X-Git-Url: http://git.squeep.com/?p=awsible;a=blobdiff_plain;f=addAccount.sh;fp=addAccount.sh;h=cd73f16360b280afb94585131510184adf568cd3;hp=0000000000000000000000000000000000000000;hb=ce8e955b6c67be317f3082df611ff2bafb9f098e;hpb=71bc2f3e5e341f23c07d397e490a2ec88d35476f

diff --git a/addAccount.sh b/addAccount.sh
new file mode 100755
index 0000000..cd73f16
--- /dev/null
+++ b/addAccount.sh
@@ -0,0 +1,149 @@
+#!/bin/bash
+
+set -e
+
+PROFILE=${CLOUD_ENVIRONMENT}
+SSH_KEY_DIR="SSHConfigs"
+DDBTABLE="userManager"
+DDBREGION="us-east-1"
+DDB_TEMPLATE="userManagementTemplates/ddb.templ"
+DTS_TEMPLATE="userManagementTemplates/ddbts.templ"
+VPN_SCRIPT="./createVPNAccount.sh"
+TGZDIR="userPackage"
+AUTOPASS=0
+
+usage(){
+	SELF=$(basename "$0")
+	cat<<EOF
+
+${SELF} - create account for local users
+--------------------------------------
+${SELF} [-p]
+
+${SELF} is used to create the account information that is stored in DDB
+this information is used to push out accounts to the machines in the cluster.
+
+You can only add a single group using this interface, to add additional groups
+use the DDB tool to turn groups into an array, where each machine type is an available group.
+User details are stored in the DynamoDB table: ${DDBTABLE}.
+
+If you want to use a machine generated password (instead of having a user come to your desk)
+pass in '-p' to the script. If you use an auto generated password, it will be written out to
+${SSH_KEY_DIR}/${PROFILE}-\$Username.pass
+
+After running this script, you'll need to give the user the following files:
+  - ${SSH_KEY_DIR}/${PROFILE}-\$Username -- This is the SSH private key
+  - ${SSH_KEY_DIR}/${PROFILE}-\$Username.pass -- This is the user's password if using -p
+  - VPNConfigs/${PROFILE}-\$EMAIL.ovpn -- This is the VPN Config unique to the users
+
+EOF
+	exit
+}
+
+function valid_password(){
+	# we don't want quotes or escapes in passwords, for reasons
+	case "$1" in
+		(*[\'\"\\]*)
+			return 1
+		;;
+	esac
+}
+
+if [ "x${1}" == "x-h" ]; then
+	usage
+elif [ "x${1}" == "x-p" ]; then
+	while :
+	do
+		PASS1=$(pwgen -y -N 1 15)
+		valid_password "${PASS1}" && break
+	done
+	PASS2="${PASS1}"
+	AUTOPASS=1
+fi
+
+read -p "Username: " UNAME
+read -p "Email: " EMAIL
+
+# Check to see if we have an existing .pass file to reuse (*shame*)
+if [ -e "${SSH_KEY_DIR}/${PROFILE}-${UNAME}.pass" ]; then
+	echo "Reusing exsting .pass file"
+	PASS1=$(cat ${SSH_KEY_DIR}/${PROFILE}-${UNAME}.pass)
+	PASS2="${PASS1}"
+	AUTOPASS=1
+fi
+
+if [ ${AUTOPASS} -eq 0 ]; then
+	while :
+	do
+		read -s -p "Password: " PASS1
+		echo ""
+		read -s -p "Password (again):" PASS2
+		echo ""
+
+		if [[ "x${PASS1}" != "x${PASS2}" ]]
+		then
+			echo "Passwords do not match, please try again."
+			continue
+		fi
+
+		if ! valid_password "${PASS1}"
+		then
+			echo "Please do not use escape characters, nor single or double quotes in passwords.  Enter a different password."
+			continue
+		fi
+
+		break
+	done
+else
+	# save the autogenerated password somewhere
+	echo "${PASS1}" > "${SSH_KEY_DIR}/${PROFILE}-${UNAME}.pass"
+fi
+
+PASS_CRYPT=$(python -c "from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(\"${PASS1}\")";)
+
+if [ ! -e "${SSH_KEY_DIR}/${PROFILE}-${UNAME}.pub" ]; then
+	ssh-keygen -b 521 -t ecdsa -C "${PROFILE}-${UNAME}-${EMAIL}" -N '' -f "${SSH_KEY_DIR}/${PROFILE}-${UNAME}" > /dev/null
+else
+	echo "Using existing SSH key"
+fi
+SSHPUB=$(cat ${SSH_KEY_DIR}/${PROFILE}-${UNAME}.pub)
+
+echo ""
+echo "Available Groups:"
+for i in us-east-1 us-west-2; do
+	echo 'unix.admins'
+	aws --region "${i}" ec2 describe-instances --query 'Reservations[*].Instances[*].Tags[?Key==`module`].Value' --output text
+done | sort -u | xargs -n1 echo ' -'
+echo ""
+read -p "Group for this user: " MYGROUPS
+
+echo ""
+echo "Groups: $MYGROUPS"
+
+cat ${DDB_TEMPLATE} | sed -e "s/%UNAME%/${UNAME}/g" -e "s#%SSHPUB%#${SSHPUB}#g" -e "s#%PASS_CRYPT%#${PASS_CRYPT}#g" -e "s/%GROUPS%/${MYGROUPS}/g" -e "s/%EMAIL%/${EMAIL}/g" > /tmp/ddb-${UNAME}.json
+cat ${DTS_TEMPLATE} | sed -e "s/%TS%/`date +%s`/g" > /tmp/ddbts-${UNAME}.json
+
+for f in ddb ddbts
+do
+	aws --region "${DDBREGION}" dynamodb put-item --table-name "${DDBTABLE}" --item file:///tmp/${f}-${UNAME}.json
+	rm -f /tmp/${f}-${UNAME}.json
+done
+
+echo ""
+echo "Generating VPN Configuration:"
+${VPN_SCRIPT} ${PROFILE} ${EMAIL}
+
+
+echo ""
+echo "In additon to the VPN Config, you'll need to give the user the following files:"
+echo "  - ${SSH_KEY_DIR}/${PROFILE}-${UNAME} -- This is the SSH private key"
+if [ $AUTOPASS -eq 1 ]; then
+	echo "  - ${SSH_KEY_DIR}/${PROFILE}-${UNAME}.pass -- This is the user's password in plaintext"
+fi
+echo ""
+echo ""
+
+echo "I'll create a tarball of the important files for you to download."
+echo "You can find it at ${TGZDIR}/${PROFILE}-${UNAME}.tgz"
+tar zcf ${TGZDIR}/${PROFILE}-${UNAME}.tgz $(find ${SSH_KEY_DIR} -name "*${PROFILE}-${UNAME}*"; find VPNConfigs -name "*${PROFILE}-${UNAME}*")
+echo "You're welcome..."