38 lines
959 B
Bash
38 lines
959 B
Bash
|
#!/bin/bash -e
|
||
|
|
set -o pipefail
|
||
|
|
|
||
|
|
function get_token() {
|
||
|
|
kubectl exec statefulset/app -- gitea admin user generate-access-token \
|
||
|
|
--username "$name" \
|
||
|
|
--token-name "${name^^}" \
|
||
|
|
--scopes "$scopes" \
|
||
|
|
| awk '{print $NF}'
|
||
|
|
}
|
||
|
|
|
||
|
|
name="$1"
|
||
|
|
scopes="$2"
|
||
|
|
email="$name@$BASE_URL"
|
||
|
|
secret="gitea-$name"
|
||
|
|
passwd="$(kgseckey "$secret" password || true)"
|
||
|
|
|
||
|
|
if [ -z "$passwd" ]; then
|
||
|
|
passwd="$(openssl rand -hex 32)"
|
||
|
|
kubectl exec statefulset/app -- \
|
||
|
|
gitea admin user create --admin --must-change-password=false \
|
||
|
|
--email "$email" \
|
||
|
|
--username "$name" \
|
||
|
|
--password "$passwd"
|
||
|
|
fi
|
||
|
|
|
||
|
|
opts=()
|
||
|
|
[ -n "$scopes" ] && opts+=(
|
||
|
|
--from-literal=token="$(kgseckey "$secret" token || get_token)"
|
||
|
|
--from-literal=tokenscopes="$scopes"
|
||
|
|
)
|
||
|
|
|
||
|
|
kcreatesec "$secret" \
|
||
|
|
--from-literal=email="$email" \
|
||
|
|
--from-literal=username="$name" \
|
||
|
|
--from-literal=password="$passwd" \
|
||
|
|
"${opts[@]}"
|