From 9e77bc9ea19087dd6a86a744a0da7453c1883a37 Mon Sep 17 00:00:00 2001
From: Jo <jo@surikat.pro>
Date: Mon, 29 Nov 2021 21:22:32 +0100
Subject: [PATCH] feat(secret-gen): replace missing node by openssl +
 k8s-wait-job (#914)

* feat(create-db-secret): ensure random and secured

* Update azure-db/bin/create-db-secret

Co-authored-by: Julien Bouquillon <contact@revolunet.com>

* Update azure-db/bin/create-db-secret

Co-authored-by: Julien Bouquillon <contact@revolunet.com>

* feat(secret-gen): replace missing node by openssl

* feat(wait-job): add k8s wait job

Co-authored-by: Julien Bouquillon <contact@revolunet.com>
---
 azure-db/bin/create-db-secret |  3 ++-
 kubectl/Dockerfile            |  2 ++
 kubectl/bin/k8s-wait-job      | 34 ++++++++++++++++++++++++++++++++++
 3 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100755 kubectl/bin/k8s-wait-job

diff --git a/azure-db/bin/create-db-secret b/azure-db/bin/create-db-secret
index 7f7a3d951..03e174235 100755
--- a/azure-db/bin/create-db-secret
+++ b/azure-db/bin/create-db-secret
@@ -15,7 +15,8 @@ if [ -n "$(kubectl -n $K8S_NS get secret $PGPASSWORD_SECRET_NAME 2>/dev/null)" ]
   exit 0
 fi
 
-PGPASSWORD=$(node -e "console.log(require('crypto').randomBytes(16).toString('base64').replace(/[^a-z0-9]/gi , ''))")
+PGPASSWORD=$(openssl rand -base64 32 | sed "s/[^[:alnum:]-]//g")
+
 kubectl -n $K8S_NS create secret generic $PGPASSWORD_SECRET_NAME --from-literal=PGPASSWORD=$PGPASSWORD
 
 echo "PGPASSWORD secret named '$PGPASSWORD_SECRET_NAME' created in namespace '$K8S_NS'"
diff --git a/kubectl/Dockerfile b/kubectl/Dockerfile
index 98aff8d03..6098db175 100644
--- a/kubectl/Dockerfile
+++ b/kubectl/Dockerfile
@@ -29,6 +29,8 @@ RUN set -ex \
   && mv /kustomize /usr/local/bin/kustomize \
   ;
 
+COPY ./bin /bin
+
 USER 1001
 ENTRYPOINT [ "kubectl" ]
 CMD [ "--help" ]
diff --git a/kubectl/bin/k8s-wait-job b/kubectl/bin/k8s-wait-job
new file mode 100755
index 000000000..4fe0fc562
--- /dev/null
+++ b/kubectl/bin/k8s-wait-job
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+K8S_NAMESPACE=${1}
+JOB_NAME=${2}
+
+if [ -z "$K8S_NAMESPACE" ]; then
+  echo "missing required argument #1: namespace"
+  exit 1
+fi
+
+if [ -z "$JOB_NAME" ]; then
+  echo "missing required argument #2: job name"
+  exit 1
+fi
+
+JOB="job/$JOB_NAME"
+
+retval_complete=1
+retval_failed=1
+while [[ $retval_complete -ne 0 ]] && [[ $retval_failed -ne 0 ]]; do
+  sleep 2
+  output=$(timeout 2s kubectl -n $K8S_NAMESPACE wait --for=condition=complete $JOB --timeout=0 2>&1)
+  retval_complete=$?
+  output=$(timeout 2s kubectl -n $K8S_NAMESPACE wait --for=condition=failed $JOB --timeout=0 2>&1)
+  retval_failed=$?
+  wait
+done
+
+if [ $retval_failed -eq 0 ]; then
+  echo "$JOB failed"
+  exit 1
+else
+  echo "$JOB complete"
+fi