diff --git a/utilities/platform-util/scripts/update_docker_registry_auth.sh b/utilities/platform-util/scripts/update_docker_registry_auth.sh index 09b9e506..3b534dcd 100755 --- a/utilities/platform-util/scripts/update_docker_registry_auth.sh +++ b/utilities/platform-util/scripts/update_docker_registry_auth.sh @@ -1,6 +1,6 @@ #!/bin/bash -e # -# Copyright (c) 2021 Wind River Systems, Inc. +# Copyright (c) 2021-2022 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -39,28 +39,41 @@ else exit fi +# Constant variables NEW_CREDS="username:${usr} password:${pw}" +REGISTRY_LIST="docker-registry quay-registry elastic-registry gcr-registry \ +k8s-registry ghcr-registry" +CENTRAL_REGISTRY_URL="registry.central" echo source /etc/platform/openrc -for REGISTRY in docker-registry quay-registry elastic-registry gcr-registry \ - k8s-registry ghcr-registry; do - echo -n "Updating" $REGISTRY "credentials ." - SECRET_UUID=$(system service-parameter-list | fgrep $REGISTRY |\ - fgrep auth-secret | awk '{print $10}') - if [ -z "$SECRET_UUID" ]; then - echo "No $REGISTRY entry in service-parameters" +for REGISTRY in "${REGISTRY_LIST}"; do + echo -n "Checking ${REGISTRY} url. " + registry_url=$(system service-parameter-list | grep -F ${REGISTRY} |\ + grep -F url | awk '{print $10}') + if [[ -z "${registry_url}" ]] ||\ + [[ "${registry_url}" != *"${CENTRAL_REGISTRY_URL}"* ]]; then + echo "${REGISTRY} is not a central registry. Skipping updating credential." echo continue fi - SECRET_REF=$(openstack secret list | fgrep ${SECRET_UUID} |\ + echo -n "Updating ${REGISTRY} credentials ." + SECRET_UUID=$(system service-parameter-list | grep -F ${REGISTRY} |\ + grep -F auth-secret | awk '{print $10}') + if [ -z "${SECRET_UUID}" ]; then + echo "No ${REGISTRY} entry in service-parameters" + echo + continue + fi + + SECRET_REF=$(openstack secret list | grep -F ${SECRET_UUID} |\ awk '{print $2}') echo -n "." - if [ -z "$SECRET_REF" ]; then - echo "No $REGISTRY entry in openstack secret list" + if [ -z "${SECRET_REF}" ]; then + echo "No ${REGISTRY} entry in openstack secret list" else SECRET_VALUE=$(openstack secret get ${SECRET_REF} --payload -f value) echo -n "." @@ -68,27 +81,29 @@ for REGISTRY in docker-registry quay-registry elastic-registry gcr-registry \ echo -n "." fi - NEW_SECRET_VALUE=$NEW_CREDS + NEW_SECRET_VALUE=${NEW_CREDS} openstack secret store -n ${REGISTRY}-secret -p "${NEW_SECRET_VALUE}" \ >/dev/null echo -n "." - NEW_SECRET_REF=$(openstack secret list | fgrep ${REGISTRY}-secret |\ + NEW_SECRET_REF=$(openstack secret list | grep -F ${REGISTRY}-secret |\ awk '{print $2}') NEW_SECRET_UUID=$(echo "${NEW_SECRET_REF}" | awk -F/ '{print $6}') - system service-parameter-modify docker $REGISTRY \ + system service-parameter-modify docker "${REGISTRY}" \ auth-secret="${NEW_SECRET_UUID}" > /dev/null echo -n "." echo " done." - echo -n "Validating $REGISTRY credentials updated to: " - SECRET_UUID=$(system service-parameter-list | fgrep $REGISTRY |\ - fgrep auth-secret | awk '{print $10}') - if [ -z "$SECRET_UUID" ]; then + echo -n "Validating ${REGISTRY} credentials updated to: " + SECRET_UUID=$(system service-parameter-list | grep -F ${REGISTRY} |\ + grep -F auth-secret | awk '{print $10}') + if [ -z "${SECRET_UUID}" ]; then continue fi - SECRET_REF=$(openstack secret list | fgrep ${SECRET_UUID} | awk '{print $2}') + SECRET_REF=$(openstack secret list | grep -F ${SECRET_UUID} | awk '{print $2}') SECRET_VALUE=$(openstack secret get ${SECRET_REF} --payload -f value) - echo $SECRET_VALUE + echo "${SECRET_VALUE}" echo done + +system service-parameter-apply docker