conjur-api 4.31.0 → 5.0.0.rc1

data/lib/conjur/api/groups.rb

@@ -1,111 +0,0 @@
-# Copyright (C) 2013-2015 Conjur Inc.
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-require 'conjur/group'
-
-module Conjur
-
-
-  class API
-    # @!group Directory: Groups
-
-    # List all Conjur groups visible to the current role.  This method does not
-    # support advanced query options.  If you want those, use `#resources` with
-    # the `:kind` option set to `'group'`.
-    #
-    # @example
-    #   api.groups.count # => 163 (yikes!)
-    #
-    # @param options [Hash] included for compatibility.  Do not use this parameter!
-    # @return [Array<Conjur::Group>]
-    def groups(options={})
-      standard_list Conjur::Core::API.host, :group, options
-    end
-
-    # Create a new group with the given identifier.
-    #
-    # Groups can be created with a gidnumber attribute, which is used when mapping LDAP/ActiveDirectory groups
-    # to Conjur groups, and when performing PAM authentication to assign a unix GID.
-    #
-    #
-    # @example
-    #   group = api.create_group 'cats'
-    #   puts group.attributes
-    #   # Output
-    #   {"id"=>"cats",
-    #     "userid"=>"admin",
-    #     "ownerid"=>"conjur:user:admin",
-    #     "gidnumber"=>nil,
-    #     "roleid"=>"conjur:group:cats",
-    #     "resource_identifier"=>"conjur:group:cats"}
-    #
-    # @example Create a group with a GID number.
-    #   group = api.create_group 'dogs', gidnumber: 1337
-    #   puts group.attributes['gidnumber']
-    #   # Output
-    #   1337
-    #
-    # @param [String] id the identifier for this group
-    # @param [Hash] options options for group creation
-    # @option options [FixNum] :gidnumber gidnumber to assign to this group (if not present, the
-    #   group will *not* have a gidnumber, in contrast to Conjur {Conjur::User} instances).
-    # @return [Conjur::Group] the group created.
-    def create_group(id, options = {})
-      standard_create Conjur::Core::API.host, :group, id, options
-    end
-
-
-    # Fetch a group with the given id.  Note that the id is *unqualified* -- it must not contain
-    # `account` or `id` parts.  For example,
-    #
-    # @example
-    #   group = api.create_group 'fish'
-    #   right = api.group 'fish'
-    #   wrong = api.group 'conjur:group:fish'
-    #   right.exists? # => true
-    #   wrong.exists? # => false
-    #
-    # @param [String] id the identifier of the group
-    # @return [Conjur::Group] the group, which may or may not exist (you must check this using the {Conjur::Exists#exists?})
-    #   method.
-    def group id
-      standard_show Conjur::Core::API.host, :group, id
-    end
-
-    # Find groups by GID.  Note that gidnumbers are *not* unique for groups.
-    #
-    # @example
-    #   dogs = api.create_group 'dogs', gidnumber: 42
-    #   cats = api.create_group 'cats', gidnumber: 42
-    #   api.find_groups gidnumber: 42
-    #   # => ['cats', 'dogs']
-    #
-    # @example
-    #   groups = api.find_groups(gidnumber: 42).map{|id| api.group(id)}
-    #   groups.map(&:class) # => [Conjur::Group, Conjur::Group]
-    #
-    # @param [Hash] options search criteria
-    # @option options [Integer] :gidnumber GID number
-    # @return [Array<String>] group names matching the criteria
-    def find_groups options
-      JSON.parse(RestClient::Resource.new(Conjur::Core::API.host, credentials)["groups/search?#{options.to_query}"].get)
-    end
-    #@!endgroup
-  end
-end

data/lib/conjur/api/hosts.rb

@@ -1,109 +0,0 @@
-#
-# Copyright (C) 2013-2015 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-require 'conjur/host'
-
-module Conjur
-
-  class API
-    class << self
-      # @api private
-      # deprecated
-      def enroll_host(url)
-        if Conjur.log
-          Conjur.log << "Enrolling host with URL #{url}\n"
-        end
-        require 'uri'
-        url = URI.parse(url) if url.is_a?(String)
-        response = Net::HTTP.get_response url
-        raise "Host enrollment failed with status #{response.code} : #{response.body}" unless response.code.to_i == 200
-        mime_type = response['Content-Type']
-        body = response.body
-        [ mime_type, body ]
-      end
-    end
-
-    #@!group Directory: Hosts
-
-    # Create a new `host` asset.
-    #
-    # By default this method will create a host with a random id.  However, you may create a host with a
-    # specific name by passing an `:id` option.
-    #
-    # ### Permissions
-    #
-    # * Any Conjur role may perform this method without an `:ownerid` option.  The new hosts owner will be the current role.
-    # * If you pass an ``:ownerid` option, you must be a member of the given role.
-    #
-    # @example
-    #   # Create a host with a random id
-    #   anon = api.create_host
-    #   anon.id # => "wyzg17"
-    #
-    #   # Create a host with a given id
-    #   foo = api.create_host id: 'foo'
-    #   foo.id # => "foo"
-    #
-    #   # Trying to create a new host named foo fails
-    #   foo2 = api.create_host id: 'foo' # raises RestClient::Conflict
-    #
-    #   # Create a host owned by user 'alice' (assuming we're authenticated as
-    #   # a role of which alice is a member).
-    #   alice_host = api.create_host id: "host-for-alice", ownerid: 'conjur:user:ailce'
-    #   alice_host.ownerid # => "conjur:user:alice"
-    #
-    # @param [Hash,nil] options options for the new host
-    # @option options [String] :id the id for the new host
-    # @option options [String] :ownerid set the new hosts owner to this role
-    # @return [Conjur::Host] the created host
-    # @raise RestClient::Conflict when id is given and a host with that id already exists.
-    # @raise RestClient::Forbidden when ownerid is given and the owner role does not exist, or you are not
-    #   a member of the owner role.
-    #
-    def create_host options = nil
-      options = options.merge \
-          cidr: [*options[:cidr]].map(&CIDR.method(:validate)).map(&:to_s) if options[:cidr]
-      standard_create Conjur::Core::API.host, :host, nil, options
-    end
-
-    # Get a host by its *unqualified id*.
-    #
-    # Like other Conjur methods, this will return a {Conjur::Host} whether
-    # or not the record is found, and you must use the {Conjur::Exists#exists?} method
-    # to check this.
-    #
-    # @example
-    #   api.create_host id: 'foo'
-    #   foo = api.host "foo" # => returns a Conjur::Host
-    #   puts foo.resourceid # => "conjur:host:foo"
-    #   puts foo.id # => "foo"
-    #   mistake = api.host "doesnotexist" # => Also returns a Conjur::Host
-    #   foo.exists? # => true
-    #   mistake.exists? # => false
-    #
-    # @param [String] id the unqualified id of the host
-    # @return [Conjur::Host] an object representing the host, which may or may not exist.
-    def host id
-      standard_show Conjur::Core::API.host, :host, id
-    end
-
-    #@!endgroup
-  end
-end

data/lib/conjur/api/info.rb

@@ -1,126 +0,0 @@
-# Copyright (C) 2013-2016 Conjur Inc.
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-require 'semantic'
-require 'semantic/core_ext'
-module Conjur
-  class API
-    class << self
-
-      # Return the version of the given service presently running on the Conjur appliance.
-      #
-      # @example Check that the authn service is at least version 4.6
-      #   if api.service_version('authn') >= '4.6.0'.to_version
-      #     puts "Authn version is at least 4.6.0"
-      #   end
-      #
-      # This feature is useful for determining whether the Conjur appliance has a particular feature.
-      #
-      # If the given service does not exist, this method will raise an exception.  To retrieve a list of
-      # valid service names, you can use `Conjur::API.service_names`
-      #
-      # @param [String] service the name of the service.
-      # @return [Semantic::Version] the version of the service.
-      def service_version service
-        if (service_info = appliance_info['services'][service]).nil?
-          raise "Unknown service #{service} (services are #{service_names.join(', ')}."
-        else
-          # Pre-release versions are discarded, because they make testing harder:
-          # 2.0.0-p598 :004 > Semantic::Version.new("4.5.0") <= Semantic::Version.new("4.5.0-1")
-          # => false
-          major, minor, patch, pre = service_info['version'].split(/[.-]/)[0..3]
-          Semantic::Version.new "#{major}.#{minor}.#{patch}"
-        end
-      end
-
-      # Return an Array of valid service names for your appliance.
-      #
-      # @return [Array<String>] the names of services on the appliance.
-      def service_names
-        appliance_info['services'].keys
-      end
-
-      # Return a Hash containing various information about the Conjur appliance.
-      #
-      # If the appliance does not support this feature, raise Conjur::FeatureNotAvailable.
-      #
-      # @note This feature requires Conjur appliance version 4.6 or above.
-      #
-      # @return [Hash] various information about the Conjur appliance.
-      def appliance_info
-        JSON.parse(RestClient::Resource.new(appliance_info_url).get.body)
-      rescue RestClient::ResourceNotFound
-        raise Conjur::FeatureNotAvailable.new('Your appliance does not support the /info URL needed by Conjur::API.appliance_info (you need 4.6 or later)')
-      end
-
-      # Return a Hash containing health information for this appliance, or for another host.
-      #
-      # If the `remote_host` argument is provided, the health of that appliance is reported from
-      # the perspective of the appliance being queried (as specified by the `appliance_url` configuration
-      # variable).
-      #
-      # @note When called without an argument, this method requires a Conjur server running version 4.5 or later.
-      #   When called with an argument, it requires 4.6 or later.
-      #
-      # @param [String, NilClass] remote_host a hostname for a remote host
-      # @return [Hash] the appliance health information.
-      def appliance_health remote_host=nil
-        remote_host.nil? ? own_health : remote_health(remote_host)
-      end
-
-      private
-
-
-      def remote_health host
-        JSON.parse(RestClient::Resource.new(remote_health_url(host)).get.body)
-      rescue RestClient::ResourceNotFound
-        raise Conjur::FeatureNotAvailable.new('Your appliance does not support the /remote_health/:host URL needed by Conjur::API.appliance_health (you need 4.6 or later)')
-      rescue RestClient::ExceptionWithResponse => ex
-        JSON.parse(ex.response.body)
-      end
-
-
-      def own_health
-        JSON.parse(RestClient::Resource.new(appliance_health_url).get.body)
-      rescue RestClient::ResourceNotFound
-        raise Conjur::FeatureNotAvailable.new('Your appliance does not support the /health URL needed by Conjur::API.appliance_health (you need 4.5 or later)')
-      rescue RestClient::ExceptionWithResponse => ex
-        JSON.parse(ex.response.body)
-      end
-
-      def remote_health_url host
-        raw_appliance_url "/remote_health/#{fully_escape host}"
-      end
-
-      def appliance_health_url
-        raw_appliance_url '/health'
-      end
-
-      def appliance_info_url
-        raw_appliance_url '/info'
-      end
-
-      def raw_appliance_url path
-        url = Conjur.configuration.appliance_url
-        raise "Conjur connection is not configured" unless url
-        url.gsub(%r{/api$}, path)
-      end
-    end
-  end
-end

data/lib/conjur/api/layers.rb

@@ -1,62 +0,0 @@
-require 'conjur/layer'
-
-module Conjur
-  class API
-    #@!group Directory: Layers
-
-    # Create a new layer with the given id
-    #
-    # @example
-    #   # create a new layer named 'webservers'
-    #   webservers = api.create_layer 'webservices'
-    #
-    #   # create layer is *not* idempotent
-    #   api.create_layer 'webservices' # raises RestClient::Conflict
-    #
-    #   # create a layer owned by user 'alice'
-    #   api.create_layer 'webservices', ownerid: 'alice'
-    #   api.owner # => 'conjur:user:alice'
-    #
-    # @param [String] id an *unqualified* id for the layer.
-    # @return [Conjur::Layer]
-    def create_layer(id, options = {})
-      standard_create Conjur::API.layer_asset_host, :layer, id, options
-    end
-
-    # Get all layers visible to the current role.
-    #
-    # The `options` parameter is only included for backwards
-    # compatibility and has no effect. You should call this method
-    # without arguments.
-    #
-    # @param [Hash] options deprecated, unused
-    # @return [Array<Conjur::Layer>] all layers visible to the current role
-    def layers options={}
-      standard_list Conjur::API.layer_asset_host, :layer, options
-    end
-
-
-    # Get a layer by its *unqualified id*.
-    #
-    # Like other Conjur methods, this will return a {Conjur::Layer} whether
-    # or not the record is found, and you must use the {Conjur::Exists#exists?} method
-    # to check this.
-    #
-    # @example
-    #   api.create_layer id: 'foo'
-    #   foo = api.layer "foo" # => returns a Conjur::Layer
-    #   puts foo.resourceid # => "conjur:layer:foo"
-    #   puts foo.id # => "foo"
-    #   mistake = api.layer "doesnotexist" # => Also returns a Conjur::Layer
-    #   foo.exists? # => true
-    #   mistake.exists? # => false
-    #
-    # @param [String] id the unqualified id of the layer
-    # @return [Conjur::Layer] an object representing the layer, which may or may not exist.
-    def layer id
-      standard_show Conjur::API.layer_asset_host, :layer, id
-    end
-
-    #@!endgroup
-  end
-end

data/lib/conjur/api/ldapsync.rb

@@ -1,115 +0,0 @@
-#
-# Copyright (C) 2016 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-require 'conjur/ldap_sync_job'
-
-module Conjur
-  class API
-    # @!group LDAP Sync Service
-
-    # Fetch a Conjur policy that will bring Conjur into sync with the
-    # LDAP server specified by a profile.
-    #
-    # @param [String] profile the name of the LDAP server profile 
-    # @param [Hash] options reserved for future use
-    def ldap_sync_policy profile, options = {}
-      
-      headers = credentials.dup.tap {|h|
-        h[:headers][:accept] = 'text/event-stream'
-      }
-
-      options = options.merge(:config_name => profile)
-      url = Conjur.configuration.appliance_url + "/ldap-sync/policy?#{options.to_query}"
-
-      # Even though we're using SSE to return the policy, fetch the
-      # whole thing at once into a single response. Retrieving it in
-      # chunks doesn't buy us much of anything except more complicated
-      # client code.
-      response = RestClient::Resource.new(url, headers).get
-      JSON.parse(get_json("policy", response)).merge('events' => find_log_events(response))
-    end
-
-    # @api private
-    # Get an LDAP sync profile.
-
-    # @param [String] profile name 
-    # @param [Hash] options reserved
-    def ldap_sync_show_profile(profile, options = {})
-      url = Conjur.configuration.appliance_url
-      resp = RestClient::Resource.new(url, credentials)['ldap-sync']['config'][profile].get(options)
-      JSON.parse(resp.body)
-    end
-
-    # @api private
-    # Update an LDAP sync profile. 
-    #
-    # ### Note
-    # DO NOT use this method and the UI to update an LDAP sync profile.
-    #
-    # @param [Hash] profile a hash containing the LDAP sync configuration
-    # @param [Hash] options reserved
-    def ldap_sync_update_profile(profile_name, profile, options = {})
-      options[:json_config] = profile.to_json
-      resp = RestClient::Resource.new(Conjur.configuration.appliance_url, credentials)['ldap-sync']['config'][profile_name].put(options.to_json, :content_type => 'application/json')
-      JSON.parse(resp.body)
-    end
-
-    # @api private
-    # Search using an LDAP sync profile
-    #
-    # @param [String] profile name
-    # @param [Hash] options reserved
-    def ldap_sync_search(profile, options = {})
-      headers = credentials.dup.tap {|h|
-        h[:headers][:accept] = 'text/event-stream'
-      }
-
-      response = RestClient::Resource.new(Conjur.configuration.appliance_url, headers)['ldap-sync']['search'].post(options.merge(:config_name => profile))
-      JSON.parse(get_json("groups", response)).merge('events' => find_log_events(response))
-    end
-
-    # @!endgroup
-    
-    private
-    def get_json(key, response)
-      if response.headers[:content_type] == 'text/event-stream'
-        find_event_by_key(key, response) || find_error_events(response)
-      else
-        %Q({"error": {"message": "Unexpected response from server: #{response.body}"}})
-      end    
-    end
-
-    def find_event_by_key(key, response)
-      response.body.lines.find {|l| l =~ %r(^data: {"#{key}":) }.try(:[], 6..-1)
-    end
-
-    def find_log_events(response)
-      find_events(response, 'log').collect { |e| JSON.parse(e)['log'] }
-    end
-
-    def find_error_events(response)
-      find_events(response, "error").join("\n")
-    end
-
-    def find_events(response, key)
-      response.body.lines.collect {|l| l.match(/^data: ({"#{key}":.*)/).try(:[], 1)}.compact
-    end
-  end
-end

data/lib/conjur/api/users.rb

@@ -1,106 +0,0 @@
-#
-# Copyright (C) 2013-2015 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-##
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-require 'conjur/user'
-require 'conjur/cidr'
-
-module Conjur
-  class API
-    #@!group Directory: Users
-
-    # Create a {http://developer.conjur.net/reference/services/directory/user Conjur User}.  Conjur users
-    # are identities for humans.
-    #
-    # When you create a user for the first time, the returned object will have an `api_key` field.  You can then
-    # use this to set a password for the user if you want to.  Note that when the user is fetched later with the {#user}
-    # method, it **will not have an api_key**.  Use it or lose it.
-    #
-    # ### Permissions
-    # Any authenticated role may call this method.
-    #
-    # @example Create a user 'alice' and set her password to 'frogger'
-    #   alice = api.create_user 'alice', password: 'frogger'
-    #
-    #   # Now we can login as 'alice'.
-    #   alice_api = Conjur::API.new_from_key 'alice', 'frogger'
-    #   alice_api.current_role # => 'conjur:user:alice'
-    #
-    # @example Create a user and save her `api_key` for later use
-    #    alice = api.create_user 'alice' # note that we're not giving a password
-    #    save_api_key 'alice', alice.api_key
-    #
-    # @param [String] login the login for the new user
-    # @param [Hash] options options for user creation
-    # @option options [String] :acting_as Qualified id of a role to perform the action as
-    # @option options [Array<String, IPAddr>] :cidr CIDR addresses of networks
-    #   the new user will be allower to login from
-    # @option options [String, Integer] :uidnumber UID number to assign to the new user.  If not given, one will be generated.
-    # @option options [String] :password when present, the user will be given a password in addition to a randomly
-    #   generated api key.
-    # @return [Conjur::User] an object representing the new user
-    # @raise [RestClient::Conflict] If the user already exists, or a user with the given uidnumber exists.
-    def create_user(login, options = {})
-      options = options.merge \
-          cidr: [*options[:cidr]].map(&CIDR.method(:validate)).map(&:to_s) if options[:cidr]
-      standard_create Conjur::Core::API.host, :user, nil, options.merge(login: login)
-    end
-
-    # Return an object representing a user with the given login. The {Conjur::User} object returned
-    # may or may not exist.  You can check whether it exists with the {Conjur::Exists#exists?} method.
-    #
-    # The returned {Conjur::User} will *not* have an api_key.
-    #
-    # ### Permissions
-    # Any authenticated role may call this method.
-    #
-    # @param [String] login the user's login
-    # @return [Conjur::User] an object representing the user
-    def user login
-      standard_show Conjur::Core::API.host, :user, login
-    end
-
-    # @api private
-    #
-    # @note In the future, further options for search may be added, but presently this only supports uid search.
-    #
-    # Find users by uidnumber.
-    #
-    #
-    # When a user is created it is assigned a uid number.  When the uid number is not specified when creating the user,
-    # a sequential uid number will be generated, starting at 1000.  uidnumbers are used when synchronizing with LDAP directories
-    # and to assign a UNIX user id number when using {http://developer.conjur.net/tutorials/ssh/conjur-ssh.html Conjur SSH login}.
-    #
-    # ### Note
-    # Although users are uniquely identified by their uidnumber, the result of this method is an array of user ids for compatibility
-    # reasons.
-    #
-    # ### Permissions
-    # Only roles of which you are a member will be returned
-    #
-    # @param [Hash] options query to send
-    # @option options [String, Integer] :uidnumber (required) the uidnumber to search for
-    # @return [Array<String>] a one element array containing the users login.
-    def find_users options
-      JSON.parse( RestClient::Resource.new(Conjur::Core::API.host, credentials)["users/search?#{options.to_query}"].get )
-    end
-
-    #@!endgroup
-  end
-end