Module: Conjur::ActsAsUser

Includes:

ActsAsRole

Included in:

Deputy, User

Defined in:

lib/conjur/acts_as_user.rb

Overview

This module provides methods for things that are like users (specifically, those that have api keys).

Instance Method Summary

• #api ⇒ Conjur::API

  Create an api logged in as this user-like thing.

• #api_key ⇒ String

  Returns a newly created user’s api_key.

• #rotate_api_key ⇒ String

  Rotate this user’s API key.

• #set_cidr_restrictions(networks) ⇒ Object

  Set login network restrictions for the user.

Methods included from ActsAsRole

#can, #cannot, #role, #role_kind, #roleid

Instance Method Details

#api ⇒ Conjur::API

Note:

As with #api_key, this method only works on newly created instances.

Create an api logged in as this user-like thing.

Returns:

• (Conjur::API) —

  an api logged in as this user-like thing.

See Also:

• #api_key

# File 'lib/conjur/acts_as_user.rb', line 43

def api
  Conjur::API.new_from_key login, api_key
end

#api_key ⇒ String

Note:

this method can only be called on newly created user-like things (those returned from, for example,) Conjur::API#create_user.

Returns a newly created user’s api_key.

Returns:

• (String) —

  the api key

Raises:

• (Exception) —

  when the object isn’t newly created.

# File 'lib/conjur/acts_as_user.rb', line 34

def api_key
  attributes['api_key'] or raise "api_key is only available on a newly created #{self.class.name.downcase}"
end

#rotate_api_key ⇒ String

Note:

You will not be able to access the API key returned by this method later, so you should probably hang onto it it.

Note:

You cannot rotate your own API key with this method. To do so, use Conjur::API.rotate_api_key

Note:

This feature requires a Conjur appliance running version 4.6 or higher.

Rotate this user’s API key. You must have update permission on the user to do so.

Returns:

• (String) —

  the new API key for this user.

# File 'lib/conjur/acts_as_user.rb', line 57

def rotate_api_key
  path = "users/api_key?id=#{fully_escape login}"
  RestClient::Resource.new(Conjur::Authn::API.host, options)[path].put('').body
end

#set_cidr_restrictions(networks) ⇒ Object

Set login network restrictions for the user.

Parameters:

• networks (Array<String, IPAddr>) —

  which allow logging in. Set to empty to remove restrictions

# File 'lib/conjur/acts_as_user.rb', line 65

def set_cidr_restrictions networks
  authn_user = RestClient::Resource.new(Conjur::Authn::API.host, options)\
      ["users?id=#{fully_escape login}"]

  # we need use JSON here to be able to PUT an empty array
  params = { cidr: [*networks].map(&CIDR.method(:validate)).map(&:to_s) }
  authn_user.put params.to_json, content_type: :json
end