Ron Rise
db068f5c6a
All checks were successful
🏗️✨ Build Workflow / 🖥️ 🔨 Build (push) Successful in 20m10s
105 lines
2.7 KiB
Go
105 lines
2.7 KiB
Go
package main
|
|
|
|
import (
|
|
"os"
|
|
"time"
|
|
|
|
helper "gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/aws_signing_helper"
|
|
"gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/cmd"
|
|
appConfig "gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/config"
|
|
"gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/kube_client"
|
|
"github.com/charmbracelet/log"
|
|
)
|
|
|
|
func main() {
|
|
|
|
l := log.NewWithOptions(os.Stderr, log.Options{
|
|
Level: log.DebugLevel,
|
|
ReportTimestamp: true,
|
|
TimeFormat: time.RFC3339,
|
|
})
|
|
|
|
l.Info("Starting credentials refresh")
|
|
|
|
c := appConfig.NewConfig()
|
|
|
|
err := c.Valid()
|
|
if err != nil {
|
|
l.Error("Invalid configuration", "error", err)
|
|
os.Exit(1)
|
|
}
|
|
|
|
credentials, err := cmd.Run(&helper.CredentialsOpts{
|
|
PrivateKeyId: c.PrivateKey(),
|
|
CertificateId: c.Certificate(),
|
|
CertificateBundleId: c.BundleId(),
|
|
RoleArn: c.RoleArn(),
|
|
ProfileArnStr: c.ProfileArn(),
|
|
TrustAnchorArnStr: c.TrustedAnchor(),
|
|
SessionDuration: int(c.SessionDuration()),
|
|
})
|
|
|
|
if err != nil {
|
|
l.Error("Failed to refresh credentials", "error", err)
|
|
|
|
os.Exit(3)
|
|
}
|
|
|
|
l.Info("Credentials refreshed")
|
|
|
|
if c.FetchOnly() {
|
|
l.Info("Fetch only mode, skipping secret update")
|
|
|
|
l.Info("AccessKeyId", "access-key-id", credentials.AccessKeyId)
|
|
l.Info("SecretAccessKey", "secret-access-key", credentials.SecretAccessKey)
|
|
l.Info("SessionToken", "session-token", credentials.SessionToken)
|
|
os.Exit(0)
|
|
}
|
|
|
|
client, err := kube_client.NewKubeClient()
|
|
if err != nil {
|
|
l.Error("Failed to create kubernetes client", "error", err)
|
|
|
|
os.Exit(1)
|
|
}
|
|
|
|
_, err = client.GetSecret(c.Namespace(), c.Secret())
|
|
if err != nil {
|
|
l.Error("Failed to get secret", "error", err)
|
|
l.Info("secret doesn't exist, trying to create")
|
|
create, err := client.CreateSecret(c.Namespace(), credentials.ToSecret(c.Secret()))
|
|
if err != nil {
|
|
l.Error("Failed to create secret", "error", err)
|
|
|
|
os.Exit(1)
|
|
}
|
|
l.Info("Created secret", "created-time-stamp", create.CreationTimestamp.String())
|
|
} else {
|
|
update, err := client.UpdateSecret(c.Namespace(), credentials.ToSecret(c.Secret()))
|
|
if err != nil {
|
|
l.Error("Failed to update secret", "error", err)
|
|
os.Exit(1)
|
|
}
|
|
l.Info("Updated secret", "updated-time-stamp", update.CreationTimestamp.String())
|
|
}
|
|
|
|
if c.RestartDeployments() {
|
|
l.Info("Restarting deployments")
|
|
deployments, err := client.ListDeployments(c.Namespace())
|
|
if err != nil {
|
|
l.Error("Failed to list deployments", "error", err)
|
|
os.Exit(1)
|
|
}
|
|
|
|
err = client.RestartDeployments(c.Namespace(), deployments)
|
|
if err != nil {
|
|
l.Error("Failed to restart deployments", "error", err)
|
|
os.Exit(1)
|
|
}
|
|
}
|
|
|
|
l.Info("Done!")
|
|
|
|
os.Exit(0)
|
|
}
|