package main import ( _ "embed" "os" "strings" "github.com/fsnotify/fsnotify" "github.com/aws/eks-anywhere-packages/credentialproviderpackage/pkg/awscred" cfg "github.com/aws/eks-anywhere-packages/credentialproviderpackage/pkg/configurator" "github.com/aws/eks-anywhere-packages/credentialproviderpackage/pkg/configurator/bottlerocket" "github.com/aws/eks-anywhere-packages/credentialproviderpackage/pkg/configurator/linux" "github.com/aws/eks-anywhere-packages/credentialproviderpackage/pkg/constants" "github.com/aws/eks-anywhere-packages/credentialproviderpackage/pkg/log" ) const ( bottleRocket = "bottlerocket" socketPath = "/run/api.sock" // Aws Credentials awsProfile = "eksa-packages" credWatchData = "/secrets/aws-creds/..data" credWatchPath = "/secrets/aws-creds/" ) func main() { var configurator cfg.Configurator var err error osType := strings.ToLower(os.Getenv("OS_TYPE")) if osType == "" { log.ErrorLogger.Println("Missing Environment Variable OS_TYPE") os.Exit(1) } secretPath, err := awscred.GetAwsConfigPath() if err != nil { log.ErrorLogger.Fatal(err) } profile := os.Getenv("AWS_PROFILE") if profile == "" { profile = awsProfile } config := createCredentialProviderConfigOptions() if osType == bottleRocket { configurator, err = bottlerocket.NewBottleRocketConfigurator(socketPath) if err != nil { log.ErrorLogger.Fatal(err) } } else { configurator = linux.NewLinuxConfigurator() } configurator.Initialize(config) err = configurator.UpdateAWSCredentials(secretPath, profile) if err != nil { log.ErrorLogger.Fatal(err) } log.InfoLogger.Println("Aws credentials configured") err = configurator.UpdateCredentialProvider(profile) if err != nil { log.ErrorLogger.Fatal(err) } log.InfoLogger.Println("Credential Provider Configured") err = configurator.CommitChanges() if err != nil { log.ErrorLogger.Fatal(err) } log.InfoLogger.Println("Kubelet Restarted") // Creating watcher for credentials watcher, err := fsnotify.NewWatcher() if err != nil { log.ErrorLogger.Fatal(err) } defer watcher.Close() // Start listening for changes to the aws credentials go func() { for { select { case event, ok := <-watcher.Events: if !ok { return } if event.Has(fsnotify.Create) { if event.Name == credWatchData { secretPath, err := awscred.GetAwsConfigPath() if err != nil { log.ErrorLogger.Fatal(err) } err = configurator.UpdateAWSCredentials(secretPath, profile) if err != nil { log.ErrorLogger.Fatal(err) } log.InfoLogger.Println("Aws credentials successfully changed") } } case err, ok := <-watcher.Errors: if !ok { return } log.WarningLogger.Printf("filewatcher error: %v", err) } } }() err = watcher.Add(credWatchPath) if err != nil { log.ErrorLogger.Fatal(err) } // Block main goroutine forever. <-make(chan struct{}) } func createCredentialProviderConfigOptions() constants.CredentialProviderConfigOptions { imagePatternsValues := os.Getenv("MATCH_IMAGES") if imagePatternsValues == "" { imagePatternsValues = constants.DefaultImagePattern } imagePatterns := strings.Split(imagePatternsValues, ",") defaultCacheDuration := os.Getenv("DEFAULT_CACHE_DURATION") if defaultCacheDuration == "" { defaultCacheDuration = constants.DefaultCacheDuration } return constants.CredentialProviderConfigOptions{ ImagePatterns: imagePatterns, DefaultCacheDuration: defaultCacheDuration, } }