fix(restic): make user management more robust

martinohmann · Nov 18, 2024 · 8c31a02 · 8c31a02
1 parent d3b8e32
commit 8c31a02
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 3 deletions.
diff --git a/kubernetes/storage/apps/default/restic/app/resources/init.sh b/kubernetes/storage/apps/default/restic/app/resources/init.sh
@@ -11,6 +11,15 @@ trap 'rm -f "$temp_file"' EXIT INT
 chmod 0600 "$temp_file"
 
 while IFS=':' read -r username password; do
+  if [ -z "$username" ]; then
+    continue
+  fi
+
+  if [ -z "$password" ]; then
+    echo "Warning: ignoring user $username due to empty password" >&2
+    continue
+  fi
+
   htpasswd -B -b "$temp_file" "$username" "$password"
 done < "$users_file"
 

diff --git a/kubernetes/storage/apps/default/restic/app/secret.sops.yaml b/kubernetes/storage/apps/default/restic/app/secret.sops.yaml
@@ -3,7 +3,8 @@ kind: Secret
 metadata:
     name: restic-users
 stringData:
-    users: ENC[AES256_GCM,data:s/a6QJ6M2XmDUvr9EouvcD5khwGz4GxGcueSN0+kV1E=,iv:rdj9osshb3uEYAhl0JKHno0pDFZQR6cUCMEOWlhToxk=,tag:RpWgg67GzUO1zcwUTNGLhg==,type:str]
+    #ENC[AES256_GCM,data:tK3SRy7ra+58yK8x91U9iB1afaaDSev5eNsH4P4WsfHkey4wf/ucZP7rN2dbUwlu0Ipm7A6VNrGk4W4ktoB1wufftUvDtpJv3g==,iv:FhOrwSwHffQPYkLwi6N95ckCFdbVlKiwTGaJ9einFRs=,tag:e0JyKYZUCx6d2wcyZ3eumg==,type:comment]
+    users: ENC[AES256_GCM,data:QFUGyBjMU+TrFmrc/iP8pkderG+Zu7sDKPx0HAxBy8ly,iv:uBTx0rPTRV27FWJq0VqEaEW/aZwCdebWJmVr/9LB/ZY=,tag:6GikSqsb51/W2jTa4VDCcA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -19,8 +20,8 @@ sops:
             UFhCSExBK2w5K04xMnNtWXhGUjZ1S3cK4txYg7g9D/lMwEJe27w6GjRZ4od97VgB
             DRRngPR7fiZb+ev1CWEjrIkpPPi7lcT/E9NQldS8RTeOoUQgfXo4Dg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-18T19:27:50Z"
-    mac: ENC[AES256_GCM,data:uWGMo2kbCfqrPCAUElYfEPRJdFwSrgmUuiZYBXPoxjVhyuQaYXn1iVDR8Po1Hilh7sbwUcLpNjwQ2Q5dCSQSm1NzCfFLLyqGT2+msUzoPfynPZ8CLN3AhdgJJxjOnD/7oonJmakWMa1Gc0PfV3TckShDTeyJsYYu/xZ87/llgnY=,iv:LJdA2VC8R5H2QGsmNOU3TGxkQ6KlPQ/O8X7zEnGHlUQ=,tag:dktmYp7B5+govHXfe+1MxA==,type:str]
+    lastmodified: "2024-11-18T19:57:26Z"
+    mac: ENC[AES256_GCM,data:5C5U+RH7+C03hA9XsUYcqJhFsxoMTH9JLGDYMk26AsJfoV0QkUYIZP0cjKzB/vvfOo6eWmQTpEa34wf7ol5/J9PosBHoZj4W6tcXZ3nnvNj1ZCAyqnKoGLQ+V4VYxnLq0Av9ivHB6a319kEt2GrzAslKwrfjDwtJ74ukprXHtP0=,iv:VEFCTOdIyils2yao4MkBUWIUNaKiMxOktmKvEcXa+Pk=,tag:qR55mtUzcvAYJsqZw8d1Tg==,type:str]
     pgp: []
     encrypted_regex: ^(data|stringData)$
     version: 3.9.1