|
| 1 | +// Module included in the following assemblies: |
| 2 | +// |
| 3 | +// * authentication/identity_providers/configuring-htpasswd-identity-provider.adoc |
| 4 | + |
| 5 | +[id="identity-provider-htpasswd-update-users_{context}"] |
| 6 | += Updating users for an HTPasswd identity provider |
| 7 | + |
| 8 | +You can add or remove users from an existing HTPasswd identity provider. |
| 9 | + |
| 10 | +.Prerequisites |
| 11 | + |
| 12 | +* You have created a secret that contains the HTPasswd user file. This procedure assumes that it is named `htpass-secret`. |
| 13 | +* You have configured an HTPasswd identity provider. This procedure assumes that it is named `my_htpasswd_provider`. |
| 14 | +* You have access to the `htpasswd` utility. On Red Hat Enterprise Linux this is available by installing the `httpd-tools` package. |
| 15 | +* You have cluster administrator privileges. |
| 16 | + |
| 17 | +.Procedure |
| 18 | + |
| 19 | +. Retrieve the HTPasswd file from the `htpass-secret` secret and save the file to your file system: |
| 20 | ++ |
| 21 | +---- |
| 22 | +$ oc get secret htpass-secret -ojsonpath={.data.htpasswd} -n openshift-config | base64 -d > users.htpasswd |
| 23 | +---- |
| 24 | + |
| 25 | +. Add or remove users from the `users.htpasswd` file. |
| 26 | + |
| 27 | +** To add a new user: |
| 28 | ++ |
| 29 | +---- |
| 30 | +$ htpasswd -bB users.htpasswd <username> <password> |
| 31 | +Adding password for user <username> |
| 32 | +---- |
| 33 | + |
| 34 | +** To remove an existing user: |
| 35 | ++ |
| 36 | +---- |
| 37 | +$ htpasswd -D users.htpasswd <username> |
| 38 | +Deleting password for user <username> |
| 39 | +---- |
| 40 | + |
| 41 | +. Replace the `htpass-secret` secret with the updated users in the `users.htpasswd` file: |
| 42 | ++ |
| 43 | +---- |
| 44 | +$ oc create secret generic htpass-secret --from-file=htpasswd=users.htpasswd --dry-run -o yaml -n openshift-config | oc replace -f - |
| 45 | +---- |
| 46 | + |
| 47 | +. If you removed one or more users, you must additionally remove existing resources for each user. |
| 48 | + |
| 49 | +.. Delete the user: |
| 50 | ++ |
| 51 | +---- |
| 52 | +$ oc delete user <username> |
| 53 | +user.user.openshift.io "<username>" deleted |
| 54 | +---- |
| 55 | ++ |
| 56 | +Be sure to remove the user, otherwise the user can continue using their token as long as it has not expired. |
| 57 | + |
| 58 | +.. Delete the identity for the user: |
| 59 | ++ |
| 60 | +---- |
| 61 | +$ oc delete identity my_htpasswd_provider:<username> |
| 62 | +identity.user.openshift.io "my_htpasswd_provider:<username>" deleted |
| 63 | +---- |
0 commit comments