siteworxpro/aws-iam-anywhere-refresher
1
Fork 0
Code Pull Requests Actions Releases 2 Activity

Trust me, it's not badly written. It's just way above your head.
All checks were successful
🏗️✨ Test Build Workflow / 🖥️ 🔨 Build (push) Successful in 26m36s
Details

Browse Source
This commit is contained in:
Ron Rise
2025-05-14 21:40:31 -04:00
parent 6fd817726d
commit 5259fb9aa4
2 changed files with 33 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
config/config.go
View File

@@ -16,6 +16,7 @@ const (
certificate Env.EnvironmentVariable = "CERTIFICATE" certificate Env.EnvironmentVariable = "CERTIFICATE"
sessionDuration Env.EnvironmentVariable = "SESSION_DURATION" sessionDuration Env.EnvironmentVariable = "SESSION_DURATION"
restartDeployments Env.EnvironmentVariable = "RESTART_DEPLOYMENTS" restartDeployments Env.EnvironmentVariable = "RESTART_DEPLOYMENTS"
fetchOnly Env.EnvironmentVariable = "FETCH_ONLY"
) )
type Config struct{} type Config struct{}
@@ -64,6 +65,10 @@ func (c Config) Valid() error {
return nil return nil
} }
func (Config) FetchOnly() bool {
return fetchOnly.GetEnvBool(false)
}
func (Config) Namespace() string { func (Config) Namespace() string {
return namespace.GetEnvString("") return namespace.GetEnvString("")
} }

36
main.go
View File

@@ -18,18 +18,12 @@ func main() {
ReportTimestamp: true, ReportTimestamp: true,
TimeFormat: time.RFC3339, TimeFormat: time.RFC3339,
}) })
l.Info("Starting credentials refresh") l.Info("Starting credentials refresh")
client, err := kube_client.NewKubeClient()
if err != nil {
l.Error("Failed to create kubernetes client", "error", err)
os.Exit(1)
}
c := appConfig.NewConfig() c := appConfig.NewConfig()
err = c.Valid() err := c.Valid()
if err != nil { if err != nil {
l.Error("Invalid configuration", "error", err) l.Error("Invalid configuration", "error", err)
os.Exit(1) os.Exit(1)
@@ -41,12 +35,22 @@ func main() {
os.Exit(1) os.Exit(1)
} }
if len(privateKey) == 0 {
l.Error("Private key is empty")
os.Exit(1)
}
certificate, err := base64.StdEncoding.DecodeString(c.Certificate()) certificate, err := base64.StdEncoding.DecodeString(c.Certificate())
if err != nil { if err != nil {
l.Error("Failed to decode certificate", "error", err) l.Error("Failed to decode certificate", "error", err)
os.Exit(1) os.Exit(1)
} }
if len(certificate) == 0 {
l.Error("Certificate is empty")
os.Exit(1)
}
credentials, err := cmd.Run(&helper.CredentialsOpts{ credentials, err := cmd.Run(&helper.CredentialsOpts{
PrivateKeyId: string(privateKey), PrivateKeyId: string(privateKey),
CertificateId: string(certificate), CertificateId: string(certificate),
@@ -67,6 +71,22 @@ func main() {
l.Info("Credentials refreshed") l.Info("Credentials refreshed")
if c.FetchOnly() {
l.Info("Fetch only mode, skipping secret update")
l.Info("AccessKeyId", "access-key-id", credentials.AccessKeyId)
l.Info("SecretAccessKey", "secret-access-key", credentials.SecretAccessKey)
l.Info("SessionToken", "session-token", credentials.SessionToken)
os.Exit(0)
}
client, err := kube_client.NewKubeClient()
if err != nil {
l.Error("Failed to create kubernetes client", "error", err)
os.Exit(1)
}
_, err = client.GetSecret(c.Namespace(), c.Secret()) _, err = client.GetSecret(c.Namespace(), c.Secret())
if err != nil { if err != nil {
l.Error("Failed to get secret", "error", err) l.Error("Failed to get secret", "error", err)