Skip to content
On this page

User

A user is an identity that is able to authenticate into a Bondy Realm.

Description

A User is a person or software agent who wants to access a Realm. It can be authenticated and authorized; permissions (authorization) may be granted directly or via Group membership.

Users have attributes associated with themelves like username or aliases, credentials (password or authorized keys) and metadata determined by the client applications.

When you create an user, you then have to grant it permissions by making it a member of a user Group that has appropriate permission attached (recommended), or by directly attaching permissions to the user. You also have to define one or more Sources which define the required authentication methods contextual to the user network location.

Reserved Names

The following names are reserved and Bondy will not allow them to be used as a value for the user's username property: all, anonymous, any, from, on, to.

Aliasing

Provides the ability for a user to authenticate using differents usernames (authid). A user can have a maximum of 5 aliases.

Types

input_data()

The object used to create or update a user.

The object represents as overview of the all user properties but the available properties are detailed in each particular operation.

usernamestringREQUIREDIMMUTABLE
The user identifier.
groupsarray[string]
A list of group names.
sso_realm_uristringREQUIREDIMMUTABLE
If present, this it the URI of the SSO Realm where the user is auhenticated. Once a user has been associated with an SSO realm it cannot be changed.
Default: undefined
enabledbooleanREQUIRED
If the user is enabled or not.
Default: true
metamapREQUIRED
User metadata.
Default: {}
passwordstring
The user password.
authorized_keysarray[string]
The authorized keys.

user()

The representation of the user returned by the read or write operations e.g. get, list, add or update.

usernamestringREQUIREDIMMUTABLE
The user identifier.
groupsarray[string]
A list of group names.
sso_realm_uristringREQUIREDIMMUTABLE
If present, this it the URI of the SSO Realm where the user is auhenticated. Once a user has been associated with an SSO realm it cannot be changed.
Default: undefined
enabledbooleanREQUIRED
If the user is enabled or not.
Default: true
metamapREQUIRED
User metadata.
Default: {}
aliasesarray[string]
The list of aliases.
authorized_keysarray[string]
The authorized keys.
has_passwordbooleanREQUIRED
If the user has a password.
has_authorized_keysbooleanREQUIRED
If the user has an authorized keys.

Procedures

NameURI
Add an user to a realmbondy.user.add
Add an alias to an userbondy.user.add_alias
Add a group to an userbondy.user.add_group
Add groups to an userbondy.user.add_groups
Change the user passwordbondy.user.change_password
Delete an user from a realmbondy.user.delete
Disable an user in a realmbondy.user.disable
Enable an user in a realmbondy.user.enable
Retrieve an user from a realmbondy.user.get
Check if an user is enabledbondy.user.is_enabled
List all users from a realmbondy.user.list
Remove an alias from an userbondy.user.remove_alias
Remove a group from an userbondy.user.remove_group
Remove groups from an userbondy.user.remove_groups
Update an user into a realmbondy.user.update

Add an user to a realm

bondy.user.add(realm_uri(), input_data()) -> user()

Creates a new user and add it on the provided realm uri.

Publishes an event under topic bondy.user.added after the user has been created.

Call

Positional Args
0stringREQUIRED
The URI of the realm you want to add a user.
1object
The user configuration data
Keyword Args

None.

Result

Positional Results
0object
The created user.
Keyword Results

None.

Errors

Examples

Success Call
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.add \
"com.leapsight.test_creation_1" '{"username":"user_1"}' | jq
1
2
3
4
  • Response:
json
{
  "authorized_keys": [],
  "enabled": true,
  "groups": [],
  "has_authorized_keys": false,
  "has_password": false,
  "meta": {},
  "sso_realm_uri": null,
  "type": "user",
  "username": "user_1",
  "version": "1.1"
}
1
2
3
4
5
6
7
8
9
10
11
12
Success Call with Groups
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.add \
"com.leapsight.test_creation_1" '{"username":"user_3", "groups":["group_1"], "password":"my_password"}' | jq
1
2
3
4
  • Response:
json
{
  "authorized_keys": [],
  "enabled": true,
  "groups": [
    "group_1"
  ],
  "has_authorized_keys": false,
  "has_password": true,
  "meta": {},
  "sso_realm_uri": null,
  "type": "user",
  "username": "user_3",
  "version": "1.1"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14

Add an alias to an user

bondy.user.add_alias(realm_uri(), username(), alias())

Adds an alias to an existing user.

If the user is an SSO user, the alias is added on the SSO Realm only.

Call

Positional Args
0stringREQUIRED
The URI of the realm you want to modify the user.
1stringREQUIRED
The username of the user you want to add an alias.
2stringREQUIRED
The alias to add.
Keyword Args

None.

Result

Positional Results

None.

Keyword Results

None.

Errors

Examples

Success Call
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.add_alias \
"com.leapsight.test_creation_1" "user_3" "user3_alias1"
1
2
3
4
  • Checking the updated user Response
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.get "com.leapsight.test_creation_1" "user_3" | jq
1
2
3
  • Response
json
{
  "aliases": [
    "user3_alias1"
  ],
  "authorized_keys": [],
  "enabled": true,
  "groups": [
    "group_1"
  ],
  "has_authorized_keys": false,
  "has_password": true,
  "meta": {},
  "sso_realm_uri": null,
  "type": "user",
  "username": "user_3",
  "version": "1.1"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Success Call checking if the authentication succeed with the alias
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.test_creation_1 \
--authmethod=wampcra --authid="user3_alias1" --secret="my_password" \
call bondy.user.get "com.leapsight.test_creation_1" "user_3" | jq
1
2
3
4
  • Response
json
{
  "aliases": [
    "user3_alias1"
  ],
  "authorized_keys": [],
  "enabled": true,
  "groups": [
    "group_1"
  ],
  "has_authorized_keys": false,
  "has_password": true,
  "meta": {},
  "sso_realm_uri": null,
  "type": "user",
  "username": "user_3",
  "version": "1.1"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

Add a group to an user

bondy.user.add_group(realm_uri(), username(), group_name())

Adds a group name to an existing user.

Call

Positional Args
0stringREQUIRED
The URI of the realm you want to modify the user.
1stringREQUIRED
The username of the user you want to add a group name.
2stringREQUIRED
The group name to add.
Keyword Args

None.

Result

Positional Results

None.

Keyword Results

None.

Errors

Examples

Success Call
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.add_group \
"com.leapsight.test_creation_1" "user_3" "group_1"
1
2
3
4
  • Checking the updated user Response
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.get "com.leapsight.test_creation_1" "user_3" | jq
1
2
3
  • Response
json
{
  "authorized_keys": [],
  "enabled": true,
  "groups": [
    "group_1"
  ],
  "has_authorized_keys": false,
  "has_password": true,
  "meta": {},
  "sso_realm_uri": null,
  "type": "user",
  "username": "user_3",
  "version": "1.1"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14

Add groups to an user

bondy.user.add_groups(realm_uri(), username(), [group_name()])

Adds a list of group names to an existing user.

Call

Positional Args
0stringREQUIRED
The URI of the realm you want to modify the user.
1stringREQUIRED
The username of the user you want to add a group names.
2array[string]REQUIRED
The group names to add.
Keyword Args

None.

Result

Positional Results

None.

Keyword Results

None.

Errors

Examples

Success Call
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.add_groups \
"com.leapsight.test_creation_1" "user_3" '["group_1","group_2"]'
1
2
3
4
  • Checking the updated user Response
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.get "com.leapsight.test_creation_1" "user_3" | jq
1
2
3
  • Response
json
{
  "authorized_keys": [],
  "enabled": true,
  "groups": [
    "group_1",
	"group_2"
  ],
  "has_authorized_keys": false,
  "has_password": true,
  "meta": {},
  "sso_realm_uri": null,
  "type": "user",
  "username": "user_3",
  "version": "1.1"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

Change the user password

bondy.user.change_password(realm_uri(), username(), new_password(), old_password())

It allows to change the password to an existing user.

Publishes an event under topic bondy.user.credentials_changed after the user's password has been changed.

Call

Positional Args

The operation supports 3 or 4 positional arguments.

0stringREQUIRED
The URI of the realm you want to to modify the user password.
1stringREQUIRED
The username of the user you want to update the password.
2stringREQUIRED
The new password.
3string
The old password.
Keyword Args

None.

Result

Positional Results

None.

Keyword Results

None.

Errors

Examples

Success Call
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.change_password \
"com.leapsight.test_creation_1" "user_3" "my_new_password"
1
2
3
4
  • Checking if the new password was changed
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.test_creation_1 \
--authmethod=wampcra --authid="user_3" --secret="my_new_password" \
call bondy.user.get "com.leapsight.test_creation_1" "user_3" | jq
1
2
3
4
  • Response
json
{
  "aliases": [
    "user3_alias5",
    "user3_alias4",
    "user3_alias3",
    "user3_alias2",
    "user3_alias1"
  ],
  "authorized_keys": [
    "1766C9E6EC7D7B354FD7A2E4542753A23CAE0B901228305621E5B8713299CCDD"
  ],
  "enabled": true,
  "groups": [
    "group_1",
    "group_2"
  ],
  "has_authorized_keys": true,
  "has_password": true,
  "meta": {},
  "sso_realm_uri": null,
  "type": "user",
  "username": "user_3",
  "version": "1.1"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Success Call with old password
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.change_password \
"com.leapsight.test_creation_1" "user_3" "my_password" "my_new_password"
1
2
3
4

Delete an user from a realm

bondy.user.delete(realm_uri(), username())

Deletes the requested username from the provided realm uri.

Publishes an event under topic bondy.user.deleted after the user has been deleted.

Call

Positional Args
0stringREQUIRED
The URI of the realm you want to delete the user.
1stringREQUIRED
The username of the user you want to delete.
Keyword Args

None.

Result

Positional Results

None.

Keyword Results

None.

Errors

Examples

Success Call
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.delete "com.leapsight.test_creation_1" "user_1"
1
2
3

Disable an user in a realm

bondy.user.disable(realm_uri(), username())

Disables the requested username on the provided realm uri.

Call

Positional Args
0stringREQUIRED
The URI of the realm you want to disable the user.
1stringREQUIRED
The username of the user you want to disable.
Keyword Args

None.

Result

Positional Results

None.

Keyword Results

None.

Errors

Examples

Success Call
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.disable "com.leapsight.test_creation_1" "user_1"
1
2
3

Enable an user in a realm

bondy.user.enable(realm_uri(), username())

Enables the requested username on the provided realm uri.

Call

Positional Args
0stringREQUIRED
The URI of the realm you want to enable the user.
1stringREQUIRED
The username of the user you want to enable.
Keyword Args

None.

Result

Positional Results

None.

Keyword Results

None.

Errors

Examples

Success Call
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.enable "com.leapsight.test_creation_1" "user_1"
1
2
3

Retrieve an user from a realm

bondy.user.get(realm_uri(), username()) -> user()

Retrieves the requested username on the provided realm uri.

Call

Positional Args
0stringREQUIRED
The URI of the realm you want to retrieve the user.
1stringREQUIRED
The username of the user you want to retrieve.
Keyword Args

None.

Result

Positional Results

The call result is a single positional argument containing a user:

usernamestringREQUIREDIMMUTABLE
The user identifier.
groupsarray[string]
A list of group names.
sso_realm_uristringREQUIREDIMMUTABLE
If present, this it the URI of the SSO Realm where the user is auhenticated. Once a user has been associated with an SSO realm it cannot be changed.
Default: undefined
enabledbooleanREQUIRED
If the user is enabled or not.
Default: true
metamapREQUIRED
User metadata.
Default: {}
aliasesarray[string]
The list of aliases.
authorized_keysarray[string]
The authorized keys.
has_passwordbooleanREQUIRED
If the user has a password.
has_authorized_keysbooleanREQUIRED
If the user has an authorized keys.
Keyword Results

None.

Errors

Examples

Success Call
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.get "com.leapsight.test_creation_1" "user_1" | jq
1
2
3
  • Response
json
{
  "authorized_keys": [],
  "enabled": true,
  "groups": [],
  "has_authorized_keys": false,
  "has_password": false,
  "meta": {},
  "sso_realm_uri": null,
  "type": "user",
  "username": "user_1",
  "version": "1.1"
}
1
2
3
4
5
6
7
8
9
10
11
12

Check if an user is enabled

bondy.user.is_enable(realm_uri(), username()) -> boolean()

Allows to check if the requested username on the provided realm uri is enabled.

Call

Positional Args
0stringREQUIRED
The URI of the realm you want to check the user.
1stringREQUIRED
The username of the user you want to check if is enabled.
Keyword Args

None.

Result

Positional Results

None.

Keyword Results

None.

Errors

Examples

Success Call
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.is_enabled "com.leapsight.test_creation_1" "user_1"
1
2
3
  • Response
json
true
1

List all users from a realm

bondy.user.list(realm_uri()) -> [user()]

Lists all users of the provided realm uri.

Call

Positional Args
0stringREQUIRED
The URI of the realm you want to retrieve the users.
Keyword Args

None.

Result

Positional Results

The call result is a single positional argument containing a list of users. An empty list is returned when the provided realm uri doens't exist.

0array[object]
The users of the realm you want to retrieve.
Keyword Results

None.

Errors

None.

Examples

Success Call
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.list \
"com.leapsight.test_creation_1" | jq
1
2
3
4
  • Response:
json
[
  {
    "authorized_keys": [],
    "enabled": true,
    "groups": [],
    "has_authorized_keys": false,
    "has_password": false,
    "meta": {},
    "sso_realm_uri": null,
    "type": "user",
    "username": "user_1",
    "version": "1.1"
  },
  {
    "authorized_keys": [],
    "enabled": true,
    "groups": [
      "group_1"
    ],
    "has_authorized_keys": false,
    "has_password": false,
    "meta": {},
    "sso_realm_uri": null,
    "type": "user",
    "username": "user_2",
    "version": "1.1"
  },
  {
    "authorized_keys": [],
    "enabled": true,
    "groups": [
      "group_1"
    ],
    "has_authorized_keys": false,
    "has_password": true,
    "meta": {},
    "sso_realm_uri": null,
    "type": "user",
    "username": "user_3",
    "version": "1.1"
  }
]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

Remove an alias from an user

bondy.user.remove_alias(realm_uri(), username(), alias())

Removes an existing alias from an existing user.

If the user is an SSO user, the alias is removed from the SSO Realm only.

Call

Positional Args
0stringREQUIRED
The URI of the realm you want to modify the user.
1stringREQUIRED
The username of the user you want to remove an alias.
2stringREQUIRED
The alias to remove.
Keyword Args

None.

Result

Positional Results

None.

Keyword Results

None.

Errors

Examples

Success Call
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.remove_alias \
"com.leapsight.test_creation_1" "user_3" "user3_alias1"
1
2
3
4
  • Checking the updated user Response
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.get "com.leapsight.test_creation_1" "user_3" | jq
1
2
3
  • Response
json
{
  "aliases": [
    "user3_alias5",
    "user3_alias4",
    "user3_alias3",
    "user3_alias2"
  ],
  "authorized_keys": [
    "1766C9E6EC7D7B354FD7A2E4542753A23CAE0B901228305621E5B8713299CCDD"
  ],
  "enabled": true,
  "groups": [
    "group_1",
    "group_2"
  ],
  "has_authorized_keys": true,
  "has_password": true,
  "meta": {},
  "sso_realm_uri": null,
  "type": "user",
  "username": "user_3",
  "version": "1.1"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

Remove a group from an user

bondy.user.remove_group(realm_uri(), username(), group_name())

Removes an existing group name from an existing user.

Call

Positional Args
0stringREQUIRED
The URI of the realm you want to modify the user.
1stringREQUIRED
The username of the user you want to remove a group name.
2stringREQUIRED
The group name to remove.
Keyword Args

None.

Result

Positional Results

None.

Keyword Results

None.

Errors

Examples

Success Call
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.remove_group \
"com.leapsight.test_creation_1" "user_3" "group_1"
1
2
3
4
  • Checking the updated user Response
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.get "com.leapsight.test_creation_1" "user_3" | jq
1
2
3
  • Response
json
{
  "aliases": [
    "user3_alias5",
    "user3_alias4",
    "user3_alias3",
    "user3_alias2",
    "user3_alias1"
  ],
  "authorized_keys": [],
  "enabled": true,
  "groups": [
    "group_2"
  ],
  "has_authorized_keys": false,
  "has_password": true,
  "meta": {},
  "sso_realm_uri": null,
  "type": "user",
  "username": "user_3",
  "version": "1.1"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

Remove groups from an user

bondy.user.remove_groups(realm_uri(), username(), [group_name()])

Removes a list of group names from an existing user.

Call

Positional Args
0stringREQUIRED
The URI of the realm you want to modify the user.
1stringREQUIRED
The username of the user you want to remove a group names.
2array[string]REQUIRED
The group names to remove.
Keyword Args

None.

Result

Positional Results

None.

Keyword Results

None.

Errors

Examples

Success Call
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.remove_groups \
"com.leapsight.test_creation_1" "user_3" '["group_1","group_2"]'
1
2
3
4
  • Checking the updated user Response
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.get "com.leapsight.test_creation_1" "user_3" | jq
1
2
3
  • Response
json
{
  "aliases": [
    "user3_alias5",
    "user3_alias4",
    "user3_alias3",
    "user3_alias2",
    "user3_alias1"
  ],
  "authorized_keys": [],
  "enabled": true,
  "groups": [],
  "has_authorized_keys": false,
  "has_password": true,
  "meta": {},
  "sso_realm_uri": null,
  "type": "user",
  "username": "user_3",
  "version": "1.1"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

Update an user into a realm

bondy.user.update(realm_uri(), username(), input_data()) -> user()

Updates an existing user.

Publishes an event under topic bondy.user.updated after the user has been updated. Optionally, publishes an event under topic bondy.user.credentials_changed if the user's authorized_keys have been changed.

Call

Positional Args
0stringREQUIRED
The URI of the realm you want to modify a user.
1stringREQUIRED
The username or uuid of the user you want to update.
2object
The user configuration data
Keyword Args

None.

Result

Positional Results
0object
The updated user.
Keyword Results

None.

Errors

Examples

Success Call
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.bondy \
call bondy.user.update \
"com.leapsight.test_creation_1" "user_3" \
'{
	"groups":["group_1","group_2"],
	"enabled":true,
	"authorized_keys":["1766c9e6ec7d7b354fd7a2e4542753a23cae0b901228305621e5b8713299ccdd"]
}' | jq
1
2
3
4
5
6
7
8
9
  • Response:
json
{
  "aliases": [
    "user3_alias5",
    "user3_alias4",
    "user3_alias3",
    "user3_alias2",
    "user3_alias1"
  ],
  "authorized_keys": [
    "1766C9E6EC7D7B354FD7A2E4542753A23CAE0B901228305621E5B8713299CCDD"
  ],
  "enabled": true,
  "groups": [
    "group_1",
    "group_2"
  ],
  "has_authorized_keys": true,
  "has_password": true,
  "meta": {},
  "sso_realm_uri": null,
  "type": "user",
  "username": "user_3",
  "version": "1.1"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Success Call checking if the new keys were changed
  • Request
bash
./wick --url ws://localhost:18080/ws \
--realm com.leapsight.test_creation_1 \
--authmethod=cryptosign --authid="user_3" --private-key="4ffddd896a530ce5ee8c86b83b0d31835490a97a9cd718cb2f09c9fd31c4a7d7" \
call bondy.user.get "com.leapsight.test_creation_1" "user_3" | jq
1
2
3
4
  • Response
json
{
  "aliases": [
    "user3_alias5",
    "user3_alias4",
    "user3_alias3",
    "user3_alias2",
    "user3_alias1"
  ],
  "authorized_keys": [
    "1766C9E6EC7D7B354FD7A2E4542753A23CAE0B901228305621E5B8713299CCDD"
  ],
  "enabled": true,
  "groups": [
    "group_1",
    "group_2"
  ],
  "has_authorized_keys": true,
  "has_password": true,
  "meta": {},
  "sso_realm_uri": null,
  "type": "user",
  "username": "user_3",
  "version": "1.1"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

Topics

bondy.user.added

bondy.user.updated

bondy.user.credentials_changed

bondy.user.deleted

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-ShareAlike (CC-BY-SA) 4.0 International license.
Bondy and Leapsight are registered trademarks.