Sha256: 02f2542044c695372e659d93039d54c9f96339bc4b80cf9e6f91d0da8f083bf9
Contents?: true
Size: 1019 Bytes
Versions: 4
Compression:
Stored size: 1019 Bytes
Contents
module Conjur
module Policy
module Types
class Retire < Base
attribute :record, kind: :resource
self.description = %(
Move a Role or Resource to the attic.
When you no longer need a role or resource in Conjur, you `retire` it.
This is different than deleting it. When you retire an item, all of
its memberships and privileges are revoked and its ownership is
transferred to the `attic` user. This is a special user in Conjur that
is created when you first bootstrap your Conjur endpoint. By
retiring rather than deleting items, the integrity of the immutable
audit log is preserved.
You can unretire items by logging in as the
'attic' user and transferring their ownership to another role. The
'attic' user's API key is stored as a variable in Conjur at
`conjur/users/attic/api-key`. It is owned by the 'security_admin'
group. )
self.example = %(
- !retire
record: !user DoubleOhSeven
)
def to_s
"Retire #{record}"
end
end
end
end
end
Version data entries
4 entries across 4 versions & 2 rubygems