Forgot about flag that toggle subprocess's check of the return code
All checks were successful
Build and deploy Bridgeman Accessible Hashicorp Vault Implementation / deploy (push) Successful in 14s
All checks were successful
Build and deploy Bridgeman Accessible Hashicorp Vault Implementation / deploy (push) Successful in 14s
This commit is contained in:
Alan Bridgeman
parent
5c62894a1b
commit
2cf35c3d9f
1 changed files with 4 additions and 22 deletions
|
|
@ -109,7 +109,7 @@ def check_app_role_exists(role_name: str) -> bool:
|
||||||
role_list_path = '/' + '/'.join(['auth', 'approle', 'role'])
|
role_list_path = '/' + '/'.join(['auth', 'approle', 'role'])
|
||||||
|
|
||||||
# List the roles
|
# List the roles
|
||||||
role_return_code, role_output, role_err = CommandRunner.run_command(f'vault list --format=json {role_list_path}')
|
role_return_code, role_output, role_err = CommandRunner.run_command(f'vault list --format=json {role_list_path}', False)
|
||||||
|
|
||||||
# If non-zero return code, raise an error
|
# If non-zero return code, raise an error
|
||||||
if role_return_code != 0:
|
if role_return_code != 0:
|
||||||
|
|
@ -138,14 +138,8 @@ def get_role_id(role_name: str) -> str:
|
||||||
role_read_path = '/'.join(['auth', 'approle', 'role', role_name, 'role-id'])
|
role_read_path = '/'.join(['auth', 'approle', 'role', role_name, 'role-id'])
|
||||||
|
|
||||||
# Get the role_id from vault
|
# Get the role_id from vault
|
||||||
|
# Note, check is enabled so any non-zero return code will raise an error
|
||||||
role_return_code, role_id_output, role_id_err = CommandRunner.run_command('vault read --format=json ' + role_read_path)
|
role_return_code, role_id_output, role_id_err = CommandRunner.run_command('vault read --format=json ' + role_read_path)
|
||||||
|
|
||||||
# If non-zero return code, raise an error
|
|
||||||
if role_return_code != 0:
|
|
||||||
logging.error('Failed to get the role_id for role: ' + role_name)
|
|
||||||
logging.error('Role ID Output: ' + role_id_output)
|
|
||||||
logging.error('Role ID Error: ' + role_id_err)
|
|
||||||
raise RuntimeError('Failed to get the role_id for role: ' + role_name)
|
|
||||||
|
|
||||||
# Parse the role_id from the output
|
# Parse the role_id from the output
|
||||||
role_id_json = json.loads(role_id_output)
|
role_id_json = json.loads(role_id_output)
|
||||||
|
|
@ -169,14 +163,8 @@ def get_secret_id(role_name: str) -> str:
|
||||||
secret_write_path = '/'.join(['auth', 'approle', 'role', role_name, 'secret-id'])
|
secret_write_path = '/'.join(['auth', 'approle', 'role', role_name, 'secret-id'])
|
||||||
|
|
||||||
# Get the secret_id from vault (by writing to the secret-id endpoint)
|
# Get the secret_id from vault (by writing to the secret-id endpoint)
|
||||||
|
# Note, check is enabled so any non-zero return code will raise an error
|
||||||
secret_return_code, secret_id_output, secret_id_err = CommandRunner.run_command('vault write --format=json -f ' + secret_write_path)
|
secret_return_code, secret_id_output, secret_id_err = CommandRunner.run_command('vault write --format=json -f ' + secret_write_path)
|
||||||
|
|
||||||
# If non-zero return code, raise an error
|
|
||||||
if secret_return_code != 0:
|
|
||||||
logging.error('Failed to get the secret_id for role: ' + role_name)
|
|
||||||
logging.error('Secret ID Output: ' + secret_id_output)
|
|
||||||
logging.error('Secret ID Error: ' + secret_id_err)
|
|
||||||
raise RuntimeError('Failed to get the secret_id for role: ' + role_name)
|
|
||||||
|
|
||||||
# Parse the secret_id from the output
|
# Parse the secret_id from the output
|
||||||
secret_id_json = json.loads(secret_id_output)
|
secret_id_json = json.loads(secret_id_output)
|
||||||
|
|
@ -201,14 +189,8 @@ def create_app_role(role_name: str, policy_name: str) -> tuple[str, str]:
|
||||||
role_write_path = '/'.join(['auth', 'approle', 'role', role_name])
|
role_write_path = '/'.join(['auth', 'approle', 'role', role_name])
|
||||||
|
|
||||||
# Create a role
|
# Create a role
|
||||||
|
# Note, check is enabled so any non-zero return code will raise an error
|
||||||
role_write_return_code, role_write_output, role_write_err = CommandRunner.run_command('vault write ' + role_write_path + ' token_policies="' + policy_name + '"')
|
role_write_return_code, role_write_output, role_write_err = CommandRunner.run_command('vault write ' + role_write_path + ' token_policies="' + policy_name + '"')
|
||||||
|
|
||||||
# If non-zero return code, raise an error
|
|
||||||
if role_write_return_code != 0:
|
|
||||||
logging.error('Failed to create AppRole role: ' + role_name)
|
|
||||||
logging.error('Role Write Output: ' + role_write_output)
|
|
||||||
logging.error('Role Write Error: ' + role_write_err)
|
|
||||||
raise RuntimeError('Failed to create AppRole role: ' + role_name)
|
|
||||||
|
|
||||||
logging.debug(role_write_output)
|
logging.debug(role_write_output)
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue