From 11630a8803999ac25760a764edf4f0615e5c9767 Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Mon, 3 Jun 2019 11:45:21 +0200 Subject: [PATCH] Installer: quote password where it applies Prior to this change, password having shell interpretable character would break the installer (e.g '&', '(', etc... ) This commits rely on the `quote` filter from ansible to ensure those password are properly quoted where it applies Fixes: https://github.com/ansible/awx/issues/3943 Signed-off-by: Yanis Guenane --- installer/roles/image_push/tasks/main.yml | 2 +- installer/roles/kubernetes/tasks/backup.yml | 2 +- installer/roles/kubernetes/tasks/main.yml | 6 +++--- installer/roles/kubernetes/tasks/restore.yml | 6 +++--- installer/roles/kubernetes/templates/environment.sh.j2 | 4 ++-- .../roles/local_docker/templates/docker-compose.yml.j2 | 4 ++-- installer/roles/local_docker/templates/environment.sh.j2 | 4 ++-- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/installer/roles/image_push/tasks/main.yml b/installer/roles/image_push/tasks/main.yml index 24530b0ed8..1d75e4d29d 100644 --- a/installer/roles/image_push/tasks/main.yml +++ b/installer/roles/image_push/tasks/main.yml @@ -3,7 +3,7 @@ docker_login: registry: "{{ docker_registry }}" username: "{{ docker_registry_username }}" - password: "{{ docker_registry_password }}" + password: "{{ docker_registry_password | quote }}" reauthorize: yes when: docker_registry is defined and docker_registry_password is defined delegate_to: localhost diff --git a/installer/roles/kubernetes/tasks/backup.yml b/installer/roles/kubernetes/tasks/backup.yml index fb33f62b3a..692ea02b0d 100644 --- a/installer/roles/kubernetes/tasks/backup.yml +++ b/installer/roles/kubernetes/tasks/backup.yml @@ -49,7 +49,7 @@ - name: Dump database shell: | {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} exec ansible-tower-management -- \ - bash -c "PGPASSWORD={{ pg_password }} \ + bash -c "PGPASSWORD={{ pg_password | quote }} \ pg_dump --clean --create \ --host='{{ pg_hostname | default('postgresql') }}' \ --port={{ pg_port | default('5432') }} \ diff --git a/installer/roles/kubernetes/tasks/main.yml b/installer/roles/kubernetes/tasks/main.yml index 22d48efe34..31eb4efcda 100644 --- a/installer/roles/kubernetes/tasks/main.yml +++ b/installer/roles/kubernetes/tasks/main.yml @@ -66,8 +66,8 @@ -e DATABASE_SERVICE_NAME=postgresql \ -e POSTGRESQL_MAX_CONNECTIONS={{ pg_max_connections|default(1024) }} \ -e POSTGRESQL_USER={{ pg_username }} \ - -e POSTGRESQL_PASSWORD={{ pg_password }} \ - -e POSTGRESQL_ADMIN_PASSWORD={{ pg_password }} \ + -e POSTGRESQL_PASSWORD={{ pg_password | quote }} \ + -e POSTGRESQL_ADMIN_PASSWORD={{ pg_password | quote }} \ -e POSTGRESQL_DATABASE={{ pg_database }} \ -e POSTGRESQL_VERSION=9.6 \ -n {{ kubernetes_namespace }} @@ -84,7 +84,7 @@ helm upgrade {{ postgresql_service_name }} --install \ --namespace {{ kubernetes_namespace }} \ --set postgresqlUsername={{ pg_username }} \ - --set postgresqlPassword={{ pg_password }} \ + --set postgresqlPassword={{ pg_password | quote }} \ --set postgresqlDatabase={{ pg_database }} \ --set persistence.size={{ pg_volume_capacity|default('5')}}Gi \ --version="2.0.0" \ diff --git a/installer/roles/kubernetes/tasks/restore.yml b/installer/roles/kubernetes/tasks/restore.yml index 766701ff74..10f1292495 100644 --- a/installer/roles/kubernetes/tasks/restore.yml +++ b/installer/roles/kubernetes/tasks/restore.yml @@ -75,7 +75,7 @@ - name: Temporarily grant createdb role shell: | {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \ - exec -i ansible-tower-management -- bash -c "PGPASSWORD={{ pg_password }} \ + exec -i ansible-tower-management -- bash -c "PGPASSWORD={{ pg_password | quote }} \ psql \ --host={{ pg_hostname | default('postgresql') }} \ --port={{ pg_port | default('5432') }} \ @@ -87,7 +87,7 @@ - name: Perform a PostgreSQL restore shell: | {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \ - exec -i ansible-tower-management -- bash -c "PGPASSWORD={{ pg_password }} \ + exec -i ansible-tower-management -- bash -c "PGPASSWORD={{ pg_password | quote }} \ psql \ --host={{ pg_hostname | default('postgresql') }} \ --port={{ pg_port | default('5432') }} \ @@ -98,7 +98,7 @@ - name: Revoke createdb role shell: | {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \ - exec -i ansible-tower-management -- bash -c "PGPASSWORD={{ pg_password }} \ + exec -i ansible-tower-management -- bash -c "PGPASSWORD={{ pg_password | quote }} \ psql \ --host={{ pg_hostname | default('postgresql') }} \ --port={{ pg_port | default('5432') }} \ diff --git a/installer/roles/kubernetes/templates/environment.sh.j2 b/installer/roles/kubernetes/templates/environment.sh.j2 index 4abdc741d4..1c5497c922 100644 --- a/installer/roles/kubernetes/templates/environment.sh.j2 +++ b/installer/roles/kubernetes/templates/environment.sh.j2 @@ -2,10 +2,10 @@ DATABASE_USER={{ pg_username }} DATABASE_NAME={{ pg_database }} DATABASE_HOST={{ pg_hostname|default('postgresql') }} DATABASE_PORT={{ pg_port|default('5432') }} -DATABASE_PASSWORD={{ pg_password }} +DATABASE_PASSWORD={{ pg_password | quote }} MEMCACHED_HOST={{ memcached_hostname|default('localhost') }} MEMCACHED_PORT={{ memcached_port|default('11211') }} RABBITMQ_HOST={{ rabbitmq_hostname|default('localhost') }} RABBITMQ_PORT={{ rabbitmq_port|default('5672') }} AWX_ADMIN_USER={{ admin_user }} -AWX_ADMIN_PASSWORD={{ admin_password }} +AWX_ADMIN_PASSWORD={{ admin_password | quote }} diff --git a/installer/roles/local_docker/templates/docker-compose.yml.j2 b/installer/roles/local_docker/templates/docker-compose.yml.j2 index d71c4e04fc..d58d61a1a0 100644 --- a/installer/roles/local_docker/templates/docker-compose.yml.j2 +++ b/installer/roles/local_docker/templates/docker-compose.yml.j2 @@ -111,7 +111,7 @@ services: environment: RABBITMQ_DEFAULT_VHOST: "{{ rabbitmq_default_vhost }}" RABBITMQ_DEFAULT_USER: "{{ rabbitmq_user }}" - RABBITMQ_DEFAULT_PASS: "{{ rabbitmq_password }}" + RABBITMQ_DEFAULT_PASS: "{{ rabbitmq_password | quote }}" RABBITMQ_ERLANG_COOKIE: {{ rabbitmq_erlang_cookie }} http_proxy: {{ http_proxy | default('') }} https_proxy: {{ https_proxy | default('') }} @@ -135,7 +135,7 @@ services: - {{ postgres_data_dir }}:/var/lib/postgresql/data:Z environment: POSTGRES_USER: {{ pg_username }} - POSTGRES_PASSWORD: {{ pg_password }} + POSTGRES_PASSWORD: {{ pg_password | quote }} POSTGRES_DB: {{ pg_database }} PGDATA: /var/lib/postgresql/data/pgdata http_proxy: {{ http_proxy | default('') }} diff --git a/installer/roles/local_docker/templates/environment.sh.j2 b/installer/roles/local_docker/templates/environment.sh.j2 index 4cff8eb102..6bf747b0b0 100644 --- a/installer/roles/local_docker/templates/environment.sh.j2 +++ b/installer/roles/local_docker/templates/environment.sh.j2 @@ -2,10 +2,10 @@ DATABASE_USER={{ pg_username }} DATABASE_NAME={{ pg_database }} DATABASE_HOST={{ pg_hostname|default('postgres') }} DATABASE_PORT={{ pg_port|default('5432') }} -DATABASE_PASSWORD={{ pg_password }} +DATABASE_PASSWORD={{ pg_password | quote }} MEMCACHED_HOST={{ memcached_hostname|default('memcached') }} MEMCACHED_PORT={{ memcached_port|default('11211') }} RABBITMQ_HOST={{ rabbitmq_hostname|default('rabbitmq') }} RABBITMQ_PORT={{ rabbitmq_port|default('5672') }} AWX_ADMIN_USER={{ admin_user }} -AWX_ADMIN_PASSWORD={{ admin_password }} +AWX_ADMIN_PASSWORD={{ admin_password | quote }}