Prerequisites (if applicable)
- TFE FDO v202309-1 and above
- Kubernetes FDO deployment
Use Case
Before enabling SSO in TFE, It is recommended to create a non-SSO local admin account that can be used to log in or recover if access via SSO is lost. This article will cover how to access the Rails console to create a local user within the new Terraform Enterprise (TFE) Flexible Deployment Option (FDO) Kubernetes deployment.
SIDE NOTE: The email address assigned to this user should not be one that will be used for SAML.
Procedure
Authenticate to the Kubernetes cluster by executing the relevant command.
az aks get-credentials --resource-group <resource-group-name> --name <aks-cluster-name>
Retrieve the pod name by executing the following command.
kubectl get pods -n <namespace>
Execute the following command to remote into the pod
kubectl exec -n <namespace> -it <pod-name> -- bash
Connect to the internal Rails console
tfectl support console
Create a user via Rails console, assigning it to the u variable:
u = User.create!(email: "example@email.com", username: "example", password: "example", is_admin: true)Confirm the user, otherwise, Terraform Enterprise will request email confirmation:
u.confirm u.save
Add a user to the owner's team of an organization via Rails console:
Organization.find_by_name("your-org").add_owner!(u)Once the user is an admin and an owner of the org, it can be used to log into the TFE instance without SSO. Then, SSO can be disabled to allow for general access to the system.
Additional Information
- For additional assistance please contact HashiCorp Support to request additional assistance