Class: PEClient::Resource::RBACV2::Tokens

Inherits:

Base

• Object
• Base
• PEClient::Resource::RBACV2::Tokens

Defined in:

lib/pe_client/resources/rbac.v2/tokens.rb

Overview

Authentication tokens control access to PE services. Use the v2 tokens endpoints to revoke and validate tokens.

See Also:

• https://help.puppet.com/pe/current/topics/rbac_api_v2_tokens_endpoints.htm

Constant Summary

BASE_PATH =

The base path for RBAC API v2 Tokens endpoints.

"#{RBACV2::BASE_PATH}/tokens".freeze

Instance Method Summary

• #authenticate(token, update_last_activity: false) ⇒ Hash

  Use this endpoint to exchange a token for a map representing an RBAC subject and associated token data.

• #delete(token: nil, revoke_tokens: [], revoke_tokens_by_usernames: [], revoke_tokens_by_labels: [], revoke_tokens_by_ids: []) ⇒ Hash

  Use this endpoint to revoke one or more authentication tokens, ensuring the tokens can no longer be used with RBAC to access PE services.

Methods inherited from Base

#initialize

Constructor Details

This class inherits a constructor from PEClient::Resource::Base

Instance Method Details

#authenticate(token, update_last_activity: false) ⇒ Hash

Note:

PEClient::Client.api_key is not required to use this method.

Use this endpoint to exchange a token for a map representing an RBAC subject and associated token data.

Parameters:

• token (String) —

  An authentication token.

• update_last_activity (Boolean) (defaults to: false) —

  A Boolean indicating whether you want a successful request to update the token’s last_active timestamp.

Returns:

• (Hash)

# File 'lib/pe_client/resources/rbac.v2/tokens.rb', line 60

def authenticate(token, update_last_activity: false)
  @client.post "#{RBACV2::BASE_PATH}/auth/token/authenticate", body: {token:, update_last_activity?: update_last_activity}
end

#delete(token: nil, revoke_tokens: [], revoke_tokens_by_usernames: [], revoke_tokens_by_labels: [], revoke_tokens_by_ids: []) ⇒ Hash

Use this endpoint to revoke one or more authentication tokens, ensuring the tokens can no longer be used with RBAC to access PE services.

Parameters:

• token (String) (defaults to: nil) —

  The authentication token to use for authorization. Cannot be used with other parameters.

• revoke_tokens (Array<String>) (defaults to: []) —

  Supply a list of complete authentication tokens you want to revoke. Any user can revoke any token by supplying the complete token in this parameter.

• revoke_tokens_by_usernames (Array<String>) (defaults to: []) —

  Supply a list of user names identifying users whose tokens you want to revoke. To revoke tokens by user name, the user making the request must have the Users Revoke permission for the specified users.

• revoke_tokens_by_labels (Array<String>) (defaults to: []) —

  Supply a list of labels identifying tokens to revoke. To be revoked in this manner, the tokens must belong to the requesting user and have been assigned a [token-spcific label](help.puppet.com/pe/current/topics/rbac_token_auth_token_label.htm).

• revoke_tokens_by_ids (Array<String>) (defaults to: []) —

  Supply a list of UUIDs for users whose tokens you want to revoke. To revoke tokens by user name, the user making the request must have the Users Revoke permission for the specified users.

Returns:

• (Hash) —

  If successful, returns an empty JSON object.

# File 'lib/pe_client/resources/rbac.v2/tokens.rb', line 44

def delete(token: nil, revoke_tokens: [], revoke_tokens_by_usernames: [], revoke_tokens_by_labels: [], revoke_tokens_by_ids: [])
  if token
    @client.delete "#{BASE_PATH}/#{token}"
  else
    @client.delete BASE_PATH, body: {revoke_tokens:, revoke_tokens_by_usernames:, revoke_tokens_by_labels:, revoke_tokens_by_ids:}.reject { |_, v| v.empty? }
  end
end