Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
) (cherry picked from commit f69dce0)
- Loading branch information
1 parent
2bb29c3
commit 0093f4a
Showing
8 changed files
with
221 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
#!/bin/bash | ||
|
||
set -euo pipefail | ||
|
||
# WARNING: this script will echo the credentials to the console. It is meant to be called from another script and captured in a variable. | ||
# It should really only be used inside .buildkite/hooks/pre-command | ||
|
||
source .buildkite/scripts/setup-legacy-vault.sh | ||
|
||
vault read -format=json "$1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
#!/bin/bash | ||
|
||
set -euo pipefail | ||
|
||
# Usage: .buildkite/scripts/third-party-test-credentials.gcs.sh <path/to/write/credentials.json> | ||
|
||
source .buildkite/scripts/setup-legacy-vault.sh | ||
|
||
vault read -field=private_key_data gcp-elastic-ci-prod/key/elasticsearch-ci-thirdparty-gcs | base64 --decode > "$1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
#!/bin/bash | ||
|
||
set -euo pipefail | ||
|
||
# You'll notice that most of the variables are exported twice with different names here | ||
# The first/uppercase export is to ensure that Buildkite masks the values in the logs should they accidentally be output | ||
# The second/lowercase export is what the tests expect/require | ||
|
||
if [[ "${USE_3RD_PARTY_AZURE_CREDENTIALS:-}" == "true" ]]; then | ||
json=$(vault read -format=json secret/ci/elastic-elasticsearch/migrated/azure_thirdparty_test_creds) | ||
|
||
AZURE_STORAGE_ACCOUNT_SECRET=$(echo "$json" | jq -r .data.account_id) | ||
export AZURE_STORAGE_ACCOUNT_SECRET | ||
export azure_storage_account="$AZURE_STORAGE_ACCOUNT_SECRET" | ||
|
||
AZURE_STORAGE_KEY=$(echo "$json" | jq -r .data.account_key) | ||
export AZURE_STORAGE_KEY | ||
export azure_storage_key="$AZURE_STORAGE_KEY" | ||
fi | ||
|
||
if [[ "${USE_3RD_PARTY_AZURE_SAS_CREDENTIALS:-}" == "true" ]]; then | ||
json=$(vault read -format=json secret/ci/elastic-elasticsearch/migrated/azure_thirdparty_sas_test_creds) | ||
|
||
AZURE_STORAGE_ACCOUNT_SECRET=$(echo "$json" | jq -r .data.account_id) | ||
export AZURE_STORAGE_ACCOUNT_SECRET | ||
export azure_storage_account="$AZURE_STORAGE_ACCOUNT_SECRET" | ||
|
||
AZURE_STORAGE_SAS_TOKEN=$(echo "$json" | jq -r .data.account_sas_token) | ||
export AZURE_STORAGE_SAS_TOKEN | ||
export azure_storage_sas_token="$AZURE_STORAGE_SAS_TOKEN" | ||
fi | ||
|
||
if [[ "${USE_3RD_PARTY_S3_CREDENTIALS:-}" == "true" ]]; then | ||
json=$(.buildkite/scripts/get-legacy-secret.sh aws-test/creds/elasticsearch-ci-s3) | ||
AMAZON_S3_ACCESS_KEY=$(echo "$json" | jq -r .data.access_key) | ||
export AMAZON_S3_ACCESS_KEY | ||
export amazon_s3_access_key="$AMAZON_S3_ACCESS_KEY" | ||
|
||
AMAZON_S3_SECRET_KEY=$(echo "$json" | jq -r .data.secret_key) | ||
export AMAZON_S3_SECRET_KEY | ||
export amazon_s3_secret_key="$AMAZON_S3_SECRET_KEY" | ||
fi | ||
|
||
if [[ "${USE_3RD_PARTY_GCS_CREDENTIALS:-}" == "true" ]]; then | ||
export google_storage_service_account=$(mktemp) | ||
.buildkite/scripts/third-party-test-credentials.gcs.sh "$google_storage_service_account" | ||
fi | ||
|
||
|
||
|
||
unset json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters