#589: Use /dev/urandom instead of $RANDOM for a source of entropy in name generation
General MR
Summary
Currently the username and database name for RDS databases are generated using BASH $RANDOM
. This is efficient and convenient but not a very high quality random number. In our pipelines, we frequently have multiple containers running on the same host starting similar processes at the same time; there is some concern that using a low quality PRNG will lead to name collisions on RDS user and database names, leading to transient runtime issues in the creation process.
This MR moves the process to use /dev/urandom
instead, which should be a better source of randomness for names. This also increases the number of random characters used in the name generation process from 6 to 33. These two combined should eliminate the potential of collisions.
Relevant logs/screenshots
Tests still pass.
$ BATS_RDS_USE_DOCKER=true bats ./ci_rds_test.sh
ci_rds_test.sh
✓ rds_requested enabled
✓ rds_new_databasename format
✓ rds_newdb internal psql
✓ rds_requested disabled
✓ rds_requested malformed
✓ rds_mapvalues complete
✓ rds_mapvalues complete arrays
✓ rds_mapvalues incomplete map definition
✓ rds_mapvalues missing files
✓ rds_create_multiple
✓ rds_create notenabled
✓ rds_create creator fails
✓ rds_create creator succeeds
✓ rds_delete internal
✓ rds_purge internal
✓ rds_values_merge fails with missing files
✓ rds_values_merge fails with invalid yaml
✓ rds_values_merge succeeds with valid yaml files
✓ rds_get_accessor_role sets valid credentials
✓ rds_get_accessor_role only assumes the role once within the lifetime
20 tests, 0 failures
Linked Issue
Upgrade Notices
N/A