Skip to content

BZ-1778362: Adding how to update HTPasswd IDP with new user list #20508

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 13, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -40,4 +40,6 @@ include::modules/identity-provider-htpasswd-CR.adoc[leveloffset=+1]

include::modules/identity-provider-add.adoc[leveloffset=+1]

include::modules/identity-provider-htpasswd-update-users.adoc[leveloffset=+1]

include::modules/identity-provider-configuring-using-web-console.adoc[leveloffset=+1]
Original file line number Diff line number Diff line change
Expand Up @@ -35,5 +35,5 @@ Adding password for user user1
. Continue to add or update credentials to the file:
+
----
$ htpasswd -b </path/to/users.htpasswd> <user_name> <password>
$ htpasswd -B -b </path/to/users.htpasswd> <user_name> <password>
----
63 changes: 63 additions & 0 deletions modules/identity-provider-htpasswd-update-users.adoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
// Module included in the following assemblies:
//
// * authentication/identity_providers/configuring-htpasswd-identity-provider.adoc

[id="identity-provider-htpasswd-update-users_{context}"]
= Updating users for an HTPasswd identity provider

You can add or remove users from an existing HTPasswd identity provider.

.Prerequisites

* You have created a secret that contains the HTPasswd user file. This procedure assumes that it is named `htpass-secret`.
* You have configured an HTPasswd identity provider. This procedure assumes that it is named `my_htpasswd_provider`.
* You have access to the `htpasswd` utility. On Red Hat Enterprise Linux this is available by installing the `httpd-tools` package.
* You have cluster administrator privileges.

.Procedure

. Retrieve the HTPasswd file from the `htpass-secret` secret and save the file to your file system:
+
----
$ oc get secret htpass-secret -ojsonpath={.data.htpasswd} -n openshift-config | base64 -d > users.htpasswd
----

. Add or remove users from the `users.htpasswd` file.

** To add a new user:
+
----
$ htpasswd -bB users.htpasswd <username> <password>
Adding password for user <username>
----

** To remove an existing user:
+
----
$ htpasswd -D users.htpasswd <username>
Deleting password for user <username>
----

. Replace the `htpass-secret` secret with the updated users in the `users.htpasswd` file:
+
----
$ oc create secret generic htpass-secret --from-file=htpasswd=users.htpasswd --dry-run -o yaml -n openshift-config | oc replace -f -
----

. If you removed one or more users, you must additionally remove existing resources for each user.

.. Delete the user:
+
----
$ oc delete user <username>
user.user.openshift.io "<username>" deleted
----
+
Be sure to remove the user, otherwise the user can continue using their token as long as it has not expired.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@stlaz Is this wording okay per our discussion?


.. Delete the identity for the user:
+
----
$ oc delete identity my_htpasswd_provider:<username>
identity.user.openshift.io "my_htpasswd_provider:<username>" deleted
----