From 6b7d34cd109db41cf1c2fcf61385fbb00fe9dada Mon Sep 17 00:00:00 2001
From: gjmzj <gaojianming.zj@139.com>
Date: Wed, 8 May 2019 00:27:24 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20easzctl=20basic-auth=20=E5=91=BD?=
 =?UTF-8?q?=E4=BB=A4=E6=89=A7=E8=A1=8C=E9=97=AE=E9=A2=98=20#544?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 tools/easzctl | 37 ++++++++++++++++++++++---------------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/tools/easzctl b/tools/easzctl
index 54b2257..bdb7619 100755
--- a/tools/easzctl
+++ b/tools/easzctl
@@ -307,31 +307,30 @@ function start-aio(){
 }
 
 ### extra operation functions ###################################
-function print-user-pass(){
-    echo -e "\n[INFO]basic auth for apiserver enabled\n"
-    sed -n '/BASIC_AUTH_USER/p' $BASEPATH/roles/kube-master/defaults/main.yml
-    sed -n '/BASIC_AUTH_PASS/p' $BASEPATH/roles/kube-master/defaults/main.yml
-}
 
 function basic-auth(){
     OPTIND=2
+    CONFIG=$BASEPATH/roles/kube-master/defaults/main.yml
+    EX_VARS=""
     while getopts "sSu:p:" OPTION; do
         case $OPTION in
           s)
-            grep BASIC_AUTH_ENABLE roles/kube-master/defaults/main.yml|grep yes > /dev/null && { print-user-pass; return 0; }
-            sed -i "s/BASIC_AUTH_ENABLE.*$/BASIC_AUTH_ENABLE: 'yes'/g" $BASEPATH/roles/kube-master/defaults/main.yml
+            EX_VARS="BASIC_AUTH_ENABLE=yes $EX_VARS"
+            ENABLED=yes
             ;;
           S)
-            grep BASIC_AUTH_ENABLE roles/kube-master/defaults/main.yml|grep no > /dev/null && { echo -e "\n[INFO]basic auth for apiserver disabled\n"; return 0; }
-            sed -i "s/BASIC_AUTH_ENABLE.*$/BASIC_AUTH_ENABLE: 'no'/g" $BASEPATH/roles/kube-master/defaults/main.yml
+            grep BASIC_AUTH_ENABLE $CONFIG|grep no > /dev/null && \
+            { echo -e "\n[WARN]basic-auth already disabled!\n"; return 1; }
+            EX_VARS="BASIC_AUTH_ENABLE=no $EX_VARS"
+            ENABLED=no
             ;;
           u)
-            grep BASIC_AUTH_ENABLE roles/kube-master/defaults/main.yml|grep no > /dev/null && { echo -e "\n[INFO]basic auth for apiserver disabled\n"; return 0; }
-            sed -i "s/BASIC_AUTH_USER.*$/BASIC_AUTH_USER: '$OPTARG'/g" $BASEPATH/roles/kube-master/defaults/main.yml
+            EX_VARS="BASIC_AUTH_USER=$OPTARG $EX_VARS"
+            sed -i "s/BASIC_AUTH_USER.*$/BASIC_AUTH_USER: '$OPTARG'/g" $CONFIG
             ;;
           p)
-            grep BASIC_AUTH_ENABLE roles/kube-master/defaults/main.yml|grep no > /dev/null && { echo -e "\n[INFO]basic auth for apiserver disabled\n"; return 0; }
-            sed -i "s/BASIC_AUTH_PASS.*$/BASIC_AUTH_PASS: '$OPTARG'/g" $BASEPATH/roles/kube-master/defaults/main.yml
+            EX_VARS="BASIC_AUTH_PASS=$OPTARG $EX_VARS"
+            sed -i "s/BASIC_AUTH_PASS.*$/BASIC_AUTH_PASS: '$OPTARG'/g" $CONFIG
             ;;
           ?)
             help-info basic-auth
@@ -339,8 +338,16 @@ function basic-auth(){
             ;;
         esac
     done
-
-    ansible-playbook $BASEPATH/04.kube-master.yml -t restart_master
+    
+    ansible-playbook $BASEPATH/04.kube-master.yml -t restart_master -e "$EX_VARS" || { return 1; } 
+    sed -i "s/BASIC_AUTH_ENABLE.*$/BASIC_AUTH_ENABLE: '$ENABLED'/g" $CONFIG 
+    if [[ $ENABLED == yes ]];then
+        echo -e "\n[INFO]basic-auth for apiserver is enabled!"
+        sed -n '/BASIC_AUTH_USER/p' $CONFIG
+        sed -n '/BASIC_AUTH_PASS/p' $CONFIG
+    elif [[ $ENABLED == no ]];then
+        echo -e "\n[INFO]basic-auth for apiserver is disabled!\n"
+    fi
 }
 
 ### Main Lines ##################################################