|
1 | 1 | #!/usr/bin/env bash |
2 | | -# Load development secrets from a Kubernetes secret into environment |
3 | | -# variables for local boost backend development. |
| 2 | +# Load boost dev secrets from a K8s namespace. |
| 3 | +# Source this before launching the debugger: |
| 4 | +# source workspaces/boost/scripts/load-secrets.sh |
4 | 5 | # |
5 | | -# Usage: |
6 | | -# source scripts/load-secrets.sh [secret-name] [namespace] |
| 6 | +# Override defaults via env vars: |
| 7 | +# BOOST_SECRET_NAMESPACE (default: rolling-demo-ns) |
| 8 | +# BOOST_SECRET_NAME (default: augment-secrets) |
7 | 9 | # |
8 | | -# Defaults: |
9 | | -# secret-name: boost-dev-secrets |
10 | | -# namespace: boost-dev |
| 10 | +# Requires: kubectl access to the cluster (KUBECONFIG set) |
11 | 11 |
|
12 | | -set -euo pipefail |
13 | | - |
14 | | -SECRET_NAME="${1:-boost-dev-secrets}" |
15 | | -NAMESPACE="${2:-boost-dev}" |
| 12 | +NAMESPACE="${BOOST_SECRET_NAMESPACE:-rolling-demo-ns}" |
| 13 | +SECRET_NAME="${BOOST_SECRET_NAME:-augment-secrets}" |
16 | 14 |
|
17 | 15 | echo "Loading secrets from ${NAMESPACE}/${SECRET_NAME}..." |
18 | 16 |
|
19 | | -# Read fields from the K8s secret |
20 | | -export KAGENTI_CLIENT_SECRET |
21 | | -KAGENTI_CLIENT_SECRET=$(kubectl get secret "${SECRET_NAME}" \ |
22 | | - -n "${NAMESPACE}" -o jsonpath='{.data.KAGENTI_CLIENT_SECRET}' | base64 -d) |
23 | | - |
24 | | -export KAGENTI_CLIENT_ID |
25 | | -KAGENTI_CLIENT_ID=$(kubectl get secret "${SECRET_NAME}" \ |
26 | | - -n "${NAMESPACE}" -o jsonpath='{.data.KAGENTI_CLIENT_ID}' | base64 -d) |
27 | | - |
28 | | -export KAGENTI_TOKEN_ENDPOINT |
29 | | -KAGENTI_TOKEN_ENDPOINT=$(kubectl get secret "${SECRET_NAME}" \ |
30 | | - -n "${NAMESPACE}" -o jsonpath='{.data.KAGENTI_TOKEN_ENDPOINT}' | base64 -d) |
31 | | - |
32 | | -export KAGENTI_BASE_URL |
33 | | -KAGENTI_BASE_URL=$(kubectl get secret "${SECRET_NAME}" \ |
34 | | - -n "${NAMESPACE}" -o jsonpath='{.data.KAGENTI_BASE_URL}' | base64 -d) |
35 | | - |
36 | | -export KAGENTI_NAMESPACE |
37 | | -KAGENTI_NAMESPACE=$(kubectl get secret "${SECRET_NAME}" \ |
38 | | - -n "${NAMESPACE}" -o jsonpath='{.data.KAGENTI_NAMESPACE}' | base64 -d) |
39 | | - |
40 | | -export BOOST_MODEL |
41 | | -BOOST_MODEL=$(kubectl get secret "${SECRET_NAME}" \ |
42 | | - -n "${NAMESPACE}" -o jsonpath='{.data.BOOST_MODEL}' | base64 -d) |
43 | | - |
44 | | -# Accept self-signed certs from OpenShift routes (override with 1 to enforce) |
45 | | -export NODE_TLS_REJECT_UNAUTHORIZED="${NODE_TLS_REJECT_UNAUTHORIZED:-0}" |
46 | | - |
47 | | -echo "Environment loaded:" |
48 | | -echo " KAGENTI_CLIENT_SECRET=<set>" |
49 | | -echo " KAGENTI_CLIENT_ID=<set>" |
50 | | -echo " KAGENTI_TOKEN_ENDPOINT=${KAGENTI_TOKEN_ENDPOINT}" |
51 | | -echo " KAGENTI_BASE_URL=${KAGENTI_BASE_URL}" |
52 | | -echo " KAGENTI_NAMESPACE=${KAGENTI_NAMESPACE}" |
53 | | -echo " BOOST_MODEL=${BOOST_MODEL}" |
54 | | -echo " NODE_TLS_REJECT_UNAUTHORIZED=${NODE_TLS_REJECT_UNAUTHORIZED}" |
| 17 | +_load_field() { |
| 18 | + local val |
| 19 | + val=$(kubectl get secret "$SECRET_NAME" -n "$NAMESPACE" \ |
| 20 | + -o jsonpath="{.data.$1}" 2>/dev/null) || { |
| 21 | + echo " WARNING: failed to read $1 from secret ${NAMESPACE}/${SECRET_NAME}" >&2 |
| 22 | + return 1 |
| 23 | + } |
| 24 | + if [ -z "${val}" ]; then |
| 25 | + echo " WARNING: $1 is empty in secret ${NAMESPACE}/${SECRET_NAME}" >&2 |
| 26 | + return 1 |
| 27 | + fi |
| 28 | + echo "${val}" | base64 -d |
| 29 | +} |
| 30 | + |
| 31 | +KAGENTI_CLIENT_SECRET=$(_load_field KAGENTI_CLIENT_SECRET) || { echo "Aborting." >&2; unset -f _load_field; return 1; } |
| 32 | +KAGENTI_CLIENT_ID=$(_load_field KAGENTI_CLIENT_ID) || { echo "Aborting." >&2; unset -f _load_field; return 1; } |
| 33 | +KAGENTI_TOKEN_ENDPOINT=$(_load_field KAGENTI_TOKEN_ENDPOINT) || { echo "Aborting." >&2; unset -f _load_field; return 1; } |
| 34 | +KAGENTI_BASE_URL=$(_load_field KAGENTI_BASE_URL) || { echo "Aborting." >&2; unset -f _load_field; return 1; } |
| 35 | +KAGENTI_NAMESPACE=$(_load_field KAGENTI_NAMESPACE) || { echo "Aborting." >&2; unset -f _load_field; return 1; } |
| 36 | +BOOST_MODEL=$(_load_field AUGMENT_MODEL) || { echo "Aborting." >&2; unset -f _load_field; return 1; } |
| 37 | + |
| 38 | +unset -f _load_field |
| 39 | + |
| 40 | +export KAGENTI_CLIENT_SECRET KAGENTI_CLIENT_ID KAGENTI_TOKEN_ENDPOINT |
| 41 | +export KAGENTI_BASE_URL KAGENTI_NAMESPACE BOOST_MODEL |
| 42 | +export NODE_TLS_REJECT_UNAUTHORIZED=0 |
| 43 | + |
| 44 | +echo "Loaded: KAGENTI_BASE_URL=$KAGENTI_BASE_URL" |
| 45 | +echo "Loaded: KAGENTI_NAMESPACE=$KAGENTI_NAMESPACE" |
| 46 | +echo "Loaded: KAGENTI_CLIENT_ID=$KAGENTI_CLIENT_ID" |
| 47 | +echo "Loaded: KAGENTI_CLIENT_SECRET=<set>" |
| 48 | +echo "Loaded: KAGENTI_TOKEN_ENDPOINT=$KAGENTI_TOKEN_ENDPOINT" |
| 49 | +echo "Loaded: BOOST_MODEL=$BOOST_MODEL" |
| 50 | +echo "Set: NODE_TLS_REJECT_UNAUTHORIZED=0 (for self-signed OpenShift route certs)" |
| 51 | +echo "Ready — launch the debugger in this shell." |
0 commit comments