cloud: Switch to password_is_updated()

Use password_is_updated() instead of password_is_specified() to update PostgreSQL user passwords whenever they change.
kernelci · Jan 19, 2024 · 1090452 · 1090452
1 parent b9c969b
commit 1090452
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 8 deletions.
diff --git a/kcidb/cloud/password.sh b/kcidb/cloud/password.sh
@@ -254,24 +254,24 @@ function password_is_updated() {
 
 # Deploy passwords to their secrets (assuming they're set with
 # "password_secret_set"). For every password deploy only if the password is
-# specified, or the secret doesn't exist.
+# updated, or the secret doesn't exist.
 # Args: name...
 function password_secret_deploy() {
     declare name
+    declare updated
     declare project
     declare secret
-    declare exists
     assert password_exists "$@"
     assert password_secret_is_specified "$@"
     while (($#)); do
         name="$1"; shift
-        project="${PASSWORD_SECRETS[$name]%%:*}"
-        secret="${PASSWORD_SECRETS[$name]#*:}"
-        exists=$(secret_exists "$project" "$secret")
-        if ! "$exists" || password_is_specified "$name"; then
+        updated=$(password_is_updated "$name")
+        if "$updated"; then
             # Get and cache the password in the current shell first
             password_get "$name" > /dev/null
             # Deploy the cached password
+            project="${PASSWORD_SECRETS[$name]%%:*}"
+            secret="${PASSWORD_SECRETS[$name]#*:}"
             password_get "$name" | secret_deploy "$project" "$secret"
         fi
     done

diff --git a/kcidb/cloud/psql.sh b/kcidb/cloud/psql.sh
@@ -75,6 +75,7 @@ function psql_instance_deploy() {
     declare -r name="$1"; shift
     declare -r viewer="$1"; shift
     declare exists
+    declare updated
 
     exists=$(psql_instance_exists "$project" "$name")
     if ! "$exists"; then
@@ -97,7 +98,8 @@ function psql_instance_deploy() {
 
     # Deploy the shared viewer user
     exists=$(psql_user_exists "$project" "$name" "$viewer")
-    if ! "$exists" || password_is_specified psql_viewer; then
+    updated=$(password_is_updated psql_viewer)
+    if ! "$exists" || "$updated"; then
         # Get and cache the password in the current shell first
         password_get psql_viewer >/dev/null
         # Create the user with the cached password
@@ -292,6 +294,7 @@ function psql_databases_deploy() {
     declare editor
     declare init
     declare exists
+    declare updated
 
     while (($#)); do
         database="$1"; shift
@@ -317,7 +320,8 @@ function psql_databases_deploy() {
 
         # Deploy the per-database editor user
         exists=$(psql_user_exists "$project" "$instance" "$editor")
-        if ! "$exists" || password_is_specified psql_editor; then
+        updated=$(password_is_updated psql_editor)
+        if ! "$exists" || "$updated"; then
             # Get and cache the password in the current shell first
             password_get psql_editor >/dev/null
             # Create the user with the cached password