Class: Conjur::Group

Inherits:

RestClient::Resource

• Object
• RestClient::Resource
• Conjur::Group

Includes:

ActsAsAsset, ActsAsRole

Defined in:

lib/conjur/group.rb

Overview

A Conjur Group represents a collection of Conjur Users. This class represents Conjur group assets and operations on them.

You should not create instances of this class directly. Instead, you can get them from API methods like API#group and API#groups.

Instance Method Summary

• #add_member(member, options = {})

  Add a user to the group or change whether an existing member can manage other members.

• #remove_member(member)

  Remove a member from this group.

• #update(props)

  Update group properties.

Methods included from ActsAsRole

#can, #cannot, #role, #role_kind, #roleid

Methods included from HasAttributes

#attributes, #invalidate, #refresh, #save, #to_json

Methods included from ActsAsResource

#deny, #permit, #resource, #resource_kind, #resourceid

Methods included from HasOwner

#ownerid, #userid

Methods included from Exists

#exists?

Methods included from HasId

#id

Instance Method Details

#add_member(member, options = {})

This method returns an undefined value.

Add a user to the group or change whether an existing member can manage other members.

Examples:

# create an empty group
group = api.create_group 'hoommans'
# put a user in the group, with the ability to manage members
group.add_member 'conjur:user:bob', admin_option: True
# Hmm, bob is getting a little suspicious, better lower his privileges.
group.add_member 'conjur:user:bob', admin_option: False

# Notice that this method is idempotent:
group.add_member 'alice'
group.add_member 'alice' # Does nothing, alice is already a member

Parameters:

• member (String, Conjur::User, Conjur::Role) —

  the member to add. If a String is given, it must be a fully qualified Conjur id.

• options (Hash) (defaults to: {})

Options Hash (options):

• :admin_option (Boolean) — default: False —

  determines whether the member is able to manage members of this group.

# File 'lib/conjur/group.rb', line 54

def add_member(member, options = {})
  role.grant_to member, options
end

#remove_member(member)

This method returns an undefined value.

Remove a member from this group.

Notes

• Unlike #add_member, this method is not idempotent. This means that calling it twice with the same user will raise a RestClient::ResourceNotFound exception.
• The member may be represented as a qualified conjur id or a User instance. Although it will accept anything that responds to #roleid, the behavior when adding or removing a non-user role is undefined.

Examples:

group = api.group 'admins'
group.add_member 'bob'
group.remove_member 'bob' # OK, bob is a member
group.remove_member 'bob' # raises RestClient::ResourceNotFound

Parameters:

• member (String, Conjur::User, Conjur::Role)

Raises:

• (RestClient::ResourceNotFound) —

  when you try to remove a user who is not a member of the group.

# File 'lib/conjur/group.rb', line 77

def remove_member(member)
  role.revoke_from member
end

#update(props)

This method returns an undefined value.

Update group properties. Currently the only supported property is :gidnumber.

Parameters:

• props (Hash) —

  new property values

Options Hash (props):

• :gidnumber (Integer) —

  new GID number

# File 'lib/conjur/group.rb', line 86

def update props
  # not an alias because doc
  put props
end