From efe9dcf50f0690d2b2e090f5ce42fd7acd768e0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Tue, 19 Jul 2022 11:45:29 -0300 Subject: [PATCH 1/8] feat: remove environment variables requirement, set values via command line MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- README.md | 11 ----------- cmd/info.go | 4 ---- cmd/init.go | 7 +++++++ configs/config.go | 8 ++++++++ configs/envvars.go | 27 --------------------------- docker-compose.yaml | 2 -- internal/aws/aws.go | 21 +++++++++++++++------ 7 files changed, 30 insertions(+), 50 deletions(-) delete mode 100755 configs/envvars.go diff --git a/README.md b/README.md index dd4d4f69a..f103f1ad2 100644 --- a/README.md +++ b/README.md @@ -11,17 +11,6 @@ GitOps integration, secrets management, production and development Kubernetes en - [Destroy](#destroy) - [Available Commands]() -## Setup - -The setup is extremely simple, create a `.env` file in the root folder, and add the following variables: - -| Variable | example | -|--------------------|------------------| -| AWS_PROFILE | default | -| CLOUD_PROVIDER=aws | aws | -| HOSTED_ZONE_NAME | example.com | -| ADMIN_EMAIL | john@example.com | - ## Start the container We run everything on isolation with Docker, for that, start the container with: diff --git a/cmd/info.go b/cmd/info.go index 443954e6c..5702531fb 100755 --- a/cmd/info.go +++ b/cmd/info.go @@ -44,10 +44,6 @@ var infoCmd = &cobra.Command{ if err != nil { log.Panic(err) } - err = configs.CheckEnvironment() - if err != nil { - log.Panic(err) - } fmt.Printf("----------- \n") fmt.Println(reports.StyleMessage(infoSummary.String())) diff --git a/cmd/init.go b/cmd/init.go index b46a6eda0..07810d806 100644 --- a/cmd/init.go +++ b/cmd/init.go @@ -211,6 +211,13 @@ func init() { if err != nil { log.Panic(err) } + + initCmd.Flags().String("profile", "", "the profile to provision the cloud resources in") + err = initCmd.MarkFlagRequired("profile") + if err != nil { + log.Panic(err) + } + initCmd.Flags().Bool("clean", false, "delete any local kubefirst content ~/.kubefirst, ~/.k1") log.SetPrefix("LOG: ") diff --git a/configs/config.go b/configs/config.go index 471d0a6b4..69f9b9b82 100644 --- a/configs/config.go +++ b/configs/config.go @@ -75,5 +75,13 @@ func ReadConfig() *Config { config.InstallerEmail = "kubefirst-bot@kubefirst.com" + // If the AWS_SDK_LOAD_CONFIG environment variable is set to a truthy value the shared config file (~/.aws/config) + // will also be loaded in addition to the shared credentials file (~/.aws/credentials). + // AWS SDK client will take it in advance + err = os.Setenv("AWS_SDK_LOAD_CONFIG", "1") + if err != nil { + log.Panicf("unable to set AWS_SDK_LOAD_CONFIG enviroment value, error is: %v", err) + } + return &config } diff --git a/configs/envvars.go b/configs/envvars.go deleted file mode 100755 index f486b7603..000000000 --- a/configs/envvars.go +++ /dev/null @@ -1,27 +0,0 @@ -package configs - -import ( - "fmt" - "log" - "os" -) - -// CheckEnvironment validate if the required environment variable values are set. -func CheckEnvironment() error { - - requiredEnvValues := map[string]string{ - "AWS_PROFILE": os.Getenv("AWS_PROFILE"), - } - - for k, v := range requiredEnvValues { - if v == "" { - errorMsg := fmt.Sprintf("%s is not set", k) - log.Printf(errorMsg) - return fmt.Errorf(errorMsg) - } - } - - log.Println("all environment variables are set") - - return nil -} diff --git a/docker-compose.yaml b/docker-compose.yaml index 55ea902e3..befbca0f0 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -15,6 +15,4 @@ services: - "8200:8200" # Vault volumes: - ./:/home/developer/kubefirst - env_file: - - .env command: sh -c "./scripts/kubefirst-dev.sh" diff --git a/internal/aws/aws.go b/internal/aws/aws.go index a8b4b8f46..580866067 100644 --- a/internal/aws/aws.go +++ b/internal/aws/aws.go @@ -16,6 +16,7 @@ import ( "github.com/aws/aws-sdk-go-v2/service/sts" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/credentials/stscreds" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/s3" "github.com/cip8/autoname" @@ -311,12 +312,20 @@ func DestroyBucket(bucketName string) { } func GetAWSSession() *session.Session { - sess, err := session.NewSession(&aws.Config{ - Region: aws.String(viper.GetString("aws.region"))}, - ) - if err != nil { - log.Panicf("failed to get session ", err.Error()) - } + //sess, err := session.NewSession(&aws.Config{ + // Region: aws.String(viper.GetString("aws.region"))}, + //) + sess := session.Must(session.NewSessionWithOptions(session.Options{ + Config: aws.Config{ + Region: aws.String(viper.GetString("aws.region")), + }, + Profile: viper.GetString("aws.profile"), + + AssumeRoleTokenProvider: stscreds.StdinTokenProvider, + })) + //if err != nil { + // log.Panicf("failed to get session ", err.Error()) + //} return sess } From eed1ce40c77b30629f0c2e2a055038a8ad0d3396 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Tue, 19 Jul 2022 12:03:15 -0300 Subject: [PATCH 2/8] chore: add profile flag MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- cmd/init.go | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/cmd/init.go b/cmd/init.go index 07810d806..5077f3caf 100644 --- a/cmd/init.go +++ b/cmd/init.go @@ -77,9 +77,11 @@ to quickly create a Cobra application.`, log.Println("adminEmail:", adminEmail) viper.Set("adminemail", adminEmail) - // region - // name of the cloud region to provision resources when resources are region-specific - region, _ := cmd.Flags().GetString("region") + // set region + region, err := cmd.Flags().GetString("region") + if err != nil { + log.Panicf("unable to get region values from viper") + } viper.Set("aws.region", region) // propagate it to local environment err = os.Setenv("AWS_REGION", region) @@ -88,6 +90,19 @@ to quickly create a Cobra application.`, } log.Println("region:", region) + // set profile + profile, err := cmd.Flags().GetString("profile") + if err != nil { + log.Panicf("unable to get region values from viper") + } + viper.Set("aws.profile", profile) + // propagate it to local environment + err = os.Setenv("AWS_PROFILE", profile) + if err != nil { + log.Panicf("unable to set environment variable AWS_PROFILE, error is: %v", err) + } + log.Println("profile:", profile) + // cluster name clusterName, err := cmd.Flags().GetString("cluster-name") if err != nil { From 46dc3bc5095c0d99175f1c89c398db51ade0795d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Wed, 20 Jul 2022 14:18:31 -0300 Subject: [PATCH 3/8] feat: add assume role feature MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- cmd/info.go | 1 - cmd/init.go | 22 ++++++++++++-- internal/aws/aws.go | 71 +++++++++++++++++++++++++++++++++++---------- 3 files changed, 76 insertions(+), 18 deletions(-) diff --git a/cmd/info.go b/cmd/info.go index 5702531fb..7d861da8d 100755 --- a/cmd/info.go +++ b/cmd/info.go @@ -44,7 +44,6 @@ var infoCmd = &cobra.Command{ if err != nil { log.Panic(err) } - fmt.Printf("----------- \n") fmt.Println(reports.StyleMessage(infoSummary.String())) }, diff --git a/cmd/init.go b/cmd/init.go index 5077f3caf..2b4482684 100644 --- a/cmd/init.go +++ b/cmd/init.go @@ -1,6 +1,7 @@ package cmd import ( + "fmt" "log" "os" "strings" @@ -33,9 +34,23 @@ to quickly create a Cobra application.`, if err != nil { log.Panic(err) } - log.Println("dry run enabled:", dryRun) + arnRole, err := cmd.Flags().GetString("aws-assume-role") + if err != nil { + log.Println("unable to use the provided AWS IAM role for AssumeRole feature") + return + } + fmt.Println(os.Getenv("AWS_ACCESS_KEY_ID")) + if len(arnRole) > 0 { + log.Println("calling assume role") + err := aws.AssumeRole(arnRole) + if err != nil { + log.Println(err) + return + } + } + pkg.SetupProgress(10) trackers := pkg.GetTrackers() trackers[pkg.DownloadDependencies] = &pkg.ActionTracker{Tracker: pkg.CreateTracker(pkg.DownloadDependencies, 3)} @@ -227,7 +242,7 @@ func init() { log.Panic(err) } - initCmd.Flags().String("profile", "", "the profile to provision the cloud resources in") + initCmd.Flags().String("profile", "", "the profile to provision the cloud resources in. The profile data is collected from ~/aws/config") err = initCmd.MarkFlagRequired("profile") if err != nil { log.Panic(err) @@ -243,4 +258,7 @@ func init() { initCmd.Flags().String("cluster-name", "kubefirst", "the cluster name, used to identify resources on cloud provider") initCmd.Flags().String("version-gitops", "main", "version/branch used on git clone") + + // AWS assume role + initCmd.Flags().String("aws-assume-role", "", "instead of using AWS IAM user credentials, AWS AssumeRole feature generate role based credentials, more at https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html") } diff --git a/internal/aws/aws.go b/internal/aws/aws.go index 580866067..07e76491e 100644 --- a/internal/aws/aws.go +++ b/internal/aws/aws.go @@ -1,5 +1,7 @@ package aws +// todo: refactor is necessary to use AWS SDK v2 only + import ( "context" "fmt" @@ -16,10 +18,11 @@ import ( "github.com/aws/aws-sdk-go-v2/service/sts" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" - "github.com/aws/aws-sdk-go/aws/credentials/stscreds" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/s3" + stsV1 "github.com/aws/aws-sdk-go/service/sts" "github.com/cip8/autoname" + "github.com/google/uuid" "github.com/kubefirst/kubefirst/pkg" "github.com/spf13/viper" ) @@ -312,20 +315,13 @@ func DestroyBucket(bucketName string) { } func GetAWSSession() *session.Session { - //sess, err := session.NewSession(&aws.Config{ - // Region: aws.String(viper.GetString("aws.region"))}, - //) - sess := session.Must(session.NewSessionWithOptions(session.Options{ - Config: aws.Config{ - Region: aws.String(viper.GetString("aws.region")), - }, - Profile: viper.GetString("aws.profile"), - - AssumeRoleTokenProvider: stscreds.StdinTokenProvider, - })) - //if err != nil { - // log.Panicf("failed to get session ", err.Error()) - //} + sess, err := session.NewSession(&aws.Config{ + Region: aws.String(viper.GetString("aws.region"))}, + ) + if err != nil { + log.Panicf("failed to get session %s", err.Error()) + } + return sess } @@ -339,3 +335,48 @@ func DestroyBucketsInUse(destroyBuckets bool) { log.Println("Skip: DestroyBucketsInUse") } } + +// AssumeRole receives a AWS IAM Role, and instead of using regular AWS credentials, it generates new AWS credentials +// based on the provided role. New AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN are provided. The +// new AWS credentials has expiration time set. +func AssumeRole(roleArn string) error { + + sess := GetAWSSession() + + svc := stsV1.New(sess) + + // Use the role session name to uniquely identify a session when the same role is assumed by different principals + // or for different reasons. + roleSessionName, err := uuid.NewUUID() + if err != nil { + log.Println(err) + return err + } + + assumeRoleInput := stsV1.AssumeRoleInput{ + RoleArn: aws.String(roleArn), + RoleSessionName: aws.String(roleSessionName.String()), + DurationSeconds: aws.Int64(60 * 60 * 1), + } + + result, err := svc.AssumeRole(&assumeRoleInput) + if err != nil { + fmt.Printf("unable to assume role, %v\n", err) + return err + } + + // update AWS keys + if err := os.Setenv("AWS_ACCESS_KEY_ID", *result.Credentials.AccessKeyId); err != nil { + fmt.Printf("unable to set AWS_ACCESS_KEY_ID environment variable. Err: %v", err) + } + + if err := os.Setenv("AWS_SECRET_ACCESS_KEY", *result.Credentials.SecretAccessKey); err != nil { + fmt.Printf("unable to set AWS_SECRET_ACCESS_KEY environment variable. Err: %v", err) + } + + if err := os.Setenv("AWS_SESSION_TOKEN", *result.Credentials.SessionToken); err != nil { + fmt.Printf("unable to set AWS_SESSION_TOKEN environment variable. Err: %v", err) + } + + return nil +} From ebeeda87cad4b54fdaa6f6e43ec28a06d3da3349 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Wed, 20 Jul 2022 14:20:56 -0300 Subject: [PATCH 4/8] chore: clean up MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- internal/gitlab/gitlab.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/internal/gitlab/gitlab.go b/internal/gitlab/gitlab.go index 5de804324..e737f6dc9 100644 --- a/internal/gitlab/gitlab.go +++ b/internal/gitlab/gitlab.go @@ -246,10 +246,7 @@ func ApplyGitlabTerraform(dryRun bool, directory string) { log.Printf("[#99] Dry-run mode, applyGitlabTerraform skipped.") return } - //* AWS_SDK_LOAD_CONFIG=1 - //* https://registry.terraform.io/providers/hashicorp/aws/2.34.0/docs#shared-credentials-file envs := map[string]string{} - envs["AWS_SDK_LOAD_CONFIG"] = "1" envs["AWS_PROFILE"] = config.AwsProfile // Prepare for terraform gitlab execution envs["GITLAB_TOKEN"] = viper.GetString("gitlab.token") @@ -288,8 +285,6 @@ func GitlabKeyUpload(dryRun bool) { return } - os.Setenv("AWS_SDK_LOAD_CONFIG", "1") - log.Println("uploading ssh public key to gitlab") gitlabToken := viper.GetString("gitlab.token") data := url.Values{ From 19808c55fbeb03b8a7840e771ee31b5f3155cfe6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Wed, 20 Jul 2022 14:22:29 -0300 Subject: [PATCH 5/8] chore: clean up MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f103f1ad2..2735172be 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ Some process requires previous initialization, for that, run: ```bash mkdir -p ~/.kubefirst -go run . init --admin-email $ADMIN_EMAIL --cloud $CLOUD_PROVIDER --hosted-zone-name $HOSTED_ZONE_NAME --region $AWS_REGION +go run . init --admin-email email@example.com --cloud aws --hosted-zone-name example.com --region eu-central-1 --profile default ``` ## Creation From efc8dd9432bf741223d93907cc1e1ea47a60bc27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Wed, 20 Jul 2022 14:26:26 -0300 Subject: [PATCH 6/8] feat: add assume role feature for destroy command MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- cmd/destroy.go | 19 +++++++++++++++++++ cmd/init.go | 4 ++-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/cmd/destroy.go b/cmd/destroy.go index 24f83cdb2..581423f26 100644 --- a/cmd/destroy.go +++ b/cmd/destroy.go @@ -44,6 +44,22 @@ if the registry has already been deleted.`, log.Panic(err) } + arnRole, err := cmd.Flags().GetString("aws-assume-role") + if err != nil { + log.Println("unable to use the provided AWS IAM role for AssumeRole feature") + return + } + + if len(arnRole) > 0 { + log.Println("calling assume role") + err := aws.AssumeRole(arnRole) + if err != nil { + log.Println(err) + return + } + log.Printf("assuming new AWS credentials based on role %q", arnRole) + } + var kPortForwardOutb, kPortForwardErrb bytes.Buffer kPortForward := exec.Command(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "gitlab", "port-forward", "svc/gitlab-webservice-default", "8888:8080") kPortForward.Stdout = &kPortForwardOutb @@ -114,4 +130,7 @@ func init() { destroyCmd.Flags().Bool("skip-delete-register", false, "whether to skip deletion of register application ") destroyCmd.Flags().Bool("skip-base-terraform", false, "whether to skip the terraform destroy against base install - note: if you already deleted registry it doesnt exist") destroyCmd.Flags().Bool("destroy-buckets", false, "remove created aws buckets, not empty buckets are not cleaned") + + // AWS assume role + destroyCmd.Flags().String("aws-assume-role", "", "instead of using AWS IAM user credentials, AWS AssumeRole feature generate role based credentials, more at https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html") } diff --git a/cmd/init.go b/cmd/init.go index 2b4482684..f539f2d5a 100644 --- a/cmd/init.go +++ b/cmd/init.go @@ -1,7 +1,6 @@ package cmd import ( - "fmt" "log" "os" "strings" @@ -41,7 +40,7 @@ to quickly create a Cobra application.`, log.Println("unable to use the provided AWS IAM role for AssumeRole feature") return } - fmt.Println(os.Getenv("AWS_ACCESS_KEY_ID")) + if len(arnRole) > 0 { log.Println("calling assume role") err := aws.AssumeRole(arnRole) @@ -49,6 +48,7 @@ to quickly create a Cobra application.`, log.Println(err) return } + log.Printf("assuming new AWS credentials based on role %q", arnRole) } pkg.SetupProgress(10) From 7b8044a0e33c068a3b17457c379f081367b714f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Wed, 20 Jul 2022 14:33:31 -0300 Subject: [PATCH 7/8] chore: clean up MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- cmd/create.go | 20 ++++++++++++++++++++ cmd/destroy.go | 21 +++++++++++++++++++++ cmd/init.go | 2 +- 3 files changed, 42 insertions(+), 1 deletion(-) diff --git a/cmd/create.go b/cmd/create.go index 2482e42c6..054f47331 100644 --- a/cmd/create.go +++ b/cmd/create.go @@ -4,6 +4,7 @@ import ( "bytes" "fmt" "log" + "os" "os/exec" "syscall" "time" @@ -54,6 +55,19 @@ to quickly create a Cobra application.`, log.Panic(err) } + // set profile + profile, err := cmd.Flags().GetString("profile") + if err != nil { + log.Panicf("unable to get region values from viper") + } + viper.Set("aws.profile", profile) + // propagate it to local environment + err = os.Setenv("AWS_PROFILE", profile) + if err != nil { + log.Panicf("unable to set environment variable AWS_PROFILE, error is: %v", err) + } + log.Println("profile:", profile) + infoCmd.Run(cmd, args) progressPrinter.IncrementTracker("step-0", 1) @@ -395,6 +409,12 @@ func init() { createCmd.Flags().Bool("skip-gitlab", false, "Skip GitLab lab install and vault setup") createCmd.Flags().Bool("skip-vault", false, "Skip post-gitClient lab install and vault setup") + initCmd.Flags().String("profile", "", "the profile to provision the cloud resources in. The profile data is collected from ~/.aws/config") + err := initCmd.MarkFlagRequired("profile") + if err != nil { + log.Panic(err) + } + progressPrinter.GetInstance() progressPrinter.SetupProgress(4) } diff --git a/cmd/destroy.go b/cmd/destroy.go index 581423f26..b1fb615de 100644 --- a/cmd/destroy.go +++ b/cmd/destroy.go @@ -9,7 +9,9 @@ import ( "github.com/kubefirst/kubefirst/internal/k8s" "github.com/kubefirst/kubefirst/internal/terraform" "github.com/spf13/cobra" + "github.com/spf13/viper" "log" + "os" "os/exec" "syscall" ) @@ -44,6 +46,19 @@ if the registry has already been deleted.`, log.Panic(err) } + // set profile + profile, err := cmd.Flags().GetString("profile") + if err != nil { + log.Panicf("unable to get region values from viper") + } + viper.Set("aws.profile", profile) + // propagate it to local environment + err = os.Setenv("AWS_PROFILE", profile) + if err != nil { + log.Panicf("unable to set environment variable AWS_PROFILE, error is: %v", err) + } + log.Println("profile:", profile) + arnRole, err := cmd.Flags().GetString("aws-assume-role") if err != nil { log.Println("unable to use the provided AWS IAM role for AssumeRole feature") @@ -131,6 +146,12 @@ func init() { destroyCmd.Flags().Bool("skip-base-terraform", false, "whether to skip the terraform destroy against base install - note: if you already deleted registry it doesnt exist") destroyCmd.Flags().Bool("destroy-buckets", false, "remove created aws buckets, not empty buckets are not cleaned") + initCmd.Flags().String("profile", "", "the profile to provision the cloud resources in. The profile data is collected from ~/.aws/config") + err := initCmd.MarkFlagRequired("profile") + if err != nil { + log.Panic(err) + } + // AWS assume role destroyCmd.Flags().String("aws-assume-role", "", "instead of using AWS IAM user credentials, AWS AssumeRole feature generate role based credentials, more at https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html") } diff --git a/cmd/init.go b/cmd/init.go index f539f2d5a..6f46d5fb2 100644 --- a/cmd/init.go +++ b/cmd/init.go @@ -242,7 +242,7 @@ func init() { log.Panic(err) } - initCmd.Flags().String("profile", "", "the profile to provision the cloud resources in. The profile data is collected from ~/aws/config") + initCmd.Flags().String("profile", "", "the profile to provision the cloud resources in. The profile data is collected from ~/.aws/config") err = initCmd.MarkFlagRequired("profile") if err != nil { log.Panic(err) From 7a670d37be6600562b8a36852008eb4fa5453b3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Tue, 9 Aug 2022 23:17:46 -0300 Subject: [PATCH 8/8] chore: fix merge conflicts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- cmd/create.go | 25 ------------------------- cmd/destroy.go | 44 +++++--------------------------------------- cmd/init.go | 7 ------- 3 files changed, 5 insertions(+), 71 deletions(-) diff --git a/cmd/create.go b/cmd/create.go index 5b5f278b1..5fddc9890 100644 --- a/cmd/create.go +++ b/cmd/create.go @@ -5,7 +5,6 @@ import ( "crypto/tls" "fmt" "log" - "os" "net/http" "os/exec" "syscall" @@ -64,19 +63,6 @@ to quickly create a Cobra application.`, log.Panic(err) } - // set profile - profile, err := cmd.Flags().GetString("profile") - if err != nil { - log.Panicf("unable to get region values from viper") - } - viper.Set("aws.profile", profile) - // propagate it to local environment - err = os.Setenv("AWS_PROFILE", profile) - if err != nil { - log.Panicf("unable to set environment variable AWS_PROFILE, error is: %v", err) - } - log.Println("profile:", profile) - infoCmd.Run(cmd, args) progressPrinter.IncrementTracker("step-0", 1) @@ -392,9 +378,6 @@ to quickly create a Cobra application.`, progressPrinter.IncrementTracker("step-vault-be", 1) } - - - sendCompleteInstallTelemetry(dryRun, useTelemetry) time.Sleep(time.Millisecond * 100) @@ -446,12 +429,4 @@ func init() { createCmd.Flags().Bool("skip-vault", false, "Skip post-gitClient lab install and vault setup") createCmd.Flags().Bool("use-telemetry", true, "installer will not send telemetry about this installation") - initCmd.Flags().String("profile", "", "the profile to provision the cloud resources in. The profile data is collected from ~/.aws/config") - err := initCmd.MarkFlagRequired("profile") - if err != nil { - log.Panic(err) - } - - progressPrinter.GetInstance() - progressPrinter.SetupProgress(4) } diff --git a/cmd/destroy.go b/cmd/destroy.go index 1dd1085e6..b9034f6c7 100644 --- a/cmd/destroy.go +++ b/cmd/destroy.go @@ -3,17 +3,16 @@ package cmd import ( "bytes" "fmt" - "log" - "os/exec" - "syscall" - "time" - "github.com/kubefirst/kubefirst/configs" "github.com/kubefirst/kubefirst/internal/gitlab" "github.com/kubefirst/kubefirst/internal/k8s" "github.com/kubefirst/kubefirst/internal/progressPrinter" "github.com/kubefirst/kubefirst/internal/terraform" "github.com/spf13/cobra" + "log" + "os/exec" + "syscall" + "time" ) // destroyCmd represents the destroy command @@ -43,40 +42,11 @@ if the registry has already been deleted.`, if err != nil { log.Panic(err) } - destroyBuckets, err := cmd.Flags().GetBool("destroy-buckets") + dryRun, err := cmd.Flags().GetBool("dry-run") if err != nil { log.Panic(err) } - // set profile - profile, err := cmd.Flags().GetString("profile") - if err != nil { - log.Panicf("unable to get region values from viper") - } - viper.Set("aws.profile", profile) - // propagate it to local environment - err = os.Setenv("AWS_PROFILE", profile) - if err != nil { - log.Panicf("unable to set environment variable AWS_PROFILE, error is: %v", err) - } - log.Println("profile:", profile) - - arnRole, err := cmd.Flags().GetString("aws-assume-role") - if err != nil { - log.Println("unable to use the provided AWS IAM role for AssumeRole feature") - return - } - - if len(arnRole) > 0 { - log.Println("calling assume role") - err := aws.AssumeRole(arnRole) - if err != nil { - log.Println(err) - return - } - log.Printf("assuming new AWS credentials based on role %q", arnRole) - } - if dryRun { skipGitlabTerraform = true skipDeleteRegistryApplication = true @@ -170,9 +140,5 @@ func init() { destroyCmd.Flags().Bool("skip-gitlab-terraform", false, "whether to skip the terraform destroy against gitlab - note: if you already deleted registry it doesnt exist") destroyCmd.Flags().Bool("skip-delete-register", false, "whether to skip deletion of register application ") destroyCmd.Flags().Bool("skip-base-terraform", false, "whether to skip the terraform destroy against base install - note: if you already deleted registry it doesnt exist") - destroyCmd.Flags().Bool("destroy-buckets", false, "remove created aws buckets, not empty buckets are not cleaned") destroyCmd.Flags().Bool("dry-run", false, "set to dry-run mode, no changes done on cloud provider selected") - - // AWS assume role - destroyCmd.Flags().String("aws-assume-role", "", "instead of using AWS IAM user credentials, AWS AssumeRole feature generate role based credentials, more at https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html") } diff --git a/cmd/init.go b/cmd/init.go index e69a08925..e2dfc7e0c 100644 --- a/cmd/init.go +++ b/cmd/init.go @@ -271,13 +271,6 @@ func init() { log.Panic(err) } - initCmd.Flags().String("profile", "", "the profile to provision the cloud resources in. The profile data is collected from ~/.aws/config") - err = initCmd.MarkFlagRequired("profile") - if err != nil { - log.Panic(err) - } - - initCmd.Flags().String("profile", "default", "AWS profile located at ~/.aws/config") err = initCmd.MarkFlagRequired("profile") if err != nil {