K8SPS-265 add special characters

build/orc-entrypoint.sh

@@ -43,8 +43,15 @@ fi
 
 set +o xtrace
 temp=$(mktemp)
-sed -r "s|^[#]?user=.*$|user=${TOPOLOGY_USER}|" "${ORC_CONF_PATH}/orc-topology.cnf" >"${temp}"
-sed -r "s|^[#]?password=.*$|password=${TOPOLOGY_PASSWORD:-$ORC_TOPOLOGY_PASSWORD}|" "${ORC_CONF_PATH}/orc-topology.cnf" >"${temp}"
+
+ESCAPED_PASSWORD=$(printf '%s' "${TOPOLOGY_PASSWORD:-$ORC_TOPOLOGY_PASSWORD}" | sed -e 's/[&"\\]/\\&/g')
+ESCAPED_PASSWORD="\"${ESCAPED_PASSWORD}\""  # Wrap in double quotes for .cnf
+
+sed -r \
+  -e "s|^[#]?user=.*$|user=${TOPOLOGY_USER}|" \
+  -e "s|^[#]?password=.*$|password=${ESCAPED_PASSWORD}|" \
+  "${ORC_CONF_PATH}/orc-topology.cnf" > "${temp}"
+
 cat "${temp}" >"${ORC_CONF_PATH}/config/orc-topology.cnf"
 rm "${temp}"
 set -o xtrace

build/router-entrypoint.sh

@@ -6,18 +6,23 @@ ROUTER_DIR=${ROUTER_DIR:-/tmp/router}
 OPERATOR_USER=${OPERATOR_USER:-operator}
 NAMESPACE=$(</var/run/secrets/kubernetes.io/serviceaccount/namespace)
 
+urlencode() {
+  python3 -c 'import urllib.parse, sys; print(urllib.parse.quote(sys.argv[1]))' "$1"
+}
+
 if [ -f "/etc/mysql/mysql-users-secret/${OPERATOR_USER}" ]; then
 	OPERATOR_PASS=$(<"/etc/mysql/mysql-users-secret/${OPERATOR_USER}")
+	OPERATOR_PASS_ESCAPED=$(urlencode "$OPERATOR_PASS")
 fi
 
 mysqlrouter --force \
-	--bootstrap "${OPERATOR_USER}:${OPERATOR_PASS}@${MYSQL_SERVICE_NAME}-0.${MYSQL_SERVICE_NAME}.${NAMESPACE}.svc" \
+	--bootstrap "${OPERATOR_USER}:${OPERATOR_PASS_ESCAPED}@${MYSQL_SERVICE_NAME}-0.${MYSQL_SERVICE_NAME}.${NAMESPACE}.svc" \
 	--conf-bind-address 0.0.0.0 \
 	--conf-set-option http_auth_backend:default_auth_backend.backend=file \
 	--conf-set-option http_auth_backend:default_auth_backend.filename="${ROUTER_DIR}/realm.txt" \
 	--directory "${ROUTER_DIR}"
 
-echo ${OPERATOR_PASS} | mysqlrouter_passwd set "${ROUTER_DIR}/realm.txt" ${OPERATOR_USER}
+echo "${OPERATOR_PASS_ESCAPED}" | mysqlrouter_passwd set "${ROUTER_DIR}/realm.txt" "${OPERATOR_USER}"
 
 sed -i 's/logging_folder=.*/logging_folder=/g' "${ROUTER_DIR}/mysqlrouter.conf"
 sed -i "/\[logger\]/a destination=/dev/stdout" "${ROUTER_DIR}/mysqlrouter.conf"

build/router_readiness_check.sh

@@ -1,15 +1,20 @@
 #!/bin/bash
 
+urlencode() {
+  python3 -c 'import urllib.parse, sys; print(urllib.parse.quote(sys.argv[1]))' "$1"
+}
+
 OPERATOR_PASS=$(</etc/mysql/mysql-users-secret/operator)
+OPERATOR_PASS_ESCAPED=$(urlencode "$OPERATOR_PASS")
 
-if ! curl -k -s -u operator:"${OPERATOR_PASS}" https://localhost:8443/api/20190715/routes/bootstrap_rw/health | grep true; then
+if ! curl -k -s -u operator:"${OPERATOR_PASS_ESCAPED}" https://localhost:8443/api/20190715/routes/bootstrap_rw/health | grep true; then
 	echo "Read-write route is not healthy"
 	exit 1
 fi
 
-if ! curl -k -s -u operator:"${OPERATOR_PASS}" https://localhost:8443/api/20190715/routes/bootstrap_ro/health | grep true; then
+if ! curl -k -s -u operator:"${OPERATOR_PASS_ESCAPED}" https://localhost:8443/api/20190715/routes/bootstrap_ro/health | grep true; then
 	echo "Read-only route is not healthy"
 	exit 1
 fi
 
-exit 0
+exit 0

build/router_startup_check.sh

@@ -1,7 +1,12 @@
 #!/bin/bash
 
+urlencode() {
+  python3 -c 'import urllib.parse, sys; print(urllib.parse.quote(sys.argv[1]))' "$1"
+}
+
 OPERATOR_PASS=$(</etc/mysql/mysql-users-secret/operator)
+OPERATOR_PASS_ESCAPED=$(urlencode "$OPERATOR_PASS")
 
-if [[ $(curl -k -s -u operator:"${OPERATOR_PASS}" -o /dev/null -w %{http_code} https://localhost:8443/api/20190715/router/status) != 200 ]]; then
+if [[ $(curl -k -s -u operator:"${OPERATOR_PASS_ESCAPED}" -o /dev/null -w %{http_code} https://localhost:8443/api/20190715/router/status) != 200 ]]; then
 	echo "Router is not ready"
-fi
+fi

cmd/bootstrap/group_replication.go

@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"io"
 	"log"
+	"net/url"
 	"os"
 	"os/exec"
 	"regexp"
@@ -54,8 +55,9 @@ func (m *mysqlsh) getURI() string {
 	if err != nil {
 		return ""
 	}
+	escapedPass := url.QueryEscape(operatorPass)
 
-	return fmt.Sprintf("%s:%s@%s", apiv1alpha1.UserOperator, operatorPass, m.host)
+	return fmt.Sprintf("%s:%s@%s", apiv1alpha1.UserOperator, escapedPass, m.host)
 }
 
 func (m *mysqlsh) run(ctx context.Context, cmd string) (bytes.Buffer, bytes.Buffer, error) {

e2e-tests/conf/secrets.yaml

@@ -7,7 +7,6 @@ stringData:
   root: root_password
   xtrabackup: backup_password
   monitor: monitor_password
-  proxyadmin: admin_password
   operator: operator_password
   replication: replication_password
   orchestrator: orchestrator_password

e2e-tests/functions

@@ -1039,6 +1039,11 @@ deploy_cmctl() {
 	kubectl apply -n "${NAMESPACE}" -f "${TESTS_CONFIG_DIR}/cmctl.yml"
 }
 
+get_user_pass() {
+  local user="${1:-root}"
+  kubectl -n "${NAMESPACE}" get secret test-secrets -o jsonpath="{.data.${user}}" | base64 --decode
+}
+
 get_operator_version() {
 	kubectl get crd -n "$NAMESPACE" perconaservermysqls.ps.percona.com -o jsonpath='{.metadata.labels.app\.kubernetes\.io/version}'
 }

e2e-tests/tests/demand-backup/01-deploy-operator.yaml

@@ -10,7 +10,6 @@ commands:
 
       apply_s3_storage_secrets
       deploy_operator
-      deploy_non_tls_cluster_secrets
       deploy_tls_cluster_secrets
       deploy_client
       deploy_minio

e2e-tests/tests/demand-backup/03-write-data.yaml

@@ -6,11 +6,11 @@ commands:
       set -o xtrace
 
       source ../../functions
-
+      password=$(get_user_pass root)
       run_mysql \
           "CREATE DATABASE IF NOT EXISTS myDB; CREATE TABLE IF NOT EXISTS myDB.myTable (id int PRIMARY KEY)" \
-          "-h $(get_haproxy_svc $(get_cluster_name)) -uroot -proot_password"
+          "-h $(get_haproxy_svc $(get_cluster_name)) -uroot -p'$password'"
 
       run_mysql \
           "INSERT myDB.myTable (id) VALUES (100500)" \
-          "-h $(get_haproxy_svc $(get_cluster_name)) -uroot -proot_password"
+          "-h $(get_haproxy_svc $(get_cluster_name)) -uroot -p'$password'"

e2e-tests/tests/demand-backup/07-delete-data.yaml

@@ -6,13 +6,13 @@ commands:
       set -o xtrace
 
       source ../../functions
-
+      password=$(get_user_pass root)
       run_mysql \
           "TRUNCATE TABLE myDB.myTable" \
-          "-h $(get_haproxy_svc $(get_cluster_name)) -uroot -proot_password"
+          "-h $(get_haproxy_svc $(get_cluster_name)) -uroot -p'$password'"
 
       cluster_name=$(get_cluster_name)
       for i in 0 1 2; do
-          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -proot_password")
+          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -p'$password'")
           kubectl create configmap -n "${NAMESPACE}" 04-delete-data-minio-${i} --from-literal=data="${data}"
       done

e2e-tests/tests/demand-backup/10-read-data.yaml

@@ -8,8 +8,9 @@ commands:
 
       source ../../functions
 
+      password=$(get_user_pass root)
       cluster_name=$(get_cluster_name)
       for i in 0 1 2; do
-          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -proot_password")
+          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -p'$password'")
           kubectl create configmap -n "${NAMESPACE}" 06-read-data-minio-${i} --from-literal=data="${data}"
       done

e2e-tests/tests/demand-backup/11-delete-data.yaml

@@ -7,12 +7,13 @@ commands:
 
       source ../../functions
 
+      password=$(get_user_pass root)
       run_mysql \
           "TRUNCATE TABLE myDB.myTable" \
-          "-h $(get_haproxy_svc $(get_cluster_name)) -uroot -proot_password"
+          "-h $(get_haproxy_svc $(get_cluster_name)) -uroot -p'$password'"
 
       cluster_name=$(get_cluster_name)
       for i in 0 1 2; do
-          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -proot_password")
+          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -p'$password'")
           kubectl create configmap -n "${NAMESPACE}" 04-delete-data-minio-backup-source-${i} --from-literal=data="${data}"
       done

e2e-tests/tests/demand-backup/13-read-data.yaml

@@ -8,8 +8,9 @@ commands:
 
       source ../../functions
 
+      password=$(get_user_pass root)
       cluster_name=$(get_cluster_name)
       for i in 0 1 2; do
-          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -proot_password")
+          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -p'$password'")
           kubectl create configmap -n "${NAMESPACE}" 09-read-data-minio-backup-source-${i} --from-literal=data="${data}"
       done

e2e-tests/tests/demand-backup/15-delete-data.yaml

@@ -7,12 +7,13 @@ commands:
 
       source ../../functions
 
+      password=$(get_user_pass root)
       run_mysql \
           "TRUNCATE TABLE myDB.myTable" \
-          "-h $(get_haproxy_svc $(get_cluster_name)) -uroot -proot_password"
+          "-h $(get_haproxy_svc $(get_cluster_name)) -uroot -p'$password'"
 
       cluster_name=$(get_cluster_name)
       for i in 0 1 2; do
-          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -proot_password")
+          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -p'$password'")
           kubectl create configmap -n "${NAMESPACE}" 08-delete-data-s3-${i} --from-literal=data="${data}"
       done

e2e-tests/tests/demand-backup/17-read-data.yaml

@@ -8,8 +8,9 @@ commands:
 
       source ../../functions
 
+      password=$(get_user_pass root)
       cluster_name=$(get_cluster_name)
       for i in 0 1 2; do
-          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -proot_password")
+          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -p'$password'")
           kubectl create configmap -n "${NAMESPACE}" 06-read-data-s3-${i} --from-literal=data="${data}"
       done

e2e-tests/tests/demand-backup/19-delete-data.yaml

@@ -7,12 +7,13 @@ commands:
 
       source ../../functions
 
+      password=$(get_user_pass root)
       run_mysql \
           "TRUNCATE TABLE myDB.myTable" \
-          "-h $(get_haproxy_svc $(get_cluster_name)) -uroot -proot_password"
+          "-h $(get_haproxy_svc $(get_cluster_name)) -uroot -p'$password'"
 
       cluster_name=$(get_cluster_name)
       for i in 0 1 2; do
-          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -proot_password")
+          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -p'$password'")
           kubectl create configmap -n "${NAMESPACE}" 12-delete-data-gcp-${i} --from-literal=data="${data}"
       done

e2e-tests/tests/demand-backup/21-read-data.yaml

@@ -8,8 +8,9 @@ commands:
 
       source ../../functions
 
+      password=$(get_user_pass root)
       cluster_name=$(get_cluster_name)
       for i in 0 1 2; do
-          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -proot_password")
+          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -p'$password'")
           kubectl create configmap -n "${NAMESPACE}" 06-read-data-gcp-${i} --from-literal=data="${data}"
       done

e2e-tests/tests/demand-backup/23-delete-data.yaml

@@ -7,12 +7,13 @@ commands:
 
       source ../../functions
 
+      password=$(get_user_pass root)
       run_mysql \
           "TRUNCATE TABLE myDB.myTable" \
-          "-h $(get_haproxy_svc $(get_cluster_name)) -uroot -proot_password"
+          "-h $(get_haproxy_svc $(get_cluster_name)) -uroot -p'$password'"
 
       cluster_name=$(get_cluster_name)
       for i in 0 1 2; do
-          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -proot_password")
+          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -p'$password'")
           kubectl create configmap -n "${NAMESPACE}" 16-delete-data-azure-${i} --from-literal=data="${data}"
       done

e2e-tests/tests/demand-backup/25-read-data.yaml

@@ -8,8 +8,9 @@ commands:
 
       source ../../functions
 
+      password=$(get_user_pass root)
       cluster_name=$(get_cluster_name)
       for i in 0 1 2; do
-          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -proot_password")
+          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -p'$password'")
           kubectl create configmap -n "${NAMESPACE}" 06-read-data-azure-${i} --from-literal=data="${data}"
       done

e2e-tests/tests/gr-demand-backup/01-deploy-operator.yaml

@@ -10,7 +10,6 @@ commands:
 
       apply_s3_storage_secrets
       deploy_operator
-      deploy_non_tls_cluster_secrets
       deploy_tls_cluster_secrets
       deploy_client
       deploy_minio

e2e-tests/tests/gr-demand-backup/03-write-data.yaml

@@ -8,10 +8,11 @@ commands:
 
       source ../../functions
 
+      password=$(get_user_pass root)
       run_mysql \
           "CREATE DATABASE IF NOT EXISTS myDB; CREATE TABLE IF NOT EXISTS myDB.myTable (id int PRIMARY KEY)" \
-          "-h $(get_mysql_router_service $(get_cluster_name)) -uroot -proot_password"
+          "-h $(get_mysql_router_service $(get_cluster_name)) -uroot -p'$password'"
 
       run_mysql \
           "INSERT myDB.myTable (id) VALUES (100500)" \
-          "-h $(get_mysql_router_service $(get_cluster_name)) -uroot -proot_password"
+          "-h $(get_mysql_router_service $(get_cluster_name)) -uroot -p'$password'"

e2e-tests/tests/gr-demand-backup/05-delete-data.yaml

@@ -7,12 +7,13 @@ commands:
 
       source ../../functions
 
+      password=$(get_user_pass root)
       run_mysql \
           "TRUNCATE TABLE myDB.myTable" \
-          "-h $(get_mysql_router_service $(get_cluster_name)) -uroot -proot_password"
+          "-h $(get_mysql_router_service $(get_cluster_name)) -uroot -p'$password'"
 
       cluster_name=$(get_cluster_name)
       for i in 0 1 2; do
-          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -proot_password")
+          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -p'$password'")
           kubectl create configmap -n "${NAMESPACE}" 04-delete-data-minio-${i} --from-literal=data="${data}"
       done

e2e-tests/tests/gr-demand-backup/07-read-data.yaml

@@ -8,8 +8,9 @@ commands:
 
       source ../../functions
 
+      password=$(get_user_pass root)
       cluster_name=$(get_cluster_name)
       for i in 0 1 2; do
-          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -proot_password")
+          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -p'$password'")
           kubectl create configmap -n "${NAMESPACE}" 06-read-data-minio-${i} --from-literal=data="${data}"
       done

e2e-tests/tests/gr-demand-backup/09-delete-data.yaml

@@ -7,12 +7,13 @@ commands:
 
       source ../../functions
 
+      password=$(get_user_pass root)
       run_mysql \
           "TRUNCATE TABLE myDB.myTable" \
-          "-h $(get_mysql_router_service $(get_cluster_name)) -uroot -proot_password"
+          "-h $(get_mysql_router_service $(get_cluster_name)) -uroot -p'$password'"
 
       cluster_name=$(get_cluster_name)
       for i in 0 1 2; do
-          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -proot_password")
+          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -p'$password'")
           kubectl create configmap -n "${NAMESPACE}" 08-delete-data-s3-${i} --from-literal=data="${data}"
       done

e2e-tests/tests/gr-demand-backup/11-read-data.yaml

@@ -8,8 +8,9 @@ commands:
 
       source ../../functions
 
+      password=$(get_user_pass root)
       cluster_name=$(get_cluster_name)
       for i in 0 1 2; do
-          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -proot_password")
+          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -p'$password'")
           kubectl create configmap -n "${NAMESPACE}" 06-read-data-s3-${i} --from-literal=data="${data}"
       done

e2e-tests/tests/gr-demand-backup/13-delete-data.yaml

@@ -7,12 +7,13 @@ commands:
 
       source ../../functions
 
+      password=$(get_user_pass root)
       run_mysql \
           "TRUNCATE TABLE myDB.myTable" \
-          "-h $(get_mysql_router_service $(get_cluster_name)) -uroot -proot_password"
+          "-h $(get_mysql_router_service $(get_cluster_name)) -uroot -p'$password'"
 
       cluster_name=$(get_cluster_name)
       for i in 0 1 2; do
-          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -proot_password")
+          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -p'$password'")
           kubectl create configmap -n "${NAMESPACE}" 12-delete-data-gcp-${i} --from-literal=data="${data}"
       done

e2e-tests/tests/gr-demand-backup/15-read-data.yaml

@@ -8,8 +8,9 @@ commands:
 
       source ../../functions
 
+      password=$(get_user_pass root)
       cluster_name=$(get_cluster_name)
       for i in 0 1 2; do
-          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -proot_password")
+          data=$(run_mysql "SELECT * FROM myDB.myTable" "-h ${cluster_name}-mysql-${i}.${cluster_name}-mysql -uroot -p'$password'")
           kubectl create configmap -n "${NAMESPACE}" 06-read-data-gcp-${i} --from-literal=data="${data}"
       done