From 2fd9ca698d11fe5afbbc3a7f1bf7dd0c3cc6d85e Mon Sep 17 00:00:00 2001 From: John McCann Date: Thu, 8 Oct 2020 12:56:16 -0700 Subject: [PATCH 1/9] chore(kube-setup-ssjdispatcher.sh): init mds creds --- gen3/bin/kube-setup-ssjdispatcher.sh | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/gen3/bin/kube-setup-ssjdispatcher.sh b/gen3/bin/kube-setup-ssjdispatcher.sh index 73e389b9b..3eb687c71 100644 --- a/gen3/bin/kube-setup-ssjdispatcher.sh +++ b/gen3/bin/kube-setup-ssjdispatcher.sh @@ -120,6 +120,9 @@ EOM /bin/rm "$credsBak" updateIndexd=true fi + local mdsCreds="$(grep ADMIN_LOGINS= < "$(gen3_secrets_folder)/g3auto/metadata/metadata.env" | cut -d '=' -f2)" + local mdsUser="$(echo $mdsCreds | cut -d ':' -f1)" + local mdsPassword="$(echo $mdsCreds | cut -d ':' -f2)" local ssjConfig="$(cat - < Date: Thu, 8 Oct 2020 16:19:03 -0700 Subject: [PATCH 2/9] chore(kube-setup-ssjdispatcher): break into funcs --- gen3/bin/kube-setup-ssjdispatcher.sh | 78 ++++++++++++++++++---------- 1 file changed, 51 insertions(+), 27 deletions(-) diff --git a/gen3/bin/kube-setup-ssjdispatcher.sh b/gen3/bin/kube-setup-ssjdispatcher.sh index 3eb687c71..cf691a42e 100644 --- a/gen3/bin/kube-setup-ssjdispatcher.sh +++ b/gen3/bin/kube-setup-ssjdispatcher.sh @@ -109,20 +109,6 @@ EOM fi local credsBak="$(mktemp "$XDG_RUNTIME_DIR/creds.json_XXXXXX")" - local indexdPassword - local updateIndexd=false - # create new indexd user if necessary - if ! indexdPassword="$(jq -e -r .indexd.user_db.ssj < "$(gen3_secrets_folder)/creds.json" 2> /dev/null)" \ - || [[ -z "$indexdPassword" && "$indexdPassword" == null ]]; then - indexdPassword="$(gen3 random)" - cp "$(gen3_secrets_folder)/creds.json" "$credsBak" - jq -r --arg password "$indexdPassword" '.indexd.user_db.ssj=$password' < "$credsBak" > "$(gen3_secrets_folder)/creds.json" - /bin/rm "$credsBak" - updateIndexd=true - fi - local mdsCreds="$(grep ADMIN_LOGINS= < "$(gen3_secrets_folder)/g3auto/metadata/metadata.env" | cut -d '=' -f2)" - local mdsUser="$(echo $mdsCreds | cut -d ':' -f1)" - local mdsPassword="$(echo $mdsCreds | cut -d ':' -f2)" local ssjConfig="$(cat - < "$(gen3_secrets_folder)/creds.json" /bin/rm "$credsBak" - gen3 secrets sync "chore(ssjdispatcher): setup" + # XXX run at end + # gen3 secrets sync "chore(ssjdispatcher): setup" +} + +setupIndexdConfig() { + local credsBak="$(mktemp "$XDG_RUNTIME_DIR/creds.json_XXXXXX")" + local indexdPassword + local updateIndexd=false + # create new indexd user if necessary + if ! indexdPassword="$(jq -e -r .indexd.user_db.ssj < "$(gen3_secrets_folder)/creds.json" 2> /dev/null)" \ + || [[ -z "$indexdPassword" && "$indexdPassword" == null ]]; then + indexdPassword="$(gen3 random)" + cp "$(gen3_secrets_folder)/creds.json" "$credsBak" + jq -r --arg password "$indexdPassword" '.indexd.user_db.ssj=$password' < "$credsBak" > "$(gen3_secrets_folder)/creds.json" + /bin/rm "$credsBak" + updateIndexd=true + fi + + local indexdConfig="$(cat - < "$(gen3_secrets_folder)/creds.json" + /bin/rm "$credsBak" + if [[ "$updateIndexd" != "false" ]]; then gen3 job run indexd-userdb fi } +setupMDSConfig() { + local credsBak="$(mktemp "$XDG_RUNTIME_DIR/creds.json_XXXXXX")" + local mdsCreds="$(grep ADMIN_LOGINS= < "$(gen3_secrets_folder)/g3auto/metadata/metadata.env" | cut -d '=' -f2)" + local mdsUser="$(echo $mdsCreds | cut -d ':' -f1)" + local mdsPassword="$(echo $mdsCreds | cut -d ':' -f2)" + local mdsConfig="$(cat - < "$(gen3_secrets_folder)/creds.json" + /bin/rm "$credsBak" +} + # main ------------------- @@ -172,6 +194,8 @@ fi [[ -z "$GEN3_ROLL_ALL" ]] && gen3 kube-setup-secrets setupSsjInfra "$@" +setupIndexdConfig +setupMDSConfig gen3 roll ssjdispatcher g3kubectl apply -f "${GEN3_HOME}/kube/services/ssjdispatcher/ssjdispatcher-service.yaml" From 20fd4187ace583c4a271e0777559fd5726d7c228 Mon Sep 17 00:00:00 2001 From: John McCann Date: Thu, 8 Oct 2020 18:51:03 -0700 Subject: [PATCH 3/9] chore(kube-setup-ssjdispatcher): select JOBS name --- gen3/bin/kube-setup-ssjdispatcher.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/gen3/bin/kube-setup-ssjdispatcher.sh b/gen3/bin/kube-setup-ssjdispatcher.sh index cf691a42e..a817f3e35 100644 --- a/gen3/bin/kube-setup-ssjdispatcher.sh +++ b/gen3/bin/kube-setup-ssjdispatcher.sh @@ -157,7 +157,7 @@ setupIndexdConfig() { EOM )" cp "$(gen3_secrets_folder)/creds.json" "$credsBak" - jq -r --argjson indexdConfig "$indexdConfig" '.ssjdispatcher.JOBS.imageConfig.indexd=$indexdConfig' < "$credsBak" > "$(gen3_secrets_folder)/creds.json" + jq -r --argjson indexdConfig "$indexdConfig" '.ssjdispatcher.JOBS[] | select(.name=="indexing") | .imageConfig.indexd=$indexdConfig' < "$credsBak" > "$(gen3_secrets_folder)/creds.json" /bin/rm "$credsBak" if [[ "$updateIndexd" != "false" ]]; then @@ -166,6 +166,7 @@ EOM } setupMDSConfig() { + # XXX check that mds is deployed local credsBak="$(mktemp "$XDG_RUNTIME_DIR/creds.json_XXXXXX")" local mdsCreds="$(grep ADMIN_LOGINS= < "$(gen3_secrets_folder)/g3auto/metadata/metadata.env" | cut -d '=' -f2)" local mdsUser="$(echo $mdsCreds | cut -d ':' -f1)" @@ -179,7 +180,7 @@ setupMDSConfig() { EOM )" cp "$(gen3_secrets_folder)/creds.json" "$credsBak" - jq -r --argjson mdsConfig "$mdsConfig" '.ssjdispatcher.JOBS.imageConfig.metadataService=$mdsConfig' < "$credsBak" > "$(gen3_secrets_folder)/creds.json" + jq -r --argjson mdsConfig "$mdsConfig" '.ssjdispatcher.JOBS[] | select(.name=="indexing") | .imageConfig.metadataService=$mdsConfig' < "$credsBak" > "$(gen3_secrets_folder)/creds.json" /bin/rm "$credsBak" } From e313b577733cae2e165e79c5cf20cfa8172d24f3 Mon Sep 17 00:00:00 2001 From: John McCann Date: Thu, 8 Oct 2020 19:21:28 -0700 Subject: [PATCH 4/9] chore(kube-setup-ssjdispatcher): change jq () --- gen3/bin/kube-setup-ssjdispatcher.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/gen3/bin/kube-setup-ssjdispatcher.sh b/gen3/bin/kube-setup-ssjdispatcher.sh index a817f3e35..9777fe5ea 100644 --- a/gen3/bin/kube-setup-ssjdispatcher.sh +++ b/gen3/bin/kube-setup-ssjdispatcher.sh @@ -144,6 +144,7 @@ setupIndexdConfig() { indexdPassword="$(gen3 random)" cp "$(gen3_secrets_folder)/creds.json" "$credsBak" jq -r --arg password "$indexdPassword" '.indexd.user_db.ssj=$password' < "$credsBak" > "$(gen3_secrets_folder)/creds.json" + # XXX needed below? /bin/rm "$credsBak" updateIndexd=true fi @@ -157,7 +158,7 @@ setupIndexdConfig() { EOM )" cp "$(gen3_secrets_folder)/creds.json" "$credsBak" - jq -r --argjson indexdConfig "$indexdConfig" '.ssjdispatcher.JOBS[] | select(.name=="indexing") | .imageConfig.indexd=$indexdConfig' < "$credsBak" > "$(gen3_secrets_folder)/creds.json" + jq -r --argjson indexdConfig "$indexdConfig" '(.ssjdispatcher.JOBS[] | select(.name == "indexing") | .imageConfig.indexd)=$indexdConfig' < "$credsBak" > "$(gen3_secrets_folder)/creds.json" /bin/rm "$credsBak" if [[ "$updateIndexd" != "false" ]]; then @@ -180,7 +181,7 @@ setupMDSConfig() { EOM )" cp "$(gen3_secrets_folder)/creds.json" "$credsBak" - jq -r --argjson mdsConfig "$mdsConfig" '.ssjdispatcher.JOBS[] | select(.name=="indexing") | .imageConfig.metadataService=$mdsConfig' < "$credsBak" > "$(gen3_secrets_folder)/creds.json" + jq -r --argjson mdsConfig "$mdsConfig" '(.ssjdispatcher.JOBS[] | select(.name == "indexing") | .imageConfig.metadataService)=$mdsConfig' < "$credsBak" > "$(gen3_secrets_folder)/creds.json" /bin/rm "$credsBak" } From 84d44668bc63d34eec2783f4837690affde1bf11 Mon Sep 17 00:00:00 2001 From: John McCann Date: Mon, 12 Oct 2020 16:51:57 -0700 Subject: [PATCH 5/9] chore(kube-setup-ssjdispatcher): log MDS stuff --- .secrets.baseline | 16 ++-- gen3/bin/kube-setup-ssjdispatcher.sh | 128 ++++++++++++++++++--------- 2 files changed, 97 insertions(+), 47 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 4177bf3ee..a937de376 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$|^./.secrets.baseline$", "lines": null }, - "generated_at": "2020-10-09T17:32:47Z", + "generated_at": "2020-10-12T23:42:18Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -436,15 +436,21 @@ ], "gen3/bin/kube-setup-ssjdispatcher.sh": [ { - "hashed_secret": "d3df8a3b08a9de43b73eca1302d50e7a0e5b360f", + "hashed_secret": "9f29ed52bc91ba45b309d5234e95edc7ca5286fd", "is_verified": false, - "line_number": 115, + "line_number": 117, "type": "Secret Keyword" }, { - "hashed_secret": "9f29ed52bc91ba45b309d5234e95edc7ca5286fd", + "hashed_secret": "7992309146efaa8da936e34b0bd33242cd0e9f93", "is_verified": false, - "line_number": 117, + "line_number": 184, + "type": "Secret Keyword" + }, + { + "hashed_secret": "d3df8a3b08a9de43b73eca1302d50e7a0e5b360f", + "is_verified": false, + "line_number": 197, "type": "Secret Keyword" } ], diff --git a/gen3/bin/kube-setup-ssjdispatcher.sh b/gen3/bin/kube-setup-ssjdispatcher.sh index 9777fe5ea..35e00d0a9 100644 --- a/gen3/bin/kube-setup-ssjdispatcher.sh +++ b/gen3/bin/kube-setup-ssjdispatcher.sh @@ -109,6 +109,17 @@ EOM fi local credsBak="$(mktemp "$XDG_RUNTIME_DIR/creds.json_XXXXXX")" + local indexdPassword + local updateIndexd=false + # create new indexd user if necessary + if ! indexdPassword="$(jq -e -r .indexd.user_db.ssj < "$(gen3_secrets_folder)/creds.json" 2> /dev/null)" \ + || [[ -z "$indexdPassword" && "$indexdPassword" == null ]]; then + indexdPassword="$(gen3 random)" + cp "$(gen3_secrets_folder)/creds.json" "$credsBak" + jq -r --arg password "$indexdPassword" '.indexd.user_db.ssj=$password' < "$credsBak" > "$(gen3_secrets_folder)/creds.json" + /bin/rm "$credsBak" + updateIndexd=true + fi local ssjConfig="$(cat - < "$(gen3_secrets_folder)/creds.json" /bin/rm "$credsBak" - # XXX run at end - # gen3 secrets sync "chore(ssjdispatcher): setup" + gen3 secrets sync "chore(ssjdispatcher): setup" + if [[ "$updateIndexd" != "false" ]]; then + gen3 job run indexd-userdb + fi } -setupIndexdConfig() { - local credsBak="$(mktemp "$XDG_RUNTIME_DIR/creds.json_XXXXXX")" - local indexdPassword - local updateIndexd=false - # create new indexd user if necessary - if ! indexdPassword="$(jq -e -r .indexd.user_db.ssj < "$(gen3_secrets_folder)/creds.json" 2> /dev/null)" \ - || [[ -z "$indexdPassword" && "$indexdPassword" == null ]]; then - indexdPassword="$(gen3 random)" - cp "$(gen3_secrets_folder)/creds.json" "$credsBak" - jq -r --arg password "$indexdPassword" '.indexd.user_db.ssj=$password' < "$credsBak" > "$(gen3_secrets_folder)/creds.json" - # XXX needed below? - /bin/rm "$credsBak" - updateIndexd=true +setupMDSConfig() { + local ssjCredsFile + local jobImageConfig + ssjCredsFile="$(gen3_secrets_folder)/creds.json" + # don't log nonexistence of $ssjCredsFile since that would have already been logged in setupSsjInfra function + [[ -f "$ssjCredsFile" ]] || return 0 + if ! jobImageConfig="$(jq -r -e '.ssjdispatcher.JOBS[] | select(.name == "indexing").imageConfig' < "$ssjCredsFile" 2> /dev/null)"; then + gen3_log_info "skipping verifying or syncing metadata service creds because an \"indexing\" job image configuration could not be found in $ssjCredsFile" + return 0 fi - local indexdConfig="$(cat - < "$(gen3_secrets_folder)/creds.json" - /bin/rm "$credsBak" + if ! g3k_manifest_lookup .versions.metadata > /dev/null 2>&1; then + gen3_log_info "skipping verifying or syncing metadata service creds because metadata service not in manifest" + return 0 + fi - if [[ "$updateIndexd" != "false" ]]; then - gen3 job run indexd-userdb + mdsCredsFile="$(gen3_secrets_folder)/g3auto/metadata/metadata.env" + if [[ ! -f "$mdsCredsFile" ]]; then + gen3_log_info "skipping verifying or syncing metadata service creds because metadata service creds file could not be found" + return 0 fi -} -setupMDSConfig() { - # XXX check that mds is deployed - local credsBak="$(mktemp "$XDG_RUNTIME_DIR/creds.json_XXXXXX")" - local mdsCreds="$(grep ADMIN_LOGINS= < "$(gen3_secrets_folder)/g3auto/metadata/metadata.env" | cut -d '=' -f2)" - local mdsUser="$(echo $mdsCreds | cut -d ':' -f1)" - local mdsPassword="$(echo $mdsCreds | cut -d ':' -f2)" - local mdsConfig="$(cat - < /dev/null )" + mdsUsername="$(cut -s -d ':' -f1 <<< "$mdsCreds" 2> /dev/null)" + mdsPassword="$(cut -s -d ':' -f2 <<< "$mdsCreds" 2> /dev/null)" + + if [[ -z $mdsCreds || -z $mdsUsername || -z $mdsPassword ]]; then + gen3_log_warn "could not parse metadata service basic auth creds from $mdsCredsFile" + return 0 + fi + + local ssjMdsCreds + # check that metadata service creds match those configured for ssjdispatcher + if ssjMdsCreds="$(jq -r -e '.metadataService' <<< "$jobImageConfig" 2> /dev/null)"; then + local ssjMdsUsername + local ssjMdsPassword + ssjMdsUsername="$(jq -r -e '.username' <<< "$ssjMdsCreds" 2> /dev/null)" + ssjMdsPassword="$(jq -r -e '.password' <<< "$ssjMdsCreds" 2> /dev/null)" + if [[ "$ssjMdsUsername" -ne "$mdsUsername" || "$ssjMdsPassword" -ne "$mdsPassword" ]]; then + if [[ -n "$JENKINS_HOME" ]]; then + gen3_log_err "metadata service creds already configured for ssjdispatcher are not up-to-date with the metadata service: $ssjCredsFile" + return 1 + fi + gen3_log_warn "metadata service creds already configured for ssjdispatcher were not up-to-date with the metadata service before running kube-setup-ssjdispatcher: $ssjCredsFile" + else + gen3_log_info "metadata service creds configured for ssjdispatcher were verified to already be up-to-date with the metadata service" + return 0 + fi + fi + + if [[ -n "$JENKINS_HOME" ]]; then + gen3_log_info "running in jenkins, skipping setting up metadata service creds" + return 0 + fi + + gen3_log_info "setting up metadata service creds" + local mdsConfig + mdsConfig="$(cat - < "$(gen3_secrets_folder)/creds.json" + local credsBak + credsBak="$(mktemp "$XDG_RUNTIME_DIR/creds.json_XXXXXX")" + cp "$ssjCredsFile" "$credsBak" + jq -r -e --argjson mdsConfig "$mdsConfig" '(.ssjdispatcher.JOBS[] | select(.name == "indexing") | .imageConfig.metadataService)=$mdsConfig' < "$credsBak" > "$ssjCredsFile" /bin/rm "$credsBak" -} + gen3 secrets sync "chore(ssjdispatcher): set up metadata service creds" +} # main ------------------- @@ -196,7 +241,6 @@ fi [[ -z "$GEN3_ROLL_ALL" ]] && gen3 kube-setup-secrets setupSsjInfra "$@" -setupIndexdConfig setupMDSConfig gen3 roll ssjdispatcher g3kubectl apply -f "${GEN3_HOME}/kube/services/ssjdispatcher/ssjdispatcher-service.yaml" From f85938457f1fcdb5fc49d890296cfd14863ca29b Mon Sep 17 00:00:00 2001 From: John McCann Date: Mon, 12 Oct 2020 18:58:11 -0700 Subject: [PATCH 6/9] chore(kube-setup-ssjdispatcher): do str comparison --- gen3/bin/kube-setup-ssjdispatcher.sh | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/gen3/bin/kube-setup-ssjdispatcher.sh b/gen3/bin/kube-setup-ssjdispatcher.sh index 35e00d0a9..6f452233d 100644 --- a/gen3/bin/kube-setup-ssjdispatcher.sh +++ b/gen3/bin/kube-setup-ssjdispatcher.sh @@ -153,15 +153,9 @@ EOM setupMDSConfig() { local ssjCredsFile - local jobImageConfig ssjCredsFile="$(gen3_secrets_folder)/creds.json" # don't log nonexistence of $ssjCredsFile since that would have already been logged in setupSsjInfra function [[ -f "$ssjCredsFile" ]] || return 0 - if ! jobImageConfig="$(jq -r -e '.ssjdispatcher.JOBS[] | select(.name == "indexing").imageConfig' < "$ssjCredsFile" 2> /dev/null)"; then - gen3_log_info "skipping verifying or syncing metadata service creds because an \"indexing\" job image configuration could not be found in $ssjCredsFile" - return 0 - fi - if ! g3k_manifest_lookup .versions.metadata > /dev/null 2>&1; then gen3_log_info "skipping verifying or syncing metadata service creds because metadata service not in manifest" return 0 @@ -169,7 +163,13 @@ setupMDSConfig() { mdsCredsFile="$(gen3_secrets_folder)/g3auto/metadata/metadata.env" if [[ ! -f "$mdsCredsFile" ]]; then - gen3_log_info "skipping verifying or syncing metadata service creds because metadata service creds file could not be found" + gen3_log_warn "skipping verifying or syncing metadata service creds because metadata service creds file could not be found" + return 0 + fi + + local jobImageConfig + if ! jobImageConfig="$(jq -r -e '.ssjdispatcher.JOBS[] | select(.name == "indexing").imageConfig' < "$ssjCredsFile" 2> /dev/null)"; then + gen3_log_warn "skipping verifying or syncing metadata service creds because an \"indexing\" job image configuration could not be found in $ssjCredsFile" return 0 fi @@ -177,13 +177,13 @@ setupMDSConfig() { local mdsUsername local mdsPassword # [[ $? == 1 ]] added here so that if `set -e -o pipefail` were used in the - # future and grep can't find "ADMIN_LOGINS=", kube-setup-ssjdispatcher won't + # future and grep can't find 'ADMIN_LOGINS=', kube-setup-ssjdispatcher won't # exit with an error code, but will instead log a warning and exit with 0 - mdsCreds="$( (grep 'ADMIN_LOGINS=' "$mdsCredsFile" 2> /dev/null || [[ $? == 1 ]]) | cut -s -d '=' -f2 2> /dev/null )" - mdsUsername="$(cut -s -d ':' -f1 <<< "$mdsCreds" 2> /dev/null)" - mdsPassword="$(cut -s -d ':' -f2 <<< "$mdsCreds" 2> /dev/null)" + mdsCreds="$( (grep 'ADMIN_LOGINS=' "$mdsCredsFile" 2> /dev/null || [[ $? == 1 ]]) | cut -s -d '=' -f 2- 2> /dev/null )" + mdsUsername="$(cut -s -d ':' -f 1 <<< "$mdsCreds" 2> /dev/null)" + mdsPassword="$(cut -s -d ':' -f 2- <<< "$mdsCreds" 2> /dev/null)" - if [[ -z $mdsCreds || -z $mdsUsername || -z $mdsPassword ]]; then + if [[ -z "$mdsCreds" || -z "$mdsUsername" || -z "$mdsPassword" ]]; then gen3_log_warn "could not parse metadata service basic auth creds from $mdsCredsFile" return 0 fi @@ -195,7 +195,7 @@ setupMDSConfig() { local ssjMdsPassword ssjMdsUsername="$(jq -r -e '.username' <<< "$ssjMdsCreds" 2> /dev/null)" ssjMdsPassword="$(jq -r -e '.password' <<< "$ssjMdsCreds" 2> /dev/null)" - if [[ "$ssjMdsUsername" -ne "$mdsUsername" || "$ssjMdsPassword" -ne "$mdsPassword" ]]; then + if [[ "$ssjMdsUsername" != "$mdsUsername" || "$ssjMdsPassword" != "$mdsPassword" ]]; then if [[ -n "$JENKINS_HOME" ]]; then gen3_log_err "metadata service creds already configured for ssjdispatcher are not up-to-date with the metadata service: $ssjCredsFile" return 1 From 01fb1dea154da00821b1152064642ced7859afce Mon Sep 17 00:00:00 2001 From: John McCann Date: Tue, 13 Oct 2020 08:43:28 -0700 Subject: [PATCH 7/9] docs(kube-setup-ssjdispatcher): add mds creds info --- doc/kube-setup-ssjdispatcher.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/kube-setup-ssjdispatcher.md b/doc/kube-setup-ssjdispatcher.md index b39f9b411..010edb870 100644 --- a/doc/kube-setup-ssjdispatcher.md +++ b/doc/kube-setup-ssjdispatcher.md @@ -12,6 +12,7 @@ in `creds.json`. * create an upload bucket * create sns and sqs * setup indexd creds +* setup metadata service creds if they are present If `auto` is provided as the bucket name, then the script constructs a safe name for the bucket. The caller must configure the `DATA_UPLOAD_BUCKET` in `fence-config-public`. From 73e9eb54bae3eea455a6707302b04454d496e2c1 Mon Sep 17 00:00:00 2001 From: John McCann Date: Tue, 13 Oct 2020 10:00:02 -0700 Subject: [PATCH 8/9] chore(.secrets.baseline): update exceptions --- .secrets.baseline | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index a937de376..51a8f57be 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$|^./.secrets.baseline$", "lines": null }, - "generated_at": "2020-10-12T23:42:18Z", + "generated_at": "2020-10-13T16:27:08Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -566,13 +566,13 @@ { "hashed_secret": "185a71a740ef6b9b21c84e6eaa47b89c7de181ef", "is_verified": false, - "line_number": 155, + "line_number": 154, "type": "Base64 High Entropy String" }, { "hashed_secret": "329b7cd8191942bedd337107934d365c43a86e6c", "is_verified": false, - "line_number": 155, + "line_number": 154, "type": "Secret Keyword" } ], From c5f84650fbea4fe0017f59078d2218d5dec4e8d7 Mon Sep 17 00:00:00 2001 From: John McCann Date: Tue, 13 Oct 2020 14:09:53 -0700 Subject: [PATCH 9/9] chore(kube-roll-all): set up SSJ after MDS --- gen3/bin/kube-roll-all.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gen3/bin/kube-roll-all.sh b/gen3/bin/kube-roll-all.sh index 9cb629aed..02483d7b5 100644 --- a/gen3/bin/kube-roll-all.sh +++ b/gen3/bin/kube-roll-all.sh @@ -74,10 +74,6 @@ else gen3_log_info "no manifest entry for fence" fi -if g3k_manifest_lookup .versions.ssjdispatcher 2>&1 /dev/null; then - gen3 kube-setup-ssjdispatcher -fi - if g3kubectl get cronjob etl >/dev/null 2>&1; then gen3 job run etl-cronjob fi @@ -192,6 +188,10 @@ fi gen3 kube-setup-metadata +if g3k_manifest_lookup .versions.ssjdispatcher 2>&1 /dev/null; then + gen3 kube-setup-ssjdispatcher +fi + gen3 kube-setup-revproxy if [[ "$GEN3_ROLL_FAST" != "true" ]]; then