diff --git a/bin/initOSProjects.sh b/bin/initOSProjects.sh index 89ea557..c5d36ba 100755 --- a/bin/initOSProjects.sh +++ b/bin/initOSProjects.sh @@ -2,6 +2,17 @@ OCTOOLSBIN=$(dirname $0) +#look through the tools env for artifactory-creds +#setup artifactory/docker pull creds +USE_PULL_CREDS=${USE_PULL_CREDS:-true} +CRED_SEARCH_NAME=${CRED_SEARCH_NAME:-artifacts-default} +PULL_CREDS=${PULL_CREDS:-artifactory-creds} +DOCKER_REG=${DOCKER_REG:-docker-remote.artifacts.developer.gov.bc.ca} +PROMPT_CREDS=${PROMPT_CREDS:-false} +if [ -z ${CRED_ENVS} ]; then + CRED_ENVS="tools dev test prod" +fi + # =================================================================================== usage() { #Usage function cat <<-EOF @@ -35,3 +46,6 @@ for project in ${PROJECT_NAMESPACE}-${DEV} ${PROJECT_NAMESPACE}-${TEST} ${PROJEC exitOnError done + + +buildPullSecret ${USE_PULL_CREDS} ${CRED_SEARCH_NAME} ${PULL_CREDS} ${DOCKER_REG} ${PROMPT_CREDS} "${CRED_ENVS[@]}" diff --git a/bin/ocFunctions.inc b/bin/ocFunctions.inc index 21fc456..286ee24 100755 --- a/bin/ocFunctions.inc +++ b/bin/ocFunctions.inc @@ -1799,6 +1799,93 @@ function getSecret() { ) } +function buildPullSecret(){ + USE_PULL_CREDS=${1} + CRED_SEARCH_NAME=${2} + PULL_CREDS=${3} + DOCKER_REG=${4} + PROMPT_CREDS=${5} + CRED_ENVS=${6} + + #build the credentials + if [ ! -z ${USE_PULL_CREDS} ] && [ ${USE_PULL_CREDS} = true ]; then + if [ ! -z ${PROMPT_CREDS} ] && [ ${PROMPT_CREDS} = true ]; then + registerPullSecretPrompt ${PROJECT_NAMESPACE} ${PULL_CREDS} ${DOCKER_REG} "${CRED_ENVS[@]}" ${DOCKER_USERNAME} ${DOCKER_PASSWORD} + else + registerPullSecret ${PROJECT_NAMESPACE} ${CRED_SEARCH_NAME} ${PULL_CREDS} ${DOCKER_REG} "${CRED_ENVS[@]}" + fi + fi +} + +function registerPullSecretPrompt(){ + namespaceName=${1} + newCredName=${2} + dockerReg=${3} + credEnvs=${4} + userName=${5} + password=${6} + + if ([ -z ${userName} ] || [ -z ${password} ]); then + echoWarning "Please enter your ${dockerReg} username" + read userName + + echoWarning "Please enter your ${dockerReg} password or login token" + read password + fi + + #set cred env to tools if unset + if [ -z "${credEnvs}" ]; then + credEnvs="tools" + fi + #create pull secret in each environment we need + for env in ${credEnvs}; do + cred_exists=0 + + oc create secret docker-registry ${newCredName} -n ${namespaceName}-${env} \ + --docker-server=${dockerReg} \ + --docker-username=${userName} \ + --docker-password=${password} \ + --docker-email=${userName}@${namespaceName}-${env}.local &> /dev/null || cred_exists=1 + if (( ! ${cred_exists})); then + oc secrets link default ${newCredName} + oc secrets link builder ${newCredName} + + echoWarning "Created ${newCredName} in ${env}" + else + echoWarning "${newCredName} already exists in ${env}, skipping..." + fi + + done + + +} + +function registerPullSecret() { + namespaceName=${1} + credName=${2} + newCredName=${3} + dockerReg=${4} + credEnvs=${5} + + #search for the credential name, limit to 1st result + credName=$(oc get secrets -n ${namespaceName}-tools | sed -n "/${credName}/p" | awk '{print $1}' | head -1) + + userName=$(getSecret ${credName} username ${namespaceName}-tools) + password=$(getSecret ${credName} password ${namespaceName}-tools) + #if we fail to find cred search name do nothing + if [ ! -z ${credName} ] && [ ! -z ${userName} ] && [ ! -z ${password} ]; then + echoWarning "Found secret ${credName}, would you like to use this as a docker registry pull secret? (y/n)" + read resp + if [ ${resp} = "y" ]; then + registerPullSecretPrompt ${namespaceName} ${newCredName} ${dockerReg} "${credEnvs[@]}" ${userName} ${password} + else + echo "Done!" + fi + fi +} + + + function listBuildRefs() { # Lists build configurations and their git references in a convenient column format. (