Blame bin/test_secrets.sh
|
Theo Chatzimichos |
40c535 |
#!/bin/bash
|
|
Theo Chatzimichos |
40c535 |
|
|
Theo Chatzimichos |
40c535 |
# Script that validates that the pillar/secret/*/*.sls files contain the
|
|
Theo Chatzimichos |
40c535 |
# appropriate header, and that none other pillar files contain this header or
|
|
Theo Chatzimichos |
40c535 |
# any secrets
|
|
Theo Chatzimichos |
40c535 |
|
|
Theo Chatzimichos |
40c535 |
HEADER="#!yaml|gpg"
|
|
Theo Chatzimichos |
40c535 |
|
|
Theo Chatzimichos |
40c535 |
for secret_sls in $(find pillar/secrets -name '*.sls'); do
|
|
Theo Chatzimichos |
40c535 |
if [[ $(head -n 1 $secret_sls) != "$HEADER" ]]; then
|
|
Theo Chatzimichos |
40c535 |
echo "$secret_sls is missing the \"$HEADER\" header or it is not on the first line"
|
|
Theo Chatzimichos |
40c535 |
STATUS=1
|
|
Theo Chatzimichos |
40c535 |
fi
|
|
Theo Chatzimichos |
40c535 |
done
|
|
Theo Chatzimichos |
40c535 |
|
|
Theo Chatzimichos |
40c535 |
for sls in $(find pillar/ -not -path 'pillar/secrets/*' -name '*.sls'); do
|
|
Theo Chatzimichos |
40c535 |
if $(grep -q "$HEADER" $sls); then
|
|
Theo Chatzimichos |
40c535 |
echo "$sls has the \"$HEADER\" header, please remove it"
|
|
Theo Chatzimichos |
40c535 |
STATUS=1
|
|
Theo Chatzimichos |
40c535 |
fi
|
|
Theo Chatzimichos |
40c535 |
if $(grep -q "BEGIN GPG MESSAGE" $sls); then
|
|
Theo Chatzimichos |
40c535 |
echo "$sls contains secrets. Please move them to pillar/secrets/${sls#*/}"
|
|
Theo Chatzimichos |
40c535 |
STATUS=1
|
|
Theo Chatzimichos |
40c535 |
fi
|
|
Theo Chatzimichos |
40c535 |
done
|
|
Theo Chatzimichos |
40c535 |
|
|
Theo Chatzimichos |
40c535 |
exit $STATUS
|