github.com/verrazzano/verrazzano@v1.7.1/platform-operator/scripts/install/create_oci_config_secret.sh (about) 1 #!/usr/bin/env bash 2 # 3 # Copyright (c) 2020, 2023, Oracle and/or its affiliates. 4 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 5 # 6 # Creates a Kubernetes secret based on an OCI CLI configuration for consumption by External-DNS and/or Cert-Manager 7 # 8 9 # WARNING: This script can be downloaded and run standalone. All required functions must exist within this script 10 SCRIPT_DIR=$(cd $(dirname "$0"); pwd -P) 11 12 if [ -z "${KUBECONFIG:-}" ] ; then 13 echo "Environment variable KUBECONFIG must be set to a valid kube config file" 14 exit 1 15 fi 16 17 TMP_DIR=$(mktemp -d) 18 trap 'rc=$?; rm -rf ${TMP_DIR} || true' EXIT 19 20 # read a config item from a specified section of an oci config file 21 function read_config() { 22 if [[ $# -lt 2 || ! -f $1 ]]; then 23 echo "usage: iniget <file> [--list|<SECTION> [key]]" 24 return 1 25 fi 26 local ocifile=$1 27 28 if [ "$2" == "--list" ]; then 29 for SECTION in $(cat $ocifile | grep "\[" | sed -e "s#\[##g" | sed -e "s#\]##g"); do 30 echo $SECTION 31 done 32 return 0 33 fi 34 35 local SECTION=$2 36 local key 37 [ $# -eq 3 ] && key=$3 38 39 # Read the lines from the OCI CLI configuration file, by ignoring the comments and prefix each line with the given section. 40 local lines=$(awk '!/^#/{gsub(/^[[:space:]]*#.*/,"",$0);print}' $ocifile | awk '/\[/{prefix=$0; next} $1{print prefix $0}') 41 for line in $lines; do 42 if [[ "$line" = \[$SECTION\]* ]]; then 43 local keyval=$(echo $line | sed -e "s/^\[$SECTION\]//") 44 if [[ -z "$key" ]]; then 45 echo $keyval 46 else 47 if [[ "$keyval" = $key=* ]]; then 48 echo $(echo $keyval | sed -e "s/^$key=//") 49 fi 50 fi 51 fi 52 done 53 } 54 55 function usage { 56 echo 57 echo "usage: $0 [-o oci_config_file] [-s config_file_section]" 58 echo " -o oci_config_file The full path to the OCI configuration file. Default is ~/.oci/config" 59 echo " -s config_file_section The properties section within the OCI configuration file. Default is DEFAULT" 60 echo " -k secret_name The secret name containing the OCI configuration. Default is oci" 61 echo " -c context_name The kubectl context to use" 62 echo " -a auth_type The auth_type to be used to access OCI. Valid values are user_principal/instance_principal. Default is user_principal." 63 echo " -n namespace The target namespace to create the secret in. Default is \"verrazzano-install\"." 64 echo " -h Help" 65 echo 66 exit 1 67 } 68 69 OUTPUT_FILE=$TMP_DIR/oci.yaml 70 71 OCI_CONFIG_FILE=~/.oci/config 72 SECTION=DEFAULT 73 OCI_CONFIG_SECRET_NAME=oci 74 K8SCONTEXT="" 75 TARGET_NS=verrazzano-install 76 OCI_AUTH_TYPE="user_principal" 77 78 while getopts c:n:o:s:k:a:h flag 79 do 80 case "${flag}" in 81 o) OCI_CONFIG_FILE=${OPTARG};; 82 s) SECTION=${OPTARG};; 83 k) OCI_CONFIG_SECRET_NAME=${OPTARG};; 84 c) K8SCONTEXT="--context=${OPTARG}";; 85 a) OCI_AUTH_TYPE_INPUT=${OPTARG};; 86 n) TARGET_NS=${OPTARG};; 87 h) usage;; 88 *) usage;; 89 esac 90 done 91 92 if [ "${OCI_AUTH_TYPE_INPUT:-}" ] ; then 93 if [ ${OCI_AUTH_TYPE_INPUT} == "user_principal" ] || [ ${OCI_AUTH_TYPE_INPUT} == "instance_principal" ]; then 94 OCI_AUTH_TYPE=${OCI_AUTH_TYPE_INPUT} 95 fi 96 fi 97 98 if [ ${OCI_AUTH_TYPE} == "instance_principal" ] ; then 99 echo "auth:" > $OUTPUT_FILE 100 echo " authtype: instance_principal" >> $OUTPUT_FILE 101 fi 102 103 if [ ${OCI_AUTH_TYPE} == "user_principal" ] ; then 104 if [[ ! -f ${OCI_CONFIG_FILE} ]]; then 105 echo "OCI CLI configuration ${OCI_CONFIG_FILE} does not exist." 106 usage 107 exit 1 108 fi 109 110 SECTION_PROPS=$(read_config $OCI_CONFIG_FILE $SECTION *) 111 eval $SECTION_PROPS 112 113 # The entries user, fingerprint, key_file, tenancy and region are mandatory in the OCI CLI configuration file. 114 # An empty/null value for any of the values in $OUTPUT_FILE indicates an issue with the configuration file. 115 if [ -z "$region" ] || [ -z "$tenancy" ] || [ -z "$user" ] || [ -z "$key_file" ] || [ -z "$fingerprint" ]; then 116 echo "One or more required entries are missing from section $SECTION in OCI CLI configuration." 117 exit 1 118 fi 119 120 #create the yaml file 121 echo "auth:" > $OUTPUT_FILE 122 echo " region: $region" >> $OUTPUT_FILE 123 echo " tenancy: $tenancy" >> $OUTPUT_FILE 124 echo " user: $user" >> $OUTPUT_FILE 125 echo " fingerprint: $fingerprint" >> $OUTPUT_FILE 126 echo " authtype: ${OCI_AUTH_TYPE}" >> $OUTPUT_FILE 127 if [[ ! -z "$pass_phrase" ]]; then 128 echo " passphrase: $pass_phrase" >> $OUTPUT_FILE 129 fi 130 echo " key: |" >> $OUTPUT_FILE 131 cat $key_file | sed 's/^/ /' >> $OUTPUT_FILE 132 fi 133 134 # create the secret in verrazzano-install namespace 135 kubectl ${K8SCONTEXT} get secret $OCI_CONFIG_SECRET_NAME -n $TARGET_NS > /dev/null 2>&1 136 if [ $? -eq 0 ]; then 137 # secret exists 138 echo "Secret $OCI_CONFIG_SECRET_NAME already exists in ${TARGET_NS} namespace. Please delete that and try again." 139 exit 1 140 fi 141 kubectl ${K8SCONTEXT} create secret -n $TARGET_NS generic $OCI_CONFIG_SECRET_NAME --from-file=$OUTPUT_FILE