In recent years, the concepts of Artificial Intelligence (AI) and Machine Learning (ML)...
3.1.7 Using the IRP management tool for token management
- Addition: This feature enables the generation of new GMI tokens. It’s useful when new instances need to be registered or additional access needs to be granted.
- Modification: This allows for adjustments to be made to existing GMI tokens. Modifications can include changes to the token’s privilege level or its active state, accommodating evolving security requirements or operational changes.
- Deletion: To maintain optimal security and organization, outdated or unnecessary GMI tokens can be removed from the system. Regularly pruning tokens reduces potential attack vectors and keeps the token inventory manageable.
- Viewing: Users have the capability to inspect the details of existing GMI tokens. Information such as token short names, privilege levels, associated GMI UIDs, and the last access timestamp can be reviewed. This is crucial for auditing and tracking token usage.
The general syntax for executing commands related to GMI token management using the Irpmng module is as follows:
# irpmng gmi <command> <options> COMMAND: add - Adds a new token with specified parameters del - Provides delete operation list - List all existing tokens and their properties set - Patches specific token properties for the given GMI UID show - Displays a token in vertically formatted form for the given GMI UID help - print help information OPTIONS: -t, --token <token> - Desired token value -s, --shortname <shortname> - Desired token shortname -u, --uid <gmi_uid> - GMI unique identifier (UID) -a, --admin <admin> - Token administrative privileges [possible values: true, false] -e, --enabled <enabled> - Token status enabled or disabled [possible values: true, false]
# irpmng gmi add --token <TOKEN> --admin=true --uid <GMIUID> GMI token IRP[1] has been added as: Admin, Enabled Write down the token value as it cannot be retrieved later: ef4c474e3d0676d0de0fb584d3e9bc87784285483df9094d75bb555e6c82f093
Remove a GMI token: #
# irpmng gmi del <GMIUID> NOTE: The operation is irreversible. GMI token removal will remove all the user tokens created by that GMI instance Do you want to delete token IRP[1] (Y/n)? GMI token IRP[1] has been deleted
# irpmng gmi show <GMIUID> Id: 1 Rights: Admin State: Enabled Last access time: - Shortname: IRP GMI UID: d5b457501d230523a8a466babeb8d67a
List GMI tokens: #
# irpmng gmi list Id | Rights | State | Last access time | Shortname 1 | Admin | Enabled | 2024-03-05 14:58:50 | IRP-America 2 | User | Disabled | | IRP-Europe
Set a GMI token: #
# irpmng gmi set <GMIUID> --admin false --enabled false GMI token IRP[1] has been changed admin rights revoked state changed to disabled