nomad
/
cloudbeaver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update rendered example

This commit is contained in:
Daniel Berteaud 2024-03-05 14:44:08 +01:00
parent 95bac5a456
commit 877f64afce
4 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
example/cloudbeaver.nomad.hcl
View File

@ -153,8 +153,8 @@ _EOT
PGDATABASE=cloudbeaver PGDATABASE=cloudbeaver
PGHOST=127.0.0.1 PGHOST=127.0.0.1
PGPORT=5432 PGPORT=5432
PGUSER={{ with secret "/database/creds/cloudbeaver" }}{{ .Data.username }}{{ end }} PGUSER={{ with secret "database/creds/cloudbeaver" }}{{ .Data.username }}{{ end }}
PGPASSWORD={{ with secret "/database/creds/cloudbeaver" }}{{ .Data.password }}{{ end }} PGPASSWORD={{ with secret "database/creds/cloudbeaver" }}{{ .Data.password }}{{ end }}
_EOT _EOT
destination = "secrets/.db.env" destination = "secrets/.db.env"
perms = 0400 perms = 0400
@ -279,7 +279,7 @@ _EOT
data = <<_EOT data = <<_EOT
{ {
adminName: "cloudbeaver", adminName: "cloudbeaver",
adminPassword: "{{ with secret "/kv/service/cloudbeaver" }}{{ .Data.data.initial_admin_pwd }}{{ end }}", adminPassword: "{{ with secret "kv/service/cloudbeaver" }}{{ .Data.data.initial_admin_pwd }}{{ end }}",
teams: [ teams: [
{ {
subjectId: "admin", subjectId: "admin",

2
example/init/cloudbeaver-vault-database
View File

@ -2,7 +2,7 @@
set -euo pipefail set -euo pipefail
vault write /database/roles/cloudbeaver \ vault write database/roles/cloudbeaver \
db_name="postgres" \ db_name="postgres" \
creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \ creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
GRANT \"cloudbeaver\" TO \"{{name}}\"; \ GRANT \"cloudbeaver\" TO \"{{name}}\"; \

2
example/prep.d/10-cloudbeaver-rand-secrets.sh
View File

@ -5,7 +5,7 @@ set -euo pipefail
# vim: syntax=sh # vim: syntax=sh
export LC_ALL=C export LC_ALL=C
VAULT_KV_PATH=/kv/service/cloudbeaver VAULT_KV_PATH=kv/service/cloudbeaver
RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50" RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50"
if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then
vault kv put ${VAULT_KV_PATH} \ vault kv put ${VAULT_KV_PATH} \

4
example/vault/policies/cloudbeaver.hcl
View File

@ -1,7 +1,7 @@
path "/kv/data/service/cloudbeaver" { path "kv/data/service/cloudbeaver" {
capabilities = ["read"] capabilities = ["read"]
} }
path "/database/creds/cloudbeaver" { path "database/creds/cloudbeaver" {
capabilities = ["read"] capabilities = ["read"]
} }