[7.3] move vault setup into repo so all ci logic is in the rep… (#42649)

* move vault setup into repo so all ci logic is in the repo * turns out I'm used to less strict bash... * unset VAULT_ADDR
2025-04-24 01:38:56 -04:00 · 2019-08-05 21:25:42 -07:00 · 2019-08-05 21:25:42 -07:00 · 0740aa3670
commit 0740aa3670
parent 7a021fde0b
2 changed files with 36 additions and 0 deletions
--- a/.ci/run.sh
+++ b/.ci/run.sh
@ -5,6 +5,7 @@ set -e
 # move to Kibana root
 cd "$(dirname "$0")/.."

+source src/dev/ci_setup/load_env_keys.sh
 source src/dev/ci_setup/extract_bootstrap_cache.sh
 source src/dev/ci_setup/setup.sh
 source src/dev/ci_setup/checkout_sibling_es.sh
--- a/src/dev/ci_setup/load_env_keys.sh
+++ b/src/dev/ci_setup/load_env_keys.sh
@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+
+set -e
+
+if [ -z "$VAULT_SECRET_ID" ]; then
+  echo ""
+  echo ""
+  echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~";
+  echo "    VAULT_SECRET_ID not set, not loading tokens into env";
+  echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~";
+  echo ""
+  echo ""
+else
+  # load shared helpers to get `retry` function
+  source /usr/local/bin/bash_standard_lib.sh
+
+  set +x
+
+  # export after define to avoid https://github.com/koalaman/shellcheck/wiki/SC2155
+  VAULT_TOKEN=$(retry 5 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID")
+  export VAULT_TOKEN
+
+  # Set GITHUB_TOKEN for reporting test failures
+  GITHUB_TOKEN=$(retry 5 vault read -field=github_token secret/kibana-issues/dev/kibanamachine)
+  export GITHUB_TOKEN
+
+  KIBANA_CI_REPORTER_KEY=$(retry 5 vault read -field=value secret/kibana-issues/dev/kibanamachine-reporter)
+  export KIBANA_CI_REPORTER_KEY
+
+  PERCY_TOKEN=$(retry 5 vault read -field=value secret/kibana-issues/dev/percy)
+  export PERCY_TOKEN
+
+  # remove vault related secrets
+  unset VAULT_ROLE_ID VAULT_SECRET_ID VAULT_TOKEN VAULT_ADDR
+fi