From 396e91933f98a5f5c8f209db06a3f467d4c7028e Mon Sep 17 00:00:00 2001 From: Mathieu LAUDE Date: Fri, 11 Jun 2021 12:17:55 +0200 Subject: [PATCH] Adding users and group bulk creation files --- kubernetes-ressources/terraform/.gitignore | 2 +- kubernetes-ressources/terraform/README.md | 11 +++++++++-- kubernetes-ressources/terraform/tf-runner.sh | 10 ++++++++-- 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/kubernetes-ressources/terraform/.gitignore b/kubernetes-ressources/terraform/.gitignore index bffe100..deae2b9 100644 --- a/kubernetes-ressources/terraform/.gitignore +++ b/kubernetes-ressources/terraform/.gitignore @@ -1,4 +1,4 @@ .terraform terraform.tfstate terraform.tfstate.backup -ips \ No newline at end of file +config/* diff --git a/kubernetes-ressources/terraform/README.md b/kubernetes-ressources/terraform/README.md index 8facd3a..7dc94d4 100644 --- a/kubernetes-ressources/terraform/README.md +++ b/kubernetes-ressources/terraform/README.md @@ -18,8 +18,7 @@ To achieve this, we create a terraform workspace per element. ## Pre-requisites -1. Create the GSuite users on **training.wecontrol.cloud** domain and place them in *k8s-training-niv-1* group and *kube-niv-1* OU. For that, ask an admin on the suite Domain. -2. Create the target GCP projects. For this, see https://gitlab.com/wescalefr/bootstrap-gcp-kube-training. +1. Create the target GCP projects. For this, see https://gitlab.com/wescalefr/bootstrap-gcp-kube-training. ## Get Terraform @@ -40,6 +39,14 @@ Then: bash tf-runner.sh provision ``` +## (Optional) Create users to allow Web SSH Console + +Create the GSuite users on **training.wecontrol.cloud** domain and place them in *k8s-training-niv-1* group and *kube-niv-1* OU. For that, ask an admin on the suite Domain. + +Two files are generated by Terraform to allow bulk creation of users and group association: +- Upload config/users.csv on (User management)[https://admin.google.com/ac/users] of wecontrol.cloud management console. +- Upload conf/users_group.csv on (k8s-training-niv-1 group)[https://admin.google.com/ac/groups/01rvwp1q0sa51v1/members?hl=fr] management page. + ## At the end of training, clean the GKE clusters diff --git a/kubernetes-ressources/terraform/tf-runner.sh b/kubernetes-ressources/terraform/tf-runner.sh index 067e588..4135f6c 100755 --- a/kubernetes-ressources/terraform/tf-runner.sh +++ b/kubernetes-ressources/terraform/tf-runner.sh @@ -2,7 +2,7 @@ set -e -NB_PROJECTS=11 # can go to the value defined in https://gitlab.com/wescalefr/bootstrap-gcp-kube-training +NB_PROJECTS=12 # can go to the value defined in https://gitlab.com/wescalefr/bootstrap-gcp-kube-training OPT=$1 # option @@ -11,6 +11,9 @@ ROOT_DIR=$(pwd) function provision(){ local project_id=0 rm -rf "${ROOT_DIR}/config/ips" + echo "First Name [Required],Last Name [Required],Email Address [Required],Password [Required],Password Hash Function [UPLOAD ONLY],Org Unit Path [Required]" > "${ROOT_DIR}/config/users.csv" + echo "Group Email [Required],Member Email,Member Type,Member Role" > "${ROOT_DIR}/config/users_group.csv" + while [ $project_id -lt $NB_PROJECTS ];do echo "Create content for project ${project_id}" set +e @@ -19,8 +22,11 @@ function provision(){ terraform workspace select "wsc-kubernetes-training-${project_id}" terraform apply -auto-approve - mkdir -p "${ROOT_DIR}/config/${w}" terraform output -json bastion_ip |jq -r . >> "${ROOT_DIR}/config/ips" + userid=$(printf "%02d" "$project_id") # 2 digits, e.g. 01 for project 1 + passwd=$(tr -dc A-Za-z0-9 > "${ROOT_DIR}/config/users.csv" + echo "k8s-training-niv-1@training.wecontrol.cloud,trainee${userid}@training.wecontrol.cloud,USER,MEMBER" >> "${ROOT_DIR}/config/users_group.csv" project_id=$[$project_id+1] done }