• R/O
  • HTTP
  • SSH
  • HTTPS

grid-chef-repo: コミット

Grid環境構築用のChefリポジトリです。


コミットメタ情報

リビジョン3465d082c0c44b0521eaf4e29a29d55151fc912a (tree)
日時2018-08-12 12:01:07
作者whitestar <whitestar@user...>
コミッターwhitestar

ログメッセージ

add auto secrets generation.

変更サマリ

差分

--- a/cookbooks/screwdriver/recipes/docker-compose.rb
+++ b/cookbooks/screwdriver/recipes/docker-compose.rb
@@ -17,6 +17,8 @@
1717 # limitations under the License.
1818 #
1919
20+require 'securerandom'
21+
2022 doc_url = 'https://hub.docker.com/r/screwdrivercd/screwdriver/'
2123
2224 ::Chef::Recipe.send(:include, SSLCert::Helper)
@@ -221,23 +223,20 @@ end
221223
222224 db_username = nil
223225 db_username_vault_item = node['screwdriver']['db_username_vault_item']
224-unless db_username_vault_item.empty?
225- db_username = get_vault_item_value(db_username_vault_item)
226- api_envs['DATASTORE_SEQUELIZE_USERNAME'] = '${DB_USERNAME}'
227-end
226+db_username = get_vault_item_value(db_username_vault_item) unless db_username_vault_item.empty?
227+db_username = 'sd-admin' if db_username.nil?
228+api_envs['DATASTORE_SEQUELIZE_USERNAME'] = '${DB_USERNAME}'
228229
229230 db_password = nil
230231 db_password_vault_item = node['screwdriver']['db_password_vault_item']
231-unless db_password_vault_item.empty?
232- db_password = get_vault_item_value(db_password_vault_item)
233- api_envs['DATASTORE_SEQUELIZE_PASSWORD'] = '${DB_PASSWORD}'
234-end
232+db_password = get_vault_item_value(db_password_vault_item) unless db_password_vault_item.empty?
233+db_password = SecureRandom.urlsafe_base64(32) if db_password.nil?
234+api_envs['DATASTORE_SEQUELIZE_PASSWORD'] = '${DB_PASSWORD}'
235235
236236 db_root_password = nil
237237 db_root_password_vault_item = node['screwdriver']['db_root_password_vault_item']
238-unless db_root_password_vault_item.empty?
239- db_root_password = get_vault_item_value(db_root_password_vault_item)
240-end
238+db_root_password = get_vault_item_value(db_root_password_vault_item) unless db_root_password_vault_item.empty?
239+db_root_password = SecureRandom.urlsafe_base64(32) if db_root_password.nil?
241240
242241 db_dialect = api_envs_org['DATASTORE_SEQUELIZE_DIALECT']
243242 case db_dialect
@@ -324,17 +323,15 @@ end
324323
325324 s3_access_key_id = nil
326325 s3_access_key_id_vault_item = node['screwdriver']['s3_access_key_id_vault_item']
327-unless s3_access_key_id_vault_item.empty?
328- s3_access_key_id = get_vault_item_value(s3_access_key_id_vault_item)
329- store_envs['S3_ACCESS_KEY_ID'] = '${S3_ACCESS_KEY_ID}'
330-end
326+s3_access_key_id = get_vault_item_value(s3_access_key_id_vault_item) unless s3_access_key_id_vault_item.empty?
327+s3_access_key_id = SecureRandom.urlsafe_base64(16) if s3_access_key_id.nil?
328+store_envs['S3_ACCESS_KEY_ID'] = '${S3_ACCESS_KEY_ID}'
331329
332330 s3_access_key_secret = nil
333331 s3_access_key_secret_vault_item = node['screwdriver']['s3_access_key_secret_vault_item']
334-unless s3_access_key_secret_vault_item.empty?
335- s3_access_key_secret = get_vault_item_value(s3_access_key_secret_vault_item)
336- store_envs['S3_ACCESS_KEY_SECRET'] = '${S3_ACCESS_KEY_SECRET}'
337-end
332+s3_access_key_secret = get_vault_item_value(s3_access_key_secret_vault_item) unless s3_access_key_secret_vault_item.empty?
333+s3_access_key_secret = SecureRandom.urlsafe_base64(32) if s3_access_key_secret.nil?
334+store_envs['S3_ACCESS_KEY_SECRET'] = '${S3_ACCESS_KEY_SECRET}'
338335
339336 # S3 compatible server
340337 if !store_backend.nil? && !store_backend.empty?
旧リポジトリブラウザで表示