Class: Chain::AuthorizationGrant::ClientModule

Inherits:

ClientModule

• Object
• ClientModule
• Chain::AuthorizationGrant::ClientModule

Defined in:

lib/chain/authorization_grant.rb

Constant Summary

SUBJECT_ATTRIBUTES =

{
  'C' => {array: true},
  'O' => {array: true},
  'OU' => {array: true},
  'L' => {array: true},
  'ST' => {array: true},
  'STREET' => {array: true},
  'POSTALCODE' => {array: true},
  'SERIALNUMBER' => {array: false},
  'CN' => {array: false},
}

Instance Attribute Summary

Attributes inherited from ClientModule

#client

Class Method Summary

• .sanitize_x509(guard_data) ⇒ Object

Instance Method Summary

• #create(opts) ⇒ AuthorizationGrant

  Create an authorization grant, which provides the specified credential with access to the given policy.

• #delete(opts) ⇒ void

  Delete the specified authorization grant.

• #list_all ⇒ Array<AuthorizationGrant>

  List all authorization grants.

Methods inherited from ClientModule

#initialize

Constructor Details

This class inherits a constructor from Chain::ClientModule

Class Method Details

.sanitize_x509(guard_data) ⇒ Object

# File 'lib/chain/authorization_grant.rb', line 112

def self.sanitize_x509(guard_data)
  first_key = guard_data.keys.first
  if guard_data.size != 1 || first_key.to_s.downcase != 'subject'
    raise ArgumentError.new('Guard data must contain exactly one key, "subject"')
  end

  res = {}
  res[first_key] = guard_data.values.first.reduce({}) do |memo, (k, v)|
    attrib = SUBJECT_ATTRIBUTES[k.to_s.upcase]
    raise ArgumentError.new("Invalid subject attrib: #{k}") unless attrib

    if attrib[:array] && !v.is_a?(Array)
      memo[k] = [v]
    elsif !attrib[:array] && v.is_a?(Array)
      raise ArgumentError.new("Invalid array value for #{k}: #{v}")
    else
      memo[k] = v
    end

    memo
  end
  res
end

Instance Method Details

#create(opts) ⇒ AuthorizationGrant

Create an authorization grant, which provides the specified credential with access to the given policy. Credentials are identified using predicates called guards. Guards identify credentials by type and by patterns specific to that type.

Parameters:

• opts (Hash)

Options Hash (opts):

• :guard_type (String) —

  Either “access_token” or “x509”.

• :guard_data (Hash) —

  Parameters that describe a credential.

  For guards of type “access_token”, provide a Hash with a single key, “id”, whose value is the unique ID of the access token.

  For guards of type “x509”, there should be a single top-level key, “subject”, which maps to a hash of Subject attributes. Valid keys include:

  - "C" (Country, string or array of strings)
  - "O" (Organization, string or array of strings)
  - "OU" (Organizational Unit, string or array of strings)
  - "L" (Locality, string or array of strings)
  - "ST" (State or Province, string or array of strings)
  - "STREET" (Street Address, string or array of strings)
  - "POSTALCODE" (Postal Code, string or array of strings)
  - "SERIALNUMBER" (Serial Number, string)
  - "CN" (Common Name, string)
  

• :policy (String) —

  One of the following:

  • “client-readwrite”: full access to the Client API, including

    accounts, assets, transactions, access tokens, MockHSM, etc.
    

  • “client-readonly”: read-only access to the Client API.

  • “monitoring”: read-only access to diagnostic components of the API,

    including fetching configuration info.
    

  • “crosscore”: access to the cross-core API, including fetching blocks

    and submitting transactions, but not including block signing.
    

  • “crosscore-signblock”: access to the cross-core API’s block-signing

    API call.
    

Returns:

• (AuthorizationGrant)

# File 'lib/chain/authorization_grant.rb', line 72

def create(opts)
  # Copy input and stringify keys
  opts = opts.reduce({}) do |memo, (k, v)|
    memo[k.to_s] = v
    memo
  end

  if opts['guard_type'].to_s == 'x509'
    opts['guard_data'] = self.class.sanitize_x509(opts['guard_data'])
  end

  AuthorizationGrant.new(client.conn.request('create-authorization-grant', opts))
end

#delete(opts) ⇒ void

This method returns an undefined value.

Delete the specified authorization grant.

Parameters:

• opts —

  Identical to #create.

# File 'lib/chain/authorization_grant.rb', line 95

def delete(opts)
  client.conn.request('delete-authorization-grant', opts)
  nil
end

#list_all ⇒ Array<AuthorizationGrant>

List all authorization grants. The sort order is not defined.

Returns:

• (Array<AuthorizationGrant>)

# File 'lib/chain/authorization_grant.rb', line 88

def list_all
  client.conn.request('list-authorization-grants')['items'].map { |item| AuthorizationGrant.new(item) }
end