From 3d4c96d365ff74346283fed4937a96a970913c83 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Tue, 5 Mar 2024 14:47:58 +0100 Subject: [PATCH] Update rendered example --- example/bounca.nomad.hcl | 14 +++++++------- example/images/bounca/Dockerfile | 2 +- example/init/vault-database | 2 +- example/prep.d/10-rand-pwd.sh | 2 +- example/vault/policies/bounca.hcl | 4 ++-- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/example/bounca.nomad.hcl b/example/bounca.nomad.hcl index 6597402..d17d94e 100644 --- a/example/bounca.nomad.hcl +++ b/example/bounca.nomad.hcl @@ -75,7 +75,7 @@ job "bounca" { user = 1053 config { - image = "danielberteaud/wait-for:24.2-1" + image = "danielberteaud/wait-for:24.3-1" readonly_rootfs = true pids_limit = 20 } @@ -137,7 +137,7 @@ job "bounca" { template { data = <<_EOT BOUNCA_DB_NAME=bounca -BOUNCA_DJANGO_SECRET={{ with secret "//kv/service/bounca" }}{{ .Data.data.django_secret }}{{ end }} +BOUNCA_DJANGO_SECRET={{ with secret "/kv/service/bounca" }}{{ .Data.data.django_secret }}{{ end }} LANG=fr_FR.utf8 TZ=Europe/Paris _EOT @@ -193,8 +193,8 @@ _EOT template { data = <<_EOT -BOUNCA_DB_USER={{ with secret "//database/creds/bounca" }}{{ .Data.username }}{{ end }} -BOUNCA_DB_PASSWORD={{ with secret "//database/creds/bounca" }}{{ .Data.password }}{{ end }} +BOUNCA_DB_USER={{ with secret "/database/creds/bounca" }}{{ .Data.username }}{{ end }} +BOUNCA_DB_PASSWORD={{ with secret "/database/creds/bounca" }}{{ .Data.password }}{{ end }} BOUNCA_DB_PORT=5432 _EOT destination = "secrets/.db.env" @@ -251,7 +251,7 @@ _EOT template { data = <<_EOT BOUNCA_DB_NAME=bounca -BOUNCA_DJANGO_SECRET={{ with secret "//kv/service/bounca" }}{{ .Data.data.django_secret }}{{ end }} +BOUNCA_DJANGO_SECRET={{ with secret "/kv/service/bounca" }}{{ .Data.data.django_secret }}{{ end }} LANG=fr_FR.utf8 TZ=Europe/Paris _EOT @@ -263,8 +263,8 @@ _EOT template { data = <<_EOT -BOUNCA_DB_USER={{ with secret "//database/creds/bounca" }}{{ .Data.username }}{{ end }} -BOUNCA_DB_PASSWORD={{ with secret "//database/creds/bounca" }}{{ .Data.password }}{{ end }} +BOUNCA_DB_USER={{ with secret "/database/creds/bounca" }}{{ .Data.username }}{{ end }} +BOUNCA_DB_PASSWORD={{ with secret "/database/creds/bounca" }}{{ .Data.password }}{{ end }} BOUNCA_DB_PORT=5432 _EOT destination = "secrets/.db.env" diff --git a/example/images/bounca/Dockerfile b/example/images/bounca/Dockerfile index 0817a14..e8f4a3b 100644 --- a/example/images/bounca/Dockerfile +++ b/example/images/bounca/Dockerfile @@ -74,7 +74,7 @@ RUN set -euxo pipefail &&\ nginx \ postgresql16-client -COPY --from=danielberteaud/alpine:24.2-1 /usr/local/bin/minit /usr/local/bin/minit +COPY --from=danielberteaud/alpine:24.3-1 /usr/local/bin/minit /usr/local/bin/minit COPY root/ / WORKDIR /opt/bounca diff --git a/example/init/vault-database b/example/init/vault-database index 1b69a10..38e580f 100755 --- a/example/init/vault-database +++ b/example/init/vault-database @@ -1,6 +1,6 @@ #!/bin/sh -set -euo pipefailvault write /database/roles/bounca \ +set -euo pipefailvault write database/roles/bounca \ db_name="postgres" \ creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \ GRANT \"bounca\" TO \"{{name}}\"; \ diff --git a/example/prep.d/10-rand-pwd.sh b/example/prep.d/10-rand-pwd.sh index 2460286..7c9b453 100755 --- a/example/prep.d/10-rand-pwd.sh +++ b/example/prep.d/10-rand-pwd.sh @@ -5,7 +5,7 @@ set -euo pipefail # vim: syntax=sh export LC_ALL=C -VAULT_KV_PATH=/kv/service/bounca +VAULT_KV_PATH=kv/service/bounca RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50" if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then vault kv put ${VAULT_KV_PATH} \ diff --git a/example/vault/policies/bounca.hcl b/example/vault/policies/bounca.hcl index 40cba3b..d8a9d3b 100644 --- a/example/vault/policies/bounca.hcl +++ b/example/vault/policies/bounca.hcl @@ -1,7 +1,7 @@ -path "/kv/data/service/bounca" { +path "kv/data/service/bounca" { capabilities = ["read"] } -path "/database/creds/bounca" { +path "database/creds/bounca" { capabilities = ["read"] }