Last active
September 24, 2020 21:32
-
-
Save RothAndrew/e1c8d3e183293d3fadb6cdbf64a3475d to your computer and use it in GitHub Desktop.
Idempotently create a Personal Access Token for a user in GitLab running in Kubernetes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // WARNING: Don’t mess with gitlab-rails runner unless you REALLY know what you are doing. | |
| // It gives root-level access to EVERYTHING at the database level. | |
| // Idempotently create a Personal Access Token for a user in GitLab running in Kubernetes | |
| // USE AT YOUR OWN RISK | |
| resource "null_resource" "set_gitlab_personal_access_token" { | |
| triggers = { | |
| uuid = uuid() | |
| } | |
| provisioner "local-exec" { | |
| command = "kubectl exec -n gitlab -c task-runner $(kubectl get pod -n gitlab -l \"app=task-runner\" -o jsonpath='{.items[0].metadata.name}') -- gitlab-rails runner 'user = User.find_by_username(\"'\"$GITLAB_USER\"'\"); tokens = user.personal_access_tokens; token = tokens.find_by(name: \"'\"$TOKEN_NAME\"'\"); token = user.personal_access_tokens.create(scopes: [:api, :sudo], name: \"'\"$TOKEN_NAME\"'\") unless token.present?; token.set_token(\"'\"$TOKEN_VALUE\"'\"); token.save!'" | |
| environment = { | |
| GITLAB_USER = "root" | |
| KUBECONFIG = abspath(local_file.kubeconfig.filename) | |
| TOKEN_NAME = "terraform" | |
| TOKEN_VALUE = random_password.gitlab_root_user_personal_access_token.result | |
| } | |
| } | |
| depends_on = [ | |
| null_resource.helmfile_deployments | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment