Mvp/fixes for vault (#136)

* remove hardcoded aws profile, change default name

* fix for dns test logic and add vault skips

Author: jarededwards

cmd/createUtils.go

@@ -100,32 +100,37 @@ func waitVaultToBeRunning(dryRun bool) {
 		log.Printf("[#99] Dry-run mode, waitVaultToBeRunning skipped.")
 		return
 	}
-	config := configs.ReadConfig()
-	x := 50
-	for i := 0; i < x; i++ {
-		_, _, err := pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "get", "namespace/vault")
-		if err != nil {
-			log.Println("Waiting vault to be born")
-			time.Sleep(10 * time.Second)
-		} else {
-			log.Println("vault namespace found, continuing")
-			time.Sleep(25 * time.Second)
-			break
+	token := viper.GetString("vault.token")
+	if len(token) == 0 {
+		config := configs.ReadConfig()
+		x := 50
+		for i := 0; i < x; i++ {
+			_, _, err := pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "get", "namespace/vault")
+			if err != nil {
+				log.Println("Waiting vault to be born")
+				time.Sleep(10 * time.Second)
+			} else {
+				log.Println("vault namespace found, continuing")
+				time.Sleep(25 * time.Second)
+				break
+			}
 		}
-	}
 
-	//! failing
-	x = 50
-	for i := 0; i < x; i++ {
-		_, _, err := pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "vault", "get", "pods", "-l", "app.kubernetes.io/instance=vault")
-		if err != nil {
-			log.Println("Waiting vault pods to create")
-			time.Sleep(10 * time.Second)
-		} else {
-			log.Println("vault pods found, continuing")
-			time.Sleep(15 * time.Second)
-			break
+		//! failing
+		x = 50
+		for i := 0; i < x; i++ {
+			_, _, err := pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "vault", "get", "pods", "-l", "app.kubernetes.io/instance=vault")
+			if err != nil {
+				log.Println("Waiting vault pods to create")
+				time.Sleep(10 * time.Second)
+			} else {
+				log.Println("vault pods found, continuing")
+				time.Sleep(15 * time.Second)
+				break
+			}
 		}
+	} else {
+		log.Println("vault token arleady exists, skipping vault health checks waitVaultToBeRunning")
 	}
 }
 
@@ -134,45 +139,49 @@ func loopUntilPodIsReady(dryRun bool) {
 		log.Printf("[#99] Dry-run mode, loopUntilPodIsReady skipped.")
 		return
 	}
+	token := viper.GetString("vault.token")
+	if len(token) == 0 {
 
-	x := 50
-	url := "http://localhost:8200/v1/sys/health"
-	for i := 0; i < x; i++ {
-		log.Println("vault is not ready yet, sleeping and checking again")
-		time.Sleep(10 * time.Second)
+		x := 50
+		url := "http://localhost:8200/v1/sys/health"
+		for i := 0; i < x; i++ {
+			log.Println("vault is not ready yet, sleeping and checking again")
+			time.Sleep(10 * time.Second)
 
-		req, _ := http.NewRequest("GET", url, nil)
+			req, _ := http.NewRequest("GET", url, nil)
 
-		req.Header.Add("Content-Type", "application/json")
+			req.Header.Add("Content-Type", "application/json")
 
-		res, err := http.DefaultClient.Do(req)
-		if err != nil {
-			log.Println("error with http request Do, vault is not available", err)
-			continue
-		}
+			res, err := http.DefaultClient.Do(req)
+			if err != nil {
+				log.Println("error with http request Do, vault is not available", err)
+				continue
+			}
 
-		defer res.Body.Close()
-		body, err := ioutil.ReadAll(res.Body)
-		if err != nil {
-			log.Println("vault is availbale but the body is not what is expected ", err)
-			continue
-		}
-		log.Println(string(body))
+			defer res.Body.Close()
+			body, err := ioutil.ReadAll(res.Body)
+			if err != nil {
+				log.Println("vault is availbale but the body is not what is expected ", err)
+				continue
+			}
 
-		var responseJson map[string]interface{}
+			var responseJson map[string]interface{}
 
-		if err := json.Unmarshal(body, &responseJson); err != nil {
-			log.Printf("vault is availbale but the body is not what is expected %s", err)
-			continue
-		}
+			if err := json.Unmarshal(body, &responseJson); err != nil {
+				log.Printf("vault is availbale but the body is not what is expected %s", err)
+				continue
+			}
 
-		_, ok := responseJson["initialized"]
-		if ok {
-			log.Printf("vault is initialized and is in the expected state")
-			return
+			_, ok := responseJson["initialized"]
+			if ok {
+				log.Printf("vault is initialized and is in the expected state")
+				return
+			}
+			log.Panic("vault was never initialized")
 		}
+	} else {
+		log.Println("vault token arleady exists, skipping vault health checks loopUntilPodIsReady")
 	}
-	log.Panic("vault was never initialized")
 }
 
 type VaultInitResponse struct {
@@ -206,41 +215,46 @@ func initializeVaultAndAutoUnseal(dryRun bool) {
 		return
 	}
 
-	time.Sleep(time.Second * 10)
-	url := "http://127.0.0.1:8200/v1/sys/init"
+	token := viper.GetString("vault.token")
+	if len(token) == 0 {
 
-	payload := strings.NewReader("{\n\t\"stored_shares\": 3,\n\t\"recovery_threshold\": 3,\n\t\"recovery_shares\": 5\n}")
+		time.Sleep(time.Second * 10)
+		url := "http://127.0.0.1:8200/v1/sys/init"
 
-	req, err := http.NewRequest("POST", url, payload)
-	if err != nil {
-		log.Panic(err)
-	}
+		payload := strings.NewReader("{\n\t\"stored_shares\": 3,\n\t\"recovery_threshold\": 3,\n\t\"recovery_shares\": 5\n}")
 
-	req.Header.Add("Content-Type", "application/json")
+		req, err := http.NewRequest("POST", url, payload)
+		if err != nil {
+			log.Panic(err)
+		}
 
-	res, err := http.DefaultClient.Do(req)
-	if err != nil {
-		log.Println("error in Do http client request", err)
-	}
+		req.Header.Add("Content-Type", "application/json")
 
-	defer res.Body.Close()
-	body, err := ioutil.ReadAll(res.Body)
-	if err != nil {
-		log.Panic(err)
-	}
+		res, err := http.DefaultClient.Do(req)
+		if err != nil {
+			log.Println("error in Do http client request", err)
+		}
 
-	log.Println(string(body))
+		defer res.Body.Close()
+		body, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			log.Panic(err)
+		}
 
+		log.Println(string(body))
 
-	vaultResponse := VaultUnsealResponse{}
-	err = json.Unmarshal(body, &vaultResponse)
-	if err != nil {
-		log.Panic(err)
-	}
+		vaultResponse := VaultUnsealResponse{}
+		err = json.Unmarshal(body, &vaultResponse)
+		if err != nil {
+			log.Panic(err)
+		}
 
-	viper.Set("vault.token", vaultResponse.RootToken)
-	viper.Set("vault.unseal-keys", vaultResponse)
-	viper.WriteConfig()
+		viper.Set("vault.token", vaultResponse.RootToken)
+		viper.Set("vault.unseal-keys", vaultResponse)
+		viper.WriteConfig()
+	} else {
+		log.Println("vault token already exists, continuing")
+	}
 }
 
 func waitGitlabToBeReady(dryRun bool) {

internal/aws/aws.go

@@ -124,49 +124,36 @@ func TestHostedZoneLiveness(dryRun bool, hostedZoneName, hostedZoneId string) {
 	log.Println("checking to see if record", route53RecordName, "exists")
 	log.Println("hostedZoneId", hostedZoneId)
 	log.Println("route53RecordName", route53RecordName)
-
-	recordList, err := route53Client.ListResourceRecordSets(context.TODO(), &route53.ListResourceRecordSetsInput{
-		HostedZoneId:    aws.String(hostedZoneId),
-		StartRecordName: aws.String(route53RecordName),
-		StartRecordType: "TXT",
-	})
-	if err != nil {
-		log.Println("failed read route53 ", err.Error())
-		os.Exit(1)
-	}
-
-	if len(recordList.ResourceRecordSets) == 0 {
-		if !dryRun {
-			record, err := route53Client.ChangeResourceRecordSets(context.TODO(), &route53.ChangeResourceRecordSetsInput{
-				ChangeBatch: &types.ChangeBatch{
-					Changes: []types.Change{
-						{
-							Action: "CREATE",
-							ResourceRecordSet: &types.ResourceRecordSet{
-								Name: aws.String(route53RecordName),
-								Type: "TXT",
-								ResourceRecords: []types.ResourceRecord{
-									{
-										Value: aws.String(strconv.Quote(route53RecordValue)),
-									},
+	if !dryRun {
+		record, err := route53Client.ChangeResourceRecordSets(context.TODO(), &route53.ChangeResourceRecordSetsInput{
+			ChangeBatch: &types.ChangeBatch{
+				Changes: []types.Change{
+					{
+						Action: "UPSERT",
+						ResourceRecordSet: &types.ResourceRecordSet{
+							Name: aws.String(route53RecordName),
+							Type: "TXT",
+							ResourceRecords: []types.ResourceRecord{
+								{
+									Value: aws.String(strconv.Quote(route53RecordValue)),
 								},
-								TTL:           aws.Int64(10),
-								Weight:        aws.Int64(100),
-								SetIdentifier: aws.String("CREATE sanity check for kubefirst installation"),
 							},
+							TTL:           aws.Int64(10),
+							Weight:        aws.Int64(100),
+							SetIdentifier: aws.String("CREATE sanity check for kubefirst installation"),
 						},
 					},
-					Comment: aws.String("CREATE sanity check dns record."),
 				},
-				HostedZoneId: aws.String(hostedZoneId),
-			})
-			if err != nil {
-				log.Println(err)
-			}
-			log.Println("record creation status is ", record.ChangeInfo.Status)
-		} else {
-			log.Printf("[#99] Dry-run mode, route53 creation/update skipped:  %s", route53RecordName)
+				Comment: aws.String("CREATE sanity check dns record."),
+			},
+			HostedZoneId: aws.String(hostedZoneId),
+		})
+		if err != nil {
+			log.Println(err)
 		}
+		log.Println("record creation status is ", record.ChangeInfo.Status)
+	} else {
+		log.Printf("[#99] Dry-run mode, route53 creation/update skipped:  %s", route53RecordName)
 	}
 	count := 0
 	// todo need to exit after n number of minutes and tell them to check ns records

internal/vault/vault.go

@@ -67,8 +67,8 @@ func ConfigureVault(dryRun bool) {
 		err := kPortForward.Start()
 		defer kPortForward.Process.Signal(syscall.SIGTERM)
 		if err != nil {
-			log.Println("Commad Execution STDOUT: %s", kPortForwardOutb.String())
-			log.Println("Commad Execution STDERR: %s", kPortForwardErrb.String())
+			log.Printf("Commad Execution STDOUT: %s", kPortForwardOutb.String())
+			log.Printf("Commad Execution STDERR: %s", kPortForwardErrb.String())
 			log.Panicf("error: failed to port-forward to vault namespce svc/vault %s", err)
 		}