diff --git a/gen3/bin/kube-setup-batch-export.sh b/gen3/bin/kube-setup-batch-export.sh index 25b3f5bb0..7861f5024 100644 --- a/gen3/bin/kube-setup-batch-export.sh +++ b/gen3/bin/kube-setup-batch-export.sh @@ -11,30 +11,45 @@ if ! g3kubectl get secrets | grep batch-export-g3auto /dev/null 2>&1; then hostname="$(gen3 api hostname)" ref_hostname=$(echo "$hostname" | sed 's/\./-/g') bucket_name="${ref_hostname}-batch-export-bucket" - aws_user="${ref_hostname}-batch-export-user" - mkdir -p $(gen3_secrets_folder)/g3auto/batch-export - creds_file="$(gen3_secrets_folder)/g3auto/batch-export/config.json" - - gen3_log_info "Creating batch export secret" + sa_name="batch-export-sa" + + gen3_log_info "Creating batch export bucket" if [[ -z "$JENKINS_HOME" ]]; then gen3 s3 create $bucket_name - gen3 awsuser create $aws_user - gen3 s3 attach-bucket-policy $bucket_name --read-write --user-name $aws_user - gen3 secrets sync "aws reources for batch export" - - gen3_log_info "initializing batch-export config.json" - user=$(gen3 secrets decode $aws_user-g3auto awsusercreds.json) - key_id=$(jq -r .id <<< $user) - access_key=$(jq -r .secret <<< $user) - cat - > $creds_file < "export-job-aws-policy.json" < /dev/null 2>&1; then + if ! gen3 iam-serviceaccount -c "${sa_name}" -p ./export-job-aws-policy.json; then + gen3_log_err "Failed to create iam service account" + return 1 + fi + gen3_log_info "created service account 'batch-export-sa' with s3 access" + gen3_log_info "created role name '${role_name}'" + fi + + gen3_log_info "creating batch-export-g3auto configmap" + kubectl create configmap batch-export-g3auto --from-literal=bucket_name="$bucket_name" fi fi