diff --git a/.buildkite/scripts/common/vault_fns.sh b/.buildkite/scripts/common/vault_fns.sh index a7b92a4b05d6d..022a22541d6bf 100644 --- a/.buildkite/scripts/common/vault_fns.sh +++ b/.buildkite/scripts/common/vault_fns.sh @@ -65,3 +65,23 @@ vault_kv_set() { vault kv put "$VAULT_KV_PREFIX/$kv_path" "${fields[@]}" } + +function get_vault_role_id() { + if [[ "$IS_LEGACY_VAULT_ADDR" == "true" ]]; then + VAULT_ROLE_ID="$(retry 5 15 gcloud secrets versions access latest --secret=kibana-buildkite-vault-role-id)" + else + VAULT_ROLE_ID="$(vault_get kibana-buildkite-vault-credentials role-id)" + fi + + echo "$VAULT_ROLE_ID" +} + +function get_vault_secret_id() { + if [[ "$IS_LEGACY_VAULT_ADDR" == "true" ]]; then + VAULT_SECRET_ID="$(retry 5 15 gcloud secrets versions access latest --secret=kibana-buildkite-vault-secret-id)" + else + VAULT_SECRET_ID="$(vault_get kibana-buildkite-vault-credentials secret-id)" + fi + + echo "$VAULT_SECRET_ID" +} diff --git a/.buildkite/scripts/steps/artifacts/publish.sh b/.buildkite/scripts/steps/artifacts/publish.sh index 8aba9e941e3c0..40ea04fc33fea 100644 --- a/.buildkite/scripts/steps/artifacts/publish.sh +++ b/.buildkite/scripts/steps/artifacts/publish.sh @@ -53,8 +53,8 @@ docker pull docker.elastic.co/infra/release-manager:latest echo "--- Publish artifacts" if [[ "$BUILDKITE_BRANCH" == "$KIBANA_BASE_BRANCH" ]]; then - export VAULT_ROLE_ID="$(retry 5 15 gcloud secrets versions access latest --secret=kibana-buildkite-vault-role-id)" - export VAULT_SECRET_ID="$(retry 5 15 gcloud secrets versions access latest --secret=kibana-buildkite-vault-secret-id)" + export VAULT_ROLE_ID="$(get_vault_role_id)" + export VAULT_SECRET_ID="$(get_vault_secret_id)" export VAULT_ADDR="https://secrets.elastic.co:8200" download_artifact beats_manifest.json /tmp --build "${KIBANA_BUILD_ID:-$BUILDKITE_BUILD_ID}" diff --git a/.buildkite/scripts/steps/cloud/build_and_deploy.sh b/.buildkite/scripts/steps/cloud/build_and_deploy.sh index 8b269e2438977..7e7c91f717c84 100755 --- a/.buildkite/scripts/steps/cloud/build_and_deploy.sh +++ b/.buildkite/scripts/steps/cloud/build_and_deploy.sh @@ -80,13 +80,13 @@ if [ -z "${CLOUD_DEPLOYMENT_ID}" ] || [ "${CLOUD_DEPLOYMENT_ID}" = 'null' ]; the CLOUD_DEPLOYMENT_STATUS_MESSAGES=$(jq --slurp '[.[]|select(.resources == null)]' "$ECCTL_LOGS") echo "Writing to vault..." - VAULT_ROLE_ID="$(retry 5 15 gcloud secrets versions access latest --secret=kibana-buildkite-vault-role-id)" - VAULT_SECRET_ID="$(retry 5 15 gcloud secrets versions access latest --secret=kibana-buildkite-vault-secret-id)" - VAULT_TOKEN=$(retry 5 30 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") - retry 5 30 vault login -no-print "$VAULT_TOKEN" # TODO: remove after https://github.com/elastic/kibana-operations/issues/15 is done if [[ "$IS_LEGACY_VAULT_ADDR" == "true" ]]; then + VAULT_ROLE_ID="$(get_vault_role_id)" + VAULT_SECRET_ID="$(get_vault_secret_id)" + VAULT_TOKEN=$(retry 5 30 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") + retry 5 30 vault login -no-print "$VAULT_TOKEN" vault_set "cloud-deploy/$CLOUD_DEPLOYMENT_NAME" username="$CLOUD_DEPLOYMENT_USERNAME" password="$CLOUD_DEPLOYMENT_PASSWORD" else vault_kv_set "cloud-deploy/$CLOUD_DEPLOYMENT_NAME" username="$CLOUD_DEPLOYMENT_USERNAME" password="$CLOUD_DEPLOYMENT_PASSWORD" @@ -122,9 +122,6 @@ else ecctl deployment update "$CLOUD_DEPLOYMENT_ID" --track --output json --file /tmp/deploy.json > "$ECCTL_LOGS" fi -CLOUD_DEPLOYMENT_KIBANA_URL=$(ecctl deployment show "$CLOUD_DEPLOYMENT_ID" | jq -r '.resources.kibana[0].info.metadata.aliased_url') -CLOUD_DEPLOYMENT_ELASTICSEARCH_URL=$(ecctl deployment show "$CLOUD_DEPLOYMENT_ID" | jq -r '.resources.elasticsearch[0].info.metadata.aliased_url') - # TODO: remove after https://github.com/elastic/kibana-operations/issues/15 is done if [[ "$IS_LEGACY_VAULT_ADDR" == "true" ]]; then VAULT_READ_COMMAND="vault read $VAULT_PATH_PREFIX/cloud-deploy/$CLOUD_DEPLOYMENT_NAME" @@ -132,6 +129,9 @@ else VAULT_READ_COMMAND="vault kv get $VAULT_KV_PREFIX/cloud-deploy/$CLOUD_DEPLOYMENT_NAME" fi +CLOUD_DEPLOYMENT_KIBANA_URL=$(ecctl deployment show "$CLOUD_DEPLOYMENT_ID" | jq -r '.resources.kibana[0].info.metadata.aliased_url') +CLOUD_DEPLOYMENT_ELASTICSEARCH_URL=$(ecctl deployment show "$CLOUD_DEPLOYMENT_ID" | jq -r '.resources.elasticsearch[0].info.metadata.aliased_url') + cat << EOF | buildkite-agent annotate --style "info" --context cloud ### Cloud Deployment diff --git a/.buildkite/scripts/steps/serverless/deploy.sh b/.buildkite/scripts/steps/serverless/deploy.sh index 11191e803509c..ad9c661540ffb 100644 --- a/.buildkite/scripts/steps/serverless/deploy.sh +++ b/.buildkite/scripts/steps/serverless/deploy.sh @@ -89,13 +89,13 @@ deploy() { PROJECT_PASSWORD=$(jq -r --slurp '.[2].password' $DEPLOY_LOGS) echo "Write to vault..." - VAULT_ROLE_ID="$(retry 5 15 gcloud secrets versions access latest --secret=kibana-buildkite-vault-role-id)" - VAULT_SECRET_ID="$(retry 5 15 gcloud secrets versions access latest --secret=kibana-buildkite-vault-secret-id)" - VAULT_TOKEN=$(retry 5 30 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") - retry 5 30 vault login -no-print "$VAULT_TOKEN" # TODO: remove after https://github.com/elastic/kibana-operations/issues/15 is done if [[ "$IS_LEGACY_VAULT_ADDR" == "true" ]]; then + VAULT_ROLE_ID="$(get_vault_role_id)" + VAULT_SECRET_ID="$(get_vault_secret_id)" + VAULT_TOKEN=$(retry 5 30 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") + retry 5 30 vault login -no-print "$VAULT_TOKEN" vault_set "cloud-deploy/$VAULT_KEY_NAME" username="$PROJECT_USERNAME" password="$PROJECT_PASSWORD" id="$PROJECT_ID" else vault_kv_set "cloud-deploy/$VAULT_KEY_NAME" username="$PROJECT_USERNAME" password="$PROJECT_PASSWORD" id="$PROJECT_ID" @@ -142,7 +142,7 @@ create_github_issue_oblt_test_environments() { echo "--- Create GitHub issue for deploying in the oblt test env" -GITHUB_ISSUE=$(mktemp --suffix ".md") +GITHUB_ISSUE=$(mktemp --suffix ".md") cat < "$GITHUB_ISSUE" ### Kibana image