From 021f5d8befdbf9d82e22221db333d5af1a2ceb01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gon=C3=A9ri=20Le=20Bouder?= Date: Thu, 22 Sep 2022 14:32:12 -0400 Subject: [PATCH] Revert "aws: decipher .age files on the file" This reverts the following commits: - b0f3309cf43965d982cc1eb1e916e8c3822bd451 - 43931e1d893e8635c5ba76f861d1bdb6e2893fe1 - c2393939d6fa28390d45de0a0c88ba6cd9b6b19a - f5b662b563d12d6f56270281d0ae51bd4834fd93 --- playbooks/age/pre.yaml | 38 ------------------- .../defaults/main.yaml | 1 + .../tasks/main.yaml | 10 +---- zuul.d/jobs.yaml | 5 +-- zuul.d/secrets.yaml | 18 --------- 5 files changed, 4 insertions(+), 68 deletions(-) delete mode 100644 playbooks/age/pre.yaml rename roles/{aws-deploy-artifacts => deploy-artifacts}/defaults/main.yaml (66%) rename roles/{aws-deploy-artifacts => deploy-artifacts}/tasks/main.yaml (77%) diff --git a/playbooks/age/pre.yaml b/playbooks/age/pre.yaml deleted file mode 100644 index 5d556fc..0000000 --- a/playbooks/age/pre.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -- hosts: controller - tasks: - - name: the feature is only tested on Fedora controller - when: ansible_distribution == 'Fedora' - block: - - name: Fetch and install the artifacts - import_role: - name: aws-deploy-artifacts - - name: Write the private key.txt file - copy: - content: "{{ age.key_txt }}" - dest: ~/key.txt - - name: Install age - package: - name: age - state: present - become: true - - name: Find encypted files - find: - paths: ~/.ansible/collections/ansible_collections - recurse: true - file_type: file - patterns: - - "*.tar.gz.age" - register: encrypted_files - - name: List encypted files found - debug: - var: encrypted_files.files - - name: Extract the encypted files - command: age --decrypt -i ~/key.txt -o {{ item.path|regex_replace('.age$') }} {{ item.path }} - with_items: "{{ encrypted_files.files }}" - - name: Wipe the key file - command: shred ~/key.txt - - name: Delete the key file - file: - path: ~/key.txt - state: absent diff --git a/roles/aws-deploy-artifacts/defaults/main.yaml b/roles/deploy-artifacts/defaults/main.yaml similarity index 66% rename from roles/aws-deploy-artifacts/defaults/main.yaml rename to roles/deploy-artifacts/defaults/main.yaml index 57abeb4..1704125 100644 --- a/roles/aws-deploy-artifacts/defaults/main.yaml +++ b/roles/deploy-artifacts/defaults/main.yaml @@ -2,3 +2,4 @@ deploy_artifacts_type: - ansible_collection - python_sdist +deploy_artifacts_venv_path: ~/venv diff --git a/roles/aws-deploy-artifacts/tasks/main.yaml b/roles/deploy-artifacts/tasks/main.yaml similarity index 77% rename from roles/aws-deploy-artifacts/tasks/main.yaml rename to roles/deploy-artifacts/tasks/main.yaml index d71aabd..6a812ff 100644 --- a/roles/aws-deploy-artifacts/tasks/main.yaml +++ b/roles/deploy-artifacts/tasks/main.yaml @@ -16,14 +16,8 @@ with_items: "{{ zuul.artifacts }}" when: "'metadata' in item and 'type' in item.metadata and (item.metadata.type == 'ansible_collection')" -- name: Install ansible - package: - name: ansible-core - state: present - become: true - - name: Install require-project collection using ansible-galaxy args: - chdir: ~/downloads + chdir: "{{ ansible_user_dir }}/downloads" executable: /bin/bash - shell: "ansible-galaxy collection install {{ __collections }}" + shell: "source {{ deploy_artifacts_venv_path }}/bin/activate; ansible-galaxy collection install {{ __collections }}" diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 998f100..ed728fe 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -155,12 +155,9 @@ name: ansible-core-ci-aws-session description: | Create an AWS/sts session with an ansible-core-ci key. - pre-run: - - playbooks/ansible-core-ci/pre.yaml - - playbooks/age/pre.yaml + pre-run: playbooks/ansible-core-ci/pre.yaml secrets: - ansible_core_ci - - age - job: name: release-ansible-python diff --git a/zuul.d/secrets.yaml b/zuul.d/secrets.yaml index ef78f72..c910a7b 100644 --- a/zuul.d/secrets.yaml +++ b/zuul.d/secrets.yaml @@ -3753,21 +3753,3 @@ 7HRHFBtrU+ykHynu4k597BvE3P5aMHTAHm6bJkvk4WtmVnKkigbZcVFExV4Y009R4gSEd xKsFcGxouyfAXaaLxsfXRVvadB4SNiMyLucepOmFC3m7O7WNEgMjS1NpKNg7ddmUXURfk HgVJ2m2n7fiyHwpFVQ2WraPxNdMfAaHRJ+Mm8w96UIMvgy8LjFSePCZRhUWjTE= - -#### AGE ##### -- secret: - name: age - data: - # created: 2022-09-08T13:35:22-04:00 - # public key: age1tugmwue6qmc0k9wqz0ktd7yrx274ws6xcuuj8q7t6e6499hypuxsenduws - key_txt: !encrypted/pkcs1-oaep - - UEVqMvCxHFKUEqN/VLE4PZCKGwTrdu8j3EZXkTlE4uDDOyCBId/SqLajUbkQRtp7gLBuL - TiA9kjLH5hseC3NxhEka5IbL4YyWwZCvc5VHmJQrGJwyE0vs1AV3jmVtMV56a+8iCx2rF - +M3KhapDjIfsFoVhNX0bn8Sj9hQLjM5bec5UCutjtyoG5rjHtspQ+xc/JX2NQF0zhQZfB - 1DMd2XKAX1lTmts8/xIJAQHtIzOcpgUyJLZiOwqlDvhxqbcFzFqlnIvpkqMs0mfVVN6v7 - PY5CBGHeKYksQew+eRslP+zMYoicF82a3W5H9EQ6nT6yfEltzWUgDKY2hUBXHCHbRwq09 - GPBs4fol4girkBXYcVPJIr2gVMVflk5yVClezVd5/N79PbySoIxvXJlxPyzE2BQejMQXk - Hd65ne08xES5oEYAhE43Mgf0Nac7xTTIN0DQM0JHh9eoDt1zLlk+W6FYeixTve/2Usq9i - g6zxgtcDbiaHRY8piwG4OGBFydODEniPk5GCIjlV2J9nKxKcewk9saBdCv2hR9YC8LQvj - pm+ORPVeVC1mqvDfRzyJ3+/qbP9B3mBqfYNJbqdid7xw9X+wSLdRzkGg2+4S29qjJEeTX - XyATUbYmwIpg2KIv6dhvCKNyojH0ANKXT8vQxoPWIXIS1PejKc0gUcnhOec0nQ=