diff --git a/cmd/subshell.go b/cmd/subshell.go index 93199c5c..ec0636ee 100644 --- a/cmd/subshell.go +++ b/cmd/subshell.go @@ -32,21 +32,22 @@ func spawnSubshell(d *deployer.Deployer, log *logger.Logger) error { endpoint, password, caCertFile, kubeContext, exposure := d.GetDeploymentInfo() if endpoint != "" { - env = append(env, fmt.Sprintf("API_ENDPOINT=%s", endpoint)) - env = append(env, fmt.Sprintf("ROX_ENDPOINT=%s", endpoint)) - env = append(env, fmt.Sprintf("ROX_BASE_URL=https://%s", endpoint)) + env = append(env, fmt.Sprintf("API_ENDPOINT=%q", endpoint)) + env = append(env, fmt.Sprintf("ROX_ENDPOINT=%q", endpoint)) + env = append(env, fmt.Sprintf("ROX_BASE_URL='https://%s'", endpoint)) } if password != "" { - env = append(env, fmt.Sprintf("ROX_ADMIN_PASSWORD=%s", password)) + env = append(env, fmt.Sprintf("ROX_ADMIN_PASSWORD=%q", password)) } if caCertFile != "" { - env = append(env, fmt.Sprintf("ROX_CA_CERT_FILE=%s", caCertFile)) + env = append(env, fmt.Sprintf("ROX_CA_CERT_FILE=%q", caCertFile)) } + env = append(env, fmt.Sprintf("ROX_USERNAME=%q", deployer.AdminUsername)) env = append(env, "ROXIE_SHELL=1") - env = append(env, fmt.Sprintf("name=acs@%s", kubeContext)) + env = append(env, fmt.Sprintf("name='acs@%s'", kubeContext)) haproxyAvailable := isHAProxyAvailable() @@ -60,7 +61,7 @@ func spawnSubshell(d *deployer.Deployer, log *logger.Logger) error { if err != nil { log.Warningf("Failed to start HAProxy: %v", err) } else { - env = append(env, fmt.Sprintf("ROXIE_HAPROXY_CFG_FILE=%s", haproxyConfigPath)) + env = append(env, fmt.Sprintf("ROXIE_HAPROXY_CFG_FILE=%q", haproxyConfigPath)) haproxyStarted = true defer cleanupHAProxy(haproxyCmd, haproxyConfigPath) } diff --git a/internal/deployer/deployer.go b/internal/deployer/deployer.go index a436a633..5d8ce002 100644 --- a/internal/deployer/deployer.go +++ b/internal/deployer/deployer.go @@ -32,6 +32,9 @@ var ( pauseReconcileAnnotationKey = "stackrox.io/pause-reconcile" + // AdminUsername is the default admin username for StackRox Central + AdminUsername = "admin" + // TODO(#91): at some point this will get out of date. If we filter by the app.../part-of // label anyway, then maybe we should just delete all resource kinds present on cluster? // also we should use the fully-qualified types @@ -1071,14 +1074,15 @@ func (d *Deployer) cleanupTempDir(path string, description string) { func (d *Deployer) writeEnvrcFile(ctx context.Context, exposure string, portForwardWanted bool) error { endpoint := strings.TrimPrefix(d.centralEndpoint, "https://") - content := fmt.Sprintf(`export API_ENDPOINT="%s" -export ROX_ENDPOINT="%s" -export ROX_BASE_URL="https://%s" -export ROX_ADMIN_PASSWORD="%s" -export ROX_CA_CERT_FILE="%s" -`, endpoint, endpoint, endpoint, d.centralPassword, d.roxCACertFile) + var content strings.Builder + fmt.Fprintf(&content, "export API_ENDPOINT=%q\n", endpoint) + fmt.Fprintf(&content, "export ROX_ENDPOINT=%q\n", endpoint) + fmt.Fprintf(&content, "export ROX_BASE_URL='https://%s'\n", endpoint) + fmt.Fprintf(&content, "export ROX_USERNAME=%q\n", AdminUsername) + fmt.Fprintf(&content, "export ROX_ADMIN_PASSWORD=%q\n", d.centralPassword) + fmt.Fprintf(&content, "export ROX_CA_CERT_FILE=%q\n", d.roxCACertFile) - if err := os.WriteFile(d.envrcFile, []byte(content), 0600); err != nil { + if err := os.WriteFile(d.envrcFile, []byte(content.String()), 0600); err != nil { return fmt.Errorf("failed to write envrc file: %w", err) }