d13d15f453
The description and examples are updated for the airshipctl commands, which will be inturn used for generating documentation. Please ignore the .md file changes in this PS. They are added for zuul gates to pass. Here is the PS with generated documention files https://review.opendev.org/c/airship/airshipctl/+/789250 Relates-To: #280 Change-Id: I7c088528842ff859f502d4484ff9a3847ebb1177
77 lines
2.5 KiB
Go
77 lines
2.5 KiB
Go
/*
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
https://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package resetsatoken
|
|
|
|
import (
|
|
"github.com/spf13/cobra"
|
|
|
|
"opendev.org/airship/airshipctl/pkg/cluster/resetsatoken"
|
|
"opendev.org/airship/airshipctl/pkg/config"
|
|
"opendev.org/airship/airshipctl/pkg/log"
|
|
)
|
|
|
|
const (
|
|
resetLong = `
|
|
Reset/rotate the Service Account(SA) tokens and additionally restart the corresponding pods to get the latest
|
|
token data reflected in the pod spec.
|
|
|
|
Secret-namespace is a mandatory flag and secret-name is optional. If secret-name is not given, all the SA tokens
|
|
in that particular namespace is considered, else only that particular input secret-name.
|
|
`
|
|
|
|
resetExample = `
|
|
To rotate a particular SA token
|
|
# airshipctl cluster rotate-sa-token -n cert-manager -s cert-manager-token-vvn9p
|
|
|
|
To rotate all the SA tokens in cert-manager namespace
|
|
# airshipctl cluster rotate-sa-token -n cert-manager
|
|
`
|
|
)
|
|
|
|
// NewResetCommand creates a new command for generating secret information
|
|
func NewResetCommand(cfgFactory config.Factory) *cobra.Command {
|
|
r := &resetsatoken.ResetCommand{
|
|
Options: resetsatoken.ResetFlags{},
|
|
CfgFactory: cfgFactory,
|
|
}
|
|
|
|
resetCmd := &cobra.Command{
|
|
Use: "rotate-sa-token",
|
|
Short: "Airshipctl command to rotate tokens of Service Account(s)",
|
|
Long: resetLong[1:],
|
|
Example: resetExample,
|
|
RunE: func(cmd *cobra.Command, args []string) error {
|
|
return r.RunE()
|
|
},
|
|
}
|
|
|
|
resetCmd.Flags().StringVarP(&r.Options.Namespace, "secret-namespace", "n", "",
|
|
"namespace of the Service Account Token")
|
|
resetCmd.Flags().StringVarP(&r.Options.SecretName, "secret-name", "s", "",
|
|
"name of the secret containing Service Account Token")
|
|
resetCmd.Flags().StringVar(&r.Options.Kubeconfig, "kubeconfig", "",
|
|
"path to kubeconfig associated with cluster being managed")
|
|
|
|
err := resetCmd.MarkFlagRequired("secret-namespace")
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
err = resetCmd.MarkFlagRequired("kubeconfig")
|
|
if err != nil {
|
|
log.Fatalf("marking kubeconfig flag required failed: %v", err)
|
|
}
|
|
return resetCmd
|
|
}
|