From afe5640383d65d18a9978fb02848f8f9334b1eb7 Mon Sep 17 00:00:00 2001
From: Siraj Yasin <sirajudeen.yasin@gmail.com>
Date: Fri, 22 Oct 2021 14:58:14 +0000
Subject: [PATCH] [AIAP] - Use SOPS_IMPORT_PGP for user specific key

* Enable user to set SOPS_IMPORT_PGP in env and consume that.

Relates-To: #654
Change-Id: Idb610980e11d228a48db8e412b0436556ac00ca5
---
 .../examples/airshipctl/secret_replacements.yaml |  5 +++++
 .../examples/base/airship-in-a-pod.yaml          |  1 +
 .../airship-in-a-pod/runner/assets/entrypoint.sh | 16 +++++++++-------
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/tools/airship-in-a-pod/examples/airshipctl/secret_replacements.yaml b/tools/airship-in-a-pod/examples/airshipctl/secret_replacements.yaml
index ee772495b..9188d54ae 100644
--- a/tools/airship-in-a-pod/examples/airshipctl/secret_replacements.yaml
+++ b/tools/airship-in-a-pod/examples/airshipctl/secret_replacements.yaml
@@ -40,3 +40,8 @@
   path: "/data/AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_SSH_PASSWORD"
   value: ""
 
+
+# The following relate to key used for encryption/decryption of secrets
+- op: replace
+  path: "/data/SOPS_IMPORT_PGP"
+  value: ""
diff --git a/tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml b/tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml
index 9cfd3dc39..525e7d3a6 100644
--- a/tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml
+++ b/tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml
@@ -24,6 +24,7 @@ data:
   AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_USERNAME: ""
   AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_HTTP_PASSWORD: ""
   AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_SSH_PASSWORD: ""
+  SOPS_IMPORT_PGP: ""
 ---
 
 apiVersion: v1
diff --git a/tools/airship-in-a-pod/runner/assets/entrypoint.sh b/tools/airship-in-a-pod/runner/assets/entrypoint.sh
index be56aa66b..4519b7f01 100755
--- a/tools/airship-in-a-pod/runner/assets/entrypoint.sh
+++ b/tools/airship-in-a-pod/runner/assets/entrypoint.sh
@@ -41,13 +41,15 @@ kustomize_download_url="https://github.com/kubernetes-sigs/kustomize/releases/do
 curl -sSL "$kustomize_download_url" | tar -C /tmp -xzf -
 install /tmp/kustomize /usr/local/bin
 
-curl -fsSL -o /sops-key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc
-SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"
-SOPS_IMPORT_PGP="$(cat /sops-key.asc)"
-export SOPS_IMPORT_PGP
-export SOPS_PGP_FP
-echo 'export SOPS_IMPORT_PGP="$(cat /sops-key.asc)"' >> ~/.bashrc
-echo "export SOPS_PGP_FP=${SOPS_PGP_FP}" >> ~/.bashrc
+SOPS_IMPORT_PGP=$( cat /opt/aiap-secret-volume/SOPS_IMPORT_PGP )
+if [ -z "${SOPS_IMPORT_PGP}"  ];then
+  # set user1 key
+  SOPS_IMPORT_PGP="$(cat ./manifests/.private-keys/exampleU1.key)"
+fi
+
+export SOPS_IMPORT_PGP=${SOPS_IMPORT_PGP}
+
+echo "export SOPS_IMPORT_PGP=${SOPS_IMPORT_PGP}" >> ~/.bashrc
 echo "export KUBECONFIG=$HOME/.airship/kubeconfig" >> ~/.bashrc
 
 install "$ARTIFACTS_DIR/airshipctl/bin/airshipctl" /usr/local/bin