Adding Names to the Parameters Passed Into A Container and Functions

ACM.407 Retrieving bash function parameters by name rather than position

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics | Code.

🔒 Related Stories: AWS Security | Secure Code | Container Security

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In the last post I explained how to deploy multiple resources in one session with the container I’m building that allows you to require MFA to execute deployment jobs.

Deploying Multiple Resources By Combining Micro-Templates Scripts

ACM.406 Deploying multiple resources in one MFA-initiated AWS CLI Session in a container ~ or just one of them 😊

medium.com

In this post, I want to modify how I am handling parameters in my code to fix some issues I’m having with it. I may end up using this method throughout my code in the future.

Adding names to the parameter list

At this point I determine that I want to pass in the environment we’re deploying to along with the region and profile. The reason for that is because when I deploy a resource with a particular template and that resource needs to be replicated to another environment, I want to use the same code but specify the environment to which it will be deployed.

I’m currently passing in parameters to my container like this but it’s getting a bit out wieldy.

I want to change the format of the parameters passed in to this and pass my argument list in as a single string. Also note that by doing this I can tack additional parameters that a particular script may need onto the end.

By using that approach, I can look up a parameter by name instead of depending on the order and do away with positional errors due to missing values that were not properly set. This should make error messages clearer.

Modifying the job parsing code

After I made that change, I need to alter the code that parses the parameters passed into the function.

That’s in job/run.sh.

Here’s what that code looks like currently:

Initially I only test that the parameter is passed in the format I’m expecting:

That worked so now I can modify my code that gets a parameter and use it to set the parameters by name instead of position. I have this existing function but I realized it wasn’t working properly in the last post so we’ll make some adjustments to it.

I’m going to remove the brackets and find the parameter by iterating through the comma separated list and checking the names of each value.

First I’m going to make sure I’m actually iterating through the list correctly and echo out the name of each parameter.

I add the shared functions file and remove the secrets functions file because I don’t think I actually need that. I add a call to the function — the name I pass in doesn’t matter at this point.

I get back my parameters but I was previously putting brackets around the job specific parameters. I can remove that now:

When I’m taking on parameters as I’m doing with the params value below, I need to add a comma at the beginning:

and remove the comma at the end of my parameters passed into the container:

My parameters for the “all” job end up looking like this:

Except that I can set the environment parameter globally for the root user so I don’t really need that environment parameter. It will get included in the parameter list every time so I removed it.

But as you can see I can tack on whatever parameters I need to the end of the parameter list passed into the container.

Of course I’m thinking about a million kinds of code injection attacks with every line of code I write but trying to make this functional initially and no one is using this code but me at the moment. I will look into that more later.

I run the code again with my “all” job and as you can see all my additional parameters got tacked onto the end and parsed. Cool.

Now we can add code to get the value of the parameter back in but I’m removing the comma at the end of the parameter name-value pair.

After spitting out all the values and fixing various typos I got it working.

Now my job/run.sh script looks like this:

And without further testing, I know I also fixed the issue in my deploy scripts where the function I just altered was not correctly getting the values of variables.

Now I can move on to show you what I really wanted to show you which was parallel deployment of resources.

Follow for updates.

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab

Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation

Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab