Add code to encode and decode os and pg passwords in case of fresh de…

…ployment Signed-off-by: Rensy Thomas <[email protected]>
chef · Jan 27, 2025 · 43d7dd5 · 43d7dd5
1 parent c6af60f
commit 43d7dd5
Show file tree

Hide file tree

Showing 6 changed files with 55 additions and 78 deletions.
diff --git a/components/automate-backend-deployment/README.md b/components/automate-backend-deployment/README.md
@@ -4,4 +4,4 @@ This provides the `automate-backend-deployment` package.
 
 This package will build a package using terraform/a2ha-terraform, inspecs, test, certs and Makefile.
 
-This is the heart of the a2ha because this component will set up a workspace for a2ha and all the a2ha command will get available after installing this package.
+This is the heart of the a2ha because this component will set up a workspace for a2ha and all the a2ha command will get available after installing this package.
diff --git a/components/automate-cli/cmd/chef-automate/decode_password.go b/components/automate-cli/cmd/chef-automate/decode_password.go
@@ -12,41 +12,28 @@ import (
 
 var decodePasswordCmdFlags = struct {
 	config string
-	overwrite bool
-	updatedConfig string
 }{}
 
-func newDecodePasswordCmd() *cobra.Command {
-    decodePasswordCmd := &cobra.Command{
-		Use:   "decodePassword [/path/to/config.toml]",
-		Short: "Decodes the password fields",
-		Long:  "Decodes the password fields in the specified config.toml file",
-		RunE:  runDecodePasswordCmd,
-		Args:  cobra.ExactArgs(1),
-		Hidden: true,
-		Annotations: map[string]string{
-			docs.Tag: docs.BastionHost,
-		},
-	}
-    decodePasswordCmd.PersistentFlags().StringVarP(
+func init() {
+	RootCmd.AddCommand(decodePasswordCmd)
+	decodePasswordCmd.PersistentFlags().StringVarP(
 		&decodePasswordCmdFlags.config,
 		"config",
 		"c",
 		"",
 		"Config file that needs to be updated with decoded passwords")
-
-	decodePasswordCmd.Flags().BoolVarP(
-		&encodePasswordCmdFlags.overwrite,
-		"overwrite",
-		"o",
-		false,
-		"Overwrite existing config file with the decoded password",
-	)
-	return decodePasswordCmd
 }
 
-func init() {
-	RootCmd.AddCommand(newDecodePasswordCmd())
+var decodePasswordCmd = &cobra.Command{
+	Use:    "decode-password [/path/to/config.toml]",
+	Short:  "Decodes the password fields",
+	Long:   "Decodes the password fields in the specified config.toml file",
+	RunE:   runDecodePasswordCmd,
+	Args:   cobra.ExactArgs(1),
+	Hidden: true,
+	Annotations: map[string]string{
+		docs.Tag: docs.BastionHost,
+	},
 }
 
 func runDecodePasswordCmd(cmd *cobra.Command, args []string) error {
@@ -68,7 +55,7 @@ func runDecodePasswordCmd(cmd *cobra.Command, args []string) error {
 								superUserPswd, decErr := base64.StdEncoding.DecodeString(superUserPassword)
 								if decErr != nil {
 									return decErr
-								 }
+								}
 								config.Global.V1.External.Postgresql.Auth.Password.Superuser.Password.Value = string(superUserPswd)
 							}
 						}
@@ -78,7 +65,7 @@ func runDecodePasswordCmd(cmd *cobra.Command, args []string) error {
 								dbUserPswd, decErr := base64.StdEncoding.DecodeString(dbUserPassword)
 								if decErr != nil {
 									return decErr
-								 }
+								}
 								config.Global.V1.External.Postgresql.Auth.Password.Dbuser.Password.Value = string(dbUserPswd)
 							}
 						}
@@ -89,14 +76,14 @@ func runDecodePasswordCmd(cmd *cobra.Command, args []string) error {
 							userPswd, decErr := base64.StdEncoding.DecodeString(userPassword)
 							if decErr != nil {
 								return decErr
-							 }
+							}
 							config.Global.V1.External.Opensearch.Auth.BasicAuth.Password.Value = string(userPswd)
 						}
 					}
 					_, err := fileutils.CreateTomlFileFromConfig(&config, configFile)
-		            if err != nil {
-			           return err
-		            }
+					if err != nil {
+						return err
+					}
 
 				}
 			}

diff --git a/components/automate-cli/cmd/chef-automate/decode_password_test.go b/components/automate-cli/cmd/chef-automate/decode_password_test.go
@@ -9,13 +9,13 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-	func TestRunDecodePasswordCmd(t *testing.T) {
-		runDecodePasswordCmd(cmd, []string{CONFIG_PATH + "/config_externaldb.toml"})
-		tomlbyte, _ := fileutils.ReadFile(CONFIG_PATH + "/config_externaldb.toml")
-		configString := string(tomlbyte)
-		var config dc.AutomateConfig
-		toml.Decode(configString, &config)
-		assert.Equal(t, "admin", config.Global.V1.External.Opensearch.Auth.BasicAuth.Password.Value)
-		assert.Equal(t, "admin", config.Global.V1.External.Postgresql.Auth.Password.Superuser.Password.Value)
-		assert.Equal(t, "admin", config.Global.V1.External.Postgresql.Auth.Password.Dbuser.Password.Value)
-	}
+func TestRunDecodePasswordCmd(t *testing.T) {
+	runDecodePasswordCmd(cmd, []string{CONFIG_PATH + "/config_externaldb.toml"})
+	tomlbyte, _ := fileutils.ReadFile(CONFIG_PATH + "/config_externaldb.toml")
+	configString := string(tomlbyte)
+	var config dc.AutomateConfig
+	toml.Decode(configString, &config)
+	assert.Equal(t, "admin", config.Global.V1.External.Opensearch.Auth.BasicAuth.Password.Value)
+	assert.Equal(t, "admin", config.Global.V1.External.Postgresql.Auth.Password.Superuser.Password.Value)
+	assert.Equal(t, "admin", config.Global.V1.External.Postgresql.Auth.Password.Dbuser.Password.Value)
+}
diff --git a/components/automate-cli/cmd/chef-automate/encode_password.go b/components/automate-cli/cmd/chef-automate/encode_password.go
@@ -12,41 +12,29 @@ import (
 
 var encodePasswordCmdFlags = struct {
 	config string
-	overwrite bool
-	updatedConfig string
 }{}
 
-func newEncodePasswordCmd() *cobra.Command {
-    encodePasswordCmd := &cobra.Command{
-		Use:   "encodePassword [/path/to/config.toml]",
-		Short: "Encodes the password fields",
-		Long:  "Encodes the password fields in the specified config.toml file",
-		RunE:  runEncodePasswordCmd,
-		Args:  cobra.ExactArgs(1),
-		Hidden: true,
-		Annotations: map[string]string{
-			docs.Tag: docs.BastionHost,
-		},
-	}
-    encodePasswordCmd.PersistentFlags().StringVarP(
+var encodePasswordCmd = &cobra.Command{
+	Use:    "encode-password [/path/to/config.toml]",
+	Short:  "Encodes the password fields",
+	Long:   "Encodes the password fields in the specified config.toml file",
+	RunE:   runEncodePasswordCmd,
+	Args:   cobra.ExactArgs(1),
+	Hidden: true,
+	Annotations: map[string]string{
+		docs.Tag: docs.BastionHost,
+	},
+}
+
+func init() {
+	RootCmd.AddCommand(encodePasswordCmd)
+	encodePasswordCmd.PersistentFlags().StringVarP(
 		&encodePasswordCmdFlags.config,
 		"config",
 		"c",
 		"",
 		"Config file that needs to be updated with encoded passwords")
 
-	encodePasswordCmd.Flags().BoolVarP(
-		&encodePasswordCmdFlags.overwrite,
-		"overwrite",
-		"o",
-		false,
-		"Overwrite existing config file with the encoded password",
-	)
-	return encodePasswordCmd
-}
-
-func init() {
-	RootCmd.AddCommand(newEncodePasswordCmd())
 }
 
 func runEncodePasswordCmd(cmd *cobra.Command, args []string) error {
@@ -85,9 +73,9 @@ func runEncodePasswordCmd(cmd *cobra.Command, args []string) error {
 						}
 					}
 					_, err := fileutils.CreateTomlFileFromConfig(&config, configFile)
-		            if err != nil {
-			           return err
-		            }
+					if err != nil {
+						return err
+					}
 
 				}
 			}

diff --git a/components/automate-cli/cmd/chef-automate/encode_password_test.go b/components/automate-cli/cmd/chef-automate/encode_password_test.go
@@ -9,17 +9,19 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/stretchr/testify/assert"
 )
+
 const CONFIG_PATH = "../../pkg/testfiles/onprem"
+
 var cmd = &cobra.Command{}
 
 func TestRunEncodePasswordCmd(t *testing.T) {
 	runEncodePasswordCmd(cmd, []string{CONFIG_PATH + "/config_externaldb.toml"})
-    tomlbyte, _ := fileutils.ReadFile(CONFIG_PATH + "/config_externaldb.toml")
+	tomlbyte, _ := fileutils.ReadFile(CONFIG_PATH + "/config_externaldb.toml")
 	configString := string(tomlbyte)
 	var config dc.AutomateConfig
-    toml.Decode(configString, &config)
+	toml.Decode(configString, &config)
 	assert.Equal(t, "YWRtaW4=", config.Global.V1.External.Opensearch.Auth.BasicAuth.Password.Value)
 	assert.Equal(t, "YWRtaW4=", config.Global.V1.External.Postgresql.Auth.Password.Superuser.Password.Value)
 	assert.Equal(t, "YWRtaW4=", config.Global.V1.External.Postgresql.Auth.Password.Dbuser.Password.Value)
 	runDecodePasswordCmd(cmd, []string{CONFIG_PATH + "/config_externaldb.toml"})
-}
+}
diff --git a/terraform/a2ha-terraform/modules/automate/templates/provision.sh.tpl b/terraform/a2ha-terraform/modules/automate/templates/provision.sh.tpl
@@ -392,9 +392,9 @@ else
   # Skip checks for the hab user as we create and manage that separately.
   # Fixes issues when the hab user/group is setup via LDAP in nsswitch configs.
   export CHEF_AUTOMATE_SKIP_HAB_USER=true
-  chef-automate decodePassword /etc/chef-automate/config.toml
+  chef-automate decode-password /etc/chef-automate/config.toml
   chef-automate deploy /etc/chef-automate/config.toml $DEPLOY_BUNDLES --accept-terms-and-mlsa | grep --line-buffered -v "\┤\|\┘\|\└\|\┴\|\├\|\┌\|\┬\|\┴\|\┐"
-  chef-automate encodePassword /etc/chef-automate/config.toml
+  chef-automate encode-password /etc/chef-automate/config.toml
 fi
 
 create_bootstrap_bundle
Original file line number	Diff line number	Diff line change
Expand Up		@@ -4,4 +4,4 @@ This provides the `automate-backend-deployment` package.

		This package will build a package using terraform/a2ha-terraform, inspecs, test, certs and Makefile.

		This is the heart of the a2ha because this component will set up a workspace for a2ha and all the a2ha command will get available after installing this package.
		This is the heart of the a2ha because this component will set up a workspace for a2ha and all the a2ha command will get available after installing this package.