|
1 | 1 | #!/bin/bash |
2 | 2 |
|
| 3 | +set -o pipefail |
| 4 | +set -o errexit |
| 5 | +set -o nounset |
| 6 | +set -o errtrace |
3 | 7 | set -x |
4 | 8 |
|
5 | 9 | source /usr/local/bin/crc-systemd-common.sh |
6 | 10 | export KUBECONFIG="/opt/kubeconfig" |
7 | 11 |
|
8 | 12 | function gen_htpasswd() { |
9 | | - if [ ! -z "${1}" ] && [ ! -z "${2}" ]; then |
10 | | - podman run --rm -ti xmartlabs/htpasswd $1 $2 >> /tmp/htpasswd.txt |
| 13 | + if [ -z "${1:-}" ] || [ -z "${2:-}" ]; then |
| 14 | + echo "gen_htpasswd needs two arguments: username password" 1>&2 |
| 15 | + return 1 |
11 | 16 | fi |
| 17 | + |
| 18 | + podman run --rm docker.io/xmartlabs/htpasswd "$1" "$2" |
12 | 19 | } |
13 | 20 |
|
14 | 21 | wait_for_resource secret |
15 | 22 |
|
16 | | -if [ ! -f /opt/crc/pass_developer ]; then |
| 23 | +if [ ! -f /tmp/crc/pass_developer ]; then |
17 | 24 | echo "developer password does not exist" |
18 | 25 | exit 1 |
19 | 26 | fi |
20 | 27 |
|
21 | | -if [ ! -f /opt/crc/pass_kubeadmin ]; then |
22 | | - echo "developer password does not exist" |
| 28 | +if [ ! -f /tmp/crc/pass_kubeadmin ]; then |
| 29 | + echo "kubeadmin password does not exist" |
23 | 30 | exit 1 |
24 | 31 | fi |
25 | 32 |
|
26 | | -PASS_DEVELOPER=$(cat /opt/crc/pass_developer) |
27 | | -PASS_KUBEADMIN=$(cat /opt/crc/pass_kubeadmin) |
| 33 | +echo "generating the kubeadmin and developer passwords ..." |
28 | 34 |
|
29 | | -rm -f /tmp/htpasswd.txt |
30 | | -gen_htpasswd developer "${PASS_DEVELOPER}" |
31 | | -gen_htpasswd kubeadmin "${PASS_KUBEADMIN}" |
| 35 | +set +x # /!\ disable the logging to avoid leaking the passwords |
32 | 36 |
|
33 | | -if [ -f /tmp/htpasswd.txt ]; then |
34 | | - sed -i '/^\s*$/d' /tmp/htpasswd.txt |
| 37 | +dev_pass=$(gen_htpasswd developer "$(cat /tmp/crc/pass_developer)") |
| 38 | +adm_pass=$(gen_htpasswd kubeadmin "$(cat /tmp/crc/pass_kubeadmin)") |
35 | 39 |
|
36 | | - oc create secret generic htpass-secret --from-file=htpasswd=/tmp/htpasswd.txt -n openshift-config --dry-run=client -o yaml > /tmp/htpass-secret.yaml |
37 | | - oc replace -f /tmp/htpass-secret.yaml |
38 | | -fi |
| 40 | +echo "creating the password secret ..." |
| 41 | +# use bash <() to use a temporary fd file |
| 42 | +# use sed to remove the empty lines |
| 43 | +oc create secret generic htpass-secret \ |
| 44 | + --from-file=htpasswd=<(printf '%s\n%s\n' "$dev_pass" "$adm_pass" | sed '/^[[:space:]]*$/d') \ |
| 45 | + -n openshift-config \ |
| 46 | + --dry-run=client -oyaml \ |
| 47 | + | oc apply -f- |
| 48 | + |
| 49 | +echo "all done" |
0 commit comments