--- layout: default navsection: admin title: User management at the CLI ... {% comment %} Copyright (C) The Arvados Authors. All rights reserved. SPDX-License-Identifier: CC-BY-SA-3.0 {% endcomment %} Initial setup
ARVADOS_API_HOST={{ site.arvados_api_host }} ARVADOS_API_TOKEN=1234567890qwertyuiopasdfghjklzxcvbnm1234567890zzzzIn these examples, @zzzzz-tpzed-3kz0nwtjehhl0u4@ is the sample user account. Replace with the uuid of the user you wish to manipulate. See "user management":{{site.baseurl}}/admin/user-management.html for an overview of how to use these commands. h3. Setup a user This creates a default git repository and VM login. Enables user to self-activate using Workbench.
$ arv user setup --uuid zzzzz-tpzed-3kz0nwtjehhl0u4
$ arv user unsetup --uuid zzzzz-tpzed-3kz0nwtjehhl0u4
$ arv user update --uuid "zzzzz-tpzed-3kz0nwtjehhl0u4" --user '{"is_active":true}'
$ arv api_client_authorization create --api-client-authorization '{"owner_uuid": "zzzzz-tpzed-fr97h9t4m5jffxs"}'
{
"href":"/api_client_authorizations/zzzzz-gj3su-yyyyyyyyyyyyyyy",
"kind":"arvados#apiClientAuthorization",
"etag":"9yk144t0v6cvyp0342exoh2vq",
"uuid":"zzzzz-gj3su-yyyyyyyyyyyyyyy",
"owner_uuid":"zzzzz-tpzed-fr97h9t4m5jffxs",
"created_at":"2020-03-12T20:36:12.517375422Z",
"modified_by_client_uuid":null,
"modified_by_user_uuid":null,
"modified_at":null,
"user_id":3,
"api_client_id":7,
"api_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"created_by_ip_address":null,
"default_owner_uuid":null,
"expires_at":null,
"last_used_at":null,
"last_used_by_ip_address":null,
"scopes":["all"]
}
ARVADOS_API_TOKEN=v2/zzzzz-gj3su-yyyyyyyyyyyyyyy/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxh3(#delete-token). Delete a single token As a user or admin, if you need to revoke a specific, known token, for example a token that may have been leaked to an unauthorized party, you can delete it at the command line. First, determine the token UUID. If it is a "v2" format token (starts with "v2/") then the token UUID is middle section between the two slashes. For example:
v2/zzzzz-gj3su-yyyyyyyyyyyyyyy/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxthe UUID is "zzzzz-gj3su-yyyyyyyyyyyyyyy" and you can skip to the next step. If you have a "bare" token (only the secret part) then, as an admin, you need to query the token to get the uuid:
$ ARVADOS_API_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx arv --format=uuid api_client_authorization current zzzzz-gj3su-yyyyyyyyyyyyyyyNow you can delete the token:
$ ARVADOS_API_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx arv api_client_authorization delete --uuid zzzzz-gj3su-yyyyyyyyyyyyyyyh3(#delete-all-tokens). Delete all tokens belonging to a user First, "obtain a valid token for the user.":#create-token Then, use that token to get all the user's tokens, and delete each one:
$ ARVADOS_API_TOKEN=xxxxtoken-belonging-to-user-whose-tokens-will-be-deletedxxxxxxxx ; \ for uuid in $(arv --format=uuid api_client_authorization list) ; do \ arv api_client_authorization delete --uuid $uuid ; \ doneh2. Adding Permissions h3(#vm-login). VM login Give @$user_uuid@ permission to log in to @$vm_uuid@ as @$target_username@ and make sure that @$target_username@ is a member of the @docker@ group
user_uuid=xxxxxxxchangeme vm_uuid=xxxxxxxchangeme target_username=xxxxxxxchangeme read -rd $'\000' newlink <