Skip to content

Commit

Permalink
No quoting required
Browse files Browse the repository at this point in the history
  • Loading branch information
@SStorm
SStorm committed Feb 6, 2024
1 parent 5e4115a commit 50ea18e
Showing 1 changed file with 18 additions and 34 deletions.
52 changes: 18 additions & 34 deletions crate/operator/bootstrap.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@
from kubernetes_asyncio.client import ApiException, CoreV1Api
from kubernetes_asyncio.client.api_client import ApiClient
from kubernetes_asyncio.stream import WsApiClient
from psycopg2.extensions import QuotedString

from crate.operator.config import config
from crate.operator.constants import CONNECT_TIMEOUT, SYSTEM_USERNAME
Expand Down Expand Up @@ -76,11 +75,11 @@ async def bootstrap_system_user(
"""
scheme = "https" if has_ssl else "http"
password = await get_system_user_password(core, namespace, name)
password_quoted = QuotedString(password).getquoted().decode()

def get_curl_command(payload: dict) -> List[str]:
return [
"curl",
"-s",
"-k",
"-X",
"POST",
Expand All @@ -96,35 +95,38 @@ def get_curl_command(payload: dict) -> List[str]:
command_create_user = get_curl_command(
{
"stmt": 'CREATE USER "{}" WITH (password = $1)'.format(SYSTEM_USERNAME),
"args": [password_quoted],
"args": [password],
}
)
command_alter_user = get_curl_command(
{
"stmt": 'ALTER USER "{}" SET (password = $1)'.format(SYSTEM_USERNAME),
"args": [password_quoted],
"args": [password],
}
)
command_grant = get_curl_command(
{"stmt": 'GRANT ALL PRIVILEGES TO "{}" '.format(SYSTEM_USERNAME)}
)
exception_logger = logger.exception if config.TESTING else logger.error

async def pod_exec(cmd):
return await core_ws.connect_get_namespaced_pod_exec(
namespace=namespace,
name=master_node_pod,
command=cmd,
container="crate",
stderr=True,
stdin=False,
stdout=True,
tty=False,
)

needs_update = False
async with WsApiClient() as ws_api_client:
core_ws = CoreV1Api(ws_api_client)
try:
logger.info("Trying to create system user ...")
result = await core_ws.connect_get_namespaced_pod_exec(
namespace=namespace,
name=master_node_pod,
command=command_create_user,
container="crate",
stderr=True,
stdin=False,
stdout=True,
tty=False,
)
result = await pod_exec(command_create_user)
except ApiException as e:
# We don't use `logger.exception()` to not accidentally include the
# password in the log messages which might be part of the string
Expand All @@ -150,16 +152,7 @@ def get_curl_command(payload: dict) -> List[str]:
if needs_update:
try:
logger.info("Trying to update system user password ...")
result = await core_ws.connect_get_namespaced_pod_exec(
namespace=namespace,
name=master_node_pod,
command=command_alter_user,
container="crate",
stderr=True,
stdin=False,
stdout=True,
tty=False,
)
result = await pod_exec(command_alter_user)
except ApiException as e:
# We don't use `logger.exception()` to not accidentally include the
# password in the log messages which might be part of the string
Expand All @@ -185,16 +178,7 @@ def get_curl_command(payload: dict) -> List[str]:

try:
logger.info("Trying to grant system user all privileges ...")
result = await core_ws.connect_get_namespaced_pod_exec(
namespace=namespace,
name=master_node_pod,
command=command_grant,
container="crate",
stderr=True,
stdin=False,
stdout=True,
tty=False,
)
result = await pod_exec(command_grant)
except (ApiException, WSServerHandshakeError):
logger.exception("... failed")
raise _temporary_error()
Expand Down

0 comments on commit 50ea18e

Please sign in to comment.