UNPKG

@f5devcentral/f5-cloud-libs/scripts/createUser.sh

Version:

3.69 kBapplication/x-shView Raw

1#!/bin/bash
2USAGE_SHORT="Usage: $0 --user <user_name> --password <password> --password-file <file_containing_password>"
3read -r -d '' USAGE_LONG << EOM
4    Usage: $0
5        -h|--help               Print this message and exit
6        --user <user_name>      User to create, or 'admin' to update admin password
7        --password <password>   Password to set for user. Must specify this or --password-file
8        --password-file <file>  Full path to file containing password to set for user. Must specify this or --password
9        --password-encrypted    Indicates that the password is encrypted *
10
11    * If using an encrypted password, assumes it was encrypted with encrypteDataToFile.js or generatePassword.js
12EOM
13
14ARGS=`getopt -o h --long help,user:,password:,password-file:,password-encrypted -n $0 -- "$@"`
15if [ $? -ne 0 ]; then
16    echo $USAGE_SHORT
17    exit 1
18fi
19
20eval set -- "$ARGS"
21
22# Commands
23SED=/bin/sed
24TMSH=/usr/bin/tmsh
25SHRED=/usr/bin/shred
26
27# Defaults
28HELP=false
29PASSWORD_ENCRYPTED=false
30
31# Parse the command line arguments
32while true; do
33    case "$1" in
34        -h|--help)
35            HELP=true;
36            shift ;;
37        --user)
38            USERNAME="$2";
39            shift 2 ;;
40        --password)
41            RAW_PASSWORD="$2";
42            shift 2 ;;
43        --password-file)
44            PASSWORD_FILE="$2";
45            shift 2 ;;
46        --password-encrypted)
47            PASSWORD_ENCRYPTED=true;
48            shift ;;
49        --)
50            shift
51            break ;;
52    esac
53done
54
55if [[ $HELP == true ]]; then
56    echo "$USAGE_LONG"
57    exit
58fi
59
60if  [[ -z "$USERNAME" ]] || [[ -z "$RAW_PASSWORD" && -z "$PASSWORD_FILE" ]]; then
61    echo "$USAGE_LONG"
62    exit 1
63fi
64
65. $(dirname $0)/util.sh
66
67if [[ -n "$PASSWORD_FILE" ]]; then
68    RAW_PASSWORD=$(cat "$PASSWORD_FILE")
69fi
70
71if [[ "$PASSWORD_ENCRYPTED" == true ]]; then
72
73    BIG_IP_LOCAL_PRIVATE_KEY_FOLDER=CloudLibsLocal
74    BIG_IP_LOCAL_PRIVATE_KEY_NAME=cloudLibsLocalPrivate
75    BIG_IP_LOCAL_PRIVATE_KEY_SUFFIXED_NAME=cloudLibsLocalPrivate.key
76
77    # get passphrase and decrypt for local private key
78    create_temp_dir /mnt/cloudTemp 8k
79    PASSPHRASE_FILE=/mnt/cloudTemp/passphrase.out
80
81    # Search for ssl-key with .key suffix
82    if [[ -n $(/usr/bin/tmsh list sys file ssl-key /${BIG_IP_LOCAL_PRIVATE_KEY_FOLDER}/${BIG_IP_LOCAL_PRIVATE_KEY_SUFFIXED_NAME}) ]]; then
83        BIG_IP_LOCAL_PRIVATE_KEY_NAME="$BIG_IP_LOCAL_PRIVATE_KEY_SUFFIXED_NAME"
84    fi
85    
86    PASSPHRASE=$(/usr/bin/tmsh list sys file ssl-key /${BIG_IP_LOCAL_PRIVATE_KEY_FOLDER}/${BIG_IP_LOCAL_PRIVATE_KEY_NAME} | /bin/grep passphrase | /bin/awk '{print $2}')
87    $(dirname $0)/decryptConfValue "$PASSPHRASE" > "$PASSPHRASE_FILE"
88
89    # get path to private key
90    PRIVATE_KEY_FULL_PATH=$(get_private_key_path "$BIG_IP_LOCAL_PRIVATE_KEY_FOLDER" "$BIG_IP_LOCAL_PRIVATE_KEY_NAME")
91
92    # decrypt password
93    if [[ -n "$PRIVATE_KEY_FULL_PATH"  ]]; then
94        ACTUAL_PASSWORD=$(/usr/bin/base64 -d <<< "$RAW_PASSWORD" | /usr/bin/openssl pkeyutl -decrypt -passin file:"$PASSPHRASE_FILE" -inkey "$PRIVATE_KEY_FULL_PATH" -pkeyopt rsa_padding_mode:oaep)
95    else
96        echo No private key found
97    fi
98
99    # clean up
100    wipe_temp_dir /mnt/cloudTemp
101else
102    ACTUAL_PASSWORD="$RAW_PASSWORD"
103fi
104
105if [[ -n "$ACTUAL_PASSWORD" ]]; then
106    PASSWORD=$(echo "$ACTUAL_PASSWORD" | $SED -e $'s:[!\'"%{};/|#\x20\\\\]:\\\\&:g')
107
108    if [[ "$USERNAME" == admin ]]; then
109        $TMSH modify /auth user "$USERNAME" password "$PASSWORD"
110    else
111        $TMSH create auth user "$USERNAME" password "$PASSWORD" shell bash partition-access replace-all-with { all-partitions { role admin } }
112    fi
113else
114    echo Could not retrieve password
115    exit 1
116fi
117
\No newline at end of file

1	`#!/bin/bash`
2	`USAGE_SHORT="Usage: $0 --user <user_name> --password <password> --password-file <file_containing_password>"`
3	`read -r -d '' USAGE_LONG << EOM`
4	`Usage: $0`
5	`-h\|--help Print this message and exit`
6	`--user <user_name> User to create, or 'admin' to update admin password`
7	`--password <password> Password to set for user. Must specify this or --password-file`
8	`--password-file <file> Full path to file containing password to set for user. Must specify this or --password`
9	`--password-encrypted Indicates that the password is encrypted *`
10
11	`* If using an encrypted password, assumes it was encrypted with encrypteDataToFile.js or generatePassword.js`
12	`EOM`
13
14	ARGS=`getopt -o h --long help,user:,password:,password-file:,password-encrypted -n $0 -- "$@"`
15	`if [ $? -ne 0 ]; then`
16	`echo $USAGE_SHORT`
17	`exit 1`
18	`fi`
19
20	`eval set -- "$ARGS"`
21
22	`# Commands`
23	`SED=/bin/sed`
24	`TMSH=/usr/bin/tmsh`
25	`SHRED=/usr/bin/shred`
26
27	`# Defaults`
28	`HELP=false`
29	`PASSWORD_ENCRYPTED=false`
30
31	`# Parse the command line arguments`
32	`while true; do`
33	`case "$1" in`
34	`-h\|--help)`
35	`HELP=true;`
36	`shift ;;`
37	`--user)`
38	`USERNAME="$2";`
39	`shift 2 ;;`
40	`--password)`
41	`RAW_PASSWORD="$2";`
42	`shift 2 ;;`
43	`--password-file)`
44	`PASSWORD_FILE="$2";`
45	`shift 2 ;;`
46	`--password-encrypted)`
47	`PASSWORD_ENCRYPTED=true;`
48	`shift ;;`
49	`--)`
50	`shift`
51	`break ;;`
52	`esac`
53	`done`
54
55	`if [[ $HELP == true ]]; then`
56	`echo "$USAGE_LONG"`
57	`exit`
58	`fi`
59
60	`if [[ -z "$USERNAME" ]] \|\| [[ -z "$RAW_PASSWORD" && -z "$PASSWORD_FILE" ]]; then`
61	`echo "$USAGE_LONG"`
62	`exit 1`
63	`fi`
64
65	`. $(dirname $0)/util.sh`
66
67	`if [[ -n "$PASSWORD_FILE" ]]; then`
68	`RAW_PASSWORD=$(cat "$PASSWORD_FILE")`
69	`fi`
70
71	`if [[ "$PASSWORD_ENCRYPTED" == true ]]; then`
72
73	`BIG_IP_LOCAL_PRIVATE_KEY_FOLDER=CloudLibsLocal`
74	`BIG_IP_LOCAL_PRIVATE_KEY_NAME=cloudLibsLocalPrivate`
75	`BIG_IP_LOCAL_PRIVATE_KEY_SUFFIXED_NAME=cloudLibsLocalPrivate.key`
76
77	`# get passphrase and decrypt for local private key`
78	`create_temp_dir /mnt/cloudTemp 8k`
79	`PASSPHRASE_FILE=/mnt/cloudTemp/passphrase.out`
80
81	`# Search for ssl-key with .key suffix`
82	`if [[ -n $(/usr/bin/tmsh list sys file ssl-key /${BIG_IP_LOCAL_PRIVATE_KEY_FOLDER}/${BIG_IP_LOCAL_PRIVATE_KEY_SUFFIXED_NAME}) ]]; then`
83	`BIG_IP_LOCAL_PRIVATE_KEY_NAME="$BIG_IP_LOCAL_PRIVATE_KEY_SUFFIXED_NAME"`
84	`fi`
85
86	`PASSPHRASE=$(/usr/bin/tmsh list sys file ssl-key /${BIG_IP_LOCAL_PRIVATE_KEY_FOLDER}/${BIG_IP_LOCAL_PRIVATE_KEY_NAME} \| /bin/grep passphrase \| /bin/awk '{print $2}')`
87	`$(dirname $0)/decryptConfValue "$PASSPHRASE" > "$PASSPHRASE_FILE"`
88
89	`# get path to private key`
90	`PRIVATE_KEY_FULL_PATH=$(get_private_key_path "$BIG_IP_LOCAL_PRIVATE_KEY_FOLDER" "$BIG_IP_LOCAL_PRIVATE_KEY_NAME")`
91
92	`# decrypt password`
93	`if [[ -n "$PRIVATE_KEY_FULL_PATH" ]]; then`
94	`ACTUAL_PASSWORD=$(/usr/bin/base64 -d <<< "$RAW_PASSWORD" \| /usr/bin/openssl pkeyutl -decrypt -passin file:"$PASSPHRASE_FILE" -inkey "$PRIVATE_KEY_FULL_PATH" -pkeyopt rsa_padding_mode:oaep)`
95	`else`
96	`echo No private key found`
97	`fi`
98
99	`# clean up`
100	`wipe_temp_dir /mnt/cloudTemp`
101	`else`
102	`ACTUAL_PASSWORD="$RAW_PASSWORD"`
103	`fi`
104
105	`if [[ -n "$ACTUAL_PASSWORD" ]]; then`
106	`PASSWORD=$(echo "$ACTUAL_PASSWORD" \| $SED -e $'s:[!\'"%{};/\|#\x20\\\\]:\\\\&:g')`
107
108	`if [[ "$USERNAME" == admin ]]; then`
109	`$TMSH modify /auth user "$USERNAME" password "$PASSWORD"`
110	`else`
111	`$TMSH create auth user "$USERNAME" password "$PASSWORD" shell bash partition-access replace-all-with { all-partitions { role admin } }`
112	`fi`
113	`else`
114	`echo Could not retrieve password`
115	`exit 1`
116	`fi`
117
\	No newline at end of file