Team Management
This guide provides practical examples for managing teams, setting up role-based access control, and establishing collaboration workflows in Teenode.
Basic Team Setup
Create and Configure a Team
#!/bin/bash
# setup-team.sh
TEAM_NAME="engineering"
TEAM_DESCRIPTION="Engineering team for production workloads"
# Create team
echo "Creating team: $TEAM_NAME"
teenode team create \
--name "$TEAM_NAME" \
--description "$TEAM_DESCRIPTION"
# Verify creation
teenode team describe "$TEAM_NAME"
# Set team settings
teenode team update "$TEAM_NAME" \
--billing-alert-threshold 1000 \
--notification-email [email protected]
echo "✓ Team setup complete"Add Team Members
#!/bin/bash
# add-team-members.sh
TEAM_NAME="engineering"
# Add members with different roles
MEMBERS=(
"[email protected]:admin"
"[email protected]:developer"
"[email protected]:viewer"
"[email protected]:developer"
)
echo "Adding members to $TEAM_NAME..."
for member_info in "${MEMBERS[@]}"; do
EMAIL=$(echo "$member_info" | cut -d: -f1)
ROLE=$(echo "$member_info" | cut -d: -f2)
echo "Adding $EMAIL as $ROLE..."
teenode team member add "$TEAM_NAME" \
--email "$EMAIL" \
--role "$ROLE"
done
# List team members
echo ""
echo "Team members:"
teenode team member list "$TEAM_NAME"
echo "✓ Members added"Role-Based Access Control
Understanding Roles
Teenode provides four role levels:
- Owner - Full access, can delete team, manage billing
- Admin - Full access to resources, manage members
- Developer - Create, modify, delete projects and VMs
- Viewer - Read-only access to resources
Set Up Role-Based Access Control
#!/bin/bash
# setup-rbac.sh
TEAM_NAME="production"
# Team structure
declare -A TEAM_ROLES
# Leadership
TEAM_ROLES["[email protected]"]="owner"
TEAM_ROLES["[email protected]"]="admin"
# Backend team
TEAM_ROLES["[email protected]"]="developer"
TEAM_ROLES["[email protected]"]="developer"
# DevOps team
TEAM_ROLES["[email protected]"]="admin"
TEAM_ROLES["[email protected]"]="developer"
# QA/Monitoring
TEAM_ROLES["[email protected]"]="developer"
TEAM_ROLES["[email protected]"]="viewer"
# Onboard team
for email in "\${!TEAM_ROLES[@]}"; do
role=\${TEAM_ROLES[$email]}
echo "Adding $email with role: $role"
teenode team member add "$TEAM_NAME" --email "$email" --role "$role"
done
# Verify setup
echo ""
echo "Team members by role:"
teenode team member list "$TEAM_NAME" --format json | jq 'group_by(.role)'Update and Revoke Access
#!/bin/bash
# manage-access.sh
TEAM_NAME="engineering"
# Promote developer to admin
echo "Promoting bob to admin..."
teenode team member update "$TEAM_NAME" \
--email [email protected] \
--role admin
# Demote admin to developer
echo "Demoting charlie to developer..."
teenode team member update "$TEAM_NAME" \
--email [email protected] \
--role developer
# Revoke access (remove member)
echo "Removing alice..."
teenode team member remove "$TEAM_NAME" \
--email [email protected]
# Verify changes
teenode team member list "$TEAM_NAME"Resource Sharing and Collaboration
Share Projects Within Team
#!/bin/bash
# share-projects.sh
TEAM_NAME="engineering"
PROJECTS="web-api database-service cache-layer"
echo "Sharing projects with $TEAM_NAME..."
for project in $PROJECTS; do
echo "Sharing $project..."
teenode project share "$project" \
--team "$TEAM_NAME" \
--access developer
done
# Verify shared access
echo ""
echo "Team accessible projects:"
teenode team projects "$TEAM_NAME"Collaborative Development Workflow
#!/bin/bash
# collaborative-workflow.sh
PROJECT_NAME="payment-service"
TEAM_NAME="backend"
# 1. Create project in team context
echo "Creating project: $PROJECT_NAME"
teenode project create \
--name "$PROJECT_NAME" \
--team "$TEAM_NAME" \
--type GIT_DEPLOY \
--git-url https://github.com/company/payment-service \
--branch develop
# 2. Set environment variables for team
echo "Setting team environment variables..."
teenode env set "$PROJECT_NAME" \
--team "$TEAM_NAME" \
DATABASE_URL="postgres://..." \
API_KEY_VAULT="secret-store-key" \
LOG_LEVEL="debug"
# 3. Create separate staging and production projects
echo "Creating staging instance..."
teenode project create \
--name "$PROJECT_NAME-staging" \
--team "$TEAM_NAME" \
--type GIT_DEPLOY \
--git-url https://github.com/company/payment-service \
--branch staging
echo "Creating production instance..."
teenode project create \
--name "$PROJECT_NAME-prod" \
--team "$TEAM_NAME" \
--type GIT_DEPLOY \
--git-url https://github.com/company/payment-service \
--branch main
# 4. Set up deployment notifications
teenode project notify "$PROJECT_NAME-staging" \
--slack-webhook https://hooks.slack.com/services/... \
--notify-on success,failure
teenode project notify "$PROJECT_NAME-prod" \
--slack-webhook https://hooks.slack.com/services/... \
--notify-on success,failure \
--email [email protected]
# 5. Create team SSH key for secure access
echo "Creating shared SSH key..."
teenode ssh-key add \
--name "$PROJECT_NAME-team-key" \
--team "$TEAM_NAME" \
--key-file ~/.ssh/payment_service_key.pub
echo "✓ Collaborative workflow setup complete"Team Billing and Quotas
Set Up Billing Alerts
#!/bin/bash
# setup-billing-alerts.sh
TEAM_NAME="engineering"
# Set monthly budget alert
teenode team billing "$TEAM_NAME" \
--budget-limit 5000 \
--alert-threshold 80 \
--alert-email [email protected]
# Set per-project limits
teenode team quota "$TEAM_NAME" \
--max-vms 50 \
--max-projects 100 \
--max-storage 1000
# Verify settings
echo "Budget settings:"
teenode team billing "$TEAM_NAME"
echo ""
echo "Quota settings:"
teenode team quota "$TEAM_NAME"Cost Analysis by Team
#!/bin/bash
# team-cost-analysis.sh
TEAM_NAME="$1"
if [ -z "$TEAM_NAME" ]; then
echo "Usage: $0 <team-name>"
exit 1
fi
echo "Cost Analysis for Team: $TEAM_NAME"
echo "=================================="
echo ""
# Get all projects in team
PROJECTS=$(teenode team projects "$TEAM_NAME" -o json | jq -r '.[].name')
TOTAL_COST=0
echo "Project Costs:"
echo ""
for project in $PROJECTS; do
# Get project resources
CPU=$(teenode project info "$project" -o json | jq '.cpu // 0')
DEPLOYMENTS=$(teenode deployment list "$project" -o json | jq 'length')
# Calculate estimated cost
COST=$(echo "$CPU * 0.10 * 30 + $DEPLOYMENTS * 5" | bc)
echo " $project: $$COST/month"
echo " - CPUs: $CPU"
echo " - Deployments: $DEPLOYMENTS"
echo ""
TOTAL_COST=$(echo "$TOTAL_COST + $COST" | bc)
done
echo "=================================="
echo "Total Monthly Cost: $$(echo "scale=2; $TOTAL_COST" | bc)"
# Compare to budget
BUDGET=$(teenode team billing "$TEAM_NAME" | grep "Budget:" | awk '{print $NF}')
if [ ! -z "$BUDGET" ]; then
PERCENTAGE=$(echo "scale=1; $TOTAL_COST / $BUDGET * 100" | bc)
echo "Budget Usage: ${PERCENTAGE}% of $${BUDGET}"
fiTeam Compliance and Audit
Audit Team Activity
#!/bin/bash
# team-audit.sh
TEAM_NAME="$1"
DAYS="${2:-7}"
if [ -z "$TEAM_NAME" ]; then
echo "Usage: $0 <team-name> [days]"
exit 1
fi
CUTOFF_DATE=$(date -d "$DAYS days ago" +%Y-%m-%d)
echo "Team Audit Report: $TEAM_NAME"
echo "Date Range: $CUTOFF_DATE to $(date +%Y-%m-%d)"
echo "======================================"
echo ""
# Get team members
echo "Team Members:"
teenode team member list "$TEAM_NAME" | while read -r line; do
echo " $line"
done
echo ""
echo "Recent Activity:"
# Projects created
echo "Projects created in last $DAYS days:"
teenode team projects "$TEAM_NAME" -o json | \
jq --arg cutoff "$CUTOFF_DATE" \
'.[] | select(.created_at > $cutoff) | " - (.name) by (.created_by)"' \
-r
echo ""
echo "Deployments in last $DAYS days:"
teenode team projects "$TEAM_NAME" -o json | jq -r '.[].name' | \
while read -r project; do
teenode deployment list "$project" -o json | \
jq --arg cutoff "$CUTOFF_DATE" \
'.[] | select(.created_at > $cutoff) | \
" - (.id) for ('$project') at (.created_at)"' \
-r
done
echo ""
echo "Members added/removed:"
teenode team member list "$TEAM_NAME" --history | \
jq --arg cutoff "$CUTOFF_DATE" \
'.[] | select(.changed_at > $cutoff) | \
" - (.email): (.action) as (.role)"' \
-r
echo ""
echo "✓ Audit complete"Generate Compliance Report
#!/bin/bash
# compliance-report.sh
TEAM_NAME="$1"
OUTPUT_FILE="${2:-compliance-report-$(date +%Y%m%d).json}"
if [ -z "$TEAM_NAME" ]; then
echo "Usage: $0 <team-name> [output-file]"
exit 1
fi
echo "Generating compliance report for $TEAM_NAME..."
# Initialize report
cat > "$OUTPUT_FILE" << EOF
{
"report_date": "$(date -Iseconds)",
"team_name": "$TEAM_NAME",
"team_info": {},
"members": [],
"projects": [],
"vms": [],
"security_checks": {},
"compliance_findings": []
}
EOF
# Team information
TEAM_INFO=$(teenode team describe "$TEAM_NAME" -o json)
jq ".team_info = $TEAM_INFO" "$OUTPUT_FILE" > "$OUTPUT_FILE.tmp"
mv "$OUTPUT_FILE.tmp" "$OUTPUT_FILE"
# Member roster
MEMBERS=$(teenode team member list "$TEAM_NAME" -o json)
jq ".members = $MEMBERS" "$OUTPUT_FILE" > "$OUTPUT_FILE.tmp"
mv "$OUTPUT_FILE.tmp" "$OUTPUT_FILE"
# Projects
PROJECTS=$(teenode team projects "$TEAM_NAME" -o json)
jq ".projects = $PROJECTS" "$OUTPUT_FILE" > "$OUTPUT_FILE.tmp"
mv "$OUTPUT_FILE.tmp" "$OUTPUT_FILE"
# VMs
teenode team projects "$TEAM_NAME" -o json | jq -r '.[].name' | \
while read -r project; do
VMS=$(teenode project info "$project" -o json | jq '.vms // []')
jq ".vms += $VMS" "$OUTPUT_FILE" > "$OUTPUT_FILE.tmp"
mv "$OUTPUT_FILE.tmp" "$OUTPUT_FILE"
done
# Security checks
jq ".security_checks.two_factor_enabled = $(verificar_2fa)" "$OUTPUT_FILE" > "$OUTPUT_FILE.tmp"
mv "$OUTPUT_FILE.tmp" "$OUTPUT_FILE"
jq ".security_checks.ssh_keys_rotated = $(check_key_rotation)" "$OUTPUT_FILE" > "$OUTPUT_FILE.tmp"
mv "$OUTPUT_FILE.tmp" "$OUTPUT_FILE"
jq ".security_checks.debug_mode_disabled = $(check_debug_mode_disabled)" "$OUTPUT_FILE" > "$OUTPUT_FILE.tmp"
mv "$OUTPUT_FILE.tmp" "$OUTPUT_FILE"
echo "✓ Report saved to $OUTPUT_FILE"
cat "$OUTPUT_FILE" | jq '.' | head -50Team Onboarding Checklist
#!/bin/bash
# team-onboarding.sh
NEW_MEMBER_EMAIL="$1"
TEAM_NAME="$2"
ROLE="${3:-developer}"
if [ -z "$NEW_MEMBER_EMAIL" ] || [ -z "$TEAM_NAME" ]; then
echo "Usage: $0 <email> <team> [role]"
echo "Example: $0 [email protected] engineering developer"
exit 1
fi
echo "Onboarding new team member: $NEW_MEMBER_EMAIL"
echo "Team: $TEAM_NAME"
echo "Role: $ROLE"
echo ""
# Step 1: Send invitation
echo "Step 1: Sending team invitation..."
teenode team member add "$TEAM_NAME" \
--email "$NEW_MEMBER_EMAIL" \
--role "$ROLE"
# Step 2: Grant project access
echo "Step 2: Granting project access..."
teenode team projects "$TEAM_NAME" -o json | jq -r '.[].name' | \
while read -r project; do
echo " Sharing $project..."
teenode project share "$project" \
--email "$NEW_MEMBER_EMAIL" \
--access "$ROLE"
done
# Step 3: Provide documentation
echo "Step 3: Creating onboarding documentation..."
cat > /tmp/onboarding-$NEW_MEMBER_EMAIL.md << 'DOCS'
# Teenode Onboarding for New Team Member
## Welcome!
You have been invited to join the team on Teenode.
### Getting Started
1. Accept the team invitation (check your email)
2. Install Teenode CLI:
```bash
npm install -g teenode-cli
```
3. Authenticate:
```bash
teenode auth login
```
4. Verify access:
```bash
teenode team projects
```
### Your Permissions
- Role: ROLE
- Projects: [List of projects]
- Team: TEAM_NAME
### Important Resources
- CLI Documentation: https://teenode.com/docs/cli
- Team Guidelines: [Link to internal docs]
- Support: [email protected]
### Next Steps
1. Set up SSH keys for VM access
2. Review project documentation
3. Attend onboarding meeting
DOCS
sed -i "s/ROLE/$ROLE/g" /tmp/onboarding-$NEW_MEMBER_EMAIL.md
sed -i "s/TEAM_NAME/$TEAM_NAME/g" /tmp/onboarding-$NEW_MEMBER_EMAIL.md
# Step 4: Send onboarding email
echo "Step 4: Sending onboarding materials..."
mail -s "Teenode Team Onboarding" "$NEW_MEMBER_EMAIL" < /tmp/onboarding-$NEW_MEMBER_EMAIL.md
# Step 5: Log onboarding
echo "Step 5: Logging onboarding activity..."
cat >> /var/log/teenode-onboarding.log << LOG
[$(date -Iseconds)] Member onboarded: $NEW_MEMBER_EMAIL
Team: $TEAM_NAME
Role: $ROLE
Invited by: $(teenode auth current-user | jq -r '.email')
LOG
echo ""
echo "✓ Onboarding complete!"
echo "Onboarding materials sent to: $NEW_MEMBER_EMAIL"
echo ""
echo "Offboarding tip: When removing members, use:"
echo " teenode team member remove $TEAM_NAME --email $NEW_MEMBER_EMAIL"Team Offboarding Checklist
#!/bin/bash
# team-offboarding.sh
MEMBER_EMAIL="$1"
TEAM_NAME="$2"
if [ -z "$MEMBER_EMAIL" ] || [ -z "$TEAM_NAME" ]; then
echo "Usage: $0 <email> <team>"
exit 1
fi
echo "Offboarding team member: $MEMBER_EMAIL from $TEAM_NAME"
echo ""
# Step 1: Revoke access
echo "Step 1: Revoking access..."
teenode team member remove "$TEAM_NAME" --email "$MEMBER_EMAIL"
# Step 2: Audit resources they created
echo "Step 2: Auditing resources..."
MEMBER_PROJECTS=$(teenode team projects "$TEAM_NAME" -o json | \
jq --arg email "$MEMBER_EMAIL" '.[] | select(.created_by == $email)')
if [ ! -z "$MEMBER_PROJECTS" ]; then
echo "Projects created by member:"
echo "$MEMBER_PROJECTS" | jq '.name'
echo ""
read -p "Transfer or delete these projects? (transfer/delete/keep): " action
# Handle action
fi
# Step 3: Revoke SSH keys
echo "Step 3: Checking SSH keys..."
MEMBER_KEYS=$(teenode ssh-key list -o json | \
jq --arg email "$MEMBER_EMAIL" '.[] | select(.created_by == $email)')
if [ ! -z "$MEMBER_KEYS" ]; then
echo "SSH keys to remove:"
echo "$MEMBER_KEYS" | jq '.name' | while read -r key; do
echo " Removing: $key"
teenode ssh-key delete "$key"
done
fi
# Step 4: Log offboarding
echo "Step 4: Logging offboarding..."
cat >> /var/log/teenode-offboarding.log << LOG
[$(date -Iseconds)] Member offboarded: $MEMBER_EMAIL
Team: $TEAM_NAME
Actioned by: $(teenode auth current-user | jq -r '.email')
LOG
# Step 5: Notify team admins
echo "Step 5: Notifying admins..."
ADMINS=$(teenode team member list "$TEAM_NAME" -o json | \
jq -r '.[] | select(.role == "admin") | .email')
echo "Member $MEMBER_EMAIL has been offboarded from $TEAM_NAME" | \
mail -s "Team Member Offboarded" "$ADMINS"
echo ""
echo "✓ Offboarding complete"
echo "Follow-up tasks:"
echo " - Verify no lingering access"
echo " - Update team documentation"
echo " - Review shared resources"Team Communication and Notifications
Set Up Team Notifications
#!/bin/bash
# setup-team-notifications.sh
TEAM_NAME="engineering"
# Slack integration
echo "Configuring Slack notifications..."
teenode team notify "$TEAM_NAME" \
--slack-webhook https://hooks.slack.com/services/YOUR/WEBHOOK/URL \
--slack-channel "#deployments" \
--notify-on deployment,failure,alert
# Email notifications
echo "Configuring email notifications..."
teenode team notify "$TEAM_NAME" \
--email [email protected] \
--email-on deployment_failure,alert_critical
# Custom webhook
echo "Configuring custom webhook..."
teenode team notify "$TEAM_NAME" \
--webhook https://api.example.com/webhooks/teenode \
--webhook-on all_events
echo "✓ Notifications configured"
# Test notifications
echo "Sending test notification..."
teenode team notify "$TEAM_NAME" --testAdvanced Team Scenarios
Multi-Team Organization Structure
#!/bin/bash
# setup-org-structure.sh
# Create teams for different departments
declare -a TEAMS=("backend" "frontend" "devops" "data-science" "security")
echo "Setting up organization structure..."
for team in "${TEAMS[@]}"; do
echo "Creating team: $team"
teenode team create --name "$team"
# Set team isolation
teenode team settings "$team" \
--isolation strict \
--require-approval true \
--cost-tracking enabled
done
# Create shared resources team
echo "Creating shared-resources team..."
teenode team create --name "shared-resources"
# Set up team leads as admins
TEAM_LEADS=(
"backend:[email protected]"
"frontend:[email protected]"
"devops:[email protected]"
"data-science:[email protected]"
"security:[email protected]"
)
for team_lead in "${TEAM_LEADS[@]}"; do
TEAM=$(echo "$team_lead" | cut -d: -f1)
EMAIL=$(echo "$team_lead" | cut -d: -f2)
echo "Setting $EMAIL as admin for $TEAM"
teenode team member add "$TEAM" --email "$EMAIL" --role admin
done
echo "✓ Organization structure complete"Team Best Practices
- Principle of Least Privilege - Grant minimum necessary permissions
- Regular Access Reviews - Audit team permissions quarterly
- Documented Procedures - Keep team guidelines and runbooks updated
- Audit Trail - Enable all logging and audit features
- Separation of Duties - Different roles for development and deployment
- Secure Onboarding/Offboarding - Follow formal processes
- Regular Training - Keep team updated on security best practices
- Incident Response Plan - Document procedures for security incidents
Always follow your organization’s access control policies and security procedures when managing team access.
Next Steps
You now have templates and examples for effective team management in Teenode!