kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add cloud tags to AWS SSH Keys

This commit is contained in:
Peter Rifel 2020-07-08 23:09:08 -05:00
parent 690f2e3605
commit a17581e21d
No known key found for this signature in database
GPG Key ID: 30DB43602027D941
3 changed files with 38 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/model/sshkey.go
View File

@ -41,6 +41,8 @@ func (b *SSHKeyModelBuilder) Build(c *fi.ModelBuilderContext) error {
t := &awstasks.SSHKey{ t := &awstasks.SSHKey{
Name: s(name), Name: s(name),
Lifecycle: b.Lifecycle, Lifecycle: b.Lifecycle,
Tags: b.CloudTags(b.ClusterName(), false),
Shared: fi.StringValue(b.Cluster.Spec.SSHKeyName) != "",
} }
if len(b.SSHPublicKeys) >= 1 { if len(b.SSHPublicKeys) >= 1 {
t.PublicKey = fi.WrapResource(fi.NewStringResource(string(b.SSHPublicKeys[0]))) t.PublicKey = fi.WrapResource(fi.NewStringResource(string(b.SSHPublicKeys[0])))

11
pkg/resources/aws/aws.go
View File

@ -674,15 +674,15 @@ func DescribeVolumes(cloud fi.Cloud) ([]*ec2.Volume, error) {
func DeleteKeypair(cloud fi.Cloud, r *resources.Resource) error { func DeleteKeypair(cloud fi.Cloud, r *resources.Resource) error {
c := cloud.(awsup.AWSCloud) c := cloud.(awsup.AWSCloud)
name := r.Name id := r.ID
klog.V(2).Infof("Deleting EC2 Keypair %q", name) klog.V(2).Infof("Deleting EC2 Keypair %q", id)
request := &ec2.DeleteKeyPairInput{ request := &ec2.DeleteKeyPairInput{
KeyName: &name, KeyPairId: &id,
} }
_, err := c.EC2().DeleteKeyPair(request) _, err := c.EC2().DeleteKeyPair(request)
if err != nil { if err != nil {
return fmt.Errorf("error deleting KeyPair %q: %v", name, err) return fmt.Errorf("error deleting KeyPair %q: %v", id, err)
} }
return nil return nil
} }
@ -711,12 +711,13 @@ func ListKeypairs(cloud fi.Cloud, clusterName string) ([]*resources.Resource, er
for _, keypair := range response.KeyPairs { for _, keypair := range response.KeyPairs {
name := aws.StringValue(keypair.KeyName) name := aws.StringValue(keypair.KeyName)
id := aws.StringValue(keypair.KeyPairId)
if name != keypairName && !strings.HasPrefix(name, keypairName+"-") { if name != keypairName && !strings.HasPrefix(name, keypairName+"-") {
continue continue
} }
resourceTracker := &resources.Resource{ resourceTracker := &resources.Resource{
Name: name, Name: name,
ID: name, ID: id,
Type: "keypair", Type: "keypair",
Deleter: DeleteKeypair, Deleter: DeleteKeypair,
} }

42
upup/pkg/fi/cloudup/awstasks/sshkey.go
View File

@ -33,12 +33,16 @@ import (
//go:generate fitask -type=SSHKey //go:generate fitask -type=SSHKey
type SSHKey struct { type SSHKey struct {
ID *string
Name *string Name *string
Lifecycle *fi.Lifecycle Lifecycle *fi.Lifecycle
Shared bool
PublicKey *fi.ResourceHolder PublicKey *fi.ResourceHolder
KeyFingerprint *string KeyFingerprint *string
Tags map[string]string
} }
var _ fi.CompareWithID = &SSHKey{} var _ fi.CompareWithID = &SSHKey{}
@ -77,10 +81,12 @@ func (e *SSHKey) find(cloud awsup.AWSCloud) (*SSHKey, error) {
} }
k := response.KeyPairs[0] k := response.KeyPairs[0]
actual := &SSHKey{ actual := &SSHKey{
ID: k.KeyPairId,
Name: k.KeyName, Name: k.KeyName,
KeyFingerprint: k.KeyFingerprint, KeyFingerprint: k.KeyFingerprint,
Tags: mapEC2TagsToMap(k.Tags),
Shared: e.Shared,
} }
// Avoid spurious changes // Avoid spurious changes
@ -91,7 +97,10 @@ func (e *SSHKey) find(cloud awsup.AWSCloud) (*SSHKey, error) {
klog.V(2).Infof("Computed SSH key fingerprint mismatch: %q %q", fi.StringValue(e.KeyFingerprint), fi.StringValue(actual.KeyFingerprint)) klog.V(2).Infof("Computed SSH key fingerprint mismatch: %q %q", fi.StringValue(e.KeyFingerprint), fi.StringValue(actual.KeyFingerprint))
} }
actual.Lifecycle = e.Lifecycle actual.Lifecycle = e.Lifecycle
if actual.Shared {
// Don't report tag changes on shared keys
actual.Tags = e.Tags
}
return actual, nil return actual, nil
} }
@ -108,17 +117,20 @@ func (e *SSHKey) Run(c *fi.Context) error {
} }
klog.V(2).Infof("Computed SSH key fingerprint as %q", keyFingerprint) klog.V(2).Infof("Computed SSH key fingerprint as %q", keyFingerprint)
e.KeyFingerprint = &keyFingerprint e.KeyFingerprint = &keyFingerprint
} else if e.IsExistingKey() && *e.Name != "" { }
a, err := e.Find(c) a, err := e.Find(c)
if err != nil { if err != nil {
return err return err
} }
if e.IsExistingKey() && *e.Name != "" {
if a == nil { if a == nil {
return fmt.Errorf("unable to find specified SSH key %q", *e.Name) return fmt.Errorf("unable to find specified SSH key %q", *e.Name)
} }
e.KeyFingerprint = a.KeyFingerprint e.KeyFingerprint = a.KeyFingerprint
} }
if a != nil {
e.ID = a.ID
}
return fi.DefaultDeltaRunMethod(e, c) return fi.DefaultDeltaRunMethod(e, c)
} }
@ -135,7 +147,8 @@ func (e *SSHKey) createKeypair(cloud awsup.AWSCloud) error {
klog.V(2).Infof("Creating SSHKey with Name:%q", *e.Name) klog.V(2).Infof("Creating SSHKey with Name:%q", *e.Name)
request := &ec2.ImportKeyPairInput{ request := &ec2.ImportKeyPairInput{
KeyName: e.Name, KeyName: e.Name,
TagSpecifications: awsup.EC2TagSpecification(ec2.ResourceTypeKeyPair, e.Tags),
} }
if e.PublicKey != nil { if e.PublicKey != nil {
@ -152,6 +165,7 @@ func (e *SSHKey) createKeypair(cloud awsup.AWSCloud) error {
} }
e.KeyFingerprint = response.KeyFingerprint e.KeyFingerprint = response.KeyFingerprint
e.ID = response.KeyPairId
return nil return nil
} }
@ -161,13 +175,16 @@ func (_ *SSHKey) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *SSHKey) error {
return e.createKeypair(t.Cloud) return e.createKeypair(t.Cloud)
} }
// No tags on SSH public key if !e.Shared {
return nil //return output.AddAWSTags(cloud.Tags(), v, "vpc") return t.AddAWSTags(*e.ID, e.Tags)
}
return nil
} }
type terraformSSHKey struct { type terraformSSHKey struct {
Name *string `json:"key_name" cty:"key_name"` Name *string `json:"key_name" cty:"key_name"`
PublicKey *terraform.Literal `json:"public_key" cty:"public_key"` PublicKey *terraform.Literal `json:"public_key" cty:"public_key"`
Tags map[string]string `json:"tags" cty:"tags"`
} }
func (_ *SSHKey) RenderTerraform(t *terraform.TerraformTarget, a, e, changes *SSHKey) error { func (_ *SSHKey) RenderTerraform(t *terraform.TerraformTarget, a, e, changes *SSHKey) error {
@ -184,6 +201,7 @@ func (_ *SSHKey) RenderTerraform(t *terraform.TerraformTarget, a, e, changes *SS
tf := &terraformSSHKey{ tf := &terraformSSHKey{
Name: e.Name, Name: e.Name,
PublicKey: publicKey, PublicKey: publicKey,
Tags: e.Tags,
} }
return t.RenderResource("aws_key_pair", tfName, tf) return t.RenderResource("aws_key_pair", tfName, tf)
@ -231,5 +249,5 @@ func (_ *SSHKey) RenderCloudformation(t *cloudformation.CloudformationTarget, a,
} }
func (e *SSHKey) NoSSHKey() bool { func (e *SSHKey) NoSSHKey() bool {
return *e == SSHKey{} return e.ID == nil && e.Name == nil && e.PublicKey == nil && e.KeyFingerprint == nil
} }