-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy path037-admin-credentials-create-template.sh
More file actions
executable file
·103 lines (88 loc) · 4.15 KB
/
037-admin-credentials-create-template.sh
File metadata and controls
executable file
·103 lines (88 loc) · 4.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#!/bin/bash
# Resource: Credential(Accounts) (Under Administration)
# This is the first script(037-admin-credentials-create-template.sh) to generate template files without credentials
# The first script will generate template files under the folder: credential/template.
# Then users need to fill in the missing fields such as CA, credentials.
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
DATA_DIR="$SCRIPT_DIR"/data/credential
TEMPLATE_DIR=template
credential_type_json_template='{"type":{"kind":"Credential","version":"v1alpha1","package":"vmware.tanzu.manage.v1alpha1.account.credential.Credential"}}'
if [ ! -d $DATA_DIR ]; then
echo "Nothing to do without directory $DATA_DIR, please backup data first"
exit 0
fi
if [ ! -d $DATA_DIR/$TEMPLATE_DIR ]; then
mkdir -p $DATA_DIR/$TEMPLATE_DIR
fi
echo "Generate template yaml files for credentials with script 037-admin-credentials-create-template.sh"
# Handle with IMAGE_REGISTRY and PROXY_CONFIG in another script
# No longer support the AZURE_AKS and AWS_EKS.
credentialList=`cat "$DATA_DIR/credentials.yaml" | \
yq eval -o=json - | jq '.' | \
jq 'del(.totalCount)' | \
jq '.credentials |=map(select(.spec.capability != "IMAGE_REGISTRY" and .spec.capability != "PROXY_CONFIG" and .spec.meta.provider != "AZURE_AKS" and .spec.meta.provider != "AWS_EKS"))' | \
jq -c '.credentials[]'`
while IFS= read -r credential; do
name=$(echo "$credential" | jq -r '.fullName.name // ""')
provider=$(echo "$credential" | jq -r '.spec.meta.provider // ""')
capability=$(echo "$credential" | jq -r '.spec.capability // ""')
if [ "$provider" = "GENERIC_S3" ]; then
echo "$credential" | \
jq 'del(.fullName.orgId, .meta.parentReferences, .meta.creationTime, .meta.generation, .meta.resourceVersion, .meta.annotations, .meta.updateTime, .meta.uid, .type, .status)' | \
jq --argjson typeJson "$credential_type_json_template" '. += $typeJson' | \
jq --argjson data "{\"aws_access_key_id\":\"\",\"aws_secret_access_key\":\"\"}" '.spec.data.keyValue.data += $data' | \
yq eval -P - > "$DATA_DIR/$TEMPLATE_DIR/${provider}--${name}.yaml"
elif [ "$provider" = "AWS_EC2" ] || [ "$provider" = "AZURE_AD" ]; then
echo "$credential" | \
jq 'del(.fullName.orgId, .meta.parentReferences, .meta.creationTime, .meta.generation, .meta.resourceVersion, .meta.annotations, .meta.updateTime, .meta.uid, .type, .status)' | \
jq --argjson typeJson "$credential_type_json_template" '. += $typeJson' | \
yq eval -P - > "$DATA_DIR/$TEMPLATE_DIR/${provider}--${name}.yaml"
fi
done <<< "$credentialList"
echo '''
Template examples:
1.Spec Format for Self-provisioned: AWS S3 or S3 compatible
##################################################################
spec:
capability: DATA_PROTECTION
data:
keyValue:
data:
aws_access_key_id: "<Your aws_access_key_id>"
aws_secret_access_key: "<Your aws_secret_access_key>"
type: SECRET_TYPE_UNSPECIFIED
meta:
provider: GENERIC_S3
temporaryCredentialSupport: false
2.Spec Format for Self-provisioned: Azure Blob
##################################################################
spec:
capability: DATA_PROTECTION
data:
azureCredential:
servicePrincipal:
azureCloudName: <AzurePublicCloud | AzureUSGovernmentCloud | AzureChinaCloud | AzureGermanCloud>
clientId: <Your clientId>
clientSecret: <Your clientSecret>
resourceGroup: <Your resource group>
subscriptionId: <Your subscriptionId>
tenantId: <Your tenantId>
meta:
provider: AZURE_AD
temporaryCredentialSupport: false
3.Spec Format for Self-provisioned: AWS_EC2
##################################################################
spec:
capability: DATA_PROTECTION
data:
awsCredential:
accountId: "<Your accountId or empty string>"
iamRole:
arn: "<Your arn>"
extId: "<Your extId>"
meta:
provider: AWS_EC2
temporaryCredentialSupport: false
'''
echo "##################################################################"
echo "You need to go to the dir: data/credential/template to fill the missing fields for each template file before execute the import script."