cf-service-connect icon indicating copy to clipboard operation
cf-service-connect copied to clipboard

Published 20 hours ago verified publisher icon cloud-gov

Batch mode

Open mojobnichols opened this issue 4 years ago • 4 comments

In order to deploy new database, I want to be able to run in a command and then continue to execute subsequent commands after the tunnel is created.

Acceptance Criteria

  • [ ] GIVEN connect-service call with daemon flag (or batch)
    WHEN tunnel is connected
    THEN retrieve prompt
    AND connect be allowed automatically to database
    THEN restore database
    AND query database

Security considerations

[note any potential changes to security boundaries, practices, documentation, risk that arise directly from this story]

I don't know that there a significant security considerations. I seem to be able to do it by running in the background anyway and should be able to parse stdout/stderr messages about db user, password and name and then establish my own way to do this. It would just be a nice to have for deploying in circleci

mojobnichols avatar Jan 06 '21 18:01 mojobnichols

Creating that tunnel does allow you to run multiple commands, e.g. from the MySQL prompt. Is this more about being able to let those run in the background?

afeld avatar Jan 06 '21 19:01 afeld

Its more so I can open tunnel and keep scripting for cloud environment where I can't open two shells or do things interactively

Below is my script it then allows me to script like this:

bash tunnel.sh
. . . . ./.tunnelrc pg_restore --user=$Username --host=$Host --port=$Port --clean --no-owner --no-acl --dbname=$Name --no-password restore.pd

tunnel.sh #!/bin/bash

echo "Starting tunnel " cf connect-to-service -no-client hasura-sandbox sandbox-psql > .creds & TUNNEL_PID=$!

cat .creds while ! grep "Leave" .creds > /dev/null; do echo "waiting for tunnel....." sleep 2

done cat .creds

Port=cat ./.creds | grep Port: | cut -d ' ' -f2 | tr -d '\n' Host=cat ./.creds | grep Host: | cut -d ' ' -f2 | tr -d '\n' Username=cat ./.creds | grep Username: | cut -d ' ' -f2 | tr -d '\n' Password=cat ./.creds | grep Password: | cut -d ' ' -f2 | tr -d '\n' Name=cat ./.creds | grep Name: | cut -d ' ' -f2 | tr -d '\n'

cat <<EOF > ./.tunnelrc export Host=$Host export Port=$Port export Username=$Username export Password=$Password export Name=$Name export TUNNEL_PID=$TUNNEL_PID EOF

echo $Host:$Port:$Name:$Username:$Password >> ~/.pgpass

cat ./.tunnelrc echo "Tunnel and variables established to use on command line type" echo echo "to use variables:" echo "source ./.tunnelrc" echo "To use:" echo echo "psql postgres://$Username:$Password@$Host:$Port/$Name -c ''" echo "pg_restore --user=$Username --host=$Host --port=$Port --clean --no-owner --no-acl --dbname=$Name --no-password " echo echo echo "To end tunnel issue:" echo "kill $TUNNEL_PID" echo "kill $TUNNEL_PID"

mojobnichols avatar Jan 06 '21 21:01 mojobnichols

Oh there are some $ in the echo statemtns

mojobnichols avatar Jan 06 '21 21:01 mojobnichols

I mean there are some \$ in the echo statements - so that you don't see the actual variable value in the statemnt I can give you the file if you'd like. But the idea is you don't have to know any of the results of the tunnel to use the tunnel in the same shell you issued the tunnel in.

mojobnichols avatar Jan 06 '21 22:01 mojobnichols