-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcreate-rbac-user.sh
More file actions
executable file
·26 lines (22 loc) · 1.12 KB
/
create-rbac-user.sh
File metadata and controls
executable file
·26 lines (22 loc) · 1.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#!/usr/bin/env bash
# Create a least-privilege RBAC user for an application service.
# Usage: ./create-rbac-user.sh <host> <admin-user> <admin-pass> <new-user> <new-pass> <bucket> [scope]
# Example (bucket-wide):
# ./create-rbac-user.sh localhost Administrator password myapp-service AppSecret123! myapp
# Example (scope-scoped):
# ./create-rbac-user.sh localhost Administrator password auth-svc AuthSecret! platform auth-service
set -euo pipefail
HOST="${1:?Usage: $0 <host> <admin-user> <admin-pass> <new-user> <new-pass> <bucket> [scope]}"
ADMIN_USER="${2:?}"
ADMIN_PASS="${3:?}"
NEW_USER="${4:?}"
NEW_PASS="${5:?}"
BUCKET="${6:?}"
SCOPE="${7:-*}"
ROLES="data_reader[${BUCKET}:${SCOPE}:*],data_writer[${BUCKET}:${SCOPE}:*],query_select[${BUCKET}:${SCOPE}:*],query_insert[${BUCKET}:${SCOPE}:*],query_update[${BUCKET}:${SCOPE}:*],query_delete[${BUCKET}:${SCOPE}:*]"
echo "Creating user '${NEW_USER}' with roles on ${BUCKET}:${SCOPE}:*"
curl -sf -X PUT "http://${HOST}:8091/settings/rbac/users/local/${NEW_USER}" \
-u "${ADMIN_USER}:${ADMIN_PASS}" \
-d "password=${NEW_PASS}&roles=${ROLES}" \
| jq .
echo "User '${NEW_USER}' created."