|
2 | 2 | # Copyright 2018, Oracle Corporation and/or its affiliates. All rights reserved. |
3 | 3 | # Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl. |
4 | 4 |
|
5 | | -set -x |
| 5 | +# do not turn on 'set -x' since it can print sensitive info, like secrets and private keys, to the oeprator log |
| 6 | +#set -x |
6 | 7 |
|
7 | 8 | if [ "$#" != 0 ] ; then |
8 | 9 | 1>&2 echo "Syntax: ${BASH_SOURCE[0]}" |
@@ -95,31 +96,37 @@ function recordInternalIdentity { |
95 | 96 | TOKEN=`cat /var/run/secrets/kubernetes.io/serviceaccount/token` |
96 | 97 | KUBERNETES_MASTER="https://kubernetes.default.svc" |
97 | 98 |
|
| 99 | + # the request body prints out the atz token |
| 100 | + # don't specify -v so that the token is not printed to the operator log |
| 101 | + |
| 102 | + # the response body from PATCH prints out the config map / secret |
| 103 | + # send stdout to /dev/null to supress this so that we don't print the cert or private key to the operator log |
| 104 | + |
98 | 105 | # put the new certificate in the operator's config map so that it will be available |
99 | 106 | # the next time the operator is started |
100 | 107 | NEW_CERT=`cat ${INTERNAL_CERT_BASE64_PEM}` |
101 | 108 | PATCH_DOCUMENT="{ \"data\": { \"${CERT_PROPERTY}\" : \"${NEW_CERT}\" } }" |
102 | 109 | curl \ |
103 | | - -v \ |
104 | 110 | --cacert $CACERT \ |
105 | 111 | -H "Authorization: Bearer $TOKEN" \ |
106 | 112 | -H "Content-Type: application/merge-patch+json" \ |
107 | 113 | -d "${PATCH_DOCUMENT}" \ |
108 | 114 | -X PATCH \ |
109 | | - $KUBERNETES_MASTER/api/v1/namespaces/$NAMESPACE/configmaps/weblogic-operator-cm |
| 115 | + $KUBERNETES_MASTER/api/v1/namespaces/$NAMESPACE/configmaps/weblogic-operator-cm \ |
| 116 | + > /dev/null |
110 | 117 |
|
111 | 118 | # put the new private key in the operator's secret so that it will be available |
112 | 119 | # the next time the operator is started |
113 | 120 | NEW_KEY=`base64 -i ${INTERNAL_KEY_PEM} | tr -d '\n'` |
114 | 121 | PATCH_DOCUMENT="{ \"data\": { \"${KEY_PROPERTY}\" : \"${NEW_KEY}\" } }" |
115 | 122 | curl \ |
116 | | - -v \ |
117 | 123 | --cacert $CACERT \ |
118 | 124 | -H "Authorization: Bearer $TOKEN" \ |
119 | 125 | -H "Content-Type: application/merge-patch+json" \ |
120 | 126 | -d "${PATCH_DOCUMENT}" \ |
121 | 127 | -X PATCH \ |
122 | | - $KUBERNETES_MASTER/api/v1/namespaces/$NAMESPACE/secrets/weblogic-operator-secrets |
| 128 | + $KUBERNETES_MASTER/api/v1/namespaces/$NAMESPACE/secrets/weblogic-operator-secrets \ |
| 129 | + > /dev/null |
123 | 130 | } |
124 | 131 |
|
125 | 132 | function createInternalIdentity { |
|
0 commit comments