Class: Conjur::Role
- Inherits:
-
RestClient::Resource
- Object
- RestClient::Resource
- Conjur::Role
- Defined in:
- lib/conjur/role.rb
Instance Method Summary collapse
- #all(options = {}) ⇒ Object (also: #memberships)
- #create(options = {}) ⇒ Object
- #grant_to(member, options = {}) ⇒ Object
- #identifier ⇒ Object (also: #id)
- #member_of?(other_role) ⇒ Boolean
- #members ⇒ Object
- #permitted?(resource, privilege, options = {}) ⇒ Boolean
- #revoke_from(member, options = {}) ⇒ Object
- #roleid ⇒ Object
Methods included from PathBased
Methods included from Exists
Instance Method Details
#all(options = {}) ⇒ Object Also known as: memberships
48 49 50 51 52 53 54 55 56 57 58 59 |
# File 'lib/conjur/role.rb', line 48 def all( = {}) query_string = "?all" if filter = .delete(:filter) filter = [filter] unless filter.is_a?(Array) filter.map!{ |obj| cast(obj, :roleid) } (query_string << "&" << filter.to_query("filter")) unless filter.empty? end JSON.parse(self[query_string].get()).collect do |id| Role.new(Conjur::Authz::API.host, self.)[Conjur::API.parse_role_id(id).join('/')] end end |
#create(options = {}) ⇒ Object
38 39 40 41 42 43 44 45 46 |
# File 'lib/conjur/role.rb', line 38 def create( = {}) log do |logger| logger << "Creating role #{kind}:#{identifier}" unless .empty? logger << " with options #{.to_json}" end end self.put() end |
#grant_to(member, options = {}) ⇒ Object
70 71 72 73 74 75 76 77 78 79 |
# File 'lib/conjur/role.rb', line 70 def grant_to(member, ={}) member = cast(member, :roleid) log do |logger| logger << "Granting role #{identifier} to #{member}" unless .blank? logger << " with options #{.to_json}" end end self["?members&member=#{query_escape member}"].put() end |
#identifier ⇒ Object Also known as: id
28 29 30 |
# File 'lib/conjur/role.rb', line 28 def identifier match_path(3..-1) end |
#member_of?(other_role) ⇒ Boolean
63 64 65 66 |
# File 'lib/conjur/role.rb', line 63 def member_of?(other_role) other_role = cast(other_role, :roleid) not all(filter: other_role).empty? end |
#members ⇒ Object
101 102 103 104 105 |
# File 'lib/conjur/role.rb', line 101 def members JSON.parse(self["?members"].get()).collect do |json| RoleGrant.parse_from_json(json, self.) end end |
#permitted?(resource, privilege, options = {}) ⇒ Boolean
92 93 94 95 96 97 98 99 |
# File 'lib/conjur/role.rb', line 92 def permitted?(resource, privilege, = {}) resource = cast(resource, :resourceid) # NOTE: in previous versions there was 'kind' passed separately. Now it is part of id self["?check&resource_id=#{query_escape resource}&privilege=#{query_escape privilege}"].get() true rescue RestClient::ResourceNotFound false end |
#revoke_from(member, options = {}) ⇒ Object
81 82 83 84 85 86 87 88 89 90 |
# File 'lib/conjur/role.rb', line 81 def revoke_from(member, = {}) member = cast(member, :roleid) log do |logger| logger << "Revoking role #{identifier} from #{member}" unless .empty? logger << " with options #{.to_json}" end end self["?members&member=#{query_escape member}"].delete() end |
#roleid ⇒ Object
34 35 36 |
# File 'lib/conjur/role.rb', line 34 def roleid [ account, kind, identifier ].join(':') end |