keycloak: make metis ssh db key optional during migration

2026-04-07 04:40:56 -03:00 · 2026-04-07 04:40:56 -03:00 · 9a07aa9be9
commit 9a07aa9be9
parent a4631dee81
1 changed files with 2 additions and 2 deletions
--- a/services/keycloak/oneoffs/metis-ssh-keys-secret-ensure-job.yaml
+++ b/services/keycloak/oneoffs/metis-ssh-keys-secret-ensure-job.yaml
@ -68,7 +68,7 @@ spec:
                brad_existing="$(jq -r '.data.data.brad_pub // empty' /tmp/metis-ssh-read.json)"
                ananke_tethys_existing="$(jq -r '.data.data.ananke_tethys_pub // .data.data.hecate_tethys_pub // empty' /tmp/metis-ssh-read.json)"
                ananke_db_existing="$(jq -r '.data.data.ananke_db_pub // .data.data.hecate_db_pub // empty' /tmp/metis-ssh-read.json)"
-                if [ -n "${bastion_existing}" ] && [ -n "${brad_existing}" ] && [ -n "${ananke_tethys_existing}" ] && [ -n "${ananke_db_existing}" ]; then
+                if [ -n "${bastion_existing}" ] && [ -n "${brad_existing}" ] && [ -n "${ananke_tethys_existing}" ]; then
                  echo "Vault metis-ssh-keys already present"
                  exit 0
                fi
@ -102,7 +102,7 @@ spec:
                ananke_db_pub="${ananke_db_existing}"
              fi

-              if [ -z "${bastion_pub}" ] || [ -z "${brad_pub}" ] || [ -z "${ananke_tethys_pub}" ] || [ -z "${ananke_db_pub}" ]; then
+              if [ -z "${bastion_pub}" ] || [ -z "${brad_pub}" ] || [ -z "${ananke_tethys_pub}" ]; then
                echo "Cannot seed Vault metis-ssh-keys: maintenance/metis-ssh-keys missing required keys" >&2
                exit 1
              fi