[satlab] Update profiles file and switch back to download key
BUG=b:209320828
Change-Id: I27a0599784fcbcab39b8cf7c18ed901413b5c813
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/satlab/+/3384228
Reviewed-by: Prasad Vuppalapu <prasadv@chromium.org>
Commit-Queue: Anh Le <anhdle@chromium.org>
Tested-by: Anh Le <anhdle@chromium.org>
diff --git a/src/dockerfiles/satlab_remote_access/Dockerfile b/src/dockerfiles/satlab_remote_access/Dockerfile
index 930dd5e..ea13388 100644
--- a/src/dockerfiles/satlab_remote_access/Dockerfile
+++ b/src/dockerfiles/satlab_remote_access/Dockerfile
@@ -57,9 +57,11 @@
# Change welcoming message.
COPY dockerfiles/satlab_remote_access/motd /etc/
+RUN chmod 666 /etc/motd
# Add jq to get service account key id from json file.
RUN apk add --no-cache --upgrade jq
# Add routine to check service account key expiration
-COPY dockerfiles/satlab_remote_access/tools/service_account_key_check.sh /etc/profile.d/
\ No newline at end of file
+COPY dockerfiles/satlab_remote_access/tools/service_account_key_check.sh /etc/profile.d/
+RUN chmod 777 /etc/profile.d/service_account_key_check.sh
\ No newline at end of file
diff --git a/src/dockerfiles/satlab_remote_access/tools/satlab_setup b/src/dockerfiles/satlab_remote_access/tools/satlab_setup
index 02e60fb..7104e4c 100755
--- a/src/dockerfiles/satlab_remote_access/tools/satlab_setup
+++ b/src/dockerfiles/satlab_remote_access/tools/satlab_setup
@@ -52,10 +52,15 @@
# exit
# fi
-echo
-echo "Generating service account key..."
-echo
-${GCLOUD} gcloud iam service-accounts keys create "${KEYS_FOLDER}/satlab_service_account.json" --iam-account="$SATLAB_SERIVCE_ACCOUNT"
+echo "Downloading artifacts..."
+# Download service account key since 10 keys limit per service account.
+# TODO (anhdle): Investigate Wwrkload identity federation
+${GCLOUD} gsutil cp gs://satlab-keys/satlab_service_account.json ${KEYS_FOLDER}
+if [ "$?" -ne 0 ]; then
+ echo "Failed to download service account key, please try again!"
+ exit
+fi
+chmod 666 /home/satlab/keys satlab_service_account.json
echo "Configuring Satlab Privileges successful, please reboot"
echo
diff --git a/src/dockerfiles/satlab_remote_access/tools/service_account_key_check.sh b/src/dockerfiles/satlab_remote_access/tools/service_account_key_check.sh
index 8f387bb..df4c7c5 100644
--- a/src/dockerfiles/satlab_remote_access/tools/service_account_key_check.sh
+++ b/src/dockerfiles/satlab_remote_access/tools/service_account_key_check.sh
@@ -1,12 +1,22 @@
-cat << EOF
+KEY_FOLDER='/home/satlab/keys'
+KEY_FILE='satlab_service_account.json'
+
+if [ -f "$KEY_FOLDER/$KEY_FILE" ]; then
+ cat << EOF
###############################################################################
Information about current service account key on this satlab.
-Please run satlab_setup to generate new key before expiration.
+Please run satlab_setup to download new key before expiration.
###############################################################################
EOF
-key_id=$(jq -r '."private_key_id"' /home/satlab/keys/satlab_service_account.json)
-KEYS_FOLDER=/home/satlab/keys
-GCLOUD="docker run --rm -ti -a stdout -v satlab_keys:${KEYS_FOLDER} -v gcloud:/root/.config/gcloud google/cloud-sdk:slim"
-SATLAB_SERIVCE_ACCOUNT=satlab-prototype@chromeos-service-accounts-dev.iam.gserviceaccount.com
-${GCLOUD} gcloud iam service-accounts keys list --iam-account="$SATLAB_SERIVCE_ACCOUNT" --filter "name=projects/chromeos-service-accounts-dev/serviceAccounts/$SATLAB_SERIVCE_ACCOUNT/keys/$key_id"
-echo "###############################################################################"
\ No newline at end of file
+ key_id=$(jq -r '."private_key_id"' $KEY_FOLDER/$KEY_FILE)
+ GCLOUD="docker run --rm -ti -a stdout -v satlab_keys:$KEY_FOLDER -v gcloud:/root/.config/gcloud google/cloud-sdk:slim"
+ SATLAB_SERIVCE_ACCOUNT=satlab-prototype@chromeos-service-accounts-dev.iam.gserviceaccount.com
+ ${GCLOUD} gcloud iam service-accounts keys list --iam-account="$SATLAB_SERIVCE_ACCOUNT" --filter "name=projects/chromeos-service-accounts-dev/serviceAccounts/$SATLAB_SERIVCE_ACCOUNT/keys/$key_id"
+echo "###############################################################################"
+else
+ cat << EOF
+###############################################################################
+Please run satlab_setup to initialize your Satlab.
+###############################################################################
+EOF
+fi