-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.go
More file actions
81 lines (68 loc) · 2.68 KB
/
main.go
File metadata and controls
81 lines (68 loc) · 2.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
package main
import (
"context"
"flag"
"log"
"cloud.google.com/go/datastore"
secretmanager "cloud.google.com/go/secretmanager/apiv1"
"github.com/m-lab/autojoin/internal/adminx"
"github.com/m-lab/autojoin/internal/adminx/crmiface"
"github.com/m-lab/autojoin/internal/adminx/iamiface"
"github.com/m-lab/autojoin/internal/dnsname"
"github.com/m-lab/autojoin/internal/dnsx"
"github.com/m-lab/autojoin/internal/dnsx/dnsiface"
"github.com/m-lab/go/rtx"
"github.com/m-lab/token-exchange/store"
"google.golang.org/api/cloudresourcemanager/v1"
"google.golang.org/api/dns/v1"
iam "google.golang.org/api/iam/v1"
)
var (
org string
orgEmail string
project string
updateTables bool
)
func init() {
flag.StringVar(&org, "org", "", "Organization name. Must match name assigned by M-Lab")
flag.StringVar(&project, "project", "", "GCP project to create organization resources")
flag.BoolVar(&updateTables, "update-tables", false, "Allow this org's service account to update table schemas")
flag.StringVar(&orgEmail, "org-email", "", "Organization contact email")
}
func main() {
flag.Parse()
log.SetFlags(log.Lshortfile | log.LUTC)
if org == "" || project == "" {
log.Fatalf("-org and -project are required flags")
}
ctx := context.Background()
sc, err := secretmanager.NewClient(ctx)
rtx.Must(err, "failed to create secretmanager client")
defer sc.Close()
ic, err := iam.NewService(ctx)
rtx.Must(err, "failed to create iam service client")
nn := adminx.NewNamer(project)
crm, err := cloudresourcemanager.NewService(ctx)
rtx.Must(err, "failed to allocate new cloud resource manager client")
sa := adminx.NewServiceAccountsManager(iamiface.NewIAM(ic), nn)
sm := adminx.NewSecretManager(sc, nn, sa)
dnsService, err := dns.NewService(ctx)
rtx.Must(err, "failed to create new dns service")
d := dnsx.NewManager(dnsiface.NewCloudDNSService(dnsService), project, dnsname.ProjectZone(project))
// Create Datastore client
dsc, err := datastore.NewClient(ctx, project)
rtx.Must(err, "failed to create datastore client")
defer dsc.Close()
// Initialize AutojoinManager from token-exchange with the correct namespace.
am := store.NewAutojoinManager(dsc, project, "platform-credentials")
o := adminx.NewOrg(project, crmiface.NewCRM(project, crm), sa, sm, d, am, updateTables)
err = o.Setup(ctx, org, orgEmail)
rtx.Must(err, "failed to set up new organization: "+org)
// Generate and store API key for autojoin/heartbeat authentication.
apiKey, err := store.GenerateAPIKey()
rtx.Must(err, "failed to generate API key")
_, err = am.CreateAPIKeyWithValue(ctx, org, apiKey)
rtx.Must(err, "failed to create API key")
log.Println("Setup okay - org:", org)
log.Println("API_KEY:", apiKey)
}