{{announcement.body}}
{{announcement.title}}

Introducing Aquayman

DZone 's Guide to

Introducing Aquayman

This brief article introduces Aquayman, a quay manager that helps manage the Github accounts of your organization by changing a single YAML file.

· Cloud Zone ·
Free Resource

At Loodse, we’re using Quay.io to host our various Docker repositories. Over the last few years, cruft accumulated and we noticed that keeping team memberships up-to-date as employees and customers change became a hassle.

For Github we already make use of Peribolos, a wonderful tool to manage your Github organization declaratively. For quay we unfortunately did not find an equivalent solution, so we made our own.

Say hello to Aquayman (short for “A Quay Manager”). It allows you to manage teams, memberships, and robot accounts for your organization by just editing a single YAML file.

To get started, it’s best to download the latest release and export your current configuration (not just as a starting point, but also as a backup):

Shell
 




xxxxxxxxxx
1
20


 
1
$ wget https://github.com/kubermatic-labs/aquayman/releases/download/v0.1.2/aquayman_0.1.2_linux_amd64.zip
2
$ unzip aquayman_0.1.2_linux_amd64.zip aquayman
3
 
          
4
# prepare your configuration file by setting the org name
5
$ echo "organization: mytestorg" > mytestorg.yaml
6
 
          
7
# use Aquayman to dump your existing configuration
8
$ ./aquayman -config mytestorg.yaml -export
9
2020/05/14 13:56:55 ► Exporting organization mytestorg…
10
2020/05/14 13:56:55 ⇄ Exporting robots…
11
2020/05/14 13:56:56   ⚛ drone
12
2020/05/14 13:56:57   ⚛ netlify
13
2020/05/14 13:56:58 ⇄ Exporting repositories…
14
2020/05/14 13:56:59   ⚒ myapp
15
2020/05/14 13:56:59   ⚒ secretapp (private)
16
2020/05/14 13:57:00 ⇄ Exporting teams…
17
2020/05/14 13:57:00   ⚑ owners
18
2020/05/14 13:57:02   ⚑ developers
19
2020/05/14 13:57:03   ⚑ customers
20
2020/05/14 13:57:05 ✓ Export successful.


Your mytestorg.yaml will now be updated and look something like this:

YAML
 




xxxxxxxxxx
1
35


 
1
organization: mytestorg
2
teams:
3
  - name: owners
4
    role: admin
5
    members:
6
      - xrstf
7
 
          
8
  - name: developers
9
    role: creator
10
    members:
11
      - scheeles
12
      - kdomanski
13
 
          
14
  - name: customers
15
    role: creator
16
    members:
17
      - mytestorg+initech
18
      - mytestorg+omniconsumerproducts
19
 
          
20
repositories:
21
  - name: myapp
22
    teams:
23
      developers: write
24
      customers: read
25
 
          
26
  - name: secretapp
27
    users:
28
      xrstf: write
29
 
          
30
robots:
31
  - name: initech
32
    description: Personal Account for Peter Gibbons
33
 
          
34
  - name: omniconsumerproducts
35
    description: "Contact person: Dick Jones"


(The Aquayman repository contains a documented example configuration.)

If you start with an existing, messy organization, your next step will probably be to clean up your configuration a bit. Once you are satisfied, you can apply the configuration:

Shell
 




xxxxxxxxxx
1
13


 
1
$ ./aquayman -config mytestorg.yaml
2
2020/05/14 13:57:55 ► Updating organization mytestorg…
3
2020/05/14 13:57:55 ⇄ Syncing robots…
4
2020/05/14 13:57:56   + ⚛ drone
5
2020/05/14 13:57:57   + ⚛ netlify
6
2020/05/14 13:57:58 ⇄ Syncing repositories…
7
2020/05/14 13:57:59   ✎ ⚒ myapp
8
2020/05/14 13:57:59   ✎ ⚒ secretapp (private)
9
2020/05/14 13:58:00 ⇄ Syncing teams…
10
2020/05/14 13:58:00   ✎ ⚑ owners
11
2020/05/14 13:58:02   ✎ ⚑ developers
12
2020/05/14 13:58:03   ✎ ⚑ customers
13
2020/05/14 13:58:05 ⚠ Run again with -confirm to apply the changes above.


Aquayman shows you a diff-style output, hinting at the actions it would perform. If you are once again happy, you can run it again with the -confirm flag.

Shell
 




x


 
1
$ ./aquayman -config mytestorg.yaml
2
2020/05/14 13:58:55 ► Updating organization mytestorg…
3
...magic happens...
4
2020/05/14 13:59:05 ✓ Permissions successfully synchronized.


Congratulations, time to grab a coffee!

At Loodse we manage our configuration in Github, so we get a nice review-workflow whenever permissions need to change, have an audit trail, and can restrict the permissions to manage our organization even further. The less human intervention needed, the better.

Topics:
aquayman, container, kubernetes, organization management, yaml

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}