Azure
/
az-hop
зеркало из https://github.com/Azure/az-hop.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
az-hop/create_passwords.sh

31 строка
1.2 KiB
Bash
Executable File
Исходник Постоянная ссылка Ответственный История

#!/bin/bash
# This script will create a random password per user and store it in the keyvault under a secret named <user>-password
AZHOP_CONFIG=config.yml
ANSIBLE_VARIABLES=playbooks/group_vars/all.yml
if [ ! -e $AZHOP_CONFIG ]; then
echo "$AZHOP_CONFIG doesn't exist, exiting"
exit 1
fi
key_vault=$(yq eval '.key_vault' $ANSIBLE_VARIABLES)
if [ "$key_vault" == "" ]; then
echo "Keyvault retrieved from $ANSIBLE_VARIABLES is empty"
exit 1
fi
users=$(yq eval '.users[].name' $AZHOP_CONFIG)
for user in $users; do
# Because secret names are restricted to '^[0-9a-zA-Z-]+$' we need to remove all other characters
secret_name=$(echo $user-password | tr -dc 'a-zA-Z0-9-')
current_password=$(az keyvault secret list --vault-name $key_vault --query "[?name=='$secret_name'].name" -o tsv)
if [ "$current_password" == "" ]; then
password=$(openssl rand -base64 20)
az keyvault secret set --value $password --name $secret_name --vault-name $key_vault -o table > /dev/null
echo "Generating a password for $user and storing it as secret $secret_name in keyvault $key_vault"
else
echo "User $user has already a password stored in keyvault $key_vault"
fi
done
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку