[YUNIKORN-1821] Fix shell script in authz use cases (#621)

Closes: #621 Signed-off-by: Peter Bacsko <[email protected]>
apache · Jul 18, 2023 · 5101e27 · 5101e27
1 parent 2c267fe
commit 5101e27
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 9 deletions.
diff --git a/deployments/examples/authz/k8s-api-access/create-user.sh b/deployments/examples/authz/k8s-api-access/create-user.sh
@@ -16,21 +16,29 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-USERS=("admin admin" "sue group-a" "bob group-a" "kim group-b" "yono group-b" "anonymous anonymous")
+# USERS & USERS_GROUP should contain the same number of elements.
+# If you wants no group or no user. You can use an empty string, i.e. ""
+USERS=("admin" "sue" "bob" "kim" "yono" "anonymous")
+USERS_GROUP=("admin" "group-a" "group-a" "group-b" "group-b" "anonymous")
 AUTH_FOLDER=./auth
 CERT_REQUEST_FILE=./certification_request.yaml
 
 mkdir -p $AUTH_FOLDER
 for ((i = 0; i < ${#USERS[@]}; ++i)); do
-    USER=("${USERS[i]}")
-    USERNAME=${USER[0]}
-    GROUP=${USER[1]}
-    AUTH_FILE=$AUTH_FOLDER/$USERNAME
+    USERNAME="${USERS[i]}"
+    GROUP="${USERS_GROUP[i]}"
+    AUTH_FILE=$AUTH_FOLDER/$USERNAME-$GROUP
     echo "username: $USERNAME , group: $GROUP"
     # create a CSR for the user
     openssl genrsa -out "$AUTH_FILE".key 2048
     openssl req -new -key "$AUTH_FILE".key -out "$AUTH_FILE".csr -subj "/CN=$USERNAME/O=$GROUP"
-
+    # Kubernetes config only supports user assignments, not groups.
+    # if the USERNAME is not assigned, the script will create a user based on your group's name.
+    if [ "$USERNAME" = "" ]
+    then
+        USERNAME=$GROUP
+    fi
+
     # write a file for certification request & use kubectl to approve the request
     {
         echo "apiVersion: certificates.k8s.io/v1"

diff --git a/deployments/examples/authz/k8s-api-access/remove-user.sh b/deployments/examples/authz/k8s-api-access/remove-user.sh
@@ -16,11 +16,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-USERS=("admin admin" "sue group-a" "bob group-a" "kim dev" "yono test" "anonymous anonymous")
+USERS=("admin" "sue" "bob" "kim" "yono" "anonymous")
 
 for ((i = 0; i < ${#USERS[@]}; ++i)); do
-    USER=("${USERS[i]}")
-    USERNAME=${USER[0]}
+    USERNAME="${USERS[i]}"
 
     kubectl delete csr/"$USERNAME"-csr
     kubectl config unset contexts."$USERNAME"-context