test-1

2020-03-18 11:42:53 -05:00 · 2020-03-18 11:42:53 -05:00 · 71b84cfe81
parent 744206fd03
commit 71b84cfe81
1 changed files with 12 additions and 13 deletions
--- a/vars/applyConfigPolicy.groovy
+++ b/vars/applyConfigPolicy.groovy
@ -18,9 +18,14 @@ def call(rw_limit, stages) {
                    withEnv(["KRB5CCNAME=${WORKSPACE}/.krb5cc"]) {
                        try {
                            stageKinit()
-                            stageRemountRW(rw_limit)
+                            withCredentials([file(
-                            generateStages(stages)
+                                credentialsId: 'vault-jenkins@pyrocufflink.blue',
-                            stageRemountRO(rw_limit)
+                                variable: 'SUDO_PASS_FILE'
                            )]) {
                                stageRemountRW(rw_limit)
                                generateStages(stages)
                                stageRemountRO(rw_limit)
                            }
                        } catch (err) {
                            postFailure(err)
                        } finally {
@ -41,12 +46,6 @@ def stageKinit() {
        )]) {
            sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE'
        }
        withCredentials([file(
            credentialsId: 'vault-jenkins@pyrocufflink.blue',
            variable: 'SUDO_PASS_FILE'
        )]) {
            sh 'cp "${SUDO_PASS_FILE}" group_vars/pyrocufflink/sudo-pass'
        }
    }
 }
@ -60,7 +59,8 @@ def stageRemountRW(limit) {
            vaultCredentialsId: 'ansible-vault',
            extraVars: [
                remount_state: 'rw',
-            ]
+            ],
            extras: '-e@"${SUDO_PASS_FILE}"'
    }
 }
@ -72,7 +72,7 @@ def generateStages(stages) {
                    playbook: playbook,
                    become: true,
                    vaultCredentialsId: 'ansible-vault',
-                    extras: '--diff'
+                    extras: '--diff -e@"${SUDO_PASS_FILE}"'
            }
        }
    }
@ -85,13 +85,12 @@ def stageRemountRO(limit) {
            limit: limit,
            become: true,
            vaultCredentialsId: 'ansible-vault',
-            extras: '--diff'
+            extras: '--diff -e@"${SUDO_PASS_FILE}"'
    }
 }
 def postCleanup() {
    sh 'kdestroy'
    sh 'find . -name sudo-pass -delete'
 }
 def postFailure(err) {