Forgot about flag that toggle subprocess's check of the return code
All checks were successful
Build and deploy Bridgeman Accessible Hashicorp Vault Implementation / deploy (push) Successful in 14s
All checks were successful
Build and deploy Bridgeman Accessible Hashicorp Vault Implementation / deploy (push) Successful in 14s
This commit is contained in:
Alan Bridgeman
parent
5c62894a1b
commit
2cf35c3d9f
1 changed files with 4 additions and 22 deletions
|
|
@ -109,7 +109,7 @@ def check_app_role_exists(role_name: str) -> bool:
|
|||
role_list_path = '/' + '/'.join(['auth', 'approle', 'role'])
|
||||
|
||||
# List the roles
|
||||
role_return_code, role_output, role_err = CommandRunner.run_command(f'vault list --format=json {role_list_path}')
|
||||
role_return_code, role_output, role_err = CommandRunner.run_command(f'vault list --format=json {role_list_path}', False)
|
||||
|
||||
# If non-zero return code, raise an error
|
||||
if role_return_code != 0:
|
||||
|
|
@ -138,15 +138,9 @@ def get_role_id(role_name: str) -> str:
|
|||
role_read_path = '/'.join(['auth', 'approle', 'role', role_name, 'role-id'])
|
||||
|
||||
# Get the role_id from vault
|
||||
# Note, check is enabled so any non-zero return code will raise an error
|
||||
role_return_code, role_id_output, role_id_err = CommandRunner.run_command('vault read --format=json ' + role_read_path)
|
||||
|
||||
# If non-zero return code, raise an error
|
||||
if role_return_code != 0:
|
||||
logging.error('Failed to get the role_id for role: ' + role_name)
|
||||
logging.error('Role ID Output: ' + role_id_output)
|
||||
logging.error('Role ID Error: ' + role_id_err)
|
||||
raise RuntimeError('Failed to get the role_id for role: ' + role_name)
|
||||
|
||||
# Parse the role_id from the output
|
||||
role_id_json = json.loads(role_id_output)
|
||||
role_id = role_id_json['data']['role_id']
|
||||
|
|
@ -169,15 +163,9 @@ def get_secret_id(role_name: str) -> str:
|
|||
secret_write_path = '/'.join(['auth', 'approle', 'role', role_name, 'secret-id'])
|
||||
|
||||
# Get the secret_id from vault (by writing to the secret-id endpoint)
|
||||
# Note, check is enabled so any non-zero return code will raise an error
|
||||
secret_return_code, secret_id_output, secret_id_err = CommandRunner.run_command('vault write --format=json -f ' + secret_write_path)
|
||||
|
||||
# If non-zero return code, raise an error
|
||||
if secret_return_code != 0:
|
||||
logging.error('Failed to get the secret_id for role: ' + role_name)
|
||||
logging.error('Secret ID Output: ' + secret_id_output)
|
||||
logging.error('Secret ID Error: ' + secret_id_err)
|
||||
raise RuntimeError('Failed to get the secret_id for role: ' + role_name)
|
||||
|
||||
# Parse the secret_id from the output
|
||||
secret_id_json = json.loads(secret_id_output)
|
||||
secret_id = secret_id_json['data']['secret_id']
|
||||
|
|
@ -201,15 +189,9 @@ def create_app_role(role_name: str, policy_name: str) -> tuple[str, str]:
|
|||
role_write_path = '/'.join(['auth', 'approle', 'role', role_name])
|
||||
|
||||
# Create a role
|
||||
# Note, check is enabled so any non-zero return code will raise an error
|
||||
role_write_return_code, role_write_output, role_write_err = CommandRunner.run_command('vault write ' + role_write_path + ' token_policies="' + policy_name + '"')
|
||||
|
||||
# If non-zero return code, raise an error
|
||||
if role_write_return_code != 0:
|
||||
logging.error('Failed to create AppRole role: ' + role_name)
|
||||
logging.error('Role Write Output: ' + role_write_output)
|
||||
logging.error('Role Write Error: ' + role_write_err)
|
||||
raise RuntimeError('Failed to create AppRole role: ' + role_name)
|
||||
|
||||
logging.debug(role_write_output)
|
||||
|
||||
# Get the role_id
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue