Sample 68620: Create user home directories from the identities service in SAS® Viya® 2020.x using a script
The sample script on the Full Code tab creates a home directory for each user that exists in the SAS Viya identities service with a uid and gid that matches what is in SAS Viya. This script can be helpful when you use an LDAP server that does not supply these values or SCIM, because SAS Viya generates them dynamically.
The script takes as arguments a path in which to create the directories along with the URL for the SAS Viya environment. It prompts for a user name and password or authentication code and uses curl to get a logon token. Then, it calls the identities service endpoint to gather a list of users and their associated uid and gid values. For each combination of values, it checks for the presence of a directory named after that user in the path provided. If it does not find the directory, it creates one with 0700 permissions, owned by the uid:gid that it gathered from the identities service using the install command.
The script uses the jq command, so this must be installed on the execution host. The execution host must also have the home directory mounted and the execution user must have permission to create directories in that path. Because the script uses the install command to set the ownership of the new directories, it must be run as root.
To access the sample program, click the Full Code tab.
These sample files and code examples are provided by SAS Institute
Inc. "as is" without warranty of any kind, either express or implied, including
but not limited to the implied warranties of merchantability and fitness for a
particular purpose. Recipients acknowledge and agree that SAS Institute shall
not be liable for any damages whatsoever arising out of their use of this material.
In addition, SAS Institute will provide no support for the materials contained herein.
This script requires that the jq command be installed.
#!/bin/bash
# home_dir_builder.sh
#
# Script that pulls all users from identities/users and then pulls their uid/gid from identities/users//identifier
# then creates a home directory in the supplied path named with ownership matching the uid/gid returned.
# Author: Greg Wootton
# Date: 11AUG2021
# Define a "usage" function that explains the syntax.
function usage {
echo ""
echo "Usage: home_dir_builder.sh [OPTIONS]..."
echo "Script calls /identities/users to get a list of users and then for each one calls"
echo "/identities/users//identifier to get the uid and gid. It will then create a"
echo "path in the supplied parent directory named '' with ownership of that uid/gid."
echo ""
echo "Options:"
echo " --directory, -d The path where you would like to create the home directories."
echo " --url, -u The URL for the Viya environment."
echo " --authcode, -c Login to Viya using an authentication code rather than user and password (SSO)."
echo " --help, -h Return this usage information page."
echo ""
}
function jqcheck {
echo "NOTE: Checking if jq is installed."
if ! jq --version > /dev/null 2>&1
then
echo "ERROR: This script requires the jq package."
exit 2
fi
echo "jq is installed, continuing..."
}
# If no arguments are supplied, return the help page and terminate with a non-zero return code.
if [ "$1" = "" ]
then
usage
exit 1
fi
# Read in the arguments provided and store them to environment variables.
while [ "$1" != "" ]
do
case $1 in
-d | --directory ) shift
directory=$1
;;
-u | --url ) shift
baseurl=$1
;;
-c | --authcode ) authcode=1
;;
-h | --help ) usage
exit
;;
* ) usage
exit 1
esac
shift
done
jqcheck
# Confirm we have the values we need
if [ -z "$directory" ] || [ -z "$baseurl" ]
then
echo "ERROR: Both --directory and --url must be specified."
exit 1
fi
# Remove any trailing slashes
baseurl=${baseurl%/}
directory=${directory%/}
# Confirm the directory is a directory and we have permission to write to it.
if [ ! -d "$directory" ] || [ ! -w "$directory" ]
then
echo "ERROR: $directory is not a writeable directory."
fi
# Login to Viya
echo "NOTE: Attempting to log in to $baseurl"
headers=$(mktemp)
# If using authentication code, provide the url to get the code and prompt for that code to get a token
# otherwise, prompt for user/password.
if [ -n "$authcode" ]
then
echo "Login to SAS with this URL, and enter the authentication code provided."
echo "$baseurl/SASLogon/oauth/authorize?client_id=sas.cli&response_type=code"
read -r -p "Enter authentication code: " code
token=$(curl -k -s -L -X POST "$baseurl/SASLogon/oauth/token" -H 'Accept: application/json' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Authorization: Basic c2FzLmNsaTo=' -d "grant_type=authorization_code&code=$code" -D "$headers" | sed "s/{.*\"access_token\":\"\([^\"]*\).*}/\1/g")
else
read -r -p "Enter username: " user
read -r -s -p "Enter password: " pass && echo
token=$(curl -k -s -L -X POST "$baseurl/SASLogon/oauth/token" -H 'Accept: application/json' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Authorization: Basic c2FzLmNsaTo=' -d 'grant_type=password' -d "username=$user" -d "password=$pass" -D "$headers" | sed "s/{.*\"access_token\":\"\([^\"]*\).*}/\1/g")
fi
# Confirm token successfully acquired.
rc=$(grep -c 'HTTP.*200' "$headers")
if [ "$rc" -ne 1 ] || [ -z "$token" ]
then
echo "ERROR: Login unsuccessful."
cat "$headers"
rm "$headers"
exit 1
fi
echo "NOTE: Successfully logged in."
# Pull the initial list of users
userresp=$(mktemp)
curl -k -s -L "$baseurl/identities/users" -H "Authorization: Bearer $token" -H "Accept: application/json" > "$userresp"
echo "NOTE: Pulling users into file $userresp."
# Create an array of users
mapfile -t users < <( jq -r '.items[].id' "$userresp" )
# Check for a next link
nexturl=$(jq -r '.links[] | select(.rel == "next") | .href' "$userresp")
# Iterate through all next links to fully populate the array with user ids.
while [ -n "$nexturl" ]
do
curl -k -s -L "${baseurl}${nexturl}" -H "Authorization: Bearer $token" -H "Accept: application/json" > "$userresp"
mapfile -t -O "${#users[@]}" users < <( jq -r '.items[].id' "$userresp" )
nexturl=$(jq -r '.links[] | select(.rel == "next") | .href' "$userresp")
done
# We now have an array, "users" that contains every user ID.
echo "NOTE: Found ${#users[@]} users defined."
# For each user, check to see if a directory already exists with their name in the directory supplied. If not, pull the uid/gid and create the directory.
for user in "${users[@]}"
do
if [ ! -d "${directory}/${user}" ]
then
curl -k -s -L "$baseurl/identities/users/${user}/identifier" -H "Authorization: Bearer $token" -H "Accept: application/json" > "$userresp"
uid=$(jq -r '.uid' "$userresp")
gid=$(jq -r '.gid' "$userresp")
install -d -m 0700 -o "$uid" -g "$gid" "${directory}/${user}"
echo "NOTE: Created directory ${directory}/${user} with ownership ${uid}:${gid}"
else
echo "NOTE: Directory ${directory}/${user} appears to already exist. Skipping."
fi
done
# Remove temp files
rm "$headers"
rm "$userresp"
These sample files and code examples are provided by SAS Institute
Inc. "as is" without warranty of any kind, either express or implied, including
but not limited to the implied warranties of merchantability and fitness for a
particular purpose. Recipients acknowledge and agree that SAS Institute shall
not be liable for any damages whatsoever arising out of their use of this material.
In addition, SAS Institute will provide no support for the materials contained herein.
This script pulls all users from the SAS Viya identities service along with their uid/gid and then creates a home directory in the supplied path named
with ownership matching the uid/gid that is returned.
| Date Modified: | 2022-09-29 12:52:05 |
| Date Created: | 2021-11-18 14:24:19 |
Operating System and Release Information
| SAS System | SAS Viya | Linux for x64 | Viya | |
