mirror of https://github.com/ovh/the-bastion
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51 lines
1.7 KiB
51 lines
1.7 KiB
#! /usr/bin/env bash
|
|
# vim: set filetype=sh ts=4 sw=4 sts=4 et:
|
|
set -e
|
|
|
|
basedir=$(readlink -f "$(dirname "$0")"/../..)
|
|
# shellcheck source=lib/shell/functions.inc
|
|
. "$basedir"/lib/shell/functions.inc
|
|
|
|
if [ -z "$2" ] || [ -n "$3" ]; then
|
|
echo "Usage: $0 <NAME> <UID>"
|
|
echo "Note: UID can be the special value 'AUTO'"
|
|
exit 1
|
|
fi
|
|
|
|
if [ "$2" = AUTO ] || [ "$2" = auto ]; then
|
|
USER=root HOME=/root "$basedir/bin/plugin/restricted/accountCreate" '' '' '' '' --uid-auto --account "$1"
|
|
else
|
|
USER=root HOME=/root "$basedir/bin/plugin/restricted/accountCreate" '' '' '' '' --uid "$2" --account "$1"
|
|
fi
|
|
|
|
"$basedir"/bin/admin/grant-all-restricted-commands-to.sh "$1"
|
|
|
|
add_user_to_group_compat "$1" "osh-admin"
|
|
|
|
configline=$(BASEDIR="$basedir" ACCOUNT="$1" perl -e '
|
|
use lib $ENV{BASEDIR}."/lib/perl";
|
|
use JSON;
|
|
use OVH::Bastion;
|
|
my $C = OVH::Bastion::load_configuration();
|
|
if (!$C->value || ref $C->value->{adminAccounts} ne "ARRAY") { die "Could not add $ENV{ACCOUNT} in \"adminAccounts\" of bastion.conf, please do it manually!"; }
|
|
my $account = $ENV{ACCOUNT};
|
|
my $adminAccounts = $C->value->{adminAccounts};
|
|
# Check if account is already in adminAccounts array
|
|
my $already_exists = 0;
|
|
foreach my $existing_account (@$adminAccounts) {
|
|
if ($existing_account eq $account) {
|
|
$already_exists = 1;
|
|
last;
|
|
}
|
|
}
|
|
# Only add if not already present
|
|
if (!$already_exists) {
|
|
push @{ $C->value->{adminAccounts} }, $account;
|
|
}
|
|
print encode_json($C->value->{adminAccounts});
|
|
')
|
|
|
|
if [ -n "$configline" ]; then
|
|
sed_compat 's/^"adminAccounts": .*/"adminAccounts": '"$configline"',/' "$BASTION_ETC_DIR/bastion.conf"
|
|
fi
|