[COMMON] Fix some array bashisms

[oom.git] / kubernetes / common / mariadb-init / resources / config / db_init.sh

diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh
index 304835b..8f7e7ce 100755 (executable)
--- a/kubernetes/common/mariadb-init/resources/config/db_init.sh
+++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh
@@ -1,5 +1,8 @@
 #!/bin/sh
+
+{{/*
 # Copyright © 2019 Orange
+# Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,21 +15,35 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-echo "Creating database {{ .Values.config.mysqlDatabase }} and user {{ .Values.config.userName }}..."
-
-mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE OR REPLACE USER '{{ .Values.config.userName }}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'"
-mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE DATABASE IF NOT EXISTS {{ .Values.config.mysqlDatabase }}"
-mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "GRANT ALL PRIVILEGES ON {{ .Values.config.mysqlDatabase }}.* TO '{{ .Values.config.userName }}'@'%'"
+# make sure the script fails if any of commands failed
+set -e
 
-echo "Created database {{ .Values.config.mysqlDatabase }} and user {{ .Values.config.userName }}."
+while read DB ; do
+    USER_VAR="MYSQL_USER_$(echo $DB | tr '[:lower:]' '[:upper:]')"
+    PASS_VAR="MYSQL_PASSWORD_$(echo $DB | tr '[:lower:]' '[:upper:]')"
+{{/*
+    # USER=${!USER_VAR}
+    # PASS=`echo -n ${!PASS_VAR} | sed -e "s/'/''/g"`
+    # eval replacement of the bashism equivalents above might present a security issue here
+    # since it reads content from DB values filled by helm at the end of the script.
+    # These possible values has to be constrainted and/or limited by helm for a safe use of eval.
+*/}}
+    eval USER=\$$USER_VAR
+    PASS=$(eval echo -n \$$PASS_VAR | sed -e "s/'/''/g")
+    MYSQL_OPTS=" -h "${DB_HOST}" -P "${DB_PORT}" -uroot -p"${MYSQL_ROOT_PASSWORD}
 
-{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases -}}
-echo "Creating database {{ $db }} and user {{ $dbInfos.user }}..."
+    echo "Creating database ${DB} and user ${USER}..."
 
-mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE OR REPLACE USER '{{ $dbInfos.user }}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD_{{ $db | upper }}}'"
-mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE DATABASE IF NOT EXISTS {{ $db }}"
-mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "GRANT ALL PRIVILEGES ON {{ $db }}.* TO '{{ $dbInfos.user }}'@'%'"
+    mysql $MYSQL_OPTS -e "CREATE OR REPLACE USER '${USER}'@'%' IDENTIFIED BY '${PASS}'"
+    mysql $MYSQL_OPTS -e "CREATE DATABASE IF NOT EXISTS ${DB}"
+    mysql $MYSQL_OPTS -e "GRANT ALL PRIVILEGES ON ${DB}.* TO '${USER}'@'%'"
 
-echo "Created database {{ $db }} and user {{ $dbInfos.user }}."
-{{ end }}
+    echo "Created database ${DB} and user ${USER}."
+done <<EOF
+{{ .Values.config.mysqlDatabase }}
+{{- range $db, $_value := .Values.config.mysqlAdditionalDatabases }}
+{{ $db }}
+{{- end }}
+EOF