Module: Conjur::ActsAsUser
Overview
This module provides methods for things that are like users (specifically, those that have api keys).
Instance Method Summary collapse
-
#api ⇒ Conjur::API
Create an api logged in as this user-like thing.
-
#api_key ⇒ String
Returns a newly created user's api_key.
-
#rotate_api_key ⇒ String
Rotate this user's API key.
-
#set_cidr_restrictions(networks) ⇒ Object
Set login network restrictions for the user.
Methods included from ActsAsRole
#can, #cannot, #role, #role_kind, #roleid
Instance Method Details
#api ⇒ Conjur::API
As with #api_key, this method only works on newly created instances.
Create an api logged in as this user-like thing.
43 44 45 |
# File 'lib/conjur/acts_as_user.rb', line 43 def api Conjur::API.new_from_key login, api_key end |
#api_key ⇒ String
this method can only be called on newly created user-like things (those returned from, for example,) Conjur::API#create_user.
Returns a newly created user's api_key.
34 35 36 |
# File 'lib/conjur/acts_as_user.rb', line 34 def api_key attributes['api_key'] or raise "api_key is only available on a newly created #{self.class.name.downcase}" end |
#rotate_api_key ⇒ String
You will not be able to access the API key returned by this method later, so you should probably hang onto it it.
You cannot rotate your own API key with this method. To do so, use Conjur::API.rotate_api_key
This feature requires a Conjur appliance running version 4.6 or higher.
Rotate this user's API key. You must have update
permission on the user to do so.
57 58 59 60 |
# File 'lib/conjur/acts_as_user.rb', line 57 def rotate_api_key path = "users/api_key?id=#{fully_escape login}" RestClient::Resource.new(Conjur::Authn::API.host, )[path].put('').body end |
#set_cidr_restrictions(networks) ⇒ Object
Set login network restrictions for the user.
65 66 67 68 69 70 71 72 |
# File 'lib/conjur/acts_as_user.rb', line 65 def set_cidr_restrictions networks authn_user = RestClient::Resource.new(Conjur::Authn::API.host, )\ ["users?id=#{fully_escape login}"] # we need use JSON here to be able to PUT an empty array params = { cidr: [*networks].map(&CIDR.method(:validate)).map(&:to_s) } authn_user.put params.to_json, content_type: :json end |