From 70e576990032638d18e8e05b534b9e77e44dbb84 Mon Sep 17 00:00:00 2001 From: Steve Wilkerson Date: Tue, 19 Feb 2019 13:27:49 -0600 Subject: [PATCH] Remove set -x from exporter scripts and htk s3 user script This removes set -x from the templates for the user creation scripts for the mariadb and postgresql user templates, and it also removes the set -x from the helm-toolkit job for creating s3 users. This prevents sensitive credentials from being displayed to the console when these scripts are run Change-Id: I0a78d8190fbbae1b300b74ca560d76dedaaf6fc1 --- helm-toolkit/templates/scripts/_create-s3-user.sh.tpl | 7 ++++--- .../monitoring/prometheus/bin/_create-mysql-user.sh.tpl | 2 +- .../prometheus/bin/_create-postgresql-exporter-user.sh.tpl | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/helm-toolkit/templates/scripts/_create-s3-user.sh.tpl b/helm-toolkit/templates/scripts/_create-s3-user.sh.tpl index 09bb9437a..a713665de 100644 --- a/helm-toolkit/templates/scripts/_create-s3-user.sh.tpl +++ b/helm-toolkit/templates/scripts/_create-s3-user.sh.tpl @@ -17,9 +17,10 @@ limitations under the License. {{- define "helm-toolkit.scripts.create_s3_user" }} #!/bin/bash -set -ex +set -e function create_s3_user () { + echo "Creating s3 user and key pair" radosgw-admin user create \ --uid=${S3_USERNAME} \ --display-name=${S3_USERNAME} \ @@ -37,7 +38,7 @@ function update_s3_user () { for access_key in $old_access_keys; do # If current access key is the same as the key supplied, do nothing. if [ "$access_key" == "${S3_ACCESS_KEY}" ]; then - echo "Current key pair exists." + echo "Current user and key pair exists." continue else # If keys differ, remove previous key @@ -54,7 +55,7 @@ function update_s3_user () { # If the supplied key does not exist, modify the user if [[ -z ${current_access_key} ]]; then # Modify user with new access and secret keys - echo "Updating key pair" + echo "Updating existing user's key pair" radosgw-admin user modify \ --uid=${S3_USERNAME}\ --access-key ${S3_ACCESS_KEY} \ diff --git a/mariadb/templates/monitoring/prometheus/bin/_create-mysql-user.sh.tpl b/mariadb/templates/monitoring/prometheus/bin/_create-mysql-user.sh.tpl index 49773d0a1..85b30ce77 100644 --- a/mariadb/templates/monitoring/prometheus/bin/_create-mysql-user.sh.tpl +++ b/mariadb/templates/monitoring/prometheus/bin/_create-mysql-user.sh.tpl @@ -16,7 +16,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -set -ex +set -e mysql --defaults-file=/etc/mysql/admin_user.cnf -e \ "CREATE OR REPLACE USER '${EXPORTER_USER}'@'%' IDENTIFIED BY '${EXPORTER_PASSWORD}'; \ diff --git a/postgresql/templates/monitoring/prometheus/bin/_create-postgresql-exporter-user.sh.tpl b/postgresql/templates/monitoring/prometheus/bin/_create-postgresql-exporter-user.sh.tpl index a797b3467..bbb90dcc7 100644 --- a/postgresql/templates/monitoring/prometheus/bin/_create-postgresql-exporter-user.sh.tpl +++ b/postgresql/templates/monitoring/prometheus/bin/_create-postgresql-exporter-user.sh.tpl @@ -16,7 +16,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -set -ex +set -e psql "postgresql://${ADMIN_USER}:${ADMIN_PASSWORD}@${POSTGRESQL_HOST_PORT}?sslmode=disable" << EOF CREATE USER ${EXPORTER_USER} WITH PASSWORD '${EXPORTER_PASSWORD}';