Commit ebcdcddc authored by Michał 'rysiek' Woźniak's avatar Michał 'rysiek' Woźniak
Browse files

serious bugfix: error handling now *actually* works...

parent 4fbbbaa9
......@@ -121,13 +121,13 @@ function create_readonly_mysql_user() {
echo " +-- password: (provided on the command line)"
# otherwise, create a random one
else
RUSER_PW="$( pwgen -s 24 1 )" || ( display_error "Error generating password; is pwgen installed and in \$PATH?" && return 1 )
RUSER_PW="$( pwgen -s 24 1 )" || { display_error "Error generating password; is pwgen installed and in \$PATH?"; return 1; }
echo " +-- password: $RUSER_PW"
fi
# do the magic
mysql -h "$1" -u "$2" --password="$3" --batch -e "GRANT SELECT, SHOW DATABASES, LOCK TABLES, EXECUTE, SHOW VIEW ON *.* TO '$RUSER_NAME'@'$RUSER_HOST' IDENTIFIED BY '$RUSER_PW';" \
|| ( display_error "Error creating a read-only user." && return 1 )
|| { display_error "Error creating a read-only user."; return 1; }
}
export -f create_readonly_mysql_user
......@@ -167,7 +167,7 @@ function dump_mysql_dbs {
DATABASES="$( mysql -h "$1" -u "$2" --password="$3" --batch -e "SHOW DATABASES $DATABASES_WHERE;" | egrep -v '(Database|information_schema|performance_schema)' )"
# either the code is 0, or the command failed; act accordingly.
[ $? -eq 0 ] || ( display_error && return 1 )
[ $? -eq 0 ] || { display_error; return 1; }
# did we find anything?
if [[ "$DATABASES" == "" ]]; then
......@@ -202,7 +202,7 @@ function dump_mysql_dbs {
# get the list of users
DBUSERS="$( mysql -h "$1" -u "$2" --password="$3" --batch --skip-column-names -e "SELECT CONCAT('',QUOTE(user),'@',QUOTE(host),':',$PWCOL) FROM mysql.user WHERE user<>'';")"
[ $? -eq 0 ] || ( display_error && return 3 )
[ $? -eq 0 ] || { display_error; return 3; }
echo " +-- found `echo "$DBUSERS" | wc -l` users..."
# get all grants for said users
......@@ -216,7 +216,7 @@ function dump_mysql_dbs {
DBUSERPW="$( echo "$user_host_pass" | cut -d ':' -f 2 )"
# get the grants # add IDENTIFIED BY <password>, but only when there was no IDENTIFIED BY there already
DBGRANTS=`echo -ne "$DBGRANTS\n$( mysql -h "$1" -u "$2" --password="$3" --batch --skip-column-names -e "SHOW GRANTS FOR $DBUSER;" | sed -r -e "s/(IDENTIFIED BY.*)$/ IDENTIFIED BY PASSWORD '$DBUSERPW'/g" )"`
[ $? -eq 0 ] || ( display_error && return 4 )
[ $? -eq 0 ] || { display_error; return 4; }
done
# iterate through databases
......@@ -312,11 +312,11 @@ function create_readonly_postgres_user() {
PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -c "
CREATE ROLE $RUSER_NAME NOSUPERUSER NOCREATEDB NOCREATEROLE LOGIN NOREPLICATION PASSWORD '$RUSER_PW';
GRANT SELECT ON pg_authid TO $RUSER_NAME;" postgres \
|| ( display_error "Error creating the $RUSER_NAME role and granting SELECT on pg_authid." && return 1 )
|| { display_error "Error creating the $RUSER_NAME role and granting SELECT on pg_authid."; return 1; }
# get the list of roles
ROLES="$( PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -Aqt -c '\dg' postgres | grep '|' | cut -d '|' -f 1 )" \
|| ( display_error "Error getting list of roles" && return 2 )
|| { display_error "Error getting list of roles"; return 2; }
# and for each role
for ROLE in $ROLES; do
......@@ -325,13 +325,13 @@ function create_readonly_postgres_user() {
ALTER DEFAULT PRIVILEGES FOR ROLE $ROLE GRANT SELECT ON TABLES TO $RUSER_NAME;
ALTER DEFAULT PRIVILEGES FOR ROLE $ROLE GRANT SELECT ON SEQUENCES TO $RUSER_NAME;
ALTER DEFAULT PRIVILEGES FOR ROLE $ROLE GRANT EXECUTE ON FUNCTIONS TO $RUSER_NAME;" postgres \
|| ( display_error "Error altering default privileges for role $ROLE" && return 3 )
|| { display_error "Error altering default privileges for role $ROLE"; return 3; }
done
# get the list of databases
DATABASES="$( PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -lAqt postgres | grep '|' | cut -d '|' -f 1 | egrep -v "template[0-9]" )" \
|| ( display_error "Error getting list of databases" && return 4 )
|| { display_error "Error getting list of databases"; return 4; }
# do we have any databases?
if [[ "$DATABASES" == "" ]]; then
......@@ -344,24 +344,24 @@ function create_readonly_postgres_user() {
# grant CONNECT
PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -c "GRANT CONNECT ON DATABASE $DATABASE TO $RUSER_NAME;" postgres \
|| ( display_error "Error granting CONNECT on database $DATABASE" && return 5 )
|| { display_error "Error granting CONNECT on database $DATABASE"; return 5; }
# get all schemas
SCHEMAS="$( PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -Aqt -c '\dn' postgres | grep '|' | cut -d '|' -f 1 )" \
|| ( display_error "Error getting list of schemas" && return 6 )
|| { display_error "Error getting list of schemas"; return 6; }
# let's go through the schemas, then
for SCHEMA in $SCHEMAS; do
# grant USAGE on the schema
PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -c "GRANT USAGE ON SCHEMA $SCHEMA TO $RUSER_NAME;" "$DATABASE" \
|| ( display_error "Error granting USAGE on schema $SCHEMA" && return 7 )
|| { display_error "Error granting USAGE on schema $SCHEMA"; return 7; }
# grant SELECT on all tables and sequences, and EXECUTE on all functions, in the schema
PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -c "
GRANT SELECT ON ALL TABLES IN SCHEMA $SCHEMA TO $RUSER_NAME;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA $SCHEMA TO $RUSER_NAME;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA $SCHEMA TO $RUSER_NAME;" "$DATABASE" \
|| ( display_error "Error granting USAGE on schema $SCHEMA" && return 8 )
|| { display_error "Error granting USAGE on schema $SCHEMA"; return 8; }
done
done
......@@ -400,7 +400,7 @@ function dump_postgres_dbs {
DATABASES="$( PGPASSWORD="$3" psql -h "$1" -U "$2" -lAqt | grep '|' | cut -d '|' -f 1 | egrep -v "template[0-9]" )"
# either the code is 0, or the command failed; act accordingly.
[ $? -eq 0 ] || ( display_error && return 1 )
[ $? -eq 0 ] || { display_error; return 1; }
# do we have any databases?
if [[ "$DATABASES" == "" ]]; then
......@@ -423,7 +423,7 @@ function dump_postgres_dbs {
# list of users
DBUSERS="$( PGPASSWORD="$3" pg_dumpall -h "$1" --globals-only -U "$2" | egrep '(CREATE|ALTER) ROLE' )"
[ $? -eq 0 ] || ( display_error && return 3 )
[ $? -eq 0 ] || { display_error; return 3; }
echo " +-- found `echo "$DBUSERS" | egrep "^CREATE" | wc -l` users..."
......@@ -529,17 +529,17 @@ function dump_elasticsearch_dbs {
# create a snapshot, blocking until it's done
echo " +-- dump..."
curl -X PUT "http://$1:9200/_snapshot/$BACKUP_NAME/snapshot?wait_for_completion=true" || ( display_error 'Error while generating the snapshot!' && return 1 )
curl -X PUT "http://$1:9200/_snapshot/$BACKUP_NAME/snapshot?wait_for_completion=true" || { display_error 'Error while generating the snapshot!'; return 1; }
echo
# copy the backup to a less temporary location
cp -a "$BACKUP_TEMP_DIR"/* "$2/" || ( display_error 'Error while copying the snapshot data to the target directory!' && return 2 )
cp -a "$BACKUP_TEMP_DIR"/* "$2/" || { display_error 'Error while copying the snapshot data to the target directory!'; return 2; }
# cleanup
echo " +-- cleanup..."
curl -X DELETE "http://$1:9200/_snapshot/$BACKUP_NAME/snapshot" || ( display_error 'Error while cleaning up the snapshot!' && return 3 )
curl -X DELETE "http://$1:9200/_snapshot/$BACKUP_NAME/snapshot" || { display_error 'Error while cleaning up the snapshot!'; return 3; }
echo
curl -X DELETE "http://$1:9200/_snapshot/$BACKUP_NAME/" || ( display_error 'Error while cleaning up the backup repository!' && return 4 )
curl -X DELETE "http://$1:9200/_snapshot/$BACKUP_NAME/" || { display_error 'Error while cleaning up the backup repository!'; return 4; }
echo
rm -rf "$BACKUP_TEMP_DIR/*"
echo " +-- done..."
......@@ -563,8 +563,8 @@ function ssh_rsa_encrypt {
[ "$1" != "" ] && PUBKEY="$1"
# reality checks -- does the file exist, is it a file, is it readable
[ -e "$PUBKEY" ] || (>&2 display_error "The specified SSH RSA public key '$PUBKEY' does not exist." && return 1 )
[ -r "$PUBKEY" ] || (>&2 display_error "The specified SSH RSA public key '$PUBKEY' is not readable to this user." && return 2 )
[ -e "$PUBKEY" ] || { >&2 display_error "The specified SSH RSA public key '$PUBKEY' does not exist."; return 1; }
[ -r "$PUBKEY" ] || { >&2 display_error "The specified SSH RSA public key '$PUBKEY' is not readable to this user."; return 2; }
# temporary file for the pubkey in OpenSSL-compatible PEM format
PUBKEY_PEM="$( mktemp )"
......@@ -598,8 +598,8 @@ function ssh_rsa_decrypt {
[ "$1" != "" ] && PRIVKEY="$1"
# reality checks -- does the file exist, is it a file, is it readable
[ -e "$PRIVKEY" ] || (>&2 display_error "The specified SSH RSA public key '$PRIVKEY' does not exist." && return 1 )
[ -r "$PRIVKEY" ] || (>&2 display_error "The specified SSH RSA public key '$PRIVKEY' is not readable to this user." && return 2 )
[ -e "$PRIVKEY" ] || { >&2 display_error "The specified SSH RSA public key '$PRIVKEY' does not exist."; return 1; }
[ -r "$PRIVKEY" ] || { >&2 display_error "The specified SSH RSA public key '$PRIVKEY' is not readable to this user."; return 2; }
# decrypt from stdin to stdout
openssl pkeyutl -decrypt -inkey "$PRIVKEY"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment