See also: User
Add a user
If you’re the controller creator:
Juju has already set up a user for you. Your username is admin
and your access level is that of controller superuser
. Run juju logout
to be prompted to set up a password. Use juju change-user-password
to set the password.
To add a user to a controller, run the add-user
command followed by the username you want to assign to this user. For example:
juju add-user alex
This will create a user with username ‘alex’ and a controller login
access level.
See more: User access levels
It will also print a line of code that you must give this user to run using their Juju client – this will register the controller with their client and also prompt them to set up a password for the user.
Example user setup
Admin adding a new user ‘alex’ to the controller:
# Add a user named `alex`:
$ juju add-user alex
User "alex" added
Please send this command to alex:
juju register MFUTBGFsZXgwFRMTMTAuMTM2LjEzNi4xOToxNzA3MAQghBj6RLW5VgmCSWsAesRm5unETluNu1-FczN9oVfNGuYTFGxvY2FsaG9zdC1jb250cm9sbGVy
"alex" has not been granted access to any models. You can use "juju grant" to grant access.
New user ‘alex’ accessing the controller:
$ juju register MFUTBGFsZXgwFRMTMTAuMTM2LjEzNi4xOToxNzA3MAQghBj6RLW5VgmCSWsAesRm5unETluNu1-FczN9oVfNGuYTFGxvY2FsaG9zdC1jb250cm9sbGVy
Enter a new password: ********
Confirm password: ********
Enter a name for this controller [localhost-controller]: localhost-controller
Initial password successfully set for alex.
Welcome, alex. You are now logged into "localhost-controller".
There are no models available. You can add models with
"juju add-model", or you can ask an administrator or owner
of a model to grant access to that model with "juju grant".
Controller registration (and any other Juju operations that involves communication between a client and a controller) requires that the client be able to contact the controller over the network on TCP port 17070. In particular, if using a LXD-based cloud, network routes need to be in place (i.e. to contact the controller LXD container the client traffic must be routed through the LXD host).
See more:
juju add-user
,How to register a private controller
To add a user to a controller, in your Terraform plan add a juju_user
resource, specifying a label, a name, and a password. For example:
resource "juju_user" "alex" {
name = "alex"
password = "alexsupersecretpassword"
}
See more:
juju_user
(resource)
To add a user to a controller, on a connected Controller object, use the add_user()
method.
await my_controller.add_user("alex")
See more:
add_user()
View all the known users
To view a list of all the users known (i.e., allowed to log in) to the current controller, run the users
command:
juju users
The command also has flags that will allow you to specify a different controller, an output file, an output format, whether to print the full timestamp for connection times, etc.
See more:
juju users
The terraform juju
client does not support this. Please use the juju
client.
To view a list of all the users known (i.e., allowed to log in) to a controller, on a connected Controller object, use the get_users()
method.
await my_controller.get_users()
See more:
get_users()
View details about a user
To view details about a specific user, run the show-user
command followed by the name of the user. For example:
juju show-user alice
This will display the user’s username, display name (if available), access level, creation date, and last connection time, in a YAML format.
Expand to see a sample output for user 'admin'
user-name: admin
display-name: admin
access: superuser
date-created: 8 minutes ago
last-connection: just now
See more:
juju show-user
The terraform juju
client does not support this. Please use the juju
client.
To view details about a specific user, on a connected Controller, use the get_user()
method to retrieve a User object that encapsulates everything about that user. Using that object, you can access all the details (via the object properties) for that user.
user_object = await my_controller.get_user("alice")
# Then we can access all the properties to view details
print(user_object.display_name)
print(user_object.access)
print(user_object.date_created)
print(user_object.last_connection)
See more:
get_user()
, User (module)
View details about the current user
To see details about the current user, run the whoami
command:
juju whoami
This will print the current controller, model, and user username.
Expand to see a sample output
Controller: microk8s-controller
Model: <no-current-model>
User: admin
See more:
juju whoami
The terraform juju
client does not support this. Please use the juju
client.
To see details about the current user, on a connected Controller, use the get_current_user()
method to retrieve a User object that encapsulates everything about the current user. Using that object, you can access all the details (via the object properties) for that user.
user_object = await my_controller.get_current_user()
# Then we can access all the properties to view details
print(user_object.display_name)
print(user_object.access)
print(user_object.date_created)
print(user_object.last_connection)
See more:
get_current_user()
, User (module)
Manage a user’s access level
See also: User access levels
The procedure for how to control a user’s access level depends on whether you want to grant access at the level of the controller, model, application, or application offer or rather at the level of a cloud.
This division doesn’t currently align perfectly with the scope hierarchy, which is rather controller > cloud > model > application > offer (because the cloud scope is designed as a restriction on the controller scope for cases where multiple clouds are managed via the same controller).
Manage user access at the controller, model, application, or offer level
Grant access. To grant a user access at the controller, model, application, or offer level, run the grant
command, specifying the user, applicable desired access level, and the target controller, model, application, or offer. For example:
juju grant jim write mymodel
The command also has a flag that allows you to specify a different controller to operate in.
See more:
juju grant
Revoke access. To revoke a user’s access at the controller, model, application, or offer level, run the revoke
command, specifying the user, access level to be revoked, and the controller, model, application, or offer to be revoked from. For example:
juju revoke joe read mymodel
The command also has a flag that allows you to specify a different controller to operate in.
See more:
juju revoke
## Manage user access at the cloud level
Grant access. To grant a user’s access at the cloud level, run the grant-cloud
command followed by the name of the user, the access level, and the name of the cloud. For example:
juju grant-cloud joe add-model fluffy
See more:
juju grant-cloud
Revoke access. To revoke a user’s access at the cloud level, run the revoke-cloud
command followed by the name of the user, the access level to be revoked, and the name of the cloud. For example:
juju revoke-cloud joe add-model fluffy
See more:
juju revoke-cloud
With the terraform juju
client you can manage user access only at the model level; for anything else, please use the juju
client.
To grant a user access to a model, in your Terraform plan add a juju_access_model
resource, specifying the model, the access level, and the user(s) to which you want to grant access. For example:
resource "juju_access_model" "this" {
model = juju_model.dev.name
access = "write"
users = [juju_user.dev.name, juju_user.qa.name]
}
See more:
juju_access_model
To manage a user’s access to a controller, a model, or an offer, on a User object, use the grant()
and revoke()
methods to grant or revoke a certain access level to a user.
# grant a superuser access to the controller (that the user is on)
await user_object.grant('superuser')
# grant user the access to see a model
await user_object.grant("read", model_name="test-model")
# revoke ‘read’ (and ‘write’) access from user for application offer ‘fred/prod.hosted-mysql’:
await user_object.revoke("read", offer_url="fred/prod.hosted-mysql")
See more:
grant()
,revoke()
, User (module)
Manager a user’s login details
Set a password. The procedure for how to set a password depends on whether you are the controller creator or rather some other user.
- To set a password as a controller creator user (‘admin’), run the
change-user-password
command, optionally followed by your username, ‘admin’.
juju change-user-password
This will prompt you to type, and then re-type, your desired password.
See more:
juju change-user-password
- To set a password as a non-controller-creator user, follow the prompt you get when registering the controller via the
register
command.
See more: How to register a controller
Change a password. To change the current user’s password, run the change-user-password
command:
juju change-user-password
This will prompt you to type, and then re-type, your desired password.
The command also allows an optional username argument, and flags, allowing an admin to change / reset the password for another user.
See more:
juju change-user-password
To set or change a user’s password, in your Terraform plan add, in the relevant juju_user
resource definition, change the password
attribute to the desired value. For example:
resource "juju_user" "alex" {
name = "alex"
password = "alexnewsupersecretpassword"
}
See more:
juju_user
To set or change a user’s password, on a User object, use the set_password()
method.
await user_object.set_password('123')
See more:
set_password()
, User (module)
Manage a user’s login status
Log in.
If you’re the controller creator:
You’ve already been logged in as the admin
user. To verify, run juju whoami
or juju show-user admin
; to set a password, run juju change-user-password
to set a password; to log out, run juju logout
.
If you’ve just registered an external controller with your client (via juju register
):
You’re already logged in. Run juju whoami
or juju show-user <username>
to view your user details.
To log in as a user on the current controller, run the login
command, using the -u
flag to specify the user you want to log in as. For example:
juju login -u alice
This will prompt you to enter the password.
The command also has flags that allow you to specify a controller, etc.
See more:
juju login
Log out.
If you’re the controller creator, and you haven’t set a password yet:
You will be prompted to set a password. Make sure to set it before logging out.
To log a user out of the current controller, run the logout
command:
juju logout
See more:
juju logout
The terraform juju
client does not support this. Please use the juju
client.
The python-libjuju
client does not currently support this. Please use the juju
client.
Manage a user’s enabled status
To disable a user on the current controller, run the disable-user
command followed by the name of the user. For example:
juju disable-user mike
See more:
juju disable-user
To view disabled users in the output of juju users
: Use the --all
flag.
To re-enable a disabled user on a controller, run the enable-user
command followed by the name of the user. For example:
juju enable-user mike
See more:
juju enable-user
The terraform juju
client does not support this. Please use the juju
client.
To enable or disable a user, on a User object, use the enable()
and disable()
methods.
await user_object.enable()
await user_object.disable()
You can also check if a user is enabled or disabled using the enabled
and disabled
properties on the Unit object.
# re-enable a disabled user
if user_object.disabled:
await user_object.enable()
See more:
enable()
,disable()
, User (module)
Remove a user
To remove a user from the current controller, run the remove-user
command followed by the name of the user. For example:
juju remove-user bob
This will prompt you to confirm, and then proceed to remove.
The command also has flags that allow you to specify a different controller, skip the confirmation, etc.
See more:
juju remove-user
To remove a user, in your Terraform plan remove its resource definition.
See more:
juju_user
(resource)
To remove a user, on a connected Controller object, use the remove_user()
method.
await my_controller.remove_user("bob")
See more:
remove_user()
, User (module)
Contributors: @cderici, @hmlanigan, @pedroleaoc, @pmatulis, @timclicks, @tmihoc