This page (revision-26) was last changed on 23-Apr-2022 17:06 by Harry Metske

This page was created on 23-Apr-2022 17:05 by Harry Metske

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note
26 23-Apr-2022 17:06 30 KB Harry Metske to previous
25 23-Apr-2022 17:05 30 KB Harry Metske to previous | to last
24 23-Apr-2022 17:05 30 KB Harry Metske to previous | to last
23 23-Apr-2022 17:05 29 KB Harry Metske to previous | to last
22 23-Apr-2022 17:05 29 KB Harry Metske to previous | to last
21 23-Apr-2022 17:05 28 KB Harry Metske to previous | to last

Page References

Incoming links Outgoing links
Credhub...nobody
Credhub

Version management

Difference between version and

At line 166 added 3 lines
%%collapsebox
__users__
%%small
At line 265 added 2 lines
/%
/%
At line 268 added 414 lines
Also list the groups:
%%collapsebox
__groups__
%%small
{{{
metskem@athena ~/workspace/boshlite/deployments/vbox uaac groups
bosh.admin
id: 599b2bab-a8d9-4b00-9c69-0082dba892c7
meta
version: 1
created: 2018-09-02T12:26:27.335Z
lastmodified: 2018-09-02T12:26:30.452Z
description: User has admin access on any Director
members:
-
origin: uaa
type: USER
value: 867f25b4-4c92-41a9-b6aa-dba4b6d23cac
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
openid
id: 8ae1fd7f-e393-4ca6-a727-e267fb1661da
meta
version: 1
created: 2018-09-02T12:26:27.341Z
lastmodified: 2018-09-02T12:26:30.425Z
description: Access profile information, i.e. email, first and last name, and phone number
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
password.write
id: ec253d39-e701-44f8-bd06-7e1a97b449a1
meta
version: 1
created: 2018-09-02T12:26:27.347Z
lastmodified: 2018-09-02T12:26:30.443Z
description: Change your password
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
uaa.user
id: db3e1751-bb89-4050-8bce-83e40fcbf86b
meta
version: 1
created: 2018-09-02T12:26:27.352Z
lastmodified: 2018-09-02T12:26:30.439Z
description: Act as a user in the UAA
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
approvals.me
id: cc248fc8-50d6-48a1-a1d4-d7e3dfc65f42
meta
version: 0
created: 2018-09-02T12:26:27.357Z
lastmodified: 2018-09-02T12:26:27.357Z
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
profile
id: bdf0bbb0-5047-4705-a3c2-43590babaaec
meta
version: 0
created: 2018-09-02T12:26:27.363Z
lastmodified: 2018-09-02T12:26:27.363Z
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
roles
id: 24348f57-4ce1-4f76-b5bb-2c716d3bd203
meta
version: 0
created: 2018-09-02T12:26:27.367Z
lastmodified: 2018-09-02T12:26:27.367Z
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
user_attributes
id: cfba5d5c-fe3d-4948-b2e5-bd33caf914d6
meta
version: 0
created: 2018-09-02T12:26:27.370Z
lastmodified: 2018-09-02T12:26:27.370Z
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
uaa.offline_token
id: 9c03792f-013d-4cc3-9220-8c688d809f56
meta
version: 1
created: 2018-09-02T12:26:27.374Z
lastmodified: 2018-09-02T12:26:30.445Z
description: Allow offline access
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
bosh.releases.upload
id: ce7801fb-5b00-4b11-ad8a-ace788916ef8
meta
version: 1
created: 2018-09-02T12:26:30.304Z
lastmodified: 2018-09-02T12:26:30.397Z
description: User can upload new releases
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
idps.write
id: 848fc6e8-61a6-4894-a136-1e0d04e30ff2
meta
version: 1
created: 2018-09-02T12:26:30.306Z
lastmodified: 2018-09-02T12:26:30.399Z
description: Create and update identity providers
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
scim.me
id: 6eded82d-f5dd-48e0-8a60-90763d1773ea
meta
version: 0
created: 2018-09-02T12:26:30.309Z
lastmodified: 2018-09-02T12:26:30.309Z
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
scim.zones
id: ccfa8e33-0427-40fa-9815-1cc6aebe2fbf
meta
version: 1
created: 2018-09-02T12:26:30.312Z
lastmodified: 2018-09-02T12:26:30.401Z
description: Control a user's ability to manage a zone
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
cloud_controller.admin
id: 8f359d15-ac80-4fd0-a253-aafd9c2e0bf5
meta
version: 0
created: 2018-09-02T12:26:30.315Z
lastmodified: 2018-09-02T12:26:30.315Z
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
bosh.stemcells.upload
id: 5da65374-9578-46aa-8193-1499e30e0a1e
meta
version: 1
created: 2018-09-02T12:26:30.318Z
lastmodified: 2018-09-02T12:26:30.403Z
description: User can upload new stemcells
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
oauth.approval
id: fbf0a312-9dfb-45ba-a91e-ef7a06364bf5
meta
version: 1
created: 2018-09-02T12:26:30.320Z
lastmodified: 2018-09-02T12:26:30.405Z
description: Manage approved scopes
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
cloud_controller.write
id: 45f765c9-b670-4234-a378-8b2230d6779e
meta
version: 1
created: 2018-09-02T12:26:30.323Z
lastmodified: 2018-09-02T12:26:30.407Z
description: Push applications to your account and create and bind services
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
cloud_controller_service_permissions.read
id: 2da56b99-6188-42a7-be3b-0886741f3a1f
meta
version: 1
created: 2018-09-02T12:26:30.325Z
lastmodified: 2018-09-02T12:26:30.408Z
description: Verify user permission to manage service instances
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
bosh.read
id: c0770ea1-90d7-4f40-937f-408210750942
meta
version: 1
created: 2018-09-02T12:26:30.327Z
lastmodified: 2018-09-02T12:26:30.410Z
description: User has read access on any Director
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
oauth.approvals
id: bd5c331f-778c-4196-8abf-2d56381c56a5
meta
version: 0
created: 2018-09-02T12:26:30.331Z
lastmodified: 2018-09-02T12:26:30.331Z
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
uaa.none
id: ee5ced29-82c8-49c4-aef9-c6437b1dad63
meta
version: 1
created: 2018-09-02T12:26:30.334Z
lastmodified: 2018-09-02T12:26:30.411Z
description: Forbid acting as a user
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
idps.read
id: d694cd45-5aef-478f-a3d4-2ea79585a66c
meta
version: 1
created: 2018-09-02T12:26:30.337Z
lastmodified: 2018-09-02T12:26:30.414Z
description: Retrieve identity providers
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
clients.read
id: 171aeb8c-94ec-4900-9992-f6b60eaeca95
meta
version: 1
created: 2018-09-02T12:26:30.340Z
lastmodified: 2018-09-02T12:26:30.416Z
description: Read information about OAuth clients
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
zones.read
id: 961d07c3-8d4f-4b3d-b193-f4bfb26fcf99
meta
version: 1
created: 2018-09-02T12:26:30.342Z
lastmodified: 2018-09-02T12:26:30.418Z
description: Read identity zones
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
scim.userids
id: b45ff2b9-857d-4c0d-b587-cd565cb0596f
meta
version: 1
created: 2018-09-02T12:26:30.345Z
lastmodified: 2018-09-02T12:26:30.420Z
description: Read user IDs and retrieve users by ID
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
clients.secret
id: 1f0ee76f-1d2b-4051-8a82-217e4ef2036e
meta
version: 1
created: 2018-09-02T12:26:30.348Z
lastmodified: 2018-09-02T12:26:30.422Z
description: Change the password of an OAuth client
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
uaa.resource
id: 77f58d65-e7f9-42b6-9cbb-2bbe6574501f
meta
version: 1
created: 2018-09-02T12:26:30.351Z
lastmodified: 2018-09-02T12:26:30.423Z
description: Serve resources protected by the UAA
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
scim.invite
id: 2f769581-c6ca-4707-b027-e1f572d1f8cb
meta
version: 1
created: 2018-09-02T12:26:30.354Z
lastmodified: 2018-09-02T12:26:30.427Z
description: Send invitations to users
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
groups.update
id: 3a0302f3-a765-487e-a9e1-03baddeece3a
meta
version: 1
created: 2018-09-02T12:26:30.358Z
lastmodified: 2018-09-02T12:26:30.429Z
description: Update group information and memberships
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
notification_preferences.read
id: c7f5cd9b-6f3c-4382-a70a-2ca0b171701f
meta
version: 0
created: 2018-09-02T12:26:30.360Z
lastmodified: 2018-09-02T12:26:30.360Z
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
oauth.login
id: c14f05f5-5b8c-4eec-b2e8-10f2c8d721a9
meta
version: 1
created: 2018-09-02T12:26:30.364Z
lastmodified: 2018-09-02T12:26:30.431Z
description: Authenticate users outside of the UAA
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
uaa.admin
id: 464f984f-1fbd-48ec-b0eb-ffe849ef4051
meta
version: 1
created: 2018-09-02T12:26:30.367Z
lastmodified: 2018-09-02T12:26:30.433Z
description: Act as an administrator throughout the UAA
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
clients.admin
id: 8635d6d0-0318-4cbd-a009-2dfd4d3d1993
meta
version: 1
created: 2018-09-02T12:26:30.370Z
lastmodified: 2018-09-02T12:26:30.434Z
description: Create, modify and delete OAuth clients
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
scim.read
id: 9561acd4-140d-4e9f-aa9a-288a4cf0df09
meta
version: 1
created: 2018-09-02T12:26:30.373Z
lastmodified: 2018-09-02T12:26:30.436Z
description: Read all SCIM entities, i.e. users and groups
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
scim.create
id: 4792729c-7517-4309-99d9-96a275a51674
meta
version: 1
created: 2018-09-02T12:26:30.377Z
lastmodified: 2018-09-02T12:26:30.437Z
description: Create users
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
notification_preferences.write
id: 1994ff63-8eab-40bc-99c6-3c3f117fd8fd
meta
version: 0
created: 2018-09-02T12:26:30.381Z
lastmodified: 2018-09-02T12:26:30.381Z
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
cloud_controller.read
id: a0a90654-9f88-4246-b9c5-93cee5f33dfe
meta
version: 1
created: 2018-09-02T12:26:30.384Z
lastmodified: 2018-09-02T12:26:30.441Z
description: View details of your applications and services
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
zones.write
id: 77802fef-8a94-4232-8ceb-338dd300d40f
meta
version: 1
created: 2018-09-02T12:26:30.387Z
lastmodified: 2018-09-02T12:26:30.447Z
description: Create and update identity zones
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
clients.write
id: ccf96d30-269b-4091-855a-308a61aec719
meta
version: 1
created: 2018-09-02T12:26:30.390Z
lastmodified: 2018-09-02T12:26:30.449Z
description: Create and modify OAuth clients
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
scim.write
id: 83df5f38-4046-4227-8a18-4cef5fd99e5a
meta
version: 1
created: 2018-09-02T12:26:30.393Z
lastmodified: 2018-09-02T12:26:30.450Z
description: Create, modify and delete SCIM entities, i.e. users and groups
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
organizations.acme
id: 72d1bdf8-03f4-416b-956c-35babcfde2fb
meta
version: 0
created: 2018-09-02T12:26:30.467Z
lastmodified: 2018-09-02T12:26:30.467Z
members:
schemas: urn:scim:schemas:core:1.0
zoneid: uaa
metskem@athena ~/workspace/boshlite/deployments/vbox
}}}
/%
/%
At line 264 changed one line
And there we see the user __credhub-admin__, that one is what we need for managing credhub. So let's credhub-login with that:
We have to create the __credhub.write__ and __credhub.read__ groups first and then make the newly created user a member of that:
At line 267 changed one line
metskem@athena ~/workspace/boshlite/deployments/vbox uaac group add credhub.read
id: afc61498-2384-4ded-8309-6c857b8eac6d
meta
version: 0
created: 2018-09-04T06:16:25.096Z
lastmodified: 2018-09-04T06:16:25.096Z
members:
schemas: urn:scim:schemas:core:1.0
displayname: credhub.read
zoneid: uaa
metskem@athena  ~/workspace/boshlite/deployments/vbox uaac group add credhub.write
id: fc109dcd-5cf9-444e-8365-01f6146ac26f
meta
version: 0
created: 2018-09-04T06:16:30.306Z
lastmodified: 2018-09-04T06:16:30.306Z
members:
schemas: urn:scim:schemas:core:1.0
displayname: credhub.write
zoneid: uaa
metskem@athena ~/workspace/boshlite/deployments/vbox uaac member add credhub.read credhub_user
success
metskem@athena ~/workspace/boshlite/deployments/vbox uaac member add credhub.write credhub_user
success
metskem@athena ~/workspace/boshlite/deployments/vbox
This page (revision-26) was last changed on 23-Apr-2022 17:06 by Harry MetskeTop