208 lines
5.8 KiB
Bash
Executable File
208 lines
5.8 KiB
Bash
Executable File
#! /usr/bin/env bash
|
|
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
|
USER_HOME=$HOME
|
|
[[ -n "${SUDO_USER}" ]] && USER_HOME="$(eval "echo ~${SUDO_USER}")"
|
|
. ${SHRC_D:-$SCRIPT_DIR}/01_util.functions
|
|
|
|
set -e
|
|
|
|
JSON=0
|
|
if [[ " $* " =~ " --help " ]]; then
|
|
cat <<USAGE
|
|
Usage:
|
|
./tcdbinfo.sh --help
|
|
sudo ./tcdbinfo.sh [--json|--cols=<columns>] [--force] [app1] [app...]
|
|
|
|
Description:
|
|
When running the script (as root) without any arguments, it will list
|
|
all TrueChart apps with database credential secrets.
|
|
|
|
The scope can be narrowed by passing app name arguments.
|
|
|
|
The FIRST argument, however, will affect the output:
|
|
--help - Display this usage text.
|
|
--json - Output all fields in JSON format
|
|
--cols=<columns> - Where <columns> can be empty, a preset name or
|
|
a comma delimited list of columns.
|
|
|
|
An empty string will show the default preset.
|
|
|
|
Presets:
|
|
default - The default preset
|
|
safe - Similar to the default, but without
|
|
the password column
|
|
debug - Full connection URL with password
|
|
masked with asterisks ('******')
|
|
|
|
Columns:
|
|
name - App name, preceding with ix-
|
|
raw_url - DB connection URL as it is stored
|
|
in kubernetes secrets.
|
|
This can only be used within the
|
|
same pod
|
|
url - Fully formed URL.
|
|
safeurl - Same as url, with password masked.
|
|
protocol - Connection protocol.
|
|
username - DB Username
|
|
password - Password
|
|
pwd_len - Password length
|
|
host - Hostname
|
|
port - Conection Port
|
|
dbname - DB name
|
|
|
|
When '--cols' is not specified, default behavious can be overridden
|
|
by exporting the TCDBCOLS envrionment variable.
|
|
|
|
--cols takes presedence, and overrides any behavior dictated by the
|
|
environment variable
|
|
|
|
USAGE
|
|
exit 0
|
|
fi
|
|
|
|
ARGS=()
|
|
ARGS_MODE=1
|
|
ALL=0
|
|
while [[ -n "$1" ]]; do
|
|
if [[ "$ARGS_MODE" -eq 1 && "$1" =~ ^-- ]]; then
|
|
case "$1" in
|
|
"--json")
|
|
JSON=1
|
|
;;
|
|
"--cols"*)
|
|
[[ "$1" =~ ^--cols= ]] || shift
|
|
TCDBCOLS="${1#--cols=}"
|
|
;;
|
|
"--force")
|
|
ALL=1
|
|
;;
|
|
"--")
|
|
ARGS_MODE='--'
|
|
;;
|
|
*)
|
|
ARGS=("${ARGS[@]}" "$1")
|
|
esac
|
|
else
|
|
ARGS=("${ARGS[@]}" "$1")
|
|
fi
|
|
shift
|
|
done
|
|
|
|
TCDBCOLS="${TCDBCOLS:-default}"
|
|
case "$TCDBCOLS" in
|
|
'default' )
|
|
TCDBCOLS='name,protocol,username,password,pwd_len,host,port,dbname'
|
|
;;
|
|
'safe' )
|
|
TCDBCOLS='name,protocol,username,pwd_len,host,port,dbname'
|
|
;;
|
|
'debug' )
|
|
TCDBCOLS='name,safeurl'
|
|
;;
|
|
esac
|
|
|
|
require_root
|
|
|
|
QUERY_NAMESPACE=' -A'
|
|
[[ ${#ARGS[@]} -eq 0 ]] || QUERY_NAMESPACE=$( printf -- ' --namespace=ix-%s' "${ARGS[@]}" )
|
|
|
|
jqcode='
|
|
.items[] | select(.metadata.name|test("(dbcreds|cnpg-main-urls|-superuser)$$"))
|
|
| {
|
|
"name": .metadata.namespace,
|
|
"app": (
|
|
if .metadata.labels."app.kubernetes.io/instance" != null then
|
|
.metadata.labels."app.kubernetes.io/instance"
|
|
else
|
|
.metadata.labels."cnpg.io/cluster"
|
|
end
|
|
),
|
|
"url": (
|
|
if .data.url != null then
|
|
.data.url | @base64d
|
|
elif .data.std != null then
|
|
.data.std | @base64d
|
|
else {
|
|
"protocol": "",
|
|
"username": .data.username | @base64d,
|
|
"password": .data.password | @base64d,
|
|
"passwordlen": .data.password | @base64d | length,
|
|
"host": "",
|
|
"port": "",
|
|
"dbname": ""
|
|
} end)
|
|
,"raw": .
|
|
} | {
|
|
"name": .name,
|
|
"app": .app,
|
|
"url": (
|
|
if (.url|type) == "object" then
|
|
""
|
|
else
|
|
.url
|
|
end
|
|
),
|
|
"data": (
|
|
if (.url|type) == "object" then
|
|
.url
|
|
else
|
|
.url |
|
|
match("(.*)://(.+):(.+)@([^:]+)(:(\\d+))?/(.*)$") | .captures | {
|
|
"protocol": .[0].string,
|
|
"username": .[1].string,
|
|
"password": .[2].string,
|
|
"passwordlen": .[2].string | length,
|
|
"host": .[3].string,
|
|
"safeport": .[4].string,
|
|
"port": .[5].string,
|
|
"dbname": .[6].string,
|
|
}
|
|
end
|
|
)
|
|
} | {
|
|
"name": .name,
|
|
"raw_url": .url,
|
|
"url": "\(.data.protocol)://\(.data.username)@\(.data.password):\(.data.host).\(.name).svc.cluster.local\(.data.safeport)/\(.data.dbname)",
|
|
"safeurl": "\(.data.protocol)://\(.data.username)@*******:\(.data.host).\(.name).svc.cluster.local\(.data.safeport)/\(.data.dbname)",
|
|
"protocol": .data.protocol,
|
|
"username": .data.username,
|
|
"password": .data.password,
|
|
"pwd_len": .data.passwordlen,
|
|
"host": "\(.data.host).\(.name).svc.cluster.local",
|
|
"port": .data.port,
|
|
"dbname": .data.dbname
|
|
}
|
|
'
|
|
|
|
[[ "$ALL" -eq 1 ]] || jqcode="$jqcode | select( .raw_url != \"\" )"
|
|
|
|
json_results=$(
|
|
<<<"${QUERY_NAMESPACE}" \
|
|
xargs -n1 k3s kubectl \
|
|
get secrets \
|
|
--output json \
|
|
| jq "$jqcode"
|
|
)
|
|
|
|
[[ "$JSON" -eq 1 ]] && echo "$json_results" && exit 0
|
|
|
|
JQ_COLS="[$( <<<"\"$TCDBCOLS\"" \
|
|
jq -r '. | split(",") | map( "\"\(.)\"" ) | join(",")'
|
|
)]"
|
|
JQ_COLS_REGEX="$( <<<"$JQ_COLS" \
|
|
jq -r '. | map ( ".\(.)" ) | join(",")'
|
|
)"
|
|
|
|
[[ -z "$NOHEAD" ]] || JQ_COLS=
|
|
|
|
jqcode='
|
|
['"${JQ_COLS^^}"'] + [.[] |
|
|
['"$JQ_COLS_REGEX"']
|
|
] | .[] | join("|")
|
|
'
|
|
|
|
<<<"$json_results" jq -s '.' | jq -r "$jqcode" | column -t -s "|"
|
|
|
|
exit 0
|
|
|