Forked from superseb/create_user_and_kubeconfig_rancher2.sh
Created
September 7, 2018 04:41
-
-
Save coderczp/9282ef3ecea64ef3b553cfa193850f83 to your computer and use it in GitHub Desktop.
Revisions
-
superseb created this gist
Jun 15, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,33 @@ #!/bin/bash RANCHERENDPOINT=https://your_rancher_endpoint/v3 # The name of the cluster where the user needs to be added CLUSTERNAME=your_cluster_name # Username, password and realname of the user USERNAME=username PASSWORD=password REALNAME=myrealname # Role of the user GLOBALROLE=user CLUSTERROLE=cluster-member # Admin bearer token to create user ADMINBEARERTOKEN=token-xxxxx:x # Create user and assign role USERID=`curl -s -u $ADMINBEARERTOKEN $RANCHERENDPOINT/user -H 'content-type: application/json' --data-binary '{"me":false,"mustChangePassword":false,"type":"user","username":"'$USERNAME'","password":"'$PASSWORD'","name":"'$REALNAME'"}' --insecure | jq -r .id` curl -s -u $ADMINBEARERTOKEN $RANCHERENDPOINT/globalrolebinding -H 'content-type: application/json' --data-binary '{"type":"globalRoleBinding","globalRoleId":"'$GLOBALROLE'","userId":"'$USERID'"}' --insecure # Get clusterid from name CLUSTERID=`curl -s -u $ADMINBEARERTOKEN $RANCHERENDPOINT/clusters?name=$CLUSTERNAME --insecure | jq -r .data[].id` # Add user as member to cluster curl -s -u $ADMINBEARERTOKEN $RANCHERENDPOINT/clusterroletemplatebinding -H 'content-type: application/json' --data-binary '{"type":"clusterRoleTemplateBinding","clusterId":"'$CLUSTERID'","userPrincipalId":"local://'$USERID'","roleTemplateId":"'$CLUSTERROLE'"}' --insecure # Login as user and get usertoken LOGINRESPONSE=`curl -s $RANCHERENDPOINT-public/localProviders/local?action=login -H 'content-type: application/json' --data-binary '{"username":"'$USERNAME'","password":"'$PASSWORD'"}' --insecure` USERTOKEN=`echo $LOGINRESPONSE | jq -r .token` # Generate and save kubeconfig curl -s -u $USERTOKEN $RANCHERENDPOINT/clusters/$CLUSTERID?action=generateKubeconfig -X POST -H 'content-type: application/json' --insecure | jq -r .config > kubeconfig # Set mustChangePassword to true for user to change password upon login curl -s -u $ADMINBEARERTOKEN $RANCHERENDPOINT/users/$USERID -X PUT -H 'content-type: application/json' --data-binary '{"mustChangePassword":true}' --insecure