[satlab] Update profiles file and switch back to download key BUG=b:209320828 Change-Id: I27a0599784fcbcab39b8cf7c18ed901413b5c813 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/satlab/+/3384228 Reviewed-by: Prasad Vuppalapu <prasadv@chromium.org> Commit-Queue: Anh Le <anhdle@chromium.org> Tested-by: Anh Le <anhdle@chromium.org>

commit: f3eda80da49ab9e6f3684043774b44761e6693b6 [log] [tgz]
author: Anh Le <anhdle@google.com> Wed Jan 12 20:48:21 2022
committer: Anh Le <anhdle@chromium.org> Wed Jan 12 21:39:25 2022
tree: ab0d4bea577cc7897bbe4dcdd21a64bef9ac82a6
parent: 27f4b24dabd150baf726c44e14b4bef44136a5e6 [diff]
diff --git a/src/dockerfiles/satlab_remote_access/Dockerfile b/src/dockerfiles/satlab_remote_access/Dockerfile
index 930dd5e..ea13388 100644
--- a/src/dockerfiles/satlab_remote_access/Dockerfile
+++ b/src/dockerfiles/satlab_remote_access/Dockerfile

@@ -57,9 +57,11 @@
 
 # Change welcoming message.
 COPY dockerfiles/satlab_remote_access/motd /etc/
+RUN chmod 666 /etc/motd
 
 # Add jq to get service account key id from json file.
 RUN apk add --no-cache --upgrade jq
 
 # Add routine to check service account key expiration
-COPY dockerfiles/satlab_remote_access/tools/service_account_key_check.sh /etc/profile.d/
\ No newline at end of file
+COPY dockerfiles/satlab_remote_access/tools/service_account_key_check.sh /etc/profile.d/
+RUN chmod 777 /etc/profile.d/service_account_key_check.sh
\ No newline at end of file

diff --git a/src/dockerfiles/satlab_remote_access/tools/satlab_setup b/src/dockerfiles/satlab_remote_access/tools/satlab_setup
index 02e60fb..7104e4c 100755
--- a/src/dockerfiles/satlab_remote_access/tools/satlab_setup
+++ b/src/dockerfiles/satlab_remote_access/tools/satlab_setup

@@ -52,10 +52,15 @@
 #   exit
 # fi
 
-echo
-echo "Generating service account key..."
-echo
-${GCLOUD} gcloud iam service-accounts keys create "${KEYS_FOLDER}/satlab_service_account.json" --iam-account="$SATLAB_SERIVCE_ACCOUNT"
+echo "Downloading artifacts..."
+# Download service account key since 10 keys limit per service account.
+# TODO (anhdle): Investigate Wwrkload identity federation
+${GCLOUD} gsutil cp gs://satlab-keys/satlab_service_account.json ${KEYS_FOLDER}
+if [ "$?" -ne 0 ]; then
+  echo "Failed to download service account key, please try again!"
+  exit
+fi
+chmod 666 /home/satlab/keys satlab_service_account.json
 
 echo "Configuring Satlab Privileges successful, please reboot"
 echo

diff --git a/src/dockerfiles/satlab_remote_access/tools/service_account_key_check.sh b/src/dockerfiles/satlab_remote_access/tools/service_account_key_check.sh
index 8f387bb..df4c7c5 100644
--- a/src/dockerfiles/satlab_remote_access/tools/service_account_key_check.sh
+++ b/src/dockerfiles/satlab_remote_access/tools/service_account_key_check.sh

@@ -1,12 +1,22 @@
-cat << EOF
+KEY_FOLDER='/home/satlab/keys'
+KEY_FILE='satlab_service_account.json'
+
+if [ -f "$KEY_FOLDER/$KEY_FILE" ]; then
+    cat << EOF
 ###############################################################################
 Information about current service account key on this satlab.
-Please run satlab_setup to generate new key before expiration.
+Please run satlab_setup to download new key before expiration.
 ###############################################################################
 EOF
-key_id=$(jq -r '."private_key_id"' /home/satlab/keys/satlab_service_account.json)
-KEYS_FOLDER=/home/satlab/keys
-GCLOUD="docker run --rm -ti -a stdout -v satlab_keys:${KEYS_FOLDER} -v gcloud:/root/.config/gcloud google/cloud-sdk:slim"
-SATLAB_SERIVCE_ACCOUNT=satlab-prototype@chromeos-service-accounts-dev.iam.gserviceaccount.com
-${GCLOUD} gcloud iam service-accounts keys list --iam-account="$SATLAB_SERIVCE_ACCOUNT" --filter "name=projects/chromeos-service-accounts-dev/serviceAccounts/$SATLAB_SERIVCE_ACCOUNT/keys/$key_id"
-echo "###############################################################################"
\ No newline at end of file
+    key_id=$(jq -r '."private_key_id"' $KEY_FOLDER/$KEY_FILE)
+    GCLOUD="docker run --rm -ti -a stdout -v satlab_keys:$KEY_FOLDER -v gcloud:/root/.config/gcloud google/cloud-sdk:slim"
+    SATLAB_SERIVCE_ACCOUNT=satlab-prototype@chromeos-service-accounts-dev.iam.gserviceaccount.com
+    ${GCLOUD} gcloud iam service-accounts keys list --iam-account="$SATLAB_SERIVCE_ACCOUNT" --filter "name=projects/chromeos-service-accounts-dev/serviceAccounts/$SATLAB_SERIVCE_ACCOUNT/keys/$key_id"
+echo "###############################################################################"
+else
+    cat << EOF
+###############################################################################
+Please run satlab_setup to initialize your Satlab.
+###############################################################################
+EOF
+fi
commit	f3eda80da49ab9e6f3684043774b44761e6693b6	[log] [tgz]
author	Anh Le <anhdle@google.com>	Wed Jan 12 20:48:21 2022
committer	Anh Le <anhdle@chromium.org>	Wed Jan 12 21:39:25 2022
tree	ab0d4bea577cc7897bbe4dcdd21a64bef9ac82a6
parent	27f4b24dabd150baf726c44e14b4bef44136a5e6 [diff]