Below are some common operational tasks for managing the Deis platform.
There are two classes of Deis users: normal users and administrators.
The first user created on a Deis installation is automatically an administrator.
You can use the
deis perms command to promote a user to an administrator:
$ deis perms:create john --admin
You can disable user registration for everybody except admins:
$ deisctl config controller set registrationMode="admin_only"
If you want to entirely disable user registration:
$ deisctl config controller set registrationMode="disabled"
The controller API uses a simple token-based HTTP Authentication scheme. Token authentication is appropriate for client-server setups, such as native desktop and mobile clients. Each user of the platform is issued a token the first time that they sign up on the platform. If this token is compromised, it will need to be regenerated.
A user can regenerate their own token like this:
$ deis auth:regenerate
An administrator can also regenerate the token of another user like this:
$ deis auth:regenerate -u test-user
At this point, the user will no longer be able to authenticate against the controller with his auth token:
$ deis apps 401 UNAUTHORIZED Detail: Invalid token
They will need to log back in to use their new auth token.
If there is a cluster wide security breach, an administrator can regenerate everybody’s auth token like this:
$ deis auth:regenerate --all=true