UNCLASSIFIED - NO CUI

Skip to content

#589: Use /dev/urandom instead of $RANDOM for a source of entropy in name generation

Andrew Kesterson requested to merge 589_better_randomness into master

General MR

Summary

Currently the username and database name for RDS databases are generated using BASH $RANDOM. This is efficient and convenient but not a very high quality random number. In our pipelines, we frequently have multiple containers running on the same host starting similar processes at the same time; there is some concern that using a low quality PRNG will lead to name collisions on RDS user and database names, leading to transient runtime issues in the creation process.

This MR moves the process to use /dev/urandom instead, which should be a better source of randomness for names. This also increases the number of random characters used in the name generation process from 6 to 33. These two combined should eliminate the potential of collisions.

Relevant logs/screenshots

Tests still pass.

$ BATS_RDS_USE_DOCKER=true bats ./ci_rds_test.sh 
ci_rds_test.sh
 ✓ rds_requested enabled
 ✓ rds_new_databasename format
 ✓ rds_newdb internal psql
 ✓ rds_requested disabled
 ✓ rds_requested malformed
 ✓ rds_mapvalues complete
 ✓ rds_mapvalues complete arrays
 ✓ rds_mapvalues incomplete map definition
 ✓ rds_mapvalues missing files
 ✓ rds_create_multiple 
 ✓ rds_create notenabled
 ✓ rds_create creator fails
 ✓ rds_create creator succeeds
 ✓ rds_delete internal
 ✓ rds_purge internal
 ✓ rds_values_merge fails with missing files
 ✓ rds_values_merge fails with invalid yaml
 ✓ rds_values_merge succeeds with valid yaml files
 ✓ rds_get_accessor_role sets valid credentials
 ✓ rds_get_accessor_role only assumes the role once within the lifetime

20 tests, 0 failures

Linked Issue

#589 (closed)

Upgrade Notices

N/A

Merge request reports

Loading