From a9beb783e7e4c967cb36245f60e9cbac5bf4640f Mon Sep 17 00:00:00 2001 From: Stewart Miles Date: Fri, 18 Mar 2022 16:58:57 -0700 Subject: [PATCH] Centralize and fix random identifier generation. In some subshells `cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 20 | head -n 1` can hang with the pipe being closed by `head` leaving `fold` attempting to write into a pipe which blocks indefinitely. This removes the buffering fold performs by changing the pipeline to read a byte at a time and stop when the number of required random characters is satisfied. Fixes #245 --- scripts/install/setup_properties.sh | 6 +++--- scripts/manage/add_gke_account.sh | 6 +++++- scripts/manage/service_utils.sh | 16 +++++++++++++++- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/scripts/install/setup_properties.sh b/scripts/install/setup_properties.sh index e169492..9e09c28 100755 --- a/scripts/install/setup_properties.sh +++ b/scripts/install/setup_properties.sh @@ -168,15 +168,15 @@ export SERVICE_ACCOUNT_NAME="${SERVICE_ACCOUNT_NAME:-"\$DEPLOYMENT_NAME-acc-$(da export REDIS_INSTANCE=\$DEPLOYMENT_NAME # If bucket does not exist, it will be created. -export BUCKET_NAME="\$DEPLOYMENT_NAME-$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 20 | head -n 1)-$(date +"%s")" +export BUCKET_NAME="\$DEPLOYMENT_NAME-$(random_identifier 20)-$(date +"%s")" export BUCKET_URI="gs://\$BUCKET_NAME" # If CSR repo does not exist, it will be created. export CONFIG_CSR_REPO=\$DEPLOYMENT_NAME-config # Used to authenticate calls to the audit log Cloud Function. -export AUDIT_LOG_UNAME="$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 20 | head -n 1)-$(date +"%s")" -export AUDIT_LOG_PW="$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 20 | head -n 1)-$(date +"%s")" +export AUDIT_LOG_UNAME="$(random_identifier 20)-$(date +"%s")" +export AUDIT_LOG_PW="$(random_identifier 20)-$(date +"%s")" export CLOUD_FUNCTION_NAME="\${DEPLOYMENT_NAME//-}AuditLog" diff --git a/scripts/manage/add_gke_account.sh b/scripts/manage/add_gke_account.sh index 00756e0..0673fdb 100755 --- a/scripts/manage/add_gke_account.sh +++ b/scripts/manage/add_gke_account.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +readonly THIS_DIRECTORY=$(cd $(dirname "${0}") && pwd) + +source "${THIS_DIRECTORY}/service_utils.sh" + bold() { echo ". $(tput bold)" "$*" "$(tput sgr0)"; } @@ -64,7 +68,7 @@ for r in "${GKE_REQUIRED_ROLES[@]}"; do done mkdir -p ~/.hal/default/credentials -KUBECONFIG_FILENAME="kubeconfig-$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 9 | head -n 1)" +KUBECONFIG_FILENAME="kubeconfig-$(random_identifier 9)" bold "Copying ~/.kube/config into ~/.hal/default/credentials/$KUBECONFIG_FILENAME so it can be pushed to your halyard daemon's pod..." diff --git a/scripts/manage/service_utils.sh b/scripts/manage/service_utils.sh index b90aeb2..c13f7ef 100644 --- a/scripts/manage/service_utils.sh +++ b/scripts/manage/service_utils.sh @@ -49,4 +49,18 @@ check_for_shared_vpc() { bold "Automated setup of Spinnaker for GCP with a Shared VPC host project is currently unsupported. To proceed, continue the setup in Cloud Shell." exit 1 fi -} \ No newline at end of file +} + +# Generate random alpha-numeric characters in the set [0-9a-z]. +# +# $1: Number of characters to generate. +random_identifier() { + local size=$((${1})) + if [[ $((size)) -le 0 ]]; then + echo "Invalid identifier size (${size})." >&2 + return 1 + fi + cat /dev/urandom 2>/dev/null | \ + tr -dc 'a-z0-9' 2>/dev/null | \ + head -c $((size)) +}