sigs.k8s.io/prow@v0.0.0-20240503223140-c5e374dc7eb1/cmd/grandmatriarch/bake.sh

sigs.k8s.io/prow@v0.0.0-20240503223140-c5e374dc7eb1/cmd/grandmatriarch/bake.sh (about)

     1  #!/usr/bin/env bash
     2  # Copyright 2018 The Kubernetes Authors.
     3  #
     4  # Licensed under the Apache License, Version 2.0 (the "License");
     5  # you may not use this file except in compliance with the License.
     6  # You may obtain a copy of the License at
     7  #
     8  #     http://www.apache.org/licenses/LICENSE-2.0
     9  #
    10  # Unless required by applicable law or agreed to in writing, software
    11  # distributed under the License is distributed on an "AS IS" BASIS,
    12  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  # See the License for the specific language governing permissions and
    14  # limitations under the License.
    15  
    16  # TODO(fejta): make this a good program, not bash
    17  
    18  set -o errexit
    19  set -o nounset
    20  set -o pipefail
    21  
    22  if [[ "$#" == 0 ]]; then
    23    echo "Usage: $(basename "$0") [json creds] <name>" >&2
    24    exit 1
    25  fi
    26  
    27  if [[ $# == 2 ]]; then
    28    creds="$1"
    29    shift
    30  else
    31    creds=
    32  fi
    33  name="$1"
    34  
    35  if [[ -n "$creds" ]]; then
    36    echo "Activating $creds..." >&2
    37    if [[ ! -f "$creds" ]]; then
    38      echo "Not found: $creds" >&2
    39      exit 1
    40    fi
    41    gcloud auth activate-service-account --key-file="$creds"
    42    gcloud auth list
    43    duration=20m
    44  else
    45    duration=1m # Need shorter wait here as metadata server has its own caching
    46  fi
    47  
    48  create=yes
    49  
    50  print-token() {
    51    gcloud config config-helper --force-auth-refresh --format='value(credential.access_token)'
    52  }
    53  
    54  # Format of the cookiefile is:
    55  # * one line per cookie
    56  # * tab separate the following fields:
    57  #   - DOMAIN
    58  #   - INITIAL_DOT
    59  #   - PATH
    60  #   - PATH_SPECIFIED
    61  #   - expires
    62  #   - name
    63  #   - value
    64  
    65  print-cookie() {
    66    if [[ "$#" != 4 ]]; then
    67      echo "Usage: print-cookie <HOST> <IS_DOT> <EXPIRES_EPOCH> <TOKEN>" >&2
    68      return 1
    69    fi
    70    host="$1"
    71    dot="$2"
    72    exp="$3"
    73    tok="$4"
    74    for part in "$host" "$dot" / TRUE "$exp" o; do
    75      echo -n ${part}$'\t' # apparently $'\t' is tab
    76    done
    77    echo "$tok"
    78  }
    79  
    80  
    81  while true; do
    82    token=$(print-token)
    83    # TODO(fejta): parse credential.token_expiry, wait until shortly before then.
    84    expire=$(expr 60 \* 60 + $(date +%s))
    85    echo -n "token expires at "
    86    date -d "@$expire"
    87    print-cookie .googlesource.com TRUE "$expire" "$token" > cookies
    88    print-cookie source.developers.google.com FALSE "$expire" "$token" >> cookies
    89    echo -n "cookies hash: "
    90    md5sum cookies
    91  
    92    kubectl create secret generic "$name" --from-file=cookies --dry-run -o yaml > secret.yaml
    93    if ! kubectl get -f secret.yaml; then
    94      verb=create
    95    else
    96      verb=replace
    97    fi
    98    kubectl "$verb" -f secret.yaml
    99    echo "successfully updated token, sleeping for $duration..."
   100    sleep "$duration"
   101  done