From 4cbbd06514e64f6e7655210ad0f5472a11f5a31f Mon Sep 17 00:00:00 2001
From: Christina Petala <christina.petala@cern.ch>
Date: Thu, 6 Jun 2024 18:17:09 +0200
Subject: [PATCH] [#15] Update scripts for adding/removing groups to projects
 and add wrapper script to standardise administrator group for
 drupal-supporters

---
 scripts/addGroupToDrupalAdmins.sh      | 26 ++++++++++++++++++++++----
 scripts/modifyGroups-wrapper.sh        | 22 ++++++++++++++++++++++
 scripts/removeGroupFromDrupalAdmins.sh |  9 +++++++--
 3 files changed, 51 insertions(+), 6 deletions(-)
 create mode 100755 scripts/modifyGroups-wrapper.sh

diff --git a/scripts/addGroupToDrupalAdmins.sh b/scripts/addGroupToDrupalAdmins.sh
index 0175043..e8a0e33 100755
--- a/scripts/addGroupToDrupalAdmins.sh
+++ b/scripts/addGroupToDrupalAdmins.sh
@@ -1,5 +1,8 @@
 #!/bin/bash
 usage() { echo "Usage: $0 [--group-name <GROUP> --project <PROJECT>]" 1>&2; exit 1; }
+
+KUBECONFIG=~/.kube/config
+
 # Options
 ARGS=$(getopt -o 'g:p:' --long 'group-name:project:' -- "$@") || exit 1
 eval "set -- $ARGS"
@@ -35,15 +38,30 @@ ROLE_ID=$(echo $ROLE_LIST | jq -r '.data[] | select(.name=="administrator") | .i
 
 GROUP_EXISTS=$(curl --silent -X GET "${AUTHZAPI_URL}/${AUTHZAPI_VERSION}/Group/${GROUP_NAME}" -H  "accept: text/plain" -H  "Authorization: Bearer ${BEARER_TOKEN}" -d "" -o /dev/null -w "%{http_code}")
 
+
 if [[ $GROUP_EXISTS != "200" ]]; then
     echo "Error trying to find group in API, error code: ${GROUP_EXISTS}"
     exit 1
 fi
 
+
 # Add group ${GROUP_NAME} to ${ROLE_ID} (administrator) in ${APPLICATION_ID}, as per https://authorization-service-api.web.cern.ch/swagger/index.html#operations-Application-post_api_v1_0_Application__id__roles__roleid__groups__groupid_
-SUCCESS=$(curl --silent -X POST "${AUTHZAPI_URL}/${AUTHZAPI_VERSION}/Application/${APPLICATION_ID}/roles/${ROLE_ID}/groups/${GROUP_NAME}" -H  "accept: text/plain" -H  "Authorization: Bearer ${BEARER_TOKEN}" -d "" -o /dev/null -w "%{http_code}")
-if [[ $SUCCESS != "200" ]]; then
-    echo "Error binding group to admin role, error code: ${SUCCESS}"
+
+SUCCESS=$(curl --silent -X POST "${AUTHZAPI_URL}/${AUTHZAPI_VERSION}/Application/${APPLICATION_ID}/roles/${ROLE_ID}/groups/${GROUP_NAME}" -H  "accept: text/plain" -H  "Authorization: Bearer ${BEARER_TOKEN}" -d "" -i > /tmp/report.txt -w "%{http_code}")
+
+DUPLICATE=$(grep -irn "Duplicate" /tmp/report.txt | awk -F ":" '{print $3}' | awk -F " " '{print $1}'| tr -d '"')
+
+if [[ $SUCCESS != 200 ]]; then
+  if [[ -z "$DUPLICATE" ]]; then
+       echo "Successfully binded ${GROUP_NAME} to applicationID ${APPLICATION_ID}"
+       exit 1
+  fi
+   if [[ $DUPLICATE != "Duplicate" ]]; then
+       echo "http error - Please read /tmp/report.txt file"
+       exit 1
+  fi
+else
+    echo "Successfully binded ${GROUP_NAME} to applicationID ${APPLICATION_ID}"
     exit 1
 fi
-echo "Successfully binded ${GROUP_NAME} to applicationID ${APPLICATION_ID}"
+
diff --git a/scripts/modifyGroups-wrapper.sh b/scripts/modifyGroups-wrapper.sh
new file mode 100755
index 0000000..1a50c99
--- /dev/null
+++ b/scripts/modifyGroups-wrapper.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# ---
+# Script to uniform admin role group mapping
+# 
+# Example usage:
+# oc get projects -l okd.cern.ch/user-project="true" -A -o json --no-headers | jq -r '.items[] | .metadata.name' | xargs -I{} sh modifyGroups-wrapper.sh {}
+# ---
+
+# Check if project name argument is provided
+if [ -z "$1" ]; then
+    echo "Usage: $0 <project_name>"
+    exit 1
+fi
+
+PROJECT="$1"
+
+# Call the necessary commands with the project name
+./addGroupToDrupalAdmins.sh -g drupal-supporters -p "$PROJECT"
+./removeGroupFromDrupalAdmins.sh -g web-team-developers -p "$PROJECT"
+./removeGroupFromDrupalAdmins.sh -g drupal-admins -p "$PROJECT"
+
diff --git a/scripts/removeGroupFromDrupalAdmins.sh b/scripts/removeGroupFromDrupalAdmins.sh
index d380fc8..55fdbc2 100755
--- a/scripts/removeGroupFromDrupalAdmins.sh
+++ b/scripts/removeGroupFromDrupalAdmins.sh
@@ -1,6 +1,9 @@
 #!/bin/bash
 usage() { echo "Usage: $0 [--group-name <GROUP> --project <PROJECT>]" 1>&2; exit 1; }
 # Options
+
+KUBECONFIG=~/.kube/config
+
 ARGS=$(getopt -o 'g:p:' --long 'group-name:project:' -- "$@") || exit 1
 eval "set -- $ARGS"
 
@@ -40,10 +43,12 @@ if [[ $GROUP_EXISTS != "200" ]]; then
     exit 1
 fi
 
+
 # Remove ${GROUP_NAME} of ${ROLE_ID} (administrator) from ${APPLICATION_ID}, as per https://authorization-service-api.web.cern.ch/swagger/index.html#operations-Application-delete_api_v1_0_Application__id__roles__roleid__groups__groupid_
-SUCCESS=$(curl --silent -X DELETE "${AUTHZAPI_URL}/${AUTHZAPI_VERSION}/Application/${APPLICATION_ID}/roles/${ROLE_ID}/groups/${GROUP_NAME}" -H  "accept: text/plain" -H  "Authorization: Bearer ${BEARER_TOKEN}" -d "" -o /dev/null -w "%{http_code}")
-if [[ $SUCCESS != "200" ]]; then
+ SUCCESS=$(curl --silent -X DELETE "${AUTHZAPI_URL}/${AUTHZAPI_VERSION}/Application/${APPLICATION_ID}/roles/${ROLE_ID}/groups/${GROUP_NAME}" -H  "accept: text/plain" -H  "Authorization: Bearer ${BEARER_TOKEN}" -d "" -o /dev/null -w "%{http_code}")
+ if [[ $SUCCESS != "200" ]]; then
     echo "Error binding group to admin role, error code: ${SUCCESS}"
     exit 1
 fi
 echo "Successfully removed ${GROUP_NAME} to applicationID ${APPLICATION_ID}"
+
-- 
GitLab