|
1 | 1 | #!/bin/bash |
2 | 2 |
|
| 3 | +set -o pipefail |
| 4 | +set -o errexit |
| 5 | +set -o nounset |
| 6 | +set -o errtrace |
3 | 7 | set -x |
4 | 8 |
|
5 | 9 | source /usr/local/bin/crc-systemd-common.sh |
6 | 10 | export KUBECONFIG="/opt/kubeconfig" |
7 | 11 |
|
8 | 12 | function gen_htpasswd() { |
9 | | - if [ ! -z "${1}" ] && [ ! -z "${2}" ]; then |
10 | | - podman run --rm -ti xmartlabs/htpasswd $1 $2 >> /tmp/htpasswd.txt |
| 13 | + if [ -z "${1:-}" ] && [ ! -z "${2:-}" ]; then |
| 14 | + echo "gen_htpasswd needs to arguments: username password" 1>&2 |
| 15 | + return 1 |
11 | 16 | fi |
| 17 | + |
| 18 | + podman run --rm -ti docker.io/xmartlabs/htpasswd "$1" "$2" |
12 | 19 | } |
13 | 20 |
|
14 | 21 | wait_for_resource secret |
15 | 22 |
|
16 | | -if [ ! -f /opt/crc/pass_developer ]; then |
| 23 | +if [ ! -f /tmp/crc/pass_developer ]; then |
17 | 24 | echo "developer password does not exist" |
18 | 25 | exit 1 |
19 | 26 | fi |
20 | 27 |
|
21 | | -if [ ! -f /opt/crc/pass_kubeadmin ]; then |
| 28 | +if [ ! -f /tmp/crc/pass_kubeadmin ]; then |
22 | 29 | echo "developer password does not exist" |
23 | 30 | exit 1 |
24 | 31 | fi |
25 | 32 |
|
26 | | -PASS_DEVELOPER=$(cat /opt/crc/pass_developer) |
27 | | -PASS_KUBEADMIN=$(cat /opt/crc/pass_kubeadmin) |
| 33 | +echo "generating the kubeadmin and developer passwords ..." |
| 34 | +set +x # disable the logging to avoid leaking the passwords |
28 | 35 |
|
29 | | -rm -f /tmp/htpasswd.txt |
30 | | -gen_htpasswd developer "${PASS_DEVELOPER}" |
31 | | -gen_htpasswd kubeadmin "${PASS_KUBEADMIN}" |
| 36 | +dev_pass=$(gen_htpasswd developer "$(cat /tmp/crc/pass_developer)") |
| 37 | +adm_pass=$(gen_htpasswd kubeadmin "$(cat /tmp/crc/pass_kubeadmin)") |
32 | 38 |
|
33 | | -if [ -f /tmp/htpasswd.txt ]; then |
34 | | - sed -i '/^\s*$/d' /tmp/htpasswd.txt |
| 39 | +echo "creating the password secret ..." |
| 40 | +# use bash <() to use a temporary fd file |
| 41 | +# use sed to remove the empty lines |
| 42 | +oc create secret generic htpass-secret \ |
| 43 | + --from-file=htpasswd=<((echo "$dev_pass"; echo "$adm_pass") | sed '/^\s*$/d') \ |
| 44 | + -n openshift-config \ |
| 45 | + --dry-run=client -oyaml | oc replace -f- |
35 | 46 |
|
36 | | - oc create secret generic htpass-secret --from-file=htpasswd=/tmp/htpasswd.txt -n openshift-config --dry-run=client -o yaml > /tmp/htpass-secret.yaml |
37 | | - oc replace -f /tmp/htpass-secret.yaml |
38 | | -fi |
| 47 | +echo "all done" |
0 commit comments