script: update: drops base64 enc of certs, fixes bash errs

2018-01-10 04:02:29 +05:30 · 2018-01-10 04:02:29 +05:30 · 3902a7985a
parent 6994a596ae
commit 3902a7985a
1 changed files with 39 additions and 34 deletions
--- a/update.sh
+++ b/update.sh
@ -1,55 +1,60 @@
 #!/bin/bash
 set -euo pipefail
 if [ -z ${PLUGIN_NAMESPACE} ]; then
  PLUGIN_NAMESPACE="default"
 fi
 if [ ! -z ${PLUGIN_KUBERNETES_SERVER} ]; then
  KUBERNETES_SERVER=$PLUGIN_KUBERNETES_SERVER
 else
  echo "ERROR: kubernetes_server url not provided"
 fi
 if [ ! -z ${PLUGIN_KUBERNETES_CERT} ]; then
  KUBERNETES_CERT=${PLUGIN_KUBERNETES_CERT}
 else
  echo "WARNING: kubernetes_server_cert not provided"
  echo "Inscure connection to the cluster will be used."
 fi
 if [ ! -z ${PLUGIN_KUBERNETES_USER} ]; then
  KUBERNETES_USER=${PLUGIN_KUBERNETES_USER:-default}
 fi
-if [ ! -z ${PLUGIN_KUBERNETES_CLIENT_CERT} ] && [ ! -z ${PLUGIN_KUBERNETES_CLIENT_KEY} ]; then
+if [ ! -z ${PLUGIN_KUBERNETES_ENV} ]; then
-  KUBERNETES_CLIENT_CERT=$PLUGIN_KUBERNETES_CLIENT_CERT
+  KUBERNETES_ENV=${PLUGIN_KUBERNETES_ENV}
-  KUBERNETES_CLIENT_KEY=$PLUGIN_KUBERNETES_CLIENT_KEY
+
-  echo "INFO: Setting client credentials with signed-certificate and key."
+  KUBERNETES_SERVER_VAR=KUBERNETES_SERVER_${KUBERNETES_ENV}
-  echo ${KUBERNETES_CLIENT_CERT} | base64 -d > client.crt
+  KUBERNETES_CERT_VAR=KUBERNETES_SERVER_CERT_${KUBERNETES_ENV}
-  echo ${KUBERNETES_CLIENT_KEY} | base64 -d > client.key
+
-  kubectl config set-credentials ${KUBERNETES_USER} --client-certificate=client.crt --client-key=client.key
+  KUBERNETES_SERVER=${!KUBERNETES_SERVER_VAR}
-elif [ ! -z ${PLUGIN_KUBERNETES_TOKEN} ]; then
+  KUBERNETES_CERT=${!KUBERNETES_CERT_VAR}
-  KUBERNETES_TOKEN=$PLUGIN_KUBERNETES_TOKEN
+
-  echo "INFO: Setting client credentials with token."
+  if [[ -z "${KUBERNETES_SERVER}" ]]; then
-  kubectl config set-credentials ${KUBERNETES_USER} --token=${KUBERNETES_TOKEN}
+    echo "ERROR: drone secret ${KUBERNETES_SERVER_VAR} not added!"
    exit 1
  fi
  if [[ -z "${KUBERNETES_CERT}" ]]; then
    echo "ERROR: drone secret ${KUBERNETES_CERT_VAR} not added!"
    echo "Inscure connection to the cluster will be used."
  fi
 else
-  echo "ERROR: Provide either of the following authentication params:"
+  echo "ERROR: kubernetes_env not provided"
  echo "[1] kubernetes_token"
  echo "[2] kubernetes_client_cert and kubernetes_client_key"
  exit 1
 fi
-if [ ! -z ${KUBERNETES_CERT} ]; then
+if [ -z ${PLUGIN_NAMESPACE} ]; then
  PLUGIN_NAMESPACE="default"
 fi
 if [[ ! -z "${KUBERNETES_CLIENT_CERT}" ]] && [[ ! -z "${KUBERNETES_CLIENT_KEY}" ]]; then
  echo "INFO: Setting client credentials with signed-certificate and key."
  echo ${KUBERNETES_CLIENT_CERT} > client.crt
  echo ${KUBERNETES_CLIENT_KEY} > client.key
  kubectl config set-credentials ${KUBERNETES_USER} --client-certificate=client.crt --client-key=client.key
 else
  echo "ERROR: Provide the following authentication params:"
  echo " - kubernetes_client_cert"
  echo " - kubernetes_client_key"
  echo "as drone secrets"
  exit 1
 fi
 if [ ! -z "${KUBERNETES_CERT}" ]; then
  echo "INFO: Using secure connection with tls-certificate."
-  echo ${KUBERNETES_CERT} | base64 -d > ca.crt
+  echo ${KUBERNETES_CERT} > ca.crt
  kubectl config set-cluster default --server=${KUBERNETES_SERVER} --certificate-authority=ca.crt
 else
  echo "WARNING: Using insecure connection to cluster"
  kubectl config set-cluster default --server=${KUBERNETES_SERVER} --insecure-skip-tls-verify=true
 fi
-kubectl config set-context default --cluster=default --user=default
+kubectl config set-context default --cluster=default --user=${KUBERNETES_USER}
 kubectl config use-context default
 # kubectl version