diff --git a/create-k8s-chained-sessions.sh b/create-k8s-chained-sessions.sh index 2d997fa..eab0bd1 100755 --- a/create-k8s-chained-sessions.sh +++ b/create-k8s-chained-sessions.sh @@ -8,7 +8,6 @@ # global variables declare PROFILE_ID -declare CHAINED_SESSION_IDS="name,id\n" declare REGION='us-east-1' ###### FUNCTIONS ###### @@ -20,37 +19,53 @@ declare REGION='us-east-1' function createLeappSession { parent_session_name=$1 chained_session_name="chained-from-${parent_session_name}" - echo "starting session for ${parent_session_name} to get role arn" - # this has funky piping because `--filter` is a fuzzy lookup and `panorama-k8s-playground` fuzzy matches `panorama-k8s-playground-2` as the first result - parent_session_id=$(leapp session list -x --filter="Session Name=${parent_session_name}" --no-header | sort -k2 | sed -n 1p | awk '{print $1}') - # start leapp session - leapp session start --sessionId $parent_session_id - # call to aws to get the role arn for `TerraformRole` - role_arn=$(aws iam get-role --role-name TerraformRole --query Role.Arn | tr -d '"') - # stop the leapp session - leapp session stop --sessionId $parent_session_id - # create a named profile per account so they can be used simultaneously - echo "creating new profile" - createLeappProfile $parent_session_name + echo "looking for existing session ${chained_session_name}" + chained_session_id=$(leappSessionId "$chained_session_name") - echo "creating new session" - # create new chained leapp session from parent - leapp session add --providerType aws --sessionType awsIamRoleChained \ - --sessionName $chained_session_name --region $REGION \ - --roleArn $role_arn --parentSessionId $parent_session_id \ - --profileId $PROFILE_ID - # add session id from the new session to CHAINED_SESSION_IDS - chained_session_id=$(leapp session list --columns=ID --filter="Session Name=${chained_session_name}" --no-header) - CHAINED_SESSION_IDS="${CHAINED_SESSION_IDS}${chained_session_name},${chained_session_id}\n" + if [[ -z "${chained_session_id}" ]]; then + echo "no existing session found; starting session for ${parent_session_name} to get role arn" + parent_session_id=$(leappSessionId "$parent_session_name") + # start leapp session + leapp session start --sessionId "$parent_session_id" + # call to aws to get the role arn for `TerraformRole` + role_arn=$(aws iam get-role --role-name TerraformRole --query Role.Arn | tr -d '"') + # stop the leapp session + leapp session stop --sessionId "$parent_session_id" + # create a named profile per account so they can be used simultaneously + echo "creating new profile" + createLeappProfile "$parent_session_name" + echo "creating new session" + # create new chained leapp session from parent + leapp session add --providerType aws --sessionType awsIamRoleChained \ + --sessionName "$chained_session_name" --region $REGION \ + --roleArn "$role_arn" --parentSessionId "$parent_session_id" \ + --profileId "$PROFILE_ID" + # find the ID of the session we just created + chained_session_id=$(leappSessionId "$chained_session_name") + else + echo "existing session found" + fi +} + +# @return the Leapp session ID of the session whose name is the first argument +# to this function, if one exists. +function leappSessionId { + # The ^ and $ in the session filter are regex anchors to ensure we don't + # match e.g. both `chained-from-panorama-k8s-playground` and + # `chained-from-panorama-k8s-playground-2`. + leapp session list --no-truncate --no-header --columns=ID --filter="Session Name=^${1}$" } # function to create a leapp profile to associate with the chained k8s sessions # stores the new profile id in PROFILE_ID function createLeappProfile { + # The ^ and $ in the session filter are regex anchors to ensure we don't + # match e.g. both `kubectl-access-role-panorama-k8s-playground` and + # `kubectl-access-role-panorama-k8s-playground-2`. profile_name="kubectl-access-role-${1}" - leapp profile create --profileName $profile_name - PROFILE_ID=$(leapp profile list --columns=ID --filter="Profile Name=${profile_name}" --no-header) + leapp profile create --profileName "$profile_name" + PROFILE_ID=$(leapp profile list --no-truncate --no-header --columns=ID --filter="Profile Name=^${profile_name}$") } # ###### END FUNCTIONS ###### @@ -61,8 +76,5 @@ PARENT_SESSION_NAMES="panorama-k8s-playground panorama-k8s-playground-2 panorama for session in $PARENT_SESSION_NAMES do - createLeappSession $session + createLeappSession "$session" done - -echo "all sessions created. store IDs for future use:" -echo -e $CHAINED_SESSION_IDS