From c323179d9b03c5189807517f29b87f3b1e32e3c6 Mon Sep 17 00:00:00 2001
From: Joe Beda <joe.github@bedafamily.com>
Date: Mon, 29 Sep 2014 13:11:31 -0700
Subject: [PATCH] Don't print Kubernetes username/password to console.

It is too easy to copy/paste this on-line.

Fixes #1483
---
 cluster/azure/util.sh               | 18 +++++++----
 cluster/gce/util.sh                 | 14 ++++++---
 cluster/rackspace/util.sh           | 48 +++++++++++++++--------------
 cluster/vagrant/provision-master.sh |  5 ++-
 cluster/vagrant/util.sh             | 13 +++++---
 cluster/vsphere/util.sh             | 15 +++++----
 6 files changed, 65 insertions(+), 48 deletions(-)

diff --git a/cluster/azure/util.sh b/cluster/azure/util.sh
index 290dadd3f32..3dfc61cfa46 100644
--- a/cluster/azure/util.sh
+++ b/cluster/azure/util.sh
@@ -65,7 +65,6 @@ function kube-up {
     trap "rm -rf ${KUBE_TEMP}" EXIT
 
     get-password
-    echo "Using password: $user:$passwd"
     python $SCRIPT_DIR/../third_party/htpasswd/htpasswd.py -b -c \
         ${KUBE_TEMP}/htpasswd $user $passwd
     HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd)
@@ -202,12 +201,15 @@ function kube-up {
     done
 
     echo
-    echo "Kubernetes cluster is running.  Access the master at:"
+    echo "Kubernetes cluster is running.  The master is running at:"
     echo
-    echo "  https://${user}:${passwd}@$AZ_CS.cloudapp.net"
+    echo "  https://$AZ_CS.cloudapp.net"
+    echo
+    echo "The user name and password to use is located in ~/.kubernetes_auth."
     echo
     echo "Security note: The server above uses a self signed certificate.  This is"
     echo "    subject to \"Man in the middle\" type attacks."
+    echo
 }
 
 # Delete a kubernetes cluster
@@ -241,11 +243,15 @@ function kube-down {
 
 #   get-password
 
-#   echo "Kubernetes cluster is updated.  Access the master at:"
+#   echo "Kubernetes cluster is updated.  The master is running at:"
 #   echo
-#   echo "  https://${user}:${passwd}@${KUBE_MASTER_IP}"
+#   echo "  https://${KUBE_MASTER_IP}"
+#   echo
+#   echo "The user name and password to use is located in ~/.kubernetes_auth."
+#   echo
+#   echo "Security note: The server above uses a self signed certificate.  This is"
+#   echo "    subject to \"Man in the middle\" type attacks."
 #   echo
-
 # }
 
 # # Execute prior to running tests to build a release if required for env
diff --git a/cluster/gce/util.sh b/cluster/gce/util.sh
index 3d12fe53d6c..8ac329c356c 100755
--- a/cluster/gce/util.sh
+++ b/cluster/gce/util.sh
@@ -139,7 +139,6 @@ function kube-up {
   trap 'rm -rf "${KUBE_TEMP}"' EXIT
 
   get-password
-  echo "Using password: $user:$passwd"
   python "${base_dir}/third_party/htpasswd/htpasswd.py" -b \
     -c "${KUBE_TEMP}/htpasswd" $user $passwd
   HTPASSWD=$(cat "${KUBE_TEMP}/htpasswd")
@@ -273,9 +272,11 @@ function kube-up {
   done
 
   echo
-  echo "Kubernetes cluster is running.  Access the master at:"
+  echo "Kubernetes cluster is running.  The master is running at:"
   echo
-  echo "  https://${user}:${passwd}@${KUBE_MASTER_IP}"
+  echo "  https://${KUBE_MASTER_IP}"
+  echo
+  echo "The user name and password to use is located in ~/.kubernetes_auth."
   echo
 
   kube_cert=".kubecfg.crt"
@@ -367,9 +368,12 @@ function kube-push {
 
   get-password
 
-  echo "Kubernetes cluster is updated.  Access the master at:"
   echo
-  echo "  https://${user}:${passwd}@${KUBE_MASTER_IP}"
+  echo "Kubernetes cluster is running.  The master is running at:"
+  echo
+  echo "  https://${KUBE_MASTER_IP}"
+  echo
+  echo "The user name and password to use is located in ~/.kubernetes_auth."
   echo
 
 }
diff --git a/cluster/rackspace/util.sh b/cluster/rackspace/util.sh
index 3440db0a5b0..fc667e13632 100644
--- a/cluster/rackspace/util.sh
+++ b/cluster/rackspace/util.sh
@@ -86,7 +86,7 @@ rax-boot-master() {
 --file /root/masterStart.sh=${KUBE_TEMP}/masterStart.sh \
 --nic net-id=${NETWORK_UUID} \
 ${MASTER_NAME}"
-  
+
   echo "cluster/rackspace/util.sh: Booting ${MASTER_NAME} with following command:"
   echo -e "\t$MASTER_BOOT_CMD"
   $MASTER_BOOT_CMD
@@ -96,7 +96,7 @@ rax-boot-minions() {
 
   cp $(dirname $0)/cloud-config/minion-cloud-config.yaml \
   ${KUBE_TEMP}/minion-cloud-config.yaml
-  
+
   for (( i=0; i<${#MINION_NAMES[@]}; i++)); do
 
     (
@@ -106,7 +106,7 @@ rax-boot-minions() {
       echo "NUM_MINIONS=${RAX_NUM_MINIONS}"
       grep -v "^#" $(dirname $0)/templates/salt-minion.sh
     ) > ${KUBE_TEMP}/minionStart${i}.sh
-  
+
     MINION_BOOT_CMD="nova boot \
 --key-name ${SSH_KEY_NAME} \
 --flavor ${KUBE_MINION_FLAVOR} \
@@ -117,7 +117,7 @@ rax-boot-minions() {
 --nic net-id=${NETWORK_UUID} \
 --file=/root/minionStart.sh=${KUBE_TEMP}/minionStart${i}.sh \
 ${MINION_NAMES[$i]}"
-  
+
     echo "cluster/rackspace/util.sh: Booting ${MINION_NAMES[$i]} with following command:"
     echo -e "\t$MINION_BOOT_CMD"
     $MINION_BOOT_CMD
@@ -128,10 +128,10 @@ rax-nova-network() {
   if ! $(nova network-list | grep $NOVA_NETWORK_LABEL > /dev/null 2>&1); then
     SAFE_CIDR=$(echo $NOVA_NETWORK_CIDR | tr -d '\\')
     NETWORK_CREATE_CMD="nova network-create $NOVA_NETWORK_LABEL $SAFE_CIDR"
-  
+
     echo "cluster/rackspace/util.sh: Creating cloud network with following command:"
     echo -e "\t${NETWORK_CREATE_CMD}"
-  
+
     $NETWORK_CREATE_CMD
   else
     echo "cluster/rackspace/util.sh: Using existing cloud network $NOVA_NETWORK_LABEL"
@@ -167,42 +167,41 @@ detect-master-nova-net() {
 }
 
 kube-up() {
-  
+
   SCRIPT_DIR=$(CDPATH="" cd $(dirname $0); pwd)
   source $(dirname $0)/../gce/util.sh
   source $(dirname $0)/util.sh
   source $(dirname $0)/../../release/rackspace/config.sh
-  
+
   # Find the release to use.  Generally it will be passed when doing a 'prod'
   # install and will default to the release/config.sh version when doing a
   # developer up.
   find-object-url $CONTAINER output/release/$TAR_FILE
-  
+
   # Create a temp directory to hold scripts that will be uploaded to master/minions
   KUBE_TEMP=$(mktemp -d -t kubernetes.XXXXXX)
   trap "rm -rf ${KUBE_TEMP}" EXIT
-  
+
   get-password
-  echo "cluster/rackspace/util.sh: Using password: $user:$passwd"
   python $(dirname $0)/../../third_party/htpasswd/htpasswd.py -b -c ${KUBE_TEMP}/htpasswd $user $passwd
   HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd)
-  
+
   rax-nova-network
   NETWORK_UUID=$(nova network-list | grep -i ${NOVA_NETWORK_LABEL} | awk '{print $2}')
-  
+
   # create and upload ssh key if necessary
   rax-ssh-key
-  
+
   echo "cluster/rackspace/util.sh: Starting Cloud Servers"
   rax-boot-master
-  
+
   # a bit of a hack to wait until master is has an IP from the extra network
   echo "cluster/rackspace/util.sh: sleeping 35 seconds"
   sleep 35
-  
+
   detect-master-nova-net $NOVA_NETWORK_LABEL
   rax-boot-minions
-  
+
   FAIL=0
   for job in `jobs -p`
   do
@@ -221,19 +220,19 @@ kube-up() {
   echo "  This might loop forever if there was some uncaught error during start"
   echo "  up."
   echo
-  
+
   #This will fail until apiserver salt is updated
   until $(curl --insecure --user ${user}:${passwd} --max-time 5 \
           --fail --output /dev/null --silent https://${KUBE_MASTER_IP}/api/v1beta1/pods); do
       printf "."
       sleep 2
   done
-  
+
   echo "Kubernetes cluster created."
   echo "Sanity checking cluster..."
-  
+
   sleep 5
-  
+
   # Don't bail on errors, we want to be able to print some info.
   set +e
   sleep 45
@@ -242,10 +241,13 @@ kube-up() {
 
   echo "All minions may not be online yet, this is okay."
   echo
-  echo "Kubernetes cluster is running.  Access the master at:"
+  echo "Kubernetes cluster is running.  The master is running at:"
   echo
-  echo "  https://${user}:${passwd}@${KUBE_MASTER_IP}"
+  echo "  https://${KUBE_MASTER_IP}"
+  echo
+  echo "The user name and password to use is located in ~/.kubernetes_auth."
   echo
   echo "Security note: The server above uses a self signed certificate.  This is"
   echo "    subject to \"Man in the middle\" type attacks."
+  echo
 }
diff --git a/cluster/vagrant/provision-master.sh b/cluster/vagrant/provision-master.sh
index 63ed10231dd..a1b29b8ecb9 100755
--- a/cluster/vagrant/provision-master.sh
+++ b/cluster/vagrant/provision-master.sh
@@ -22,11 +22,11 @@ source $(dirname $0)/provision-config.sh
 minion_ip_array=(${MINION_IPS//,/ })
 for (( i=0; i<${#MINION_NAMES[@]}; i++)); do
   minion=${MINION_NAMES[$i]}
-  ip=${minion_ip_array[$i]}  
+  ip=${minion_ip_array[$i]}
   if [ ! "$(cat /etc/hosts | grep $minion)" ]; then
     echo "Adding $minion to hosts file"
     echo "$ip $minion" >> /etc/hosts
-  fi  
+  fi
 done
 
 # Update salt configuration
@@ -68,7 +68,6 @@ EOF
 # Configure nginx authorization
 mkdir -p $KUBE_TEMP
 mkdir -p /srv/salt/nginx
-echo "Using password: $MASTER_USER:$MASTER_PASSWD"
 python $(dirname $0)/../../third_party/htpasswd/htpasswd.py -b -c ${KUBE_TEMP}/htpasswd $MASTER_USER $MASTER_PASSWD
 MASTER_HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd)
 echo $MASTER_HTPASSWD > /srv/salt/nginx/htpasswd
diff --git a/cluster/vagrant/util.sh b/cluster/vagrant/util.sh
index 6f28a716d9b..c82a405234b 100644
--- a/cluster/vagrant/util.sh
+++ b/cluster/vagrant/util.sh
@@ -39,7 +39,7 @@ function verify-prereqs {
 }
 
 # Instantiate a kubernetes cluster
-function kube-up {		
+function kube-up {
 
   get-password
   vagrant up
@@ -74,7 +74,7 @@ function kube-up {
       done
     done
   done
-  
+
   echo
   echo "Waiting for each minion to be registered with cloud provider"
   for (( i=0; i<${#MINION_NAMES[@]}; i++)); do
@@ -85,13 +85,16 @@ function kube-up {
       COUNT=$(grep -c ${MINION_NAMES[i]} /tmp/minions) || { printf "."; sleep 2; COUNT="0"; }
     done
   done
-	
+
   echo
   echo "Kubernetes cluster created."
   echo
-  echo "Kubernetes cluster is running.  Access the master at:"
+  echo "Kubernetes cluster is running.  The master is running at:"
+  echo
+  echo "  https://${KUBE_MASTER_IP}"
+  echo
+  echo "The user name and password to use is located in ~/.kubernetes_auth."
   echo
-  echo "  https://${user}:${passwd}@${KUBE_MASTER_IP}"
 }
 
 # Delete a kubernetes cluster
diff --git a/cluster/vsphere/util.sh b/cluster/vsphere/util.sh
index 766cf0bcb39..8e5fb15055d 100644
--- a/cluster/vsphere/util.sh
+++ b/cluster/vsphere/util.sh
@@ -101,8 +101,6 @@ function kube-up {
   trap "rm -rf ${KUBE_TEMP}" EXIT
 
   get-password
-  echo "Using password: $user:$passwd"
-  echo
   python $(dirname $0)/../third_party/htpasswd/htpasswd.py -b -c ${KUBE_TEMP}/htpasswd $user $passwd
   HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd)
 
@@ -220,9 +218,11 @@ function kube-up {
   done
 
   echo
-  echo "Kubernetes cluster is running. Access the master at:"
+  echo "Kubernetes cluster is running. The master is running at:"
   echo
-  echo "  https://${user}:${passwd}@${KUBE_MASTER_IP}"
+  echo "  https://${KUBE_MASTER_IP}"
+  echo
+  echo "The user name and password to use is located in ~/.kubernetes_auth."
   echo
   echo "Security note: The server above uses a self signed certificate."
   echo "This is subject to \"Man in the middle\" type attacks."
@@ -260,9 +260,12 @@ function kube-push {
 
   get-password
 
-  echo "Kubernetes cluster is updated.  Access the master at:"
   echo
-  echo "  https://${user}:${passwd}@${KUBE_MASTER_IP}"
+  echo "Kubernetes cluster is updated.  The master is running at:"
+  echo
+  echo "  https://${KUBE_MASTER_IP}"
+  echo
+  echo "The user name and password to use is located in ~/.kubernetes_auth."
   echo
 }