Add team builder script (#10086)

Script that takes either a text file or .csv containing a list of teams as input and adds the teams to Fleet then generates installers. --------- Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2024-11-06 00:45:19 +00:00 · 2023-05-03 09:55:14 -07:00 · 2023-05-03 09:55:14 -07:00 · 619be587ac
commit 619be587ac
parent 3b86ed0156
3 changed files with 173 additions and 0 deletions
--- a/tools/team-builder/README.md
+++ b/tools/team-builder/README.md
@ -0,0 +1,53 @@
+
+# Fleet Team Builder
+
+Using a list of teams in a file as input, adds the listed teams to Fleet and generates installer processes. 
+
+For each team, an enroll secret will be created, the team added to Fleet using the team yaml template, and `.msi`,`.deb`, `.pkg` and `.rpm` installer packages will be created. 
+
+## Requirements
+
+[fleetctl](https://fleetdm.com/docs/using-fleet/fleetctl-cli)
+Docker (for generating Windows installers)
+
+## Flags 
+
+Required flags:
+
+- -s: The source file containing teams to be added. 
+- -u: The url of the Fleet server.
+
+Optional flags:
+
+- -p: packages - Default: "all" - The types of installer packages to create for each team.
+- -f: flags - Additional flags to apply to `fleetctl package`.
+- -o: output - Default: Current location - Directory in which to place the generated packages.
+- -x: dry_run - Test prossesing the file, creating the team in Fleet, and generating packages without applying any changes to the server.
+
+## Usage
+
+1. Install and log in to fleetctl
+
+2. Install and start Docker
+
+3. Create a file including a list of teams, one per line:
+
+```
+Workstation
+Canary
+Servers
+```
+4. Run the script and pass the Fleet Server URL and source file as arguments:
+
+```console
+$ ./build_teams.sh -s teams.txt -u fleet.org.com
+```
+
+## Team configuration
+
+The teams generated with this script will use your global agent options. You can apply [team settings](https://fleetdm.com/docs/using-fleet/configuration-files#team-settings) after the team has been created. 
+
+## Testing
+
+To test team creation and package generation without applying the changes to Fleet, include the `-x` flag. This will add the `--dry_run` flag to `fleetctl apply`. All actions will be taken, but the generated team configuration YAML will be validated without creating the new team. 
+
--- a/tools/team-builder/build_teams.sh
+++ b/tools/team-builder/build_teams.sh
@ -0,0 +1,118 @@
+#!/bin/bash
+
+run(){
+	
+	local OPTIND
+
+  #default values
+	output="fleetd_installers"
+	flags+="--disable-open-folder"
+
+  #Read flags
+	while getopts s:p:u:f:d:o:x flag
+	 do
+		case "${flag}" in
+			f) #path to file containing team names. Must end with newline char.
+				source=($OPTARG);;
+			p) #types of installers to create. Pass an individual flag for each type
+				types+=($OPTARG);;
+			u) #Fleet server url
+				url=($OPTARG);;
+			f) #Additional flags to apply to `fleetctl package`
+				flags+=($OPTARG);;
+			d) #include Fleet Desktop
+				flags+="--desktop";;
+			o) #Directory for created packages
+		    output=($OPTARG);;
+      x) #Test only
+        dry_run="--dry-run";;
+		esac
+	 done
+
+	#Verify that passed file exists
+	if !(test -f "$source")
+		then
+			echo "Source file not found"
+			return
+  fi
+
+  #Set up output directory
+	if !(test -d "$output")
+		then
+				mkdir $output
+	fi
+
+  #If no package type specified, generate all
+  if [[ (-z $types ) || ($types == "all")]]
+	 	then 
+		  types=("deb" "pkg" "msi" "rpm")
+	fi
+
+  create_teams
+}
+
+create_teams(){
+  #Loop over file contents and generate a secret for each team, then create the team and generate packages
+	while IFS=",", read -r name
+		do
+		  secret=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/random | head -c 24);
+		  team_name=$name
+
+		  create_team
+		  generate_packages
+		done < $source
+}
+
+create_team(){
+
+  #Generate yml based on template provided
+
+	cat <<EOF > config.yml
+---
+apiVersion: v1
+kind: team
+spec:
+  team:
+    name: ${team_name}
+    secrets:
+      - secret: ${secret}
+EOF
+
+  # Apply the new team to fleet
+	echo "Adding $team_name team to Fleet"
+	fleetctl apply -f config.yml $dry_run
+	rm -f config.yml 
+}
+
+generate_packages(){
+
+	echo "Generating installers for $team_name"  
+
+  #Set up directory to hold installers for this team
+  name_formatted=$(printf "$team_name" | tr '[:upper:]' '[:lower:]' | tr -s ' ' | tr ' ' '-')
+	team_dir=$output/$name_formatted
+  cwd=$(pwd)
+  
+  if !(test -d "$team_dir")
+		then
+				mkdir "$team_dir"
+	fi
+  
+  cd "$team_dir"
+
+  #In the team directory, create a package for each specified type
+	for type in ${types[@]}
+    do
+      fleetctl package ${flags[@]} --type=$type --fleet-url=$url --enroll-secret=$secret 
+      find . -type f -name 'fleet-osquery*' -exec mv -f {} fleetd-$name_formatted.$type ';'
+    done
+  
+  
+
+  cd "$cwd"
+  
+}
+
+run "$@"
+
+
--- a/tools/team-builder/teams.txt
+++ b/tools/team-builder/teams.txt
@ -0,0 +1,2 @@
+Workstations
+Servers