IOPZ-1912: Add profiles for new K8s cluster

create-k8s-chained-sessions.sh

@@ -13,20 +13,17 @@ declare REGION='us-east-1'
 #
 # function to create a chained leapp session given a parent session id
 # Args:
-# 1: parent session id name from leapp
+# 1: name of environment ("playground", "staging", etc.)
 # 2: sso role name to use for the parent session
-# 3: scope of the IAM role ("panorama" or "eks"). used only for legacy reasons
-#    and can be removed when the keyword is removed from the associated IAM
-#    roles.
+# 3: scope of the IAM role ("panorama" or "eks").
 # 4: name of the persona (e.g. admin, dev-writer, etc.) the new session is for
-# 5: version of kubernetes, used to determine the associated IAM role
 function createLeappSession {
     green_echo "creating chained session for $1 with persona $4"
-    parent_session_name=$1
+    environment_name=$1
+    parent_session_name="panorama-k8s-${environment_name}"
     parent_role_name=$2
     iam_role_scope=$3
     persona_name=$4
-    k8s_version=$5
     # check if the parent session exists for the role. We do this because
     # not all users have access to all roles. We want to only create sessions
     # for roles that people have access to.
@@ -36,10 +33,10 @@ function createLeappSession {
         return
     fi
 
-    chained_session_name="${parent_session_name}-${persona_name}"
+    chained_session_name="k8s-${environment_name}-${persona_name}"
 
     green_echo "    looking for existing session ${chained_session_name}"
-    iam_role_name="${iam_role_scope}-${persona_name}-${k8s_version}"
+    iam_role_name="${iam_role_scope}-${persona_name}"
     chained_session_id=$(leappSessionId "$chained_session_name" "$iam_role_name")
 
     if [[ -z "${chained_session_id}" ]]; then
@@ -52,7 +49,7 @@ function createLeappSession {
         leapp session stop --sessionId "$parent_session_id" > /dev/null 2> >(logStdErr)
 
         green_echo "    creating new profile"
-        profile_id=$(createLeappProfile "${parent_session_name}-${persona_name}")
+        profile_id=$(createLeappProfile "${chained_session_name}")
 
         green_echo "    creating new session"
         leapp session add --providerType aws --sessionType awsIamRoleChained \
@@ -77,10 +74,10 @@ function leappSessionId {
 # function to create a leapp profile to associate with the chained k8s sessions
 # stores the new profile id in PROFILE_ID
 function createLeappProfile {
-    # The ^ and $ in the session filter are regex anchors to ensure we don't
-    # match e.g. both `kubectl-access-role-panorama-k8s-playground` and
-    # `kubectl-access-role-panorama-k8s-playground-2`.
-    profile_name="kubectl-access-role-${1}"
+    # The ^ and $ in the session filter are regex anchors to ensure we are
+    # finding an exact match. Otherwise, we risk accidentially matching multiple
+    # Leapp profiles and using the wrong one.
+    profile_name="${1}-access"
     profile_id=$(leapp profile list -x --output json --filter="Profile Name=^${profile_name}$" | jq -r '.[].id')
     if [[ -n "${profile_id}" ]]; then
         echo "${profile_id}"
@@ -93,12 +90,12 @@ function createLeappProfile {
 ###### END FUNCTIONS ######
 
 # session names from Leapp for each k8s account
-PARENT_SESSION_NAMES="panorama-k8s-playground panorama-k8s-playground-2 panorama-k8s-staging panorama-k8s-production"
+ENV_NAMES="playground playground-2 staging production"
 
-for session in $PARENT_SESSION_NAMES
+for env in $ENV_NAMES
 do
-    createLeappSession "$session" "AWSAdministratorAccess" "eks" "admin" "1.24"
-    createLeappSession "$session" "PanoramaK8sEngineeringDefault" "panorama" "dev-writer" "1.24"
-    createLeappSession "$session" "PanoramaK8sEngineeringDefault" "panorama" "dev-reader" "1.24"
-    createLeappSession "$session" "PanoramaK8sDSAR" "panorama" "data-science-tester" "1.24"
+    createLeappSession "$env" "AWSAdministratorAccess" "eks" "admin"
+    createLeappSession "$env" "PanoramaK8sEngineeringDefault" "panorama" "dev-writer"
+    createLeappSession "$env" "PanoramaK8sEngineeringDefault" "panorama" "dev-reader"
+    createLeappSession "$env" "PanoramaK8sDSAR" "panorama" "data-science-tester"
 done