FSx-ONTAP-samples-scripts/Management-Utilities/Workload-Factory-API-Samples/fsxn_credentials_set at main · NetApp/FSx-ONTAP-samples-scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#!/bin/bash
#
################################################################################
# This script is used to set the credentials for an FSxN file system.
#
# It is dependent on the 'wf_utils' file that is included in this repo. That
# file contains the 'get_token' function that is used to obtain a valid
# access token that is needed to run the Workload Factory APIs. The file needs
# to either be in the command search path or in the current directory.
################################################################################
#
################################################################################
# This function displays the usage of this script and exits.
################################################################################
usage() {
  cat >&2 <<EOF

This script is used to set the credentials for an FSxN file system.

usage: $(basename $0) -t refresh_token -a blueXP_account_ID -c credentials_ID -r aws_region -f filesystem_ID -u user_ID -p password -s secret_arn

Where: refresh_token - Is a refresh token used to obtain an access token needed
                       to run the Workload Factory APIs. You can obtain a refresh
                       token by going to https://services.cloud.netapp.com/refresh-token
       blueXP_account_ID - Is the BlueXP account ID. Run 'list_bluexp_accts' to get a
                           list of accounts you have access to.
       credentials_ID - Is the Workload Factory credentials ID for the AWS account.
                        Run 'list_credentials' to get a list of Workload Factory
                        credentials you have access to.
       aws_region - Is the AWS region where the file system is located.
       filesystem_ID - Is the ID of the FSxN file system.
       user_ID* - Is the user ID to set for the FSxN file system.
       password* - Is the password to set for the FSxN file system.
       secret_arn* - Is the ARN of the Secrets Manager secret that contains the
                    credentials for the FSxN file system.

*NOTE: Only user_id and password OR secret_arn can be be provided at the same time.

Instead of passing parameters on the command line, you can set the
following environment variables:

    export REFRESH_TOKEN=<refresh_token>
    export BLUEXP_ACCOUNT_ID=<blueXP_account_ID>
    export CREDENTIALS_ID=<credentials_ID>
    export AWS_REGION=<aws_region>
    export FILESYSTEM_ID=<filesystem_ID>
    export USER_ID=<user_ID>
    export PASSWORD=<password>
EOF
  exit 1
}

################################################################################
# Main logic starts here.
################################################################################

tmpout=$(mktemp /tmp/fsxn_credentials_set-out.XXXXXX)
tmperr=$(mktemp /tmp/fsxn_credentials_set-err.XXXXXX)
trap 'rm -f $tmpout $tmperr' exit
#
# Source the wf_utils file.
wf_utils=$(command -v wf_utils)
if [ -z "$wf_utils" ]; then
  if [ ! -x "./wf_utils" ]; then
    cat >&2 <<EOF
Error: The 'wf_utils' script was not found in the current directory or in the command search path.
It is required to run this script. You can download it from:
https://github.com/NetApp/FSx-ONTAP-samples-scripts/tree/main/Management-Utilities/Workload-Factory-API-Samples
EOF
    exit 1
  else
    wf_utils=./wf_utils
  fi
fi
. "$wf_utils"
#
# Process command line options.
while getopts "ht:a:c:r:f:u:p:s:" opt; do
  case $opt in
    t) REFRESH_TOKEN="$OPTARG" ;;
    a) BLUEXP_ACCOUNT_ID="$OPTARG" ;;
    c) CREDENTIALS_ID="$OPTARG" ;;
    r) AWS_REGION="$OPTARG" ;;
    f) FILESYSTEM_ID="$OPTARG" ;;
    u) USER_ID="$OPTARG" ;;
    p) PASSWORD="$OPTARG" ;;
    s) SECRET_ARN="$OPTARG" ;;
    *) usage ;;
  esac
done
#
# Declare an array of required options and the error message to display if they are not set.
declare -A required_options
required_options["REFRESH_TOKEN"]='Error: A BlueXP refresh tokon is required to run this script. It can be obtain from this web page:
  https://services.cloud.netapp.com/refresh-token\n\n'
required_options["BLUEXP_ACCOUNT_ID"]='Error: A BlueXP account ID is required to run this script.
You can get the list of accounts you have access to by running the "list_bluexp_accts" script
found in this GitHub repository: https://github.com/NetApp/FSx-ONTAP-samples-scripts/tree/main/Management-Utilities/Workload-Factory-API-Samples\n\n'
required_options["CREDENTIALS_ID"]='Error: The ID of the credentials to delete is required.
You can get a list of credentials by running the "list_credentials" script
found in this GitHub repository: https://github.com/NetApp/FSx-ONTAP-samples-scripts/tree/main/Management-Utilities/Workload-Factory-API-Samples\n\n'
required_options["AWS_REGION"]='Error: The AWS region where the file system is located is required.\n\n'
required_options["FILESYSTEM_ID"]='Error: The ID of the FSxN file system is required.\n\n'

check_required_options

if [ -n "$USER_ID" -a -n "$PASSWORD" -a -n "$SECRET_ARN" ]; then
  echo "Error: You can only provide either user_id and password OR secret_arn at the same time." >&2
  usage
elif [ -z "$USER_ID" -a -z "$PASSWORD" -a -z "$SECRET_ARN" ]; then
  echo "Error: You must provide either user_id and password OR secret_arn." >&2
  usage
fi
#
# Check that the required commands are available.
for cmd in jq curl; do
  if ! command -v $cmd &> /dev/null; then
    echo "Error: The required command '$cmd' was not found. Please install it." >&2
    exit 1
  fi
done
#
# Get the token to use for the API call.
token=$(get_token)
if [ -z "$token" ]; then
  echo "Error: Failed to obtain an access token. Exiting." >&2
  exit 1
fi

if [ -n "$SECRET_ARN" ]; then
  run_curl POST "$token" "https://api.workloads.netapp.com/accounts/${BLUEXP_ACCOUNT_ID}/fsx/v2/credentials/${CREDENTIALS_ID}/regions/${AWS_REGION}/file-systems/${FILESYSTEM_ID}/ontap-credentials" "$tmpout" "$tmperr" '{"secret":"'${SECRET_ARN}'"}'
else
  run_curl POST "$token" "https://api.workloads.netapp.com/accounts/${BLUEXP_ACCOUNT_ID}/fsx/v2/credentials/${CREDENTIALS_ID}/regions/${AWS_REGION}/file-systems/${FILESYSTEM_ID}/ontap-credentials" "$tmpout" "$tmperr" '{"user":"'${USER_ID}'","password":"'${PASSWORD}'","resetFsxAdminPassword":false}'
fi