自动添加用户到RBAC

最新推荐文章于 2025-11-22 14:34:34 发布
最新推荐文章于 2025-11-22 14:34:34 发布 · 120 阅读
18 篇文章
订阅专栏
DEBUG=1
 
# Print all debug lines if DEBUG = 1
 
sub print_debug()
 
{
 
    if test "$DEBUG" -eq 1
 
    then
 
        echo $@
 
    fi
 
}
 
 
 
sub print_usage()
 
{
 
    echo "$PROGRAM <user_list> <role_list>\n"
 
    echo "    user_list - Colon-delimited list of users to add"
 
    echo "    role_list - Colon-delimited list of roles to add\n"
 
    exit 1
 
}
 
 
 
sub get_workspace_IDs()
 
{
 
    CUR_ROLE=$1
 
 
 
    if test -z "$CUR_ROLE"
 
    then
 
        echo "Error: No role passed to $0."
 
        exit 1
 
    fi
 
 
 
    # Template group
 
    print_debug "Getting Workspace IDs for $role."
 
    SERVER_WS_ID=`blcli -i  ~/.bladelogic/.user/user_info_$CUR_ROLE.dat ServerGroup groupNameToId "/Workspace"`
 
    COMPONENT_WS_ID=`blcli -i  ~/.bladelogic/.user/user_info_$CUR_ROLE.dat TemplateGroup groupNameToId "/Workspace"`
 
    DEPOT_WS_ID=`blcli -i ~/.bladelogic/.user/user_info_$CUR_ROLE.dat DepotGroup groupNameToId "/Workspace"`
 
    JOB_WS_ID=`blcli -i ~/.bladelogic/.user/user_info_$CUR_ROLE.dat JobGroup groupNameToId "/Workspace"`
 
    print_debug "Server Workspace Group ID is $SERVER_WS_ID."
 
    print_debug "Component Workspace Group ID is $COMPONENT_WS_ID."
 
    print_debug "Depot Workspace Group ID is $DEPOT_WS_ID."
 
    print_debug "Job Workspace Group ID is $JOB_WS_ID."
 
 
 
}
 
 
 
sub create_user_workspaces()
 
{
 
    CUR_ROLE=$1
 
    CUR_USER=$2
 
 
 
    # Create workspace depot, component, and job groups for each
 
    # role to which the user belongs
 
 
 
    print_debug "Creating Workspace groups for $CUR_USER..."
 
 
 
    # Server group
 
    RESULT=`blcli -i ~/.bladelogic/.user/user_info_$CUR_ROLE.dat StaticServerGroup createServerGroup "$CUR_USER" "$SERVER_WS_ID"`
 
    print_debug "Server group creation: $RESULT."
 
 
 
    # Component group
 
    RESULT=`blcli -i ~/.bladelogic/.user/user_info_$CUR_ROLE.dat TemplateGroup createTemplateGroup "$CUR_USER" "$COMPONENT_WS_ID"`
 
    print_debug "Component group creation: $RESULT."
 
 
 
    # Depot group
 
    RESULT=`blcli -i ~/.bladelogic/.user/user_info_$CUR_ROLE.dat DepotGroup createDepotGroup "$CUR_USER" "$DEPOT_WS_ID"`
 
    print_debug "Depot group creation: $RESULT."
 
 
 
    # Job group
 
    RESULT=`blcli -i ~/.bladelogic/.user/user_info_$CUR_ROLE.dat JobGroup createJobGroup "$CUR_USER" "$JOB_WS_ID"`
 
    print_debug "Job group creation: $RESULT."
 
 
 
}
 
 
 
 
 
# Parse out users list (assume colon-delimited format)
 
PROGRAM=$0
 
USER_LIST=$1
 
ROLE_LIST=$2
 
PUSH_ACLS=$3
 
 
 
print_debug "ACL Push: $PUSH_ACLS"
 
 
 
# Create a file for listing ACL hosts
 
SERVER_LIST="/usr/nsh/tmp/server_list$$"
 
 
 
rm -f $SERVER_LIST
 
touch $SERVER_LIST
 
 
 
if test -z $USER_LIST
 
then
 
    echo "Error: No users defined."
 
    print_usage
 
fi
 
 
 
if test -z $ROLE_LIST
 
then
 
    echo "Error: No roles defined."
 
    print_usage
 
fi
 
 
 
USER_LIST=`echo $USER_LIST | sed -e s/\:/\ /g`
 
print_debug "User list is $USER_LIST"
 
 
 
ROLE_LIST=`echo $ROLE_LIST | sed -e s/\:/\ /g`
 
print_debug "Role list is $ROLE_LIST"
 
 
 
# First add the users to RBAC
 
foreach user in $USER_LIST
 
do
 
    USER_EXISTS=`blcli RBACUser isUserExists $user`
 
 
 
    if test "$USER_EXISTS" = "true"
 
    then
 
        echo "Warning: user $user already exists.  Skipping to next user (if applicable)."
 
    else
 
        desc="$user"
 
        password="${user}_123"
 
        print_debug "Adding user: $desc"
 
        print_debug "Password: $password"
 
 
 
        RESULT=`blcli RBACUser createUser $user $password $desc`
 
        print_debug "Result of creating $user: $RESULT."
 
    fi
 
done
 
 
 
foreach role in $ROLE_LIST
 
do
 
 
 
    # Assumes that "Workspace" groups exist on all tabs (except Servers)
 
    print_debug "Getting root Workspace groups for $role."
 
    get_workspace_IDs $role
 
 
 
    foreach user in $USER_LIST
 
    do
 
        if test "$USER_EXISTS" = "true"
 
        then
 
            echo "Warning: user $user already exists.  Skipping to next user (if applicable)."
 
        else
 
            # Add user to the appropriate roles
 
            echo "Adding $user to $role."
 
            RESULT=`blcli RBACUser addRole "$user" "$role"`
 
            print_debug "Result of adding $user to $role: $RESULT."
 
 
 
            # Create user workspaces
 
            print_debug "Adding $user workspace to $role."
 
            create_user_workspaces $role $user
 
        fi
 
    done
 
 
 
    if test "$PUSH_ACLS" = "true" || test "$PUSH_ACLS" = "TRUE"
 
    then
 
        # List servers in role and add to master server list (for ACL pushing)
 
        SERVERS=`blcli -i ~/.bladelogic/.user/user_info_$role.dat Server listAllServers`
 
        foreach server in $SERVERS
 
        do
 
            # If the server's not already on the list, then add it
 
            if test "`cat $SERVER_LIST | grep -q $server`" -ne 0
 
            then
 
                cat $server >> $SERVER_LIST
 
            fi
 
        done
 
    fi
 
done
 
 
 
# Push ACLs to necessary servers (if requested)
 
if test "$PUSH_ACLS" = "true" || test "$PUSH_ACLS" = "TRUE"
 
then
 
    foreach server in `cat $SERVER_LIST`
 
    do
 
        echo "Push ACLs to $server."
 
        SERVER_ID=`blcli Server getServerIdByName $server`
 
        print_debug "ID for $server: $SERVER_ID"
 
 
 
        RESULT=`blcli Resource requestAgentPushAcl $SERVER_ID`
 
        print_debug "Result of ACL push to $server: $RESULT."
 
    done
 
fi
 
 
 
rm -r $SERVER_LIST