While investigating a failure during another code review[0] I noticed
that we were using key/value pairs when when executing `vault write`.
That was a problem because we ran into a situtation where the password
started with an `@`, which `vault write` infers to be a localtion on
disk[1].
This change updates static-roles.sh fixes that issue as writes are
always written as JSON instead of key/value pairs.
As I was there I choose to improve the script in several ways:
- All Vault command executions now capture both STDOUT and STDERR.
When commands fail, the captured output is included in error.
- Function-local variables are now properly scoped with the `local`
- Some comment changes for clarity (obviously subjective for me)
[0]: https://github.com/hashicorp/vault-enterprise/actions/runs/22748142932/job/65978391382?pr=12001#step:17:159
[1]: https://developer.hashicorp.com/vault/docs/commands/write
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
21ac80276f