Add a new tool to export existing credentials to files that enhance compatibility with CSP CLI or TF

[seokho-son]

• CB-Tumblebug 및 CB-Spider 에서 CSP API 활용을 위한 크레덴셜 처리 방법이 AWS CLI 등 각 CSP 별 CLI/SDK, OpenTF 등의 인증방식과 상이하여, 상호 운용성이 낮은 불편함이 있습니다.

• 현재 PoC로 OpenTF를 통한 리소스 확장 테스트가 진행되고 있습니다.

• OpenTF 연동 PoC 지원을 위해서,

• 현재 CB-TB의 Credential 파일을 추출하여, OpenTF에서 활용 가능한 Credential 정보로 쿠킹하는 Bash Shell Script를 추가합니다.

• 아울러, Credential 템플릿을 개선하였습니다.

  • 기존 GCP credential 템플릿에서는 client_id, private_key_id 항목이 없었으나, OpenTF에서 활용하는 application credential json 파일을 구성하기 위해서는 해당 항목이 필요하여, CB-TB에서도 이를 명시적으로 기입하게 하고자 합니다.

실행 예시

son@son:~/go/src/github.com/cloud-barista/cb-tumblebug$ ./scripts/exportCredentials.sh

Credential Exporter Script
This script exports credential files based on the provided config from
/home/son/go/src/github.com/cloud-barista/cb-tumblebug/conf/credentials.conf

It generates credentials in a format that can be directly used with CSP CLI/Terraform/OpenTofu, facilitating cloud resource management.

Export credentials. Do you want to proceed ? (y/n) : y

AWS Credential

[default]
aws_access_key_id=AKI---
aws_secret_access_key=jrcy9---

GCP Credential

{
"type": "service_account",
"project_id": "se--",
"private_key_id": "f89--",
"private_key": "-----BEGIN PRIVAT--iH0ew=\n-----END PRIVATE KEY-----\n",
"client_email": "549577807--nt.com",
"client_id": "10913-5916",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/",
"universe_domain": "googleapis.com"
}

Azure Credential

client_id=0d91165-d8c4
client_secret=mht8-~96GROZ-
tenant_id=fb-a1-32f-
subscription_id=a20-ed83-96bd-

Credential files have been successfully generated and saved to: /home/son/go/src/github.com/cloud-barista/cb-tumblebug/conf/.credtmp
/home/son/go/src/github.com/cloud-barista/cb-tumblebug/conf/.credtmp/aws_credential
/home/son/go/src/github.com/cloud-barista/cb-tumblebug/conf/.credtmp/gcp_credential
/home/son/go/src/github.com/cloud-barista/cb-tumblebug/conf/.credtmp/azure_credential

========================================================================
Guide to Using Generated Credential Files with Terraform/OpenTofu

Terraform/OpenTofu and AWS Credentials:

For Terraform/OpenTofu to use AWS credentials, set the credentials file in the default location (~/.aws/credentials) or specify the file path in your Terraform/OpenTofu configurations.
Command example:
cp "/home/son/go/src/github.com/cloud-barista/cb-tumblebug/conf/.credtmp/aws_credential" ~/.aws/credentials

Terraform/OpenTofu and GCP Credentials:

For Terraform/OpenTofu to authenticate with GCP, set the GOOGLE_APPLICATION_CREDENTIALS environment variable to your GCP credentials JSON file.
Command example:
export GOOGLE_APPLICATION_CREDENTIALS="/home/son/go/src/github.com/cloud-barista/cb-tumblebug/conf/.credtmp/gcp_credential.json"

Terraform/OpenTofu and Azure Credentials:

Terraform/OpenTofu can authenticate with Azure using a service principal or Azure CLI.
Command examples:
export ARM_CLIENT_ID="0d911653-c5"
export ARM_CLIENT_SECRET="m-~_crT"
export ARM_TENANT_ID="fb-8"
export ARM_SUBSCRIPTION_ID="a20fed83-7c3a"

========================================================================

Note: Secure your credential files and avoid exposing sensitive information in your Terraform/OpenTofu configurations or scripts.
son@son:~/go/src/github.com/cloud-barista/cb-tumblebug$

[seokho-son]

• ref: OpenTofu TF PoC integration #1439

[seokho-son]

PTAL: @yunkon-kim

[yunkon-kim]

@seokho-son LGTM!

[yunkon-kim]

/approve