Skip to content

Commit 2a8910a

Browse files
mcollins-ttdmcollins-ttd
authored
Merge pull request #1629 from IABTechLab/mkc-UID2-5242-fix-aks-enclave-id
Fix AKS enclave ID
2 parents abc4ca3 + 41d0379 commit 2a8910a

1 file changed

Lines changed: 32 additions & 6 deletions

File tree

scripts/azure-aks/deployment/generate-deployment-artifacts.sh

Lines changed: 32 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -85,11 +85,37 @@ if [[ $? -ne 0 ]]; then
8585
fi
8686

8787
base64 -di < ${INPUT_DIR}/policy.base64 > ${INPUT_DIR}/generated.rego
88-
sed -i "s#allow_environment_variable_dropping := true#allow_environment_variable_dropping := false#g" ${INPUT_DIR}/generated.rego
89-
sed -i 's#{"pattern":"DEPLOYMENT_ENVIRONMENT=DEPLOYMENT_ENVIRONMENT_PLACEHOLDER","required":false,"strategy":"string"}#{"pattern":"DEPLOYMENT_ENVIRONMENT=.+","required":false,"strategy":"re2"}#g' generated.rego
90-
sed -i 's#{"pattern":"VAULT_NAME=VAULT_NAME_PLACEHOLDER","required":false,"strategy":"string"}#{"pattern":"VAULT_NAME=.+","required":false,"strategy":"re2"}#g' generated.rego
91-
sed -i 's#{"pattern":"OPERATOR_KEY_SECRET_NAME=OPERATOR_KEY_SECRET_NAME_PLACEHOLDER","required":false,"strategy":"string"}#{"pattern":"OPERATOR_KEY_SECRET_NAME=.+","required":false,"strategy":"re2"}#g' generated.rego
88+
if [[ $? -ne 0 ]]; then
89+
echo "Failed to base64-decode policy"
90+
exit 1
91+
fi
92+
93+
sed --in-place \
94+
-e "s#allow_environment_variable_dropping := true#allow_environment_variable_dropping := false#g" \
95+
-e 's#{"pattern":"DEPLOYMENT_ENVIRONMENT=DEPLOYMENT_ENVIRONMENT_PLACEHOLDER","required":false,"strategy":"string"}#{"pattern":"DEPLOYMENT_ENVIRONMENT=.+","required":false,"strategy":"re2"}#g' \
96+
-e 's#{"pattern":"VAULT_NAME=VAULT_NAME_PLACEHOLDER","required":false,"strategy":"string"}#{"pattern":"VAULT_NAME=.+","required":false,"strategy":"re2"}#g' \
97+
-e 's#{"pattern":"OPERATOR_KEY_SECRET_NAME=OPERATOR_KEY_SECRET_NAME_PLACEHOLDER","required":false,"strategy":"string"}#{"pattern":"OPERATOR_KEY_SECRET_NAME=.+","required":false,"strategy":"re2"}#g' \
98+
${INPUT_DIR}/generated.rego
99+
if [[ $? -ne 0 ]]; then
100+
echo "Failed to replace placeholders in policy file"
101+
exit 1
102+
fi
103+
92104
base64 -w0 < ${INPUT_DIR}/generated.rego > ${INPUT_DIR}/generated.rego.base64
93-
python3 ${SCRIPT_DIR}/../azure-cc/generate.py ${INPUT_DIR}/generated.rego > ${MANIFEST_DIR}/${POLICY_DIGEST_FILE}
105+
if [[ $? -ne 0 ]]; then
106+
echo "Failed to base64-encode policy file"
107+
exit 1
108+
fi
109+
110+
python3 ${SCRIPT_DIR}/../../azure-cc/deployment/generate.py ${INPUT_DIR}/generated.rego > ${MANIFEST_DIR}/${POLICY_DIGEST_FILE}
111+
if [[ $? -ne 0 ]]; then
112+
echo "Failed to generate digest from policy file"
113+
exit 1
114+
fi
115+
116+
sed --in-place "s#CCE_POLICY_PLACEHOLDER#$(cat ${INPUT_DIR}/generated.rego.base64)#g" ${OUTPUT_DIR}/operator.yaml
117+
if [[ $? -ne 0 ]]; then
118+
echo "Failed to replace placeholder in operator.yaml"
119+
exit 1
120+
fi
94121

95-
sed -i "s#CCE_POLICY_PLACEHOLDER#$(cat ${INPUT_DIR}/generated.rego.base64)#g" ${OUTPUT_DIR}/operator.yaml

0 commit comments

Comments
 (0)