airship/airshipctl
Code Issues Proposed changes
bf588f993a
airshipctl/cmd/cluster/resetsatoken/resetsatoken.go
Guhan Eswaran b7dd46c4e6 Support rotation of svc account tokens 
This patchset introduces airshipctl command
- airshipctl cluster rotate-sa-token which basically rotates SA tokens

Previous work: https://review.opendev.org/#/c/749470/

Change-Id: Ibe932fa8d2831979e5b2ac2781f746e8ec2fdc3c
2020-10-19 07:06:58 +00:00

77 lines
2.4 KiB
Go
Raw Blame History

/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package resetsatoken
import (
"github.com/spf13/cobra"
"opendev.org/airship/airshipctl/pkg/cluster/resetsatoken"
"opendev.org/airship/airshipctl/pkg/config"
"opendev.org/airship/airshipctl/pkg/log"
)
const (
resetLong = `
Use to reset/rotate the Service Account(SA) tokens and additionally restart the
corresponding pods to get the latest token data reflected in the pod spec
Secret-namespace is a mandatory field and secret-name is optional. If secret-
name is not given, all the SA tokens in that particular namespace is considered,
else only that particular input secret-name`
resetExample = `
# To rotate a particular SA token
airshipctl cluster rotate-sa-token -n cert-manager -s cert-manager-token-vvn9p
# To rotate all the SA tokens in cert-manager namespace
airshipctl cluster rotate-sa-token -n cert-manager
`
)
// NewResetCommand creates a new command for generating secret information
func NewResetCommand(cfgFactory config.Factory) *cobra.Command {
r := &resetsatoken.ResetCommand{
Options: resetsatoken.ResetFlags{},
CfgFactory: cfgFactory,
}
resetCmd := &cobra.Command{
Use: "rotate-sa-token",
Short: "Rotate tokens of Service Accounts",
Long: resetLong[1:],
Example: resetExample,
RunE: func(cmd *cobra.Command, args []string) error {
return r.RunE()
},
}
resetCmd.Flags().StringVarP(&r.Options.Namespace, "secret-namespace", "n", "",
"namespace of the Service Account Token")
resetCmd.Flags().StringVarP(&r.Options.SecretName, "secret-name", "s", "",
"name of the secret containing Service Account Token")
resetCmd.Flags().StringVar(&r.Options.Kubeconfig, "kubeconfig", "",
"Path to kubeconfig associated with cluster being managed")
err := resetCmd.MarkFlagRequired("secret-namespace")
if err != nil {
log.Fatal(err)
}
err = resetCmd.MarkFlagRequired("kubeconfig")
if err != nil {
log.Fatalf("marking kubeconfig flag required failed: %v", err)
}
return resetCmd
}
View Git Blame Copy Permalink