IOPZ-1445 Make create-k8s-chained-sessions.sh idempotent

This commit makes the `create-k8s-chained-sessions.sh` script idempotent (it no longer breaks or behaves weirdly if some or all chained sessions already exist). In addition, it tidies up some aspects of the script, removes unnecessary output, and makes improvements so the script now passes the ShellCheck linter.
panorama-ed · Dec 11, 2023 · b24e855 · b24e855
1 parent 2bcfa4e
commit b24e855
Showing 1 changed file with 40 additions and 28 deletions.
diff --git a/create-k8s-chained-sessions.sh b/create-k8s-chained-sessions.sh
@@ -8,7 +8,6 @@
 
 # global variables
 declare PROFILE_ID
-declare CHAINED_SESSION_IDS="name,id\n"
 declare REGION='us-east-1'
 
 ###### FUNCTIONS ######
@@ -20,37 +19,53 @@ declare REGION='us-east-1'
 function createLeappSession {
     parent_session_name=$1
     chained_session_name="chained-from-${parent_session_name}"
-    echo "starting session for ${parent_session_name} to get role arn"
-    # this has funky piping because `--filter` is a fuzzy lookup and `panorama-k8s-playground` fuzzy matches `panorama-k8s-playground-2` as the first result
-    parent_session_id=$(leapp session list -x --filter="Session Name=${parent_session_name}" --no-header | sort -k2 | sed -n 1p | awk '{print $1}')
-    # start leapp session
-    leapp session start --sessionId $parent_session_id
-    # call to aws to get the role arn for `TerraformRole`
-    role_arn=$(aws iam get-role --role-name TerraformRole --query Role.Arn | tr -d '"')
-    # stop the leapp session
-    leapp session stop --sessionId $parent_session_id
 
-    # create a named profile per account so they can be used simultaneously
-    echo "creating new profile"
-    createLeappProfile $parent_session_name
+    echo "looking for existing session ${chained_session_name}"
+    chained_session_id=$(leappSessionId "$chained_session_name")
 
-    echo "creating new session"
-    # create new chained leapp session from parent
-    leapp session add --providerType aws --sessionType awsIamRoleChained \
-        --sessionName $chained_session_name --region $REGION \
-        --roleArn $role_arn --parentSessionId $parent_session_id \
-        --profileId $PROFILE_ID
-    # add session id from the new session to CHAINED_SESSION_IDS
-    chained_session_id=$(leapp session list --columns=ID --filter="Session Name=${chained_session_name}" --no-header)
-    CHAINED_SESSION_IDS="${CHAINED_SESSION_IDS}${chained_session_name},${chained_session_id}\n"
+    if [[ -z "${chained_session_id}" ]]; then
+        echo "no existing session found; starting session for ${parent_session_name} to get role arn"
+        parent_session_id=$(leappSessionId "$parent_session_name")
+        # start leapp session
+        leapp session start --sessionId "$parent_session_id"
+        # call to aws to get the role arn for `TerraformRole`
+        role_arn=$(aws iam get-role --role-name TerraformRole --query Role.Arn | tr -d '"')
+        # stop the leapp session
+        leapp session stop --sessionId "$parent_session_id"
+        # create a named profile per account so they can be used simultaneously
+        echo "creating new profile"
+        createLeappProfile "$parent_session_name"
+        echo "creating new session"
+        # create new chained leapp session from parent
+        leapp session add --providerType aws --sessionType awsIamRoleChained \
+            --sessionName "$chained_session_name" --region $REGION \
+            --roleArn "$role_arn" --parentSessionId "$parent_session_id" \
+            --profileId "$PROFILE_ID"
+        # find the ID of the session we just created
+        chained_session_id=$(leappSessionId "$chained_session_name")
+    else
+        echo "existing session found"
+    fi
+}
+
+# @return the Leapp session ID of the session whose name is the first argument
+#   to this function, if one exists.
+function leappSessionId {
+    # The ^ and $ in the session filter are regex anchors to ensure we don't
+    # match e.g. both `chained-from-panorama-k8s-playground` and
+    # `chained-from-panorama-k8s-playground-2`.
+    leapp session list --no-truncate --no-header --columns=ID --filter="Session Name=^${1}$"
 }
 
 # function to create a leapp profile to associate with the chained k8s sessions
 # stores the new profile id in PROFILE_ID
 function createLeappProfile {
+    # The ^ and $ in the session filter are regex anchors to ensure we don't
+    # match e.g. both `kubectl-access-role-panorama-k8s-playground` and
+    # `kubectl-access-role-panorama-k8s-playground-2`.
     profile_name="kubectl-access-role-${1}"
-    leapp profile create --profileName $profile_name
-    PROFILE_ID=$(leapp profile list --columns=ID --filter="Profile Name=${profile_name}" --no-header)
+    leapp profile create --profileName "$profile_name"
+    PROFILE_ID=$(leapp profile list --no-truncate --no-header --columns=ID --filter="Profile Name=^${profile_name}$")
 }
 #
 ###### END FUNCTIONS ######
@@ -61,8 +76,5 @@ PARENT_SESSION_NAMES="panorama-k8s-playground panorama-k8s-playground-2 panorama
 
 for session in $PARENT_SESSION_NAMES
 do
-    createLeappSession $session
+    createLeappSession "$session"
 done
-
-echo "all sessions created. store IDs for future use:"
-echo -e $CHAINED_SESSION_IDS