Merge pull request #8199 from OpenMined/add_aks_cred_storage_sh

ADD script to save AKS credentials in 1password
OpenMined · Jan 23, 2024 · a931acb · a931acb
2 parents fc97da3 + ebd5b75
commit a931acb
Show file tree

Hide file tree

Showing 2 changed files with 127 additions and 0 deletions.
diff --git a/scripts/load_kube_credentials.sh b/scripts/load_kube_credentials.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+
+# Function to check if a command exists
+not_installed() {
+    ! type "$1" &> /dev/null
+}
+
+# Define associative array for command installation links
+declare -A INSTALLATION_LINKS=(
+    [jq]="https://stedolan.github.io/jq/download/"
+    [yq]="https://github.com/mikefarah/yq"
+    [op]="https://developer.1password.com/docs/cli/get-started/"
+)
+
+# Check for required commands and provide installation links
+for cmd in jq yq op; do
+    if not_installed "$cmd"; then
+        echo "$cmd is not installed. You can install it from: ${INSTALLATION_LINKS[$cmd]}"
+        exit 1
+    fi
+done
+
+# The string to match with context.name in kubeconfig
+CONTEXT_NAME="$1"
+
+# Ensure script is called with one argument
+if [ -z "$1" ]; then
+    echo "No context name provided. Please provide it."
+    echo "eg. ./load_aks_credentials.sh <context_name>"
+    exit 1
+fi
+
+# Fetch data from 1Password
+jsonData=$(op item get $CONTEXT_NAME  --fields label=CLIENT_CERTIFICATE_DATA,label=USER_NAME,label=CLIENT_KEY_DATA,label=TOKEN,label=SERVER,label=CLUSTER_NAME,label=CERTIFICATE_AUTHORITY_DATA --format json)
+
+# Check exit status of the last command
+if [ $? -ne 0 ]; then
+    exit 1
+fi
+
+# Assign the JSON values to variables
+CLIENT_CERTIFICATE_DATA=$(echo $jsonData | jq -r '.[] | select(.label=="CLIENT_CERTIFICATE_DATA") | .value')
+CLIENT_KEY_DATA=$(echo $jsonData | jq -r '.[] | select(.label=="CLIENT_KEY_DATA") | .value')
+TOKEN=$(echo $jsonData | jq -r '.[] | select(.label=="TOKEN") | .value')
+SERVER=$(echo $jsonData | jq -r '.[] | select(.label=="SERVER") | .value')
+CLUSTER_NAME=$(echo $jsonData | jq -r '.[] | select(.label=="CLUSTER_NAME") | .value')
+CERTIFICATE_AUTHORITY_DATA=$(echo $jsonData | jq -r '.[] | select(.label=="CERTIFICATE_AUTHORITY_DATA") | .value')
+USER_NAME=$(echo $jsonData | jq -r '.[] | select(.label=="USER_NAME") | .value')
+
+kubectl config set-cluster "$CLUSTER_NAME" --server="$SERVER"
+kubectl config set-credentials "$USER_NAME" --token="$TOKEN"
+kubectl config set-context "$CLUSTER_NAME" --cluster="$CLUSTER_NAME" --user="$USER_NAME" --namespace=default
+kubectl config use-context "$CLUSTER_NAME"
+kubectl config set clusters."$CLUSTER_NAME".certificate-authority-data "$CERTIFICATE_AUTHORITY_DATA"
+kubectl config set users."$USER_NAME".client-certificate-data "$CLIENT_CERTIFICATE_DATA"
+kubectl config set users."$USER_NAME".client-key-data "$CLIENT_KEY_DATA"
+
+
+echo "Updated kubeconfig with new cluster, context, and user"
+
diff --git a/scripts/save_kube_credentials.sh b/scripts/save_kube_credentials.sh
@@ -0,0 +1,67 @@
+#!/bin/bash
+
+# The string to match with context.name in the kubeconfig
+CONTEXT_NAME="$1"
+
+# File path to kubeconfig
+KUBECONFIG_FILE="~/.kube/config"
+
+# Parse and find user and cluster details from the kubectl config
+parse_kubectl_config() {
+    # Finding the context with the matching user
+    USERNAME=$(yq e ".contexts[] | select(.name == \"$CONTEXT_NAME\") | .context.user" ~/.kube/config)
+    CLUSTER_NAME=$(yq e ".contexts[] | select(.name == \"$CONTEXT_NAME\") | .context.cluster" ~/.kube/config)
+
+    # Check if the context was found
+    if [ -z "$USERNAME" ]; then
+       echo "No matching context found."
+       exit 1
+    fi
+
+    # Extracting user details
+    CLIENT_CERTIFICATE_DATA=$(yq e ".users[] | select(.name == \"$USERNAME\") | .user.\"client-certificate-data\"" ~/.kube/config)
+    CLIENT_KEY_DATA=$(yq e ".users[] | select(.name == \"$USERNAME\") | .user.\"client-key-data\"" ~/.kube/config)
+    TOKEN=$(yq e ".users[] | select(.name == \"$USERNAME\") | .user.token" ~/.kube/config)
+
+    # Extracting cluster details
+    CERTIFICATE_AUTHORITY_DATA=$(yq e ".clusters[] | select(.name == \"$CLUSTER_NAME\") | .cluster.\"certificate-authority-data\"" ~/.kube/config)
+    SERVER=$(yq e ".clusters[] | select(.name == \"$CLUSTER_NAME\") | .cluster.server" ~/.kube/config)
+
+    # Creating a new item in 1Password
+    op item create --category="Api Credential" --title="$CONTEXT_NAME" CLIENT_CERTIFICATE_DATA=$CLIENT_CERTIFICATE_DATA USER_NAME=$USERNAME CLIENT_KEY_DATA=$CLIENT_KEY_DATA TOKEN=$TOKEN CERTIFICATE_AUTHORITY_DATA=$CERTIFICATE_AUTHORITY_DATA SERVER=$SERVER CLUSTER_NAME=$CLUSTER_NAME
+
+    # Check exit status of the op item creation command
+    if [ $? -ne 0 ]; then
+        exit 1
+    fi
+}
+
+# Ensure script is called with two arguments
+if [ -z "$1" ]; then
+    echo "Insufficient arguments provided. Please provide context name."
+    echo "eg. ./save_aks_credentials.sh <context_name>"
+    exit 1
+fi
+
+# Function to check if a command exists
+not_installed() {
+    ! type "$1" &> /dev/null
+}
+
+# Define associative array for command installation links
+declare -A INSTALLATION_LINKS=(
+    [jq]="https://stedolan.github.io/jq/download/"
+    [yq]="https://github.com/mikefarah/yq"
+    [op]="https://developer.1password.com/docs/cli/get-started/"
+)
+
+# Check for required commands and provide installation links
+for cmd in jq yq op; do
+    if not_installed "$cmd"; then
+        echo "$cmd is not installed. You can install it from: ${INSTALLATION_LINKS[$cmd]}"
+        exit 1
+    fi
+done
+
+# Invoke the parsing function
+parse_kubectl_config