Skip to content

Commit

Permalink
cloud: Remember password updates
Browse files Browse the repository at this point in the history
  • Loading branch information
spbnick committed Jan 20, 2024
1 parent 1090452 commit 1d48b80
Showing 1 changed file with 14 additions and 2 deletions.
16 changes: 14 additions & 2 deletions kcidb/cloud/password.sh
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@ declare -A PASSWORD_FILES=()
# A map of password names and their strings
declare -A PASSWORD_STRINGS=()

# A map of password names and their update status
declare -A PASSWORD_UPDATED=()

# Check that every specified password exists.
# Args: name...
function password_exists() {
Expand Down Expand Up @@ -91,6 +94,7 @@ function password_get() {
else
password=$(<"$password_file")
fi
PASSWORD_UPDATED[$name]="true"
# If secret exists
elif "$password_secret_exists"; then
password=$(
Expand All @@ -99,9 +103,11 @@ function password_get() {
# If can be generated
elif "$password_generate"; then
password=$(dd if=/dev/random bs=32 count=1 status=none | base64)
PASSWORD_UPDATED[$name]="true"
# Else read from user
else
password=$(password_input "$name")
PASSWORD_UPDATED[$name]="true"
fi

PASSWORD_STRINGS[$name]="$password"
Expand Down Expand Up @@ -226,8 +232,7 @@ function password_is_specified() {
return 0
}

# Check if any of the passwords with specified names are (going to be) updated
# (specified on the command line, or missing).
# Check if any of the passwords with specified names are (to be) updated.
# Args: name...
# Output: "true" if all secrets exists, "false" otherwise.
function password_is_updated() {
Expand All @@ -236,13 +241,20 @@ function password_is_updated() {
assert password_exists "$@"
while (($#)); do
name="$1"; shift
# If the password was updated
if "${PASSWORD_UPDATED[$name]:-false}"; then
echo true
return
fi
# If the password is going to be read from a file
if password_is_specified "$name"; then
echo true
return
fi
if password_secret_is_specified "$name"; then
secret_exists="$(password_secret_exists "$name")"
if "$secret_exists"; then
# We're going to use the password's secret
continue
fi
fi
Expand Down

0 comments on commit 1d48b80

Please sign in to comment.