| Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 1 | #!/bin/bash |
| 2 | |
| 3 | {{/* |
| 4 | Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | you may not use this file except in compliance with the License. |
| 6 | You may obtain a copy of the License at |
| 7 | |
| 8 | http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | |
| 10 | Unless required by applicable law or agreed to in writing, software |
| 11 | distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | See the License for the specific language governing permissions and |
| 14 | limitations under the License. |
| 15 | */}} |
| 16 | |
| 17 | set -ex |
| 18 | |
| 19 | barbican-db-manage upgrade |
| 20 | |
| 21 | {{- $kek := (index (index .Values.conf.barbican "simple_crypto_plugin" | default dict) "kek") | default "" }} |
| 22 | {{- $old_kek := index .Values.conf.simple_crypto_kek_rewrap "old_kek" | default ""}} |
| 23 | {{- if and (not (empty $old_kek)) (not (empty $kek)) }} |
| 24 | set +x |
| 25 | echo "Ensuring that project KEKs are wrapped with the target global KEK" |
| 26 | /tmp/simple_crypto_kek_rewrap.py --old-kek="$(cat /tmp/old_kek)" |
| 27 | {{- end }} |