Modified tcdbinfo to extract superadmin credentials

This commit is contained in:
Lockszmith 2023-08-27 15:00:11 -04:00
parent c78ed8c081
commit c76c8b2517
1 changed files with 83 additions and 27 deletions

View File

@ -7,12 +7,11 @@ USER_HOME=$HOME
set -e set -e
JSON=0 JSON=0
if [[ $# -gt 0 && "$1" =~ ^-- ]]; then if [[ " $* " =~ " --help " ]]; then
if [[ "$1" == "--help" ]]; then
cat <<USAGE cat <<USAGE
Usage: Usage:
./tcdbinfo.sh --help ./tcdbinfo.sh --help
sudo ./tcdbinfo.sh [--json|--cols=<columns>] [app1] [app...] sudo ./tcdbinfo.sh [--json|--cols=<columns>] [--force] [app1] [app...]
Description: Description:
When running the script (as root) without any arguments, it will list When running the script (as root) without any arguments, it will list
@ -59,14 +58,36 @@ Description:
USAGE USAGE
exit 0 exit 0
elif [[ "$1" == "--json" ]]; then fi
ARGS=()
ARGS_MODE=1
ALL=0
while [[ -n "$1" ]]; do
if [[ "$ARGS_MODE" -eq 1 && "$1" =~ ^-- ]]; then
case "$1" in
"--json")
JSON=1 JSON=1
elif [[ "$1" =~ ^--cols ]]; then ;;
"--cols"*)
[[ "$1" =~ ^--cols= ]] || shift [[ "$1" =~ ^--cols= ]] || shift
TCDBCOLS="${1#--cols=}" TCDBCOLS="${1#--cols=}"
;;
"--force")
ALL=1
;;
"--")
ARGS_MODE='--'
;;
*)
ARGS=("${ARGS[@]}" "$1")
esac
else
ARGS=("${ARGS[@]}" "$1")
fi fi
shift shift
fi done
TCDBCOLS="${TCDBCOLS:-default}" TCDBCOLS="${TCDBCOLS:-default}"
case "$TCDBCOLS" in case "$TCDBCOLS" in
'default' ) 'default' )
@ -83,17 +104,49 @@ esac
require_root require_root
QUERY_NAMESPACE=' -A' QUERY_NAMESPACE=' -A'
[[ $# -eq 0 ]] || QUERY_NAMESPACE=$( printf -- ' --namespace=ix-%s' "${@}" ) [[ ${#ARGS[@]} -eq 0 ]] || QUERY_NAMESPACE=$( printf -- ' --namespace=ix-%s' "${ARGS[@]}" )
jqcode=' jqcode='
.items[] | select(.metadata.name|test("(dbcreds|cnpg-main-urls)$$")) .items[] | select(.metadata.name|test("(dbcreds|cnpg-main-urls|-superuser)$$"))
| { | {
"name": .metadata.namespace, "name": .metadata.namespace,
"app": .metadata.labels."app.kubernetes.io/instance", "app": (
"url": (if .data.url != null then .data.url else .data.std end) | @base64d, if .metadata.labels."app.kubernetes.io/instance" != null then
.metadata.labels."app.kubernetes.io/instance"
else
.metadata.labels."cnpg.io/cluster"
end
),
"url": (
if .data.url != null then
.data.url | @base64d
elif .data.std != null then
.data.std | @base64d
else {
"protocol": "",
"username": .data.username | @base64d,
"password": .data.password | @base64d,
"passwordlen": .data.password | @base64d | length,
"host": "",
"port": "",
"dbname": ""
} end)
,"raw": .
} | {
"name": .name,
"app": .app,
"url": (
if (.url|type) == "object" then
""
else
.url
end
),
"data": ( "data": (
(if .data.url != null then .data.url else .data.std end) | if (.url|type) == "object" then
@base64d | .url
else
.url |
match("(.*)://(.+):(.+)@([^:]+)(:(\\d+))?/(.*)$") | .captures | { match("(.*)://(.+):(.+)@([^:]+)(:(\\d+))?/(.*)$") | .captures | {
"protocol": .[0].string, "protocol": .[0].string,
"username": .[1].string, "username": .[1].string,
@ -104,6 +157,7 @@ jqcode='
"port": .[5].string, "port": .[5].string,
"dbname": .[6].string, "dbname": .[6].string,
} }
end
) )
} | { } | {
"name": .name, "name": .name,
@ -120,6 +174,8 @@ jqcode='
} }
' '
[[ "$ALL" -eq 1 ]] || jqcode="$jqcode | select( .raw_url != \"\" )"
json_results=$( json_results=$(
<<<"${QUERY_NAMESPACE}" \ <<<"${QUERY_NAMESPACE}" \
xargs -n1 k3s kubectl \ xargs -n1 k3s kubectl \