-
Notifications
You must be signed in to change notification settings - Fork 14
/
htpasswd.sh
103 lines (79 loc) · 2.34 KB
/
htpasswd.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#!/bin/bash
DEFAULT_HTPASSWD=scratch/htpasswd-local
htpasswd_add_user(){
USER=${1:-admin}
PASS=${2:-$(genpass)}
HTPASSWD_FILE=${3:-${DEFAULT_HTPASSWD}}
echo "
USERNAME: ${USER}
PASSWORD: ${PASS}
FILENAME: ${HTPASSWD_FILE}
PASSWORDS: ${HTPASSWD_FILE}.txt
"
touch "${HTPASSWD_FILE}" "${HTPASSWD_FILE}".txt
sed -i '/# '"${USER}"'/d' "${HTPASSWD_FILE}".txt
echo "# ${USER} - ${PASS}" >> "${HTPASSWD_FILE}.txt"
if which htpasswd >/dev/null 2>&1; then
echo "using local htpasswd..."
htpasswd -b -B -C10 "${HTPASSWD_FILE}" "${USER}" "${PASS}"
else
echo "using oc to run pod..."
oc run \
--image httpd \
-q --rm -i minion -- /bin/sh -c 'sleep 2; htpasswd -n -b -B -C10 '"${USER}"' '"${PASS}"'' > "${HTPASSWD_FILE}" 2>/dev/null
fi
}
htpasswd_ocp_get_file(){
HTPASSWD_FILE=${1:-${DEFAULT_HTPASSWD}}
HTPASSWD_NAME=$(basename "${HTPASSWD_FILE}")
oc -n openshift-config \
get secret/"${HTPASSWD_NAME}" > /dev/null 2>&1 || return 1
oc -n openshift-config \
extract secret/"${HTPASSWD_NAME}" \
--keys=htpasswd \
--to=- > "${HTPASSWD_FILE}" 2>/dev/null
}
htpasswd_ocp_set_file(){
HTPASSWD_FILE=${1:-${DEFAULT_HTPASSWD}}
HTPASSWD_NAME=$(basename "${HTPASSWD_FILE}")
touch "${HTPASSWD_FILE}" || return 1
oc -n openshift-config \
set data secret/"${HTPASSWD_NAME}" \
--from-file=htpasswd="${HTPASSWD_FILE}"
}
htpasswd_validate_user(){
USER=${1:-admin}
PASS=${2:-admin}
KUBECONFIG=${KUBECONFIG:-~/.kube/config}
TMP_CONFIG=scratch/kubeconfig.XXX
echo "This may take a few minutes..."
echo "Press <ctrl> + c to cancel
"
# login to ocp
cp "${KUBECONFIG}" "${TMP_CONFIG}"
retry oc --kubeconfig "${TMP_CONFIG}" login \
-u "${USER}" -p "${PASS}" > /dev/null 2>&1 || return 1
# verify user is present
oc get user "${USER}" || return 1
# cleanup tmp config
rm "${TMP_CONFIG}"
echo ""
echo "Validated Login: ${USER}"
echo ""
}
which age >/dev/null 2>&1 || return 0
htpasswd_encrypt_file(){
HTPASSWD_FILE=${1:-${DEFAULT_HTPASSWD}}
age --encrypt --armor \
-R authorized_keys \
-o "$(basename "${HTPASSWD_FILE}")".age \
"${HTPASSWD_FILE}"
}
htpasswd_decrypt_file(){
HTPASSWD_FILE=${1:-${DEFAULT_HTPASSWD}}
age --decrypt \
-i ~/.ssh/id_ed25519 \
-i ~/.ssh/id_rsa \
-o "${HTPASSWD_FILE}" \
"$(basename "${HTPASSWD_FILE}")".age
}