From 14a2de56682e90a59bb0f6655746b23e68aea5a5 Mon Sep 17 00:00:00 2001 From: Moritz Clasmeier Date: Wed, 15 Apr 2026 12:01:13 +0200 Subject: [PATCH 1/2] Export ROX_USERNAME (expected by some test suites) --- cmd/subshell.go | 1 + internal/deployer/deployer.go | 18 +++++++++++------- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/cmd/subshell.go b/cmd/subshell.go index 93199c5c..4cbb898a 100644 --- a/cmd/subshell.go +++ b/cmd/subshell.go @@ -45,6 +45,7 @@ func spawnSubshell(d *deployer.Deployer, log *logger.Logger) error { env = append(env, fmt.Sprintf("ROX_CA_CERT_FILE=%s", caCertFile)) } + env = append(env, fmt.Sprintf("ROX_USERNAME=%s", deployer.AdminUsername)) env = append(env, "ROXIE_SHELL=1") env = append(env, fmt.Sprintf("name=acs@%s", kubeContext)) diff --git a/internal/deployer/deployer.go b/internal/deployer/deployer.go index a436a633..6d728b6e 100644 --- a/internal/deployer/deployer.go +++ b/internal/deployer/deployer.go @@ -32,6 +32,9 @@ var ( pauseReconcileAnnotationKey = "stackrox.io/pause-reconcile" + // AdminUsername is the default admin username for StackRox Central + AdminUsername = "admin" + // TODO(#91): at some point this will get out of date. If we filter by the app.../part-of // label anyway, then maybe we should just delete all resource kinds present on cluster? // also we should use the fully-qualified types @@ -1071,14 +1074,15 @@ func (d *Deployer) cleanupTempDir(path string, description string) { func (d *Deployer) writeEnvrcFile(ctx context.Context, exposure string, portForwardWanted bool) error { endpoint := strings.TrimPrefix(d.centralEndpoint, "https://") - content := fmt.Sprintf(`export API_ENDPOINT="%s" -export ROX_ENDPOINT="%s" -export ROX_BASE_URL="https://%s" -export ROX_ADMIN_PASSWORD="%s" -export ROX_CA_CERT_FILE="%s" -`, endpoint, endpoint, endpoint, d.centralPassword, d.roxCACertFile) + var content strings.Builder + fmt.Fprintf(&content, "export API_ENDPOINT=\"%s\"\n", endpoint) + fmt.Fprintf(&content, "export ROX_ENDPOINT=\"%s\"\n", endpoint) + fmt.Fprintf(&content, "export ROX_BASE_URL=\"https://%s\"\n", endpoint) + fmt.Fprintf(&content, "export ROX_USERNAME=\"%s\"\n", AdminUsername) + fmt.Fprintf(&content, "export ROX_ADMIN_PASSWORD=\"%s\"\n", d.centralPassword) + fmt.Fprintf(&content, "export ROX_CA_CERT_FILE=\"%s\"\n", d.roxCACertFile) - if err := os.WriteFile(d.envrcFile, []byte(content), 0600); err != nil { + if err := os.WriteFile(d.envrcFile, []byte(content.String()), 0600); err != nil { return fmt.Errorf("failed to write envrc file: %w", err) } From 3a1666065e88d7a6825ff03a7ec9d83f8623fe6a Mon Sep 17 00:00:00 2001 From: Moritz Clasmeier Date: Wed, 15 Apr 2026 13:04:06 +0200 Subject: [PATCH 2/2] Use %q --- cmd/subshell.go | 16 ++++++++-------- internal/deployer/deployer.go | 12 ++++++------ 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/cmd/subshell.go b/cmd/subshell.go index 4cbb898a..ec0636ee 100644 --- a/cmd/subshell.go +++ b/cmd/subshell.go @@ -32,22 +32,22 @@ func spawnSubshell(d *deployer.Deployer, log *logger.Logger) error { endpoint, password, caCertFile, kubeContext, exposure := d.GetDeploymentInfo() if endpoint != "" { - env = append(env, fmt.Sprintf("API_ENDPOINT=%s", endpoint)) - env = append(env, fmt.Sprintf("ROX_ENDPOINT=%s", endpoint)) - env = append(env, fmt.Sprintf("ROX_BASE_URL=https://%s", endpoint)) + env = append(env, fmt.Sprintf("API_ENDPOINT=%q", endpoint)) + env = append(env, fmt.Sprintf("ROX_ENDPOINT=%q", endpoint)) + env = append(env, fmt.Sprintf("ROX_BASE_URL='https://%s'", endpoint)) } if password != "" { - env = append(env, fmt.Sprintf("ROX_ADMIN_PASSWORD=%s", password)) + env = append(env, fmt.Sprintf("ROX_ADMIN_PASSWORD=%q", password)) } if caCertFile != "" { - env = append(env, fmt.Sprintf("ROX_CA_CERT_FILE=%s", caCertFile)) + env = append(env, fmt.Sprintf("ROX_CA_CERT_FILE=%q", caCertFile)) } - env = append(env, fmt.Sprintf("ROX_USERNAME=%s", deployer.AdminUsername)) + env = append(env, fmt.Sprintf("ROX_USERNAME=%q", deployer.AdminUsername)) env = append(env, "ROXIE_SHELL=1") - env = append(env, fmt.Sprintf("name=acs@%s", kubeContext)) + env = append(env, fmt.Sprintf("name='acs@%s'", kubeContext)) haproxyAvailable := isHAProxyAvailable() @@ -61,7 +61,7 @@ func spawnSubshell(d *deployer.Deployer, log *logger.Logger) error { if err != nil { log.Warningf("Failed to start HAProxy: %v", err) } else { - env = append(env, fmt.Sprintf("ROXIE_HAPROXY_CFG_FILE=%s", haproxyConfigPath)) + env = append(env, fmt.Sprintf("ROXIE_HAPROXY_CFG_FILE=%q", haproxyConfigPath)) haproxyStarted = true defer cleanupHAProxy(haproxyCmd, haproxyConfigPath) } diff --git a/internal/deployer/deployer.go b/internal/deployer/deployer.go index 6d728b6e..5d8ce002 100644 --- a/internal/deployer/deployer.go +++ b/internal/deployer/deployer.go @@ -1075,12 +1075,12 @@ func (d *Deployer) writeEnvrcFile(ctx context.Context, exposure string, portForw endpoint := strings.TrimPrefix(d.centralEndpoint, "https://") var content strings.Builder - fmt.Fprintf(&content, "export API_ENDPOINT=\"%s\"\n", endpoint) - fmt.Fprintf(&content, "export ROX_ENDPOINT=\"%s\"\n", endpoint) - fmt.Fprintf(&content, "export ROX_BASE_URL=\"https://%s\"\n", endpoint) - fmt.Fprintf(&content, "export ROX_USERNAME=\"%s\"\n", AdminUsername) - fmt.Fprintf(&content, "export ROX_ADMIN_PASSWORD=\"%s\"\n", d.centralPassword) - fmt.Fprintf(&content, "export ROX_CA_CERT_FILE=\"%s\"\n", d.roxCACertFile) + fmt.Fprintf(&content, "export API_ENDPOINT=%q\n", endpoint) + fmt.Fprintf(&content, "export ROX_ENDPOINT=%q\n", endpoint) + fmt.Fprintf(&content, "export ROX_BASE_URL='https://%s'\n", endpoint) + fmt.Fprintf(&content, "export ROX_USERNAME=%q\n", AdminUsername) + fmt.Fprintf(&content, "export ROX_ADMIN_PASSWORD=%q\n", d.centralPassword) + fmt.Fprintf(&content, "export ROX_CA_CERT_FILE=%q\n", d.roxCACertFile) if err := os.WriteFile(d.envrcFile, []byte(content.String()), 0600); err != nil { return fmt.Errorf("failed to write envrc file: %w", err)