Automating User Management in the Company
source link: https://hackernoon.com/automating-user-management-in-the-company
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Automating User Management in the Company
Automating User Management in the Company
4 min
by @arslanbekov
Arslabekov Denis
@arslanbekov
Head of SRE @ANNA Money
Too Long; Didn't Read
Terraform aims to build a reusable infrastructure, we use the automation of repetitive processes, more often it will be Terraform. It is difficult to deny the convenience and popularity of this approach, especially when there are already many ready-made and well-supported providers around by a large community. Terraform will help us, remember its ability to save and share from the output. Let’s create a user in our organization: ‘I use app.terraform.io to launch terraform and share it with outputs*’Company Mentioned
audio element.I continuously ask myself the question, what else in the processes in which I participate can be automated? Repeated click-click-click in the interface brings with it a lot of errors, and if the company is actively growing — then all you will do over time — is click in the interface, stop doing it, and let’s automate.
To build a reusable infrastructure, we use the automation of repetitive processes, more often it will be Terraform. It is difficult to deny the convenience and popularity of this approach. Especially when there are already many ready-made and well-supported providers around by a large community.
Introduction
Imagine that our company is growing, new developers and support come to us, and everyone needs to create an account/email in google workspace and attach it to OpenVPN Cloud to access internal resources.
In the most classic version, when a new employee
Scheme 1
Also, people are leaving us, we must not forget to deny access to systems. Here you need to act strictly in the reverse order of the scheme (scheme 1).
Terraform
Remember that we have to Terraform for automation, we will use it to automate the issuance and withdrawal of accesses.
Scheme 2
Scheme 3
The schemes perfectly describe the procedure, but in order to understand how Terraform will help us, let’s remember its ability to save and share from the output.
I use app.terraform.io to launch terraform and share it with outputs
Scheme 4
Let’s create a user in our organization:
terraform {
backend "remote" {
hostname = "app.terraform.io"
organization = "EXAMPLE"
workspaces {
name = "google-workspace"
}
}
}
provider "googleworkspace" {
# Use GOOGLEWORKSPACE_CREDENTIALS env
# More settings: https://registry.terraform.io/providers/hashicorp/googleworkspace/latest/docs
customer_id = "XXXXXXX"
}
resource "googleworkspace_user" "arslanbekov" {
primary_email = "[email protected]"
org_unit_path = "developer"
name {
family_name = "Denis"
given_name = "Arslanbekov"
}
}
output "email" {
value = googleworkspace_user.arslanbekov.primary_email
}
output "name" {
value = googleworkspace_user.arslanbekov.name
}
If the user already exists, just import it
terraform import googleworkspace_user.arslanbekov [email protected]
Next, we will interact with the output which will contain the email and the name of our new employee. We can switch to the next repository, in which we describe the OpenVPN Cloud users:
terraform {
backend "local" {}
required_providers {
openvpncloud = {
source = "OpenVPN/openvpn-cloud"
version = "0.0.7"
}
}
}
provider "openvpncloud" {
base_url = "https://company-name.api.openvpn.com"
}
data "terraform_remote_state" "google_workspace_email" {
backend = "remote"
config = {
organization = "EXAMPLE"
workspaces = {
name = "google-workspace"
}
}
}
resource "openvpncloud_user" "arslanbekov" {
username = "arslanbekov"
email = data.terraform_remote_state.google_workspace_email.outputs.arslanbekov
first_name = data.terraform_remote_state.google_workspace_email.outputs.name.family_name
last_name = data.terraform_remote_state.google_workspace_email.outputs.name.given_name
role = "USER"
}
Applying this code will create a user in the OpenVPN Cloud and send him an invite via email. The user will be able to first log in, set a password, and generate VPN certificates.
It is worth mentioning that through this provider we can also fully configure OpenVPN Cloud (create groups and describe routes). **This is really amazing. \ We can very easily invite him to any other systems (using providers that are in terraform).
For example SendGrid:
terraform {
required_providers {
sendgrid = {
version = "1.0.0"
source = "anna-money/sendgrid"
}
}
}
provider "sendgrid" {
api_key = "SECRET_API_KEY"
}
data "terraform_remote_state" "google_workspace_email" {
backend = "remote"
config = {
organization = "EXAMPLE"
workspaces = {
name = "google-workspace"
}
}
}
resource "sendgrid_teammate" "arslanbekov" {
email = data.terraform_remote_state.google_workspace_email.outputs.arslanbekov
scopes = [
"alerts.create",
"alerts.read",
"alerts.update",
"alerts.delete",
]
is_admin = false
}
Conclusion
The convenience of this approach is that you have one entry point and one exit point. The single-responsibility principle applies here, if a person works in a company — he is always described by the code in one place.
What I’ve shown is a simple example, I didn’t use loops on purpose, but I strongly advise you to use them to avoid code duplication.
Providers used in this article:
Also published here.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK