export CK8S_CONFIG_PATH="${HOME}/welkin-quick-start" | |
| export CK8S_CONFIG_PATH="${HOME}/.ck8s/welkin-quick-start" |
aarnq
left a comment
aarnq
left a comment
There was a problem hiding this comment.
I'm a bit concerned why the local-clusters script is becoming quick-start, I was under the impression that it should basically a command in the bin scripts, just like ./bin/ck8s quick-start or something.
| pgp_key_was_unset=true | ||
| if [[ -x "${ROOT}/bin/setup-local-gpg" ]]; then | ||
| eval "$("${ROOT}/bin/setup-local-gpg")" | ||
| log.info "CK8S_PGP_FP is unset. Using temp gpgkey: ${CK8S_PGP_FP}" |
There was a problem hiding this comment.
| log.info "CK8S_PGP_FP is unset. Using temp gpgkey: ${CK8S_PGP_FP}" | |
| log.info "CK8S_PGP_FP is unset. Using temporary GPP key: ${CK8S_PGP_FP}" |
| if [[ -x "${ROOT}/bin/setup-local-gpg" ]]; then | ||
| eval "$("${ROOT}/bin/setup-local-gpg")" | ||
| log.info "CK8S_PGP_FP is unset. Using temp gpgkey: ${CK8S_PGP_FP}" | ||
| log.info "Using temp GNUPGHOME: ${GNUPGHOME}" |
There was a problem hiding this comment.
| log.info "Using temp GNUPGHOME: ${GNUPGHOME}" | |
| log.info "Using temp GNUPGHOME: ${GNUPGHOME}" | |
| log.warn "Once this is cleared you will loose the ability to decrypt the secrets for this config path." |
| # sets up a temporary GPG home and key for local testing | ||
| # usage: with_temporary_gpg | ||
| with_temporary_gpg() { | ||
| if ! command -v setup-local-gpg &>/dev/null; then | ||
| log.fatal "setup-local-gpg script not found in path" | ||
| fi | ||
|
|
||
| eval "$(setup-local-gpg)" | ||
|
|
||
| if [[ -z "${CK8S_PGP_FP:-}" ]]; then | ||
| fail "Failed to generate temporary GPG key" | ||
| fi | ||
|
|
||
| log.trace "Temporary GPG initialized. Fingerprint: $CK8S_PGP_FP" | ||
| } | ||
|
|
There was a problem hiding this comment.
Is this needed? We already have a function for it already in common/bats/gpg.sh that also takes care of an edge case in which the GPG agent isn't available in the first tries.
|
Right, I understood. My understanding was to simplify the script usage so that the README instructions could be kept minimal. However, if the plan is to have separate bin script then I can remove the default directory setup and keep the temp gpg key creation. Does that sounds good? |
4 participants
Warning
This is a public repository, ensure not to disclose:
What kind of PR is this?
Required: Mark one of the following that is applicable:
Optional: Mark one or more of the following that are applicable:
Important
Breaking changes should be marked
kind/admin-changeorkind/dev-changedepending on typeCritical security fixes should be marked with
kind/securityWhat does this PR do / why do we need this PR?
This PR introduces script to which helps to setup a temporary GPG for local testing.
bin/setup-local-gpgwhich generaes a GPG Key non-interactively and exports necessary environment variables for SOPS to use.bats.lib.bashadded helper functions. This allows test to invoke the script during the setup phase.Information to reviewers
Checklist