From f263cbafe2618c92595f7239cbbfa8e4fe3fed90 Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Tue, 30 Jun 2026 19:08:45 +0200 Subject: [PATCH] add: WPB-25752 add user operation scripts to create teams, users and delete teams using brig and galley endpoints --- user-ops/create_team.sh | 82 +++++++++++++++++++ user-ops/create_users.sh | 149 +++++++++++++++++++++++++++++++++++ user-ops/delete_teamadmin.sh | 63 +++++++++++++++ 3 files changed, 294 insertions(+) create mode 100644 user-ops/create_team.sh create mode 100644 user-ops/create_users.sh create mode 100644 user-ops/delete_teamadmin.sh diff --git a/user-ops/create_team.sh b/user-ops/create_team.sh new file mode 100644 index 0000000..05b9b6a --- /dev/null +++ b/user-ops/create_team.sh @@ -0,0 +1,82 @@ +#!/usr/bin/env bash +# +# BRIG service should be reachable, better to run it from inside the k8s-cluster using wire-utility pod + +set -e + +COUNT="1" +BRIG_HOST="http://brig:8080" +CSV="false" + +USAGE=" +This bash script can be used to create active team admin users and +their teams. + +This is the way to create teams if you have set +'setRestrictUserCreation' to 'true' in your 'values.yaml'. + +Note that this uses an internal brig endpoint. It is not exposed over +nginz and can only be used if you have direct access to brig. + +USAGE: $0 + -n : Create users. default: ${COUNT} + -h : Base URI of brig. default: ${BRIG_HOST} + -c: Output as headerless CSV in format 'User-Id,Email,Password'. default: ${CSV} + -d Domain for team in format 'domain.com'. REQUIRED. +" + +# Option parsing: +# https://sookocheff.com/post/bash/parsing-bash-script-arguments-with-shopts/ +while getopts ":d:n:h:c" opt; do +case ${opt} in + d ) DOMAIN="$OPTARG" + ;; + n ) COUNT="$OPTARG" + ;; + h ) BRIG_HOST="$OPTARG" + ;; + c ) CSV="true" + ;; + : ) echo "-$OPTARG" requires an argument 1>&2 + exit 1 + ;; + \? ) echo "$USAGE" 1>&2 + exit 1 + ;; + esac +done +shift $((OPTIND -1)) + +if [ "$#" -ne 0 ]; then + echo "$USAGE" 1>&2 + exit 1 +fi + +if [ -z "$DOMAIN" ]; then + echo 'Must specify team name (domain.com) with -d' >&2 + exit 1 +fi + +TEAM_NAME=$(echo "$DOMAIN" | cut -d'.' -f1) + +# Generate users + +for i in $(seq 1 "$COUNT") +do + EMAIL="teamadmin@$DOMAIN" + PASSWORD=$(cat /dev/urandom | env LC_CTYPE=C tr -dc a-zA-Z0-9 | head -c 16) + + CURL_OUT=$(curl -i -s --show-error \ + -XPOST "$BRIG_HOST/i/users" \ + -H'Content-type: application/json' \ + -d'{"email":"'"$EMAIL"'","password":"'"$PASSWORD"'","name":"teamadmin","team":{"name":"'"$TEAM_NAME"'","icon":"default"}}') + + UUID=$(echo "$CURL_OUT" | tail -1 | sed 's/.*\"id\":\"\([a-z0-9-]*\)\".*/\1/') + TEAM=$(echo "$CURL_OUT" | tail -1 | sed 's/.*\"team\":\"\([a-z0-9-]*\)\".*/\1/') + + if [ "$CSV" == "false" ] + then echo -e "Succesfully created a team admin user: $UUID on team: $TEAM with email: $EMAIL and password: $PASSWORD" + echo -e "Create users with:\tbash create_users.sh -d $DOMAIN -c -n 2 -s 1 -a $UUID -t $TEAM" + else echo -e "$UUID,$TEAM,$EMAIL,$PASSWORD" + fi +done diff --git a/user-ops/create_users.sh b/user-ops/create_users.sh new file mode 100644 index 0000000..24a8fc3 --- /dev/null +++ b/user-ops/create_users.sh @@ -0,0 +1,149 @@ + +#!/usr/bin/env bash +# +# BRIG service should be reachable, better to run it from inside the k8s-cluster using wire-utility pod + +set -e + +ADMIN_UUID="" +TEAM_UUID="" +BRIG_HOST="http://brig:8080" +START="1" +COUNT="1" +CSV="false" +PREFIX="" +TARGET_EMAIL_DOMAIN="" + +### SHOULDNT NEED TO MODIFY ANYTHING BELOW THIS LINE ### + + +USAGE="This bash script can be used to create active members in a +given team. Every member will have an email address of the form +'w@${TARGET_EMAIL_DOMAIN}', and will have to change that +(after logging in with the password provided to the user from the +output of this script). + +Note that this uses internal brig endpoints. It is not exposed over +nginz and can only be used if you have direct access to brig. + +USAGE: $0 -d [OPTIONS...] + -d : Domain part of the emails that the bogus + invitations are sent to. No default, you need + to provide that. Consider 'example.com', or an + internal domain you control. + + WARNING: This may boost your reputation as a + spammer. Use with care! + + -a : User ID of the inviting admin. default: ${ADMIN_UUID} + -t : ID of the inviting team. default: ${TEAM_UUID} + -s : Start at offset. default: ${START} + -n : Create users. default: ${COUNT} + -h : Base URI of brig. default: ${BRIG_HOST} + -c: Output as headerless CSV in format 'User-Id,Email,Password'. default: ${CSV} + -d domain for username default: ${TARGET_EMAIL_DOMAIN} + -p prefix for username default: ${PREFIX} +" + +# Option parsing: +# https://sookocheff.com/post/bash/parsing-bash-script-arguments-with-shopts/ +while getopts ":a:t:s:n:h:d:p:c" opt; do + case ${opt} in + a ) ADMIN_UUID="$OPTARG" + ;; + t ) TEAM_UUID="$OPTARG" + ;; + s ) START="$OPTARG" + ;; + n ) COUNT="$OPTARG" + ;; + h ) BRIG_HOST="$OPTARG" + ;; + d ) TARGET_EMAIL_DOMAIN="$OPTARG" + ;; + p ) PREFIX="$OPTARG" + ;; + c ) CSV="true" + ;; + : ) echo "-$OPTARG" requires an argument 1>&2 + exit 1 + ;; + \? ) echo "$USAGE" 1>&2 + exit 1 + ;; + esac +done +shift $((OPTIND -1)) + +if [ "$#" -ne 0 ]; then + echo "$USAGE" 1>&2 + exit 1 +fi + +# Warn about sending emails + +if [ "$TARGET_EMAIL_DOMAIN" == "" ]; then + echo -e "\n\n*** Please provide an email domain if you want to run this script.\n\n" + echo "$USAGE" 1>&2 + exit 1 +fi + +# Generate users +END=$((COUNT + START - 1)) +for i in $(seq "$START" "$END") +do + FUSERNAME=${PREFIX}$(printf "%03d" "$i") ### USERNAME FORMAT (NUMBER OF DIGITS) + EMAIL=$FUSERNAME"@$TARGET_EMAIL_DOMAIN" + PASSWORD=$(cat /dev/urandom | env LC_CTYPE=C tr -dc a-zA-Z0-9 | head -c 12) + + # Generate the invitation + + CURL_OUT_INVITATION=$(curl -i -s --show-error \ + -XPOST "$BRIG_HOST/teams/$TEAM_UUID/invitations" \ + -H'Content-type: application/json' \ + -H'Z-User: '"$ADMIN_UUID"'' \ + -d'{"email":"'"$EMAIL"'","name":"Replace with name","inviter_name":"Team admin"}') + + INVITATION_ID=$(echo "$CURL_OUT_INVITATION" | tail -1 | sed 's/.*\"id\":\"\([a-z0-9-]*\)\".*/\1/') + + #echo "Created the invitation, sleeping 1 second..." 1>&2 + sleep 1 + + if ( ( echo "$INVITATION_ID" | grep -q '"code"' ) && + ( echo "$INVITATION_ID" | grep -q '"label"' ) ) ; then + echo "Got an error while creating $EMAIL, aborting: $INVITATION_ID" + exit 1 + fi + + # Get the code + CURL_OUT_INVITATION_CODE=$(curl -i -s --show-error \ + -XGET "$BRIG_HOST/i/teams/invitation-code?team=$TEAM_UUID&invitation_id=$INVITATION_ID") + + INVITATION_CODE=$(echo "$CURL_OUT_INVITATION_CODE" | tail -1 | sed -n -e '/"code":/ s/^.*"\(.*\)".*/\1/p') + + #echo "Got the code, sleeping 1 second..." 1>&2 + sleep 1 + + # Create the user using that code + CURL_OUT=$(curl -i -s --show-error \ + -XPOST "$BRIG_HOST/i/users" \ + -H'Content-type: application/json' \ + -d'{"email":"'"$EMAIL"'","password":"'"$PASSWORD"'","name":"'"$FUSERNAME"'","team_code":"'"$INVITATION_CODE"'"}') + + TEAM_MEMBER_UUID=$(echo "$CURL_OUT" | tail -1 | sed 's/.*\"id\":\"\([a-z0-9-]*\)\".*/\1/') + TEAM=$(echo "$CURL_OUT" | tail -1 | sed 's/.*\"team\":\"\([a-z0-9-]*\)\".*/\1/') + + if [ "$TEAM" != "$TEAM_UUID" ]; then + echo "unexpected error: user got assigned to no / the wrong team?!" + echo ${CURL_OUT} + exit 1 + fi + + if [ "$CSV" == "false" ] + then echo -e "Succesfully created a team member: $TEAM_MEMBER_UUID on team: $TEAM_UUID with email: $EMAIL and password: $PASSWORD" + else echo -e "$EMAIL,$PASSWORD,,,$TEAM_MEMBER_UUID" + fi + + #echo "Sleeping 1 second..." 1>&2 + sleep 1 +done diff --git a/user-ops/delete_teamadmin.sh b/user-ops/delete_teamadmin.sh new file mode 100644 index 0000000..7769857 --- /dev/null +++ b/user-ops/delete_teamadmin.sh @@ -0,0 +1,63 @@ +#!/usr/bin/env bash +set -euo pipefail + +# BRIG and galley service should be reachable, better to run it from inside the k8s-cluster using wire-utility pod + + +BRIG="${1:-brig:8080}" +galley="${2:-galley:8080}" +DOMAIN="${3:-example.com}" + +echo "Looking up user/team for domain: teamadmin@$DOMAIN" + +response="$(curl -sS -w '\n%{http_code}' -X GET \ + "http://${BRIG}/i/teams?email=$(printf '%s' "teamadmin@$DOMAIN" | jq -sRr @uri)" \ + -H 'Content-type: application/json')" + +http_code="$(tail -n1 <<< "$response")" +body="$(sed '$d' <<< "$response")" + +if [[ "$http_code" != "200" ]]; then + echo "Lookup failed with HTTP $http_code" + echo "$body" + exit 1 +fi + +user_id="$(jq -r '.[0].id // empty' <<< "$body")" +team_id="$(jq -r '.[0].team // empty' <<< "$body")" + +if [[ -z "$user_id" || -z "$team_id" ]]; then + echo "Could not extract user_id or team_id from response" + echo "$body" + exit 1 +fi + +echo "Found user_id: $user_id" +echo "Found team_id: $team_id" + +echo "Deleting user..." +user_delete_code="$(curl -sS -o /tmp/delete_user_response.txt -w '%{http_code}' -X DELETE \ + "http://${BRIG}/i/users/${user_id}" \ + -H 'accept: application/json;charset=utf-8')" + +if [[ "$user_delete_code" != "200" ]]; then + echo "User delete failed with HTTP $user_delete_code" + cat /tmp/delete_user_response.txt + exit 1 +fi + +echo "Team Admin for the $domain deleted successfully." + +echo "Deleting team..." +team_delete_code="$(curl -sS -o /tmp/delete_team_response.txt -w '%{http_code}' -X DELETE \ + "http://${BRIG}/i/teams/${team_id}?force=true" \ + -H 'accept: application/json;charset=utf-8')" + +if [[ "$team_delete_code" != "200" ]]; then + echo "Team delete failed with HTTP $team_delete_code" + cat /tmp/delete_team_response.txt + exit 1 +fi + +echo "Team $team_id deleted successfully." +echo "Done: $EMAIL and team $team_id got deleted."