bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sso: validate mas encryption length

Browse Source
This commit is contained in:
Brad Stein 2026-01-08 03:43:06 -03:00
parent f8d172c5a2
commit 8d1284412f
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
services/keycloak/mas-secrets-ensure-job.yaml
View File

@ -8,7 +8,7 @@ metadata:
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: mas-secrets-ensure-10 name: mas-secrets-ensure-11
namespace: sso namespace: sso
spec: spec:
backoffLimit: 0 backoffLimit: 0
@ -92,7 +92,8 @@ spec:
current="" current=""
if kubectl -n comms get secret mas-secrets-runtime >/dev/null 2>&1; then if kubectl -n comms get secret mas-secrets-runtime >/dev/null 2>&1; then
current="$(kubectl -n comms get secret mas-secrets-runtime -o jsonpath='{.data.encryption}' | base64 -d 2>/dev/null || true)" current="$(kubectl -n comms get secret mas-secrets-runtime -o jsonpath='{.data.encryption}' | base64 -d 2>/dev/null || true)"
if printf '%s' "${current}" | grep -Eq '^[0-9a-fA-F]{64}$'; then current_len="$(printf '%s' "${current}" | wc -c | tr -d ' ')"
if [ "${current_len}" = "64" ] && printf '%s' "${current}" | grep -Eq '^[0-9a-fA-F]{64}$'; then
exit 0 exit 0
fi fi
fi fi