SFTP Gateway Support

3.0

Upload Users via CSV

How to Use the Python Script to Upload Users

This article shows you how to use a Python script to create new SFTP users by reading usernames and SSH public keys from a CSV file. The script relies on an API that requires specific credentials, which you must retrieve from your server.

Obtaining CLIENT_ID and CLIENT_SECRET

To authenticate and interact with the API, you will need CLIENT_ID and CLIENT_SECRET. Follow these steps to retrieve them:

  1. SSH into your server where the SFTP Gateway API is hosted.
  2. Open the configuration file by running:
cat /opt/swiftgw/application.properties

Locate the entries for CLIENT_ID and CLIENT_SECRET within the file. Note these values down, as you will use them in your Python script to authenticate the requests.

Using the Provided Script

Below is the Python script you will use to upload users to SFTP Gateway by CSV file. Some variables are placeholder values (CLIENT_ID, CLIENT_SECRET, etc.) that you must replace with your actual credentials and file paths.

import csv
import requests
import base64
import urllib3

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

# Configuration
API_BASE_URL = "https://YOUR_SERVER_IP/backend"  # e.g., https://52.151.250.168/backend
CLIENT_ID = "Your_CLIENT_ID_here"
CLIENT_SECRET = "Your_CLIENT_SECRET_here"
USERNAME = "Your_Username_here"
PASSWORD = "Your_Password_here"

# Path to the CSV file with user data
CSV_FILE_PATH = "/path/to/user_data.csv"

def get_oauth_token():
    url = f"{API_BASE_URL}/login"
    credentials = f"{CLIENT_ID}:{CLIENT_SECRET}"
    auth_header = base64.b64encode(credentials.encode()).decode()
    headers = {
        "Authorization": f"Basic {auth_header}",
        "Content-Type": "application/x-www-form-urlencoded"
    }
    data = {
        "grant_type": "password",
        "username": USERNAME,
        "password": PASSWORD
    }
    response = requests.post(url, headers=headers, data=data, verify=False)
    if response.status_code == 200:
        return response.json().get("access_token")
    return None

def create_user(token, username, public_key):
    user_url = f"{API_BASE_URL}/3.0.0/users"
    headers = {
        "Content-Type": "application/json",
        "Authorization": f"Bearer {token}"
    }
    data = {
        "username": username,
        "enabled": True,
        "publicKeys": [
            {
                "name": "default",
                "value": public_key
            }
        ]
    }

    response = requests.post(user_url, json=data, headers=headers, verify=False)
    if response.status_code == 201:
        print(f"User '{username}' created successfully.")
    else:
        print(f"Failed to create user '{username}': {response.status_code} - {response.text}")
    return response.status_code, response.text

def process_users():
    token = get_oauth_token()
    if not token:
        print("No token retrieved. Exiting.")
        return

    with open(CSV_FILE_PATH, mode='r', newline='') as file:
        reader = csv.reader(file)
        next(reader, None)  # Skip the header row if present

        for row in reader:
            username, public_key_string = row
            create_user(token, username, public_key_string)

if __name__ == "__main__":
    process_users()

Replace all the placeholder variables in the script (like API_BASE_URL, CLIENT_ID, CLIENT_SECRET, USERNAME, PASSWORD, and CSV_FILE_PATH) with values specific to your environment.

Executing the Script

  1. Save the script to a local file (for example, upload_users.py).

  2. Open a command line interface (Terminal, PowerShell, etc.) and navigate to the directory where the script is saved.

  3. Run the script by typing:

python upload_users.py

The script will:

  1. Authenticate with the API using the CLIENT_ID, CLIENT_SECRET, USERNAME, and PASSWORD.
  2. Read each row from the CSV file, which should contain: * A username in the first column * An SSH public key string in the second column
  3. Attempt to create each user on your SFTP Gateway API.
  4. Print a message indicating success or failure for each user.

Understanding and Configuring Script Variables

Below is a brief explanation of the key variables you will configure in the script:

  • API_BASE_URL: The base URL of the SFTP Gateway API. Typically in the format https://<YOUR_SERVER>/backend.
  • CLIENT_ID and CLIENT_SECRET: Credentials used to obtain an OAuth token from the API. These are found in /opt/swiftgw/application.properties.
  • USERNAME and PASSWORD: The login credentials for an administrative or appropriate API user who is allowed to manage SFTP users.
  • CSV_FILE_PATH: The local path to your CSV file containing user data. Each row should have a username and the SSH public key string.

CSV Format

Your CSV file should contain at least two columns. An example with a header row might look like:

username,public_key
youruser,ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB...
anotheruser,ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB...

Make sure your script is set up to skip the header (with next(reader, None)) if you include one.

PreviousNext