Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add code to encode,decode opensearch and postgres passwords #8783

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add code to encode,decode opensearch and postgres passwords #8783

wants to merge 2 commits into from
+337 βˆ’20

Conversation

rensycthomas
Copy link
Collaborator

@rensycthomas rensycthomas commented Feb 10, 2025
edited
Loading

πŸ”© Description: What code changed, and why?

⛓️ Related Resources

πŸ‘ Definition of Done

πŸ‘Ÿ How to Build and Test the Change

βœ… Checklist

All PRs must tick these:

With occasional exceptions, all PRs from Progress employees must tick these:

  • Is the code clear? (complicated code or lots of comments--subdivide and use well-named methods, meaningful variable names, etc.)
  • Consistency checked? (user notifications, user prompts, visual patterns, code patterns, variable names)
  • Repeated code blocks eliminated? (adapt and reuse existing components, blocks, functions, etc.)
  • Spelling, grammar, typos checked? (at a minimum use make spell in any component directory)
  • Code well-formatted? (indents, line breaks, etc. improve rather than hinder readability)

All PRs from Progress employees should tick these if appropriate:

  • Tests added/updated? (all new code needs new tests)
  • Docs added/updated? (all customer-facing changes)

Please add a note next to any checkbox above if you are NOT ticking it.

πŸ“· Screenshots, if applicable

Recording is attached in https://progresssoftware.atlassian.net/browse/CHEF-17454

@netlify Netlify
Copy link

netlify bot commented Feb 10, 2025
edited
Loading

πŸ‘· Deploy Preview for chef-automate processing.

Name Link
πŸ”¨ Latest commit c30e277
πŸ” Latest deploy log https://app.netlify.com/sites/chef-automate/deploys/67aeda2c4da26d000874770d

vivekshankar1
vivekshankar1 reviewed Feb 11, 2025
View reviewed changes
components/automate-cli/cmd/chef-automate/pullAndGenerateConfig.go Outdated
Comment on lines 724 to 768
func (p *PullConfigsImpl) getAwsOSPassword() (string, error) {
for _, ip := range p.infra.Outputs.AutomatePrivateIps.Value {
if stringutils.SliceContains(p.exceptionIps, ip) {
continue
}
p.sshUtil.getSSHConfig().hostIP = ip
rawOutput, err := p.sshUtil.connectAndExecuteCommandOnRemote(GET_AWS_OS_PASSWORD, true)
if err != nil {
return "", err
}
return strings.TrimSpace(rawOutput), nil
}
return "", nil

}

func (p *PullConfigsImpl) getPGSuperUserPassword() (string, error) {
for _, ip := range p.infra.Outputs.AutomatePrivateIps.Value {
if stringutils.SliceContains(p.exceptionIps, ip) {
continue
}
p.sshUtil.getSSHConfig().hostIP = ip
rawOutput, err := p.sshUtil.connectAndExecuteCommandOnRemote(GET_PG_SUPERUSER_PASSWORD, true)
if err != nil {
return "", err
}
return strings.TrimSpace(rawOutput), nil
}
return "", nil

}

func (p *PullConfigsImpl) getPGDBUserPassword() (string, error) {
for _, ip := range p.infra.Outputs.AutomatePrivateIps.Value {
if stringutils.SliceContains(p.exceptionIps, ip) {
continue
}
p.sshUtil.getSSHConfig().hostIP = ip
rawOutput, err := p.sshUtil.connectAndExecuteCommandOnRemote(GET_PG_DBUSER_PASSWORD, true)
if err != nil {
return "", err
}
return strings.TrimSpace(rawOutput), nil
}
return "", nil
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Repeatative functions can be reused

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

vivekshankar1
vivekshankar1 reviewed Feb 12, 2025
View reviewed changes
terraform/a2ha-terraform/modules/automate/templates/provision.sh.tpl Outdated
@@ -392,7 +392,7 @@ if [ -e "/hab/user/deployment-service/config/user.toml" ]; then
chef-automate upgrade run --airgap-bundle ${frontend_aib_file}

wait_for_upgrade

chef-automate decode-password /etc/chef-automate/config.toml
Copy link
Collaborator

@vivekshankar1 vivekshankar1 Feb 12, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we keep this path in a variable

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@rensycthomas rensycthomas force-pushed the rt/CHEF-16680_encrypt_decrypt_os_pg_passwords branch from 0a0d3e0 to 843c55c Compare February 13, 2025 18:08
@rensycthomas rensycthomas force-pushed the rt/CHEF-16680_encrypt_decrypt_os_pg_passwords branch from 843c55c to c3a48eb Compare February 13, 2025 18:26
@sonarqube-for-infrastructure-prod SonarQube for Infrastructure (Prod)
Copy link

Quality Gate failed Quality Gate failed

Failed conditions
5 New issues
0.0% Coverage on New Code (required β‰₯ 80%)
10.7% Duplication on New Code (required ≀ 3%)

See analysis details on SonarQube

Catch issues before they fail your Quality Gate with our IDE extension SonarLint SonarLint

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@punitmundra punitmundra punitmundra approved these changes

@vivekshankar1 vivekshankar1 vivekshankar1 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rensycthomas @punitmundra @vivekshankar1