[satlab] Add tool to remind user service account expiration date
BUG=b:209320828
Change-Id: Id7ac4d7d36d231484890688b0ae5c705c100d9ef
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/satlab/+/3368765
Reviewed-by: Prasad Vuppalapu <prasadv@chromium.org>
Commit-Queue: Anh Le <anhdle@chromium.org>
Tested-by: Anh Le <anhdle@chromium.org>
diff --git a/src/dockerfiles/satlab_remote_access/Dockerfile b/src/dockerfiles/satlab_remote_access/Dockerfile
index 7152c69..930dd5e 100644
--- a/src/dockerfiles/satlab_remote_access/Dockerfile
+++ b/src/dockerfiles/satlab_remote_access/Dockerfile
@@ -53,4 +53,13 @@
WORKDIR /var/log
# Enable TCP port forwarding required for SSH tunneling.
-RUN sed -i s/AllowTcpForwarding\ no/AllowTcpForwarding\ yes/ /etc/ssh/sshd_config
\ No newline at end of file
+RUN sed -i s/AllowTcpForwarding\ no/AllowTcpForwarding\ yes/ /etc/ssh/sshd_config
+
+# Change welcoming message.
+COPY dockerfiles/satlab_remote_access/motd /etc/
+
+# Add jq to get service account key id from json file.
+RUN apk add --no-cache --upgrade jq
+
+# Add routine to check service account key expiration
+COPY dockerfiles/satlab_remote_access/tools/service_account_key_check.sh /etc/profile.d/
\ No newline at end of file
diff --git a/src/dockerfiles/satlab_remote_access/motd b/src/dockerfiles/satlab_remote_access/motd
new file mode 100644
index 0000000..3c60ee4
--- /dev/null
+++ b/src/dockerfiles/satlab_remote_access/motd
@@ -0,0 +1,7 @@
+
+██╗ ██╗███████╗██╗ ██████╗ ██████╗ ███╗ ███╗███████╗ ████████╗ ██████╗ ███████╗ █████╗ ████████╗██╗ █████╗ ██████╗
+██║ ██║██╔════╝██║ ██╔════╝██╔═══██╗████╗ ████║██╔════╝ ╚══██╔══╝██╔═══██╗ ██╔════╝██╔══██╗╚══██╔══╝██║ ██╔══██╗██╔══██╗
+██║ █╗ ██║█████╗ ██║ ██║ ██║ ██║██╔████╔██║█████╗ ██║ ██║ ██║ ███████╗███████║ ██║ ██║ ███████║██████╔╝
+██║███╗██║██╔══╝ ██║ ██║ ██║ ██║██║╚██╔╝██║██╔══╝ ██║ ██║ ██║ ╚════██║██╔══██║ ██║ ██║ ██╔══██║██╔══██╗
+╚███╔███╔╝███████╗███████╗╚██████╗╚██████╔╝██║ ╚═╝ ██║███████╗ ██║ ╚██████╔╝ ███████║██║ ██║ ██║ ███████╗██║ ██║██████╔╝
+ ╚══╝╚══╝ ╚══════╝╚══════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═════╝ ╚══════╝╚═╝ ╚═╝ ╚═╝ ╚══════╝╚═╝ ╚═╝╚═════╝
diff --git a/src/dockerfiles/satlab_remote_access/tools/satlab_setup b/src/dockerfiles/satlab_remote_access/tools/satlab_setup
index 179e95b..02e60fb 100755
--- a/src/dockerfiles/satlab_remote_access/tools/satlab_setup
+++ b/src/dockerfiles/satlab_remote_access/tools/satlab_setup
@@ -15,10 +15,8 @@
1. Authenticate user using GCloud SDK(uses gcloud-sdk docker container),
when prompted please use your google.com account
-2. Ask for service account, please follow (go/satlab-manual) to create
- the service account if needed.
-3. Get required service account and keys from cloud application.
-4. Finally reboots the chromebox. (You must restart the chromebox inorder to
+2. Generate a service account key to pull Docker images.
+3. Finally reboots the chromebox. (You must restart the chromebox inorder to
finish the satlab setup)
###############################################################################
EOF
diff --git a/src/dockerfiles/satlab_remote_access/tools/service_account_key_check.sh b/src/dockerfiles/satlab_remote_access/tools/service_account_key_check.sh
new file mode 100644
index 0000000..8f387bb
--- /dev/null
+++ b/src/dockerfiles/satlab_remote_access/tools/service_account_key_check.sh
@@ -0,0 +1,12 @@
+cat << EOF
+###############################################################################
+Information about current service account key on this satlab.
+Please run satlab_setup to generate new key before expiration.
+###############################################################################
+EOF
+key_id=$(jq -r '."private_key_id"' /home/satlab/keys/satlab_service_account.json)
+KEYS_FOLDER=/home/satlab/keys
+GCLOUD="docker run --rm -ti -a stdout -v satlab_keys:${KEYS_FOLDER} -v gcloud:/root/.config/gcloud google/cloud-sdk:slim"
+SATLAB_SERIVCE_ACCOUNT=satlab-prototype@chromeos-service-accounts-dev.iam.gserviceaccount.com
+${GCLOUD} gcloud iam service-accounts keys list --iam-account="$SATLAB_SERIVCE_ACCOUNT" --filter "name=projects/chromeos-service-accounts-dev/serviceAccounts/$SATLAB_SERIVCE_ACCOUNT/keys/$key_id"
+echo "###############################################################################"
\ No newline at end of file
