-1

I've been trying to update helm values.yaml with a randomized password.

My approach is to add a placeholder like

global:
    my_password: "password-placeholder"
another_service
    service_password: "password-placeholder"

I tried to generate password with openssl rand -base64 12. I'm looking for a string replacement bash command which can loop and create these password.

Tried yq but it has a bug where it removes some comments in the file.

Tried sed but not sure how to replace the password-placeholder with a unique password everytime.

Looking for suggestions.

mbxzxz
  • 366
  • 2
  • 14
  • Which yq version are you using? Go or the Python version? See https://stackoverflow.com/tags/yq/info and post your version details – Inian May 16 '22 at 08:23
  • I'm using the bash one I guess. This is the open issue -> https://github.com/mikefarah/yq/issues/442 – mbxzxz May 16 '22 at 08:26
  • That's the go one, you can see that when you look at the sources – Aserre May 16 '22 at 08:38
  • you'd need to add the `g` option to sed to apply your substitution to every `"password-placeholder"` occurences in your file – Aserre May 16 '22 at 08:50
  • 1
    @Aserre Not really, only if you expect to need to replace multiple occurrences _per line._ – tripleee May 16 '22 at 09:09

1 Answers1

1

You could use awk for that:

awk -v placeholder='password-placeholder' '
    $0 ~ placeholder {
        cmd = "openssl rand -base64 12"
        cmd | getline pass
        close(cmd)
        sub(placeholder,pass)
    } 1
' file.yml
explanations:

  • $0 ~ placeholder {...} selects the lines that match the regex contained in placeholder and executes ... for them.

  • "openssl rand -base64 12" | getline pass loads the result of the openssl command into the pass variable

  • sub(placeholder,pass) replaces (in the current line) the first match of the regex placeholder with the content of pass

  • 1 prints each line

Fravadona
  • 13,917
  • 1
  • 23
  • 35
  • Using this command substitutes same password in both placeholders. I'm thinking of looping over each line and then replace individually. – mbxzxz May 16 '22 at 09:15
  • Sorry, I forgot to close the command, now it should work as intented – Fravadona May 16 '22 at 09:31
  • Thanks, the print is coming correctly with `1`, is there a way to write it back to file. Seems like the original file is unchanged. – mbxzxz May 16 '22 at 10:39
  • GNU awk have the option `awk -i inplace ...` for applying the changes to the input file – Fravadona May 16 '22 at 10:46
  • I tested -i inplace in my local system and it worked. But in the development environment we have some other flavor of linux which has either `mawk` or `gawk` and it gives error `awk: not an option: -i`. Do you know a workaround for this? – mbxzxz May 16 '22 at 16:39
  • Using a simple temporary file is the only thing that's portable (not just for awk but with all other standard commands) `if awk ... > file.yaml.new; then mv -f file.yaml.new file.yaml; fi` – Fravadona May 16 '22 at 17:20