Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cloud: Fix .pgpass and password deployment #491

Merged
merged 4 commits into from
Jan 18, 2024
+20 −8
Merged

cloud: Fix .pgpass and password deployment #491

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
476130d
cloud: Remove unused local for SMTP secret
spbnick Jan 17, 2024
aea168d
cloud: Disable PostgreSQL auto storage increase
spbnick Jan 17, 2024
3cccede
cloud: Fix password secret deployment
spbnick Jan 18, 2024
2e54c2e
cloud: Deploy pgpass when changed
spbnick Jan 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion cloud
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,6 @@ function execute_command() {
declare -r updated_topic="${prefix}updated"
declare -r updated_debug_subscription="${prefix}updated_debug"
declare -r spool_collection_path="${prefix}notifications"
declare -r smtp_password_secret="kcidb_smtp_password"

declare -r psql_connection=$(
echo -n "${project}:"
Expand Down
26 changes: 19 additions & 7 deletions kcidb/cloud/password.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,7 @@ function password_deploy_secret() {
# Get and cache the password in the current shell first
password_get "$name" > /dev/null
# Deploy the cached password
password_get "$name" | secret_deploy "$project" "$name"
password_get "$name" | secret_deploy "$project" "$secret"
fi
done
}
Expand Down Expand Up @@ -261,15 +261,27 @@ function password_deploy_pgpass_secret() {
password_names+=("$1")
shift 2
done
declare new_pgpass
declare exists

# Generate the (potentially) new pgpass with cached passwords
new_pgpass="$(password_get_pgpass "${password_and_user_names[@]}")"

# If the secret already exists
exists=$(secret_exists "$project" "$pgpass_secret")
if ! "$exists" || password_is_specified "${password_names[@]}"; then
# Cache the passwords in the current shell
password_get_pgpass "${password_and_user_names[@]}" > /dev/null
# Generate and deploy the .pgpass
password_get_pgpass "${password_and_user_names[@]}" |
secret_deploy "$project" "$pgpass_secret"
if "$exists"; then
declare old_pgpass
# Retrieve the current pgpass
old_pgpass="$(secret_get "$project" "$pgpass_secret")"
# If the pgpass hasn't changed
if [ "$new_pgpass" == "$old_pgpass" ]; then
# Don't deploy
return
fi
fi

# Deploy the .pgpass
secret_deploy "$project" "$pgpass_secret" <<<"$new_pgpass"
}

fi # _PASSWORD_SH
1 change: 1 addition & 0 deletions kcidb/cloud/psql.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ function psql_instance_deploy() {
--region="$PSQL_INSTANCE_REGION" \
--tier="$PSQL_INSTANCE_TIER" \
--assign-ip \
--no-storage-auto-increase \
--database-flags=cloudsql.iam_authentication=on \
--root-password="$(password_get psql_superuser)" \
--database-version=POSTGRES_14
Expand Down