Azure Key Vault Chef Cookbook
[英]Azure Key Vault Chef Cookbook
问题描述
I am a noobie with coding but am learning.
我是编码新手,但正在学习。 I was hoping someone can help look at this ruby code that I found online that helps to get a secret from an Azure Key vault.我希望有人可以帮助查看我在网上找到的这个 ruby 代码,它有助于从 Azure 密钥库中获取秘密。 I will paste it below.我将其粘贴在下面。 I just need help clarifying what each block of code is referring to.我只需要帮助澄清每个代码块所指的内容。
Not sure what the below code is referring to.不确定下面的代码指的是什么。 I know they are attributes but how do they work?我知道它们是属性,但它们是如何工作的?
node.default['azurespn']['client_id'] = azurespn[node.environment]['client_id']
node.default['azurespn']['tenant_id'] = azurespn[node.environment]['tenant_id']
node.default['azurespn']['client_secret'] = azurespn[node.environment]['client_secret']
Recipe:食谱:
# retrieve the secret stored in azure key vault using this chef recipe
include_recipe 'microsoft_azure'
azurespn = data_bag_item('azurespn', 'azurespnenv')
node.default['azurespn']['client_id'] = azurespn[node.environment]['client_id']
node.default['azurespn']['tenant_id'] = azurespn[node.environment]['tenant_id']
node.default['azurespn']['client_secret'] = azurespn[node.environment]['client_secret']
spn = {
'tenant_id' => "#{node['azurespn']['tenant_id']}",
'client_id' => "#{node['azurespn']['client_id']}",
'secret' => "#{node['azurespn']['client_secret']}"
}
secret = vault_secret("#{node['windowsnode']['vault_name']}", "#{node['windowsnode']
['secret']}", spn)
file 'c:/jenkins/secret' do
action :create
content "#{secret}"
rights :full_control, 'Administrators', :one_level_deep => true
end
Chef::Log.info("secret is '#{secret}' ")
1 个解决方案
解决方案1
0 已采纳 2021-08-26 05:33:08
Q. Not sure what the below code is referring to.问:不确定下面的代码指的是什么。 I know they are attributes but how do they work?我知道它们是属性,但它们是如何工作的?
As you understood, this block of code is setting some node attributes.如您所知,此代码块正在设置一些节点属性。 The value of these attributes is being read from a data bag (in the line above), ie azurespn = data_bag_item('azurespn', 'azurespnenv')这些属性的值是从数据包中读取的(在上面的行中),即azurespn = data_bag_item('azurespn', 'azurespnenv')
Now azurespn variable contains the contents of the data bag item azurespnenv .现在azurespn变量包含数据包项azurespnenv的内容。 For better understanding, try knife data bag show azurespn azurespnenv .为了更好地理解,请尝试knife data bag show azurespn azurespnenv 。 I created a dummy data bag structure just to illustrate.我创建了一个虚拟数据包结构只是为了说明。
dev:
client_id: win10
client_secret: topsecret
tenant_id: testtenant
qa:
client_id: ubuntu
client_secret: changeme
tenant_id: footenant
id: azurespnenv
In this data bag, we have two environments - dev and qa .在这个数据包中,我们有两个环境 - dev和qa 。
Let's take 1 line for example:让我们以 1 行为例:
node.default['azurespn']['client_id'] = azurespn[node.environment]['client_id']
So the azurespn[node.environment]['client_id'] will pick up the appropriate client_id based on the Chef environment of that node.因此azurespn[node.environment]['client_id']将根据该节点的 Chef 环境选择适当的client_id 。 Which translates to:这转化为:
node.default['azurespn']['client_id'] = azurespn['dev']['client_id']
#=> 'win10'
node.default['azurespn']['client_id'] = azurespn['qa']['client_id']
#=> 'ubuntu'
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.