Blame bin/test_secrets.sh
|
Theo Chatzimichos |
40c535 |
#!/bin/bash
|
|
Theo Chatzimichos |
40c535 |
|
|
Theo Chatzimichos |
40c535 |
# Script that validates that the pillar/secret/*/*.sls files contain the
|
|
Theo Chatzimichos |
40c535 |
# appropriate header, and that none other pillar files contain this header or
|
|
Theo Chatzimichos |
40c535 |
# any secrets
|
|
Theo Chatzimichos |
40c535 |
|
|
Andrii Nikitin |
f37bda |
HEADER="yaml\\|gpg"
|
|
Theo Chatzimichos |
40c535 |
|
|
Theo Chatzimichos |
f694fd |
SECRETS_SLS=$(find pillar/secrets -name '*.sls' 2> /dev/null)
|
|
Theo Chatzimichos |
f694fd |
if [[ -n $SECRETS_SLS ]]; then
|
|
Theo Chatzimichos |
f694fd |
for secret_sls in ${SECRETS_SLS[@]}; do
|
|
Andrii Nikitin |
f37bda |
head -n 1 $secret_sls | grep -q -P "$HEADER" || {
|
|
Andrii Nikitin |
f37bda |
echo "$secret_sls is missing pattern \"$HEADER\" in shebang"
|
|
Theo Chatzimichos |
f694fd |
STATUS=1
|
|
Andrii Nikitin |
f37bda |
}
|
|
Theo Chatzimichos |
f694fd |
done
|
|
Theo Chatzimichos |
f694fd |
fi
|
|
Theo Chatzimichos |
40c535 |
|
|
Theo Chatzimichos |
40c535 |
for sls in $(find pillar/ -not -path 'pillar/secrets/*' -name '*.sls'); do
|
|
Andrii Nikitin |
f37bda |
if $(grep -q -P "$HEADER" $sls); then
|
|
Theo Chatzimichos |
40c535 |
echo "$sls has the \"$HEADER\" header, please remove it"
|
|
Theo Chatzimichos |
40c535 |
STATUS=1
|
|
Theo Chatzimichos |
40c535 |
fi
|
|
Theo Chatzimichos |
40c535 |
if $(grep -q "BEGIN GPG MESSAGE" $sls); then
|
|
Theo Chatzimichos |
40c535 |
echo "$sls contains secrets. Please move them to pillar/secrets/${sls#*/}"
|
|
Theo Chatzimichos |
40c535 |
STATUS=1
|
|
Theo Chatzimichos |
40c535 |
fi
|
|
Theo Chatzimichos |
40c535 |
done
|
|
Theo Chatzimichos |
40c535 |
|
|
Theo Chatzimichos |
40c535 |
exit $STATUS
|