Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Iopz 2276 update create k8s chained sessions script #14

Merged
merged 1 commit into from
Mar 28, 2024
Merged

Iopz 2276 update create k8s chained sessions script #14

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,10 @@ We only publish this on Panopedia to avoid publicly exposing these internal deta
This script is only meant for testing and is used to revert the setup script in
order to run it again. It does not require any variables as input.

## Create K8s Chained Session Setup
## Create Chained Session Setup

This script is meant to create the chained IAM Role sessions using the
`TerraformRole` in each of our K8s cluster accounts. These sessions
`TerraformRole` in each of our K8s and DBs cluster accounts. These sessions
enable the use of kubectl with the clusters. Further instructions
and information can be found in the [Working With Clusters](https://panoramaed.atlassian.net/wiki/spaces/ENG/pages/2891415801/Working+with+Clusters)
KB in Panopedia.
Expand Down
36 changes: 21 additions & 15 deletions create-k8s-chained-sessions.sh → create-chained-sessions.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,16 +14,18 @@ declare REGION='us-east-1'
# function to create a chained leapp session given a parent session id
# Args:
# 1: name of environment ("playground", "staging", etc.)
# 2: sso role name to use for the parent session
# 3: scope of the IAM role ("panorama" or "eks").
# 4: name of the persona (e.g. admin, dev-writer, etc.) the new session is for
# 2: name of service ("k8s" or "DBs", reflecting naming of parent Leapp sessions)
# 3: sso role name to use for the parent session
# 4: scope of the IAM role ("panorama" or "eks" or "rds").
# 5: name of the persona (e.g. admin, dev-writer, etc.) the new session is for
function createLeappSession {
green_echo "creating chained session for $1 with persona $4"
green_echo "creating chained session for $1 with persona $5"
environment_name=$1
parent_session_name="panorama-k8s-${environment_name}"
parent_role_name=$2
iam_role_scope=$3
persona_name=$4
service_name=$2
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is yet another ordered arg, but I figured we don't care about adding another arg since this function is called within the script at the bottom.

parent_session_name="panorama-${service_name}-${environment_name}"
parent_role_name=$3
iam_role_scope=$4
persona_name=$5
# check if the parent session exists for the role. We do this because
# not all users have access to all roles. We want to only create sessions
# for roles that people have access to.
Expand All @@ -33,7 +35,7 @@ function createLeappSession {
return
fi

chained_session_name="k8s-${environment_name}-${persona_name}"
chained_session_name="${service_name}-${environment_name}-${persona_name}"

green_echo " looking for existing session ${chained_session_name}"
iam_role_name="${iam_role_scope}-${persona_name}"
Expand Down Expand Up @@ -71,7 +73,7 @@ function leappSessionId {
leapp session list -x --filter="Session Name=^${1}$" --output json | jq -r ".[] | select(.role==\"${2}\") | .id"
}

# function to create a leapp profile to associate with the chained k8s sessions
# function to create a leapp profile to associate with the chained k8s or DBs sessions
# stores the new profile id in PROFILE_ID
function createLeappProfile {
# The ^ and $ in the session filter are regex anchors to ensure we are
Expand All @@ -89,13 +91,17 @@ function createLeappProfile {
#
###### END FUNCTIONS ######

# session names from Leapp for each k8s account
# session names from Leapp for each k8s or DBs account
ENV_NAMES="playground playground-2 staging production"

for env in $ENV_NAMES
do
createLeappSession "$env" "AWSAdministratorAccess" "eks" "admin"
createLeappSession "$env" "PanoramaK8sEngineeringDefault" "panorama" "dev-writer"
createLeappSession "$env" "PanoramaK8sEngineeringDefault" "panorama" "dev-reader"
createLeappSession "$env" "PanoramaK8sDSAR" "panorama" "data-science-tester"
createLeappSession "$env" "k8s" "AWSAdministratorAccess" "eks" "admin"
createLeappSession "$env" "k8s" "PanoramaK8sEngineeringDefault" "panorama" "dev-writer"
createLeappSession "$env" "k8s" "PanoramaK8sEngineeringDefault" "panorama" "dev-reader"
createLeappSession "$env" "k8s" "PanoramaK8sDSAR" "panorama" "data-science-tester"

createLeappSession "$env" "DBs" "AWSAdministratorAccess" "rds" "admin"
createLeappSession "$env" "DBs" "PanoramaDBsEngineeringDefault" "panorama" "dev-writer"
createLeappSession "$env" "DBs" "PanoramaDBsEngineeringDefault" "panorama" "dev-reader"
done
Loading