When changing basic auth creds, just delete the whole file, in order to be able to rotate username in addition to password

2017-04-17 17:05:33 -07:00 · 2017-04-17 17:05:33 -07:00 · 2acf60e44d
commit 2acf60e44d
parent 74d0258818
1 changed files with 1 additions and 3 deletions
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@ -287,9 +287,7 @@ function create-master-auth {
  local -r basic_auth_csv="${auth_dir}/basic_auth.csv"
  if [[ -n "${KUBE_PASSWORD:-}" && -n "${KUBE_USER:-}" ]]; then
    if [[ -e "${basic_auth_csv}" && "${METADATA_CLOBBERS_CONFIG:-false}" == "true" ]]; then
-      sed -i "/,${KUBE_USER},admin,system:masters$/d" "${basic_auth_csv}"
-      # The following is for the legacy form of the password line.
-      sed -i "/,${KUBE_USER},admin$/d" "${basic_auth_csv}"
+      rm "${basic_auth_csv}"
    fi
    replace_prefixed_line "${basic_auth_csv}" "${KUBE_PASSWORD},${KUBE_USER}," "admin,system:masters"
  fi