From df6472e0af8a3e5279811a1593d9cf918a89ef91 Mon Sep 17 00:00:00 2001
From: Maksim Malchuk <maksim.malchuk@gmail.com>
Date: Tue, 25 Apr 2023 14:30:03 +0300
Subject: [PATCH] Fix Bash variable expansion issues in openrc file

Sometimes passwords, URLs and other values of the variables can
contain special symbols, for example the dollar sign, using these
values can lead to unpredictable attempts of the variable expansions
in the Bash scripts, such as openrc file, so we need to use single
quotes for all variables values.

Change-Id: Ib2aabadd0ffd6a8dc2591245f29b4478e03d92fc
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
---
 .../roles/common/templates/admin-openrc.sh.j2 | 30 +++++++++----------
 .../octavia/templates/octavia-openrc.sh.j2    | 16 +++++-----
 2 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/ansible/roles/common/templates/admin-openrc.sh.j2 b/ansible/roles/common/templates/admin-openrc.sh.j2
index 2e74ade1be..367210639e 100644
--- a/ansible/roles/common/templates/admin-openrc.sh.j2
+++ b/ansible/roles/common/templates/admin-openrc.sh.j2
@@ -2,24 +2,24 @@
 
 # Clear any old environment that may conflict.
 for key in $( set | awk '{FS="="}  /^OS_/ {print $1}' ); do unset $key ; done
-export OS_PROJECT_DOMAIN_NAME=Default
-export OS_USER_DOMAIN_NAME=Default
-export OS_PROJECT_NAME={{ keystone_admin_project }}
-export OS_TENANT_NAME={{ keystone_admin_project }}
-export OS_USERNAME={{ keystone_admin_user }}
-export OS_PASSWORD={{ keystone_admin_password }}
-export OS_AUTH_URL={{ keystone_internal_url }}
-export OS_INTERFACE=internal
-export OS_ENDPOINT_TYPE=internalURL
+export OS_PROJECT_DOMAIN_NAME='Default'
+export OS_USER_DOMAIN_NAME='Default'
+export OS_PROJECT_NAME='{{ keystone_admin_project }}'
+export OS_TENANT_NAME='{{ keystone_admin_project }}'
+export OS_USERNAME='{{ keystone_admin_user }}'
+export OS_PASSWORD='{{ keystone_admin_password }}'
+export OS_AUTH_URL='{{ keystone_internal_url }}'
+export OS_INTERFACE='internal'
+export OS_ENDPOINT_TYPE='internalURL'
 {% if enable_manila | bool %}
-export OS_MANILA_ENDPOINT_TYPE=internalURL
+export OS_MANILA_ENDPOINT_TYPE='internalURL'
 {% endif %}
 {% if enable_mistral | bool %}
-export OS_MISTRAL_ENDPOINT_TYPE=internalURL
+export OS_MISTRAL_ENDPOINT_TYPE='internalURL'
 {% endif %}
-export OS_IDENTITY_API_VERSION=3
-export OS_REGION_NAME={{ openstack_region_name }}
-export OS_AUTH_PLUGIN=password
+export OS_IDENTITY_API_VERSION='3'
+export OS_REGION_NAME='{{ openstack_region_name }}'
+export OS_AUTH_PLUGIN='password'
 {% if kolla_admin_openrc_cacert is not none and kolla_admin_openrc_cacert | length > 0 %}
-export OS_CACERT={{ kolla_admin_openrc_cacert }}
+export OS_CACERT='{{ kolla_admin_openrc_cacert }}'
 {% endif %}
diff --git a/ansible/roles/octavia/templates/octavia-openrc.sh.j2 b/ansible/roles/octavia/templates/octavia-openrc.sh.j2
index f0f38e0c89..9256e80a3c 100644
--- a/ansible/roles/octavia/templates/octavia-openrc.sh.j2
+++ b/ansible/roles/octavia/templates/octavia-openrc.sh.j2
@@ -1,10 +1,10 @@
 # Clear any old environment that may conflict.
 for key in $( set | awk '{FS="="}  /^OS_/ {print $1}' ); do unset $key ; done
-export OS_PROJECT_DOMAIN_NAME=Default
-export OS_USER_DOMAIN_NAME=Default
-export OS_PROJECT_NAME={{ octavia_service_auth_project }}
-export OS_USERNAME={{ octavia_keystone_user }}
-export OS_PASSWORD={{ octavia_keystone_password }}
-export OS_AUTH_URL={{ keystone_internal_url }}
-export OS_INTERFACE=internal
-export OS_ENDPOINT_TYPE=internalURL
+export OS_PROJECT_DOMAIN_NAME='Default'
+export OS_USER_DOMAIN_NAME='Default'
+export OS_PROJECT_NAME='{{ octavia_service_auth_project }}'
+export OS_USERNAME='{{ octavia_keystone_user }}'
+export OS_PASSWORD='{{ octavia_keystone_password }}'
+export OS_AUTH_URL='{{ keystone_internal_url }}'
+export OS_INTERFACE='internal'
+export OS_ENDPOINT_TYPE='internalURL'