From d5ec559cba93b8dc5e64a2af75acff153bab837c Mon Sep 17 00:00:00 2001
From: "Parsons, Cliff (cp769u)" <cp769u@att.com>
Date: Mon, 5 Oct 2020 18:21:18 +0000
Subject: [PATCH] Fix issue reading backup/restore secrets

This patchset uses jq to parse secrets instead of the grep/awk
combination that was being used before, which was problematic if the
formatting of secrets gets changed.

In order to do this for etcdctl-utility pod, I had to add "jq" to the
Dockerfile. Mysql and Postgresql utility images already had jq.

Change-Id: Ice7e7a44dbe9d6f8b4c7f02d2ed75c08ee47c89f
---
 .../templates/bin/utility/_etcd_ondemand_job.sh.tpl           | 4 ++--
 .../templates/bin/utility/_mariadb_ondemand_job.sh.tpl        | 4 ++--
 .../templates/bin/utility/_create_test_database.sh.tpl        | 2 +-
 .../templates/bin/utility/_pg_ondemand_job.sh.tpl             | 4 ++--
 .../postgresql-utility/templates/bin/utility/_pgutils.sh.tpl  | 2 +-
 images/etcdctl-utility/Dockerfile.ubuntu_bionic               | 1 +
 6 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/charts/etcdctl-utility/templates/bin/utility/_etcd_ondemand_job.sh.tpl b/charts/etcdctl-utility/templates/bin/utility/_etcd_ondemand_job.sh.tpl
index 94a2abc1..b6f340fd 100644
--- a/charts/etcdctl-utility/templates/bin/utility/_etcd_ondemand_job.sh.tpl
+++ b/charts/etcdctl-utility/templates/bin/utility/_etcd_ondemand_job.sh.tpl
@@ -10,8 +10,8 @@ fi
 
 export ETCD_CONF_SECRET={{ $envAll.Values.conf.etcd_backup_restore.secrets.kube_system.conf_secret }}
 export ETCD_IMAGE_NAME=$(kubectl get cronjob -n ${ETCD_POD_NAMESPACE} kubernetes-etcd-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep etcdctl-utility)
-export ETCD_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d)
-ETCD_REMOTE_BACKUP_ENABLED=$(kubectl get secret -o yaml -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} | grep REMOTE_BACKUP_ENABLED | awk '{print $2}' | base64 -d)
+export ETCD_BACKUP_BASE_PATH=$(kubectl get secret -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} -o json | jq -r .data.BACKUP_BASE_PATH | base64 -d)
+ETCD_REMOTE_BACKUP_ENABLED=$(kubectl get secret -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} -o json | jq -r .data.REMOTE_BACKUP_ENABLED | base64 -d)
 export ETCD_REMOTE_BACKUP_ENABLED=$(echo $ETCD_REMOTE_BACKUP_ENABLED | sed 's/"//g')
 
 if [[ $NODE == "" ]];then
diff --git a/charts/mysqlclient-utility/templates/bin/utility/_mariadb_ondemand_job.sh.tpl b/charts/mysqlclient-utility/templates/bin/utility/_mariadb_ondemand_job.sh.tpl
index d8911094..1d04d5d3 100644
--- a/charts/mysqlclient-utility/templates/bin/utility/_mariadb_ondemand_job.sh.tpl
+++ b/charts/mysqlclient-utility/templates/bin/utility/_mariadb_ondemand_job.sh.tpl
@@ -10,8 +10,8 @@ fi
 
 export MARIADB_CONF_SECRET={{ $envAll.Values.conf.mariadb_backup_restore.secrets.conf_secret }}
 export MARIADB_IMAGE_NAME=$(kubectl get cronjob -n ${MARIADB_POD_NAMESPACE} mariadb-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep mysqlclient-utility)
-export MARIADB_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d)
-MARIADB_REMOTE_BACKUP_ENABLED=$(kubectl get secret -o yaml -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} | grep REMOTE_BACKUP_ENABLED | awk '{print $2}' | base64 -d)
+export MARIADB_BACKUP_BASE_PATH=$(kubectl get secret -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} -o json | jq -r .data.BACKUP_BASE_PATH | base64 -d)
+MARIADB_REMOTE_BACKUP_ENABLED=$(kubectl get secret -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} -o json | jq -r .data.REMOTE_BACKUP_ENABLED | base64 -d)
 export MARIADB_REMOTE_BACKUP_ENABLED=$(echo $MARIADB_REMOTE_BACKUP_ENABLED | sed 's/"//g')
 
 if [[ $MARIADB_IMAGE_NAME == "" ]]; then
diff --git a/charts/postgresql-utility/templates/bin/utility/_create_test_database.sh.tpl b/charts/postgresql-utility/templates/bin/utility/_create_test_database.sh.tpl
index 30853a30..c1bb6a98 100644
--- a/charts/postgresql-utility/templates/bin/utility/_create_test_database.sh.tpl
+++ b/charts/postgresql-utility/templates/bin/utility/_create_test_database.sh.tpl
@@ -7,7 +7,7 @@ IFS=', ' read -re -a BACKUP_RESTORE_NAMESPACE_ARRAY <<< "$BACKUP_RESTORE_NAMESPA
 function database_cmd() {
   NAMESPACE=$1
 
-  POSTGRES_PWD=$(kubectl get secret -n "$NAMESPACE" postgresql-admin -o yaml  | grep POSTGRES_PASSWORD | awk '{print $2}' | base64 -d)
+  POSTGRES_PWD=$(kubectl get secret -n "$NAMESPACE" postgresql-admin -o json | jq -r .data.POSTGRES_PASSWORD | base64 -d)
   POSTGRES_CREDS="postgresql://postgres:${POSTGRES_PWD}@postgresql.${NAMESPACE}.svc.cluster.local?sslmode=disable"
   SQL_CMD="psql $POSTGRES_CREDS"
 
diff --git a/charts/postgresql-utility/templates/bin/utility/_pg_ondemand_job.sh.tpl b/charts/postgresql-utility/templates/bin/utility/_pg_ondemand_job.sh.tpl
index 260e802d..d980b980 100644
--- a/charts/postgresql-utility/templates/bin/utility/_pg_ondemand_job.sh.tpl
+++ b/charts/postgresql-utility/templates/bin/utility/_pg_ondemand_job.sh.tpl
@@ -10,8 +10,8 @@ fi
 
 export POSTGRESQL_CONF_SECRET={{ $envAll.Values.conf.postgresql_backup_restore.secrets.conf_secret }}
 export POSTGRESQL_IMAGE_NAME=$(kubectl get cronjob -n ucp postgresql-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep postgresql-utility)
-export POSTGRESQL_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${POSTGRESQL_POD_NAMESPACE} ${POSTGRESQL_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d)
-POSTGRESQL_REMOTE_BACKUP_ENABLED=$(kubectl get secret -o yaml -n ${POSTGRESQL_POD_NAMESPACE} ${POSTGRESQL_CONF_SECRET} | grep REMOTE_BACKUP_ENABLED | awk '{print $2}' | base64 -d)
+export POSTGRESQL_BACKUP_BASE_PATH=$(kubectl get secret -n ${POSTGRESQL_POD_NAMESPACE} ${POSTGRESQL_CONF_SECRET} -o json | jq -r .data.BACKUP_BASE_PATH | base64 -d)
+POSTGRESQL_REMOTE_BACKUP_ENABLED=$(kubectl get secret -n ${POSTGRESQL_POD_NAMESPACE} ${POSTGRESQL_CONF_SECRET} -o json | jq -r .data.REMOTE_BACKUP_ENABLED | base64 -d)
 export POSTGRESQL_REMOTE_BACKUP_ENABLED=$(echo $POSTGRESQL_REMOTE_BACKUP_ENABLED | sed 's/"//g')
 
 if [[ $POSTGRESQL_IMAGE_NAME == "" ]]; then
diff --git a/charts/postgresql-utility/templates/bin/utility/_pgutils.sh.tpl b/charts/postgresql-utility/templates/bin/utility/_pgutils.sh.tpl
index 8f8c5621..9c20cf56 100644
--- a/charts/postgresql-utility/templates/bin/utility/_pgutils.sh.tpl
+++ b/charts/postgresql-utility/templates/bin/utility/_pgutils.sh.tpl
@@ -4,7 +4,7 @@ function database_cmd() {
   NAMESPACE=$1
 
   get_postgres_password() {
-    PW=$(kubectl get secret -n "$NAMESPACE" postgresql-admin -o yaml  | grep POSTGRES_PASSWORD | awk '{print $2}' | base64 -d)
+    PW=$(kubectl get secret -n "$NAMESPACE" postgresql-admin -o json  | jq -r .data.POSTGRES_PASSWORD | base64 -d)
     echo "$PW"
   }
   POSTGRES_PWD=$(get_postgres_password)
diff --git a/images/etcdctl-utility/Dockerfile.ubuntu_bionic b/images/etcdctl-utility/Dockerfile.ubuntu_bionic
index 9ac321d1..e98680bd 100644
--- a/images/etcdctl-utility/Dockerfile.ubuntu_bionic
+++ b/images/etcdctl-utility/Dockerfile.ubuntu_bionic
@@ -32,6 +32,7 @@ RUN set -xe \
        rsyslog \
        python3.6 \
        python3-pip \
+       jq \
     && pip3 install \
          oslo.rootwrap==5.8.0 \
          python-openstackclient==3.18.1 \