Module: VaultApi::Client::Users
- Included in:
- VaultApi::Client
- Defined in:
- lib/vault_api/client/users.rb
Instance Method Summary collapse
- #add_secrets_to_user_from_global(username) ⇒ Object
- #create_user(username) ⇒ Object
- #create_user_with_secret(username) ⇒ Object
- #delete_user(username) ⇒ Object
Instance Method Details
#add_secrets_to_user_from_global(username) ⇒ Object
47 48 49 50 51 52 53 54 55 56 57 |
# File 'lib/vault_api/client/users.rb', line 47 def add_secrets_to_user_from_global(username) global_path = VaultApi.secret_global_base_path secrets = VaultApi.list(global_path) secrets.each do |filename| path_admin = "#{global_path}/#{filename}" data = VaultApi.read(path_admin).data user_path = "secret/#{VaultApi.env}/#{username}/#{filename}" VaultApi.write(user_path, data) end end |
#create_user(username) ⇒ Object
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
# File 'lib/vault_api/client/users.rb', line 11 def create_user(username) secure_password = SecureRandom.hex(12) creds = { 'password' => secure_password.to_s, 'policies' => "#{username}_policy" } uri = URI.parse("#{VaultApi.address}/v1/#{VaultApi.auth_users_path}/#{username}") http = Net::HTTP.new(uri.host, uri.port) http.use_ssl = true request = Net::HTTP::Post.new(uri.request_uri) request.body = creds.to_json request['X-Vault-Token'] = VaultApi.token.to_s http.request(request) creds end |
#create_user_with_secret(username) ⇒ Object
32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# File 'lib/vault_api/client/users.rb', line 32 def create_user_with_secret(username) users = VaultApi.list(VaultApi.auth_users_path) if users.include? username.to_s puts "Vault user '#{username}' already exists." # exit 1 else create_initial_user_policy(username) creds = create_user(username) add_secrets_to_user_from_global(username) creds end end |
#delete_user(username) ⇒ Object
59 60 61 62 63 |
# File 'lib/vault_api/client/users.rb', line 59 def delete_user(username) VaultApi.delete("/#{VaultApi.auth_users_path}/#{username}") delete_policy(username) delete_path(VaultApi.secret_user_base_path(username)) end |