From 1318dfa73fbd7a640f6162fad354ba9f011765b9 Mon Sep 17 00:00:00 2001
From: Christina Petala <cpetala@lxplus806.cern.ch>
Date: Thu, 6 Jun 2024 09:45:14 +0200
Subject: [PATCH 1/2] modified add/remove group scripts and added a wrapper
 script

---
 scripts/addGroupToDrupalAdmins.sh      | 26 ++++++++++++++++++++++----
 scripts/modifyGroups-wrapper.sh        | 15 +++++++++++++++
 scripts/removeGroupFromDrupalAdmins.sh |  9 +++++++--
 3 files changed, 44 insertions(+), 6 deletions(-)
 create mode 100755 scripts/modifyGroups-wrapper.sh

diff --git a/scripts/addGroupToDrupalAdmins.sh b/scripts/addGroupToDrupalAdmins.sh
index 0175043..e8a0e33 100755
--- a/scripts/addGroupToDrupalAdmins.sh
+++ b/scripts/addGroupToDrupalAdmins.sh
@@ -1,5 +1,8 @@
 #!/bin/bash
 usage() { echo "Usage: $0 [--group-name <GROUP> --project <PROJECT>]" 1>&2; exit 1; }
+
+KUBECONFIG=~/.kube/config
+
 # Options
 ARGS=$(getopt -o 'g:p:' --long 'group-name:project:' -- "$@") || exit 1
 eval "set -- $ARGS"
@@ -35,15 +38,30 @@ ROLE_ID=$(echo $ROLE_LIST | jq -r '.data[] | select(.name=="administrator") | .i
 
 GROUP_EXISTS=$(curl --silent -X GET "${AUTHZAPI_URL}/${AUTHZAPI_VERSION}/Group/${GROUP_NAME}" -H  "accept: text/plain" -H  "Authorization: Bearer ${BEARER_TOKEN}" -d "" -o /dev/null -w "%{http_code}")
 
+
 if [[ $GROUP_EXISTS != "200" ]]; then
     echo "Error trying to find group in API, error code: ${GROUP_EXISTS}"
     exit 1
 fi
 
+
 # Add group ${GROUP_NAME} to ${ROLE_ID} (administrator) in ${APPLICATION_ID}, as per https://authorization-service-api.web.cern.ch/swagger/index.html#operations-Application-post_api_v1_0_Application__id__roles__roleid__groups__groupid_
-SUCCESS=$(curl --silent -X POST "${AUTHZAPI_URL}/${AUTHZAPI_VERSION}/Application/${APPLICATION_ID}/roles/${ROLE_ID}/groups/${GROUP_NAME}" -H  "accept: text/plain" -H  "Authorization: Bearer ${BEARER_TOKEN}" -d "" -o /dev/null -w "%{http_code}")
-if [[ $SUCCESS != "200" ]]; then
-    echo "Error binding group to admin role, error code: ${SUCCESS}"
+
+SUCCESS=$(curl --silent -X POST "${AUTHZAPI_URL}/${AUTHZAPI_VERSION}/Application/${APPLICATION_ID}/roles/${ROLE_ID}/groups/${GROUP_NAME}" -H  "accept: text/plain" -H  "Authorization: Bearer ${BEARER_TOKEN}" -d "" -i > /tmp/report.txt -w "%{http_code}")
+
+DUPLICATE=$(grep -irn "Duplicate" /tmp/report.txt | awk -F ":" '{print $3}' | awk -F " " '{print $1}'| tr -d '"')
+
+if [[ $SUCCESS != 200 ]]; then
+  if [[ -z "$DUPLICATE" ]]; then
+       echo "Successfully binded ${GROUP_NAME} to applicationID ${APPLICATION_ID}"
+       exit 1
+  fi
+   if [[ $DUPLICATE != "Duplicate" ]]; then
+       echo "http error - Please read /tmp/report.txt file"
+       exit 1
+  fi
+else
+    echo "Successfully binded ${GROUP_NAME} to applicationID ${APPLICATION_ID}"
     exit 1
 fi
-echo "Successfully binded ${GROUP_NAME} to applicationID ${APPLICATION_ID}"
+
diff --git a/scripts/modifyGroups-wrapper.sh b/scripts/modifyGroups-wrapper.sh
new file mode 100755
index 0000000..ba43ac5
--- /dev/null
+++ b/scripts/modifyGroups-wrapper.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Check if project name argument is provided
+if [ -z "$1" ]; then
+    echo "Usage: $0 <project_name>"
+    exit 1
+fi
+
+PROJECT="$1"
+
+# Call the necessary commands with the project name
+./addGroupToDrupalAdmins.sh -g drupal-supporters -p "$PROJECT"
+./removeGroupFromDrupalAdmins.sh -g web-team-developers -p "$PROJECT"
+./removeGroupFromDrupalAdmins.sh -g drupal-admins -p "$PROJECT"
+
diff --git a/scripts/removeGroupFromDrupalAdmins.sh b/scripts/removeGroupFromDrupalAdmins.sh
index d380fc8..55fdbc2 100755
--- a/scripts/removeGroupFromDrupalAdmins.sh
+++ b/scripts/removeGroupFromDrupalAdmins.sh
@@ -1,6 +1,9 @@
 #!/bin/bash
 usage() { echo "Usage: $0 [--group-name <GROUP> --project <PROJECT>]" 1>&2; exit 1; }
 # Options
+
+KUBECONFIG=~/.kube/config
+
 ARGS=$(getopt -o 'g:p:' --long 'group-name:project:' -- "$@") || exit 1
 eval "set -- $ARGS"
 
@@ -40,10 +43,12 @@ if [[ $GROUP_EXISTS != "200" ]]; then
     exit 1
 fi
 
+
 # Remove ${GROUP_NAME} of ${ROLE_ID} (administrator) from ${APPLICATION_ID}, as per https://authorization-service-api.web.cern.ch/swagger/index.html#operations-Application-delete_api_v1_0_Application__id__roles__roleid__groups__groupid_
-SUCCESS=$(curl --silent -X DELETE "${AUTHZAPI_URL}/${AUTHZAPI_VERSION}/Application/${APPLICATION_ID}/roles/${ROLE_ID}/groups/${GROUP_NAME}" -H  "accept: text/plain" -H  "Authorization: Bearer ${BEARER_TOKEN}" -d "" -o /dev/null -w "%{http_code}")
-if [[ $SUCCESS != "200" ]]; then
+ SUCCESS=$(curl --silent -X DELETE "${AUTHZAPI_URL}/${AUTHZAPI_VERSION}/Application/${APPLICATION_ID}/roles/${ROLE_ID}/groups/${GROUP_NAME}" -H  "accept: text/plain" -H  "Authorization: Bearer ${BEARER_TOKEN}" -d "" -o /dev/null -w "%{http_code}")
+ if [[ $SUCCESS != "200" ]]; then
     echo "Error binding group to admin role, error code: ${SUCCESS}"
     exit 1
 fi
 echo "Successfully removed ${GROUP_NAME} to applicationID ${APPLICATION_ID}"
+
-- 
GitLab


From cd1e003bba22a9671cd7d61064c0046bce7e1c47 Mon Sep 17 00:00:00 2001
From: Carina Antunes <carina.oliveira.antunes@cern.ch>
Date: Thu, 6 Jun 2024 17:11:45 +0200
Subject: [PATCH 2/2] Update modifyGroups-wrapper.sh

---
 scripts/modifyGroups-wrapper.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/scripts/modifyGroups-wrapper.sh b/scripts/modifyGroups-wrapper.sh
index ba43ac5..1a50c99 100755
--- a/scripts/modifyGroups-wrapper.sh
+++ b/scripts/modifyGroups-wrapper.sh
@@ -1,5 +1,12 @@
 #!/bin/bash
 
+# ---
+# Script to uniform admin role group mapping
+# 
+# Example usage:
+# oc get projects -l okd.cern.ch/user-project="true" -A -o json --no-headers | jq -r '.items[] | .metadata.name' | xargs -I{} sh modifyGroups-wrapper.sh {}
+# ---
+
 # Check if project name argument is provided
 if [ -z "$1" ]; then
     echo "Usage: $0 <project_name>"
-- 
GitLab