[英]Azure Key Vault Chef Cookbook
I am a noobie with coding but am learning.我是编码新手,但正在学习。 I was hoping someone can help look at this ruby code that I found online that helps to get a secret from an Azure Key vault.
我希望有人可以帮助查看我在网上找到的这个 ruby 代码,它有助于从 Azure 密钥库中获取秘密。 I will paste it below.
我将其粘贴在下面。 I just need help clarifying what each block of code is referring to.
我只需要帮助澄清每个代码块所指的内容。
Not sure what the below code is referring to.不确定下面的代码指的是什么。 I know they are attributes but how do they work?
我知道它们是属性,但它们是如何工作的?
node.default['azurespn']['client_id'] = azurespn[node.environment]['client_id']
node.default['azurespn']['tenant_id'] = azurespn[node.environment]['tenant_id']
node.default['azurespn']['client_secret'] = azurespn[node.environment]['client_secret']
Recipe:食谱:
# retrieve the secret stored in azure key vault using this chef recipe
include_recipe 'microsoft_azure'
azurespn = data_bag_item('azurespn', 'azurespnenv')
node.default['azurespn']['client_id'] = azurespn[node.environment]['client_id']
node.default['azurespn']['tenant_id'] = azurespn[node.environment]['tenant_id']
node.default['azurespn']['client_secret'] = azurespn[node.environment]['client_secret']
spn = {
'tenant_id' => "#{node['azurespn']['tenant_id']}",
'client_id' => "#{node['azurespn']['client_id']}",
'secret' => "#{node['azurespn']['client_secret']}"
}
secret = vault_secret("#{node['windowsnode']['vault_name']}", "#{node['windowsnode']
['secret']}", spn)
file 'c:/jenkins/secret' do
action :create
content "#{secret}"
rights :full_control, 'Administrators', :one_level_deep => true
end
Chef::Log.info("secret is '#{secret}' ")
Q. Not sure what the below code is referring to.问:不确定下面的代码指的是什么。 I know they are attributes but how do they work?
我知道它们是属性,但它们是如何工作的?
As you understood, this block of code is setting some node attributes.如您所知,此代码块正在设置一些节点属性。 The value of these attributes is being read from a data bag (in the line above), ie
azurespn = data_bag_item('azurespn', 'azurespnenv')
这些属性的值是从数据包中读取的(在上面的行中),即
azurespn = data_bag_item('azurespn', 'azurespnenv')
Now azurespn
variable contains the contents of the data bag item azurespnenv
.现在
azurespn
变量包含数据包项azurespnenv
的内容。 For better understanding, try knife data bag show azurespn azurespnenv
.为了更好地理解,请尝试
knife data bag show azurespn azurespnenv
。 I created a dummy data bag structure just to illustrate.我创建了一个虚拟数据包结构只是为了说明。
dev:
client_id: win10
client_secret: topsecret
tenant_id: testtenant
qa:
client_id: ubuntu
client_secret: changeme
tenant_id: footenant
id: azurespnenv
In this data bag, we have two environments - dev
and qa
.在这个数据包中,我们有两个环境 -
dev
和qa
。
Let's take 1 line for example:让我们以 1 行为例:
node.default['azurespn']['client_id'] = azurespn[node.environment]['client_id']
So the azurespn[node.environment]['client_id']
will pick up the appropriate client_id
based on the Chef environment of that node.因此
azurespn[node.environment]['client_id']
将根据该节点的 Chef 环境选择适当的client_id
。 Which translates to:这转化为:
node.default['azurespn']['client_id'] = azurespn['dev']['client_id']
#=> 'win10'
node.default['azurespn']['client_id'] = azurespn['qa']['client_id']
#=> 'ubuntu'
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.