Docker EE 17.06 UCP API Examples

ucp_create_rbac.sh

#!/bin/bash

# set environment variables
USERNAME="admin"
PASSWORD="docker123"
UCP_URL="10.1.2.3:4443"

# get auth token
AUTH_TOKEN="$(curl -sk -d '{"username":"'${USERNAME}'","password":"'${PASSWORD}'"}' https://${UCP_URL}/auth/login | jq -r .auth_token 2>/dev/null)"

CURL_OPTS=(-ks --header "Content-Type: application/json" --header "Accept: application/json" -H "Authorization: Bearer ${AUTH_TOKEN}")

# create organization
curl -X POST "${CURL_OPTS[@]}" -d '{"name":"demo-org","isOrg":true}' "https://${UCP_URL}/accounts/"

# create team
curl -X POST "${CURL_OPTS[@]}" -d '{"name":"demo-team","description":"Demo Team"}' "https://${UCP_URL}/accounts/demo-org/teams"

# create users, if necessary
if [ "$(curl "${CURL_OPTS[@]}" "https://${UCP_URL}/api/accounts" | jq -r '.[] | select (.username == "demo") | .username')" != "demo" ]
then
  curl -X POST "${CURL_OPTS[@]}" -d '{"name":"demo","password":"docker123","fullName":"Demo User","isAdmin":true,"isActive":true}' "https://${UCP_URL}/accounts/"
fi

if [ "$(curl "${CURL_OPTS[@]}" "https://${UCP_URL}/api/accounts" | jq -r '.[] | select (.username == "demo2") | .username')" != "demo2" ]
then
  curl -X POST "${CURL_OPTS[@]}" -d '{"name":"demo2","password":"docker123","fullName":"Demo User2","isAdmin":false,"isActive":true}' "https://${UCP_URL}/accounts/"
fi

# add members to team
curl -X PUT "${CURL_OPTS[@]}" -d "{}" "https://${UCP_URL}/accounts/demo-org/teams/demo-team/members/demo"
curl -X PUT "${CURL_OPTS[@]}" -d "{}" "https://${UCP_URL}/accounts/demo-org/teams/demo-team/members/demo2"

# create collections
curl -X POST "${CURL_OPTS[@]}" -d '{"name":"demo-collection","parent_id":"swarm"}' "https://${UCP_URL}/collections"
COLLECTION_ID="$(curl "${CURL_OPTS[@]}" "https://${UCP_URL}/collections/swarm/children?limit=0" | jq -r '.[] | select (.path == "/demo-collection") | .id')"

curl -X POST "${CURL_OPTS[@]}" -d '{"name":"dev","parent_id":"'"${COLLECTION_ID}"'"}' "https://${UCP_URL}/collections"
curl -X POST "${CURL_OPTS[@]}" -d '{"name":"test","parent_id":"'"${COLLECTION_ID}"'"}' "https://${UCP_URL}/collections"
curl -X POST "${CURL_OPTS[@]}" -d '{"name":"prd","parent_id":"'"${COLLECTION_ID}"'"}' "https://${UCP_URL}/collections"

# create a grant
TEAM_ID="$(curl "${CURL_OPTS[@]}" "https://${UCP_URL}/accounts/demo-org/teams/demo-team" | jq -r .id)"
PARENT_COLLECTION_ID="$(curl "${CURL_OPTS[@]}" "https://${UCP_URL}/collections/swarm/children?limit=0" | jq -r '.[] | select (.path == "/demo-collection") | .id')"

COLLECTION_ID="$(curl "${CURL_OPTS[@]}" "https://${UCP_URL}/collections/${PARENT_COLLECTION_ID}/children?limit=0" | jq -r '.[] | select (.path == "/demo-collection/dev") | .id')"
curl -X PUT "${CURL_OPTS[@]}" -d "{}" "https://${UCP_URL}/collectionGrants/${TEAM_ID}/${COLLECTION_ID}/fullcontrol"

COLLECTION_ID="$(curl "${CURL_OPTS[@]}" "https://${UCP_URL}/collections/${PARENT_COLLECTION_ID}/children?limit=0" | jq -r '.[] | select (.path == "/demo-collection/test") | .id')"
curl -X PUT "${CURL_OPTS[@]}" -d "{}" "https://${UCP_URL}/collectionGrants/${TEAM_ID}/${COLLECTION_ID}/restrictedcontrol"

COLLECTION_ID="$(curl "${CURL_OPTS[@]}" "https://${UCP_URL}/collections/${PARENT_COLLECTION_ID}/children?limit=0" | jq -r '.[] | select (.path == "/demo-collection/prd") | .id')"
curl -X PUT "${CURL_OPTS[@]}" -d "{}" "https://${UCP_URL}/collectionGrants/${TEAM_ID}/${COLLECTION_ID}/viewonly"

ucp_node_rbac.sh

#!/bin/bash

### BEGIN CUSTOM VARIABLES
# bundle directory
BUNDLE_DIR="${HOME}/temp/ucp-bundle"

# UCP URL
UCP_URL="10.1.2.3:4443"

# admin credentials
USERNAME="admin"
PASSWORD="docker123"

# new user info
NEW_USERNAME="demo"
NEW_PASSWORD="docker123"
NEW_FULLNAME="Demo User"
### END CUSTOM VARIABLES

# get auth token
echo "Retrieving auth token..."
AUTH_TOKEN="$(curl -sk -d '{"username":"'${USERNAME}'","password":"'${PASSWORD}'"}' https://${UCP_URL}/auth/login | jq -r .auth_token 2>/dev/null)"
if [ -z "${AUTH_TOKEN}" ]
then
  echo -e "error\nError connecting to ${UCP_URL}"
  exit 1
fi
echo -e "done.\n"

# set CURL_OPTS to reduce clutter
CURL_OPTS=(-ks --header "Content-Type: application/json" --header "Accept: application/json" -H "Authorization: Bearer ${AUTH_TOKEN}")

# get client bundle
echo "Getting client bundle..."
if [ ! -d "${BUNDLE_DIR}" ]
then
  mkdir -p "${BUNDLE_DIR}"
fi
curl "${CURL_OPTS[@]}" https://${UCP_URL}/api/clientbundle -o "${BUNDLE_DIR}"/bundle.zip
echo -e "done.\n"

# unzip client bundle
echo "Unzipping client bundle..."
unzip "${BUNDLE_DIR}"/bundle.zip -d "${BUNDLE_DIR}"
echo -e "done.\n"

# create new user
echo "Creating new user..."
curl -X POST "${CURL_OPTS[@]}" -d '{"name":"'"${NEW_USERNAME}"'","password":"'"${NEW_PASSWORD}"'","fullName":"'"${NEW_FULLNAME}"'","isActive":true}' "https://${UCP_URL}/accounts/"
echo -e "\ndone.\n"

# create collections
echo "Creating collections..."
curl -X POST "${CURL_OPTS[@]}" -d '{"name":"lab","parent_id":"swarm"}' "https://${UCP_URL}/collections"
curl -X POST "${CURL_OPTS[@]}" -d '{"name":"dev","parent_id":"swarm"}' "https://${UCP_URL}/collections"
echo -e "done.\n"

# update node labels (beta_docker2 -> /lab; beta_docker3 -> /dev
echo "Updating node labels..."
(cd "${BUNDLE_DIR}" &&\
eval "$(<env.sh)" &&\
docker node update --label-add "com.docker.ucp.access.label=/lab" beta_docker2 &&\
docker node update --label-add "com.docker.ucp.access.label=/dev" beta_docker3)
echo -e "done.\n"

# Create a grant to the collection to be able to schedule to nodes
echo "Creating grant to schedule to nodes..."
OBJECT_ID="$(curl "${CURL_OPTS[@]}" "https://${UCP_URL}/collections" | jq -r '.[] | select (.path == "/dev") | .id')"
ROLE_ID="$(curl "${CURL_OPTS[@]}" "https://${UCP_URL}/roles" | jq -r '.[] | select (.name == "Scheduler") | .id')"
SUBJECT_ID="$(curl "${CURL_OPTS[@]}" "https://${UCP_URL}/accounts/" | jq -r '.accounts | .[] | select (.name == "demo") | .id')"
curl -X PUT "${CURL_OPTS[@]}" "https://${UCP_URL}/collectionGrants/${SUBJECT_ID}/${OBJECT_ID}/${ROLE_ID}"
echo -e "done.\n"

# Remove the default grant for 'Org - docker-datacenter'
echo "Removing default grant for 'Org - docker-datacenter'..."
SUBJECT_ID="$(curl "${CURL_OPTS[@]}" "https://${UCP_URL}/collectionGrants" | jq -r '.subjects | .[] | select (.subject_type == "org" and .account.name == "docker-datacenter") | .id')"
ROLE_ID="$(curl "${CURL_OPTS[@]}" "https://${UCP_URL}/collectionGrants" | jq -r '.grants | .[] | select (.subjectID == "'"${SUBJECT_ID}"'") | .roleID')"
OBJECT_ID="$(curl "${CURL_OPTS[@]}" "https://${UCP_URL}/collectionGrants" | jq -r '.grants | .[] | select (.subjectID == "'"${SUBJECT_ID}"'") | .objectID')"

curl -X DELETE "${CURL_OPTS[@]}" "https://${UCP_URL}/collectionGrants/${SUBJECT_ID}/${OBJECT_ID}/${ROLE_ID}"
echo -e "done.\n"

# create a grant to the collection to actually create services
echo "Creating grant to allow users to create services with 'Restricted Control'..."
OBJECT_ID="$(curl "${CURL_OPTS[@]}" "https://${UCP_URL}/collections" | jq -r '.[] | select (.path == "/dev") | .id')"
ROLE_ID="$(curl "${CURL_OPTS[@]}" "https://${UCP_URL}/roles" | jq -r '.[] | select (.name == "Restricted Control") | .id')"
SUBJECT_ID="$(curl "${CURL_OPTS[@]}" "https://${UCP_URL}/accounts/" | jq -r '.accounts | .[] | select (.name == "demo") | .id')"
curl -X PUT "${CURL_OPTS[@]}" "https://${UCP_URL}/collectionGrants/${SUBJECT_ID}/${OBJECT_ID}/${ROLE_ID}"
echo -e "done.\n"

# set the user's default collection
echo "Set the user's default collection to '/dev'..."
USER_ID="$(curl "${CURL_OPTS[@]}" "https://${UCP_URL}/accounts/" | jq -r '.accounts | .[] | select (.name == "demo") | .id')"
COLLECTION_ID="$(curl "${CURL_OPTS[@]}" "https://${UCP_URL}/collections" | jq -r '.[] | select (.path == "/dev") | .id')"
curl -X PUT "${CURL_OPTS[@]}" -d '{"id":"'"${COLLECTION_ID}"'"}' "https://${UCP_URL}/defaultCollection/${USER_ID}"
echo -e "done.\n"