Gerg/user_array.rb

## user_array.rb
#!/usr/bin/env ruby

require 'pp'

SCOPE_USERS = {
 admin: 'admin',
 admin_read_only: 'admin_read_only',
 global_auditor: 'global_auditor',
}

SPACE_ROLE_USERS = {
  space_developer: 'SpaceDeveloper',
  space_manager: 'SpaceManager',
  space_auditor: 'SpaceAuditor',
}

ORG_ROLE_USERS = {
  org_manager: 'OrgManager',
  org_auditor: 'OrgAuditor',
  org_billing_manager: 'BillingManager',
}

SUPER_SECURE_PASSWORD='password'
SPACE_NAME='space'
ORG_NAME='org'

AFFIRMATIONS = ['yes', 'yes, please', 'yes please', '1', 'true']

def main
  system_domain=ARGV[0]
  command=ARGV[1]
  unless system_domain && command
    puts 'Usage: SEED_USERS="yes, please" ./user_array <system domain> "<command>"'
    exit(1)
  end

  setup_users(system_domain) if AFFIRMATIONS.include? ENV['SEED_USERS']
  do_the_thing(system_domain, command, get_cc_admin_password)
end

def setup_users(system_domain)
  puts 'Seeding Users!'
  setup_scope_users(system_domain)
  setup_role_users
end

def setup_scope_users(system_domain)
  `uaac target uaa.#{system_domain} --skip-ssl-validation`
  SCOPE_USERS.each do |name, scope|
    `uaac token client get admin -s #{get_uaa_admin_token}`
    `uaac user add #{name} -p #{SUPER_SECURE_PASSWORD} --emails #{name}`
    `uaac group add cloud_controller.#{scope}`
    `uaac member add cloud_controller.#{scope} #{name}`
    `uaac member add scim.read #{name}`
    `cf create-user #{name} #{SUPER_SECURE_PASSWORD}`
  end
end

def get_uaa_admin_token()
  get_credhub_value('uaa_admin_client_secret')
end

def get_cc_admin_password()
  get_credhub_value('cf_admin_password')
end

def get_credhub_value(key)
  setup_credhub
  `credhub get --name "/bosh-lite/cf/#{key}" --output-json | jq -r '.value'`
end

def setup_credhub()
  `credhub login --skip-tls-validation`
end

def setup_role_users
  SPACE_ROLE_USERS.each do |name, role|
    `cf create-user #{name} #{SUPER_SECURE_PASSWORD}`
    `cf set-space-role #{name} #{ORG_NAME} #{SPACE_NAME} #{role}`
  end

  ORG_ROLE_USERS.each do |name, role|
    `cf create-user #{name} #{SUPER_SECURE_PASSWORD}`
    `cf set-org-role #{name} #{ORG_NAME} #{role}`
  end
end

RESPONSE_CODE_REGEX = /1\.1 (\d+) \w+/
CF_HOME_DIR = '/tmp/user_array'

def do_the_thing(system_domain, command, admin_secret)
  `mkdir -p #{CF_HOME_DIR}`
  `CF_HOME=#{CF_HOME_DIR} cf api api.#{system_domain} --skip-ssl-validation`

  all_users = SCOPE_USERS.keys + SPACE_ROLE_USERS.keys + ORG_ROLE_USERS.keys
  results = all_users.collect do |role|
    `CF_HOME=#{CF_HOME_DIR} cf auth #{role} #{password(role, admin_secret)}`
    response = `CF_HOME=#{CF_HOME_DIR} #{command} -v 2>&1`
    print_response(role, response)
    response_code = RESPONSE_CODE_REGEX.match(response)[1]
    [role, response_code]
  end
  pp results
end

def print_response(role, response)
  puts "=" * 20
  puts role
  puts "=" * 20
  puts response
  puts "\n\n"
end

def password(user, admin_secret)
  (user == :admin) ? admin_secret : SUPER_SECURE_PASSWORD
end

main()

# Copyright 2019 Greg Cobb

# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:

# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.

#   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
#   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
#   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
#   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
#   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
#   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
#   DEALINGS IN THE SOFTWARE.
	#!/usr/bin/env ruby

	require 'pp'

	SCOPE_USERS = {
	admin: 'admin',
	admin_read_only: 'admin_read_only',
	global_auditor: 'global_auditor',
	}

	SPACE_ROLE_USERS = {
	space_developer: 'SpaceDeveloper',
	space_manager: 'SpaceManager',
	space_auditor: 'SpaceAuditor',
	}

	ORG_ROLE_USERS = {
	org_manager: 'OrgManager',
	org_auditor: 'OrgAuditor',
	org_billing_manager: 'BillingManager',
	}

	SUPER_SECURE_PASSWORD='password'
	SPACE_NAME='space'
	ORG_NAME='org'

	AFFIRMATIONS = ['yes', 'yes, please', 'yes please', '1', 'true']

	def main
	system_domain=ARGV[0]
	command=ARGV[1]
	unless system_domain && command
	puts 'Usage: SEED_USERS="yes, please" ./user_array <system domain> "<command>"'
	exit(1)
	end

	setup_users(system_domain) if AFFIRMATIONS.include? ENV['SEED_USERS']
	do_the_thing(system_domain, command, get_cc_admin_password)
	end

	def setup_users(system_domain)
	puts 'Seeding Users!'
	setup_scope_users(system_domain)
	setup_role_users
	end

	def setup_scope_users(system_domain)
	`uaac target uaa.#{system_domain} --skip-ssl-validation`
	SCOPE_USERS.each do \|name, scope\|
	`uaac token client get admin -s #{get_uaa_admin_token}`
	`uaac user add #{name} -p #{SUPER_SECURE_PASSWORD} --emails #{name}`
	`uaac group add cloud_controller.#{scope}`
	`uaac member add cloud_controller.#{scope} #{name}`
	`uaac member add scim.read #{name}`
	`cf create-user #{name} #{SUPER_SECURE_PASSWORD}`
	end
	end

	def get_uaa_admin_token()
	get_credhub_value('uaa_admin_client_secret')
	end

	def get_cc_admin_password()
	get_credhub_value('cf_admin_password')
	end

	def get_credhub_value(key)
	setup_credhub
	`credhub get --name "/bosh-lite/cf/#{key}" --output-json \| jq -r '.value'`
	end

	def setup_credhub()
	`credhub login --skip-tls-validation`
	end

	def setup_role_users
	SPACE_ROLE_USERS.each do \|name, role\|
	`cf create-user #{name} #{SUPER_SECURE_PASSWORD}`
	`cf set-space-role #{name} #{ORG_NAME} #{SPACE_NAME} #{role}`
	end

	ORG_ROLE_USERS.each do \|name, role\|
	`cf create-user #{name} #{SUPER_SECURE_PASSWORD}`
	`cf set-org-role #{name} #{ORG_NAME} #{role}`
	end
	end

	RESPONSE_CODE_REGEX = /1\.1 (\d+) \w+/
	CF_HOME_DIR = '/tmp/user_array'

	def do_the_thing(system_domain, command, admin_secret)
	`mkdir -p #{CF_HOME_DIR}`
	`CF_HOME=#{CF_HOME_DIR} cf api api.#{system_domain} --skip-ssl-validation`

	all_users = SCOPE_USERS.keys + SPACE_ROLE_USERS.keys + ORG_ROLE_USERS.keys
	results = all_users.collect do \|role\|
	`CF_HOME=#{CF_HOME_DIR} cf auth #{role} #{password(role, admin_secret)}`
	response = `CF_HOME=#{CF_HOME_DIR} #{command} -v 2>&1`
	print_response(role, response)
	response_code = RESPONSE_CODE_REGEX.match(response)[1]
	[role, response_code]
	end
	pp results
	end

	def print_response(role, response)
	puts "=" * 20
	puts role
	puts "=" * 20
	puts response
	puts "\n\n"
	end

	def password(user, admin_secret)
	(user == :admin) ? admin_secret : SUPER_SECURE_PASSWORD
	end

	main()

	# Copyright 2019 Greg Cobb

	# Permission is hereby granted, free of charge, to any person obtaining a copy
	# of this software and associated documentation files (the "Software"), to deal
	# in the Software without restriction, including without limitation the rights
	# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	# copies of the Software, and to permit persons to whom the Software is
	# furnished to do so, subject to the following conditions:

	# The above copyright notice and this permission notice shall be included in
	# all copies or substantial portions of the Software.

	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
	# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
	# DEALINGS IN THE SOFTWARE.