0.27.4: embed secret fetching script explicitly to configmap

kamu-data · Jul 1, 2024 · e6f23a7 · e6f23a7
1 parent f8f58d5
commit e6f23a7
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 22 deletions.
diff --git a/charts/kamu-api-server/Chart.yaml b/charts/kamu-api-server/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: kamu-api-server
 description: API server component of the Kamu Compute Node
 type: application
-version: 0.27.3
+version: 0.27.4
 appVersion: "0.27.1"
 home: https://kamu.dev
 icon: https://www.kamu.dev/images/kamu_logo_icon_bg_square.png

diff --git a/charts/kamu-api-server/fetch_db_secret.sh b/charts/kamu-api-server/fetch_db_secret.sh
diff --git a/charts/kamu-api-server/templates/configmap.yaml b/charts/kamu-api-server/templates/configmap.yaml
@@ -7,4 +7,23 @@ metadata:
 data:
   {{- include "kamu-api-server.config.yaml" . | nindent 2 }}
   fetch-db-secret.sh: |
-    {{ .Files.Get "fetch_db_secret.sh" | nindent 4}}
+    #!/bin/bash
+
+    if [ $# -ne 5 ]; then
+      echo "Usage: $0 <secret-name> <region> <db-host> <db-port> <db-name>"
+      exit 1
+    fi
+
+    SECRET_NAME="$1"
+    REGION="$2"
+    DB_HOST="$3"
+    DB_PORT="$4"
+    DB_NAME="$5"
+
+    SECRET_STRING=$(aws secretsmanager get-secret-value --secret-id $SECRET_NAME --region $REGION --query SecretString --output text)
+    USERNAME=$(echo $SECRET_STRING | jq -r .username)
+    PASSWORD=$(echo $SECRET_STRING | jq -r .password)
+
+    export DB_CONNECTION_STRING="postgresql://${USERNAME}:${PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}"
+
+    exec "$@"