User and other access credential management command.

Usage

athena-users [OPTIONS] COMMAND [ARGS]...
Option Description
-h, –help Show built-in help documentation.
–save / -n Update/save environment variables in $ANSIBLE_DATA from/to environment Git repo.
–state [present,absent] present - create user, absent - delete
-v, –verbose Enable verbose output.

Commands

Admin

Manage admin users. IAM user management.

athena-users admin <username> <email>
Arguments
  • <email> - Email to which generated client certificate will be sent.
  • <username> - User name, for example: ‘john.smith’.

Git

Manage Git SCM user access. Git repository and user management.

athena-users git <username> <email>
Option Description
-a, –access [R,W,RW,RW+] Repository access level. “R” - read, “W” - write, “RW” - read/write, “RW+” - full access.
-r, –repo Repository name.
Arguments
  • <email> - User email.
  • <username> - User name, for example: ‘john.smith’.

IPA

Manage LDAP user access. IPA user management.

athena-users ipa [OPTIONS] <username> <email>
Option Description
-g, –group-add Comma separated list of IPA groups user must be added to.
–group-remove Comma separated list of IPA groups user must be removed from.
-r, –reset Reset IPA user password and email.
Arguments
  • <email> - Email to which generated password will be sent.
  • <username> - User name, for example: ‘john.smith’.

SSH

Manage machine instance SSH user access. Deployed machine administrator user ~/.ssh/authorized_keys public key management.

athena-users ssh [OPTIONS] <username> <zone>
Option Description
-a, –all Add access for all zones.
–pub-key User SSH public key.
Arguments
  • <username> - User name, for example: ‘john.smith’.
  • <zone> - Access zone.

Sysacc

athena-users sysacc [OPTIONS] <username>
Option Description
-g, –group-add Comma separated list of IPA groups sysaccount must be added to.
–group-remove Comma separated list of IPA groups sysaccount must be removed from.
-r, –reset Update sysaccount password.
Arguments
  • <username> - User name, for example: ‘john.smith’.

VPN

Manage VPN user access. VPN user management.

athena-users vpn [OPTIONS] COMMAND [ARGS]...

VPN Commands

Activate

Send ovpn file to user.

athena-users vpn activate <username> <email>
Arguments
  • <email> - Email to which VPN configuration will be sent.
  • <username> - User name, for example: ‘john.smith’.

Create

Create new user.

athena-users vpn create <username> <email> <password>
Arguments
  • <email> - Email to which VPN configuration will be sent.
  • <password> - User password.
  • <username> - User name, for example: ‘john.smith’.

Remove

Remove user VPN access (Side effect: removes user WAF access as well).

athena-users vpn remove <username> <email>
Arguments
  • <email> - Email to which VPN configuration was sent.
  • <username> - User name, for example: ‘john.smith’.

Reset

Reset ovpn file password.

athena-users vpn reset <username> <email> <password>
Arguments
  • <email> - Email to which VPN configuration will be sent.
  • <password> - User password.
  • <username> - User name, for example: ‘john.smith’.

Signup

Send new user signup notification to administrator.

athena-users vpn signup <username> <email>
Arguments
  • <email> - Email to which VPN configuration will be sent.
  • <username> - User name, for example: ‘john.smith’.

WAF

Manage WAF (web application firewall) user client certificates. Web Application Firewall user management.

athena-users waf [OPTIONS] COMMAND [ARGS]...
Option Description
-u, –user-type [client,server,remote] Client certificate type.

WAF Commands

Activate

Send p12 file to user.

athena-users waf activate <username> <email>
Arguments
  • <email> - Email to which generated client certificate will be sent.
  • <username> - User name, for example: ‘john.smith’.

Create

Create new user.

athena-users waf create <username> <email> <password>
Arguments
  • <email> - Email to which generated client certificate will be sent.
  • <password> - User password.
  • <username> - User name, for example: ‘john.smith’.

List

List users.

athena-users waf list

Remove

Remove user WAF access (Side effect: removes user VPN access as well).

athena-users waf remove <username> <email>
Arguments
  • <email> - Email to which generated client certificate was sent.
  • <username> - User name, for example: ‘john.smith’.

Reset

Resets p12 file password and resends client certificate to the user

athena-users waf reset <username> <email> <password>
Arguments
  • <email> - Email to which generated client certificate will be sent.
  • <password> - New user password.
  • <username> - User name, for example: ‘john.smith’.

Signup

Send new user signup notification to administrator.

athena-users waf signup <username> <email>
Arguments
  • <email> - Email to which generated client certificate will be sent.
  • <username> - User name, for example: ‘john.smith’.

Extending

To add additional user management commands edit users.yml in environment playbook directory.

Examples

To create an admin user:

athena-users admin test.user test.user@example.com

To remove an admin user:

athena-users --state absent admin test.user test.user@example.com

To create a git user:

athena-users git test.user test.user@example.com

To create a git user in an another repository (‘External’) with only ‘read’ access rights:

athena-users git -a R -r External test.user test.user@example.com

To remove a git user access:

athena-users --state absent git test.user test.user@example.com

To create an LDAP / IPA user:

athena-users ipa test.user@example.com

To create an LDAP / IPA user with ‘admin’ and ‘pwmUser’ groups set to it.

athena-users ipa -g admin,pwmUser test.user test.user@example.com

To reset an LDAP / IPA user:

athena-users ipa -r test.user test.user@example.com

To remove an LDAP / IPA user:

athena-users --state absent ipa test.user test.user@example.com

To add SSH access to user for ‘Backoffice’ zone:

athena-users ssh test.user BackOffice

To add SSH access to user for all zones, and provide users SSH public key:

athena-users ssh --all --pub-key "ssh-rsa asg97z8g9..." test.user

To remove SSH access for user from ‘Backoffice’ zone:

athena-users --state absent ssh test.user BackOffice

To create a sys account:

athena-users sysacc test.user

To reset a sys account password and add groups ‘docker’ and ‘test’ to account:

athena-users sysacc -r -g docker,test test.user 

To remove a sys account:

athena-users --state absent sysacc test.user

To activate VPN access for user.

athena-users vpn activate test.user test.user@email.com

To create VPN access for user.

athena-users vpn create test.user test.user@example.com p4$Sw0rd

To remove VPN access for user.

athena-users vpn remove test.user test.user@example.com

To reset VPN access for user.

athena-users vpn reset test.user test.user@example.com p4$Sw0rd

To send administrator VPN signup notification about user.

athena-users vpn signup test.user test.user@example.com

To activate access WAF for user.

athena-users waf activate test.user test.user@example.com

To create WAF access for user.

athena-users waf create test.user test.user@example.com p4$Sw0rd

To list WAF users.

athena-users waf list

To remove WAF access for user.

athena-users waf remove test.user test.user@example.com

To reset WAF access for user.

athena-users waf reset test.user test.user@example.com p4$Sw0rd

To send administrator WAF signup notification about user.

athena-users waf signup test.user test.user@example.com