openshift
diff --git a/‎Makefile
+1 b/‎Makefile
+1
diff --git a/‎README.md
+22-1 b/‎README.md
+22-1
diff --git a/‎cmd/ocm-backplane/cloud/cloud.go
+1 b/‎cmd/ocm-backplane/cloud/cloud.go
+1
diff --git a/‎cmd/ocm-backplane/cloud/ssm.go
+219 b/‎cmd/ocm-backplane/cloud/ssm.go
+219
@@ -120,6 +120,7 @@ mock-gen:
 	mockgen -destination=./pkg/healthcheck/mocks/httpClientMock.go -package=mocks github.com/openshift/backplane-cli/pkg/healthcheck HTTPClient
 	mockgen -destination=./pkg/info/mocks/infoMock.go -package=mocks github.com/openshift/backplane-cli/pkg/info InfoService
 	mockgen -destination=./pkg/info/mocks/buildInfoMock.go -package=mocks github.com/openshift/backplane-cli/pkg/info BuildInfoService
+	mockgen -destination=./pkg/ssm/mocks/mock_ssmclient.go -package=mocks github.com/openshift/backplane-cli/pkg/ssm SSMClient
 
 .PHONY: build-image
 build-image:
 
@@ -64,6 +64,7 @@ To setup the PS1(prompt) for bash/zsh, please follow [these instructions](https:
 | `ocm backplane console [flags]`                                             | Launch the OpenShift console of the current logged in cluster                            |
 | `ocm backplane cloud console`                                               | Launch the current logged in cluster's cloud provider console                            |
 | `ocm backplane cloud credentials [flags]`                                   | Retrieve a set of temporary cloud credentials for the cluster's cloud provider           |
+| `ocm backplane cloud ssm --node <node-name>`                                | Start an aws ssm session for an HCP cluster                                              |
 | `ocm backplane elevate <reason> -- <command>`                               | Elevate privileges to backplane-cluster-admin and add a reason to the api request, this reason will be stored for 20min for future usage        |
 | `ocm backplane monitoring <prometheus/alertmanager/thanos/grafana> [flags]` | Launch the specified monitoring UI (Deprecated following v4.11 for cluster monitoring stack)|
 | `ocm backplane script describe <script> [flags]`                            | Describe the given backplane script                                                      |
@@ -227,7 +228,27 @@ Logging into multiple clusters via different terminal instances.
   ```
   $ export BACKPLANE_DEFAULT_OPEN_BROWSER=true
   $ ocm backplane cloud console
-  `
+  ```
+
+## SSM Session
+Now you can directly start an AWS SSM session in your terminal using a single command for the HCP clusters without logging into their cloud consoles. It will start an AWS session directly in your terminal where you can debug into the worker node for the HCP cluster and carry out further operations.
+- Before using ssm command check if Session Manager plugin has been properly set up in your device. Follow this official AWS [documentation](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-prerequisites.html) for further information on setting up AWS SSM. And for installing SSM plugin directly on your device follow this [documentation](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html). Also check AWS CLI version and SSM version and ensure that those are in required versions. Update if required.
+- Login to the management cluster for the target HCP cluster 
+```
+$ ocm backplane login <cluster> --manager
+```
+- Run the following command by providing the correct worker node name where you want to start a SSM Session
+```
+$ ocm backplane cloud ssm --node <node-name>` 
+```
+- It will show something like this:
+```
+$ ocm-backplane cloud ssm --node ip-xx-x-xxx-xxx.xxxxxx.compute.internal 
+
+Starting session with SessionId: e4abf0bf76199710d76b3ecaa2c6f4ae-929p9nkk8yta7upy8el4ylidq4
+sh-5.1$
+```
+
 ## Monitoring
 Monitoring command can be used to launch the specified monitoring UI.
 
 
@@ -18,6 +18,7 @@ var CloudCmd = &cobra.Command{
 func init() {
 	CloudCmd.AddCommand(CredentialsCmd)
 	CloudCmd.AddCommand(ConsoleCmd)
+	CloudCmd.AddCommand(SSMSessionCmd)
 }
 
 func help(cmd *cobra.Command, _ []string) {
 
@@ -0,0 +1,219 @@
+package cloud
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"os"
+	"os/exec"
+	"strings"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	awsConfig "github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/service/ssm"
+	"github.com/openshift/backplane-cli/pkg/cli/config"
+	bpCredentials "github.com/openshift/backplane-cli/pkg/credentials"
+	"github.com/openshift/backplane-cli/pkg/ocm"
+	logger "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/cli-runtime/pkg/genericclioptions"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+)
+
+var (
+	CreateClientSet       func(*rest.Config) (kubernetes.Interface, error)       = createClientSet
+	GetInstanceID         func(node string, config *rest.Config) (string, error) = getInstanceID
+	StartSSMsession       func(cmd *cobra.Command, argv []string) error          = startSSMsession
+	ExecCommand           func(name string, arg ...string) *exec.Cmd             = exec.Command
+	NewFromConfig         func(cfg aws.Config) SSMClient                         = NewFromConfigVar
+	GetCurrentKubeconfig  func() (*rest.Config, error)                           = getCurrentKubeconfig
+	FetchCloudCredentials func() (*bpCredentials.AWSCredentialsResponse, error)  = fetchCloudCredentials
+)
+
+func NewFromConfigVar(cfg aws.Config) SSMClient {
+	return ssm.NewFromConfig(cfg)
+}
+
+var (
+	createClientSet = func(c *rest.Config) (kubernetes.Interface, error) { return kubernetes.NewForConfig(c) }
+)
+
+var ssmArgs struct {
+	node string
+}
+
+var SSMSessionCmd = &cobra.Command{
+	Use:   "ssm",
+	Short: "Start an AWS SSM session for a node",
+	Long:  "Start an AWS SSM session for the specified node provided to debug.",
+	Args:  cobra.ExactArgs(0),
+	RunE:  startSSMsession,
+}
+
+func init() {
+	SSMSessionCmd.Flags().StringVar(&ssmArgs.node, "node", "", "Specify the node name to start the SSM session.")
+}
+
+func fetchCloudCredentials() (*bpCredentials.AWSCredentialsResponse, error) {
+	var clusterKey string
+	clusterInfo, err := GetBackplaneClusterFromConfig()
+	if err != nil {
+		return nil, fmt.Errorf("expected exactly one cluster: %w", err)
+	}
+	clusterKey = clusterInfo.ClusterID
+
+	clusterID, clusterName, err := ocm.DefaultOCMInterface.GetTargetCluster(clusterKey)
+	if err != nil {
+		return nil, fmt.Errorf("expected exactly one cluster: %w", err)
+	}
+
+	cluster, err := ocm.DefaultOCMInterface.GetClusterInfoByID(clusterID)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get cluster info for %s: %w", clusterID, err)
+	}
+
+	logger.WithFields(logger.Fields{
+		"ID":   clusterID,
+		"Name": clusterName}).Infoln("Target cluster")
+
+	backplaneConfig, err := config.GetBackplaneConfiguration()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get backplane configuration: %w", err)
+	}
+
+	ocmConnection, err := ocm.DefaultOCMInterface.SetupOCMConnection()
+	if err != nil {
+		return nil, fmt.Errorf("failed to create OCM connection: %w", err)
+	}
+	defer ocmConnection.Close()
+
+	queryConfig := &QueryConfig{OcmConnection: ocmConnection, BackplaneConfiguration: backplaneConfig, Cluster: cluster}
+
+	creds, err := queryConfig.GetCloudCredentials()
+	if err != nil {
+		return nil, fmt.Errorf("failed to fetch cloud credentials: %w", err)
+	}
+
+	awsCreds, ok := creds.(*bpCredentials.AWSCredentialsResponse)
+	if !ok {
+		return nil, fmt.Errorf("unexpected credentials type: %T", creds)
+	}
+
+	logger.Info("Successfully fetched cloud credentials.")
+	return awsCreds, nil
+}
+
+func getInstanceID(nodeName string, config *rest.Config) (string, error) {
+	clientset, err := CreateClientSet(config)
+	if err != nil {
+		return "", fmt.Errorf("failed to create client: %w", err)
+	}
+
+	node, err := clientset.CoreV1().Nodes().Get(context.TODO(), nodeName, metav1.GetOptions{})
+	if err != nil {
+		return "", fmt.Errorf("failed to get node %s: %w", nodeName, err)
+	}
+
+	if node.Spec.ProviderID == "" {
+		return "", fmt.Errorf("providerID is not set")
+	}
+
+	// Extract instance ID from ProviderID
+	instanceID := strings.Split(node.Spec.ProviderID, "/")[len(strings.Split(node.Spec.ProviderID, "/"))-1]
+	return instanceID, nil
+}
+
+func startSSMsession(cmd *cobra.Command, argv []string) error {
+	if ssmArgs.node == "" {
+		return fmt.Errorf("--node flag is required")
+	}
+
+	// Fetch cloud credentials and export them as environment variables
+	creds, err := FetchCloudCredentials() // Use the variable instead of direct call
+	if err != nil {
+		return fmt.Errorf("failed to fetch cloud credentials: %w", err)
+	}
+
+	// Set AWS credentials in environment variables
+	os.Setenv("AWS_ACCESS_KEY_ID", creds.AccessKeyID)
+	os.Setenv("AWS_SECRET_ACCESS_KEY", creds.SecretAccessKey)
+	os.Setenv("AWS_SESSION_TOKEN", creds.SessionToken)
+
+	kubeconfig, err := getCurrentKubeconfig()
+	if err != nil {
+		return fmt.Errorf("failed to get kubeconfig: %w", err)
+	}
+
+	instanceID, err := getInstanceID(ssmArgs.node, kubeconfig)
+	if err != nil {
+		return fmt.Errorf("failed to get instance ID for node %s: %w", ssmArgs.node, err)
+	}
+
+	logger.Infof("Starting SSM session for node: %s with Instance ID: %s", ssmArgs.node, instanceID)
+
+	cfg, err := awsConfig.LoadDefaultConfig(context.TODO(), awsConfig.WithRegion(creds.Region))
+	if err != nil {
+		return fmt.Errorf("unable to load SDK config: %v", err)
+	}
+	ssmClient := NewFromConfig(cfg)
+
+	input := &ssm.StartSessionInput{
+		Target: aws.String(instanceID),
+	}
+
+	result, err := ssmClient.StartSession(context.TODO(), input)
+	if err != nil {
+		return fmt.Errorf("failed to start SSM session via SDK: %w", err)
+	}
+
+	// Ensure the session details are not nil
+	if result.SessionId == nil || result.StreamUrl == nil || result.TokenValue == nil {
+		return fmt.Errorf("session details are incomplete: SessionId=%v, StreamUrl=%v, TokenValue=%v", result.SessionId, result.StreamUrl, result.TokenValue)
+	}
+
+	// Log session details for debugging
+	logger.Infof("SessionId: %v", *result.SessionId)
+	logger.Infof("StreamUrl: %v", *result.StreamUrl)
+	logger.Infof("TokenValue: %v", *result.TokenValue)
+
+	// Prepare arguments for Session Manager Plugin
+	sessionJSON, err := json.Marshal(map[string]string{
+		"SessionId":  *result.SessionId,
+		"StreamUrl":  *result.StreamUrl,
+		"TokenValue": *result.TokenValue,
+	})
+	if err != nil {
+		return fmt.Errorf("failed to serialize session details: %w", err)
+	}
+
+	//Check if session command is installed
+	ValidateSessionCmd := ExecCommand("session-manager-plugin", "--version")
+	err = ValidateSessionCmd.Run()
+	if err != nil {
+		return fmt.Errorf("session-manager-plugin is not installed. Please refer AWS doc: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html")
+	}
+
+	cmdArgs := []string{"session-manager-plugin", string(sessionJSON), creds.Region, "StartSession"}
+	pluginCmd := ExecCommand(cmdArgs[0], cmdArgs[1:]...) //#nosec G204: Command arguments are trusted
+	pluginCmd.Stdout = os.Stdout
+	pluginCmd.Stderr = os.Stderr
+	pluginCmd.Stdin = os.Stdin
+
+	return pluginCmd.Run()
+}
+
+func getCurrentKubeconfig() (*rest.Config, error) {
+	cf := genericclioptions.NewConfigFlags(true)
+	config, err := cf.ToRESTConfig()
+	if err != nil {
+		return nil, err
+	}
+	return config, nil
+}
+
+// Define SSMClient interface
+type SSMClient interface {
+	StartSession(ctx context.Context, params *ssm.StartSessionInput, optFns ...func(*ssm.Options)) (*ssm.StartSessionOutput, error)
+}
Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,7 @@ var CloudCmd = &cobra.Command{`
`18`	`18`	`func init() {`
`19`	`19`	`CloudCmd.AddCommand(CredentialsCmd)`
`20`	`20`	`CloudCmd.AddCommand(ConsoleCmd)`
	`21`	`+ CloudCmd.AddCommand(SSMSessionCmd)`
`21`	`22`	`}`
`22`	`23`
`23`	`24`	`func help(cmd *cobra.Command, _ []string) {`