cloud-barista · cb-github-robot · Feb 16, 2024 · Feb 16, 2024 · Feb 16, 2024
@@ -1,47 +1,70 @@
 ### Cloud API Credentials
 
 ## AWS
-CredentialName[$IndexAWS]=aws-credential01
+# ClientId(aws_access_key_id)
+# ex: AKIASSSSSSSSSSS56DJH
 CredentialKey01[$IndexAWS]=ClientId
 CredentialVal01[$IndexAWS]=
-#xxxxxxxxxxxxxxxxxxxxx
+
+# ClientSecret(aws_secret_access_key)
+# ex: jrcy9y0Psejjfeosifj3/yxYcgadklwihjdljMIQ0
 CredentialKey02[$IndexAWS]=ClientSecret
 CredentialVal02[$IndexAWS]=
-#fsfdlkfjselSDfjlejklsj/LFJSDLKfjleJKLDJ0
 
 
 ## Azure
 CredentialName[$IndexAzure]=azure-credential01
+
+# ClientId(client_id): Client ID
+# ex:2df8b-4c35-4bak-a23c-ckf05a54a824
 CredentialKey01[$IndexAzure]=ClientId
 CredentialVal01[$IndexAzure]=
-#2157868b-4c35-4bak-a23c-ckf05a54a824
 
+# ClientSecret(client_secret): Client Secret
+# ex:213r868b-4c35-426vi-.VDEkf05a54aGq~_crT
 CredentialKey02[$IndexAzure]=ClientSecret
 CredentialVal02[$IndexAzure]=
-#2157868b-4c35-4bak-a23c-ckf05a54a824
 
+# TenantId(tenant_id): Tenant ID
+# ex:21e7868b-4c35-4bak-a23c-ckf05a54a824
 CredentialKey03[$IndexAzure]=TenantId
 CredentialVal03[$IndexAzure]=
-#2157868b-4c35-4bak-a23c-ckf05a54a824
 
+# SubscriptionId(subscription_id): Subscription ID
+# ex:2dvdveb-4c35-4bak-a23c-ckf05a54a824
 CredentialKey04[$IndexAzure]=SubscriptionId
 CredentialVal04[$IndexAzure]=
-#2157868b-4c35-4bak-a23c-ckf05a54a824
 
 
 ## GCP
 CredentialName[$IndexGCP]=gcp-credential01
-CredentialKey01[$IndexGCP]=ClientEmail
+
+# ProjectID(project_id): Project ID of the service account
+# ex: cloud-barista
+CredentialKey01[$IndexGCP]=ProjectID
 CredentialVal01[$IndexGCP]=
-#[email protected]
 
-CredentialKey02[$IndexGCP]=ProjectID
+# client_id: OAuth 2 Client ID (or Unique ID) of the service account
+# https://console.cloud.google.com/iam-admin/serviceaccounts
+# ex: 107777777600845725910
+CredentialKey02[$IndexGCP]=client_id
 CredentialVal02[$IndexGCP]=
-#etri-test-266608
 
-CredentialKey03[$IndexGCP]=PrivateKey
+# ClientEmail(client_email): Client Email of the service account
+# https://console.cloud.google.com/iam-admin/serviceaccounts/details/${client_id}/keys?authuser=1&project=${ProjectID}&supportedpurview=project
+# ex: [email protected]
+CredentialKey03[$IndexGCP]=ClientEmail
 CredentialVal03[$IndexGCP]=
-#'-----BEGIN PRIVATE KEY-----\n................\n-----END PRIVATE KEY-----\n'
+
+# private_key_id: One of Private Key IDs of the service account
+# ex: f89f5asfsesefsefsfefes0se0fse0f00ef565e33
+CredentialKey04[$IndexGCP]=private_key_id
+CredentialVal04[$IndexGCP]=
+
+# PrivateKey(private_key): Private Key of the Private Key ID of the service account (need to provide inlined format includeing \n characters. Include " ")
+# ex: "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqh...iH0ew=\n-----END PRIVATE KEY-----\n"
+CredentialKey05[$IndexGCP]=PrivateKey
+CredentialVal05[$IndexGCP]=""
 
 
 ## IBM-VPC

@@ -369,8 +369,13 @@ github.com/cloud-barista/cb-tumblebug/src v0.0.0-20230724172618-8f225d0127e8/go.
 github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
 github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f h1:JOrtw2xFKzlg+cbHpyrpLDmnN1HqhBfnX7WDiW7eG2c=
+github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE=
 github.com/go-ping/ping v1.1.0/go.mod h1:xIFjORFzTxqIV/tDVGO4eDy/bLuSyawEeojSm3GfRGk=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
+github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
+github.com/googleapis/google-cloud-go-testing v0.0.0-20210719221736-1c9a4c676720/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
@@ -385,15 +390,20 @@ github.com/labstack/echo v3.3.10+incompatible h1:pGRcYk231ExFAyoAjAfD85kQzRJCRI8
 github.com/labstack/echo v3.3.10+incompatible/go.mod h1:0INS7j/VjnFxD4E2wkz67b8cVwCLbBmJyDaka6Cmk1s=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
+github.com/pkg/sftp v1.13.6/go.mod h1:tz1ryNURKu77RL+GuCzmoJYxQczL3wLNNpPWagdg4Qk=
 github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+github.com/sagikazarmark/crypt v0.17.0/go.mod h1:SMtHTvdmsZMuY/bpZoqokSoChIrcJ/epOxZN58PbZDg=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/swaggo/files v0.0.0-20220728132757-551d4a08d97a h1:kAe4YSu0O0UFn1DowNo2MY5p6xzqtJ/wQ7LZynSvGaY=
 github.com/swaggo/files v0.0.0-20220728132757-551d4a08d97a/go.mod h1:lKJPbtWzJ9JhsTN1k1gZgleJWY/cqq0psdoMmaThG3w=
 github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
 sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
@@ -0,0 +1,156 @@
+#!/bin/bash
+
+if [ -z "$CBTUMBLEBUG_ROOT" ]; then
+    SCRIPT_DIR=$(dirname "${BASH_SOURCE[0]-$0}")
+    export CBTUMBLEBUG_ROOT=$(cd "$SCRIPT_DIR" && cd .. && pwd)
+fi
+
+credentialDir="$CBTUMBLEBUG_ROOT/conf"
+credentialFile="$credentialDir/credentials.conf"
+saveTo="$credentialDir/.credtmp"
+
+# colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+echo -e "\n${GREEN}Credential Exporter Script${NC}"
+echo -e "This script exports credential files based on the provided config from"
+echo -e "${BLUE} $credentialFile ${NC}\n"
+echo -e "It generates credentials in a format that can be directly used with CSP CLI/Terraform/OpenTofu, facilitating cloud resource management.\n"
+
+
+printf "${BOLD}"
+while true; do
+    read -p 'Export credentials. Do you want to proceed ? (y/n) : ' CHECKPROCEED
+    printf "${NC}"
+    case $CHECKPROCEED in
+        [Yy]* ) break;;
+        [Nn]* ) 
+            printf "\nCancel [$0 $@]\nSee you soon. :)\n\n"
+            exit 1;;
+        * ) printf "Please answer yes or no.\n";;
+    esac
+done
+
+mkdir -p "$saveTo"
+
+
+aws_access_key_id=""
+aws_secret_access_key=""
+
+gcp_project_id=""
+gcp_client_id=""
+gcp_client_email=""
+gcp_private_key_id=""
+gcp_private_key=""
+
+azure_client_id=""
+azure_client_secret=""
+azure_tenant_id=""
+azure_subscription_id=""
+
+while IFS= read -r line; do
+    if [[ $line == *"AWS"* ]]; then
+        if [[ $line == *"Val01"* ]]; then
+            aws_access_key_id="${line#*=}"
+        elif [[ $line == *"Val02"* ]]; then
+            aws_secret_access_key="${line#*=}"
+        fi
+    elif [[ $line == *"GCP"* ]]; then
+        if [[ $line == *"Val01"* ]]; then
+            gcp_project_id="${line#*=}"
+        elif [[ $line == *"Val02"* ]]; then
+            gcp_client_id="${line#*=}"
+        elif [[ $line == *"Val03"* ]]; then
+            gcp_client_email="${line#*=}"
+        elif [[ $line == *"Val04"* ]]; then
+            gcp_private_key_id="${line#*=}"
+        elif [[ $line == *"Val05"* ]]; then
+            gcp_private_key="${line#*=}"            
+        fi
+    elif [[ $line == *"Azure"* ]]; then
+        if [[ $line == *"Val01"* ]]; then
+            azure_client_id="${line#*=}"
+        elif [[ $line == *"Val02"* ]]; then
+            azure_client_secret="${line#*=}"
+        elif [[ $line == *"Val03"* ]]; then
+            azure_tenant_id="${line#*=}"
+        elif [[ $line == *"Val04"* ]]; then
+            azure_subscription_id="${line#*=}"
+        fi
+    fi
+done < "$credentialFile"
+
+
+{
+    echo "[default]"
+    echo "aws_access_key_id=$aws_access_key_id"
+    echo "aws_secret_access_key=$aws_secret_access_key"
+} > "$saveTo/aws_credential"
+
+cat > "$saveTo/gcp_credential.json" << EOF
+{
+    "type": "service_account",
+    "project_id": "$gcp_project_id",
+    "private_key_id": "$gcp_private_key_id",
+    "private_key": $gcp_private_key,
+    "client_email": "$gcp_client_email",
+    "client_id": "$gcp_client_id",
+    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+    "token_uri": "https://oauth2.googleapis.com/token",
+    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+    "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/${gcp_client_email//@/%40}",
+    "universe_domain": "googleapis.com"
+}
+EOF
+
+{
+    echo "client_id=$azure_client_id"
+    echo "client_secret=$azure_client_secret"
+    echo "tenant_id=$azure_tenant_id"
+    echo "subscription_id=$azure_subscription_id"
+} > "$saveTo/azure_credential"
+
+
+echo -e "${GREEN}\n# AWS Credential${NC}"
+cat "$saveTo/aws_credential"
+echo -e "${GREEN}\n# GCP Credential${NC}"
+cat "$saveTo/gcp_credential.json"
+echo -e "${GREEN}\n# Azure Credential${NC}"
+cat "$saveTo/azure_credential"
+
+echo -e "\n\n"
+echo -e "${GREEN}\nCredential files have been successfully generated and saved to: ${BLUE}$saveTo${NC}"
+echo -e "${BLUE} $saveTo/aws_credential${NC}"
+echo -e "${BLUE} $saveTo/gcp_credential${NC}"
+echo -e "${BLUE} $saveTo/azure_credential${NC}"
+
+echo -e "\n${RED}========================================================================"
+echo -e "Guide to Using Generated Credential Files with Terraform/OpenTofu"
+echo -e "========================================================================${NC}\n"
+
+echo -e "${GREEN}Terraform/OpenTofu and AWS Credentials:${NC}"
+echo -e "---------------------------------------"
+echo -e "For Terraform/OpenTofu to use AWS credentials, set the credentials file in the default location (~/.aws/credentials) or specify the file path in your Terraform/OpenTofu configurations."
+echo -e "Command example:"
+echo -e "${BLUE}cp \"$saveTo/aws_credential\" ~/.aws/credentials${NC}\n"
+
+echo -e "${GREEN}Terraform/OpenTofu and GCP Credentials:${NC}"
+echo -e "---------------------------------------"
+echo -e "For Terraform/OpenTofu to authenticate with GCP, set the GOOGLE_APPLICATION_CREDENTIALS environment variable to your GCP credentials JSON file."
+echo -e "Command example:"
+echo -e "${BLUE}export GOOGLE_APPLICATION_CREDENTIALS=\"$saveTo/gcp_credential.json\"${NC}\n"
+
+echo -e "${GREEN}Terraform/OpenTofu and Azure Credentials:${NC}"
+echo -e "-----------------------------------------"
+echo -e "Terraform/OpenTofu can authenticate with Azure using a service principal or Azure CLI."
+echo -e "Command examples:"
+echo -e "${BLUE}export ARM_CLIENT_ID=\"$azure_client_id\"${NC}"
+echo -e "${BLUE}export ARM_CLIENT_SECRET=\"$azure_client_secret\"${NC}"
+echo -e "${BLUE}export ARM_TENANT_ID=\"$azure_tenant_id\"${NC}"
+echo -e "${BLUE}export ARM_SUBSCRIPTION_ID=\"$azure_subscription_id\"${NC}\n"
+
+echo -e "${RED}========================================================================${NC}\n"
+echo -e "${GREEN}Note: Secure your credential files and avoid exposing sensitive information in your Terraform/OpenTofu configurations or scripts.${NC}"