Thu 15 June 2023

Problem

I ran into an issue recently where some of my automation that cycles through AWS accounts and runs code against each accounts resources broke. It would become sticky to the account that we intially connected to Vault and never switch when using `vault read aws/something/else. We worked on trying to use curl calls and other various workarounds but nothing seemed to work.

Eventual Solution

After a few days of working on things off and on I decided to just hammer out a custom function in Groovy that would handle the account switching for us. Fastforward like 100+ commits and Jenkins runs later and I finally got something that worked for switching.

def vaultAWS(account_level, account_team) {
    def vaultQuery = "aws/$account_level/$account_team/sts/admin"
    print "testing: $vaultQuery"
    try {
        def vaultOutput = sh(returnStdout: true, script: "vault read $vaultQuery").trim()
        def keyValuePairs = [:]
        vaultOutput.split('\n').each { line ->
            def (key, value) = line.split(' ', 2).collect { it.trim() }
            if ( key == 'access_key' || key == 'secret_key' || key == 'security_token'){
                keyValuePairs[key] = value
            }
        }
        // set env variables
        env.AWS_ACCESS_KEY_ID = keyValuePairs['access_key']
        env.AWS_SECRET_ACCESS_KEY = keyValuePairs['secret_key']
        env.AWS_SESSION_TOKEN = keyValuePairs['security_token']
    } catch (Exception e) {
        println "Something went wrong"
    }

}

This let me loop through our lists of accounts and run a basic test to make sure I could actually see the resources in the AWS account. Unfortunately I found additional problems (like an entire set of accounts were simply poof gone) but the code worked exactly as I had hoped. Further research lead me to the use of @Grab to pull from git repos for code so ideally this can be pulled remotely instead of manually pasted into every single Jenkins job we end up using it in. Of course by the time I get all that worked out we are going to start the joyful process of moving out automated jobs from Jenkins to Gitlab CI/CD

Category: programming

Tue 29 November 2022

collecting my efforts on making my pipelines more streamlined

Category: programming

Tue 01 November 2022

trying to get back in the habit of regular updates

Category: thoughts

Sun 01 May 2022

first update to taking back email project

Category: thoughts

Fri 17 December 2021

a quick overview of how to take back email

Category: thoughts

Wed 13 October 2021

ruminating on the end of a project and the path forward

Category: thoughts

Fri 27 August 2021

a quick code blurb I wrote for an online challenge

Category: programming

Mon 16 August 2021

some thoughts on starting over

Category: thoughts

Wed 03 February 2021

How to find data in the NHL API

Category: projects

Wed 03 February 2021

Working through a slightly obscure Gitlab problems

Category: programming, cloud, git