Fixed vault URL for ci build
Original commit: elastic/x-pack-elasticsearch@c9cb05bf0e
This commit is contained in:
parent
9ed50211d1
commit
0c64c22883
|
@ -28,23 +28,24 @@ buildscript {
|
||||||
|
|
||||||
// first need to get an authentication token with vault
|
// first need to get an authentication token with vault
|
||||||
File githubToken = project.file('github.token')
|
File githubToken = project.file('github.token')
|
||||||
|
final String VAULT_URL = 'https://secrets.elastic.co:8200'
|
||||||
final String VAULT_ROLE_ID = "8e90dd88-5a8e-9c12-0da9-5439f293ff97"
|
final String VAULT_ROLE_ID = "8e90dd88-5a8e-9c12-0da9-5439f293ff97"
|
||||||
final String VAULT_SECRET_ID = System.env.VAULT_SECRET_ID
|
final String VAULT_SECRET_ID = System.env.VAULT_SECRET_ID
|
||||||
String authBody = null
|
String authBody = null
|
||||||
|
URL vaultUrl = null
|
||||||
if (githubToken.exists()) {
|
if (githubToken.exists()) {
|
||||||
Set<PosixFilePermission> perms = Files.getPosixFilePermissions(githubToken.toPath())
|
Set<PosixFilePermission> perms = Files.getPosixFilePermissions(githubToken.toPath())
|
||||||
if (perms.equals(PosixFilePermissions.fromString("rw-------")) == false) {
|
if (perms.equals(PosixFilePermissions.fromString("rw-------")) == false) {
|
||||||
throw new GradleException('github.token must have 600 permissions')
|
throw new GradleException('github.token must have 600 permissions')
|
||||||
}
|
}
|
||||||
|
vaultUrl = new URL(VAULT_URL + '/v1/auth/github/login')
|
||||||
authBody = "{\"token\": \"${githubToken.getText('UTF-8').trim()}\"}"
|
authBody = "{\"token\": \"${githubToken.getText('UTF-8').trim()}\"}"
|
||||||
} else if (VAULT_SECRET_ID != null) {
|
} else if (VAULT_SECRET_ID != null) {
|
||||||
|
vaultUrl = new URL(VAULT_URL + '/v1/auth/approle/login')
|
||||||
authBody = "{\"role_id\": \"${VAULT_ROLE_ID}\", \"secret_id\": \"${VAULT_SECRET_ID}\"}"
|
authBody = "{\"role_id\": \"${VAULT_ROLE_ID}\", \"secret_id\": \"${VAULT_SECRET_ID}\"}"
|
||||||
} else {
|
} else {
|
||||||
throw new GradleException('Missing github.token file or SECRET_ID environment variable, needed to authenticate with vault for secrets')
|
throw new GradleException('Missing github.token file or VAULT_SECRET_ID environment variable, needed to authenticate with vault for secrets')
|
||||||
}
|
}
|
||||||
|
|
||||||
final String VAULT_URL = 'https://secrets.elastic.co:8200'
|
|
||||||
URL vaultUrl = new URL(VAULT_URL + '/v1/auth/github/login')
|
|
||||||
HttpURLConnection vaultConn = (HttpURLConnection) vaultUrl.openConnection()
|
HttpURLConnection vaultConn = (HttpURLConnection) vaultUrl.openConnection()
|
||||||
vaultConn.setRequestProperty('Content-Type', 'application/json')
|
vaultConn.setRequestProperty('Content-Type', 'application/json')
|
||||||
vaultConn.setRequestMethod('PUT')
|
vaultConn.setRequestMethod('PUT')
|
||||||
|
|
Loading…
Reference in New Issue