Skip to content

Commit

Permalink
Change the DRA hook creds
Browse files Browse the repository at this point in the history
Signed-off-by: Alexandros, Sapranidis <[email protected]>
  • Loading branch information
alexsapran committed Jul 14, 2023
1 parent 402c153 commit fe638b5
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 9 deletions.
15 changes: 8 additions & 7 deletions .buildkite/hooks/pre-command
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ set -euo pipefail

DOCKER_REGISTRY_SECRET_PATH="kv/ci-shared/platform-ingest/docker_registry_prod"

DRA_SECRET_PATH="kv/ci-shared/release/dra-role"

if [[ "$BUILDKITE_PIPELINE_SLUG" == "elastic-agent-package" ]]; then
if [[ "$BUILDKITE_STEP_KEY" == "package_elastic-agent" ]]; then
export DOCKER_USERNAME_SECRET=$(vault kv get -field user "${DOCKER_REGISTRY_SECRET_PATH}")
Expand All @@ -15,13 +17,12 @@ if [[ "$BUILDKITE_PIPELINE_SLUG" == "elastic-agent-package" ]]; then

if [[ "$BUILDKITE_STEP_KEY" == "dra-publish" ]]; then
echo "+++ Setting DRA params"
DRA_SECRET=$(vault kv get -field=data -format=json kv/ci-shared/release/dra-role)
export DRA_SECRET
VAULT_ADDR_SECRET=$(echo DRA_SECRET | jq -r '.vault_addr')
VAULT_ROLE_ID_SECRET=$(echo DRA_SECRET | jq -r '.role_id')
VAULT_SECRET_ID_SECRET=$(echo DRA_SECRET | jq -r '.secret_id')
export VAULT_ADDR_SECRET VAULT_ROLE_ID_SECRET VAULT_SECRET_ID_SECRET
unset DRA_SECRET
# Shared secret path containing the dra creds for project teams
DRA_CREDS_SECRET=$(retry 5 vault kv get -field=data -format=json ${CI_DRA_ROLE_PATH})
VAULT_ADDR_DRA=$(echo "${DRA_CREDS_SECRET}" | jq -r '.vault_addr')
VAULT_ROLE_ID_SECRET=$(echo "${DRA_CREDS_SECRET}" | jq -r '.role_id')
VAULT_SECRET=$(echo "${DRA_CREDS_SECRET}" | jq -r '.secret_id')
export VAULT_ADDR_DRA VAULT_ROLE_ID_SECRET VAULT_SECRET
fi
fi

Expand Down
4 changes: 2 additions & 2 deletions .buildkite/scripts/steps/dra-publish.sh
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,9 @@ function run_release_manager() {
fi
echo docker run --rm \
--name release-manager \
-e VAULT_ADDR="${VAULT_ADDR_SECRET}" \
-e VAULT_ADDR="${VAULT_ADDR_DRA}" \
-e VAULT_ROLE_ID="${VAULT_ROLE_ID_SECRET}" \
-e VAULT_SECRET_ID="${VAULT_SECRET_ID_SECRET}" \
-e VAULT_SECRET_ID="${VAULT_SECRET}" \
--mount type=bind,readonly=false,src="${PWD}",target=/artifacts \
docker.elastic.co/infra/release-manager:latest \
cli collect \
Expand Down

0 comments on commit fe638b5

Please sign in to comment.