From 769b0acff7cbd79aab440eb1b3204124c457ac6d Mon Sep 17 00:00:00 2001 From: Connor Gorman Date: Mon, 8 Jun 2020 12:14:58 -0700 Subject: [PATCH 1/2] Add some password management support and local roxctl --- scripts/runtime/changepwd.sh | 27 +++++++++++++++++++++++++++ scripts/runtime/copypwd.sh | 3 +++ scripts/runtime/getpwd.sh | 3 +++ scripts/runtime/lroxctl.sh | 7 +++++++ 4 files changed, 40 insertions(+) create mode 100644 scripts/runtime/changepwd.sh create mode 100644 scripts/runtime/copypwd.sh create mode 100644 scripts/runtime/getpwd.sh create mode 100644 scripts/runtime/lroxctl.sh diff --git a/scripts/runtime/changepwd.sh b/scripts/runtime/changepwd.sh new file mode 100644 index 0000000..107fd8e --- /dev/null +++ b/scripts/runtime/changepwd.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash + +if [ -z "$1" ]; then + echo "Missing new password. Usage: $0 newpassword" + exit +fi +NEWPASS=`htpasswd -B -n -b admin $1 | base64` + +cat > newpass.yaml << EOF +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: central-htpasswd + namespace: stackrox + labels: + app.kubernetes.io/name: stackrox + annotations: + "helm.sh/hook": "pre-install" +data: + htpasswd: $NEWPASS +EOF + +kubectl -n stackrox delete secret central-htpasswd +kubectl create -f newpass.yaml + +echo "The new password may take time to propagate due to config map propagation times" diff --git a/scripts/runtime/copypwd.sh b/scripts/runtime/copypwd.sh new file mode 100644 index 0000000..41dfe04 --- /dev/null +++ b/scripts/runtime/copypwd.sh @@ -0,0 +1,3 @@ +#! /bin/bash + +getpwd | pbcopy diff --git a/scripts/runtime/getpwd.sh b/scripts/runtime/getpwd.sh new file mode 100644 index 0000000..945e555 --- /dev/null +++ b/scripts/runtime/getpwd.sh @@ -0,0 +1,3 @@ +#! /bin/bash + +cat "${GOPATH}/src/github.com/stackrox/rox/deploy/k8s/central-deploy/password" diff --git a/scripts/runtime/lroxctl.sh b/scripts/runtime/lroxctl.sh new file mode 100644 index 0000000..ab78cac --- /dev/null +++ b/scripts/runtime/lroxctl.sh @@ -0,0 +1,7 @@ +#! /bin/bash + +if [[ -z "${ROX_API_TOKEN}" ]]; then + roxctl --insecure-skip-tls-verify -e localhost:8000 -p $(gpp) $@ +else + roxctl --insecure-skip-tls-verify -e localhost:8000 $@ +fi From a97ac5a5abb0870bb6506939883e90fa44f9a4cb Mon Sep 17 00:00:00 2001 From: Connor Gorman Date: Mon, 8 Jun 2020 12:16:59 -0700 Subject: [PATCH 2/2] gpp -> getpwd --- scripts/runtime/lroxctl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/runtime/lroxctl.sh b/scripts/runtime/lroxctl.sh index ab78cac..67aea66 100644 --- a/scripts/runtime/lroxctl.sh +++ b/scripts/runtime/lroxctl.sh @@ -1,7 +1,7 @@ #! /bin/bash if [[ -z "${ROX_API_TOKEN}" ]]; then - roxctl --insecure-skip-tls-verify -e localhost:8000 -p $(gpp) $@ + roxctl --insecure-skip-tls-verify -e localhost:8000 -p $(getpwd) $@ else roxctl --insecure-skip-tls-verify -e localhost:8000 $@ fi