@@ -148,12 +148,12 @@ get_playbook_name() {
148148}
149149
150150" " "
151- Check MSI permissions for accessing a Key Vault.
151+ Retrieve a secret from Azure Key Vault.
152152
153153:param key_vault_id: The ID of the Key Vault.
154- :return: None. Exits with a non-zero status if permissions are insufficient .
154+ :return: None. Exits with a non-zero status if retrieval fails .
155155" " "
156- check_msi_permissions () {
156+ retrieve_secret_from_key_vault () {
157157 local key_vault_id=$1
158158 local required_permission=" Get"
159159
@@ -207,6 +207,10 @@ check_msi_permissions() {
207207
208208 log " INFO" " Successfully retrieved secret from Key Vault."
209209 temp_file=$( mktemp --suffix=.ppk)
210+
211+ # Check if the temporary file already exists
212+ check_file_exists " $temp_file " " Temporary file already exists: $temp_file "
213+
210214 echo " $secret_value " > " $temp_file "
211215 log " INFO" " Temporary SSH key file created: $temp_file "
212216}
@@ -235,45 +239,59 @@ run_ansible_playbook() {
235239
236240 # Extract key_vault_id from sap-parameters.yaml
237241 key_vault_id=$( grep " ^key_vault_id:" " $system_params " | awk ' {split($0,a,": "); print a[2]}' | xargs)
242+
238243 if [[ -z " $key_vault_id " ; then
239- log " ERROR" " Error: key_vault_id is not defined in $system_params ."
240- exit 1
241- fi
242- log " INFO" " Extracted key_vault_id: $key_vault_id "
243-
244- # Extract Key Vault details and check MSI permissions
245- check_msi_permissions " $key_vault_id "
246- if [[ -n " $key_vault_name " && -n " $secret_name " ; then
247- log " INFO" " Using Key Vault for SSH key retrieval."
248- log " INFO" " Temporary SSH key file: $temp_file "
249- command=" ansible-playbook ${cmd_dir} /../src/$playbook_name .yml -i $system_hosts --private-key $temp_file \
250- -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder '"
251- else
252244 local ssh_key=" ${cmd_dir} /../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME /ssh_key.ppk"
253- log " INFO" " Using local SSH key: $ssh_key ."
254- command=" ansible-playbook ${cmd_dir} /../src/$playbook_name .yml -i $system_hosts --private-key $ssh_key \
255- -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder '"
245+ if [[ -f " $ssh_key " ; then
246+ log " INFO" " key_vault_id is not provided, but local SSH key is present: $ssh_key ."
247+ command=" ansible-playbook ${cmd_dir} /../src/$playbook_name .yml -i $system_hosts --private-key $ssh_key \
248+ -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder '"
249+ else
250+ log " ERROR" " Error: key_vault_id is not defined in $system_params , and no local SSH key is present."
251+ exit 1
252+ fi
253+ else
254+ log " INFO" " Extracted key_vault_id: $key_vault_id "
255+
256+ # Extract Key Vault details and retrieve secret
257+ retrieve_secret_from_key_vault " $key_vault_id "
258+ if [[ -z " $secret_value " ; then
259+ local ssh_key=" ${cmd_dir} /../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME /ssh_key.ppk"
260+ if [[ -f " $ssh_key " ; then
261+ log " INFO" " Secret value is not retrieved, but local SSH key is present: $ssh_key ."
262+ command=" ansible-playbook ${cmd_dir} /../src/$playbook_name .yml -i $system_hosts --private-key $ssh_key \
263+ -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder '"
264+ else
265+ log " ERROR" " Error: Secret value is not retrieved, and no local SSH key is present."
266+ exit 1
267+ fi
268+ else
269+ log " INFO" " Using Key Vault for SSH key retrieval."
270+ log " INFO" " Temporary SSH key file: $temp_file "
271+ command=" ansible-playbook ${cmd_dir} /../src/$playbook_name .yml -i $system_hosts --private-key $temp_file \
272+ -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder '"
273+ fi
256274 fi
257275 elif [[ " $auth_type " == " VMPASSWORD" ; then
258- if [[ -n " $key_vault_name " && -n " $secret_name " ; then
259- log " INFO" " Using Key Vault for password retrieval."
260- secret_value=$( az keyvault secret show --vault-name " $key_vault_name " " $secret_name " " value" )
261- if [[ -z " $secret_value " ; then
262- log " ERROR" " Failed to retrieve secret '$secret_name ' from Key Vault '$key_vault_name '."
276+ if [[ -z " $secret_value " ; then
277+ local password_file=" ${cmd_dir} /../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME /password"
278+ if [[ -f " $password_file " ; then
279+ log " INFO" " Secret value is not retrieved, but local password file is present: $password_file ."
280+ command=" ansible-playbook ${cmd_dir} /../src/$playbook_name .yml -i $system_hosts \
281+ --extra-vars \" ansible_ssh_pass=$( cat $password_file ) \" --extra-vars @$VARS_FILE -e @$system_params \
282+ -e '_workspace_directory=$system_config_folder '"
283+ else
284+ log " ERROR" " Error: Secret value is not retrieved, and no local password file is present."
263285 exit 1
264286 fi
287+ else
288+ log " INFO" " Using Key Vault for password retrieval."
265289 temp_file=$( mktemp --suffix=.password)
266290 echo " $secret_value " > " $temp_file "
267291 log " INFO" " Temporary password file created: $temp_file "
268292 command=" ansible-playbook ${cmd_dir} /../src/$playbook_name .yml -i $system_hosts \
269293 --extra-vars \" ansible_ssh_pass=$( cat $temp_file ) \" --extra-vars @$VARS_FILE -e @$system_params \
270294 -e '_workspace_directory=$system_config_folder '"
271- else
272- local password_file=" ${cmd_dir} /../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME /password"
273- log " INFO" " Using local password file: $password_file ."
274- command=" ansible-playbook ${cmd_dir} /../src/$playbook_name .yml -i $system_hosts \
275- --extra-vars \" ansible_ssh_pass=$( cat $password_file ) \" --extra-vars @$VARS_FILE -e @$system_params \
276- -e '_workspace_directory=$system_config_folder '"
277295 fi
278296 else
279297 log " ERROR" " Unknown authentication type: $auth_type "
0 commit comments