Remove set -x from exporter scripts and htk s3 user script
This removes set -x from the templates for the user creation scripts for the mariadb and postgresql user templates, and it also removes the set -x from the helm-toolkit job for creating s3 users. This prevents sensitive credentials from being displayed to the console when these scripts are run Change-Id: I0a78d8190fbbae1b300b74ca560d76dedaaf6fc1
This commit is contained in:
parent
ded99204b2
commit
70e5769900
@ -17,9 +17,10 @@ limitations under the License.
|
|||||||
{{- define "helm-toolkit.scripts.create_s3_user" }}
|
{{- define "helm-toolkit.scripts.create_s3_user" }}
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
set -ex
|
set -e
|
||||||
|
|
||||||
function create_s3_user () {
|
function create_s3_user () {
|
||||||
|
echo "Creating s3 user and key pair"
|
||||||
radosgw-admin user create \
|
radosgw-admin user create \
|
||||||
--uid=${S3_USERNAME} \
|
--uid=${S3_USERNAME} \
|
||||||
--display-name=${S3_USERNAME} \
|
--display-name=${S3_USERNAME} \
|
||||||
@ -37,7 +38,7 @@ function update_s3_user () {
|
|||||||
for access_key in $old_access_keys; do
|
for access_key in $old_access_keys; do
|
||||||
# If current access key is the same as the key supplied, do nothing.
|
# If current access key is the same as the key supplied, do nothing.
|
||||||
if [ "$access_key" == "${S3_ACCESS_KEY}" ]; then
|
if [ "$access_key" == "${S3_ACCESS_KEY}" ]; then
|
||||||
echo "Current key pair exists."
|
echo "Current user and key pair exists."
|
||||||
continue
|
continue
|
||||||
else
|
else
|
||||||
# If keys differ, remove previous key
|
# If keys differ, remove previous key
|
||||||
@ -54,7 +55,7 @@ function update_s3_user () {
|
|||||||
# If the supplied key does not exist, modify the user
|
# If the supplied key does not exist, modify the user
|
||||||
if [[ -z ${current_access_key} ]]; then
|
if [[ -z ${current_access_key} ]]; then
|
||||||
# Modify user with new access and secret keys
|
# Modify user with new access and secret keys
|
||||||
echo "Updating key pair"
|
echo "Updating existing user's key pair"
|
||||||
radosgw-admin user modify \
|
radosgw-admin user modify \
|
||||||
--uid=${S3_USERNAME}\
|
--uid=${S3_USERNAME}\
|
||||||
--access-key ${S3_ACCESS_KEY} \
|
--access-key ${S3_ACCESS_KEY} \
|
||||||
|
@ -16,7 +16,7 @@ See the License for the specific language governing permissions and
|
|||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
set -ex
|
set -e
|
||||||
|
|
||||||
mysql --defaults-file=/etc/mysql/admin_user.cnf -e \
|
mysql --defaults-file=/etc/mysql/admin_user.cnf -e \
|
||||||
"CREATE OR REPLACE USER '${EXPORTER_USER}'@'%' IDENTIFIED BY '${EXPORTER_PASSWORD}'; \
|
"CREATE OR REPLACE USER '${EXPORTER_USER}'@'%' IDENTIFIED BY '${EXPORTER_PASSWORD}'; \
|
||||||
|
@ -16,7 +16,7 @@ See the License for the specific language governing permissions and
|
|||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
set -ex
|
set -e
|
||||||
|
|
||||||
psql "postgresql://${ADMIN_USER}:${ADMIN_PASSWORD}@${POSTGRESQL_HOST_PORT}?sslmode=disable" << EOF
|
psql "postgresql://${ADMIN_USER}:${ADMIN_PASSWORD}@${POSTGRESQL_HOST_PORT}?sslmode=disable" << EOF
|
||||||
CREATE USER ${EXPORTER_USER} WITH PASSWORD '${EXPORTER_PASSWORD}';
|
CREATE USER ${EXPORTER_USER} WITH PASSWORD '${EXPORTER_PASSWORD}';
|
||||||
|
Loading…
x
Reference in New Issue
Block a user