equiv opt

cmd/preflight-id/preflight-id.go

@@ -27,6 +27,7 @@ func main() {
 	awsArn := preflightFlags.String("aws-arn", "", "aws arn")
 	gcpEmail := preflightFlags.String("gcp-email", "", "gcp email")
 	configFile := preflightFlags.String("config", "", "config file to use")
+	equiv := preflightFlags.Bool("equiv", false, "print equivalent command")
 	preflightFlags.Parse(os.Args[1:])
 	ll, err := log.ParseLevel(*logLevel)
 	if err != nil {
@@ -45,16 +46,19 @@ func main() {
 	if *kubeServiceAccount != "" {
 		pf.Kube = &preflightid.IDProviderKube{
 			ServiceAccount: *kubeServiceAccount,
+			Equiv:          *equiv,
 		}
 	}
 	if *awsArn != "" {
 		pf.AWS = &preflightid.IDProviderAWS{
-			ARN: *awsArn,
+			ARN:   *awsArn,
+			Equiv: *equiv,
 		}
 	}
 	if *gcpEmail != "" {
 		pf.GCP = &preflightid.IDProviderGCP{
 			Email: *gcpEmail,
+			Equiv: *equiv,
 		}
 	}
 	if err := pf.Run(); err != nil {

pkg/preflightid/aws.go

@@ -11,7 +11,12 @@ import (
 )
 
 type IDProviderAWS struct {
-	ARN string `json:"arn" yaml:"arn"`
+	ARN   string `json:"arn" yaml:"arn"`
+	Equiv bool   `json:"equiv" yaml:"equiv"`
+}
+
+func (p *IDProviderAWS) RunEquiv() bool {
+	return p.Equiv
 }
 
 func (p *IDProviderAWS) Equivalent() {
@@ -22,7 +27,7 @@ func (p *IDProviderAWS) Equivalent() {
 	cmd += `if [[ $ID == *"assumed-role/"* ]]; then ROLE_NAME=$(echo $ID | cut -d/ -f2); ACCOUNT_NUMBER=$(echo $ID | cut -d: -f5); ARN="arn:aws:iam::$ACCOUNT_NUMBER:role/$ROLE_NAME"; else ARN=$ID; fi;`
 	cmd += fmt.Sprintf(`if [ "$ARN" != "%s" ]; then echo "ARN $ARN does not match expected %s"; exit 1; fi`, p.ARN, p.ARN)
 	cmd = fmt.Sprintf("sh -c '%s'", cmd)
-	l.Infof("equivalent command: %s", cmd)
+	fmt.Println(cmd)
 }
 
 func (p *IDProviderAWS) Run() error {

pkg/preflightid/gcp.go

@@ -14,6 +14,11 @@ import (
 
 type IDProviderGCP struct {
 	Email string `json:"email" yaml:"email"`
+	Equiv bool   `json:"equiv" yaml:"equiv"`
+}
+
+func (p *IDProviderGCP) RunEquiv() bool {
+	return p.Equiv
 }
 
 func (p *IDProviderGCP) Equivalent() {
@@ -22,7 +27,7 @@ func (p *IDProviderGCP) Equivalent() {
 	cmd := `ID=$(gcloud auth list --filter=status:ACTIVE --format="value(account)");`
 	cmd += fmt.Sprintf(`if [ "$ID" != "%s" ]; then echo "ID $ID does not match expected %s"; exit 1; fi`, p.Email, p.Email)
 	cmd = fmt.Sprintf("sh -c '%s'", cmd)
-	l.Infof("equivalent command: %s", cmd)
+	fmt.Println(cmd)
 }
 
 func (p *IDProviderGCP) Run() error {

pkg/preflightid/kube.go

@@ -13,14 +13,19 @@ import (
 
 type IDProviderKube struct {
 	ServiceAccount string `json:"serviceAccount" yaml:"serviceAccount"`
+	Equiv          bool   `json:"equiv" yaml:"equiv"`
+}
+
+func (k *IDProviderKube) RunEquiv() bool {
+	return k.Equiv
 }
 
 func (k *IDProviderKube) Equivalent() {
 	l := Logger
 	l.Debug("printing equivalent command")
 	cmd := `sh -c 'EXPECTED="%s"; TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token); PAYLOAD=$(echo "$TOKEN" | cut -d. -f2); DECODED_PAYLOAD=$(echo "$PAYLOAD" | base64 -d 2>/dev/null); SERVICE_ACCOUNT=$(echo "$DECODED_PAYLOAD" | jq -r '.sub'); SERVICE_ACCOUNT_NAME=$(echo "$SERVICE_ACCOUNT" | cut -d: -f4); if [ "$SERVICE_ACCOUNT_NAME" != "$EXPECTED" ]; then echo "Service account $SERVICE_ACCOUNT_NAME does not match expected $EXPECTED"; exit 1; fi'`
 	cmd = fmt.Sprintf(cmd, k.ServiceAccount)
-	l.Infof("equivalent command: %s", cmd)
+	fmt.Println(cmd)
 }
 
 func (k *IDProviderKube) Run() error {

pkg/preflightid/preflightid.go

@@ -23,6 +23,7 @@ func init() {
 
 type IDProvider interface {
 	Run() error
+	RunEquiv() bool
 	Equivalent()
 }
 
@@ -119,7 +120,14 @@ func (p *PreflightID) Run() error {
 		l.WithError(err).Error("error creating preflighter")
 		return err
 	}
-	preflighter.Equivalent()
+	if preflighter == nil {
+		l.Error("preflighter is nil")
+		return errors.New("preflighter is nil")
+	}
+	if preflighter.RunEquiv() {
+		preflighter.Equivalent()
+		return nil
+	}
 	if err := preflighter.Run(); err != nil {
 		l.WithError(err).Error("error running preflighter")
 		return err