Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
User management bug
root@3935c7d86a07:/# cat policy-2.yml
- !user alice
- !group developers
- !grant
role: !group developers
member: !user alice
- !group developers
- !grant
role: !group developers
member: !user alice
root@3935c7d86a07:/# conjur user create --as-group security_admin alice
Enter your username to log into Conjur: admin
Please enter your password (it will not be echoed):
WARNING! This command is deprecated and will be removed. Use policy instead.
{
"login": "alice",
"userid": "admin",
"ownerid": "cucumber:group:security_admin",
"uidnumber": 1101,
"roleid": "cucumber:user:alice",
"resource_identifier": "cucumber:user:alice",
"api_key": "1bm24dm3r19fgf3kc0h231p5284e672rxk34tpfg1e37zw52hjcfwj"
}
root@3935c7d86a07:/# vi policy.yml
root@3935c7d86a07:/# conjur policy load --as-group security_admin policy.yml
Create group 'developers'
Grant group 'developers' to user 'alice'
{}
root@3935c7d86a07:/# conjur user retire alice
WARNING! This command is deprecated and will be removed. Use policy instead.
Revoking from role cucumber:group:security_admin
Giving ownership to 'cucumber:user:attic'
User retired
root@3935c7d86a07:/# cp policy.yml policy-2.yml
root@3935c7d86a07:/# vi policy-2.yml
root@3935c7d86a07:/# conjur policy load --as-group security_admin policy-2.yml
error: Authable::Rails::AuthableController::Forbidden
root@3935c7d86a07:/# conjur elevate policy load --as-group security_admin policy-2.yml
Give user resource 'alice' to group role 'security_admin'
Grant user role 'alice' to group role 'security_admin' with admin option
{}
root@3935c7d86a07:/# conjur group members list developers
[
"cucumber:group:security_admin",
"cucumber:user:alice"
]
root@3935c7d86a07:/#
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.