This is an automated email from the ASF dual-hosted git repository.
rob pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new a8b19c5 Update t3c-apply to not pass the user, password, and url
command (#5859)
a8b19c5 is described below
commit a8b19c5e7c51d85236026bf30157dcacd3509732
Author: John J. Rushford <[email protected]>
AuthorDate: Tue May 18 15:13:38 2021 -0600
Update t3c-apply to not pass the user, password, and url command (#5859)
line options when the environment variables are used. This will
protect credential information from being viewed with the 'ps'
command.
---
cache-config/t3c-apply/config/config.go | 6 ++++
cache-config/t3c-apply/torequest/cmd.go | 64 +++++++++++++++++++++------------
2 files changed, 47 insertions(+), 23 deletions(-)
diff --git a/cache-config/t3c-apply/config/config.go
b/cache-config/t3c-apply/config/config.go
index 0943192..16348f9 100644
--- a/cache-config/t3c-apply/config/config.go
+++ b/cache-config/t3c-apply/config/config.go
@@ -259,12 +259,18 @@ func GetCfg() (Cfg, error) {
if toURL == "" {
urlSourceStr = "environment variable"
toURL = os.Getenv("TO_URL")
+ } else {
+ os.Setenv("TO_URL", toURL)
}
if toUser == "" {
toUser = os.Getenv("TO_USER")
+ } else {
+ os.Setenv("TO_USER", toUser)
}
if *toPassPtr == "" {
toPass = os.Getenv("TO_PASS")
+ } else {
+ os.Setenv("TO_PASS", toPass)
}
// set TSHome
diff --git a/cache-config/t3c-apply/torequest/cmd.go
b/cache-config/t3c-apply/torequest/cmd.go
index 825fac8..310a8d6 100644
--- a/cache-config/t3c-apply/torequest/cmd.go
+++ b/cache-config/t3c-apply/torequest/cmd.go
@@ -26,6 +26,7 @@ import (
"encoding/json"
"errors"
"fmt"
+ "os"
"strconv"
"strings"
@@ -128,18 +129,28 @@ func getPackages(cfg config.Cfg) ([]Package, error) {
// sendUpdate updates the given cache's queue update and reval status in
Traffic Ops.
// Note the statuses are the value to be set, not whether to set the value.
func sendUpdate(cfg config.Cfg, updateStatus bool, revalStatus bool) error {
- stdOut, stdErr, code := t3cutil.Do(`t3c-update`,
-
"--traffic-ops-timeout-milliseconds="+strconv.FormatInt(int64(cfg.TOTimeoutMS),
10),
- "--traffic-ops-user="+cfg.TOUser,
- "--traffic-ops-password="+cfg.TOPass,
- "--traffic-ops-url="+cfg.TOURL,
- "--traffic-ops-insecure="+strconv.FormatBool(cfg.TOInsecure),
- "--log-location-error="+outToErr(cfg.LogLocationErr),
- "--log-location-info="+outToErr(cfg.LogLocationInfo),
- "--cache-host-name="+cfg.CacheHostName,
- "--set-update-status="+strconv.FormatBool(updateStatus),
- "--set-reval-status="+strconv.FormatBool(revalStatus),
- )
+ args := []string{
+ "--traffic-ops-timeout-milliseconds=" +
strconv.FormatInt(int64(cfg.TOTimeoutMS), 10),
+ "--traffic-ops-user=" + cfg.TOUser,
+ "--traffic-ops-password=" + cfg.TOPass,
+ "--traffic-ops-url=" + cfg.TOURL,
+ "--traffic-ops-insecure=" + strconv.FormatBool(cfg.TOInsecure),
+ "--log-location-error=" + outToErr(cfg.LogLocationErr),
+ "--log-location-info=" + outToErr(cfg.LogLocationInfo),
+ "--cache-host-name=" + cfg.CacheHostName,
+ "--set-update-status=" + strconv.FormatBool(updateStatus),
+ "--set-reval-status=" + strconv.FormatBool(revalStatus),
+ }
+ if _, used := os.LookupEnv("TO_USER"); !used {
+ args = append(args, "--traffic-ops-user="+cfg.TOUser)
+ }
+ if _, used := os.LookupEnv("TO_PASS"); !used {
+ args = append(args, "--traffic-ops-password="+cfg.TOPass)
+ }
+ if _, used := os.LookupEnv("TO_URL"); !used {
+ args = append(args, "--traffic-ops-url="+cfg.TOURL)
+ }
+ stdOut, stdErr, code := t3cutil.Do(`t3c-update`, args...)
if code != 0 {
return fmt.Errorf("t3c-update returned non-zero exit code %v
stdout '%v' stderr '%v'", code, string(stdOut), string(stdErr))
}
@@ -253,17 +264,24 @@ func requestJSON(cfg config.Cfg, command string, obj
interface{}) error {
// request calls t3c-request with the given command, and returns the stdout
bytes.
func request(cfg config.Cfg, command string) ([]byte, error) {
- stdOut, stdErr, code := t3cutil.Do(`t3c-request`,
- "--traffic-ops-insecure="+strconv.FormatBool(cfg.TOInsecure),
-
"--traffic-ops-timeout-milliseconds="+strconv.FormatInt(int64(cfg.TOTimeoutMS),
10),
- "--traffic-ops-user="+cfg.TOUser,
- "--traffic-ops-password="+cfg.TOPass,
- "--traffic-ops-url="+cfg.TOURL,
- "--cache-host-name="+cfg.CacheHostName,
- "--log-location-error="+outToErr(cfg.LogLocationErr),
- "--log-location-info="+outToErr(cfg.LogLocationInfo),
- `--get-data=`+command,
- )
+ args := []string{
+ "--traffic-ops-insecure=" + strconv.FormatBool(cfg.TOInsecure),
+ "--traffic-ops-timeout-milliseconds=" +
strconv.FormatInt(int64(cfg.TOTimeoutMS), 10),
+ "--cache-host-name=" + cfg.CacheHostName,
+ "--log-location-error=" + outToErr(cfg.LogLocationErr),
+ "--log-location-info=" + outToErr(cfg.LogLocationInfo),
+ `--get-data=` + command,
+ }
+ if _, used := os.LookupEnv("TO_USER"); !used {
+ args = append(args, "--traffic-ops-user="+cfg.TOUser)
+ }
+ if _, used := os.LookupEnv("TO_PASS"); !used {
+ args = append(args, "--traffic-ops-password="+cfg.TOPass)
+ }
+ if _, used := os.LookupEnv("TO_URL"); !used {
+ args = append(args, "--traffic-ops-url="+cfg.TOURL)
+ }
+ stdOut, stdErr, code := t3cutil.Do(`t3c-request`, args...)
if code != 0 {
return nil, fmt.Errorf("t3c-request returned non-zero exit code
%v stdout '%v' stderr '%v'", code, string(stdOut), string(stdErr))
}
