BZ-1778362: Adding how to update HTPasswd IDP with new user list

bergerhoffer · bergerhoffer · commit b02532c5cfd3 · 2020-04-07T11:00:34.000-04:00
diff --git a/authentication/identity_providers/configuring-htpasswd-identity-provider.adoc b/authentication/identity_providers/configuring-htpasswd-identity-provider.adoc
@@ -40,4 +40,6 @@ include::modules/identity-provider-htpasswd-CR.adoc[leveloffset=+1]
 
 include::modules/identity-provider-add.adoc[leveloffset=+1]
 
+include::modules/identity-provider-htpasswd-update-users.adoc[leveloffset=+1]
+
 include::modules/identity-provider-configuring-using-web-console.adoc[leveloffset=+1]
diff --git a/modules/identity-provider-creating-htpasswd-file-linux.adoc b/modules/identity-provider-creating-htpasswd-file-linux.adoc
@@ -35,5 +35,5 @@ Adding password for user user1
 . Continue to add or update credentials to the file:
 +
 ----
-$ htpasswd -b </path/to/users.htpasswd> <user_name> <password>
+$ htpasswd -B -b </path/to/users.htpasswd> <user_name> <password>
 ----
diff --git a/modules/identity-provider-htpasswd-update-users.adoc b/modules/identity-provider-htpasswd-update-users.adoc
@@ -0,0 +1,63 @@
+// Module included in the following assemblies:
+//
+// * authentication/identity_providers/configuring-htpasswd-identity-provider.adoc
+
+[id="identity-provider-htpasswd-update-users_{context}"]
+= Updating users for an HTPasswd identity provider
+
+You can add or remove users from an existing HTPasswd identity provider.
+
+.Prerequisites
+
+* You have created a secret that contains the HTPasswd user file. This procedure assumes that it is named `htpass-secret`.
+* You have configured an HTPasswd identity provider. This procedure assumes that it is named `my_htpasswd_provider`.
+* You have access to the `htpasswd` utility. On Red Hat Enterprise Linux this is available by installing the `httpd-tools` package.
+* You have cluster administrator privileges.
+
+.Procedure
+
+. Retrieve the HTPasswd file from the `htpass-secret` secret and save the file to your file system:
++
+----
+$ oc get secret htpass-secret -ojsonpath={.data.htpasswd} -n openshift-config | base64 -d > users.htpasswd
+----
+
+. Add or remove users from the `users.htpasswd` file.
+
+** To add a new user:
++
+----
+$ htpasswd -bB users.htpasswd <username> <password>
+Adding password for user <username>
+----
+
+** To remove an existing user:
++
+----
+$ htpasswd -D users.htpasswd <username>
+Deleting password for user <username>
+----
+
+. Replace the `htpass-secret` secret with the updated users in the `users.htpasswd` file:
++
+----
+$ oc create secret generic htpass-secret --from-file=htpasswd=users.htpasswd --dry-run -o yaml -n openshift-config | oc replace -f -
+----
+
+. If you removed one or more users, you must additionally remove existing resources for each user.
+
+.. Delete the user:
++
+----
+$ oc delete user <username>
+user.user.openshift.io "<username>" deleted
+----
++
+Be sure to remove the user, otherwise the user can continue using their token as long as it has not expired.
+
+.. Delete the identity for the user:
++
+----
+$ oc delete identity my_htpasswd_provider:<username>
+identity.user.openshift.io "my_htpasswd_provider:<username>" deleted
+----

Original file line number	Diff line number	Diff line change
`@@ -35,5 +35,5 @@ Adding password for user user1`
`35`	`35`	`. Continue to add or update credentials to the file:`
`36`	`36`	`+`
`37`	`37`	`----`
`38`		`-$ htpasswd -b </path/to/users.htpasswd> <user_name> <password>`
	`38`	`+$ htpasswd -B -b </path/to/users.htpasswd> <user_name> <password>`
`39`	`39`	`----`