Merge pull request 'Make secret generation more robust' (#73) from simplify-secret-logic into main
Reviewed-on: coop-cloud/abra#73
This commit is contained in:
commit
d4e52a9de3
@ -16,6 +16,7 @@
|
||||
- Use Docker-in-Docker (dind), and `dind-bats-kcov` Docker image, for `make test` ([1600b6277fbbffc4c6de1e4ba799c7bbe72ec6a0](https://git.autonomic.zone/coop-cloud/abra/commit/1600b6277fbbffc4c6de1e4ba799c7bbe72ec6a0))
|
||||
- Add built-in documentation using `abra help <subcommand>...`, see [#50](https://git.autonomic.zone/coop-cloud/abra/issues/50)
|
||||
- `version` subcommand [e6b24fe](https://git.autonomic.zone/coop-cloud/abra/commit/e6b24fe)
|
||||
- Use `# length=x` comments to generate passwords with `pwgen` and drop `KEY`/`PASSWORD` logic ([#68](https://git.autonomic.zone/coop-cloud/abra/issues/68))
|
||||
|
||||
# abra 0.4.1 (2020-12-24)
|
||||
|
||||
|
32
abra
32
abra
@ -385,18 +385,8 @@ get_servers() {
|
||||
}
|
||||
|
||||
get_app_secrets() {
|
||||
get_app_passwords
|
||||
get_app_keys
|
||||
}
|
||||
|
||||
get_app_passwords() {
|
||||
# FIXME 3wc: requires bash 4, use for loop instead
|
||||
mapfile -t PASSWORDS < <(grep "SECRET.*PASSWORD.*VERSION.*" "$ENV_FILE")
|
||||
}
|
||||
|
||||
get_app_keys() {
|
||||
# FIXME 3wc: requires bash 4, use for loop instead
|
||||
mapfile -t KEYS < <(grep "SECRET.*KEY.*VERSION.*" "$ENV_FILE")
|
||||
mapfile -t PASSWORDS < <(grep "SECRET.*VERSION.*" "$ENV_FILE")
|
||||
}
|
||||
|
||||
load_instance() {
|
||||
@ -457,7 +447,9 @@ parse_secret() {
|
||||
# shellcheck disable=SC2001
|
||||
abra__length_="$(echo "$SECRET" | sed -e 's/.*[^0-9]\([0-9]\+\)[^0-9]*$/\1/')"
|
||||
else
|
||||
abra__length_=32
|
||||
# Note(decentral1se): unset this so that a length value from another secret
|
||||
# definition does not get passed on to another secret generation flow
|
||||
unset abra__length_
|
||||
fi
|
||||
|
||||
abra__secret_="${SECRET%_VERSION=*}" # strip _VERSION=v1
|
||||
@ -466,7 +458,7 @@ parse_secret() {
|
||||
|
||||
abra__version_="$(echo "$SECRET" | sed -n 's/.*\(v[0-9]\).*/\1/p')"
|
||||
|
||||
if [[ "$SECRET" == *"length"* ]]; then
|
||||
if [[ -n "$abra__length_" ]]; then
|
||||
echo "Generating $abra__secret_, version: $abra__version_, length: $abra__length_"
|
||||
else
|
||||
echo "Generating $abra__secret_, version: $abra__version_"
|
||||
@ -497,10 +489,6 @@ auto_gen_secrets (){
|
||||
for PASSWORD in "${PASSWORDS[@]}"; do
|
||||
parse_secret "$PASSWORD"
|
||||
done
|
||||
|
||||
for KEY in "${KEYS[@]}"; do
|
||||
parse_secret "$KEY"
|
||||
done
|
||||
}
|
||||
|
||||
#######################################
|
||||
@ -671,7 +659,7 @@ sub_app_new (){
|
||||
|
||||
get_app_secrets
|
||||
|
||||
if [ "${#PASSWORDS[@]}" -gt 0 ] || [ "${#KEYS[@]}" -gt 0 ] && [ "$abra___secrets" == "true" ]; then
|
||||
if [ "${#PASSWORDS[@]}" -gt 0 ] && [ "$abra___secrets" == "true" ]; then
|
||||
auto_gen_secrets
|
||||
fi
|
||||
|
||||
@ -980,12 +968,12 @@ sub_app_secret_generate(){
|
||||
auto_gen_secrets
|
||||
fi
|
||||
|
||||
if [[ "$SECRET" == *"password"* ]]; then
|
||||
require_pwqgen
|
||||
PWGEN="${abra__cmd_:-pwqgen}"
|
||||
else
|
||||
if [[ -n "$LENGTH" ]]; then
|
||||
require_pwgen
|
||||
PWGEN=${abra__cmd_:-pwgen -s "$LENGTH" 1}
|
||||
else
|
||||
require_pwqgen
|
||||
PWGEN="${abra__cmd_:-pwqgen}"
|
||||
fi
|
||||
|
||||
if [ -z "$SECRET" ] || [ -z "$VERSION" ] && [ "$abra___all" == "false" ]; then
|
||||
|
Loading…
Reference in New Issue
Block a user