From 101a8ac991f9f76af17adfcc1ba26fed3c32ec3f Mon Sep 17 00:00:00 2001 From: Sean Pomeroy Date: Tue, 12 Nov 2019 16:32:09 -0500 Subject: [PATCH 1/3] add aws registration script --- RegisterAndUpdateAWSCloudAccounts.ps1 | 93 +++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 RegisterAndUpdateAWSCloudAccounts.ps1 diff --git a/RegisterAndUpdateAWSCloudAccounts.ps1 b/RegisterAndUpdateAWSCloudAccounts.ps1 new file mode 100644 index 0000000..5ec5a2d --- /dev/null +++ b/RegisterAndUpdateAWSCloudAccounts.ps1 @@ -0,0 +1,93 @@ +# The following example will allow you to register/update your AWS Account credentials with the Flexera Cloud Management Platform + +# Cloud Href Reference: https://docs.rightscale.com/api/api_1.5_examples/cloudaccounts.html +# API Docs: https://reference.rightscale.com/api1.5/resources/ResourceCloudAccounts.html +# Refresh Token: https://docs.rightscale.com/cm/dashboard/settings/account/enable_oauth#steps +# Using IAM to connect CMP: https://docs.rightscale.com/faq/How_do_I_use_Amazon_IAM_with_RightScale.html + +$accountEndpoint = "" # Cloud Management Endpoints: https://docs.rightscale.com/api/general_usage.html#endpoints +$accountId = "" # Your CMP Account ID +$refreshToken = "" # Your Refresh Token https://docs.rightscale.com/cm/dashboard/settings/account/enable_oauth#steps + +$accountNumber = "" # AWS Account ID +$accessKeyId = "" # Access Key ID for IAM User +$secretAccessKey = "" # Secret Access Key for IAM User + +Add-Type -AssemblyName System.Web +$accountNumberEncoded = [System.Web.HttpUtility]::UrlEncode($accountNumber) +$accessKeyIdEncoded = [System.Web.HttpUtility]::UrlEncode($accessKeyId) +$secretAccessKeyEncoded = [System.Web.HttpUtility]::UrlEncode($secretAccessKey) + +# AWS Cloud Href Reference: https://docs.rightscale.com/api/api_1.5_examples/cloudaccounts.html#supported-clouds-and-parameters-aws +$cloudHrefs = @( + "/api/clouds/1", # AWS US-East + "/api/clouds/2", # AWS EU + "/api/clouds/3", # AWS US-West + "/api/clouds/4", # AWS AP-Singapore + "/api/clouds/5", # AWS AP-Tokyo + "/api/clouds/6", # AWS US-Oregon + "/api/clouds/7", # AWS SA-Sao Paulo + "/api/clouds/8", # AWS AP-Sydney + "/api/clouds/9", # AWS EU-Frankfurt + "/api/clouds/10", # AWS China + "/api/clouds/11", # AWS US-Ohio + "/api/clouds/12", # AWS AP-Seoul + "/api/clouds/13", # AWS EU-London + "/api/clouds/14" # AWS CA-Central +) + +$token = Invoke-RestMethod -Method Post -Uri "https://$($accountEndpoint)/api/oauth2" ` + -Headers @{ "X-API-Version"="1.5"; "X-Account"=$accountId } ` + -Body @{ + grant_type="refresh_token"; + refresh_token=$refreshToken + } + +$currentCloudAccounts = Invoke-RestMethod -Method Get ` + -Uri "https://$($accountEndpoint)/api/cloud_accounts" ` + -Headers @{ "X-API-Version"="1.5"; "Authorization"="Bearer $($token.access_token)"; "X-Account"=$accountId } + +$currentCloudAccounts = $currentCloudAccounts | Select-Object created_at, updated_at, ` + @{name="self";expression={$_.links | Where-Object {$_.rel -eq 'self'} | Select-Object -ExpandProperty href}},` + @{name="cloud";expression={$_.links | Where-Object {$_.rel -eq 'cloud'} | Select-Object -ExpandProperty href}},` + @{name="account";expression={$_.links | Where-Object {$_.rel -eq 'account'} | Select-Object -ExpandProperty href}} + +foreach ($cloudHref in $cloudHrefs) { + if($currentCloudAccounts.cloud -contains $cloudHref) { + # Cloud/Region is already registered, update cloud account + $requestVerb = "Put" + $url = $currentCloudAccounts | Where-Object {$_.cloud -eq $cloudHref} | Select-Object -ExpandProperty self + $body = "cloud_account[creds][client_id]=$clientIdEncoded&cloud_account[creds][client_secret]=$clientSecretEncoded&cloud_account[creds][tenant_id]=$tenantIdEncoded" + } + else { + # Cloud/Region is not registered, create cloud account + $requestVerb = "Post" + $url = "/api/cloud_accounts" + $body = "cloud_account[cloud_href]=$cloudHref&cloud_account[creds][aws_account_number]=$accountNumberEncoded&cloud_account[creds][aws_access_key_id]=$accessKeyIdEncoded&cloud_account[creds][aws_secret_access_key]=$secretAccessKeyEncoded" + } + + Invoke-RestMethod -Method $requestVerb ` + -Uri "https://$($accountEndpoint)$($url)" ` + -ContentType "application/x-www-form-urlencoded" ` + -Headers @{ "X-API-Version"="1.5"; "Authorization"="Bearer $($token.access_token)"; "X-Account"=$accountId } ` + -Body $body +} + +# Create Credentials +Invoke-RestMethod -Method "Post" ` + -Uri "https://$($accountEndpoint)/api/credentials" ` + -ContentType "application/x-www-form-urlencoded" ` + -Headers @{ "X-API-Version"="1.5"; "Authorization"="Bearer $($token.access_token)"; "X-Account"=$accountId } ` + -Body "credential[name]=AWS_ACCOUNT_ID&credential[value]=$accountNumberEncoded&credential[description]=AWS Account ID" + +Invoke-RestMethod -Method "Post" ` + -Uri "https://$($accountEndpoint)/api/credentials" ` + -ContentType "application/x-www-form-urlencoded" ` + -Headers @{ "X-API-Version"="1.5"; "Authorization"="Bearer $($token.access_token)"; "X-Account"=$accountId } ` + -Body "credential[name]=AWS_ACCESS_KEY_ID&credential[value]=$accessKeyIdEncoded&credential[description]=AWS Access Key ID" + +Invoke-RestMethod -Method "Post" ` + -Uri "https://$($accountEndpoint)/api/credentials" ` + -ContentType "application/x-www-form-urlencoded" ` + -Headers @{ "X-API-Version"="1.5"; "Authorization"="Bearer $($token.access_token)"; "X-Account"=$accountId } ` + -Body "credential[name]=AWS_SECRET_ACCESS_KEY&credential[value]=$secretAccessKeyEncoded&credential[description]=AWS Secret Access Key" From 2600e5dc04bc2bb334009fc397c52352a2d352f9 Mon Sep 17 00:00:00 2001 From: Sean Pomeroy Date: Tue, 12 Nov 2019 16:39:27 -0500 Subject: [PATCH 2/3] add update --- RegisterAndUpdateAWSCloudAccounts.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RegisterAndUpdateAWSCloudAccounts.ps1 b/RegisterAndUpdateAWSCloudAccounts.ps1 index 5ec5a2d..0e5b46f 100644 --- a/RegisterAndUpdateAWSCloudAccounts.ps1 +++ b/RegisterAndUpdateAWSCloudAccounts.ps1 @@ -57,7 +57,7 @@ foreach ($cloudHref in $cloudHrefs) { # Cloud/Region is already registered, update cloud account $requestVerb = "Put" $url = $currentCloudAccounts | Where-Object {$_.cloud -eq $cloudHref} | Select-Object -ExpandProperty self - $body = "cloud_account[creds][client_id]=$clientIdEncoded&cloud_account[creds][client_secret]=$clientSecretEncoded&cloud_account[creds][tenant_id]=$tenantIdEncoded" + $body = "cloud_account[creds][aws_account_number]=$accountNumberEncoded&cloud_account[creds][aws_access_key_id]=$accessKeyIdEncoded&cloud_account[creds][aws_secret_access_key]=$secretAccessKeyEncoded" } else { # Cloud/Region is not registered, create cloud account From b045af01da4ee5e2ab515a87fc3aa478025999d8 Mon Sep 17 00:00:00 2001 From: Sean Pomeroy Date: Tue, 12 Nov 2019 16:42:11 -0500 Subject: [PATCH 3/3] dont need account id on update --- RegisterAndUpdateAWSCloudAccounts.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RegisterAndUpdateAWSCloudAccounts.ps1 b/RegisterAndUpdateAWSCloudAccounts.ps1 index 0e5b46f..4e77262 100644 --- a/RegisterAndUpdateAWSCloudAccounts.ps1 +++ b/RegisterAndUpdateAWSCloudAccounts.ps1 @@ -57,7 +57,7 @@ foreach ($cloudHref in $cloudHrefs) { # Cloud/Region is already registered, update cloud account $requestVerb = "Put" $url = $currentCloudAccounts | Where-Object {$_.cloud -eq $cloudHref} | Select-Object -ExpandProperty self - $body = "cloud_account[creds][aws_account_number]=$accountNumberEncoded&cloud_account[creds][aws_access_key_id]=$accessKeyIdEncoded&cloud_account[creds][aws_secret_access_key]=$secretAccessKeyEncoded" + $body = "cloud_account[creds][aws_access_key_id]=$accessKeyIdEncoded&cloud_account[creds][aws_secret_access_key]=$secretAccessKeyEncoded" } else { # Cloud/Region is not registered, create cloud account