How is the target directory over 100 gigs?
Some checks failed
🏗️✨ Test Build Workflow / 🖥️ 🔨 Build (push) Has been cancelled
Some checks failed
🏗️✨ Test Build Workflow / 🖥️ 🔨 Build (push) Has been cancelled
This commit is contained in:
@@ -10,6 +10,10 @@ RUN go mod download && go build -o aws-iam-anywhere-refresher .
|
||||
|
||||
FROM ubuntu:latest AS runtime
|
||||
|
||||
RUN apt update && apt install -yq ca-certificates curl
|
||||
RUN curl -Ls https://siteworxpro.com/hosted/Siteworx+Root+CA.pem -o /usr/local/share/ca-certificates/sw.crt \
|
||||
&& update-ca-certificates
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
COPY --from=build /app/aws-iam-anywhere-refresher /app/aws-iam-anywhere-refresher
|
||||
|
||||
@@ -28,6 +28,7 @@ This image runs in a kubernetes cronjob and will create and save new IAM credent
|
||||
- `TRUSTED_ANCHOR_ARN` ***required*** : the trusted anchor arn
|
||||
- `PRIVATE_KEY` ***required*** : iam private key base64 encoded
|
||||
- `CERTIFICATE` ***required*** : iam certificate base64 encoded
|
||||
- `CA_CHAIN` : the certificate chain bundle if needed
|
||||
|
||||
```yaml
|
||||
|
||||
|
||||
@@ -628,25 +628,18 @@ func parseDERFromPEM(pemDataId string, blockType string) (*pem.Block, error) {
|
||||
}
|
||||
|
||||
func ReadCertificateBundleData(certificateBundleId string) ([]*x509.Certificate, error) {
|
||||
bts, err := os.ReadFile(certificateBundleId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var derBytes []byte
|
||||
var block *pem.Block
|
||||
for len(bts) > 0 {
|
||||
block, bts = pem.Decode(bts)
|
||||
if block == nil {
|
||||
break
|
||||
}
|
||||
if block.Type != "CERTIFICATE" {
|
||||
return nil, errors.New("invalid certificate chain")
|
||||
}
|
||||
blockBytes := block.Bytes
|
||||
derBytes = append(derBytes, blockBytes...)
|
||||
block, _ = pem.Decode([]byte(certificateBundleId))
|
||||
|
||||
if block.Type != "CERTIFICATE" {
|
||||
return nil, errors.New("invalid certificate chain")
|
||||
}
|
||||
|
||||
blockBytes := block.Bytes
|
||||
derBytes = append(derBytes, blockBytes...)
|
||||
|
||||
return x509.ParseCertificates(derBytes)
|
||||
}
|
||||
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package config
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"git.siteworxpro.com/packages/go/utilities/Env"
|
||||
"regexp"
|
||||
@@ -14,6 +15,7 @@ const (
|
||||
trustedAnchorArn Env.EnvironmentVariable = "TRUSTED_ANCHOR_ARN"
|
||||
privateKey Env.EnvironmentVariable = "PRIVATE_KEY"
|
||||
certificate Env.EnvironmentVariable = "CERTIFICATE"
|
||||
bundleId Env.EnvironmentVariable = "CA_CHAIN"
|
||||
sessionDuration Env.EnvironmentVariable = "SESSION_DURATION"
|
||||
restartDeployments Env.EnvironmentVariable = "RESTART_DEPLOYMENTS"
|
||||
fetchOnly Env.EnvironmentVariable = "FETCH_ONLY"
|
||||
@@ -65,6 +67,15 @@ func (c Config) Valid() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (Config) BundleId() string {
|
||||
v, err := base64.StdEncoding.DecodeString(bundleId.GetEnvString(""))
|
||||
if err != nil {
|
||||
return ""
|
||||
}
|
||||
|
||||
return string(v)
|
||||
}
|
||||
|
||||
func (Config) FetchOnly() bool {
|
||||
return fetchOnly.GetEnvBool(false)
|
||||
}
|
||||
@@ -90,11 +101,21 @@ func (Config) TrustedAnchor() string {
|
||||
}
|
||||
|
||||
func (Config) PrivateKey() string {
|
||||
return privateKey.GetEnvString("")
|
||||
v, err := base64.StdEncoding.DecodeString(privateKey.GetEnvString(""))
|
||||
if err != nil {
|
||||
return ""
|
||||
}
|
||||
|
||||
return string(v)
|
||||
}
|
||||
|
||||
func (Config) Certificate() string {
|
||||
return certificate.GetEnvString("")
|
||||
v, err := base64.StdEncoding.DecodeString(certificate.GetEnvString(""))
|
||||
if err != nil {
|
||||
return ""
|
||||
}
|
||||
|
||||
return string(v)
|
||||
}
|
||||
|
||||
func (Config) SessionDuration() int64 {
|
||||
|
||||
39
main.go
39
main.go
@@ -1,7 +1,6 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
helper "gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/aws_signing_helper"
|
||||
"gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/cmd"
|
||||
appConfig "gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/config"
|
||||
@@ -29,38 +28,14 @@ func main() {
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
privateKey, err := base64.StdEncoding.DecodeString(c.PrivateKey())
|
||||
if err != nil {
|
||||
l.Error("Failed to decode private key", "error", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
if len(privateKey) == 0 {
|
||||
l.Error("Private key is empty")
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
certificate, err := base64.StdEncoding.DecodeString(c.Certificate())
|
||||
if err != nil {
|
||||
l.Error("Failed to decode certificate", "error", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
if len(certificate) == 0 {
|
||||
l.Error("Certificate is empty")
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
credentials, err := cmd.Run(&helper.CredentialsOpts{
|
||||
PrivateKeyId: string(privateKey),
|
||||
CertificateId: string(certificate),
|
||||
CertIdentifier: helper.CertIdentifier{
|
||||
SystemStoreName: "MY",
|
||||
},
|
||||
RoleArn: c.RoleArn(),
|
||||
ProfileArnStr: c.ProfileArn(),
|
||||
TrustAnchorArnStr: c.TrustedAnchor(),
|
||||
SessionDuration: int(c.SessionDuration()),
|
||||
PrivateKeyId: c.PrivateKey(),
|
||||
CertificateId: c.Certificate(),
|
||||
CertificateBundleId: c.BundleId(),
|
||||
RoleArn: c.RoleArn(),
|
||||
ProfileArnStr: c.ProfileArn(),
|
||||
TrustAnchorArnStr: c.TrustedAnchor(),
|
||||
SessionDuration: int(c.SessionDuration()),
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user