diff --git a/conf/template.credentials.conf b/conf/template.credentials.conf index ea899f5a4..297768e18 100644 --- a/conf/template.credentials.conf +++ b/conf/template.credentials.conf @@ -1,47 +1,70 @@ ### Cloud API Credentials ## AWS -CredentialName[$IndexAWS]=aws-credential01 +# ClientId(aws_access_key_id) +# ex: AKIASSSSSSSSSSS56DJH CredentialKey01[$IndexAWS]=ClientId CredentialVal01[$IndexAWS]= -#xxxxxxxxxxxxxxxxxxxxx + +# ClientSecret(aws_secret_access_key) +# ex: jrcy9y0Psejjfeosifj3/yxYcgadklwihjdljMIQ0 CredentialKey02[$IndexAWS]=ClientSecret CredentialVal02[$IndexAWS]= -#fsfdlkfjselSDfjlejklsj/LFJSDLKfjleJKLDJ0 ## Azure CredentialName[$IndexAzure]=azure-credential01 + +# ClientId(client_id): Client ID +# ex:2df8b-4c35-4bak-a23c-ckf05a54a824 CredentialKey01[$IndexAzure]=ClientId CredentialVal01[$IndexAzure]= -#2157868b-4c35-4bak-a23c-ckf05a54a824 +# ClientSecret(client_secret): Client Secret +# ex:213r868b-4c35-426vi-.VDEkf05a54aGq~_crT CredentialKey02[$IndexAzure]=ClientSecret CredentialVal02[$IndexAzure]= -#2157868b-4c35-4bak-a23c-ckf05a54a824 +# TenantId(tenant_id): Tenant ID +# ex:21e7868b-4c35-4bak-a23c-ckf05a54a824 CredentialKey03[$IndexAzure]=TenantId CredentialVal03[$IndexAzure]= -#2157868b-4c35-4bak-a23c-ckf05a54a824 +# SubscriptionId(subscription_id): Subscription ID +# ex:2dvdveb-4c35-4bak-a23c-ckf05a54a824 CredentialKey04[$IndexAzure]=SubscriptionId CredentialVal04[$IndexAzure]= -#2157868b-4c35-4bak-a23c-ckf05a54a824 ## GCP CredentialName[$IndexGCP]=gcp-credential01 -CredentialKey01[$IndexGCP]=ClientEmail + +# ProjectID(project_id): Project ID of the service account +# ex: cloud-barista +CredentialKey01[$IndexGCP]=ProjectID CredentialVal01[$IndexGCP]= -#1234567890-compute@developer.gserviceaccount.com -CredentialKey02[$IndexGCP]=ProjectID +# client_id: OAuth 2 Client ID (or Unique ID) of the service account +# https://console.cloud.google.com/iam-admin/serviceaccounts +# ex: 107777777600845725910 +CredentialKey02[$IndexGCP]=client_id CredentialVal02[$IndexGCP]= -#etri-test-266608 -CredentialKey03[$IndexGCP]=PrivateKey +# ClientEmail(client_email): Client Email of the service account +# https://console.cloud.google.com/iam-admin/serviceaccounts/details/${client_id}/keys?authuser=1&project=${ProjectID}&supportedpurview=project +# ex: user01@cloud-barista.com +CredentialKey03[$IndexGCP]=ClientEmail CredentialVal03[$IndexGCP]= -#'-----BEGIN PRIVATE KEY-----\n................\n-----END PRIVATE KEY-----\n' + +# private_key_id: One of Private Key IDs of the service account +# ex: f89f5asfsesefsefsfefes0se0fse0f00ef565e33 +CredentialKey04[$IndexGCP]=private_key_id +CredentialVal04[$IndexGCP]= + +# PrivateKey(private_key): Private Key of the Private Key ID of the service account (need to provide inlined format includeing \n characters. Include " ") +# ex: "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqh...iH0ew=\n-----END PRIVATE KEY-----\n" +CredentialKey05[$IndexGCP]=PrivateKey +CredentialVal05[$IndexGCP]="" ## IBM-VPC diff --git a/go.work.sum b/go.work.sum index 2940263b4..d77ef9f59 100644 --- a/go.work.sum +++ b/go.work.sum @@ -369,8 +369,13 @@ github.com/cloud-barista/cb-tumblebug/src v0.0.0-20230724172618-8f225d0127e8/go. github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f h1:JOrtw2xFKzlg+cbHpyrpLDmnN1HqhBfnX7WDiW7eG2c= +github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= github.com/go-ping/ping v1.1.0/go.mod h1:xIFjORFzTxqIV/tDVGO4eDy/bLuSyawEeojSm3GfRGk= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= +github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= +github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= +github.com/googleapis/google-cloud-go-testing v0.0.0-20210719221736-1c9a4c676720/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= @@ -385,15 +390,20 @@ github.com/labstack/echo v3.3.10+incompatible h1:pGRcYk231ExFAyoAjAfD85kQzRJCRI8 github.com/labstack/echo v3.3.10+incompatible/go.mod h1:0INS7j/VjnFxD4E2wkz67b8cVwCLbBmJyDaka6Cmk1s= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= +github.com/pkg/sftp v1.13.6/go.mod h1:tz1ryNURKu77RL+GuCzmoJYxQczL3wLNNpPWagdg4Qk= github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= +github.com/sagikazarmark/crypt v0.17.0/go.mod h1:SMtHTvdmsZMuY/bpZoqokSoChIrcJ/epOxZN58PbZDg= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/swaggo/files v0.0.0-20220728132757-551d4a08d97a h1:kAe4YSu0O0UFn1DowNo2MY5p6xzqtJ/wQ7LZynSvGaY= github.com/swaggo/files v0.0.0-20220728132757-551d4a08d97a/go.mod h1:lKJPbtWzJ9JhsTN1k1gZgleJWY/cqq0psdoMmaThG3w= github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= diff --git a/scripts/exportCredentials.sh b/scripts/exportCredentials.sh new file mode 100755 index 000000000..553f44090 --- /dev/null +++ b/scripts/exportCredentials.sh @@ -0,0 +1,156 @@ +#!/bin/bash + +if [ -z "$CBTUMBLEBUG_ROOT" ]; then + SCRIPT_DIR=$(dirname "${BASH_SOURCE[0]-$0}") + export CBTUMBLEBUG_ROOT=$(cd "$SCRIPT_DIR" && cd .. && pwd) +fi + +credentialDir="$CBTUMBLEBUG_ROOT/conf" +credentialFile="$credentialDir/credentials.conf" +saveTo="$credentialDir/.credtmp" + +# colors +RED='\033[0;31m' +GREEN='\033[0;32m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +echo -e "\n${GREEN}Credential Exporter Script${NC}" +echo -e "This script exports credential files based on the provided config from" +echo -e "${BLUE} $credentialFile ${NC}\n" +echo -e "It generates credentials in a format that can be directly used with CSP CLI/Terraform/OpenTofu, facilitating cloud resource management.\n" + + +printf "${BOLD}" +while true; do + read -p 'Export credentials. Do you want to proceed ? (y/n) : ' CHECKPROCEED + printf "${NC}" + case $CHECKPROCEED in + [Yy]* ) break;; + [Nn]* ) + printf "\nCancel [$0 $@]\nSee you soon. :)\n\n" + exit 1;; + * ) printf "Please answer yes or no.\n";; + esac +done + +mkdir -p "$saveTo" + + +aws_access_key_id="" +aws_secret_access_key="" + +gcp_project_id="" +gcp_client_id="" +gcp_client_email="" +gcp_private_key_id="" +gcp_private_key="" + +azure_client_id="" +azure_client_secret="" +azure_tenant_id="" +azure_subscription_id="" + +while IFS= read -r line; do + if [[ $line == *"AWS"* ]]; then + if [[ $line == *"Val01"* ]]; then + aws_access_key_id="${line#*=}" + elif [[ $line == *"Val02"* ]]; then + aws_secret_access_key="${line#*=}" + fi + elif [[ $line == *"GCP"* ]]; then + if [[ $line == *"Val01"* ]]; then + gcp_project_id="${line#*=}" + elif [[ $line == *"Val02"* ]]; then + gcp_client_id="${line#*=}" + elif [[ $line == *"Val03"* ]]; then + gcp_client_email="${line#*=}" + elif [[ $line == *"Val04"* ]]; then + gcp_private_key_id="${line#*=}" + elif [[ $line == *"Val05"* ]]; then + gcp_private_key="${line#*=}" + fi + elif [[ $line == *"Azure"* ]]; then + if [[ $line == *"Val01"* ]]; then + azure_client_id="${line#*=}" + elif [[ $line == *"Val02"* ]]; then + azure_client_secret="${line#*=}" + elif [[ $line == *"Val03"* ]]; then + azure_tenant_id="${line#*=}" + elif [[ $line == *"Val04"* ]]; then + azure_subscription_id="${line#*=}" + fi + fi +done < "$credentialFile" + + +{ + echo "[default]" + echo "aws_access_key_id=$aws_access_key_id" + echo "aws_secret_access_key=$aws_secret_access_key" +} > "$saveTo/aws_credential" + +cat > "$saveTo/gcp_credential.json" << EOF +{ + "type": "service_account", + "project_id": "$gcp_project_id", + "private_key_id": "$gcp_private_key_id", + "private_key": $gcp_private_key, + "client_email": "$gcp_client_email", + "client_id": "$gcp_client_id", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/${gcp_client_email//@/%40}", + "universe_domain": "googleapis.com" +} +EOF + +{ + echo "client_id=$azure_client_id" + echo "client_secret=$azure_client_secret" + echo "tenant_id=$azure_tenant_id" + echo "subscription_id=$azure_subscription_id" +} > "$saveTo/azure_credential" + + +echo -e "${GREEN}\n# AWS Credential${NC}" +cat "$saveTo/aws_credential" +echo -e "${GREEN}\n# GCP Credential${NC}" +cat "$saveTo/gcp_credential.json" +echo -e "${GREEN}\n# Azure Credential${NC}" +cat "$saveTo/azure_credential" + +echo -e "\n\n" +echo -e "${GREEN}\nCredential files have been successfully generated and saved to: ${BLUE}$saveTo${NC}" +echo -e "${BLUE} $saveTo/aws_credential${NC}" +echo -e "${BLUE} $saveTo/gcp_credential${NC}" +echo -e "${BLUE} $saveTo/azure_credential${NC}" + +echo -e "\n${RED}========================================================================" +echo -e "Guide to Using Generated Credential Files with Terraform/OpenTofu" +echo -e "========================================================================${NC}\n" + +echo -e "${GREEN}Terraform/OpenTofu and AWS Credentials:${NC}" +echo -e "---------------------------------------" +echo -e "For Terraform/OpenTofu to use AWS credentials, set the credentials file in the default location (~/.aws/credentials) or specify the file path in your Terraform/OpenTofu configurations." +echo -e "Command example:" +echo -e "${BLUE}cp \"$saveTo/aws_credential\" ~/.aws/credentials${NC}\n" + +echo -e "${GREEN}Terraform/OpenTofu and GCP Credentials:${NC}" +echo -e "---------------------------------------" +echo -e "For Terraform/OpenTofu to authenticate with GCP, set the GOOGLE_APPLICATION_CREDENTIALS environment variable to your GCP credentials JSON file." +echo -e "Command example:" +echo -e "${BLUE}export GOOGLE_APPLICATION_CREDENTIALS=\"$saveTo/gcp_credential.json\"${NC}\n" + +echo -e "${GREEN}Terraform/OpenTofu and Azure Credentials:${NC}" +echo -e "-----------------------------------------" +echo -e "Terraform/OpenTofu can authenticate with Azure using a service principal or Azure CLI." +echo -e "Command examples:" +echo -e "${BLUE}export ARM_CLIENT_ID=\"$azure_client_id\"${NC}" +echo -e "${BLUE}export ARM_CLIENT_SECRET=\"$azure_client_secret\"${NC}" +echo -e "${BLUE}export ARM_TENANT_ID=\"$azure_tenant_id\"${NC}" +echo -e "${BLUE}export ARM_SUBSCRIPTION_ID=\"$azure_subscription_id\"${NC}\n" + +echo -e "${RED}========================================================================${NC}\n" +echo -e "${GREEN}Note: Secure your credential files and avoid exposing sensitive information in your Terraform/OpenTofu configurations or scripts.${NC}"