166 lines
5.3 KiB
Bash
Executable File
166 lines
5.3 KiB
Bash
Executable File
# Check if ibmcloud is in user's account
|
|
ibmcloud_accountname=$(ibmcloud target --output json | jq -j '.account.name')
|
|
|
|
## check if account is in quicklabs (labs.cognitiveclass.ai) or workshop clusters account in DEG
|
|
if [ "$ibmcloud_accountname" = "QuickLabs - IBM Skills Network" ]; then
|
|
echo "\n"
|
|
echo "WARNING: You're logged in as ${ibmcloud_accountname}"
|
|
echo "Please log in again using -- ibmcloud login -u YOUR_IBM_CLOUD_EMAIL"
|
|
echo "and run this script again"
|
|
exit 1
|
|
elif [ "$ibmcloud_accountname" = "DEGCloud DEGCloud's Account" ]; then
|
|
echo "\n"
|
|
echo "WARNING: You're logged in as ${ibmcloud_accountname}"
|
|
echo "Please log in again using -- ibmcloud login -u YOUR_IBM_CLOUD_EMAIL"
|
|
echo "and run this script again"
|
|
exit 1
|
|
fi
|
|
# end check
|
|
|
|
|
|
RG=$(ibmcloud resource groups --default | grep -i ^default | awk '{print $1}')
|
|
ibmcloud target -g $RG
|
|
|
|
ibmcloud resource service-instance appid-example-bank
|
|
if [ "$?" -ne "0" ]; then
|
|
ibmcloud resource service-instance-create appid-example-bank appid lite us-south
|
|
fi
|
|
|
|
ibmcloud resource service-key appid-example-bank-credentials
|
|
if [ "$?" -ne "0" ]; then
|
|
ibmcloud resource service-key-create appid-example-bank-credentials Writer --instance-name appid-example-bank
|
|
fi
|
|
|
|
credentials=$(ibmcloud resource service-key appid-example-bank-credentials)
|
|
|
|
mgmturl=$(echo "$credentials" | awk '/managementUrl/{ print $2 }')
|
|
apikey=$(echo "$credentials" | awk '/apikey/{ print $2 }')
|
|
|
|
iamtoken=$(ibmcloud iam oauth-tokens | awk '/IAM/{ print $3" "$4 }')
|
|
|
|
printf "\nSetting cloud directory options\n"
|
|
response=$(curl -X PUT -w "\n%{http_code}" \
|
|
-H 'Content-Type: application/json' \
|
|
-H 'Accept: application/json' \
|
|
-H "Authorization: $iamtoken" \
|
|
-d '{
|
|
"isActive":true,
|
|
"config":
|
|
{
|
|
"selfServiceEnabled":true,
|
|
"interactions":
|
|
{
|
|
"identityConfirmation":
|
|
{
|
|
"accessMode":"OFF",
|
|
"methods": ["email"]
|
|
},
|
|
"welcomeEnabled":true,
|
|
"resetPasswordEnabled":true,
|
|
"resetPasswordNotificationEnable":true
|
|
},
|
|
"signupEnabled":true,
|
|
"identityField":"userName"
|
|
}
|
|
}' \
|
|
"${mgmturl}/config/idps/cloud_directory")
|
|
|
|
echo $response
|
|
|
|
code=$(echo "${response}" | tail -n1)
|
|
[ "$code" -ne "200" ] && printf "\nFAILED to set cloud directory options\n" && exit 1
|
|
|
|
printf "\nCreating application\n"
|
|
response=$(curl -X POST -w "\n%{http_code}" \
|
|
-H 'Content-Type: application/json' \
|
|
-H 'Accept: application/json' \
|
|
-H "Authorization: $iamtoken" \
|
|
-d '{"name": "mobile-simulator", "type": "regularwebapp"}' \
|
|
"${mgmturl}/applications")
|
|
|
|
echo $response
|
|
|
|
code=$(echo "${response}" | tail -n1)
|
|
[ "$code" -ne "200" ] && printf "\nFAILED to create application\n" && exit 1
|
|
|
|
clientid=$(echo "${response}" | head -n1 | jq -j '.clientId')
|
|
|
|
printf "\nDefining admin scope\n"
|
|
response=$(curl -X PUT -w "\n%{http_code}" \
|
|
-H 'Content-Type: application/json' \
|
|
-H 'Accept: application/json' \
|
|
-H "Authorization: $iamtoken" \
|
|
-d '{"scopes": ["admin"]}' \
|
|
"${mgmturl}/applications/$clientid/scopes")
|
|
|
|
echo $response
|
|
|
|
code=$(echo "${response}" | tail -n1)
|
|
[ "$code" -ne "200" ] && printf "\nFAILED to define admin scope\n" && exit 1
|
|
|
|
printf "\nDefining admin role\n"
|
|
response=$(curl -X POST -w "\n%{http_code}" \
|
|
-H 'Content-Type: application/json' \
|
|
-H 'Accept: application/json' \
|
|
-H "Authorization: $iamtoken" \
|
|
-d '{"name": "admin",
|
|
"access": [ {"application_id": "'$clientid'", "scopes": [ "admin" ]} ]
|
|
}' \
|
|
"${mgmturl}/roles")
|
|
|
|
echo $response
|
|
|
|
code=$(echo "${response}" | tail -n1)
|
|
[ "$code" -ne "201" ] && printf "\nFAILED to define admin role\n" && exit 1
|
|
|
|
roleid=$(echo "${response}" | head -n1 | jq -j '.id')
|
|
|
|
printf "\nDefining admin user in cloud directory\n"
|
|
response=$(curl -X POST -w "\n%{http_code}" \
|
|
-H 'Content-Type: application/json' \
|
|
-H 'Accept: application/json' \
|
|
-H "Authorization: $iamtoken" \
|
|
-d '{"emails": [
|
|
{"value": "bankadmin@yopmail.com","primary": true}
|
|
],
|
|
"userName": "bankadmin",
|
|
"password": "password"
|
|
}' \
|
|
"${mgmturl}/cloud_directory/sign_up?shouldCreateProfile=true")
|
|
|
|
echo $response
|
|
|
|
code=$(echo "${response}" | tail -n1)
|
|
[ "$code" -ne "201" ] && printf "\nFAILED to define admin user in cloud directory\n" && exit 1
|
|
|
|
printf "\nGetting admin user profile\n"
|
|
response=$(curl -X GET -w "\n%{http_code}" \
|
|
-H 'Content-Type: application/json' \
|
|
-H 'Accept: application/json' \
|
|
-H "Authorization: $iamtoken" \
|
|
"${mgmturl}/users?email=bankadmin@yopmail.com&dataScope=index")
|
|
|
|
echo $response
|
|
|
|
code=$(echo "${response}" | tail -n1)
|
|
[ "$code" -ne "200" ] && printf "\nFAILED to get admin user profile\n" && exit 1
|
|
|
|
userid=$(echo "${response}" | head -n1 | jq -j '.users[0].id')
|
|
|
|
printf "\nAdding admin role to admin user\n"
|
|
response=$(curl -X PUT -w "\n%{http_code}" \
|
|
-H 'Content-Type: application/json' \
|
|
-H 'Accept: application/json' \
|
|
-H "Authorization: $iamtoken" \
|
|
-d '{"roles": { "ids": ["'$roleid'"]}}' \
|
|
"${mgmturl}/users/$userid/roles")
|
|
|
|
echo $response
|
|
|
|
code=$(echo "${response}" | tail -n1)
|
|
[ "$code" -ne "200" ] && printf "\nFAILED to add admin role to admin user\n" && exit 1
|
|
|
|
printf "\nApp ID instance created and configured"
|
|
printf "\nManagement server: $mgmturl"
|
|
printf "\nApi key: $apikey"
|
|
printf "\n" |