Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
82 changes: 82 additions & 0 deletions user-ops/create_team.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
#!/usr/bin/env bash
#
# BRIG service should be reachable, better to run it from inside the k8s-cluster using wire-utility pod

set -e

COUNT="1"
BRIG_HOST="http://brig:8080"
CSV="false"

USAGE="
This bash script can be used to create active team admin users and
their teams.

This is the way to create teams if you have set
'setRestrictUserCreation' to 'true' in your 'values.yaml'.

Note that this uses an internal brig endpoint. It is not exposed over
nginz and can only be used if you have direct access to brig.

USAGE: $0
-n <N>: Create <N> users. default: ${COUNT}
-h <host>: Base URI of brig. default: ${BRIG_HOST}
-c: Output as headerless CSV in format 'User-Id,Email,Password'. default: ${CSV}
-d <domain.com> Domain for team in format 'domain.com'. REQUIRED.
"

# Option parsing:
# https://sookocheff.com/post/bash/parsing-bash-script-arguments-with-shopts/
while getopts ":d:n:h:c" opt; do
case ${opt} in
d ) DOMAIN="$OPTARG"
;;
n ) COUNT="$OPTARG"
;;
h ) BRIG_HOST="$OPTARG"
;;
c ) CSV="true"
;;
: ) echo "-$OPTARG" requires an argument 1>&2
exit 1
;;
\? ) echo "$USAGE" 1>&2
exit 1
;;
esac
done
shift $((OPTIND -1))

if [ "$#" -ne 0 ]; then
echo "$USAGE" 1>&2
exit 1
fi

if [ -z "$DOMAIN" ]; then
echo 'Must specify team name (domain.com) with -d' >&2
exit 1
fi

TEAM_NAME=$(echo "$DOMAIN" | cut -d'.' -f1)

# Generate users

for i in $(seq 1 "$COUNT")
do
EMAIL="teamadmin@$DOMAIN"
PASSWORD=$(cat /dev/urandom | env LC_CTYPE=C tr -dc a-zA-Z0-9 | head -c 16)

CURL_OUT=$(curl -i -s --show-error \
-XPOST "$BRIG_HOST/i/users" \
-H'Content-type: application/json' \
-d'{"email":"'"$EMAIL"'","password":"'"$PASSWORD"'","name":"teamadmin","team":{"name":"'"$TEAM_NAME"'","icon":"default"}}')

UUID=$(echo "$CURL_OUT" | tail -1 | sed 's/.*\"id\":\"\([a-z0-9-]*\)\".*/\1/')
TEAM=$(echo "$CURL_OUT" | tail -1 | sed 's/.*\"team\":\"\([a-z0-9-]*\)\".*/\1/')

if [ "$CSV" == "false" ]
then echo -e "Succesfully created a team admin user: $UUID on team: $TEAM with email: $EMAIL and password: $PASSWORD"
echo -e "Create users with:\tbash create_users.sh -d $DOMAIN -c -n 2 -s 1 -a $UUID -t $TEAM"
else echo -e "$UUID,$TEAM,$EMAIL,$PASSWORD"
fi
done
149 changes: 149 additions & 0 deletions user-ops/create_users.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,149 @@

#!/usr/bin/env bash
#
# BRIG service should be reachable, better to run it from inside the k8s-cluster using wire-utility pod

set -e

ADMIN_UUID=""
TEAM_UUID=""
BRIG_HOST="http://brig:8080"
START="1"
COUNT="1"
CSV="false"
PREFIX=""
TARGET_EMAIL_DOMAIN=""

### SHOULDNT NEED TO MODIFY ANYTHING BELOW THIS LINE ###


USAGE="This bash script can be used to create active members in a
given team. Every member will have an email address of the form
'w<number>@${TARGET_EMAIL_DOMAIN}', and will have to change that
(after logging in with the password provided to the user from the
output of this script).

Note that this uses internal brig endpoints. It is not exposed over
nginz and can only be used if you have direct access to brig.

USAGE: $0 -d <email domain> [OPTIONS...]
-d <email domain>: Domain part of the emails that the bogus
invitations are sent to. No default, you need
to provide that. Consider 'example.com', or an
internal domain you control.

WARNING: This may boost your reputation as a
spammer. Use with care!

-a <admin uuid>: User ID of the inviting admin. default: ${ADMIN_UUID}
-t <team uuid>: ID of the inviting team. default: ${TEAM_UUID}
-s <S>: Start at offset. default: ${START}
-n <N>: Create <N> users. default: ${COUNT}
-h <host>: Base URI of brig. default: ${BRIG_HOST}
-c: Output as headerless CSV in format 'User-Id,Email,Password'. default: ${CSV}
-d domain for username default: ${TARGET_EMAIL_DOMAIN}
-p prefix for username default: ${PREFIX}
"

# Option parsing:
# https://sookocheff.com/post/bash/parsing-bash-script-arguments-with-shopts/
while getopts ":a:t:s:n:h:d:p:c" opt; do
case ${opt} in
a ) ADMIN_UUID="$OPTARG"
;;
t ) TEAM_UUID="$OPTARG"
;;
s ) START="$OPTARG"
;;
n ) COUNT="$OPTARG"
;;
h ) BRIG_HOST="$OPTARG"
;;
d ) TARGET_EMAIL_DOMAIN="$OPTARG"
;;
p ) PREFIX="$OPTARG"
;;
c ) CSV="true"
;;
: ) echo "-$OPTARG" requires an argument 1>&2
exit 1
;;
\? ) echo "$USAGE" 1>&2
exit 1
;;
esac
done
shift $((OPTIND -1))

if [ "$#" -ne 0 ]; then
echo "$USAGE" 1>&2
exit 1
fi

# Warn about sending emails

if [ "$TARGET_EMAIL_DOMAIN" == "" ]; then
echo -e "\n\n*** Please provide an email domain if you want to run this script.\n\n"
echo "$USAGE" 1>&2
exit 1
fi

# Generate users
END=$((COUNT + START - 1))
for i in $(seq "$START" "$END")
do
FUSERNAME=${PREFIX}$(printf "%03d" "$i") ### USERNAME FORMAT (NUMBER OF DIGITS)
EMAIL=$FUSERNAME"@$TARGET_EMAIL_DOMAIN"
PASSWORD=$(cat /dev/urandom | env LC_CTYPE=C tr -dc a-zA-Z0-9 | head -c 12)

# Generate the invitation

CURL_OUT_INVITATION=$(curl -i -s --show-error \
-XPOST "$BRIG_HOST/teams/$TEAM_UUID/invitations" \
-H'Content-type: application/json' \
-H'Z-User: '"$ADMIN_UUID"'' \
-d'{"email":"'"$EMAIL"'","name":"Replace with name","inviter_name":"Team admin"}')

INVITATION_ID=$(echo "$CURL_OUT_INVITATION" | tail -1 | sed 's/.*\"id\":\"\([a-z0-9-]*\)\".*/\1/')

#echo "Created the invitation, sleeping 1 second..." 1>&2
sleep 1

if ( ( echo "$INVITATION_ID" | grep -q '"code"' ) &&
( echo "$INVITATION_ID" | grep -q '"label"' ) ) ; then
echo "Got an error while creating $EMAIL, aborting: $INVITATION_ID"
exit 1
fi

# Get the code
CURL_OUT_INVITATION_CODE=$(curl -i -s --show-error \
-XGET "$BRIG_HOST/i/teams/invitation-code?team=$TEAM_UUID&invitation_id=$INVITATION_ID")

INVITATION_CODE=$(echo "$CURL_OUT_INVITATION_CODE" | tail -1 | sed -n -e '/"code":/ s/^.*"\(.*\)".*/\1/p')

#echo "Got the code, sleeping 1 second..." 1>&2
sleep 1

# Create the user using that code
CURL_OUT=$(curl -i -s --show-error \
-XPOST "$BRIG_HOST/i/users" \
-H'Content-type: application/json' \
-d'{"email":"'"$EMAIL"'","password":"'"$PASSWORD"'","name":"'"$FUSERNAME"'","team_code":"'"$INVITATION_CODE"'"}')

TEAM_MEMBER_UUID=$(echo "$CURL_OUT" | tail -1 | sed 's/.*\"id\":\"\([a-z0-9-]*\)\".*/\1/')
TEAM=$(echo "$CURL_OUT" | tail -1 | sed 's/.*\"team\":\"\([a-z0-9-]*\)\".*/\1/')

if [ "$TEAM" != "$TEAM_UUID" ]; then
echo "unexpected error: user got assigned to no / the wrong team?!"
echo ${CURL_OUT}
exit 1
fi

if [ "$CSV" == "false" ]
then echo -e "Succesfully created a team member: $TEAM_MEMBER_UUID on team: $TEAM_UUID with email: $EMAIL and password: $PASSWORD"
else echo -e "$EMAIL,$PASSWORD,,,$TEAM_MEMBER_UUID"
fi

#echo "Sleeping 1 second..." 1>&2
sleep 1
done
63 changes: 63 additions & 0 deletions user-ops/delete_teamadmin.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
#!/usr/bin/env bash
set -euo pipefail

# BRIG and galley service should be reachable, better to run it from inside the k8s-cluster using wire-utility pod


BRIG="${1:-brig:8080}"
galley="${2:-galley:8080}"
DOMAIN="${3:-example.com}"

echo "Looking up user/team for domain: teamadmin@$DOMAIN"

response="$(curl -sS -w '\n%{http_code}' -X GET \
"http://${BRIG}/i/teams?email=$(printf '%s' "teamadmin@$DOMAIN" | jq -sRr @uri)" \
-H 'Content-type: application/json')"

http_code="$(tail -n1 <<< "$response")"
body="$(sed '$d' <<< "$response")"

if [[ "$http_code" != "200" ]]; then
echo "Lookup failed with HTTP $http_code"
echo "$body"
exit 1
fi

user_id="$(jq -r '.[0].id // empty' <<< "$body")"
team_id="$(jq -r '.[0].team // empty' <<< "$body")"

if [[ -z "$user_id" || -z "$team_id" ]]; then
echo "Could not extract user_id or team_id from response"
echo "$body"
exit 1
fi

echo "Found user_id: $user_id"
echo "Found team_id: $team_id"

echo "Deleting user..."
user_delete_code="$(curl -sS -o /tmp/delete_user_response.txt -w '%{http_code}' -X DELETE \
"http://${BRIG}/i/users/${user_id}" \
-H 'accept: application/json;charset=utf-8')"

if [[ "$user_delete_code" != "200" ]]; then
echo "User delete failed with HTTP $user_delete_code"
cat /tmp/delete_user_response.txt
exit 1
fi

echo "Team Admin for the $domain deleted successfully."

echo "Deleting team..."
team_delete_code="$(curl -sS -o /tmp/delete_team_response.txt -w '%{http_code}' -X DELETE \
"http://${BRIG}/i/teams/${team_id}?force=true" \
-H 'accept: application/json;charset=utf-8')"

if [[ "$team_delete_code" != "200" ]]; then
echo "Team delete failed with HTTP $team_delete_code"
cat /tmp/delete_team_response.txt
exit 1
fi

echo "Team $team_id deleted successfully."
echo "Done: $EMAIL and team $team_id got deleted."