Add generate_password function

ccp/modules/datashield-setup.sh

@@ -3,10 +3,10 @@
 if [ "$ENABLE_DATASHIELD" == true ]; then
   log INFO "DataSHIELD setup detected -- will start DataSHIELD services."
   OVERRIDE+=" -f ./$PROJECT/modules/datashield-compose.yml"
-  EXPORTER_OPAL_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Opal DB. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+  EXPORTER_OPAL_PASSWORD="$(generate_password \"exporter in Opal\")"
-  TOKEN_MANAGER_OPAL_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Token Manager in Opal. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+  TOKEN_MANAGER_OPAL_PASSWORD="$(generate_password \"Token Manager in Opal\")"
-  OPAL_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Opal DB. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+  OPAL_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Opal. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
-  OPAL_ADMIN_PASSWORD="$(echo \"This is a salt string to generate one consistent admin password for Opal. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+  OPAL_ADMIN_PASSWORD="$(generate_password \"admin password for Opal\")"
   DATASHIELD_CONNECT_SECRET="$(echo \"This is a salt string to generate one consistent password as the DataShield Connect secret. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
   if [ ! -e /tmp/bridgehead/opal-cert.pem ]; then
     mkdir -p /tmp/bridgehead/

ccp/modules/login-setup.sh

@@ -3,5 +3,5 @@
 if [ "$ENABLE_LOGIN" == true ]; then
   log INFO "Login setup detected -- will start Login services."
   OVERRIDE+=" -f ./$PROJECT/modules/login-compose.yml"
-  KEYCLOAK_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Keycloak. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+  KEYCLOAK_DB_PASSWORD="$(generate_password \"local Keycloak\")"
 fi

lib/functions.sh

@@ -307,3 +307,16 @@ generate_redirect_urls(){
     fi
     echo "$redirect_urls"
 }
+
+generate_password(){
+  local seed_text="$1"
+  local random_digit=$(openssl rand -hex 1 | head -c 1)
+  local random_upper=$(openssl rand -base64 3 | tr -dc 'A-Z' | head -c 1)
+  local random_lower=$(openssl rand -base64 3 | tr -dc 'a-z' | head -c 1)
+  local random_special=$(echo '@#$%^&+=' | fold -w1 | shuf -n1)
+
+  local combined_text="This is a salt string to generate one consistent password for ${seed_text}. It is not required to be secret."
+  local main_password=$(echo "${combined_text}" | openssl rsautl -sign -inkey "/etc/bridgehead/pki/${SITE_ID}.priv.pem" | base64 | head -c 26)
+
+  echo "${main_password}${random_digit}${random_upper}${random_lower}${random_special}"
+}