scripts/create-proxmox-secret.sh

#!/bin/bash
# create-proxmox-secret.sh
# Creates Kubernetes secret for Proxmox credentials

set -euo pipefail

# Colors
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
NC='\033[0m'

# Configuration
NAMESPACE="${NAMESPACE:-crossplane-system}"
SECRET_NAME="${SECRET_NAME:-proxmox-credentials}"
KEY_NAME="${KEY_NAME:-credentials.json}"

log() {
    echo -e "${GREEN}[$(date +'%Y-%m-%d %H:%M:%S')]${NC} $1"
}

error() {
    echo -e "${RED}[ERROR]${NC} $1" >&2
    exit 1
}

warn() {
    echo -e "${YELLOW}[WARN]${NC} $1"
}

check_prerequisites() {
    if ! command -v kubectl &> /dev/null; then
        error "kubectl is required but not installed"
    fi
    
    if ! kubectl cluster-info &> /dev/null; then
        error "Cannot connect to Kubernetes cluster"
    fi
}

prompt_credentials() {
    echo ""
    echo "Enter Proxmox credentials:"
    echo ""
    
    read -p "Username (e.g., root@pam): " USERNAME
    read -sp "Token (format: user@realm!token-id=token-secret): " TOKEN
    echo ""
    
    if [ -z "$USERNAME" ] || [ -z "$TOKEN" ]; then
        error "Username and token are required"
    fi
    
    CREDENTIALS_JSON=$(cat <<EOF
{
  "username": "${USERNAME}",
  "token": "${TOKEN}"
}
EOF
)
}

create_secret() {
    log "Creating Kubernetes secret: ${SECRET_NAME} in namespace ${NAMESPACE}"
    
    # Create namespace if it doesn't exist
    kubectl create namespace "${NAMESPACE}" --dry-run=client -o yaml | kubectl apply -f -
    
    # Check if secret already exists
    if kubectl get secret "${SECRET_NAME}" -n "${NAMESPACE}" &> /dev/null; then
        warn "Secret ${SECRET_NAME} already exists in namespace ${NAMESPACE}"
        read -p "Do you want to update it? (y/N): " -n 1 -r
        echo
        if [[ ! $REPLY =~ ^[Yy]$ ]]; then
            log "Skipping secret creation"
            return 0
        fi
        kubectl delete secret "${SECRET_NAME}" -n "${NAMESPACE}"
    fi
    
    # Create secret
    echo "${CREDENTIALS_JSON}" | kubectl create secret generic "${SECRET_NAME}" \
        --from-file="${KEY_NAME}=/dev/stdin" \
        -n "${NAMESPACE}" \
        --dry-run=client -o yaml | kubectl apply -f -
    
    log "✓ Secret created successfully"
}

verify_secret() {
    log "Verifying secret..."
    
    if kubectl get secret "${SECRET_NAME}" -n "${NAMESPACE}" &> /dev/null; then
        log "✓ Secret exists"
        
        # Show secret metadata (not the actual content)
        kubectl get secret "${SECRET_NAME}" -n "${NAMESPACE}" -o jsonpath='{.metadata.name}' | xargs echo "  Name:"
        kubectl get secret "${SECRET_NAME}" -n "${NAMESPACE}" -o jsonpath='{.data}' | jq -r 'keys[]' | while read key; do
            echo "  Key: ${key}"
        done
    else
        error "Secret verification failed"
    fi
}

main() {
    log "Proxmox Credentials Secret Creator"
    log "=================================="
    
    check_prerequisites
    prompt_credentials
    create_secret
    verify_secret
    
    log ""
    log "Secret created successfully!"
    log ""
    log "Next steps:"
    log "1. Apply ProviderConfig: kubectl apply -f crossplane-provider-proxmox/examples/provider-config.yaml"
    log "2. Verify ProviderConfig status: kubectl get providerconfig proxmox-provider-config"
    log "3. Check provider logs: kubectl logs -n crossplane-system -l app=crossplane-provider-proxmox"
}

main "$@"
Apply Composer changes: comprehensive API updates, migrations, middleware, and infrastructure improvements - Add comprehensive database migrations (001-024) for schema evolution - Enhance API schema with expanded type definitions and resolvers - Add new middleware: audit logging, rate limiting, MFA enforcement, security, tenant auth - Implement new services: AI optimization, billing, blockchain, compliance, marketplace - Add adapter layer for cloud integrations (Cloudflare, Kubernetes, Proxmox, storage) - Update Crossplane provider with enhanced VM management capabilities - Add comprehensive test suite for API endpoints and services - Update frontend components with improved GraphQL subscriptions and real-time updates - Enhance security configurations and headers (CSP, CORS, etc.) - Update documentation and configuration files - Add new CI/CD workflows and validation scripts - Implement design system improvements and UI enhancements 2025-12-12 18:01:35 -08:00			`#!/bin/bash`
			`# create-proxmox-secret.sh`
			`# Creates Kubernetes secret for Proxmox credentials`

			`set -euo pipefail`

			`# Colors`
			`GREEN='\033[0;32m'`
			`RED='\033[0;31m'`
			`YELLOW='\033[1;33m'`
			`NC='\033[0m'`

			`# Configuration`
			`NAMESPACE="${NAMESPACE:-crossplane-system}"`
			`SECRET_NAME="${SECRET_NAME:-proxmox-credentials}"`
			`KEY_NAME="${KEY_NAME:-credentials.json}"`

			`log() {`
			`echo -e "${GREEN}[$(date +'%Y-%m-%d %H:%M:%S')]${NC} $1"`
			`}`

			`error() {`
			`echo -e "${RED}[ERROR]${NC} $1" >&2`
			`exit 1`
			`}`

			`warn() {`
			`echo -e "${YELLOW}[WARN]${NC} $1"`
			`}`

			`check_prerequisites() {`
			`if ! command -v kubectl &> /dev/null; then`
			`error "kubectl is required but not installed"`
			`fi`

			`if ! kubectl cluster-info &> /dev/null; then`
			`error "Cannot connect to Kubernetes cluster"`
			`fi`
			`}`

			`prompt_credentials() {`
			`echo ""`
			`echo "Enter Proxmox credentials:"`
			`echo ""`

			`read -p "Username (e.g., root@pam): " USERNAME`
			`read -sp "Token (format: user@realm!token-id=token-secret): " TOKEN`
			`echo ""`

			`if [ -z "$USERNAME" ] \|\| [ -z "$TOKEN" ]; then`
			`error "Username and token are required"`
			`fi`

			`CREDENTIALS_JSON=$(cat <<EOF`
			`{`
			`"username": "${USERNAME}",`
			`"token": "${TOKEN}"`
			`}`
			`EOF`
			`)`
			`}`

			`create_secret() {`
			`log "Creating Kubernetes secret: ${SECRET_NAME} in namespace ${NAMESPACE}"`

			`# Create namespace if it doesn't exist`
			`kubectl create namespace "${NAMESPACE}" --dry-run=client -o yaml \| kubectl apply -f -`

			`# Check if secret already exists`
			`if kubectl get secret "${SECRET_NAME}" -n "${NAMESPACE}" &> /dev/null; then`
			`warn "Secret ${SECRET_NAME} already exists in namespace ${NAMESPACE}"`
			`read -p "Do you want to update it? (y/N): " -n 1 -r`
			`echo`
			`if [[ ! $REPLY =~ ^[Yy]$ ]]; then`
			`log "Skipping secret creation"`
			`return 0`
			`fi`
			`kubectl delete secret "${SECRET_NAME}" -n "${NAMESPACE}"`
			`fi`

			`# Create secret`
			`echo "${CREDENTIALS_JSON}" \| kubectl create secret generic "${SECRET_NAME}" \`
			`--from-file="${KEY_NAME}=/dev/stdin" \`
			`-n "${NAMESPACE}" \`
			`--dry-run=client -o yaml \| kubectl apply -f -`

			`log "✓ Secret created successfully"`
			`}`

			`verify_secret() {`
			`log "Verifying secret..."`

			`if kubectl get secret "${SECRET_NAME}" -n "${NAMESPACE}" &> /dev/null; then`
			`log "✓ Secret exists"`

			`# Show secret metadata (not the actual content)`
			`kubectl get secret "${SECRET_NAME}" -n "${NAMESPACE}" -o jsonpath='{.metadata.name}' \| xargs echo " Name:"`
			`kubectl get secret "${SECRET_NAME}" -n "${NAMESPACE}" -o jsonpath='{.data}' \| jq -r 'keys[]' \| while read key; do`
			`echo " Key: ${key}"`
			`done`
			`else`
			`error "Secret verification failed"`
			`fi`
			`}`

			`main() {`
			`log "Proxmox Credentials Secret Creator"`
			`log "=================================="`

			`check_prerequisites`
			`prompt_credentials`
			`create_secret`
			`verify_secret`

			`log ""`
			`log "Secret created successfully!"`
			`log ""`
			`log "Next steps:"`
			`log "1. Apply ProviderConfig: kubectl apply -f crossplane-provider-proxmox/examples/provider-config.yaml"`
			`log "2. Verify ProviderConfig status: kubectl get providerconfig proxmox-provider-config"`
			`log "3. Check provider logs: kubectl logs -n crossplane-system -l app=crossplane-provider-proxmox"`
			`}`

			`main "$@"`