Created
February 2, 2018 16:15
-
-
Save kgilpin/669fe90779afa0786f36a7bce522f5ac to your computer and use it in GitHub Desktop.
User management bug
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
root@3935c7d86a07:/# cat policy-2.yml | |
- !user alice | |
- !group developers | |
- !grant | |
role: !group developers | |
member: !user alice | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- !group developers | |
- !grant | |
role: !group developers | |
member: !user alice | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
root@3935c7d86a07:/# conjur user create --as-group security_admin alice | |
Enter your username to log into Conjur: admin | |
Please enter your password (it will not be echoed): | |
WARNING! This command is deprecated and will be removed. Use policy instead. | |
{ | |
"login": "alice", | |
"userid": "admin", | |
"ownerid": "cucumber:group:security_admin", | |
"uidnumber": 1101, | |
"roleid": "cucumber:user:alice", | |
"resource_identifier": "cucumber:user:alice", | |
"api_key": "1bm24dm3r19fgf3kc0h231p5284e672rxk34tpfg1e37zw52hjcfwj" | |
} | |
root@3935c7d86a07:/# vi policy.yml | |
root@3935c7d86a07:/# conjur policy load --as-group security_admin policy.yml | |
Create group 'developers' | |
Grant group 'developers' to user 'alice' | |
{} | |
root@3935c7d86a07:/# conjur user retire alice | |
WARNING! This command is deprecated and will be removed. Use policy instead. | |
Revoking from role cucumber:group:security_admin | |
Giving ownership to 'cucumber:user:attic' | |
User retired | |
root@3935c7d86a07:/# cp policy.yml policy-2.yml | |
root@3935c7d86a07:/# vi policy-2.yml | |
root@3935c7d86a07:/# conjur policy load --as-group security_admin policy-2.yml | |
error: Authable::Rails::AuthableController::Forbidden | |
root@3935c7d86a07:/# conjur elevate policy load --as-group security_admin policy-2.yml | |
Give user resource 'alice' to group role 'security_admin' | |
Grant user role 'alice' to group role 'security_admin' with admin option | |
{} | |
root@3935c7d86a07:/# conjur group members list developers | |
[ | |
"cucumber:group:security_admin", | |
"cucumber:user:alice" | |
] | |
root@3935c7d86a07:/# |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment