Class: Chain::AuthorizationGrant::ClientModule

Inherits:

Object
ClientModule
Chain::AuthorizationGrant::ClientModule

Defined in:: lib/chain/authorization_grant.rb

Constant Summary collapse

SUBJECT_ATTRIBUTES =

{
  'C' => {array: true},
  'O' => {array: true},
  'OU' => {array: true},
  'L' => {array: true},
  'ST' => {array: true},
  'STREET' => {array: true},
  'POSTALCODE' => {array: true},
  'SERIALNUMBER' => {array: false},
  'CN' => {array: false},
}

Instance Attribute Summary

Attributes inherited from ClientModule

#client

Class Method Summary collapse

.sanitize_x509(guard_data) ⇒ Object

Instance Method Summary collapse

#create(opts) ⇒ AuthorizationGrant

Create an authorization grant, which provides the specified credential with access to the given policy.
#delete(opts) ⇒ void

Delete the specified authorization grant.
#list_all ⇒ Array<AuthorizationGrant>

List all authorization grants.

Methods inherited from ClientModule

#initialize

Constructor Details

This class inherits a constructor from Chain::ClientModule

Class Method Details

.sanitize_x509(guard_data) ⇒ `Object`

# File 'lib/chain/authorization_grant.rb', line 112

def self.sanitize_x509(guard_data)
  first_key = guard_data.keys.first
  if guard_data.size != 1 || first_key.to_s.downcase != 'subject'
    raise ArgumentError.new('Guard data must contain exactly one key, "subject"')
  end

  res = {}
  res[first_key] = guard_data.values.first.reduce({}) do |memo, (k, v)|
    attrib = SUBJECT_ATTRIBUTES[k.to_s.upcase]
    raise ArgumentError.new("Invalid subject attrib: #{k}") unless attrib

    if attrib[:array] && !v.is_a?(Array)
      memo[k] = [v]
    elsif !attrib[:array] && v.is_a?(Array)
      raise ArgumentError.new("Invalid array value for #{k}: #{v}")
    else
      memo[k] = v
    end

    memo
  end
  res
end

Instance Method Details

#create(opts) ⇒ `AuthorizationGrant`

Create an authorization grant, which provides the specified credential with access to the given policy. Credentials are identified using predicates called guards. Guards identify credentials by type and by patterns specific to that type.

Parameters:

opts (Hash)

Options Hash (opts):

:guard_type (String) —

Either “access_token” or “x509”.

:guard_data (Hash) —

Parameters that describe a credential.

For guards of type “access_token”, provide a Hash with a single key, “id”, whose value is the unique ID of the access token.

For guards of type “x509”, there should be a single top-level key, “subject”, which maps to a hash of Subject attributes. Valid keys include:

- "C" (Country, string or array of strings)
- "O" (Organization, string or array of strings)
- "OU" (Organizational Unit, string or array of strings)
- "L" (Locality, string or array of strings)
- "ST" (State or Province, string or array of strings)
- "STREET" (Street Address, string or array of strings)
- "POSTALCODE" (Postal Code, string or array of strings)
- "SERIALNUMBER" (Serial Number, string)
- "CN" (Common Name, string)

:policy (String) —
One of the following:
- “client-readwrite”: full access to the Client API, including
```
accounts, assets, transactions, access tokens, MockHSM, etc.
```
- “client-readonly”: read-only access to the Client API.
- “monitoring”: read-only access to diagnostic components of the API,
```
including fetching configuration info.
```
- “crosscore”: access to the cross-core API, including fetching blocks
```
and submitting transactions, but not including block signing.
```
- “crosscore-signblock”: access to the cross-core API’s block-signing
```
API call.
```

Returns:

(AuthorizationGrant)

# File 'lib/chain/authorization_grant.rb', line 72

def create(opts)
  # Copy input and stringify keys
  opts = opts.reduce({}) do |memo, (k, v)|
    memo[k.to_s] = v
    memo
  end

  if opts['guard_type'].to_s == 'x509'
    opts['guard_data'] = self.class.sanitize_x509(opts['guard_data'])
  end

  AuthorizationGrant.new(client.conn.request('create-authorization-grant', opts))
end

#delete(opts) ⇒ `void`

This method returns an undefined value.

Delete the specified authorization grant.