Fix issue reading backup/restore secrets

This patchset uses jq to parse secrets instead of the grep/awk combination that was being used before, which was problematic if the formatting of secrets gets changed. In order to do this for etcdctl-utility pod, I had to add "jq" to the Dockerfile. Mysql and Postgresql utility images already had jq. Change-Id: Ice7e7a44dbe9d6f8b4c7f02d2ed75c08ee47c89f
2020-10-05 18:21:18 +00:00 · 2020-10-05 18:21:18 +00:00 · d5ec559cba
parent 2b7f38fb22
commit d5ec559cba
6 changed files with 9 additions and 8 deletions
--- a/charts/etcdctl-utility/templates/bin/utility/_etcd_ondemand_job.sh.tpl
+++ b/charts/etcdctl-utility/templates/bin/utility/_etcd_ondemand_job.sh.tpl
@ -10,8 +10,8 @@ fi

 export ETCD_CONF_SECRET={{ $envAll.Values.conf.etcd_backup_restore.secrets.kube_system.conf_secret }}
 export ETCD_IMAGE_NAME=$(kubectl get cronjob -n ${ETCD_POD_NAMESPACE} kubernetes-etcd-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep etcdctl-utility)
-export ETCD_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d)
-ETCD_REMOTE_BACKUP_ENABLED=$(kubectl get secret -o yaml -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} | grep REMOTE_BACKUP_ENABLED | awk '{print $2}' | base64 -d)
+export ETCD_BACKUP_BASE_PATH=$(kubectl get secret -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} -o json | jq -r .data.BACKUP_BASE_PATH | base64 -d)
+ETCD_REMOTE_BACKUP_ENABLED=$(kubectl get secret -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} -o json | jq -r .data.REMOTE_BACKUP_ENABLED | base64 -d)
 export ETCD_REMOTE_BACKUP_ENABLED=$(echo $ETCD_REMOTE_BACKUP_ENABLED | sed 's/"//g')

 if [[ $NODE == "" ]];then
--- a/charts/mysqlclient-utility/templates/bin/utility/_mariadb_ondemand_job.sh.tpl
+++ b/charts/mysqlclient-utility/templates/bin/utility/_mariadb_ondemand_job.sh.tpl
@ -10,8 +10,8 @@ fi

 export MARIADB_CONF_SECRET={{ $envAll.Values.conf.mariadb_backup_restore.secrets.conf_secret }}
 export MARIADB_IMAGE_NAME=$(kubectl get cronjob -n ${MARIADB_POD_NAMESPACE} mariadb-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep mysqlclient-utility)
-export MARIADB_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d)
-MARIADB_REMOTE_BACKUP_ENABLED=$(kubectl get secret -o yaml -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} | grep REMOTE_BACKUP_ENABLED | awk '{print $2}' | base64 -d)
+export MARIADB_BACKUP_BASE_PATH=$(kubectl get secret -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} -o json | jq -r .data.BACKUP_BASE_PATH | base64 -d)
+MARIADB_REMOTE_BACKUP_ENABLED=$(kubectl get secret -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} -o json | jq -r .data.REMOTE_BACKUP_ENABLED | base64 -d)
 export MARIADB_REMOTE_BACKUP_ENABLED=$(echo $MARIADB_REMOTE_BACKUP_ENABLED | sed 's/"//g')

 if [[ $MARIADB_IMAGE_NAME == "" ]]; then
--- a/charts/postgresql-utility/templates/bin/utility/_create_test_database.sh.tpl
+++ b/charts/postgresql-utility/templates/bin/utility/_create_test_database.sh.tpl
@ -7,7 +7,7 @@ IFS=', ' read -re -a BACKUP_RESTORE_NAMESPACE_ARRAY <<< "$BACKUP_RESTORE_NAMESPA
 function database_cmd() {
  NAMESPACE=$1

-  POSTGRES_PWD=$(kubectl get secret -n "$NAMESPACE" postgresql-admin -o yaml  | grep POSTGRES_PASSWORD | awk '{print $2}' | base64 -d)
+  POSTGRES_PWD=$(kubectl get secret -n "$NAMESPACE" postgresql-admin -o json | jq -r .data.POSTGRES_PASSWORD | base64 -d)
  POSTGRES_CREDS="postgresql://postgres:${POSTGRES_PWD}@postgresql.${NAMESPACE}.svc.cluster.local?sslmode=disable"
  SQL_CMD="psql $POSTGRES_CREDS"

--- a/charts/postgresql-utility/templates/bin/utility/_pg_ondemand_job.sh.tpl
+++ b/charts/postgresql-utility/templates/bin/utility/_pg_ondemand_job.sh.tpl
@ -10,8 +10,8 @@ fi

 export POSTGRESQL_CONF_SECRET={{ $envAll.Values.conf.postgresql_backup_restore.secrets.conf_secret }}
 export POSTGRESQL_IMAGE_NAME=$(kubectl get cronjob -n ucp postgresql-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep postgresql-utility)
-export POSTGRESQL_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${POSTGRESQL_POD_NAMESPACE} ${POSTGRESQL_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d)
-POSTGRESQL_REMOTE_BACKUP_ENABLED=$(kubectl get secret -o yaml -n ${POSTGRESQL_POD_NAMESPACE} ${POSTGRESQL_CONF_SECRET} | grep REMOTE_BACKUP_ENABLED | awk '{print $2}' | base64 -d)
+export POSTGRESQL_BACKUP_BASE_PATH=$(kubectl get secret -n ${POSTGRESQL_POD_NAMESPACE} ${POSTGRESQL_CONF_SECRET} -o json | jq -r .data.BACKUP_BASE_PATH | base64 -d)
+POSTGRESQL_REMOTE_BACKUP_ENABLED=$(kubectl get secret -n ${POSTGRESQL_POD_NAMESPACE} ${POSTGRESQL_CONF_SECRET} -o json | jq -r .data.REMOTE_BACKUP_ENABLED | base64 -d)
 export POSTGRESQL_REMOTE_BACKUP_ENABLED=$(echo $POSTGRESQL_REMOTE_BACKUP_ENABLED | sed 's/"//g')

 if [[ $POSTGRESQL_IMAGE_NAME == "" ]]; then
--- a/charts/postgresql-utility/templates/bin/utility/_pgutils.sh.tpl
+++ b/charts/postgresql-utility/templates/bin/utility/_pgutils.sh.tpl
@ -4,7 +4,7 @@ function database_cmd() {
  NAMESPACE=$1

  get_postgres_password() {
-    PW=$(kubectl get secret -n "$NAMESPACE" postgresql-admin -o yaml  | grep POSTGRES_PASSWORD | awk '{print $2}' | base64 -d)
+    PW=$(kubectl get secret -n "$NAMESPACE" postgresql-admin -o json  | jq -r .data.POSTGRES_PASSWORD | base64 -d)
    echo "$PW"
  }
  POSTGRES_PWD=$(get_postgres_password)
--- a/images/etcdctl-utility/Dockerfile.ubuntu_bionic
+++ b/images/etcdctl-utility/Dockerfile.ubuntu_bionic
@ -32,6 +32,7 @@ RUN set -xe \
       rsyslog \
       python3.6 \
       python3-pip \
+       jq \
    && pip3 install \
         oslo.rootwrap==5.8.0 \
         python-openstackclient==3.18.1 \