refactor password generation

2021-10-14 11:40:44 +02:00 · 2021-10-14 11:40:44 +02:00 · 513263bccb
commit 513263bccb
--- a/scripts/docker-entrypoint.sh
+++ b/scripts/docker-entrypoint.sh
@ -17,9 +17,19 @@ source /scripts/setup-pg_hba.sh
 # Function to add figlet
 figlet -t "Kartoza Docker PostGIS"

-POSTGRES_PASS=$(cat /tmp/PGPASSWORD.txt)
-echo -e "[Entrypoint] GENERATED Postgres  PASSWORD: \e[1;31m $POSTGRES_PASS"
-echo -e "\033[0m PGPASSWORD Generated above: "
+
+if [[ -f /tmp/PGPASSWORD.txt ]]; then
+  USER_CREDENTIAL_PASS=$(cat /tmp/PGPASSWORD.txt)
+  echo -e "[Entrypoint] GENERATED Postgres  PASSWORD: \e[1;31m $USER_CREDENTIAL_PASS"
+  echo -e "\033[0m PGPASSWORD Generated above: "
+fi
+
+if [[ -f /tmp/REPLPASSWORD.txt ]]; then
+  USER_CREDENTIAL_PASS=$(cat /tmp/REPLPASSWORD.txt)
+  echo -e "[Entrypoint] GENERATED Replication  PASSWORD: \e[1;31m $USER_CREDENTIAL_PASS"
+  echo -e "\033[0m Replication password Generated above: "
+fi
+

 if [[ -z "$REPLICATE_FROM" ]]; then
    # This means this is a master instance. We check that database exists
--- a/scripts/env-data.sh
+++ b/scripts/env-data.sh
@ -72,12 +72,26 @@ then
 fi
 }

+function generate_random_string() {
+  STRING_LENGTH=$1
+  random_pass_string=$(openssl rand -base64 ${STRING_LENGTH})
+  if [[ ! -f /scripts/.pass_${STRING_LENGTH}.txt ]]; then
+    echo ${random_pass_string} > /scripts/.pass_${STRING_LENGTH}.txt
+  fi
+  export RAND=$(cat /scripts/.pass_${STRING_LENGTH}.txt)
+}

 # Make sure we have a user set up
 if [ -z "${POSTGRES_USER}" ]; then
 	POSTGRES_USER=docker
 fi

+if [ -z "${POSTGRES_PASS}" ]; then
+  generate_random_string 20
+	POSTGRES_PASS=${RAND}
+	echo ${POSTGRES_PASS} >/tmp/PGPASSWORD.txt
+fi
+

 if [ -z "${POSTGRES_DBNAME}" ]; then
 	POSTGRES_DBNAME=gis
@ -251,6 +265,11 @@ if [ -z "${REPLICATION_USER}" ]; then
  REPLICATION_USER=replicator
 fi

+if [ -z "${REPLICATION_PASS}" ]; then
+  generate_random_string 22
+	REPLICATION_PASS=${RAND}
+	echo ${REPLICATION_PASS} >/tmp/REPLPASSWORD.txt
+fi

 if [ -z "$IGNORE_INIT_HOOK_LOCKFILE" ]; then
    IGNORE_INIT_HOOK_LOCKFILE=false
@ -380,27 +399,4 @@ until su - postgres -c "${PG_BASEBACKUP} -X stream -h ${REPLICATE_FROM} -p ${REP

 }

-function pg_password() {
-  SETUP_LOCKFILE="/settings/.pgpasspass.lock"
-  if [ -z "${POSTGRES_PASS}"  ] && [ ! -f ${SETUP_LOCKFILE} ]; then
-	  POSTGRES_PASS=$(openssl rand -base64 15)
-	  touch ${SETUP_LOCKFILE}
-	  echo "$POSTGRES_PASS" > /tmp/PGPASSWORD.txt
-	else
-	  echo "$POSTGRES_PASS" > /tmp/PGPASSWORD.txt
-  fi
-
-}
-
-function replication_password() {
-  SETUP_LOCKFILE="/settings/.replicationpass.lock"
-  if [ -z "${REPLICATION_PASS}"  ] && [ ! -f ${SETUP_LOCKFILE} ]; then
-	  REPLICATION_PASS=$(openssl rand -base64 15)
-	  touch ${SETUP_LOCKFILE}
-	  echo "$REPLICATION_PASS" > /tmp/REPLPASSWORD.txt
-	else
-	  echo "$REPLICATION_PASS" > /tmp/REPLPASSWORD.txt
-  fi
-
-}

--- a/scripts/setup-pg_hba.sh
+++ b/scripts/setup-pg_hba.sh
@ -7,8 +7,6 @@ if [ -f "${SETUP_LOCKFILE}" ]; then
 	return 0
 fi

-# Setup Postgresql password
-pg_password

 # This script will setup pg_hba.conf

--- a/scripts/setup-user.sh
+++ b/scripts/setup-user.sh
@ -16,8 +16,6 @@ source /scripts/env-data.sh
 # Slave database will just mirror from master users


-POSTGRES_PASS=$(cat /tmp/PGPASSWORD.txt)
-
 # Check user already exists
 echo "Creating superuser $POSTGRES_USER"
 RESULT=`su - postgres -c "psql postgres -t -c \"SELECT 1 FROM pg_roles WHERE rolname = '$POSTGRES_USER'\""`
@ -27,8 +25,6 @@ if [ -z "$RESULT" ]; then
 fi
 su - postgres -c "psql postgres -c \"$COMMAND USER $POSTGRES_USER WITH SUPERUSER ENCRYPTED PASSWORD '$POSTGRES_PASS';\""

-replication_password
-REPLICATION_PASS=$(cat /tmp/REPLPASSWORD.txt)

 echo "Creating replication user $REPLICATION_USER"
 RESULT_REPLICATION=`su - postgres -c "psql postgres -t -c \"SELECT 1 FROM pg_roles WHERE rolname = '$REPLICATION_USER'\""`