From 406f1d8ace8472a4ca32348c97bee7c66208bafb Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sun, 12 Dec 2021 16:23:41 +0200
Subject: [PATCH] Smile environment fixes.

- Don't set the default environment variable to the dev environment
  (don't set them at all).
- The default AWS profile should be smile-security, it's the one I use
  to assume roles in the other accounts.
- Set the VAULT_CAPATH to the CA files in the smile-cli gem where they
  currently are.
- Run vault login before executing commands in smile-exec. Maybe
  overkill to run it before every command, maybe I'll add an alias for
that. We'll see.
---
 Documents/bin/smile-exec  | 5 ++++-
 Repositories/Smile/.envrc | 9 +++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/Documents/bin/smile-exec b/Documents/bin/smile-exec
index 2c293a6..3abe020 100755
--- a/Documents/bin/smile-exec
+++ b/Documents/bin/smile-exec
@@ -74,6 +74,9 @@ export KUBECONFIG="$HOME/.smile/kube/$SMILE_ENV/config"
 export TILLER_NAMESPACE="applications-tiller"
 # shellcheck disable=SC2155
 export VAULT_ADDR="$(vault_addr "$SMILE_ENV")"
-export VAULT_CAPATH="$HOME/Documents/Smile/keybase/team/smile_devs/ca_certs"
+VAULT_CAPATH="$(bundle show smile-cli)/lib/vault_ca"
+export VAULT_CAPATH
 
+aws-vault exec "smile-$SMILE_ENV-admin" -- \
+        vault login -method aws -no-print role=smile-ops
 eval exec aws-vault exec "smile-$SMILE_ENV-admin" -- "$@"
diff --git a/Repositories/Smile/.envrc b/Repositories/Smile/.envrc
index b666264..b61bdd2 100644
--- a/Repositories/Smile/.envrc
+++ b/Repositories/Smile/.envrc
@@ -1,17 +1,18 @@
 source_up
 export AWS_CONFIG_FILE="$HOME/.smile/aws/config"
-export AWS_PROFILE=smile-dev-admin
+export AWS_PROFILE=smile-security
 export AWS_DEFAULT_PROFILE="$AWS_PROFILE"
 export AWS_DEFAULT_REGION=us-east-1
 export GEM_HOME="$HOME/Repositories/Smile/.gem"
 export GIT_AUTHOR_EMAIL='nimrod@smile.io'
 export GIT_AUTHOR_NAME='Nimrod Adar'
-export HELM_HOME="$HOME/.smile/helm/dev-sre"
+#export HELM_HOME="$HOME/.smile/helm/dev-sre"
 export HELM_TLS_ENABLE="true"
 export HELM_TLS_VERIFY="true"
-export KUBECONFIG="$HOME/.smile/kube/dev/config"
+#export KUBECONFIG="$HOME/.smile/kube/dev/config"
 export PATH="$GEM_HOME/bin:$PATH"
 export TILLER_NAMESPACE="applications-tiller"
 export VAULT_ADDR="https://vault.smile.aws"
-export VAULT_CAPATH="/Volumes/Keybase/team/smile_devs/ca_certs"
 bundle install --quiet
+VAULT_CAPATH="$(bundle show smile-cli)/lib/vault_ca"
+export VAULT_CAPATH
-- 
GitLab