IOPZ-1912: Add profiles for new K8s cluster

create-k8s-chained-sessions.sh

@@ -15,18 +15,19 @@ declare REGION='us-east-1'
 # Args:
 # 1: parent session id name from leapp
 # 2: sso role name to use for the parent session
-# 3: scope of the IAM role ("panorama" or "eks"). used only for legacy reasons
-#    and can be removed when the keyword is removed from the associated IAM
-#    roles.
+# 3: scope of the IAM role ("panorama" or "eks").
 # 4: name of the persona (e.g. admin, dev-writer, etc.) the new session is for
-# 5: version of kubernetes, used to determine the associated IAM role
+# 5: suffix to append to persona name when determining the associated IAM role.
+#    This is also used in the resulting profile name to ensure name uniqueness
+#    when there are multiple clusters with the same parent session.
+#    NOTE: This can be removed when old cluster access is not needed anymore.
 function createLeappSession {
     green_echo "creating chained session for $1 with persona $4"
     parent_session_name=$1
     parent_role_name=$2
     iam_role_scope=$3
     persona_name=$4
-    k8s_version=$5
+    name_suffix=$5
     # check if the parent session exists for the role. We do this because
     # not all users have access to all roles. We want to only create sessions
     # for roles that people have access to.
@@ -36,10 +37,10 @@ function createLeappSession {
         return
     fi
 
-    chained_session_name="${parent_session_name}-${persona_name}"
+    chained_session_name="${parent_session_name}-${persona_name}${name_suffix}"
 
     green_echo "    looking for existing session ${chained_session_name}"
-    iam_role_name="${iam_role_scope}-${persona_name}-${k8s_version}"
+    iam_role_name="${iam_role_scope}-${persona_name}${name_suffix}"
     chained_session_id=$(leappSessionId "$chained_session_name" "$iam_role_name")
 
     if [[ -z "${chained_session_id}" ]]; then
@@ -52,7 +53,7 @@ function createLeappSession {
         leapp session stop --sessionId "$parent_session_id" > /dev/null 2> >(logStdErr)
 
         green_echo "    creating new profile"
-        profile_id=$(createLeappProfile "${parent_session_name}-${persona_name}")
+        profile_id=$(createLeappProfile "${chained_session_name}")
 
         green_echo "    creating new session"
         leapp session add --providerType aws --sessionType awsIamRoleChained \
@@ -97,8 +98,15 @@ PARENT_SESSION_NAMES="panorama-k8s-playground panorama-k8s-playground-2 panorama
 
 for session in $PARENT_SESSION_NAMES
 do
-    createLeappSession "$session" "AWSAdministratorAccess" "eks" "admin" "1.24"
-    createLeappSession "$session" "PanoramaK8sEngineeringDefault" "panorama" "dev-writer" "1.24"
-    createLeappSession "$session" "PanoramaK8sEngineeringDefault" "panorama" "dev-reader" "1.24"
-    createLeappSession "$session" "PanoramaK8sDSAR" "panorama" "data-science-tester" "1.24"
+    # Old cluster (from 2023)
+    createLeappSession "$session" "AWSAdministratorAccess" "eks" "admin" "-1.24"
+    createLeappSession "$session" "PanoramaK8sEngineeringDefault" "panorama" "dev-writer" "-1.24"
+    createLeappSession "$session" "PanoramaK8sEngineeringDefault" "panorama" "dev-reader" "-1.24"
+    createLeappSession "$session" "PanoramaK8sDSAR" "panorama" "data-science-tester" "-1.24"
+
+    # New cluster (from January 2024)
+    createLeappSession "$session" "AWSAdministratorAccess" "eks" "admin" ""
+    createLeappSession "$session" "PanoramaK8sEngineeringDefault" "panorama" "dev-writer" ""
+    createLeappSession "$session" "PanoramaK8sEngineeringDefault" "panorama" "dev-reader" ""
+    createLeappSession "$session" "PanoramaK8sDSAR" "panorama" "data-science-tester" ""
 done