-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathlist_credentials
More file actions
executable file
·121 lines (110 loc) · 4.78 KB
/
list_credentials
File metadata and controls
executable file
·121 lines (110 loc) · 4.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
#!/bin/bash
#
# This script is used to list all the Workload Factory credentials the
# user has access to.
#
# It is dependent on the 'wf_utils' file that is included in this repo. That
# file contains the 'get_token' function that is used to obtain a valid
# access token that is needed to run the Workload Factory APIs. The file needs
# to either be in the command search path or in the current directory.
################################################################################
################################################################################
# Display usage information then exits the script.
################################################################################
usage() {
cat >&2 <<EOF
This script lists all the Workload Factory credentials you has access to.
Usage: $(basename $0) -t refresh_token -a blueXP_account_ID [-o]
Where: refresh_token - Is a refresh token used to obtain an access token needed
to run the Workload Factory APIs. You can obtain a refresh
token by going to https://services.cloud.netapp.com/refresh-token
blueXP_account_ID - is the BlueXP account ID. You can find all the accounts
you have access to by running the "list_bluexp_accts" script
-o means to also show the ONTAP credentials
Instead of passing parameters on the command line, you can set the
following environment variables:
export REFRESH_TOKEN=<refresh_token>
export BLUEXP_ACCOUNT_ID=<blueXP_account_ID>
EOF
exit 1
}
################################################################################
# Main logic starts here.
################################################################################
tmpout=$(mktemp /tmp/list_credentials-out.XXXXXX)
tmpout2=$(mktemp /tmp/list_credentials-out2.XXXXXX)
tmperr=$(mktemp /tmp/list_credentials-err.XXXXXX)
trap 'rm -f $tmpout $tmpout2 $tmperr' exit
#
# Source the wf_utils file.
wf_utils=$(command -v wf_utils)
if [ -z "$wf_utils" ]; then
if [ ! -x "./wf_utils" ]; then
cat >&2 <<EOF
Error: The 'wf_utils' script was not found in the current directory or in the command search path.
It is required to run this script. You can download it from:
https://github.com/NetApp/FSx-ONTAP-samples-scripts/tree/main/Management-Utilities/Workload-Factory-API-Samples
EOF
exit 1
else
wf_utils=./wf_utils
fi
fi
. "$wf_utils"
#
# Set defaults.
filter="filter=$(urlencode "type eq 'AWS_ASSUME_ROLE'")"
while getopts "ht:a:o" opt; do
case $opt in
t) REFRESH_TOKEN="$OPTARG" ;;
a) BLUEXP_ACCOUNT_ID="$OPTARG" ;;
o) filter="";; # No filter, list all credentials.
*) usage ;;
esac
done
#
# Declare an array of required options and the error message to display if they are not set.
declare -A required_options
required_options["REFRESH_TOKEN"]='Error: A BlueXP refresh tokon is required to run this script. It can be obtain from this web page:
https://services.cloud.netapp.com/refresh-token\n\n'
required_options["BLUEXP_ACCOUNT_ID"]='Error: A BlueXP account ID is required to run this script.
You can get the list of accounts you have access to by running the "list_bluexp_accts" script
found in this GitHub repository: https://github.com/NetApp/FSx-ONTAP-samples-scripts/tree/main/Management-Utilities/Workload-Factory-API-Samples\n\n'
check_required_options
#
# Check that the required commands are available.
for cmd in curl jq; do
if ! command -v $cmd > /dev/null 2>&1; then
echo "Error: The required command '$cmd' was not found. Please install it." >&2
exit 1
fi
done
token=$(get_token)
if [ -z "$token" ]; then
echo "Error: Failed to obtain an access token. Exiting." >&2
exit 1
fi
jq_query='.items[] | if(.type == "ONTAP") then "\(if(.metadata.fileSystemId == null) then .metadata.onPremId else .metadata.fileSystemId end) \(.type) \(.metadata.userName) \(.id) \(.numAssociatedResources)" else "\(.metadata.name) \(.type) \(.credentials | split(":") | .[4]) \(.id) \(.numAssociatedResources)" end'
run_curl GET "$token" "https://api.workloads.netapp.com/accounts/${BLUEXP_ACCOUNT_ID}/credentials/v1/credentials?$filter" $tmpout $tmperr
if jq -r "$jq_query" $tmpout > $tmpout2 2> $tmperr; then
:
else
echo "Failed to parse the output from the API."
cat $tmperr >&2
exit 1
fi
#
# Check to see if there are more.
nextToken=$(jq -r '.nextToken' $tmpout)
while [ "$nextToken" != "null" ]; do
run_curl GET "$token" "https://api.workloads.netapp.com/accounts/${BLUEXP_ACCOUNT_ID}/credentials/v1/credentials?nextToken=$nextToken" $tmpout $tmperr
if jq -r "$jq_query" $tmpout >> $tmpout2 2> $tmperr; then
:
else
echo "Failed to parse the output from the API."
cat $tmperr >&2
exit 1
fi
nextToken=$(jq -r '.nextToken' $tmpout)
done
sort -f -k 2,2 -k 1,1 $tmpout2 | column -t -N "Name,Type,Account,ID,Number Associated Resources"