Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add some password management support and local roxctl #49

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add some password management support and local roxctl #49

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
769b0ac
Add some password management support and local roxctl
Jun 8, 2020
a97ac5a
gpp -> getpwd
Jun 8, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 27 additions & 0 deletions scripts/runtime/changepwd.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
#!/usr/bin/env bash
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you rename the file to changepw? pwd in a shell script context is print working directory


if [ -z "$1" ]; then
echo "Missing new password. Usage: $0 newpassword"
exit
fi
NEWPASS=`htpasswd -B -n -b admin $1 | base64`

cat > newpass.yaml << EOF
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: central-htpasswd
namespace: stackrox
labels:
app.kubernetes.io/name: stackrox
annotations:
"helm.sh/hook": "pre-install"
data:
htpasswd: $NEWPASS
EOF

kubectl -n stackrox delete secret central-htpasswd
kubectl create -f newpass.yaml
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why create a file? Just do kubectl create -f - <<EOF and put the contents there?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, use apply or replace?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah good points, full disclosure, this is copy pasta from the solutions repo, but I found myself using it all the time when I overwrote the password


echo "The new password may take time to propagate due to config map propagation times"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use einfo instead of echo

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given how getpwd is implemented, do you also want to overwrite the deploy/k8s/central-deploy/password file?

3 changes: 3 additions & 0 deletions scripts/runtime/copypwd.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#! /bin/bash

getpwd | pbcopy
3 changes: 3 additions & 0 deletions scripts/runtime/getpwd.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#! /bin/bash
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In ./lib/rox_password.sh, we have a function for this already, which does this but also respects a ROX_PASSWORD env, so probably want to use that.

Also, we probably want to rename this to roxpwd or something, so that it's more more what the command refers to


cat "${GOPATH}/src/github.com/stackrox/rox/deploy/k8s/central-deploy/password"
7 changes: 7 additions & 0 deletions scripts/runtime/lroxctl.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
#! /bin/bash

if [[ -z "${ROX_API_TOKEN}" ]]; then
roxctl --insecure-skip-tls-verify -e localhost:8000 -p $(getpwd) $@
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

always quote variable expansions unless you want shell tokenization

else
roxctl --insecure-skip-tls-verify -e localhost:8000 $@
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also, maybe do

extra_args=()
if [[ -z "${ROX_API_TOKEN}" ]]; then
  extra_args+=(-p "$(getpwd)")
fi
roxctl ... "${extra_args[@]}" "$@"

fi