change db password approach

deployment/deploy.sh

@@ -35,9 +35,12 @@ for NAMESPACE_DIR in `find $INSTANCES_DIR -type d -mindepth 1 -maxdepth 1`; do
     INSTANCE=`basename $INSTANCE_DIR`
     echo "Instance: $INSTANCE"
 
+    # set secret configuration from encrypted and decrypted file
+    VARIABLE_PREFIX=`echo "$NAMESPACE""_""$INSTANCE" | tr - _`
+
+    
     # set MQTT_PASSWORD as secret
-    MQTT_PASSWORD_VARIABLE="$NAMESPACE""_""$INSTANCE""_MQTT_PASSWORD"
+    MQTT_PASSWORD_VARIABLE=$VARIABLE_PREFIX"_MQTT_PASSWORD"
-    MQTT_PASSWORD_VARIABLE=`echo $MQTT_PASSWORD_VARIABLE | tr - _`
     MQTT_PASSWORD="${!MQTT_PASSWORD_VARIABLE}"
     # echo "MQTT_PASSWORD_VARIABLE: $MQTT_PASSWORD_VARIABLE"
     # echo "MQTT_PASSWORD: $MQTT_PASSWORD"
@@ -48,25 +51,15 @@ for NAMESPACE_DIR in `find $INSTANCES_DIR -type d -mindepth 1 -maxdepth 1`; do
       --save-config | \
       kubectl apply -f - -n $NAMESPACE
 
-    # set database configuration as secret
-    ## prepare configuration to access database to set udi database password
-    PGUSER=`kubectl get secret -n database timescaledb -o jsonpath="{.data.superuser-username}" | base64 -d`
-    PGHOST=`kubectl get services traefik -n system -o jsonpath="{.status.loadBalancer.ingress[0].ip}"`
-    PGPASSWORD=`kubectl get secret -n database timescaledb -o jsonpath="{.data.superuser-password}" | base64 -d`
-    PGSSLMODE=require
 
-    NEW_UDI_DB_LOGIN="udi""-""$NAMESPACE""-""$INSTANCE"
+    LOGIN_VARIABLE=$VARIABLE_PREFIX"_PGUSER"
-    NEW_UDI_DB_PASSWORD=`tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 32`
+    NEW_UDI_DB_LOGIN="${!LOGIN_VARIABLE}"
-    NEW_UDI_DB_DATABASE="udi""-""$NAMESPACE""-""$INSTANCE"
+    PASSWORD_VARIABLE=$VARIABLE_PREFIX"_PGDATABASE"
+    NEW_UDI_DB_PASSWORD="${!PASSWORD_VARIABLE}"
+    DATABASE_VARIABLE=$VARIABLE_PREFIX"_PGDATABASE"
+    NEW_UDI_DB_DATABASE="${!DATABASE_VARIABLE}"
     NEW_UDI_DB_HOST=timescaledb.database.svc.cluster.local
 
-    DATABASE_MASTER_POD=`kubectl get pods -n database -l app=StackGresCluster -l role=master -o jsonpath='{.items[0].metadata.name}'`
-    kubectl exec -i $DATABASE_MASTER_POD -c postgres-util -n database -- psql <<EOF
-    BEGIN;
-    ALTER USER "$NEW_UDI_DB_LOGIN" WITH PASSWORD '$NEW_UDI_DB_PASSWORD';
-    COMMIT;
-EOF
-
     kubectl create secret generic $INSTANCE-udi-db-cred \
       --dry-run=client \
       -o yaml \

deployment/secrets.enc

@@ -1,15 +1,34 @@
-U2FsdGVkX18F3lXFVDFOS8Q3iGZsIPmMr9CvSshg1t4VTJ8fVlJ6LbFwT3SD1x4a
+U2FsdGVkX1+v9CRp5LutINfnhA50Nwr9JvSomaQcLKASxmGuqlww0UvBr95u3Ton
-Z2IdRTWT8wPG7Y9w4c3xbfFZywsJbxyrY+i3Lh7qvpsj7CXiWGOahdj5Pqu1UE3g
+VFWFT+AlVKftqMXoXcWqcSDZ9dSc2iyBKJglxP1gfY6r+Rc5/FMMYt+blYexv8s3
-3PiMpmfyeHKn30hRhupO6jL7kzxJEV8uov/sUh7H+76/R1h5oBBxJEhCl9nPrrf8
+hXmfnzXBFJJsaFAIHaENJacmU2iI89A534WbCrt0yiq3ul4CznuhxCGCFcfUMZPh
-7QaxFeJzogjHu+szvkOM5WylE/PuPv53OGF+7+6R5rK5v25pWlIhuUPg3CKk1qBg
+/6a7wrZ9tIZmt87Z7lxjC765anBoCuoX3iGHw7AtSsBh38SnTARnhcuxEu3aSXJD
-Ice6q2j5vQe1u+wEdJbxsvbwIdAQC8r6flPuwUeMfLe/Myiuo7v03Re45XKVCQAx
+s+kGRzEmmFDD2vxW95MXkXkDceuzru4oPgWKiTvlvuZS5hER8JVLVZqGYVhsk/+Y
-H+i5Gh50KHqfoZliLeH0ShNSHPNh7zjuBF01o1/Y6KbKDga8G8FjGMn11kjkMCqX
+hZmHPn5wVGBbm/3/mPDm0rTnIVOhdXUqnEPGxz0m7h/0i6QvaKo9ylWscxIMoKp4
-KxdF6Fp1up02n4UTk0+m1ekEc2bk+NZ71xb/iBdsZtyK9POj2ZAuxrjxJZH2FzQ+
+IUKLqEPkULG8OnKzzkCZ3yfyHqUJNFq0KZA0FQXkCifkURGKo9EFz9rYrepGsL7C
-5lh/AgyH1LC8ms4KL5HjPLEIHQIkD/MJCnti/hQ7ZpoqFBRnTmRdv9w+pC/aXlmb
+A7TYBL3f5jHQAOmCob2tBp46sh2E4n8RhglAX6JynCdszd65U+DdwERloNlekg+I
-en6I8Mv82qe1sdVlyoiTAqL1flfUjd+yICUE04g/M9NPYidhc+FZrsqyeVfSJYOh
++x2Hx94ROYlvYELK1bdITATpijzCsHinfNJ3PHDz85SYh9JAA3ljdOUazoQaT8+n
-eDl4owAUjzJuDBkuFAX1PHwKglNcIx/rNaxF8ROSDyv59Qzzi84U3xmfm4JqGp2X
+R674SnVX7CR793KCgV0wulyHOkAvjkC26mCt4NaEsGW499vYSyzfpneJSx2WY/I2
-2DAMT2Du8fP/cpRrwWQNtFN7a0FxOnmhDO6SAZoDisEeWR3r+2KsnR6ztKWgGWHK
+MrMNW7IUGjHDZEdSQisGbs3WZd9sZdZFC858QTLKsXVy90lH41ih6SysxNXMSP6G
-uTsb/g8fwx/KH2RsPukmiX7s8aTWcS5DyADNF8VgWKa3BU1icDlku+gMCINyHA9k
+Hz7IHGAk2GhzuEj2NALE98hQ9I76T6POOhmREpTlJEkyHGujsW8N4+n5tOx1S2pR
-iLR7qzBDXzZPLXj+tm7DjLnZYe2w2Ih7A3ZWsNI6Fp7wFFfqH3TYEM38VZWpzQmz
+4Sm8Sl0zQYMHgJcGq/e+HTkCuQ6cuO0yAn2T1oJjwe2OA5OpReljGp6b/DjCY/P6
-gGa3vuIohn0Mt6JHeZ9zHc8wYruBhjeU16VHawP12jBSnFQnP/FeJq/WpUMW3YDY
+/J7hL8EpHa2OTUccSYWNNTfB8oz5oyOnvQTKc3GY6uNJYFfzNkLz9ZsxTi/t6Q3P
-c8jsXokMCKUNubnzsmeQgiL0721IfB6+KdiGMucZZkQ=
+WyxIVCR8dE6z3xPgZxq34K1W44TGsLI/r3DDgTMIhaXr1fcKO69AcAAXFehMqy9L
+Rygg8jQkOxTonSwHQA6MB8oVXfMjsTxKX7NnDHj6dndNRuUMCf5ulmfFCUg7jqxH
+rUL3XOb71mgUWRaI1NY4wOf6wM7NwsGDz+Uyp8LWC7XrOXJsWv6vPNQl/5W4nIRA
+jPYHRf1kC0ZmylB+R5CXh+kf2248iiBPS4fNdEWdj+95hCJ8eSaxu7ROtUt6ZtXO
+aN/0Y9UcU8isjXe7PJilqN8O0KCHHUk4lFlROD/FOkhiPfwoVBfJbObv+TWMB0ir
+pIxeklB1QQrxcxT/ozBi00Bp0Um03nJWU18WRY3lheO+ulEmb9HDvy/iedh2gGVG
+F7JVS68k+5Y8xi+MtcKY3Gm/bh89HjwNgJY7eH+SItpNGoZybbjJNawsd4HnQVS4
+nrtma0RYl3+y48Yf9pWPggKuZ0l7Glji4+dXasDVz7MKOhU9WotIFjmhyLhLkSa+
+tQvEqunAYK8lAXCB6Pgjb7V0AAroLSRR5FGcWaFWXkVYJPBqTopz16W1BgyTH2Bv
+EfYCGSJJXKwuo3jRgHWn/NM3WA25hespcDieKZKU6t50RHiExgySdI4daAM4Kj7X
+OOAIvH1mwOrPGAOpQGOBEaQbUfKcVl3rF0uHAvSy6UeEOFd9NUnb0FSCFcz79SNn
+Q0PkkvII3m9qvRFsKlf6OR6mm5IKARs/juzZxu8zHahJC3NbJ7NcTPMu9LGGrV3t
+vIifvLAsSMhqY2BC+FCVbEIErJa5UhOE6xFOUOi4RDpi4/vfBdCWRoijHQs6HSrk
+c/ihUIOxK580QqHjT4tY9UnwqEY/UlA44SInrSy+ZretWlzls0fLaPbhRv9VNi+v
+sJjAVcwE+56/lPN95599dB3/2PmdzC00BZBhZDQ9v5g/NzMJ/42PO4OWflL9R7Ix
+DVkV8kIuHlU8r+bMavAKDkURGaB/BnsZHLG2754WomcX7WElJYRK7CzlCKvTBGc7
+WvG7QdfUvQj+m0zZHVxf9K1ZK5nw31yM1Y2fOp91oNpgqYv01URpJYs9Ef25L0Nu
+Rj0Unpohunw2LQLp3k/zbSlTny/HmndcOflB4TNvV4nICW+hiU6eH7f/Xy3E+M2d
+2yOBnTfEJlJcLO/Q8ImH7Ex7b30Q+3elkSUlHCU0zTVVYmh3yQIouDvPAjy6Hy7v
+52Mwww/oSasugEQaUpkEFNfs3N0O/s1ngaErqAZtv+5Ab2FwftYTJ+q4lQY8yqRl