Create Concourse team with UAA groups mapped

concourse-uaa.sh

#!/bin/bash -e

map_group() {
  token=$1
  group=$2
  uaa_host=$3
  dn='ou=acme,ou=groups,dc=company,dc=net'

  curl -k -H "Authorization: Bearer $token" -H "Content-Type: application/json" -d "{\"displayName\":\"$group\"}" ${uaa_host}/Groups > /dev/null
  curl -k -H "Authorization: Bearer $token" -H "Content-Type: application/json" -d "{\"displayName\":\"$group\",\"externalGroup\":\"cn=$group,$dn\",\"origin\":\"ldap\"}" ${uaa_host}/Groups/External > /dev/null
}

get_token() {
  uaa_client=$1
  uaa_secret=$2
  uaa_host=$3

  curl -k -u ${uaa_client}:${uaa_secret} -d 'grant_type=client_credentials' ${uaa_host}/oauth/token | jq -r '.access_token'
}

function add_team() {
    local uaa_host=$1
    local concourse_client_secret=$2
    local environment=$3
    local team=$4
    local password=$5
    fly -t ${environment} set-team -n ${team} --non-interactive \
      --basic-auth-username ${team} \
      --basic-auth-password ${password} \
      --generic-oauth-display-name "UAA (OAuth) - ${team}" \
      --generic-oauth-client-id concourse \
      --generic-oauth-client-secret "${concourse_client_secret}" \
      --generic-oauth-auth-url ${uaa_host}/oauth/authorize \
      --generic-oauth-token-url ${uaa_host}/oauth/token \
      --generic-oauth-scope concourse-${environment}
}

uaa_admin_secret=$1
uaa_host=$2
group_name=$3
concourse_client_secret=$4
concourse_target=$5
concourse_team=$6
team_password=$7

token=$(get_token admin ${uaa_admin_secret} ${uaa_host})
map_group "$token" ${group_name} ${uaa_host}
add_team "${uaa_host}" "${concourse_client_secret}" ${concourse_target} ${concourse_team} "${team_password}"