From 71b84cfe81a10a92d13930e499709f7e17665be7 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Wed, 18 Mar 2020 11:42:53 -0500 Subject: [PATCH] test-1 --- vars/applyConfigPolicy.groovy | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/vars/applyConfigPolicy.groovy b/vars/applyConfigPolicy.groovy index 17c7278..748a077 100644 --- a/vars/applyConfigPolicy.groovy +++ b/vars/applyConfigPolicy.groovy @@ -18,9 +18,14 @@ def call(rw_limit, stages) { withEnv(["KRB5CCNAME=${WORKSPACE}/.krb5cc"]) { try { stageKinit() - stageRemountRW(rw_limit) - generateStages(stages) - stageRemountRO(rw_limit) + withCredentials([file( + credentialsId: 'vault-jenkins@pyrocufflink.blue', + variable: 'SUDO_PASS_FILE' + )]) { + stageRemountRW(rw_limit) + generateStages(stages) + stageRemountRO(rw_limit) + } } catch (err) { postFailure(err) } finally { @@ -41,12 +46,6 @@ def stageKinit() { )]) { sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE' } - withCredentials([file( - credentialsId: 'vault-jenkins@pyrocufflink.blue', - variable: 'SUDO_PASS_FILE' - )]) { - sh 'cp "${SUDO_PASS_FILE}" group_vars/pyrocufflink/sudo-pass' - } } } @@ -60,7 +59,8 @@ def stageRemountRW(limit) { vaultCredentialsId: 'ansible-vault', extraVars: [ remount_state: 'rw', - ] + ], + extras: '-e@"${SUDO_PASS_FILE}"' } } @@ -72,7 +72,7 @@ def generateStages(stages) { playbook: playbook, become: true, vaultCredentialsId: 'ansible-vault', - extras: '--diff' + extras: '--diff -e@"${SUDO_PASS_FILE}"' } } } @@ -85,13 +85,12 @@ def stageRemountRO(limit) { limit: limit, become: true, vaultCredentialsId: 'ansible-vault', - extras: '--diff' + extras: '--diff -e@"${SUDO_PASS_FILE}"' } } def postCleanup() { sh 'kdestroy' - sh 'find . -name sudo-pass -delete' } def postFailure(err) {