For example, to create a new team that authorizes the local
foo user, you would run:
fly -t example set-team --team-name my-team \ --local-user foo
Note that each time
set-team is run, the team's authorization config is set as a whole - it is not a stateful operation.
There are many different ways to configure team auth; see Configuring Auth for more information.
Once the team has been created, you can use
fly login to log in:
$ fly -t example login -n my-team
Any newly configured pipelines (via
fly set-pipeline) and one-off builds (via
fly execute) will be owned by the authorized team. Commands that list content will be scoped to the current team by default, such as
fly pipelines and
fly builds. The web UI will reflect the same state.
Newly configured pipelines are hidden by default, meaning other teams and unauthorized visitors cannot view them. To make them publicly viewable, see Pipeline & Build Visibility.
By default, authorization config passed to
set-team configures the
More advanced roles configuration can be specified through the
-c flag expects a
.yml file with a single field,
roles:, pointing to a list of role authorization configs.
All of the attributes in each config will vary by provider. Consult the appropriate section for your provider under Configuring Auth for specifics.
For example, the following config sets three roles with different auth config for each role's provider:
roles: - name: owner github: users: ["admin"] - name: member github: teams: ["org:team"] - name: viewer github: orgs: ["org"] local: users: ["visitor"]
To list all users that have logged into your instance in the last two months, run:
$ fly -t example active-users
The output will include the username, connector (which method they used to authenticate) and the date of their last login.
You can list users whose last login was within a different range by using:
$ fly -t example active-users --since yyyy-MM-dd
This can be helpful to get a sense of how active your cluster is.
To list all the teams, run:
$ fly -t example teams
This can be useful if you've forgotten your team name.
fly teams -d: With Details
To list all the teams with authentication details and members, run:
$ fly -t example teams -d
This can be helpful when debugging OAuth, OIDC groups or listing all individual members.
To rename a team, run:
$ fly -t example rename-team --old-name my-team --new-name cool-team
This can only be run by the
To remove a team, including all of its pipelines and one-off builds, first log in as the
main team, and then run:
$ fly -t example destroy-team --team-name my-team
Currently, if there were any workers assigned specifically to this team, they'll be orphaned, without having their containers or volumes cleaned up.