disinto-admin/disinto
1
0
Fork 0
Code Issues 23 Pull requests 2 Projects Releases Packages Wiki Activity Actions

fix: [nomad-step-2] S2-fix-B — extract _hvault_default_env helper to lib/hvault.sh (prereq for other S2 fixes) (#919)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/push/nomad-validate Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/nomad-validate Pipeline was successful
Details
ci/woodpecker/pr/secret-scan Pipeline was successful
Details

Browse source
This commit is contained in:
Agent 2026-04-16 21:16:40 +00:00
parent 3e29a9a61d
commit 677f2a97e7
5 changed files with 17 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tools/vault-apply-roles.sh
View file

@ -49,6 +49,7 @@ ROLES_FILE="${REPO_ROOT}/vault/roles.yaml"
# shellcheck source=../lib/hvault.sh
source "${REPO_ROOT}/lib/hvault.sh"
_hvault_default_env
# Constants shared across every role — the issue's AC names these as the
# invariant token shape for Nomad workload identity. Bumping any of these
@ -219,9 +220,6 @@ if [ "$dry_run" = true ]; then
fi
# ── Live run: Vault connectivity check ───────────────────────────────────────
if [ -z "${VAULT_ADDR:-}" ]; then
die "VAULT_ADDR is not set — export VAULT_ADDR=http://127.0.0.1:8200"
fi
if ! hvault_token_lookup >/dev/null; then
die "Vault auth probe failed — check VAULT_ADDR + VAULT_TOKEN"
fi