Set Up and use of CNO IAM¶
IAM Set Up¶
CNO IAM offers multiple tools for managing IAM users. Like creating, listing or deleting users.
Use case:
- Creating IAM Users
- Listing IAM Users
- Assigning Roles IAM Users
- Updating IAM Users
- Deleting IAM Users
- Creating IAM Groups
- Deleting IAM Groups
- Listing IAM Groups and Users
- Assigning Roles to IAM Groups
- Deleting Roles to IAM Groups
- Adding Users to IAM Groups
- Deleting Users to IAM Groups
CNO IAM Set Up Using CNO UI¶
Creating IAM Users¶
Head over to Secure > IAM and click the Red "Add User" Button at the top-right corner.
Fill the form with relevant details.
- First Name
- Last Name
- Department
- Username
Below is the role you wish to assign to the user. You'll have a dropdown consisting of
- Super Admin
- Project Admin
- Developers
- Validators
- Project Owner
- Project Owner+
To make a Project Owner+, simply switch on the self-provisioner tag
For a complete breakdown of all the roles, visit CNO Secure
Click "Add"
You'll be taken back to the CNO IAM overview and you can see your newly added user. The user will be sent an email with a link for creating their password. After they're done. They can login to the CNO UI with their username and password.
Updating IAM Users¶
Things like the names and emails of users can't be changed but we can change their assigned roles to reflect any change in their positions at organization and project level.
To update their assigned roles:
Simply click on their current role and choose thier new role from the dropdown.
Deleting IAM Users¶
To delete IAM users, simply click the cross sign next to their email
You'll be taken to a pop-up window asking for a confirmation.
CNO Set Up Using CNOCTL¶
Prerequisites:¶
Connect to the CNO command line to use a command in this tutorial.
Creating IAM Users¶
cnoctl adm create user --firstname james --lastname james --email james@gmail.com --username james --department devops
NB: The username and email flags are required to create a user.
The user will automatically be assigned a member role.
Listing IAM Users¶
You can list all users or a specific user.
- To list a specific user:
- To list all users:
Assigning and Droping Roles to IAM Users¶
Before assigning a role, you should verify that the user is already registered. You can assign a new role for a user or modify an existing role from the user.
- Assigning A Role:
Assign a super-admin role to james
* Dropping A Role.Before deleting a role, make sure there is a user with this role. Drop James's super-admin role.
Updating IAM Users¶
You can update the first name, last name, and the department of the user. Before updating the user, be sure that it exists by listing the users. Now, let’s modify the first name James to Mody.
NB: The username is required and can not be changed.
Deleting a IAM User¶
Before deleting a user, you must verify if the user exists. Then, delete the user james by specifying his username.
Creating an IAM Group¶
To create a new group for example admin group, you use the cnoctl command:
Deleting an IAM Group¶
To delete the admin group use:
Note: You can only delete empty groups, so you'll have to delete every user in the group before deleting the groupListing IAM Groups and Users¶
Listing Groups and All user-member contained in the Group:
To get all groups use:
To get a single group admin for example use:
Assigning Roles to IAM Group¶
To add super_admin role to the admin group use:
Example:
Deleting Roles from IAM Groups¶
Delete super_admin role from the admin group use:
Example:
Adding Users to IAM Group¶
To add one or more users to a group use:
Example: To add user james to the group admin use:Deleting Users from IAM Groups¶
To delete a user from a group use:
To delete user james to the group admin use: