--- /dev/null
+#!/bin/bash
+
+set -e
+
+PROFILE=${CLOUD_ENVIRONMENT}
+SSH_KEY_DIR="SSHConfigs"
+DDBTABLE="userManager"
+DDBREGION="us-east-1"
+DDB_TEMPLATE="userManagementTemplates/ddb.templ"
+DTS_TEMPLATE="userManagementTemplates/ddbts.templ"
+VPN_SCRIPT="./createVPNAccount.sh"
+TGZDIR="userPackage"
+AUTOPASS=0
+
+usage(){
+ SELF=$(basename "$0")
+ cat<<EOF
+
+${SELF} - create account for local users
+--------------------------------------
+${SELF} [-p]
+
+${SELF} is used to create the account information that is stored in DDB
+this information is used to push out accounts to the machines in the cluster.
+
+You can only add a single group using this interface, to add additional groups
+use the DDB tool to turn groups into an array, where each machine type is an available group.
+User details are stored in the DynamoDB table: ${DDBTABLE}.
+
+If you want to use a machine generated password (instead of having a user come to your desk)
+pass in '-p' to the script. If you use an auto generated password, it will be written out to
+${SSH_KEY_DIR}/${PROFILE}-\$Username.pass
+
+After running this script, you'll need to give the user the following files:
+ - ${SSH_KEY_DIR}/${PROFILE}-\$Username -- This is the SSH private key
+ - ${SSH_KEY_DIR}/${PROFILE}-\$Username.pass -- This is the user's password if using -p
+ - VPNConfigs/${PROFILE}-\$EMAIL.ovpn -- This is the VPN Config unique to the users
+
+EOF
+ exit
+}
+
+function valid_password(){
+ # we don't want quotes or escapes in passwords, for reasons
+ case "$1" in
+ (*[\'\"\\]*)
+ return 1
+ ;;
+ esac
+}
+
+if [ "x${1}" == "x-h" ]; then
+ usage
+elif [ "x${1}" == "x-p" ]; then
+ while :
+ do
+ PASS1=$(pwgen -y -N 1 15)
+ valid_password "${PASS1}" && break
+ done
+ PASS2="${PASS1}"
+ AUTOPASS=1
+fi
+
+read -p "Username: " UNAME
+read -p "Email: " EMAIL
+
+# Check to see if we have an existing .pass file to reuse (*shame*)
+if [ -e "${SSH_KEY_DIR}/${PROFILE}-${UNAME}.pass" ]; then
+ echo "Reusing exsting .pass file"
+ PASS1=$(cat ${SSH_KEY_DIR}/${PROFILE}-${UNAME}.pass)
+ PASS2="${PASS1}"
+ AUTOPASS=1
+fi
+
+if [ ${AUTOPASS} -eq 0 ]; then
+ while :
+ do
+ read -s -p "Password: " PASS1
+ echo ""
+ read -s -p "Password (again):" PASS2
+ echo ""
+
+ if [[ "x${PASS1}" != "x${PASS2}" ]]
+ then
+ echo "Passwords do not match, please try again."
+ continue
+ fi
+
+ if ! valid_password "${PASS1}"
+ then
+ echo "Please do not use escape characters, nor single or double quotes in passwords. Enter a different password."
+ continue
+ fi
+
+ break
+ done
+else
+ # save the autogenerated password somewhere
+ echo "${PASS1}" > "${SSH_KEY_DIR}/${PROFILE}-${UNAME}.pass"
+fi
+
+PASS_CRYPT=$(python -c "from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(\"${PASS1}\")";)
+
+if [ ! -e "${SSH_KEY_DIR}/${PROFILE}-${UNAME}.pub" ]; then
+ ssh-keygen -b 521 -t ecdsa -C "${PROFILE}-${UNAME}-${EMAIL}" -N '' -f "${SSH_KEY_DIR}/${PROFILE}-${UNAME}" > /dev/null
+else
+ echo "Using existing SSH key"
+fi
+SSHPUB=$(cat ${SSH_KEY_DIR}/${PROFILE}-${UNAME}.pub)
+
+echo ""
+echo "Available Groups:"
+for i in us-east-1 us-west-2; do
+ echo 'unix.admins'
+ aws --region "${i}" ec2 describe-instances --query 'Reservations[*].Instances[*].Tags[?Key==`module`].Value' --output text
+done | sort -u | xargs -n1 echo ' -'
+echo ""
+read -p "Group for this user: " MYGROUPS
+
+echo ""
+echo "Groups: $MYGROUPS"
+
+cat ${DDB_TEMPLATE} | sed -e "s/%UNAME%/${UNAME}/g" -e "s#%SSHPUB%#${SSHPUB}#g" -e "s#%PASS_CRYPT%#${PASS_CRYPT}#g" -e "s/%GROUPS%/${MYGROUPS}/g" -e "s/%EMAIL%/${EMAIL}/g" > /tmp/ddb-${UNAME}.json
+cat ${DTS_TEMPLATE} | sed -e "s/%TS%/`date +%s`/g" > /tmp/ddbts-${UNAME}.json
+
+for f in ddb ddbts
+do
+ aws --region "${DDBREGION}" dynamodb put-item --table-name "${DDBTABLE}" --item file:///tmp/${f}-${UNAME}.json
+ rm -f /tmp/${f}-${UNAME}.json
+done
+
+echo ""
+echo "Generating VPN Configuration:"
+${VPN_SCRIPT} ${PROFILE} ${EMAIL}
+
+
+echo ""
+echo "In additon to the VPN Config, you'll need to give the user the following files:"
+echo " - ${SSH_KEY_DIR}/${PROFILE}-${UNAME} -- This is the SSH private key"
+if [ $AUTOPASS -eq 1 ]; then
+ echo " - ${SSH_KEY_DIR}/${PROFILE}-${UNAME}.pass -- This is the user's password in plaintext"
+fi
+echo ""
+echo ""
+
+echo "I'll create a tarball of the important files for you to download."
+echo "You can find it at ${TGZDIR}/${PROFILE}-${UNAME}.tgz"
+tar zcf ${TGZDIR}/${PROFILE}-${UNAME}.tgz $(find ${SSH_KEY_DIR} -name "*${PROFILE}-${UNAME}*"; find VPNConfigs -name "*${PROFILE}-${UNAME}*")
+echo "You're welcome..."
projects / awsible / commitdiff