athena-users
User and other access credential management command.
Usage
athena-users [OPTIONS] COMMAND [ARGS]...
| Option | Description |
|---|---|
| -h, –help | Show built-in help documentation. |
| –save / -n | Update/save environment variables in $ANSIBLE_DATA from/to environment Git repo. |
| –state [present,absent] | present - create user, absent - delete |
| -v, –verbose | Enable verbose output. |
Commands
Admin
Manage admin users. IAM user management.
athena-users admin <username> <email>
Arguments
<email>- Email to which generated client certificate will be sent.<username>- User name, for example: ‘john.smith’.
Git
Manage Git SCM user access. Git repository and user management.
athena-users git <username> <email>
| Option | Description |
|---|---|
| -a, –access [R,W,RW,RW+] | Repository access level. “R” - read, “W” - write, “RW” - read/write, “RW+” - full access. |
| -r, –repo |
Repository name. |
Arguments
<email>- User email.<username>- User name, for example: ‘john.smith’.
IPA
Manage LDAP user access. IPA user management.
athena-users ipa [OPTIONS] <username> <email>
| Option | Description |
|---|---|
| -g, –group-add |
Comma separated list of IPA groups user must be added to. |
| –group-remove |
Comma separated list of IPA groups user must be removed from. |
| -r, –reset | Reset IPA user password and email. |
Arguments
<email>- Email to which generated password will be sent.<username>- User name, for example: ‘john.smith’.
SSH
Manage machine instance SSH user access. Deployed machine administrator user ~/.ssh/authorized_keys public key management.
athena-users ssh [OPTIONS] <username> <zone>
| Option | Description |
|---|---|
| -a, –all | Add access for all zones. |
| –pub-key |
User SSH public key. |
Arguments
<username>- User name, for example: ‘john.smith’.<zone>- Access zone.
Sysacc
athena-users sysacc [OPTIONS] <username>
| Option | Description |
|---|---|
| -g, –group-add |
Comma separated list of IPA groups sysaccount must be added to. |
| –group-remove |
Comma separated list of IPA groups sysaccount must be removed from. |
| -r, –reset | Update sysaccount password. |
Arguments
<username>- User name, for example: ‘john.smith’.
VPN
Manage VPN user access. VPN user management.
athena-users vpn [OPTIONS] COMMAND [ARGS]...
VPN Commands
Activate
Send ovpn file to user.
athena-users vpn activate <username> <email>
Arguments
<email>- Email to which VPN configuration will be sent.<username>- User name, for example: ‘john.smith’.
Create
Create new user.
athena-users vpn create <username> <email> <password>
Arguments
<email>- Email to which VPN configuration will be sent.<password>- User password.<username>- User name, for example: ‘john.smith’.
Remove
Remove user VPN access (Side effect: removes user WAF access as well).
athena-users vpn remove <username> <email>
Arguments
<email>- Email to which VPN configuration was sent.<username>- User name, for example: ‘john.smith’.
Reset
Reset ovpn file password.
athena-users vpn reset <username> <email> <password>
Arguments
<email>- Email to which VPN configuration will be sent.<password>- User password.<username>- User name, for example: ‘john.smith’.
Signup
Send new user signup notification to administrator.
athena-users vpn signup <username> <email>
Arguments
<email>- Email to which VPN configuration will be sent.<username>- User name, for example: ‘john.smith’.
WAF
Manage WAF (web application firewall) user client certificates. Web Application Firewall user management.
athena-users waf [OPTIONS] COMMAND [ARGS]...
| Option | Description |
|---|---|
| -u, –user-type [client,server,remote] | Client certificate type. |
WAF Commands
Activate
Send p12 file to user.
athena-users waf activate <username> <email>
Arguments
<email>- Email to which generated client certificate will be sent.<username>- User name, for example: ‘john.smith’.
Create
Create new user.
athena-users waf create <username> <email> <password>
Arguments
<email>- Email to which generated client certificate will be sent.<password>- User password.<username>- User name, for example: ‘john.smith’.
List
List users.
athena-users waf list
Remove
Remove user WAF access (Side effect: removes user VPN access as well).
athena-users waf remove <username> <email>
Arguments
<email>- Email to which generated client certificate was sent.<username>- User name, for example: ‘john.smith’.
Reset
Resets p12 file password and resends client certificate to the user
athena-users waf reset <username> <email> <password>
Arguments
<email>- Email to which generated client certificate will be sent.<password>- New user password.<username>- User name, for example: ‘john.smith’.
Signup
Send new user signup notification to administrator.
athena-users waf signup <username> <email>
Arguments
<email>- Email to which generated client certificate will be sent.<username>- User name, for example: ‘john.smith’.
Extending
To add additional user management commands edit users.yml in environment playbook directory.
Examples
To create an admin user:
athena-users admin test.user test.user@example.com
To remove an admin user:
athena-users --state absent admin test.user test.user@example.com
To create a git user:
athena-users git test.user test.user@example.com
To create a git user in an another repository (‘External’) with only ‘read’ access rights:
athena-users git -a R -r External test.user test.user@example.com
To remove a git user access:
athena-users --state absent git test.user test.user@example.com
To create an LDAP / IPA user:
athena-users ipa test.user@example.com
To create an LDAP / IPA user with ‘admin’ and ‘pwmUser’ groups set to it.
athena-users ipa -g admin,pwmUser test.user test.user@example.com
To reset an LDAP / IPA user:
athena-users ipa -r test.user test.user@example.com
To remove an LDAP / IPA user:
athena-users --state absent ipa test.user test.user@example.com
To add SSH access to user for ‘Backoffice’ zone:
athena-users ssh test.user BackOffice
To add SSH access to user for all zones, and provide users SSH public key:
athena-users ssh --all --pub-key "ssh-rsa asg97z8g9..." test.user
To remove SSH access for user from ‘Backoffice’ zone:
athena-users --state absent ssh test.user BackOffice
To create a sys account:
athena-users sysacc test.user
To reset a sys account password and add groups ‘docker’ and ‘test’ to account:
athena-users sysacc -r -g docker,test test.user
To remove a sys account:
athena-users --state absent sysacc test.user
To activate VPN access for user.
athena-users vpn activate test.user test.user@email.com
To create VPN access for user.
athena-users vpn create test.user test.user@example.com p4$Sw0rd
To remove VPN access for user.
athena-users vpn remove test.user test.user@example.com
To reset VPN access for user.
athena-users vpn reset test.user test.user@example.com p4$Sw0rd
To send administrator VPN signup notification about user.
athena-users vpn signup test.user test.user@example.com
To activate access WAF for user.
athena-users waf activate test.user test.user@example.com
To create WAF access for user.
athena-users waf create test.user test.user@example.com p4$Sw0rd
To list WAF users.
athena-users waf list
To remove WAF access for user.
athena-users waf remove test.user test.user@example.com
To reset WAF access for user.
athena-users waf reset test.user test.user@example.com p4$Sw0rd
To send administrator WAF signup notification about user.
athena-users waf signup test.user test.user@example.com