forked from CAAPIM/apim-charts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcreate-tenant.sh
executable file
·157 lines (135 loc) · 4.32 KB
/
create-tenant.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
#!/bin/bash
values=(adminEmail auditLogLevel multiclusterEnabled noReplyEmail performanceLogLevel portalLogLevel portalName subdomain tenantId tenantType termOfUse)
function validate_payload() {
for i in "${!values[@]}"; do
key="${values[i]}"
grep -q ${key} ${data} || error=missing
if [ -n "$error" ]; then
echo "${key} is missing from your payload"
exit 1
fi
if [ "$key" == tenantId ]; then
#Regex match to grab correct tenantID
re="\"tenantId\" ?: ?\"([^\"]*)\""
json=$(cat ${data})
TENANTID=${key}
if [[ ${json} =~ ${re} ]]; then
TENANTID=${BASH_REMATCH[1]}
fi
fi
done
}
function print_steps() {
tenant_id=${TENANTID:-"tenantId"}
domain=${enrollHost#*.}
echo "
The tenant has been added to the database. The tenant info can be found in the tenant_info file in the current directory.
Please follow the rest of the instructions at TechDocs to enroll your gateway with the portal.
(https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-developer-portal/5-2/install-configure-and-upgrade/post-installation-tasks/enroll-a-layer7-api-gateway.html)
1. You will need to navigate to the portal at https://${tenant_id}.${domain} and create a new API PROXY.
2. Copy the enrollment URL
3. Open your tenant gateway and enroll this gateway with the portal using the URL from step 2.
"
}
function hostname_resolves() {
if ! ping -c 2 $enrollHost &> /dev/null; then
echo "$enrollHost is not resolvable. Please make sure this points to your portal IP address."
exit 1
else
echo "$enrollHost is reachable"
fi
}
function retrieve_key() {
apimKey=$(kubectl get secret $keyname -n $namespace -o 'go-template={{index .data "apim-tps.key" | base64decode | base64decode }}' 2>&1 > apim-tps.key)
apimCert=$(kubectl get secret $keyname -n $namespace -o 'go-template={{index .data "apim-tps.crt" | base64decode | base64decode }}' 2>&1 > apim-tps.crt)
if [[ $apimKey == *"Error"* ]] || [[ $apimCert == *"Error"* ]] ; then
echo "Please check you've set the correct key name, it should be portal-internal-secret, check tls.internalSecretName in your values file."
cleanup
exit 1
else
echo "Enrollment key retrieved"
fi
}
function retrieve_enrollment_host() {
enrollHost=$(kubectl get configmap apim-config -n $namespace -o 'go-template={{index .data "TSSG_PUBLIC_HOST" }}' 2>&1)
enrollPort=$(kubectl get configmap apim-config -n $namespace -o 'go-template={{index .data "TSSG_PUBLIC_PORT" }}' 2>&1)
if [[ $enrollHost == *"Error"* ]] || [[ $enrollPort == *"Error"* ]] ; then
echo "Please check you've set the correct namespace and have the Chart installed"
exit 1
else
echo "your enrollment endpoint is https://$enrollHost:$enrollPort/provision/tenants"
fi
}
function cleanup() {
rm apim-tps.key
rm apim-tps.crt
}
function create_tenant() {
STATUSCODE=$(curl --silent --output tenant_info.json --write-out "%{http_code}" \
-X POST -k https://$enrollHost:$enrollPort/provision/tenants \
--cert ./apim-tps.crt --key ./apim-tps.key -H "Accept: application/json" \
-H "Content-Type: application/json" -d @${data})
if test $STATUSCODE -ne 201; then
message=$(cat tenant_info.json)
echo ""
echo $message
echo ""
cleanup
exit 1
else
print_steps
fi
}
function usage(){
echo ""
echo "Usage:"
echo "-d *required enrollment payload see creating a tenant"
echo "-k portal internal certificate secret name (default: portal-internal-secret)"
echo "-n the namespace that you deployed the Portal into (default: default)"
echo " ./create_tenant.sh -d enroll.json -k <portal-internal-secret> -n kubernetesNamespace."
echo ""
exit 0
}
function main() {
if [[ -z "$1" ]]; then
usage
else
# Check parameters
while getopts "d:k:n:" opt; do
case ${opt} in
d)
data=$OPTARG
if [ -f $OPTARG ];
then data=$OPTARG
else
echo "please specify a valid path to your enrollment payload"
exit 1
fi
;;
k)
keyname=$OPTARG
;;
n)
namespace=$OPTARG
;;
*)
usage
;;
esac
done
fi
if [ -z "$namespace" ]; then
namespace="default"
fi
if [ -z "$keyname" ]; then
keyname="portal-internal-secret"
fi
validate_payload
retrieve_enrollment_host
# Commenting the below as it is not applicable for Cloud environments
# hostname_resolves
retrieve_key
create_tenant
cleanup
}
main "$@"