oci: user-data: Try to decode base64 content
Commit Message
Terraform only supports sending any shell scripts encoded in base64
which is however not required by Oracle. Therefore we have to test if
the script is encoded or not.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
src/initscripts/helper/oci-setup | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
Comments
Ah, this must be enterprise cloud security: "Military-grade Base64 ..." m(
Anyway,
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
> Terraform only supports sending any shell scripts encoded in base64
> which is however not required by Oracle. Therefore we have to test if
> the script is encoded or not.
>
> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
> ---
> src/initscripts/helper/oci-setup | 21 +++++++++++++++++++++
> 1 file changed, 21 insertions(+)
>
> diff --git a/src/initscripts/helper/oci-setup b/src/initscripts/helper/oci-setup
> index 0763a96e7..98b9858d6 100644
> --- a/src/initscripts/helper/oci-setup
> +++ b/src/initscripts/helper/oci-setup
> @@ -15,6 +15,24 @@ get() {
> wget -qO - "http://169.254.169.254/opc/v1/${file}"
> }
>
> +try_base64_decode() {
> + local input="${1}"
> +
> + local tmp="$(mktemp)"
> +
> + # Try to decode this and return output if successful
> + if base64 -d <<< "${input}" > "${tmp}" 2>/dev/null; then
> + echo "$(<${tmp})"
> +
> + # Otherwise just return the input
> + else
> + echo "${input}"
> + fi
> +
> + # Cleanup
> + unlink "${tmp}"
> +}
> +
> to_address() {
> local n="${1}"
>
> @@ -115,6 +133,9 @@ import_oci_configuration() {
> # Download a startup script
> local script="$(get instance/metadata/user_data)"
>
> + # Try to decode this
> + script="$(try_base64_decode "${script}")"
> +
> # Execute the script
> if [ "${script:0:2}" = "#!" ]; then
> echo "${script}" > /tmp/user-data.script
LOL. I didn’t know this one, yet :)
> On 21 Feb 2022, at 21:32, Peter Müller <peter.mueller@ipfire.org> wrote:
>
> Ah, this must be enterprise cloud security: "Military-grade Base64 ..." m(
>
> Anyway,
>
> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
>
>> Terraform only supports sending any shell scripts encoded in base64
>> which is however not required by Oracle. Therefore we have to test if
>> the script is encoded or not.
>>
>> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
>> ---
>> src/initscripts/helper/oci-setup | 21 +++++++++++++++++++++
>> 1 file changed, 21 insertions(+)
>>
>> diff --git a/src/initscripts/helper/oci-setup b/src/initscripts/helper/oci-setup
>> index 0763a96e7..98b9858d6 100644
>> --- a/src/initscripts/helper/oci-setup
>> +++ b/src/initscripts/helper/oci-setup
>> @@ -15,6 +15,24 @@ get() {
>> wget -qO - "http://169.254.169.254/opc/v1/${file}"
>> }
>>
>> +try_base64_decode() {
>> + local input="${1}"
>> +
>> + local tmp="$(mktemp)"
>> +
>> + # Try to decode this and return output if successful
>> + if base64 -d <<< "${input}" > "${tmp}" 2>/dev/null; then
>> + echo "$(<${tmp})"
>> +
>> + # Otherwise just return the input
>> + else
>> + echo "${input}"
>> + fi
>> +
>> + # Cleanup
>> + unlink "${tmp}"
>> +}
>> +
>> to_address() {
>> local n="${1}"
>>
>> @@ -115,6 +133,9 @@ import_oci_configuration() {
>> # Download a startup script
>> local script="$(get instance/metadata/user_data)"
>>
>> + # Try to decode this
>> + script="$(try_base64_decode "${script}")"
>> +
>> # Execute the script
>> if [ "${script:0:2}" = "#!" ]; then
>> echo "${script}" > /tmp/user-data.script
@@ -15,6 +15,24 @@ get() {
wget -qO - "http://169.254.169.254/opc/v1/${file}"
}
+try_base64_decode() {
+ local input="${1}"
+
+ local tmp="$(mktemp)"
+
+ # Try to decode this and return output if successful
+ if base64 -d <<< "${input}" > "${tmp}" 2>/dev/null; then
+ echo "$(<${tmp})"
+
+ # Otherwise just return the input
+ else
+ echo "${input}"
+ fi
+
+ # Cleanup
+ unlink "${tmp}"
+}
+
to_address() {
local n="${1}"
@@ -115,6 +133,9 @@ import_oci_configuration() {
# Download a startup script
local script="$(get instance/metadata/user_data)"
+ # Try to decode this
+ script="$(try_base64_decode "${script}")"
+
# Execute the script
if [ "${script:0:2}" = "#!" ]; then
echo "${script}" > /tmp/user-data.script