This repository has been archived by the owner on Aug 19, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
initialize.sh
executable file
·51 lines (39 loc) · 2.13 KB
/
initialize.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#!/bin/bash
# Get set up for terraform by creating a space to hold a service account, bound by a space quota,
# then create the service account and assign the OrgManager role.
set -e
if [[ "$#" -lt 1 ]]; then
echo " "
echo "Usage: "
echo " "
echo " ./initialize.sh <ORG_NAME>"
echo " "
exit 1
fi
org_name=$1
cf t -o $org_name
# Create a space that will just hold our service account used by Terraform
cf create-space primordial-soup
cf t -s primordial-soup
# Create and apply a quota that only allows a single service instance. This space is just
# for holding the service account and we don't want anyone else using it.
cf create-space-quota primordial-soup-quota -r 0 -s 1 -a 0
cf set-space-quota primordial-soup primordial-soup-quota
# Create the service account.
cf create-service cloud-gov-service-account space-deployer terraform-service-account
cf create-service-key terraform-service-account terraform-service-key
# Extract the username for the service account
service_key_guid=$(cf curl "/v3/service_credential_bindings?names=terraform-service-key&service_instance_names=terraform-service-account&type=key" | jq -r '.resources[].guid')
service_key_json=$(cf curl "/v3/service_credential_bindings/${service_key_guid}/details")
service_key_username=$(echo "$service_key_json" | jq -r '.credentials.username')
service_key_password=$(echo "$service_key_json" | jq -r '.credentials.password')
# Set the service account as an org manager
cf set-org-role $service_key_username $org_name OrgManager --origin uaa
# Create our creds.tfvars for terraform based on the service account
echo 'cf_api = "https://api.fr.cloud.gov"' > terraform/creds.tfvars
echo 'cf_username = "'"${service_key_username}"'"' >> terraform/creds.tfvars
echo 'cf_password = "'"${service_key_password}"'"' >> terraform/creds.tfvars
echo 'cf_org = "'"${org_name}"'"' >> terraform/creds.tfvars
service_account_guid=$(cf curl "/v3/users?usernames=${service_key_username}" | jq -r '.resources[].guid')
echo "Service Account created for terraform. Be sure to use the service guid when assigning this account roles via terraform. "
echo "Service account guid: ${service_account_guid}"