Initial setup
ARVADOS_API_HOST=pirca.arvadosapi.com ARVADOS_API_TOKEN=1234567890qwertyuiopasdfghjklzxcvbnm1234567890zzzz
In these examples, zzzzz-tpzed-3kz0nwtjehhl0u4
is the sample user account. Replace with the uuid of the user you wish to manipulate.
See user management for an overview of how to use these commands.
This creates a default git repository and VM login. Enables user to self-activate using Workbench.
$ arv user setup --uuid zzzzz-tpzed-3kz0nwtjehhl0u4
$ arv user unsetup --uuid zzzzz-tpzed-3kz0nwtjehhl0u4
When deactivating a user, you may also want to reassign ownership of their data .
$ arv user update --uuid "zzzzz-tpzed-3kz0nwtjehhl0u4" --user '{"is_active":true}'
Note: this bypasses user agreements checks, and does not set up the user with a default git repository or VM login.
As an admin, you can create tokens for other users.
$ arv api_client_authorization create --api-client-authorization '{"owner_uuid": "zzzzz-tpzed-fr97h9t4m5jffxs"}'
{
"href":"/api_client_authorizations/zzzzz-gj3su-yyyyyyyyyyyyyyy",
"kind":"arvados#apiClientAuthorization",
"etag":"9yk144t0v6cvyp0342exoh2vq",
"uuid":"zzzzz-gj3su-yyyyyyyyyyyyyyy",
"owner_uuid":"zzzzz-tpzed-fr97h9t4m5jffxs",
"created_at":"2020-03-12T20:36:12.517375422Z",
"modified_by_client_uuid":null,
"modified_by_user_uuid":null,
"modified_at":null,
"user_id":3,
"api_client_id":7,
"api_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"created_by_ip_address":null,
"default_owner_uuid":null,
"expires_at":null,
"last_used_at":null,
"last_used_by_ip_address":null,
"scopes":["all"]
}
To get the token string, combine the values of uuid
and api_token
in the form “v2/$uuid/$api_token”. In this example the string that goes in ARVADOS_API_TOKEN
would be:
ARVADOS_API_TOKEN=v2/zzzzz-gj3su-yyyyyyyyyyyyyyy/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
As a user or admin, if you need to revoke a specific, known token, for example a token that may have been leaked to an unauthorized party, you can delete it at the command line.
First, determine the token UUID. If it is a “v2” format token (starts with “v2/”) then the token UUID is middle section between the two slashes. For example:
v2/zzzzz-gj3su-yyyyyyyyyyyyyyy/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
the UUID is “zzzzz-gj3su-yyyyyyyyyyyyyyy” and you can skip to the next step.
If you have a “bare” token (only the secret part) then, as an admin, you need to query the token to get the uuid:
$ ARVADOS_API_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx arv --format=uuid api_client_authorization current zzzzz-gj3su-yyyyyyyyyyyyyyy
Now you can delete the token:
$ ARVADOS_API_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx arv api_client_authorization delete --uuid zzzzz-gj3su-yyyyyyyyyyyyyyy
First, obtain a valid token for the user.
Then, use that token to get all the user’s tokens, and delete each one:
$ ARVADOS_API_TOKEN=xxxxtoken-belonging-to-user-whose-tokens-will-be-deletedxxxxxxxx ; \ for uuid in $(arv --format=uuid api_client_authorization list) ; do \ arv api_client_authorization delete --uuid $uuid ; \ done
Give $user_uuid
permission to log in to $vm_uuid
as $target_username
and make sure that $target_username
is a member of the docker
group
user_uuid=xxxxxxxchangeme vm_uuid=xxxxxxxchangeme target_username=xxxxxxxchangeme read -rd $'\000' newlink <<EOF; arv link create --link "$newlink" { "tail_uuid":"$user_uuid", "head_uuid":"$vm_uuid", "link_class":"permission", "name":"can_login", "properties":{"username":"$target_username", "groups": [ "docker" ]} } EOF
Give $user_uuid
permission to commit to $repo_uuid
as $repo_username
user_uuid=xxxxxxxchangeme repo_uuid=xxxxxxxchangeme repo_username=xxxxxxxchangeme read -rd $'\000' newlink <<EOF; arv link create --link "$newlink" { "tail_uuid":"$user_uuid", "head_uuid":"$repo_uuid", "link_class":"permission", "name":"can_write", "properties":{"username":"$repo_username"} } EOF
The content of this documentation is licensed under the
Creative
Commons Attribution-Share Alike 3.0 United States licence.
Code samples in this documentation are licensed under the
Apache License, Version 2.0.