@abraca/dabra 2.5.0 → 2.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -11062,6 +11062,49 @@ var AbracadabraClient = class {
|
|
|
11062
11062
|
return this.request("GET", `/admin/users/${encodeURIComponent(userId)}/docs${qs}`);
|
|
11063
11063
|
}
|
|
11064
11064
|
/**
|
|
11065
|
+
* List `service`-role users (runners, demo seeders, automation
|
|
11066
|
+
* identities). Requires Service role. Admins can see service users via
|
|
11067
|
+
* `/admin/users` too but cannot mint or rotate them.
|
|
11068
|
+
*/
|
|
11069
|
+
async adminListServiceAccounts() {
|
|
11070
|
+
return this.request("GET", "/admin/service-accounts");
|
|
11071
|
+
}
|
|
11072
|
+
/**
|
|
11073
|
+
* Create a new `service`-role user. When `public_key` is omitted the
|
|
11074
|
+
* server generates a keypair and returns the private half in the
|
|
11075
|
+
* response — show it to the operator **once** and discard; the server
|
|
11076
|
+
* never persists it. Requires Service role.
|
|
11077
|
+
*/
|
|
11078
|
+
async adminCreateServiceAccount(body) {
|
|
11079
|
+
return this.request("POST", "/admin/service-accounts", { body });
|
|
11080
|
+
}
|
|
11081
|
+
/**
|
|
11082
|
+
* Rotate the active keypair on a service account. Old JWTs are
|
|
11083
|
+
* invalidated; old device keys are marked revoked; the canonical
|
|
11084
|
+
* `users.public_key` swaps to the new value. `users.id` stays put so
|
|
11085
|
+
* existing permission rows keep matching. Returns the new pubkey (and
|
|
11086
|
+
* private half when the server generated it). Requires Service role.
|
|
11087
|
+
*/
|
|
11088
|
+
async adminRotateServiceAccountKey(userId, body = {}) {
|
|
11089
|
+
return this.request("POST", `/admin/service-accounts/${encodeURIComponent(userId)}/rotate-key`, { body });
|
|
11090
|
+
}
|
|
11091
|
+
/**
|
|
11092
|
+
* Lock a service account and revoke all of its device keys. Idempotent.
|
|
11093
|
+
* Refuses targets whose `users.role` isn't `"service"`. Requires
|
|
11094
|
+
* Service role.
|
|
11095
|
+
*/
|
|
11096
|
+
async adminRevokeServiceAccount(userId) {
|
|
11097
|
+
await this.request("DELETE", `/admin/service-accounts/${encodeURIComponent(userId)}`);
|
|
11098
|
+
}
|
|
11099
|
+
/**
|
|
11100
|
+
* Revoke a single device key on a user (any role). Bumps
|
|
11101
|
+
* `tokens_invalid_before` so open WS sessions tied to the key must
|
|
11102
|
+
* re-auth. Requires elevated role (Service or Admin@root).
|
|
11103
|
+
*/
|
|
11104
|
+
async adminRevokeDeviceKey(userId, keyId) {
|
|
11105
|
+
await this.request("POST", `/admin/users/${encodeURIComponent(userId)}/device-keys/${encodeURIComponent(keyId)}/revoke`);
|
|
11106
|
+
}
|
|
11107
|
+
/**
|
|
11065
11108
|
* Page through the audit log. Filters AND-combine; `limit` defaults to
|
|
11066
11109
|
* 100 server-side. Requires elevated role.
|
|
11067
11110
|
*/
|