@abraca/dabra 2.5.0 → 2.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -11092,6 +11092,49 @@ var AbracadabraClient = class {
|
|
|
11092
11092
|
return this.request("GET", `/admin/users/${encodeURIComponent(userId)}/docs${qs}`);
|
|
11093
11093
|
}
|
|
11094
11094
|
/**
|
|
11095
|
+
* List `service`-role users (runners, demo seeders, automation
|
|
11096
|
+
* identities). Requires Service role. Admins can see service users via
|
|
11097
|
+
* `/admin/users` too but cannot mint or rotate them.
|
|
11098
|
+
*/
|
|
11099
|
+
async adminListServiceAccounts() {
|
|
11100
|
+
return this.request("GET", "/admin/service-accounts");
|
|
11101
|
+
}
|
|
11102
|
+
/**
|
|
11103
|
+
* Create a new `service`-role user. When `public_key` is omitted the
|
|
11104
|
+
* server generates a keypair and returns the private half in the
|
|
11105
|
+
* response — show it to the operator **once** and discard; the server
|
|
11106
|
+
* never persists it. Requires Service role.
|
|
11107
|
+
*/
|
|
11108
|
+
async adminCreateServiceAccount(body) {
|
|
11109
|
+
return this.request("POST", "/admin/service-accounts", { body });
|
|
11110
|
+
}
|
|
11111
|
+
/**
|
|
11112
|
+
* Rotate the active keypair on a service account. Old JWTs are
|
|
11113
|
+
* invalidated; old device keys are marked revoked; the canonical
|
|
11114
|
+
* `users.public_key` swaps to the new value. `users.id` stays put so
|
|
11115
|
+
* existing permission rows keep matching. Returns the new pubkey (and
|
|
11116
|
+
* private half when the server generated it). Requires Service role.
|
|
11117
|
+
*/
|
|
11118
|
+
async adminRotateServiceAccountKey(userId, body = {}) {
|
|
11119
|
+
return this.request("POST", `/admin/service-accounts/${encodeURIComponent(userId)}/rotate-key`, { body });
|
|
11120
|
+
}
|
|
11121
|
+
/**
|
|
11122
|
+
* Lock a service account and revoke all of its device keys. Idempotent.
|
|
11123
|
+
* Refuses targets whose `users.role` isn't `"service"`. Requires
|
|
11124
|
+
* Service role.
|
|
11125
|
+
*/
|
|
11126
|
+
async adminRevokeServiceAccount(userId) {
|
|
11127
|
+
await this.request("DELETE", `/admin/service-accounts/${encodeURIComponent(userId)}`);
|
|
11128
|
+
}
|
|
11129
|
+
/**
|
|
11130
|
+
* Revoke a single device key on a user (any role). Bumps
|
|
11131
|
+
* `tokens_invalid_before` so open WS sessions tied to the key must
|
|
11132
|
+
* re-auth. Requires elevated role (Service or Admin@root).
|
|
11133
|
+
*/
|
|
11134
|
+
async adminRevokeDeviceKey(userId, keyId) {
|
|
11135
|
+
await this.request("POST", `/admin/users/${encodeURIComponent(userId)}/device-keys/${encodeURIComponent(keyId)}/revoke`);
|
|
11136
|
+
}
|
|
11137
|
+
/**
|
|
11095
11138
|
* Page through the audit log. Filters AND-combine; `limit` defaults to
|
|
11096
11139
|
* 100 server-side. Requires elevated role.
|
|
11097
11140
|
*/
|