Skip to content

Latest commit

 

History

History
123 lines (102 loc) · 3.08 KB

apiref_security.md

File metadata and controls

123 lines (102 loc) · 3.08 KB
Raw

Security Methods

Aerospike::createRole

public int Aerospike::createRole ( string $role, array $privileges [, array $options ] )

Aerospike::grantPrivileges

public int Aerospike::grantPrivileges ( string $role, array $privileges [, array $options ] )

Aerospike::revokePrivileges

public int Aerospike::revokePrivileges ( string $role, array $privileges [, array $options ] )

Aerospike::queryRole

public int Aerospike::queryRole ( string $role, array &$privileges [, array $options ] )

Aerospike::queryRoles

public int Aerospike::queryRoles ( array &$roles [, array $options ] )

Aerospike::dropRole

public int Aerospike::dropRole ( string $role [, array $options ] )

Aerospike::createUser

public int Aerospike::createUser ( string $user, string $password, array $roles [, array $options ] )

Aerospike::changePassword

public int Aerospike::changePassword ( string $user, string $password [, array $options ] )

Aerospike::grantRoles

public int Aerospike::grantRoles ( string $user, array $roles [, array $options ] )

Aerospike::revokeRoles

public int Aerospike::revokeRoles ( string $user, array $roles [, array $options ] )

Aerospike::queryUser

public int Aerospike::queryUser ( string $user, array &$roles [, array $options ] )

Aerospike::queryUsers

public int Aerospike::queryUsers ( array &$roles [, array $options ] )

Aerospike::dropUser

public int Aerospike::dropUser ( string $user [, array $options ] )

Example

<?php

$config = [
  "hosts" => [
    ["addr" => "localhost", "port" => 3000]],
  "shm"=> [],
  "user" => "admin",
  "pass" => "admin"];
$client = new Aerospike($config, true);
if (!$client->isConnected()) {
   echo "Aerospike failed to connect[{$client->errorno()}]: {$client->error()}\n";
   exit(1);
}

$res = $client->createUser("john", "john@123", ["read-write"]);
$res = $client->createUser("steve", "steve@123", ["user-admin", "sys-admin"]);
if ($res == Aerospike::OK) {
    $res = $client->queryUsers($roles);
    if ($res == Aerospike::OK) {
        var_dump($roles);
    } else {
        echo "[{$client->errorno()}] ".$client->error();
    }
} elseif ($res == Aerospike::ERR_ROLE_VIOLATION) {
    echo "User does not possess the required role to create user";
} elseif ($res == Aerospike::ERR_INVALID_ROLE) {
    echo "Invalid Role being attempted to be assigned to user";
} else {
    echo "[{$client->errorno()}] ".$client->error();
}

?>

We expect to see:

array(2) {
  ["john"]=>
    array(1) {
      [0]=>
        string(10) "read-write"
    }
  ["steve"]=>
    array(2) {
      [0]=>
        string(10) "user-admin"
      [1]=>
        string(9) "sys-admin"
    }
}