Skip to content

User

Name

hypercloud user - manages HyperCloud users

Synopsis

hypercloud user <command> [<args>] [<options>]

Options

--adjust x,y,z            Adjust size to not truncate selected columns
-a, --append              Append new attributes to the current template
-c, --cert path_to_user_cert_pem 
                          Path to the Certificate of the User
--csv                     Write table in csv format
--csv-del del             Set delimiter for csv output
--decrypt                 Get decrypted attributes
-d, --delay x             Sets the delay in seconds for top command
--describe                Describe list columns
--driver driver           Driver to authenticate this user
--endpoint endpoint       URL of HyperCloud xmlrpc frontend
--expand [x=prop,y=prop]  Expands the columns size to fill the terminal.
                            For example: $hypercloud user list --expand
                            name=0.4,group=0.6 will expand name 40% and
                            group 60%. 
                            $hypercloud user list --expand name,group will
                            expand name and group based on its size. 
                            $hypercloud user list --expand will expand all columns.
-f, --filter x,y,z        Filter data. An array is specified with
                          column=value pairs. 
                          Valid operators: =,!=,<,<=,>,>=,~ 
                            e.g. NAME=test (match name with test) 
                            NAME~test (match every NAME containing the substring 'test')
--force                   Force one_auth file rewrite
--global                  Find a global Token.
--group id|name           Comma-separated list of Groups for the new User.
                          The first Group will be the main one.
-h, --help                Show this message
-j, --json                Show the resource in JSON format
-k, --key path_to_private_key_pem 
                          Path to the Private Key of the User
-l, --list x,y,z          Selects columns to display with list command
-c, --listconf conf       Selects a predefined column list
--no-expand               Disable expand
--no-header               Hides the header of the table
--no-pager                Disable pagination
-n, --numeric             Do not translate user and group IDs
--operator operator       Logical operator used on filters: AND, OR.
                            Default: AND.
--password password       Password to authenticate with HyperCloud
--proxy path_to_user_proxy_pem 
                          Path to the user proxy certificate
-r, --read-file           Read password from file
--sha256                  The password will be hashed using the sha256
                          algorithm
-s, --size x=size,y=size  Change the size of selected columns. 
                            For example: $ hypercloud user list --size "name=20" will make column
                            name size 20.
--ssh                     SSH Auth system
--stdin_password          enable stdin password
--time x                  Token duration in seconds, defaults to 36000 (10
                          h). To reset the token set time to 0.To generate
                          a non-expiring token use -1 (not valid for ssh
                          and x509 tokens).
--token token_hint        The Token to be loaded.
--user name               User name used to connect to HyperCloud
-v, --verbose             Verbose mode
-V, --version             Show version and copyright information
--x509                    x509 Auth system for x509 certificates
--x509_proxy              x509 Auth system based on x509 proxy certificates
-x, --xml                 Show the resource in xml format
-y, --yaml                Show the resource in YAML format

Commands

  • addgroup <range|userid_list> <groupid> Adds the User to a secondary group.

  • batchquota <range|userid_list> [<file>] Sets the quota limits in batch for various users. If a path is not provided the editor will be launched to create new quotas.

  • chauth <userid> [<auth>] [<password>] Changes the User's auth driver and its password (optional)

    • Valid options: cert driver key read_file sha256 ssh x509

Examples

hypercloud user chauth my_user core
hypercloud user chauth my_user core new_password
hypercloud user chauth my_user core -r /tmp/mypass
hypercloud user chauth my_user --ssh --key /home/oneadmin/.ssh/id_rsa
hypercloud user chauth my_user --ssh -r /tmp/public_key
hypercloud user chauth my_user --x509 --cert /tmp/my_cert.pem

  • chgrp <range|userid_list> <groupid> Changes the User's primary group.

  • create <username> [<password>] Creates a new User.

    • Valid options: cert driver group key read_file sha256 ssh x509

Examples

hypercloud user create my_user my_password
hypercloud user create my_user -r /tmp/mypass
hypercloud user create my_user my_password --group users,102,testers
hypercloud user create my_user --ssh --key /tmp/id_rsa
hypercloud user create my_user --ssh -r /tmp/public_key
hypercloud user create my_user --x509 --cert /tmp/my_cert.pem

  • defaultquota [<file>] Sets the default quota limits for the users. If a path is not provided the editor will be launched to modify the current default quotas.

  • delete <range|userid_list> Deletes the given User.

  • delgroup <range|userid_list> <groupid> Removes the User from a secondary group.

  • disable <range|userid_list> Disables the given User.

  • enable <range|userid_list> Enables the given User.

  • encode <username> [<password>] Encodes user and password to use it with ldap.

  • key Shows a public key from a private SSH key. Use it as password for the SSH authentication mechanism.

    • Valid options: key

  • list Lists Users in the pool

    • Valid options: adjust csv csv_del delay describe expand filter json list listconf no_expand no_header no_pager numeric operator size xml yaml

  • login [<username>] Alias of token-create.

    • Valid options: cert force group key proxy ssh stdin_password time x509 x509_proxy

  • passwd <userid> [<password>] Changes the given User's password

    • Valid options: cert driver key read_file sha256 ssh x509

  • passwdsearch <driver> <password> Searches for users with a specific auth driver that has the given string in their password field

    • Valid options: csv xml

  • quota <userid> [<file>] Set the quota limits for the user. If a path is not provided the editor will be launched to modify the current quotas.

  • show [<userid>] Shows information for the given User.

    • Valid options: decrypt json xml yaml

  • token-create [<username>] Creates the login token for authentication. The token can be used together with any authentication driver. The token will be stored in $HOME/.one/one_auth, and can be used subsequently to authenticate with oned through API, CLI or Sunstone.

    If <username> is omitted, it will infer it from the ONE_AUTH file.

    • Valid options: cert force group key proxy ssh stdin_password time x509 x509_proxy

Examples

Request a valid token for a generic driver (e.g. core auth, LDAP...): 

hypercloud user token-create my_user --time 3600
Request a group specific token (new resources will be created in that group and only resources that belong to that group will be listed): 
hypercloud user token-create my_user --group <id|group>
Generate and set a token for SSH based authentication: 
hypercloud user token-create my_user --ssh --key /tmp/id_rsa --time 72000
Same, using X509 certificates: 
hypercloud user token-create my_user --x509 --cert /tmp/my_cert.pem
                                --key /tmp/my_key.pk --time 72000
Now, with a X509 proxy certificate 
hypercloud user token-create my_user --x509_proxy --proxy /tmp/my_cert.pem
                                --time 72000

  • token-delete [<username>] <token> Expires a token and removes the associated ONE_AUTH file if present.

    • Valid options: cert force group key proxy ssh stdin_password time x509 x509_proxy

  • token-delete-all <username> Delete all the tokens of a user. This command is intended to be executed by a user that has MANAGE permissions of the target user.

    • valid options: cert force group key proxy ssh stdin_password time x509 x509_proxy

  • token-set [<username>] Generates a ONE_AUTH file that contains the token.

    You must provide one (and only one) of the following options:

    Option:
    		   Description:
    --token <token>     searches for a token that starts with that string. It must be unique.
    --group <id|group>     returns the most durable token that provides access to that specific group.
    --global     returns the most durable global token (non-group specific).

    The argument 'username' is optional, if omitted it is inferred from the ONE_AUTH file. - Valid options: cert force global group key proxy ssh stdin_password time token x509 x509_proxy

Example

Set a token: 

$ hypercloud user token-set my_user --token 1d47
export ONE_AUTH=/var/lib/one/.one/<file>.token; export ONE_EGID=-1
You can copy & paste the output of the command and will load the proper environment variables.

  • umask <range|userid_list> [<mask>] Changes the umask used to create the default permissions. In a similar way to the Unix umask command, the expected value is a three-digit base-8 number. Each digit is a mask that disables permissions for the owner, group and other, respectively.

    If mask is not given, or if it is an empty string, the umask will be unset.

  • update <userid> [<file>] Update the template contents. If a path is not provided the editor will be launched to modify the current content.

    • valid options: append

Argument Formats

  • file Path to a file.

  • groupid HyperCloud GROUP name or ID.

  • password User password.

  • range List of ID's in the form 1,8..15.

  • text String.

  • userid HyperCloud USER name or ID.

  • userid_list Comma-separated list of HyperCloud USER names or IDs.

Version

HyperCloud Orchestrator 6.4.0.1

Copyright © SoftIron