Add some password management support and local roxctl#49
Add some password management support and local roxctl#49connorgorman wants to merge 2 commits intomasterstackrox/workflow:masterfrom cgorman-passwords-roxctlstackrox/workflow:cgorman-passwords-roxctlCopy head branch name to clipboard
Conversation
viswajithiii
left a comment
There was a problem hiding this comment.
You also need to create symlinks to all of these in bin. (with ln -s)
| @@ -0,0 +1,3 @@ | ||
| #! /bin/bash |
There was a problem hiding this comment.
In ./lib/rox_password.sh, we have a function for this already, which does this but also respects a ROX_PASSWORD env, so probably want to use that.
Also, we probably want to rename this to roxpwd or something, so that it's more more what the command refers to
| kubectl -n stackrox delete secret central-htpasswd | ||
| kubectl create -f newpass.yaml | ||
|
|
||
| echo "The new password may take time to propagate due to config map propagation times" |
There was a problem hiding this comment.
Use einfo instead of echo
| EOF | ||
|
|
||
| kubectl -n stackrox delete secret central-htpasswd | ||
| kubectl create -f newpass.yaml |
There was a problem hiding this comment.
Why create a file? Just do kubectl create -f - <<EOF and put the contents there?
There was a problem hiding this comment.
Also, use apply or replace?
There was a problem hiding this comment.
Yeah good points, full disclosure, this is copy pasta from the solutions repo, but I found myself using it all the time when I overwrote the password
| @@ -0,0 +1,27 @@ | ||
| #!/usr/bin/env bash |
There was a problem hiding this comment.
Can you rename the file to changepw? pwd in a shell script context is print working directory
| EOF | ||
|
|
||
| kubectl -n stackrox delete secret central-htpasswd | ||
| kubectl create -f newpass.yaml |
There was a problem hiding this comment.
Also, use apply or replace?
| #! /bin/bash | ||
|
|
||
| if [[ -z "${ROX_API_TOKEN}" ]]; then | ||
| roxctl --insecure-skip-tls-verify -e localhost:8000 -p $(getpwd) $@ |
There was a problem hiding this comment.
always quote variable expansions unless you want shell tokenization
| if [[ -z "${ROX_API_TOKEN}" ]]; then | ||
| roxctl --insecure-skip-tls-verify -e localhost:8000 -p $(getpwd) $@ | ||
| else | ||
| roxctl --insecure-skip-tls-verify -e localhost:8000 $@ |
There was a problem hiding this comment.
also, maybe do
extra_args=()
if [[ -z "${ROX_API_TOKEN}" ]]; then
extra_args+=(-p "$(getpwd)")
fi
roxctl ... "${extra_args[@]}" "$@"
| kubectl -n stackrox delete secret central-htpasswd | ||
| kubectl create -f newpass.yaml | ||
|
|
||
| echo "The new password may take time to propagate due to config map propagation times" |
There was a problem hiding this comment.
Given how getpwd is implemented, do you also want to overwrite the deploy/k8s/central-deploy/password file?
I have a bunch of local scripts I use so figured I'd push them up