Update rendered example
This commit is contained in:
parent
95bac5a456
commit
877f64afce
|
@ -153,8 +153,8 @@ _EOT
|
||||||
PGDATABASE=cloudbeaver
|
PGDATABASE=cloudbeaver
|
||||||
PGHOST=127.0.0.1
|
PGHOST=127.0.0.1
|
||||||
PGPORT=5432
|
PGPORT=5432
|
||||||
PGUSER={{ with secret "/database/creds/cloudbeaver" }}{{ .Data.username }}{{ end }}
|
PGUSER={{ with secret "database/creds/cloudbeaver" }}{{ .Data.username }}{{ end }}
|
||||||
PGPASSWORD={{ with secret "/database/creds/cloudbeaver" }}{{ .Data.password }}{{ end }}
|
PGPASSWORD={{ with secret "database/creds/cloudbeaver" }}{{ .Data.password }}{{ end }}
|
||||||
_EOT
|
_EOT
|
||||||
destination = "secrets/.db.env"
|
destination = "secrets/.db.env"
|
||||||
perms = 0400
|
perms = 0400
|
||||||
|
@ -279,7 +279,7 @@ _EOT
|
||||||
data = <<_EOT
|
data = <<_EOT
|
||||||
{
|
{
|
||||||
adminName: "cloudbeaver",
|
adminName: "cloudbeaver",
|
||||||
adminPassword: "{{ with secret "/kv/service/cloudbeaver" }}{{ .Data.data.initial_admin_pwd }}{{ end }}",
|
adminPassword: "{{ with secret "kv/service/cloudbeaver" }}{{ .Data.data.initial_admin_pwd }}{{ end }}",
|
||||||
teams: [
|
teams: [
|
||||||
{
|
{
|
||||||
subjectId: "admin",
|
subjectId: "admin",
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
vault write /database/roles/cloudbeaver \
|
vault write database/roles/cloudbeaver \
|
||||||
db_name="postgres" \
|
db_name="postgres" \
|
||||||
creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
|
creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
|
||||||
GRANT \"cloudbeaver\" TO \"{{name}}\"; \
|
GRANT \"cloudbeaver\" TO \"{{name}}\"; \
|
||||||
|
|
|
@ -5,7 +5,7 @@ set -euo pipefail
|
||||||
# vim: syntax=sh
|
# vim: syntax=sh
|
||||||
|
|
||||||
export LC_ALL=C
|
export LC_ALL=C
|
||||||
VAULT_KV_PATH=/kv/service/cloudbeaver
|
VAULT_KV_PATH=kv/service/cloudbeaver
|
||||||
RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50"
|
RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50"
|
||||||
if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then
|
if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then
|
||||||
vault kv put ${VAULT_KV_PATH} \
|
vault kv put ${VAULT_KV_PATH} \
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
path "/kv/data/service/cloudbeaver" {
|
path "kv/data/service/cloudbeaver" {
|
||||||
capabilities = ["read"]
|
capabilities = ["read"]
|
||||||
}
|
}
|
||||||
|
|
||||||
path "/database/creds/cloudbeaver" {
|
path "database/creds/cloudbeaver" {
|
||||||
capabilities = ["read"]
|
capabilities = ["read"]
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue