diff --git a/authentication/identity_providers/configuring-htpasswd-identity-provider.adoc b/authentication/identity_providers/configuring-htpasswd-identity-provider.adoc index 3c97f41c9543..ffb0587be825 100644 --- a/authentication/identity_providers/configuring-htpasswd-identity-provider.adoc +++ b/authentication/identity_providers/configuring-htpasswd-identity-provider.adoc @@ -40,4 +40,6 @@ include::modules/identity-provider-htpasswd-CR.adoc[leveloffset=+1] include::modules/identity-provider-add.adoc[leveloffset=+1] +include::modules/identity-provider-htpasswd-update-users.adoc[leveloffset=+1] + include::modules/identity-provider-configuring-using-web-console.adoc[leveloffset=+1] diff --git a/modules/identity-provider-creating-htpasswd-file-linux.adoc b/modules/identity-provider-creating-htpasswd-file-linux.adoc index 61b138ea98f6..8fc3c40c6f4b 100644 --- a/modules/identity-provider-creating-htpasswd-file-linux.adoc +++ b/modules/identity-provider-creating-htpasswd-file-linux.adoc @@ -35,5 +35,5 @@ Adding password for user user1 . Continue to add or update credentials to the file: + ---- -$ htpasswd -b +$ htpasswd -B -b ---- diff --git a/modules/identity-provider-htpasswd-update-users.adoc b/modules/identity-provider-htpasswd-update-users.adoc new file mode 100644 index 000000000000..bee5dd9b0ff5 --- /dev/null +++ b/modules/identity-provider-htpasswd-update-users.adoc @@ -0,0 +1,63 @@ +// Module included in the following assemblies: +// +// * authentication/identity_providers/configuring-htpasswd-identity-provider.adoc + +[id="identity-provider-htpasswd-update-users_{context}"] += Updating users for an HTPasswd identity provider + +You can add or remove users from an existing HTPasswd identity provider. + +.Prerequisites + +* You have created a secret that contains the HTPasswd user file. This procedure assumes that it is named `htpass-secret`. +* You have configured an HTPasswd identity provider. This procedure assumes that it is named `my_htpasswd_provider`. +* You have access to the `htpasswd` utility. On Red Hat Enterprise Linux this is available by installing the `httpd-tools` package. +* You have cluster administrator privileges. + +.Procedure + +. Retrieve the HTPasswd file from the `htpass-secret` secret and save the file to your file system: ++ +---- +$ oc get secret htpass-secret -ojsonpath={.data.htpasswd} -n openshift-config | base64 -d > users.htpasswd +---- + +. Add or remove users from the `users.htpasswd` file. + +** To add a new user: ++ +---- +$ htpasswd -bB users.htpasswd +Adding password for user +---- + +** To remove an existing user: ++ +---- +$ htpasswd -D users.htpasswd +Deleting password for user +---- + +. Replace the `htpass-secret` secret with the updated users in the `users.htpasswd` file: ++ +---- +$ oc create secret generic htpass-secret --from-file=htpasswd=users.htpasswd --dry-run -o yaml -n openshift-config | oc replace -f - +---- + +. If you removed one or more users, you must additionally remove existing resources for each user. + +.. Delete the user: ++ +---- +$ oc delete user +user.user.openshift.io "" deleted +---- ++ +Be sure to remove the user, otherwise the user can continue using their token as long as it has not expired. + +.. Delete the identity for the user: ++ +---- +$ oc delete identity my_htpasswd_provider: +identity.user.openshift.io "my_htpasswd_provider:" deleted +----