feat(secret-gen): replace missing node by openssl + k8s-wait-job (#914)

* feat(create-db-secret): ensure random and secured

* Update azure-db/bin/create-db-secret

Co-authored-by: Julien Bouquillon <contact@revolunet.com>

* Update azure-db/bin/create-db-secret

Co-authored-by: Julien Bouquillon <contact@revolunet.com>

* feat(secret-gen): replace missing node by openssl

* feat(wait-job): add k8s wait job

Co-authored-by: Julien Bouquillon <contact@revolunet.com>

azure-db/bin/create-db-secret

@@ -15,7 +15,8 @@ if [ -n "$(kubectl -n $K8S_NS get secret $PGPASSWORD_SECRET_NAME 2>/dev/null)" ]
   exit 0
 fi
 
-PGPASSWORD=$(node -e "console.log(require('crypto').randomBytes(16).toString('base64').replace(/[^a-z0-9]/gi , ''))")
+PGPASSWORD=$(openssl rand -base64 32 | sed "s/[^[:alnum:]-]//g")
+
 kubectl -n $K8S_NS create secret generic $PGPASSWORD_SECRET_NAME --from-literal=PGPASSWORD=$PGPASSWORD
 
 echo "PGPASSWORD secret named '$PGPASSWORD_SECRET_NAME' created in namespace '$K8S_NS'"

kubectl/Dockerfile

@@ -29,6 +29,8 @@ RUN set -ex \
   && mv /kustomize /usr/local/bin/kustomize \
   ;
 
+COPY ./bin /bin
+
 USER 1001
 ENTRYPOINT [ "kubectl" ]
 CMD [ "--help" ]

kubectl/bin/k8s-wait-job

@@ -0,0 +1,34 @@
+#!/bin/sh
+
+K8S_NAMESPACE=${1}
+JOB_NAME=${2}
+
+if [ -z "$K8S_NAMESPACE" ]; then
+  echo "missing required argument #1: namespace"
+  exit 1
+fi
+
+if [ -z "$JOB_NAME" ]; then
+  echo "missing required argument #2: job name"
+  exit 1
+fi
+
+JOB="job/$JOB_NAME"
+
+retval_complete=1
+retval_failed=1
+while [[ $retval_complete -ne 0 ]] && [[ $retval_failed -ne 0 ]]; do
+  sleep 2
+  output=$(timeout 2s kubectl -n $K8S_NAMESPACE wait --for=condition=complete $JOB --timeout=0 2>&1)
+  retval_complete=$?
+  output=$(timeout 2s kubectl -n $K8S_NAMESPACE wait --for=condition=failed $JOB --timeout=0 2>&1)
+  retval_failed=$?
+  wait
+done
+
+if [ $retval_failed -eq 0 ]; then
+  echo "$JOB failed"
+  exit 1
+else
+  echo "$JOB complete"
+fi