Class: Conjur::Role

Inherits:

RestClient::Resource

• Object
• RestClient::Resource
• Conjur::Role

Includes:

Exists, PathBased

Defined in:

lib/conjur/role.rb

Instance Method Summary

• #all(options = {}) ⇒ Object (also: #memberships)
• #create(options = {}) ⇒ Object
• #grant_to(member, options = {}) ⇒ Object
• #identifier ⇒ Object (also: #id)
• #member_of?(other_role) ⇒ Boolean
• #members ⇒ Object
• #permitted?(resource, privilege, options = {}) ⇒ Boolean
• #revoke_from(member, options = {}) ⇒ Object
• #roleid ⇒ Object

Methods included from PathBased

#account, #kind

Methods included from Exists

#exists?

Instance Method Details

#all(options = {}) ⇒ Object Also known as: memberships

# File 'lib/conjur/role.rb', line 48

def all(options = {})
  query_string = "?all"
  
  if filter = options.delete(:filter)
    filter = [filter] unless filter.is_a?(Array)
    filter.map!{ |obj| cast(obj, :roleid) }
    (query_string << "&" << filter.to_query("filter")) unless filter.empty?
  end
  JSON.parse(self[query_string].get(options)).collect do |id|
    Role.new(Conjur::Authz::API.host, self.options)[Conjur::API.parse_role_id(id).join('/')]
  end
end

#create(options = {}) ⇒ Object

# File 'lib/conjur/role.rb', line 38

def create(options = {})
  log do |logger|
    logger << "Creating role #{kind}:#{identifier}"
    unless options.empty?
      logger << " with options #{options.to_json}"
    end
  end
  self.put(options)
end

#grant_to(member, options = {}) ⇒ Object

Parameters:

• options (Hash) (defaults to: {}) —

  • admin_option enables the member to manage members of this role

# File 'lib/conjur/role.rb', line 70

def grant_to(member, options={})
  member = cast(member, :roleid)
  log do |logger|
    logger << "Granting role #{identifier} to #{member}"
    unless options.blank?
      logger << " with options #{options.to_json}"
    end
  end
  self["?members&member=#{query_escape member}"].put(options)
end

#identifier ⇒ Object Also known as: id

# File 'lib/conjur/role.rb', line 28

def identifier
  match_path(3..-1)
end

#member_of?(other_role) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/conjur/role.rb', line 63

def member_of?(other_role)
  other_role = cast(other_role, :roleid)
  not all(filter: other_role).empty?
end

#members ⇒ Object

# File 'lib/conjur/role.rb', line 101

def members
  JSON.parse(self["?members"].get(options)).collect do |json|
    RoleGrant.parse_from_json(json, self.options)
  end
end

#permitted?(resource, privilege, options = {}) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/conjur/role.rb', line 92

def permitted?(resource, privilege, options = {})
  resource = cast(resource, :resourceid)
  # NOTE: in previous versions there was 'kind' passed separately. Now it is part of id
  self["?check&resource_id=#{query_escape resource}&privilege=#{query_escape privilege}"].get(options)
  true
rescue RestClient::ResourceNotFound
  false
end

#revoke_from(member, options = {}) ⇒ Object

# File 'lib/conjur/role.rb', line 81

def revoke_from(member, options = {})
  member = cast(member, :roleid)
  log do |logger|
    logger << "Revoking role #{identifier} from #{member}"
    unless options.empty?
      logger << " with options #{options.to_json}"
    end
  end
  self["?members&member=#{query_escape member}"].delete(options)
end

#roleid ⇒ Object

# File 'lib/conjur/role.rb', line 34

def roleid
  [ account, kind, identifier ].join(':')
end