diff --git a/sysadm/deployment/argocd.rst b/sysadm/deployment/argocd.rst --- a/sysadm/deployment/argocd.rst +++ b/sysadm/deployment/argocd.rst @@ -135,3 +135,72 @@ More information about the application configuration can also be found in the `official ArgoCD documentation `__ +Manage users +------------ + +This documentation is based on the `official user management documentation `__ (archived link) + +Prerequisite +~~~~~~~~~~~~ + +The argocd cli will be necessary to perform some action relative to the user management + +Add a user +~~~~~~~~~~ + +- Add the user on the `argo-cm.yaml `__ file +- Add the user role on the `argocd-rbac-cm.yaml `__ file + If no role is specified, the user will only have a read-only access + +.. code:: yaml + + g, , role:admin + +- Commit and push your changes, wait a couple of minutes to let ArgoCD apply the changes +- Modify the user password with the cli + +.. code:: bash + +$ # Check the user is created +$ argocd --grpc-web account list +NAME ENABLED CAPABILITIES +admin true login +newuser true apiKey, login +$ # update its password +$ argocd --grpc-web account update-password --account newuser +*** Enter password of currently logged in user (admin): +*** Enter new password for user newuser: XXX +*** Confirm new password for user newuser: XXX +Password updated + +Disable a user +~~~~~~~~~~~~~~ + +- Add the following line in the `argocd-cm.yaml `__ file + +.. code:: yaml + + accounts.usertodisable.enabled: "false" + +- Commit and push your change, wait a couple of minutes to let ArgoCD apply the changes +- Check if the user is well disabled + +.. code:: bash + + $ argocd --grpc-web account list + NAME ENABLED CAPABILITIES + admin true login + usertodisable false apiKey, login + +Delete a user +~~~~~~~~~~~~~ + +- Remove the changes committed in the `Add a user` procedure +- Commit and push your changes, wait a couple of minutes to let ArgoCD apply the changes +- Check if the user is well deleted + +.. code:: bash + + $ argocd --grpc-web account list + NAME ENABLED CAPABILITIES + admin true login