github.com/verrazzano/verrazzano@v1.7.1/platform-operator/scripts/install/create_oci_fluentd_secret.sh

github.com/verrazzano/verrazzano@v1.7.1/platform-operator/scripts/install/create_oci_fluentd_secret.sh (about)

     1  #!/usr/bin/env bash
     2  #
     3  # Copyright (c) 2022, Oracle and/or its affiliates.
     4  # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     5  #
     6  #
     7  # Creates a Kubernetes secret based on an OCI CLI configuration for consumption by the fluentd OCI plugin
     8  #
     9  # WARNING: This script can be downloaded and run standalone. All required functions must exist within this script
    10  
    11  SCRIPT_DIR=$(cd $(dirname "$0"); pwd -P)
    12  
    13  if [ -z "${KUBECONFIG:-}" ] ; then
    14    echo "Environment variable KUBECONFIG must be set an point to a valid kube config file"
    15    exit 1
    16  fi
    17  
    18  TMP_DIR=$(mktemp -d)
    19  trap 'rc=$?; rm -rf ${TMP_DIR} || true' EXIT
    20  
    21  # read a config item from a specified section of an oci config file
    22  function read_config() {
    23    if [[ $# -lt 2 || ! -f $1 ]]; then
    24      echo "usage: iniget <file> [--list|<SECTION> [key]]"
    25      return 1
    26    fi
    27    local ocifile=$1
    28  
    29    if [ "$2" == "--list" ]; then
    30      for SECTION in $(cat $ocifile | grep "\[" | sed -e "s#\[##g" | sed -e "s#\]##g"); do
    31        echo $SECTION
    32      done
    33      return 0
    34    fi
    35  
    36    local SECTION=$2
    37    local key
    38    [ $# -eq 3 ] && key=$3
    39  
    40    # Read the lines from the OCI CLI configuration file, by ignoring the comments and prefix each line with the given section.
    41   local lines=$(awk '!/^#/{gsub(/^[[:space:]]*#.*/,"",$0);print}' $ocifile | awk '/\[/{prefix=$0; next} $1{print prefix $0}')
    42    for line in $lines; do
    43      if [[ "$line" = \[$SECTION\]* ]]; then
    44        local keyval=$(echo $line | sed -e "s/^\[$SECTION\]//")
    45        if [[ -z "$key" ]]; then
    46          echo $keyval
    47        else
    48          if [[ "$keyval" = $key=* ]]; then
    49            echo $(echo $keyval | sed -e "s/^$key=//")
    50          fi
    51        fi
    52      fi
    53    done
    54  }
    55  
    56  function usage {
    57      echo
    58      echo "usage: $0 [-o oci_config_file] [-s config_file_section]"
    59      echo "  -o oci_config_file         The full path to the OCI configuration file. Default is ~/.oci/config"
    60      echo "  -s config_file_section     The properties section within the OCI configuration file. Default is DEFAULT"
    61      echo "  -k secret_name             The secret name containing the OCI configuration. Default is \"oci-fluentd\""
    62      echo "  -c context_name            The kubectl context to use"
    63      echo "  -h                         Help"
    64      echo
    65      exit 1
    66  }
    67  
    68  OUTPUT_FILE=$TMP_DIR/oci.yaml
    69  
    70  OCI_CONFIG_FILE=~/.oci/config
    71  SECTION=DEFAULT
    72  OCI_FLUENTD_SECRET_NAME=oci-fluentd
    73  K8SCONTEXT=""
    74  VERRAZZANO_INSTALL_NS=verrazzano-install
    75  
    76  while getopts c:o:s:k:h flag
    77  do
    78      case "${flag}" in
    79          o) OCI_CONFIG_FILE=${OPTARG};;
    80          s) SECTION=${OPTARG};;
    81          k) OCI_FLUENTD_SECRET_NAME=${OPTARG};;
    82          c) K8SCONTEXT="--context=${OPTARG}";;
    83          h) usage;;
    84          *) usage;;
    85      esac
    86  done
    87  
    88  if [[ ! -f ${OCI_CONFIG_FILE} ]]; then
    89      echo "OCI CLI configuration ${OCI_CONFIG_FILE} does not exist."
    90      usage
    91      exit 1
    92  fi
    93  
    94  SECTION_PROPS=$(read_config $OCI_CONFIG_FILE $SECTION *)
    95  eval $SECTION_PROPS
    96  
    97  # The entries user, fingerprint, key_file, tenancy and region are mandatory in the OCI CLI configuration file.
    98  # An empty/null value for any of the values in $OUTPUT_FILE indicates an issue with the configuration file.
    99  if [ -z "$region" ] || [ -z "$tenancy" ] || [ -z "$user" ] || [ -z "$key_file" ] || [ -z "$fingerprint" ]; then
   100    echo "One or more required entries are missing from section $SECTION in OCI CLI configuration."
   101    exit 1
   102  fi
   103  
   104  CONFIG_TMP=$TMP_DIR/oci_config_tmp
   105  cat <<EOT > $CONFIG_TMP
   106  [DEFAULT]
   107  user=${user}
   108  tenancy=${tenancy}
   109  region=${region}
   110  fingerprint=${fingerprint}
   111  key_file=/root/.oci/key
   112  EOT
   113  
   114  if [[ ! -z "$pass_phrase" ]]; then
   115  echo "pass_phrase=${pass_phrase}" >> CONFIG_TMP
   116  fi
   117  
   118  # create the secret in verrazzano-install namespace
   119  kubectl ${K8SCONTEXT} get secret $OCI_FLUENTD_SECRET_NAME -n $VERRAZZANO_INSTALL_NS > /dev/null 2>&1
   120  if [ $? -eq 0 ]; then
   121    # secret exists
   122    echo "Secret $OCI_FLUENTD_SECRET_NAME already exists in ${VERRAZZANO_INSTALL_NS} namespace."
   123    exit 1
   124  fi
   125  
   126  # Create the secret
   127  kubectl ${K8SCONTEXT} create secret -n $VERRAZZANO_INSTALL_NS  generic $OCI_FLUENTD_SECRET_NAME --from-file=config=${CONFIG_TMP} \
   128    --from-file=key=${key_file}