{"id":15157396,"url":"https://github.com/mozilla-services/userplex","last_synced_at":"2025-09-30T07:30:32.981Z","repository":{"id":43094264,"uuid":"44342229","full_name":"mozilla-services/userplex","owner":"mozilla-services","description":"DEPRECATED - Propagate users from Mozilla's Person API to third party systems.","archived":true,"fork":false,"pushed_at":"2022-03-31T00:13:58.000Z","size":67009,"stargazers_count":40,"open_issues_count":0,"forks_count":10,"subscribers_count":27,"default_branch":"master","last_synced_at":"2024-12-27T09:28:43.421Z","etag":null,"topics":["abandoned","aws","iam","mozilla","puppet","unmaintained"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mozilla-services.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-10-15T20:04:26.000Z","updated_at":"2024-01-22T23:40:58.000Z","dependencies_parsed_at":"2022-07-22T06:18:00.615Z","dependency_job_id":null,"html_url":"https://github.com/mozilla-services/userplex","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mozilla-services%2Fuserplex","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mozilla-services%2Fuserplex/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mozilla-services%2Fuserplex/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mozilla-services%2Fuserplex/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mozilla-services","download_url":"https://codeload.github.com/mozilla-services/userplex/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234712802,"owners_count":18875516,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abandoned","aws","iam","mozilla","puppet","unmaintained"],"created_at":"2024-09-26T20:00:49.314Z","updated_at":"2025-09-30T07:30:32.635Z","avatar_url":"https://github.com/mozilla-services.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Userplex [![GoDoc](https://godoc.org/go.mozilla.org/userplex?status.svg)](https://godoc.org/go.mozilla.org/userplex) [![Build Status](https://travis-ci.org/mozilla-services/userplex.svg)](https://travis-ci.org/mozilla-services/userplex)\n\nPropagate users from Mozilla's [Person API](https://github.com/mozilla-iam/cis/blob/master/docs/PersonAPI.md) to third party systems.\n\n## Installation\n\nIf you have Go v1.13+ installed, you can install userplex by running:\n\n```bash\n$ go get go.mozilla.org/userplex\n```\n\nOtherwise, you can get a binary from the [releases section](https://github.com/mozilla-services/userplex/releases).\n\n## Configuration\n\nThere is an example configuration file in the repo at [`config.yaml`](https://github.com/mozilla-services/userplex/blob/master/config.yaml)\n\n```yaml\n# Configuration for using Mozilla's Person API\n# https://github.com/mozilla-iam/cis/blob/master/docs/PersonAPI.md\nperson:\n  person_client_id: \"client_id\"\n  person_client_secret: \"client_secret\"\n  person_base_url: \"https://person_url.com\"\n  person_auth0_url: \"https://auth0.com\"\n\n# Configuration for sending notifications. Will only be used\n# if the module block has `notify_new_users` set to `true`.\nnotifications:\n    email:\n        # your smtp relay may require authentication (AWS SES does), so make\n        # sure to set the parameters below to an authorized sender\n        host: \"email-smtp.us-east-1.amazonaws.com\"\n        port: 587\n        from: \"myauthorizedsender@example.net\"\n        cc:   \"bob.kelso@gmail.com\"\n        replyto: \"Something \u003csomething@example.com\u003e\"\n        auth:\n            user: \"AKIAI3TZL\"\n            pass: \"AoXAy......\"\n\n\n# AWS Module configuration section.\n#\n# You may have multiple AWS accounts configured and all will\n# be operated on. The way to give different permissions based\n# on the account is to use the `group_mapping` to give\n# different ldap groups different AWS groups. As well, if you do\n# not have a `default` in `group_mapping`, a user without a\n# matching group will just get ignored.\naws:\n  - account_name: \"myawsaccount\"\n    notify_new_users: true\n    ignore_usernames:\n      - legacy_user\n    credentials:\n        # if blank, will use the default aws credential flow\n        access_key: AKIAnnnn\n        secret_key: XXXXXXX\n    # Used to translate ldap usernames into \"local usernames\"\n    # which will be used as the username in AWS (or which ever\n    # module they are present in)\n    username_map:\n      - ldap_username: bkelso\n        local_username: bob\n      - ldap_username: tanderson\n        local_username: neo\n    group_mapping:\n      - ldap_group: \"sysadmins\"\n        iam_groups:\n          - ldapmanaged\n          - admin\n      - ldap_group: \"developers\"\n        iam_groups:\n          - ldapmanaged\n          - dev_only\n      - default: true\n        iam_groups:\n          - ldapmanaged\n\n# Authorized Keys Module configuration section.\n#\n# As with the AWS Module section, you can have multiple\n# authorized keys paths configured. The core\n# configuration here is the list of allowed `ldap_groups`\n# and how the `path` is setup. You can use `{username}`\n# or `{env:\u003cENV_VAR\u003e}` within the path.\nauthorized_keys:\n    - name: all_authorizedkeys\n      # Used to translate ldap usernames into \"local usernames\"\n      # which will be used as the username in authorized keys\n      # (or which ever module they are present in)\n      username_map:\n        - ldap_username: bkelso\n          local_username: bob\n        - ldap_username: tanderson\n          local_username: neo\n      ldap_groups:\n        - sysadmins\n        - developers\n        - devssh\n      # {username} will be replaced with the primary username for the user being created\n      path: /data/puppet/modules/users/files/{username}/.ssh/authorized_keys\n      # {env:ROOT_DIR} will be replaced with the env var $ROOT_DIR\n      # path: /data/puppet/modules/users/files/{env:ROOT_DIR}/.ssh/authorized_keys\n\n    - name: root_authorizedkeys\n      ldap_groups:\n        - sysadmins\n      # Used to translate ldap usernames into \"local usernames\"\n      # which will be used as the username in authorized keys\n      # (or which ever module they are present in)\n      username_map:\n        - ldap_username: tanderson\n          local_username: neo\n      path: /data/puppet/modules/users/files/root/.ssh/authorized_keys\n```\n\n## Usage\n\n```\nNAME:\n   userplex - Propagate users from Mozilla's Person API to third party systems.\n\nUSAGE:\n   userplex [global options] command [command options] [arguments...]\n\nVERSION:\n   v1.0.0\n\nAUTHORS:\n   AJ Bahnken \u003cajvb@mozilla.com\u003e\n   Julien Vehent \u003cjvehent@mozilla.com\u003e\n\nCOMMANDS:\n   aws             Operations within AWS\n   authorizedkeys  Operations within authorizedkeys files\n   get-person      Get Person from Person API. Useful for finding the correct identifier\n   help, h         Shows a list of commands or help for one command\n\nGLOBAL OPTIONS:\n   --config value, -c value  Path to userplex config file [$USERPLEX_CONFIG_PATH]\n   --help, -h                show help\n   --version, -v             print the version\n```\n\n#### AWS Usage\n\n```\n$ userplex -c config-encrypted.yaml aws help\nNAME:\n   userplex aws - Operations within AWS\n\nUSAGE:\n   userplex aws [global options] command [command options] [arguments...]\n\nVERSION:\n   v1.0.0\n\nCOMMANDS:\n   create  Create user\n   reset   Reset user credentials\n   delete  Delete user\n   sync    Run sync operation\n   verify  Verify users against Person API. Outputs report, use `sync` to fix discrepancies.\n\nGLOBAL OPTIONS:\n   --help, -h  show help\n\n$ userplex -c config-encrypted.yaml aws create example-user@mozilla.com\nINFO[0001] aws \"example-aws-account\": user \"example-user\" not found, needs to be created\nNotify new users disabled, printing output.\nCreated new user: example-user\n....\n\n$ userplex -c config-encrypted.yaml aws delete example-user@mozilla.com\nINFO[0002] aws \"example-aws-account\": deleted user \"example-user\"\n\n$ userplex -c config-encrypted.yaml aws verify\nUsers not in LDAP:\n  * test-user\n\n$ userplex -c config-encrypted.yaml aws sync\nUsers not in LDAP:\n  * test-user\nWould you like to remove these users from the example-aws-account AWS account?\n  * test-user\n(y/n): y\n```\n\n#### Authorized Keys Usage\n\n```\n$ userplex -c config-encrypted.yaml authorizedkeys help\nNAME:\n   userplex authorizedkeys - Operations within authorizedkeys files\n\nUSAGE:\n   userplex authorizedkeys [global options] command [command options] [arguments...]\n\nVERSION:\n   v1.0.0\n\nCOMMANDS:\n   create  Create user\n   reset   Reset user credentials\n   delete  Delete user\n   sync    Run sync operation\n   verify  Verify users against Person API. Outputs report, use `sync` to fix discrepancies.\n\nGLOBAL OPTIONS:\n   --help, -h  show help\n\n$ userplex -c config-encrypted.yaml authorizedkeys create example-user@mozilla.com\nINFO[0000] Adding user example-user to /puppet/userplex-testing/ak/example-user/.ssh/authorized_keys\nINFO[0000] creating \"/puppet/userplex-testing/ak/example-user/.ssh/authorized_keys\"\nINFO[0000] 1 keys written into \"/puppet/userplex-testing/ak/example-user/.ssh/authorized_keys\"\nINFO[0000] Adding user example-user to /puppet/userplex-testing/ak/root/.ssh/authorized_keys\nINFO[0000] creating \"/puppet/userplex-testing/ak/root/.ssh/authorized_keys\"\nINFO[0000] 1 keys written into \"/puppet/userplex-testing/ak/root/.ssh/authorized_keys\"\n\n$ cat /puppet/userplex-testing/ak/example-user/.ssh/authorized_keys\nssh-rsa AAAAB3.... example-user@mozilla\n\n$ userplex -c config-encrypted.yaml authorizedkeys delete example-user@mozilla.com\nINFO[0000] removing \"/puppet/userplex-testing/ak/example-user/.ssh/authorized_keys\"\nINFO[0000] removing \"/puppet/userplex-testing/ak/root/.ssh/authorized_keys\"\n\n$ cat /puppet/userplex-testing/ak/example-user/.ssh/authorized_keys\ncat: /puppet/userplex-testing/ak/example-user/.ssh/authorized_keys: No such file or directory\n\n```\n\n\n## License\nMozilla Public License 2.0\n\n## Authors\n  * AJ Bahnken \u003cajvb@mozilla.com\u003e\n  * Julien Vehent \u003culfr@mozilla.com\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmozilla-services%2Fuserplex","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmozilla-services%2Fuserplex","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmozilla-services%2Fuserplex/lists"}