The first version of the script it here

This commit is contained in:
Nikolai Rodionov 2023-06-01 19:46:29 +02:00
parent 1a0e13f236
commit ecb8b57f66
No known key found for this signature in database
GPG Key ID: 19DB54039EBF8F10
3 changed files with 173 additions and 1 deletions

View File

@ -1,3 +1,17 @@
# kubers
> Kubecl Reveal Secrets
kubers is a super simple tool that reveals k8s secrets using kubectl and yq
Kubectl reveal secrets
Usage:
kubers [-V | --version] [-h | --help] [-n | --namespace <namespace>] [-c <name>=<value>]
<secret_name> [<entry_name>]
Examples:
If you want to reveal all entries in the current k8s namespace
$ kubers
If you want to reveal only one entry from the secret in the current namepspace
$ kubers
If you want to reveal a secret from another namespace
$ kubers -n

43
completions/_kubers Normal file
View File

@ -0,0 +1,43 @@
#compdef kubers
# ------------------------------------------------------------------------
# -- Copyright 2023 Nikolai Rodionov (allanger)
# ------------------------------------------------------------------------
# -- @allanger
# -- I know that this code is ugly as heck,
# -- but I don't know how to fix it :(
# ------------------------------------------------------------------------
NAMESPACE=$(kubectl config view --minify -o jsonpath='{..namespace}')
funcion _kubers() {
local state
_arguments -C \
"-n[Kubernetes namespace]:namespace:->namespace" \
"1: :->secret" \
"2::entry:->entry"
case "$state" in
namespace)
_values compadd $(kubectl get namespaces --no-headers -o custom-columns=":metadata.name")
;;
secret)
for (( i = 1; i <= $#words - 1; i++ )); do
if [[ $words[$i] == -n || $words[$i] == --namespace ]]; then
NAMESPACE=$words[$((i+1))]
break
fi
done
_values compadd $(kubectl --namespace $NAMESPACE get secrets --no-headers -o custom-columns=":metadata.name")
;;
entry)
SECRET_NAME=$words[2]
for (( i = 1; i <= $#words - 1; i++ )); do
if [[ $words[$i] == -n || $words[$i] == --namespace ]]; then
INDEX=$i
SECRET_NAME=$words[$((i+2))]
break
fi
done
_values compadd $(for KEY in $(kubectl --namespace $NAMESPACE get secret $SECRET_NAME -o yaml | yq '.data | keys' | sed -e "s/- //"); do echo $KEY; done)
;;
esac
}

115
kubers Executable file
View File

@ -0,0 +1,115 @@
#!/bin/bash
# ------------------------------------------------------------------------
# -- Copyright 2023 Nikolai Rodionov (allanger)
# ------------------------------------------------------------------------
set -e
KUBERS_VERSION=0.1.0
# ------------------------------------
# -- Internal function for generating
# -- the "$KEY: $VALUE" string
# ------------------------------------
function append_to_secret() {
SECRET=$1
KEY=$2
VALUE=$(kubectl -n $NAMESPACE get secret $SECRET -o yaml| yq ".data.\"$KEY\"" | base64 -d)
if (( $(grep -c . <<<"$VALUE") > 1 )); then
SECRET="$KEY: |-\n$(echo $VALUE| sed -e 's/^/ /')"
else
SECRET="$KEY: $VALUE"
fi
printf "$SECRET"
}
function show_help() {
cat <<EOF
---
kubers is a super simple tool that reveals k8s secrets using kubectl and yq
Usage:
kubers [-V | --version] [-h | --help] [-n | --namespace <namespace>] [-c <name>=<value>]
<secret_name> [<entry_name>]
Examples:
If you want to reveal all entries in the current k8s namespace
$ kubers $SECRET_NAME
If you want to reveal only one entry from the secret in the current namepspace
$ kubers $SECRET_NAME $SECRET_VALUE
If you want to reveal a secret from another namespace
$ kubers -n $NAMESPACE $SECRET_NAME
---
EOF
}
# ---------------------------------------------------------------------
# -- Parse arguments
# ---------------------------------------------------------------------
UNNAMED_ARGS=()
while [[ $# -gt 0 ]]; do
case $1 in
-n|--namespace)
# ---------------------------------------------------------------
# -- Set the namespace that you want to get the secret from
# ---------------------------------------------------------------
NAMESPACE="$2"
# ---------------------------------------------------------------
# -- Check if namespace exists
# ---------------------------------------------------------------
kubectl get namespace $NAMESPACE > /dev/null
shift
shift
;;
-V|--version)
printf "Kubers version is $KUBERS_VERSION\n"
exit 0
;;
-h|--help)
show_help
exit 0
;;
-*|--*)
echo "Unknown option $1"
exit 1
;;
*)
# ---------------------------------------------------------------
# -- Don't forget args that are passed without flags
# ---------------------------------------------------------------
UNNAMED_ARGS+=("$1")
shift
;;
esac
done
# ---------------------------------------------------------------------
# -- If namespace is not set, the use the current namespace
# ---------------------------------------------------------------------
if [[ -z $NAMESPACE ]]; then
NAMESPACE=$(kubectl config view --minify -o jsonpath='{..namespace}')
fi
# ---------------------------------------------------------------------
# -- Set the secret name an entry (optional)
# ---------------------------------------------------------------------
SECRET_NAME=${UNNAMED_ARGS[0]}
SECRET_ENTRY=${UNNAMED_ARGS[1]}
# ---------------------------------------------------------------------
# -- Main logic starts here
# ---------------------------------------------------------------------
if [[ -z $SECRET_NAME ]]; then
show_help
printf "You must provide a secret name. Choose one of these\n\n"
kubectl -n $NAMESPACE get secrets --no-headers -o custom-columns=":metadata.name"
exit 1
fi
SECRET=()
if [[ $SECRET_ENTRY != "" ]]; then
SECRET+=$(append_to_secret $SECRET_NAME $SECRET_ENTRY)
else
for SECRET_ENTRY in $(kubectl -n $NAMESPACE get secret $SECRET_NAME -o yaml | yq '.data | keys' | sed -e "s/- //"); do
SECRET+=("$(append_to_secret $SECRET_NAME $SECRET_ENTRY)");
done
fi
printf "%s\n" "${SECRET[@]}" | yq