From 5c446dd18500b6da1e676b58453f97cc003d2f8d Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Mon, 29 Jul 2024 14:33:28 +0200 Subject: [PATCH] just: credential getter as nix script --- justfile | 11 +---------- packages/scripts.nix | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 10 deletions(-) diff --git a/justfile b/justfile index 586d0525cb..7d87cfb24e 100644 --- a/justfile +++ b/justfile @@ -225,16 +225,7 @@ get-credentials-ci: --admin get-credentials-from-gcloud path: - #!/usr/bin/env bash - set -euo pipefail - tmpConfig=$(mktemp) - gcloud secrets versions access {{ path }} --out-file="$tmpConfig" - mergedConfig=$(mktemp) - KUBECONFIG_BAK=${KUBECONFIG:-~/.kube/config} - KUBECONFIG=$tmpConfig:${KUBECONFIG_BAK} kubectl config view --flatten > $mergedConfig - export newContext=$(yq -r '.contexts.[0].name' $tmpConfig) - yq -i '.current-context = env(newContext)' $mergedConfig - mv $mergedConfig ${KUBECONFIG_BAK%%:*} + nix run .#scripts.get-credentials {{ path }} get-credentials-tdxbm: (get-credentials-from-gcloud "projects/796962942582/secrets/m50-ganondorf-kubeconf/versions/2") diff --git a/packages/scripts.nix b/packages/scripts.nix index e765ca5eff..8c22949bd3 100644 --- a/packages/scripts.nix +++ b/packages/scripts.nix @@ -298,4 +298,22 @@ ) ''; }; + + # Usage: get-credentials $gcloudSecretRef + get-credentials = writeShellApplication { + name = "extract-policies"; + runtimeInputs = with pkgs; [ google-cloud-sdk ]; + text = '' + set -euo pipefail + tmpConfig=$(mktemp) + gcloud secrets versions access "$1" --out-file="$tmpConfig" + mergedConfig=$(mktemp) + KUBECONFIG_BAK=''${KUBECONFIG:-~/.kube/config} + KUBECONFIG=$tmpConfig:''${KUBECONFIG_BAK} kubectl config view --flatten > "$mergedConfig" + newContext=$(yq -r '.contexts.[0].name' "$tmpConfig") + declare -x newContext + yq -i '.current-context = env(newContext)' "$mergedConfig" + mv "$mergedConfig" "''${KUBECONFIG_BAK%%:*}" + ''; + }; }