Page tree

 

As of Release 6.4, the Trifacta command line interface tools have been deprecated. You must migrate your usage of the CLI to use the REST APIs. This content is valid as of Release 6.0.2. It is intended to assist in the migration. For more information, see CLI Migration to APIs.

Contents:


NOTE: This feature requires developer-level skills to enable and use.

The Command Line Interface for User Administration enables administrators to perform bulk user management tasks on the platform. You can use the CLI to manage the following tasks:

  • Create, edit, or delete users.
  • Enable or disable an existing users.
  • Retrieve individual or all user profiles, including any security details.
  • Password reset.

Command Reference

The CLI tools are stored in the following directory:

/opt/trifacta/bin/

For creating or managing users, specify parameters for the following:

./trifacta_admin_cli.py --admin_username <trifacta_admin_username> 
--admin_password <trifacta_admin_password>  --verbose create_user 
--user_name joe@example.com --password user_pwd 
--name "<user_display_name>"

Parameters

ParameterDescriptionApplicable CLI Commands
admin_username

Username of the admin account to be used to execute the user admin command. Please specify the full username.

NOTE: If Single Sign On is enabled, you must specify your SSO credentials here instead. See below.

All
admin_password

Password of the admin account.

NOTE: If Single Sign On is enabled, you must specify your SSO credentials here instead. See below.

NOTE: If you have enabled Kerberos-based access to the Trifacta platform, you do not need to provide a password. To enable, additional configuration is required. See Configure for Kerberos Integration.

NOTE: Passwords can be stored in an external file, which is automatically checked during script execute. See CLI Config File.

All
verbose

Generate verbose output.

NOTE: This parameter is required.

All
admin_command_typeThe type of CLI command to execute. Accepted values:

  • create_user - Create a new user account with the specified credentials.
  • show_user - Retrieve account information for the specified user account.
  • edit_user - Modify the specified user account.
  • get_password_reset_url - Generate a password reset URL for a specified user.
  • delete_user - Delete the specified user account.
See Examples below.
All
host

(Optional) The server and port number of the Trifacta® instance. By default, this value is set to http://localhost:3005. Specify a new value if needed.

NOTE: When SSO is enabled, you must specify this value to point to the Apache server port where the Trifacta node authentication gateway listens. When running the CLI on the Trifacta node, this value is typically the following:

https://localhost:2443

See below.

NOTE: In some environments, the http:// or https:// protocol identifier may be required as part of the host value.

 All
user_name

Username of the account to be modified. This value is the user ID. It must resolve to a valid, accessible email address. Some features of the platform fail to work correctly with invalid email addresses.

NOTE: In the response, this value is listed as email .

All
password

Password of the account to be modified. 

NOTE: If you have enabled Kerberos-based access to the Trifacta platform, you do not need to provide a password. To enable, additional configuration is required. See Configure for Kerberos Integration.

All
name

Display name for the user.

NOTE: This parameter is required.

create_user and edit_user if making changes to this parameter.
disable_ssl_certification

(Optional) When communicating over HTTPS, this setting can be used to override the default behavior of validating the server certificate before executing the command.

NOTE: If you have stored a self-signed certificate on the Trifacta node, please set the REQUESTS_CA_BUNDLE environment variable to point to the directory that contains the trusted server's certificate(s). The CLI will verify against these certs. In this case, the disable_ssl_certificate parameter is not needed.

All
disable(Optional) Put the user in a disabled state.create_user and edit_user
enable(Optional) Put the user in an enabled state. Default is to enable the user.create_user and edit_user
transfer_assets_to

(Optional) When deleting a user, you can optionally transfer all of the user's assets to another user.

NOTE: Assets cannot be transferred to another user before or after the user deletion command. If assets are not transferred, they remain unowned in the system and are not removed from any form of storage.

delete_user

For documentation on the CLI parameters, run:

./trifacta_admin_cli.py --help

Config file

You can store Trifacta platform username and password information in an external file. See CLI Config File.

User account properties

The following user account properties are exposed through the command line:

PropertyDescriptionEditable through CLI?
--hadoopPrincipalHadoop principal value that is used to connect to the cluster. This setting applies only when secure impersonation is enabled.Y
--outputHomeDirThe output home directory for the user. By default, the results of each job executed by the user are generated in a sub-directory within this one.Y
--nameThe display name for the user.Y
--isDisabledWhen set to True, the user account is disabled and cannot be used to login to the application.Y
--emailThe email address associated with the user account. The email address is also the userID for the account.Y
--ssoPrincipalThe SSO principal value associated with the user account. This value only applies to environments that are integrated with an enterprise Single Sign On solution.Y
--enableAdminWhen set to True, this user account is a system administrator account. You should limit the number of accounts that have system administrator access.Y
--disableAdminWhen set to True, this user account is not a system administrator account. You should limit the number of accounts that have system administrator access.Y
--lastLoginTimeThe timestamp of when the user account was most recently used to login to the application.N

Examples

User Admin under SSO

If you are in an SSO environment, the following properties require special values to properly authenticate with AD/LDAP. All values are required:

PropertyDescription
admin_username

Use the SSO username for the platform admin user issuing the command.

NOTE: In an SSO environment, the default admin user account for the Trifacta platform does not work. The issuing user must be an SSO user that has been promoted to admin within the Trifacta platform.

admin_passwordUse the password associated with the SSO username.
host

This value must point to the SSO gateway on the Trifacta node and must include the port number. If you are running the CLI on the Trifacta node, use the following:

https://localhost:2443

For more information, see Configure SSO for AD-LDAP.

ssoPrincipalIn SSO environments, this parameter is required. It must be set to the SSO principal value associated with the user that is being modified.


Create user

Command

Example (all one command):

./trifacta_admin_cli.py --admin_username <trifacta_admin_user> --admin_password <trifacta_admin_password> 
create_user --user_name joe@example.com --password Hello2U --name Joe

Notes

  • Add --disable parameter to create the user in a disabled state.

Output

Create user joe@example.com
Account information for joe@example.com
  hadoopPrincipal: None
  outputHomeDir: /trifacta/queryResults/joe@example.com
  name: Joe
  isDisabled: False
  email: joe@example.com
  ssoPrincipal: None
  enableAdmin: False
  lastLoginTime: None

Show user

Command

Example (all one command):

./trifacta_admin_cli.py --admin_username <trifacta_admin_user> --admin_password <trifacta_admin_password> 
show_user --user_name joe@example.com 

Output

Show user joe@example.com 
Account information for joe@example.com
  hadoopPrincipal: None
  outputHomeDir: /trifacta/queryResults/joe@example.com
  name: Joe
  isDisabled: False
  email: joe@example.com
  ssoPrincipal: None
  enableAdmin: False
  lastLoginTime: None

Edit user

Command

The following command changes the Single Sign On principal for the user to a new value. The values for other user account settings found in the response below can be inserted in the command to modify those settings.

Example (all one command):

./trifacta_admin_cli.py --admin_username <trifacta_admin_user> --admin_password <trifacta_admin_password> 
edit_user --user_name joe@example.com --ssoPrincipal sso_principal 

Output

Edit user joe@example.com
Account information for joe@example.com
  hadoopPrincipal: None
  outputHomeDir: /trifacta/queryResults/joe@example.com
  name: Joe
  isDisabled: True
  email: joe@example.com
  ssoPrincipal: sso_principal
  enableAdmin: False
  lastLoginTime: None

Generate password reset URL

Command

The following command generates a URL for a specified user that enables the user to reset his or her account password. 

NOTE: The script returns with a URL containing the hostname with which it was invoked. You should invoke the script with a fully qualified domain name. If returned hostname is not accessible to the designated user, then the hostname must be replaced prior to passing the URL to the user for execution.

Example (all one command):

./trifacta_admin_cli.py --admin_username <trifacta_admin_user> --admin_password <trifacta_admin_password> 
get_password_reset_url --user_name joe@example.com 

Output

Generating password reset url for user joe@example.com
Reset url:http://localhost:3005/password-reset?email=joe@example.com&code=CD44232791

Disable user

Command

The following command disables the specified user. Disabled users can no longer login to the application and cannot execute any jobs or commands at the command line.

Example (all one command):

./trifacta_admin_cli.py --admin_username <trifacta_admin_user> --admin_password <trifacta_admin_password> 
edit_user --user_name joe@example.com --disable 

Output

Edit user joe@example.com
Account information for joe@example.com
  hadoopPrincipal: None
  outputHomeDir: /trifacta/queryResults/joe@example.com
  name: Joe
  isDisabled: True
  email: joe@example.com
  ssoPrincipal: None
  enableAdmin: False
  lastLoginTime: None

Delete user

Command

Delete the user joe@example.com and transfer his assets to jim@example.com.

NOTE: The transfer of the deleted user's assets is optional. If it is invoked, the user to whom the assets are assigned must have matching permissions on the datastores where the imported datasets are located.

If it is not invoked, the assets remain on the datastore and cannot be managed through the Trifacta platform until someone creates imported datasets from the files or directories.

 

Example (all one command):

./trifacta_admin_cli.py --admin_username <trifacta_admin_user> --admin_password <trifacta_admin_password> 
delete_user --user_name joe@example.com --transfer_assets_to jim@example.com

Output

Delete user joe@example.com
Transferring assets from joe@example.com to jim@example.com

Troubleshooting

Exceeded 30 redirects when executing Admin CLI in SSO mode

If you are executing the Admin CLI in SSO mode on the localhost, you may receive the following error message to standard output:

Exceeded 30 redirects

Solution:

This problem occurs when the CLI is run against the application, instead of the gateway proxy. Please insert the host of the gateway proxy for the host parameter, instead of the host of the application.

 

This page has no comments.