bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sso: recheck mas encryption bytes

Browse Source
This commit is contained in:
Brad Stein 2026-01-08 03:44:54 -03:00
parent 8d1284412f
commit d3c3db612d
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
services/keycloak/mas-secrets-ensure-job.yaml
View File

@ -8,7 +8,7 @@ metadata:
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: mas-secrets-ensure-11 name: mas-secrets-ensure-12
namespace: sso namespace: sso
spec: spec:
backoffLimit: 0 backoffLimit: 0
@ -89,11 +89,10 @@ spec:
args: args:
- | - |
set -euo pipefail set -euo pipefail
current=""
if kubectl -n comms get secret mas-secrets-runtime >/dev/null 2>&1; then if kubectl -n comms get secret mas-secrets-runtime >/dev/null 2>&1; then
current="$(kubectl -n comms get secret mas-secrets-runtime -o jsonpath='{.data.encryption}' | base64 -d 2>/dev/null || true)" kubectl -n comms get secret mas-secrets-runtime -o jsonpath='{.data.encryption}' | base64 -d 2>/dev/null > /tmp/encryption.current || true
current_len="$(printf '%s' "${current}" | wc -c | tr -d ' ')" current_len="$(wc -c < /tmp/encryption.current | tr -d ' ')"
if [ "${current_len}" = "64" ] && printf '%s' "${current}" | grep -Eq '^[0-9a-fA-F]{64}$'; then if [ "${current_len}" = "64" ] && grep -Eq '^[0-9a-fA-F]{64}$' /tmp/encryption.current; then
exit 0 exit 0
fi fi
fi fi