diff mbox series

oci: user-data: Try to decode base64 content

Message ID	20220221172456.1055696-1-michael.tremer@ipfire.org
State	Accepted
Commit	d5538121d7b61f03e53a2fe48ed81728019df411
Headers	From: Michael Tremer <michael.tremer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] oci: user-data: Try to decode base64 content Date: Mon, 21 Feb 2022 17:24:56 +0000 Message-Id: <20220221172456.1055696-1-michael.tremer@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Cc: Michael Tremer <michael.tremer@ipfire.org> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>
Series	oci: user-data: Try to decode base64 content \| oci: user-data: Try to decode base64 content

Commit Message

Michael Tremer Feb. 21, 2022, 5:24 p.m. UTC

  Terraform only supports sending any shell scripts encoded in base64
which is however not required by Oracle. Therefore we have to test if
the script is encoded or not.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/initscripts/helper/oci-setup | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

Comments

Peter Müller Feb. 21, 2022, 9:32 p.m. UTC | #1

Ah, this must be enterprise cloud security: "Military-grade Base64 ..." m(

Anyway,

Reviewed-by: Peter Müller <peter.mueller@ipfire.org>

> Terraform only supports sending any shell scripts encoded in base64
> which is however not required by Oracle. Therefore we have to test if
> the script is encoded or not.
> 
> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
> ---
>  src/initscripts/helper/oci-setup | 21 +++++++++++++++++++++
>  1 file changed, 21 insertions(+)
> 
> diff --git a/src/initscripts/helper/oci-setup b/src/initscripts/helper/oci-setup
> index 0763a96e7..98b9858d6 100644
> --- a/src/initscripts/helper/oci-setup
> +++ b/src/initscripts/helper/oci-setup
> @@ -15,6 +15,24 @@ get() {
>  	wget -qO - "http://169.254.169.254/opc/v1/${file}"
>  }
>  
> +try_base64_decode() {
> +	local input="${1}"
> +
> +	local tmp="$(mktemp)"
> +
> +	# Try to decode this and return output if successful
> +	if base64 -d <<< "${input}" > "${tmp}" 2>/dev/null; then
> +		echo "$(<${tmp})"
> +
> +	# Otherwise just return the input
> +	else
> +		echo "${input}"
> +	fi
> +
> +	# Cleanup
> +	unlink "${tmp}"
> +}
> +
>  to_address() {
>  	local n="${1}"
>  
> @@ -115,6 +133,9 @@ import_oci_configuration() {
>  		# Download a startup script
>  		local script="$(get instance/metadata/user_data)"
>  
> +		# Try to decode this
> +		script="$(try_base64_decode "${script}")"
> +
>  		# Execute the script
>  		if [ "${script:0:2}" = "#!" ]; then
>  			echo "${script}" > /tmp/user-data.script

Michael Tremer Feb. 22, 2022, 10:26 a.m. UTC | #2

LOL. I didn’t know this one, yet :)

> On 21 Feb 2022, at 21:32, Peter Müller <peter.mueller@ipfire.org> wrote:
> 
> Ah, this must be enterprise cloud security: "Military-grade Base64 ..." m(
> 
> Anyway,
> 
> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
> 
>> Terraform only supports sending any shell scripts encoded in base64
>> which is however not required by Oracle. Therefore we have to test if
>> the script is encoded or not.
>> 
>> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
>> ---
>> src/initscripts/helper/oci-setup | 21 +++++++++++++++++++++
>> 1 file changed, 21 insertions(+)
>> 
>> diff --git a/src/initscripts/helper/oci-setup b/src/initscripts/helper/oci-setup
>> index 0763a96e7..98b9858d6 100644
>> --- a/src/initscripts/helper/oci-setup
>> +++ b/src/initscripts/helper/oci-setup
>> @@ -15,6 +15,24 @@ get() {
>> 	wget -qO - "http://169.254.169.254/opc/v1/${file}"
>> }
>> 
>> +try_base64_decode() {
>> +	local input="${1}"
>> +
>> +	local tmp="$(mktemp)"
>> +
>> +	# Try to decode this and return output if successful
>> +	if base64 -d <<< "${input}" > "${tmp}" 2>/dev/null; then
>> +		echo "$(<${tmp})"
>> +
>> +	# Otherwise just return the input
>> +	else
>> +		echo "${input}"
>> +	fi
>> +
>> +	# Cleanup
>> +	unlink "${tmp}"
>> +}
>> +
>> to_address() {
>> 	local n="${1}"
>> 
>> @@ -115,6 +133,9 @@ import_oci_configuration() {
>> 		# Download a startup script
>> 		local script="$(get instance/metadata/user_data)"
>> 
>> +		# Try to decode this
>> +		script="$(try_base64_decode "${script}")"
>> +
>> 		# Execute the script
>> 		if [ "${script:0:2}" = "#!" ]; then
>> 			echo "${script}" > /tmp/user-data.script

diff mbox series

Patch

diff --git a/src/initscripts/helper/oci-setup b/src/initscripts/helper/oci-setup
index 0763a96e7..98b9858d6 100644
--- a/src/initscripts/helper/oci-setup
+++ b/src/initscripts/helper/oci-setup
@@ -15,6 +15,24 @@  get() {
 	wget -qO - "http://169.254.169.254/opc/v1/${file}"
 }
 
+try_base64_decode() {
+	local input="${1}"
+
+	local tmp="$(mktemp)"
+
+	# Try to decode this and return output if successful
+	if base64 -d <<< "${input}" > "${tmp}" 2>/dev/null; then
+		echo "$(<${tmp})"
+
+	# Otherwise just return the input
+	else
+		echo "${input}"
+	fi
+
+	# Cleanup
+	unlink "${tmp}"
+}
+
 to_address() {
 	local n="${1}"
 
@@ -115,6 +133,9 @@  import_oci_configuration() {
 		# Download a startup script
 		local script="$(get instance/metadata/user_data)"
 
+		# Try to decode this
+		script="$(try_base64_decode "${script}")"
+
 		# Execute the script
 		if [ "${script:0:2}" = "#!" ]; then
 			echo "${script}" > /tmp/user-data.script