User¶
The User Object controls access to the system. The user object contains a name and a password hash for validating access. Additionally, it can be used to generate time-based, function restricted tokens for use in API calls. The template provides a helper function to generate these for restricted machine access in the discovery and post-install process.
The user object is usually created with an unset password. Thus the user will have no access but still be able to access the system through constructed tokens. The cli has commands to set the password for a user.
Users keep track of who is allowed to talk to DRP, and what actions they are allowed to take in the system.
| Field | Definition |
|---|---|
| Description | Description is a string for providing a simple description |
| Meta | Meta contains the meta data of the object. The type of this field is a key / value map/dictionary. The key type is string. The value type is also string. The general content of the field is undefined and can be an arbritary store. There are some common known keys: color - The color the UX uses when displaying icon - The icon the UX uses when displaying * title - The UX uses this for additional display information. Often the source of the object. Specific Object types use additional meta data fields. These are described at: https://docs.rackn.io/stable/redirect/?ref=rs_object_metadata |
| Name | Name is the name of the user required: true |
| PasswordHash | PasswordHash is the scrypt-hashed version of the user's Password. |
| Roles | Roles is a list of Roles this User has. |
| Secret | Token secret - this is used when generating user token's to allow for revocation by the grantor or the grantee. Changing this will invalidate all existing tokens that have this user as a user or a grantor. |
In addition to the roles asigned to the user, all users also get a claim that allows them to get themself, change their passwords, and get a token for themselves.