Class: PEClient::Resource::RBACV1::Users

Inherits:

Base

• Object
• Base
• PEClient::Resource::RBACV1::Users

Defined in:

lib/pe_client/resources/rbac.v1/users.rb

Overview

With role-based access control (RBAC), you can manage local users and remote users (created on a directory service). Use the users endpoints to get lists of users, create local users, and delete, revoke, and reinstate users in PE.

See Also:

• https://help.puppet.com/pe/current/topics/rbac_api_v1_user.htm

Constant Summary

BASE_PATH =

The base path for RBAC API v1 Users endpoints.

"#{RBACV1::BASE_PATH}/users".freeze

COMMAND_BASE_PATH =

The base path for RBAC API v1 Users command endpoints.

"#{RBACV1::BASE_PATH}/command/users".freeze

Instance Method Summary

• #add_roles(user_id, role_ids) ⇒ Hash

  Assign roles to a user.

• #create(email:, display_name:, login:, role_ids: [], password: nil) ⇒ Hash

  Create a local user.

• #current ⇒ Hash

  Get information about the current authenticated user.

• #delete(sid) ⇒ Hash

  Delete a user from the PE console.

• #edit(sid, attributes) ⇒ Hash

  Edit a local user.

• #get(sid = nil) ⇒ Hash

  Get a list of all local and remote users.

• #reinstate(user_id) ⇒ Hash

  Reinstate a revoked user.

• #remove_roles(user_id, role_ids) ⇒ Hash

  Remove roles from a user.

• #revoke(user_id) ⇒ Hash

  Revoke a user’s PE access.

• #tokens(sid, limit: nil, offset: nil, order_by: nil, order: nil) ⇒ Hash

  Get a list of tokens for a user.

Methods inherited from Base

#initialize

Constructor Details

This class inherits a constructor from PEClient::Resource::Base

Instance Method Details

#add_roles(user_id, role_ids) ⇒ Hash

Assign roles to a user.

Parameters:

• user_id (String) —

  The ID of the user you want to assign roles to.

• role_ids (Array<String>) —

  An array of role IDs defining the roles that you want to assign to the user. An empty array is valid, but the user can’t do anything in PE if they are not assigned to any roles.

Returns:

• (Hash) —

  If role assignment is successful, the endpoint returns an empty body.

# File 'lib/pe_client/resources/rbac.v1/users.rb', line 116

def add_roles(user_id, role_ids)
  @client.post "#{COMMAND_BASE_PATH}/add-roles", body: {user_id:, role_ids:}
end

#create(email:, display_name:, login:, role_ids: [], password: nil) ⇒ Hash

Create a local user

Parameters:

• email (String) —

  Specify the user’s email address.

• display_name (String) —

  The user’s name as you want it shown in the console.

• login (String) —

  The username for the user to use to login.

• role_ids (Array<String>) (defaults to: []) —

  An array of role IDs defining the roles that you want to assign to the new user. An empty array is valid, but the user can’t do anything in PE if they are not assigned to any roles.

• password (String) (defaults to: nil) —

  A password the user can use to login. For the password to work in the PE console, it must be at least six characters. This field is optional, however user accounts are not usable until a password is set. You can also use the Passwords endpoints to generate a password reset token the user can use to login for the first time.

Returns:

• (Hash) —

  If creation is successful, the endpoint returns an empty body.

# File 'lib/pe_client/resources/rbac.v1/users.rb', line 82

def create(email:, display_name:, login:, role_ids: [], password: nil)
  @client.post BASE_PATH, body: {email:, display_name:, login:, role_ids:, password:}
end

#current ⇒ Hash

Get information about the current authenticated user.

Returns:

• (Hash)

# File 'lib/pe_client/resources/rbac.v1/users.rb', line 47

def current
  @client.get "#{BASE_PATH}/current"
end

#delete(sid) ⇒ Hash

Delete a user from the PE console.

Parameters:

• sid (String) —

  The Subject ID of the user to delete.

Returns:

• (Hash) —

  If deletion is successful, the endpoint returns an empty body.

# File 'lib/pe_client/resources/rbac.v1/users.rb', line 105

def delete(sid)
  @client.delete "#{BASE_PATH}/#{sid}"
end

#edit(sid, attributes) ⇒ Hash

Edit a local user

Parameters:

• sid (String) —

  The Subject ID of the user to edit.

• attributes (Hash) —

  A hash of attributes to update for the user. The attributes MUST use all keys supplied in the #get response for the user, modified as needed to update the user. Not all attributes are editable such as :last_login.

Returns:

• (Hash)

See Also:

• https://help.puppet.com/pe/current/topics/rbac_api_v1_user_keys.htm

# File 'lib/pe_client/resources/rbac.v1/users.rb', line 96

def edit(sid, attributes)
  @client.put "#{BASE_PATH}/#{sid}", body: attributes
end

#get(sid = nil) ⇒ Hash

Get a list of all local and remote users. If a user SID is provided, get details for that specific user.

Parameters:

• sid (String) (defaults to: nil) —

  The Subject ID of the user. If nil, retrieves all users.

Returns:

• (Hash)

# File 'lib/pe_client/resources/rbac.v1/users.rb', line 39

def get(sid = nil)
  path = sid ? "#{BASE_PATH}/#{sid}" : BASE_PATH
  @client.get path
end

#reinstate(user_id) ⇒ Hash

Reinstate a revoked user.

Parameters:

• user_id (String) —

  The ID of the user you want to reinstate.

Returns:

• (Hash) —

  If reinstatement is successful, the endpoint returns an empty body.

# File 'lib/pe_client/resources/rbac.v1/users.rb', line 144

def reinstate(user_id)
  @client.post "#{COMMAND_BASE_PATH}/reinstate", body: {user_id:}
end

#remove_roles(user_id, role_ids) ⇒ Hash

Remove roles from a user.

Parameters:

• user_id (String) —

  The ID of the user you want to remove roles from.

• role_ids (Array<String>) —

  An array of role IDs defining the roles that you want to remove from the user.

Returns:

• (Hash) —

  If role removal is successful, the endpoint returns an empty body.

# File 'lib/pe_client/resources/rbac.v1/users.rb', line 126

def remove_roles(user_id, role_ids)
  @client.post "#{COMMAND_BASE_PATH}/remove-roles", body: {user_id:, role_ids:}
end

#revoke(user_id) ⇒ Hash

Revoke a user’s PE access.

Parameters:

• user_id (String) —

  The ID of the user you want to revoke access for.

Returns:

• (Hash) —

  If revocation is successful, the endpoint returns an empty body

# File 'lib/pe_client/resources/rbac.v1/users.rb', line 135

def revoke(user_id)
  @client.post "#{COMMAND_BASE_PATH}/revoke", body: {user_id:}
end

#tokens(sid, limit: nil, offset: nil, order_by: nil, order: nil) ⇒ Hash

Get a list of tokens for a user.

Parameters:

• sid (String) —

  The Subject ID of the user.

• limit (Integer) (defaults to: nil) —

  An integer specifying the maximum number of records to return. If omitted, all records are returned.

• offset (Integer) (defaults to: nil) —

  Specify a zero-indexed integer to specify the index value of the first record to return. If omitted, the default is position 0 (the first record). For example, offset=5 would start from the 6th record.

• order_by (String) (defaults to: nil) —

  Specify one of the following strings to define the order in which records are returned: “creation_date”, “expiration_date”, “last_active_date”, “client” If omitted, the default is “creation_date”.

• order (String) (defaults to: nil) —

  Determines the sort order as either ascending (asc) or descending (desc). If omitted, the default is asc.

Returns:

• (Hash)

# File 'lib/pe_client/resources/rbac.v1/users.rb', line 65

def tokens(sid, limit: nil, offset: nil, order_by: nil, order: nil)
  @client.get "#{BASE_PATH}/#{sid}/tokens", params: {limit:, offset:, order_by:, order:}.compact
end