forked from dfrankel33/cmp-api
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathadd_user_to_org.ps1
134 lines (112 loc) · 4.44 KB
/
add_user_to_org.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
param(
$RS_HOST = "us-3.rightscale.com",
$GRS_ORG = "",
$USER_IDS = @(""),
$REFRESH_TOKEN = "",
$ROLE_TITLE = "billing_center_viewer",
$REVOKE_USER_IDS = @("")
)
function Add-OrgUser ($RS_HOST, $ACCESS_TOKEN, $GRS_ORG, $USER_ID) {
try {
Write-Output "Adding User (ID: $USER_ID) to Org $GRS_ORG..."
$contentType = "application/json"
$grsHeader = @{
"X-API-Version"="2.0";
"Authorization"="Bearer $ACCESS_TOKEN"
}
$userPayload = [ordered]@{
"id" = $USER_ID
"href" = "/grs/users/$USER_ID"
"kind" = "user"
} | ConvertTo-Json
$membershipResult = Invoke-WebRequest -UseBasicParsing -Uri "https://$RS_HOST/grs/orgs/$GRS_ORG/users" -Method Post -Headers $grsHeader -ContentType $contentType -Body $userPayload
if($membershipResult.StatusCode -eq "201") {
Write-Output "Successfully added user!"
}
else {
Write-Output "Error adding user!"
}
}
catch {
Write-Output "Error adding user! $($_ | Out-String)"
}
}
function Grant-UserPermission ($RS_HOST, $ACCESS_TOKEN, $GRS_ORG, $USER_ID, $ROLE_HREF) {
try {
Write-Output "Granting Role ($ROLE_HREF) to User (ID: $USER_ID)..."
$contentType = "application/json"
$grsHeader = @{
"X-API-Version"="2.0";
"Authorization"="Bearer $ACCESS_TOKEN"
}
$grantPayload = [ordered]@{
"subject" = [ordered]@{
"href" = "/grs/users/$USER_ID"
}
"role"= [ordered]@{
"href" = $ROLE_HREF
}
} | ConvertTo-Json
$grantResult = Invoke-WebRequest -UseBasicParsing -Uri "https://$RS_HOST/grs/orgs/$GRS_ORG/access_rules/grant" -Method Put -Headers $grsHeader -ContentType $contentType -Body $grantPayload
if($grantResult.StatusCode -eq "204") {
Write-Output "Successfully granted user role!"
}
else {
Write-Output "Error granting user role!"
}
}
catch {
Write-Output "Error granting user role! $($_ | Out-String)"
}
}
function Revoke-UserPermission ($RS_HOST, $ACCESS_TOKEN, $GRS_ORG, $USER_ID, $ROLE_HREF) {
try {
Write-Output "Revoking Role ($ROLE_HREF) from User (ID: $USER_ID)..."
$contentType = "application/json"
$grsHeader = @{
"X-API-Version"="2.0";
"Authorization"="Bearer $ACCESS_TOKEN"
}
$grantPayload = [ordered]@{
"subject" = [ordered]@{
"href" = "/grs/users/$USER_ID"
}
"role"= [ordered]@{
"href" = $ROLE_HREF
}
} | ConvertTo-Json
$grantResult = Invoke-WebRequest -UseBasicParsing -Uri "https://$RS_HOST/grs/orgs/$GRS_ORG/access_rules/revoke" -Method Put -Headers $grsHeader -ContentType $contentType -Body $grantPayload
if($grantResult.StatusCode -eq "204") {
Write-Output "Successfully revoked user role!"
}
else {
Write-Output "Error revoking user role!"
}
}
catch {
Write-Output "Error revoking user role! $($_ | Out-String)"
}
}
$contentType = "application/json"
$oauthHeader = @{"X_API_VERSION"="1.5"}
$oauthBody = @{"grant_type"="refresh_token";"refresh_token"=$REFRESH_TOKEN} | ConvertTo-Json
$oauthResult = Invoke-RestMethod -Uri "https://$RS_HOST/api/oauth2" -Method Post -Headers $oauthHeader -ContentType $contentType -Body $oauthBody
$accessToken = $oauthResult.access_token
# Get Role Href
$grsHeader = @{
"X-API-Version"="2.0";
"Authorization"="Bearer $accessToken"
}
$rolesResult = Invoke-RestMethod -UseBasicParsing -Uri "https://$RS_HOST/grs/orgs/$GRS_ORG/roles" -Method Get -Headers $grsHeader -ContentType $contentType
$roleHref = ($rolesResult | Where-Object name -eq $ROLE_TITLE).href
foreach ($UserID in $USER_IDS){
# Associate Users with Org
Add-OrgUser -RS_HOST $RS_HOST -ACCESS_TOKEN $accessToken -GRS_ORG $GRS_ORG -USER_ID $UserID
# Grant enterprise_manager role
Grant-UserPermission -RS_HOST $RS_HOST -ACCESS_TOKEN $accessToken -GRS_ORG $GRS_ORG -USER_ID $UserID -ROLE_HREF $roleHref
}
if ($REVOKE_USER_IDS){
foreach ($UserID in $REVOKE_USER_IDS){
Revoke-UserPermission -RS_HOST $RS_HOST -ACCESS_TOKEN $accessToken -GRS_ORG $GRS_ORG -USER_ID $UserID -ROLE_HREF $roleHref
}
}