To handle "origin" of user with CF CLI

68 views
Skip to first unread message

Noburou Taniguchi

unread,
Mar 26, 2015, 8:59:07 AM3/26/15
to vcap...@cloudfoundry.org
Hi,

We've recently found that UAA supports "origin" of authentication.
This enables that there may be two or more users with a same username and different origins, for example:
  • username: foo, origin: uaa
  • username: foo, origin: keystone
Great.

However, even the latest version of CF CLI doesn't seem to be able to handle this attribute in updating / deleting user.
I mean, I can't specify which user to update / delete if there are multiple users with a same username.

So my questions are:
  1. Is my understanding about cli is right?
  2. If so, is there any way to avoid this problem?
  3. If so, is there a plan to update cli to handle "origin" of user?
We have no immediate plan to adopt keystone, so I'm not in a hurry. But I want to know when.

Thank you.

Mark Seidenstricker

unread,
Mar 26, 2015, 10:33:56 AM3/26/15
to vcap...@cloudfoundry.org
I see this too (same username diff origin) when using ldap as an origin.  I'm also interested in having the cf cli be able to handle this, but our current workaround is to use the uaac cli to delete accounts with a specific origin in this scenario.  Or if you want to start clean, you can just issue the user delete command from the cf cli twice to remove both accounts and then create the user via the origin you want.

Daniel Mikusa

unread,
Mar 26, 2015, 10:43:49 AM3/26/15
to vcap...@cloudfoundry.org
If you're interested, I have a hack on uaac that let's me set the origin field on adding / updating users.  It worked good for switching some users from uaa origin to ldap origin and bulk load ldap users.

Dan


```
diff --git a/lib/cli/user.rb b/lib/cli/user.rb
index ccdba02..eacc32c 100644
--- a/lib/cli/user.rb
+++ b/lib/cli/user.rb
@@ -23,7 +23,8 @@ class UserCli < CommonCli
   define_option :familyName, "--family_name <name>"
   define_option :emails, "--emails <addresses>"
   define_option :phoneNumbers, "--phones <phone_numbers>"
-  USER_INFO_OPTS = [:givenName, :familyName, :emails, :phoneNumbers]
+  define_option :origin, "--origin <origin>"
+  USER_INFO_OPTS = [:givenName, :familyName, :emails, :phoneNumbers, :origin]

   def user_opts(info = {})
     [:emails, :phoneNumbers].each do |o|
@@ -32,6 +33,7 @@ class UserCli < CommonCli
     end
     n = [:givenName, :familyName].each_with_object({}) { |o, n| n[o] = opts[o] if opts[o] }
     info[:name] = n unless n.empty?
+    info[:origin] = opts[:origin] if opts[:origin]
     info
   end
```


--
You received this message because you are subscribed to the Google Groups "Cloud Foundry Developers" group.
To view this discussion on the web visit https://groups.google.com/a/cloudfoundry.org/d/msgid/vcap-dev/077f70eb-9caa-454e-845f-55e770e0bb7d%40cloudfoundry.org.

To unsubscribe from this group and stop receiving emails from it, send an email to vcap-dev+u...@cloudfoundry.org.

Noburou Taniguchi

unread,
Mar 26, 2015, 7:52:42 PM3/26/15
to vcap...@cloudfoundry.org
Thank you, Mark and Dan.
Now I have some workarouds.
Reply all
Reply to author
Forward
0 new messages