AWS user account management scripts updates
- start option for create users (-g) - delete user script - update documentation - user lock user script in check user flow output - create user has check for valid username/group name
This commit is contained in:
Clemens Schwaighofer
@@ -25,10 +25,13 @@
|
||||
# They pem pub key must follow the set rules above
|
||||
|
||||
# SET TO 1 to TEST [will not create user/group/folder]
|
||||
TEST=0; # no creation except ssh keys
|
||||
TEST=0; # no actions will be run
|
||||
INFO=0; # no creation of anything, just print info strings
|
||||
GO=1; # without this flag the script will exit with an info box
|
||||
while getopts ":tih:" opt; do
|
||||
case "${opt}" in
|
||||
g|go)
|
||||
GO=1;
|
||||
t|test)
|
||||
TEST=1;
|
||||
;;
|
||||
@@ -41,6 +44,7 @@ while getopts ":tih:" opt; do
|
||||
\?)
|
||||
echo -e "\n Option does not exist: ${OPTARG}\n";
|
||||
echo "Use -t for test and -i for info";
|
||||
echo "Use -g for actually creation run";
|
||||
echo "Override default /home/ folder location with -h <base>";
|
||||
exit 1;
|
||||
;;
|
||||
@@ -153,6 +157,14 @@ if [ $(whoami) != "root" ]; then
|
||||
echo "!!!! Script must be run as root user !!!!";
|
||||
fi;
|
||||
fi;
|
||||
|
||||
# exit if not -g parameter set
|
||||
if [ $GO -eq 0 ]; then
|
||||
echo "Script has to be run with -g option for actual user creation.";
|
||||
echo "It is recommended to run -t for testing prior to user creation.";
|
||||
exit;
|
||||
fi;
|
||||
|
||||
# create users
|
||||
cat "${ROOT_FOLDER}${input_file}" |
|
||||
while read i; do
|
||||
@@ -162,6 +174,13 @@ while read i; do
|
||||
fi;
|
||||
# POS 2: make lower case, remove spaces
|
||||
username=$(echo "${i}" | cut -d ";" -f 2 | tr A-Z a-z | tr -d ' ');
|
||||
# check username is alphanumeric with .
|
||||
if ! [[ "${username}" =~ ^[a-z0-9]+([.a-z0-9_-]+[a-z0-9])?$ ]]; then
|
||||
echo "User name can only be a-z 0-9 - _ . and cannot start or end with - . or _: ${username}";
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
break;
|
||||
fi;
|
||||
fi;
|
||||
# POS 3: groups
|
||||
_group=$(echo "${i}" | cut -d ";" -f 3 | tr A-Z a-z | tr -d ' ');
|
||||
group=$(echo "${_group}" | cut -d "," -f 1);
|
||||
@@ -175,7 +194,9 @@ while read i; do
|
||||
fi;
|
||||
if [ $ssh_forward_ok -eq 0 ] && [ "${ssh_access_type}" = "forward" ]; then
|
||||
echo "[!!!] sshforward group does not exsts, cannot set user ${username}";
|
||||
break;
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
break;
|
||||
fi;
|
||||
fi;
|
||||
ssh_group="ssh${ssh_access_type}";
|
||||
# sshallow group is always added
|
||||
@@ -206,7 +227,21 @@ while read i; do
|
||||
if [ -z "${username}" ] || [ -z "${_group}" ]; then
|
||||
echo "[!!!!!] Missing user or group entry for ${username}/${_group}";
|
||||
echo "[*** ABORT RUN ***]"
|
||||
break;
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
break;
|
||||
fi;
|
||||
else
|
||||
group_error=0;
|
||||
# check group names valid
|
||||
for create_group in ${_group//,/ }; do
|
||||
if ! [[ "${create_group}" =~ ^[a-z0-9]+([a-z0-9_-]+[a-z0-9])?$ ]]; then
|
||||
echo "Group name can only be a-z 0-9 - _ and cannot start or end with - or _: ${create_group}";
|
||||
group_error=1;
|
||||
fi;
|
||||
done;
|
||||
if [ $group_error -eq 1 ] && [ ${TEST} -eq 0 ]; then
|
||||
break;
|
||||
fi;
|
||||
fi;
|
||||
# SSH file name part without folder
|
||||
ssh_keygen_id="${hostname}${separator}${group}${separator}${username}${separator}${ssh_keytype}.pem";
|
||||
|
||||
Reference in New Issue
Block a user