You've already forked aws-iam-anywhere-refresher
How is the target directory over 100 gigs?
Some checks failed
🏗️✨ Test Build Workflow / 🖥️ 🔨 Build (push) Has been cancelled
Some checks failed
🏗️✨ Test Build Workflow / 🖥️ 🔨 Build (push) Has been cancelled
This commit is contained in:
@@ -10,6 +10,10 @@ RUN go mod download && go build -o aws-iam-anywhere-refresher .
|
|||||||
|
|
||||||
FROM ubuntu:latest AS runtime
|
FROM ubuntu:latest AS runtime
|
||||||
|
|
||||||
|
RUN apt update && apt install -yq ca-certificates curl
|
||||||
|
RUN curl -Ls https://siteworxpro.com/hosted/Siteworx+Root+CA.pem -o /usr/local/share/ca-certificates/sw.crt \
|
||||||
|
&& update-ca-certificates
|
||||||
|
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
COPY --from=build /app/aws-iam-anywhere-refresher /app/aws-iam-anywhere-refresher
|
COPY --from=build /app/aws-iam-anywhere-refresher /app/aws-iam-anywhere-refresher
|
||||||
|
|||||||
@@ -28,6 +28,7 @@ This image runs in a kubernetes cronjob and will create and save new IAM credent
|
|||||||
- `TRUSTED_ANCHOR_ARN` ***required*** : the trusted anchor arn
|
- `TRUSTED_ANCHOR_ARN` ***required*** : the trusted anchor arn
|
||||||
- `PRIVATE_KEY` ***required*** : iam private key base64 encoded
|
- `PRIVATE_KEY` ***required*** : iam private key base64 encoded
|
||||||
- `CERTIFICATE` ***required*** : iam certificate base64 encoded
|
- `CERTIFICATE` ***required*** : iam certificate base64 encoded
|
||||||
|
- `CA_CHAIN` : the certificate chain bundle if needed
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
|
|
||||||
|
|||||||
@@ -628,25 +628,18 @@ func parseDERFromPEM(pemDataId string, blockType string) (*pem.Block, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func ReadCertificateBundleData(certificateBundleId string) ([]*x509.Certificate, error) {
|
func ReadCertificateBundleData(certificateBundleId string) ([]*x509.Certificate, error) {
|
||||||
bts, err := os.ReadFile(certificateBundleId)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
var derBytes []byte
|
var derBytes []byte
|
||||||
var block *pem.Block
|
var block *pem.Block
|
||||||
for len(bts) > 0 {
|
block, _ = pem.Decode([]byte(certificateBundleId))
|
||||||
block, bts = pem.Decode(bts)
|
|
||||||
if block == nil {
|
if block.Type != "CERTIFICATE" {
|
||||||
break
|
return nil, errors.New("invalid certificate chain")
|
||||||
}
|
|
||||||
if block.Type != "CERTIFICATE" {
|
|
||||||
return nil, errors.New("invalid certificate chain")
|
|
||||||
}
|
|
||||||
blockBytes := block.Bytes
|
|
||||||
derBytes = append(derBytes, blockBytes...)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
blockBytes := block.Bytes
|
||||||
|
derBytes = append(derBytes, blockBytes...)
|
||||||
|
|
||||||
return x509.ParseCertificates(derBytes)
|
return x509.ParseCertificates(derBytes)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
package config
|
package config
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"encoding/base64"
|
||||||
"fmt"
|
"fmt"
|
||||||
"git.siteworxpro.com/packages/go/utilities/Env"
|
"git.siteworxpro.com/packages/go/utilities/Env"
|
||||||
"regexp"
|
"regexp"
|
||||||
@@ -14,6 +15,7 @@ const (
|
|||||||
trustedAnchorArn Env.EnvironmentVariable = "TRUSTED_ANCHOR_ARN"
|
trustedAnchorArn Env.EnvironmentVariable = "TRUSTED_ANCHOR_ARN"
|
||||||
privateKey Env.EnvironmentVariable = "PRIVATE_KEY"
|
privateKey Env.EnvironmentVariable = "PRIVATE_KEY"
|
||||||
certificate Env.EnvironmentVariable = "CERTIFICATE"
|
certificate Env.EnvironmentVariable = "CERTIFICATE"
|
||||||
|
bundleId Env.EnvironmentVariable = "CA_CHAIN"
|
||||||
sessionDuration Env.EnvironmentVariable = "SESSION_DURATION"
|
sessionDuration Env.EnvironmentVariable = "SESSION_DURATION"
|
||||||
restartDeployments Env.EnvironmentVariable = "RESTART_DEPLOYMENTS"
|
restartDeployments Env.EnvironmentVariable = "RESTART_DEPLOYMENTS"
|
||||||
fetchOnly Env.EnvironmentVariable = "FETCH_ONLY"
|
fetchOnly Env.EnvironmentVariable = "FETCH_ONLY"
|
||||||
@@ -65,6 +67,15 @@ func (c Config) Valid() error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (Config) BundleId() string {
|
||||||
|
v, err := base64.StdEncoding.DecodeString(bundleId.GetEnvString(""))
|
||||||
|
if err != nil {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
|
return string(v)
|
||||||
|
}
|
||||||
|
|
||||||
func (Config) FetchOnly() bool {
|
func (Config) FetchOnly() bool {
|
||||||
return fetchOnly.GetEnvBool(false)
|
return fetchOnly.GetEnvBool(false)
|
||||||
}
|
}
|
||||||
@@ -90,11 +101,21 @@ func (Config) TrustedAnchor() string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (Config) PrivateKey() string {
|
func (Config) PrivateKey() string {
|
||||||
return privateKey.GetEnvString("")
|
v, err := base64.StdEncoding.DecodeString(privateKey.GetEnvString(""))
|
||||||
|
if err != nil {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
|
return string(v)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (Config) Certificate() string {
|
func (Config) Certificate() string {
|
||||||
return certificate.GetEnvString("")
|
v, err := base64.StdEncoding.DecodeString(certificate.GetEnvString(""))
|
||||||
|
if err != nil {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
|
return string(v)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (Config) SessionDuration() int64 {
|
func (Config) SessionDuration() int64 {
|
||||||
|
|||||||
39
main.go
39
main.go
@@ -1,7 +1,6 @@
|
|||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/base64"
|
|
||||||
helper "gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/aws_signing_helper"
|
helper "gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/aws_signing_helper"
|
||||||
"gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/cmd"
|
"gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/cmd"
|
||||||
appConfig "gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/config"
|
appConfig "gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/config"
|
||||||
@@ -29,38 +28,14 @@ func main() {
|
|||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
|
||||||
privateKey, err := base64.StdEncoding.DecodeString(c.PrivateKey())
|
|
||||||
if err != nil {
|
|
||||||
l.Error("Failed to decode private key", "error", err)
|
|
||||||
os.Exit(1)
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(privateKey) == 0 {
|
|
||||||
l.Error("Private key is empty")
|
|
||||||
os.Exit(1)
|
|
||||||
}
|
|
||||||
|
|
||||||
certificate, err := base64.StdEncoding.DecodeString(c.Certificate())
|
|
||||||
if err != nil {
|
|
||||||
l.Error("Failed to decode certificate", "error", err)
|
|
||||||
os.Exit(1)
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(certificate) == 0 {
|
|
||||||
l.Error("Certificate is empty")
|
|
||||||
os.Exit(1)
|
|
||||||
}
|
|
||||||
|
|
||||||
credentials, err := cmd.Run(&helper.CredentialsOpts{
|
credentials, err := cmd.Run(&helper.CredentialsOpts{
|
||||||
PrivateKeyId: string(privateKey),
|
PrivateKeyId: c.PrivateKey(),
|
||||||
CertificateId: string(certificate),
|
CertificateId: c.Certificate(),
|
||||||
CertIdentifier: helper.CertIdentifier{
|
CertificateBundleId: c.BundleId(),
|
||||||
SystemStoreName: "MY",
|
RoleArn: c.RoleArn(),
|
||||||
},
|
ProfileArnStr: c.ProfileArn(),
|
||||||
RoleArn: c.RoleArn(),
|
TrustAnchorArnStr: c.TrustedAnchor(),
|
||||||
ProfileArnStr: c.ProfileArn(),
|
SessionDuration: int(c.SessionDuration()),
|
||||||
TrustAnchorArnStr: c.TrustedAnchor(),
|
|
||||||
SessionDuration: int(c.SessionDuration()),
|
|
||||||
})
|
})
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
Reference in New Issue
Block a user