Merge pull request 'Make secret generation more robust' (#73) from simplify-secret-logic into main
Reviewed-on: coop-cloud/abra#73
This commit is contained in:
decentral1se
commit
d4e52a9de3
@ -16,6 +16,7 @@
|
|||||||
- Use Docker-in-Docker (dind), and `dind-bats-kcov` Docker image, for `make test` ([1600b6277fbbffc4c6de1e4ba799c7bbe72ec6a0](https://git.autonomic.zone/coop-cloud/abra/commit/1600b6277fbbffc4c6de1e4ba799c7bbe72ec6a0))
|
- Use Docker-in-Docker (dind), and `dind-bats-kcov` Docker image, for `make test` ([1600b6277fbbffc4c6de1e4ba799c7bbe72ec6a0](https://git.autonomic.zone/coop-cloud/abra/commit/1600b6277fbbffc4c6de1e4ba799c7bbe72ec6a0))
|
||||||
- Add built-in documentation using `abra help <subcommand>...`, see [#50](https://git.autonomic.zone/coop-cloud/abra/issues/50)
|
- Add built-in documentation using `abra help <subcommand>...`, see [#50](https://git.autonomic.zone/coop-cloud/abra/issues/50)
|
||||||
- `version` subcommand [e6b24fe](https://git.autonomic.zone/coop-cloud/abra/commit/e6b24fe)
|
- `version` subcommand [e6b24fe](https://git.autonomic.zone/coop-cloud/abra/commit/e6b24fe)
|
||||||
|
- Use `# length=x` comments to generate passwords with `pwgen` and drop `KEY`/`PASSWORD` logic ([#68](https://git.autonomic.zone/coop-cloud/abra/issues/68))
|
||||||
|
|
||||||
# abra 0.4.1 (2020-12-24)
|
# abra 0.4.1 (2020-12-24)
|
||||||
|
|
||||||
|
|||||||
32
abra
32
abra
@ -385,18 +385,8 @@ get_servers() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
get_app_secrets() {
|
get_app_secrets() {
|
||||||
get_app_passwords
|
|
||||||
get_app_keys
|
|
||||||
}
|
|
||||||
|
|
||||||
get_app_passwords() {
|
|
||||||
# FIXME 3wc: requires bash 4, use for loop instead
|
# FIXME 3wc: requires bash 4, use for loop instead
|
||||||
mapfile -t PASSWORDS < <(grep "SECRET.*PASSWORD.*VERSION.*" "$ENV_FILE")
|
mapfile -t PASSWORDS < <(grep "SECRET.*VERSION.*" "$ENV_FILE")
|
||||||
}
|
|
||||||
|
|
||||||
get_app_keys() {
|
|
||||||
# FIXME 3wc: requires bash 4, use for loop instead
|
|
||||||
mapfile -t KEYS < <(grep "SECRET.*KEY.*VERSION.*" "$ENV_FILE")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
load_instance() {
|
load_instance() {
|
||||||
@ -457,7 +447,9 @@ parse_secret() {
|
|||||||
# shellcheck disable=SC2001
|
# shellcheck disable=SC2001
|
||||||
abra__length_="$(echo "$SECRET" | sed -e 's/.*[^0-9]\([0-9]\+\)[^0-9]*$/\1/')"
|
abra__length_="$(echo "$SECRET" | sed -e 's/.*[^0-9]\([0-9]\+\)[^0-9]*$/\1/')"
|
||||||
else
|
else
|
||||||
abra__length_=32
|
# Note(decentral1se): unset this so that a length value from another secret
|
||||||
|
# definition does not get passed on to another secret generation flow
|
||||||
|
unset abra__length_
|
||||||
fi
|
fi
|
||||||
|
|
||||||
abra__secret_="${SECRET%_VERSION=*}" # strip _VERSION=v1
|
abra__secret_="${SECRET%_VERSION=*}" # strip _VERSION=v1
|
||||||
@ -466,7 +458,7 @@ parse_secret() {
|
|||||||
|
|
||||||
abra__version_="$(echo "$SECRET" | sed -n 's/.*\(v[0-9]\).*/\1/p')"
|
abra__version_="$(echo "$SECRET" | sed -n 's/.*\(v[0-9]\).*/\1/p')"
|
||||||
|
|
||||||
if [[ "$SECRET" == *"length"* ]]; then
|
if [[ -n "$abra__length_" ]]; then
|
||||||
echo "Generating $abra__secret_, version: $abra__version_, length: $abra__length_"
|
echo "Generating $abra__secret_, version: $abra__version_, length: $abra__length_"
|
||||||
else
|
else
|
||||||
echo "Generating $abra__secret_, version: $abra__version_"
|
echo "Generating $abra__secret_, version: $abra__version_"
|
||||||
@ -497,10 +489,6 @@ auto_gen_secrets (){
|
|||||||
for PASSWORD in "${PASSWORDS[@]}"; do
|
for PASSWORD in "${PASSWORDS[@]}"; do
|
||||||
parse_secret "$PASSWORD"
|
parse_secret "$PASSWORD"
|
||||||
done
|
done
|
||||||
|
|
||||||
for KEY in "${KEYS[@]}"; do
|
|
||||||
parse_secret "$KEY"
|
|
||||||
done
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
@ -671,7 +659,7 @@ sub_app_new (){
|
|||||||
|
|
||||||
get_app_secrets
|
get_app_secrets
|
||||||
|
|
||||||
if [ "${#PASSWORDS[@]}" -gt 0 ] || [ "${#KEYS[@]}" -gt 0 ] && [ "$abra___secrets" == "true" ]; then
|
if [ "${#PASSWORDS[@]}" -gt 0 ] && [ "$abra___secrets" == "true" ]; then
|
||||||
auto_gen_secrets
|
auto_gen_secrets
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -980,12 +968,12 @@ sub_app_secret_generate(){
|
|||||||
auto_gen_secrets
|
auto_gen_secrets
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ "$SECRET" == *"password"* ]]; then
|
if [[ -n "$LENGTH" ]]; then
|
||||||
require_pwqgen
|
|
||||||
PWGEN="${abra__cmd_:-pwqgen}"
|
|
||||||
else
|
|
||||||
require_pwgen
|
require_pwgen
|
||||||
PWGEN=${abra__cmd_:-pwgen -s "$LENGTH" 1}
|
PWGEN=${abra__cmd_:-pwgen -s "$LENGTH" 1}
|
||||||
|
else
|
||||||
|
require_pwqgen
|
||||||
|
PWGEN="${abra__cmd_:-pwqgen}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$SECRET" ] || [ -z "$VERSION" ] && [ "$abra___all" == "false" ]; then
|
if [ -z "$SECRET" ] || [ -z "$VERSION" ] && [ "$abra___all" == "false" ]; then
|
||||||
|
|||||||
Reference in New Issue
Block a user