Module: ChefFixie::AuthzObjectMixin
- Includes:
- AuthzUtils
- Included in:
- AuthzActorMixin, AuthzContainerMixin, AuthzGroupMixin, Sql::Cookbook, Sql::CookbookArtifact, Sql::DataBag, Sql::Environment, Sql::Node, Sql::Org, Sql::Policy, Sql::PolicyGroup, Sql::Role
- Defined in:
- lib/chef_fixie_shahid/authz_objects.rb
Constant Summary
Constants included
from AuthzUtils
ChefFixie::AuthzUtils::ACTIONS, ChefFixie::AuthzUtils::TYPES
Class Method Summary
collapse
Instance Method Summary
collapse
Methods included from AuthzUtils
#check_action, #check_actor_or_group, #get_authz_id, #get_type, #resourcify_actor_or_group, #to_resource
Class Method Details
.included(base) ⇒ Object
125
126
127
128
129
130
|
# File 'lib/chef_fixie_shahid/authz_objects.rb', line 125
def self.included(base)
end
|
Instance Method Details
#ace(action) ⇒ Object
Todo: filter this by scope and type
#ace_add(action, entity) ⇒ Object
198
199
200
201
|
# File 'lib/chef_fixie_shahid/authz_objects.rb', line 198
def ace_add(action, entity)
actions = expand_actions(action)
actions.each { |a| ace_add_raw(a, entity.type, entity) }
end
|
#ace_add_raw(action, actor_or_group, entity) ⇒ Object
add actor or group to acl
188
189
190
191
192
193
194
195
196
|
# File 'lib/chef_fixie_shahid/authz_objects.rb', line 188
def ace_add_raw(action, actor_or_group, entity)
a_or_g_resource = resourcify_actor_or_group(actor_or_group)
resource, ace = ace_get_util(action)
ace[a_or_g_resource] << get_authz_id(entity)
ace[a_or_g_resource].uniq!
authz_api.put("#{resource}", ace)
end
|
#ace_delete(action, entity) ⇒ Object
213
214
215
216
|
# File 'lib/chef_fixie_shahid/authz_objects.rb', line 213
def ace_delete(action, entity)
actions = expand_actions(action)
actions.each { |a| ace_delete_raw(a, entity.type, entity) }
end
|
#ace_delete_raw(action, actor_or_group, entity) ⇒ Object
203
204
205
206
207
208
209
210
211
|
# File 'lib/chef_fixie_shahid/authz_objects.rb', line 203
def ace_delete_raw(action, actor_or_group, entity)
a_or_g_resource = resourcify_actor_or_group(actor_or_group)
resource, ace = ace_get_util(action)
ace[a_or_g_resource] -= [get_authz_id(entity)]
ace[a_or_g_resource].uniq!
authz_api.put("#{resource}", ace)
end
|
#ace_get_util(action) ⇒ Object
163
164
165
166
167
168
169
|
# File 'lib/chef_fixie_shahid/authz_objects.rb', line 163
def ace_get_util(action)
check_action(action)
resource = "#{prefix}/acl/#{action}"
ace = authz_api.get(resource)
[resource, ace]
end
|
#ace_member?(action, entity) ⇒ Boolean
218
219
220
221
222
|
# File 'lib/chef_fixie_shahid/authz_objects.rb', line 218
def ace_member?(action, entity)
a_or_g_resource = resourcify_actor_or_group(entity.type)
resource, ace = ace_get_util(action)
ace[a_or_g_resource].member?(entity.authz_id)
end
|
#ace_raw(action) ⇒ Object
171
172
173
174
|
# File 'lib/chef_fixie_shahid/authz_objects.rb', line 171
def ace_raw(action)
resource, ace = ace_get_util(action)
ace
end
|
#acl ⇒ Object
Todo: filter this by scope and type
#acl_add_from_object(object) ⇒ Object
224
225
226
227
228
229
230
231
232
233
234
235
|
# File 'lib/chef_fixie_shahid/authz_objects.rb', line 224
def acl_add_from_object(object)
src = object.acl_raw
src.each do |action, ace|
ace.each do |type, list|
list.each do |item|
ace_add_raw(action.to_sym, type, item)
end
end
end
end
|
#acl_raw ⇒ Object
154
155
156
|
# File 'lib/chef_fixie_shahid/authz_objects.rb', line 154
def acl_raw
authz_api.get("#{prefix}/acl")
end
|
#authz_api ⇒ Object
136
137
138
|
# File 'lib/chef_fixie_shahid/authz_objects.rb', line 136
def authz_api
@@authz_api_as_superuser ||= AuthzApi.new
end
|
#authz_delete ⇒ Object
150
151
152
|
# File 'lib/chef_fixie_shahid/authz_objects.rb', line 150
def authz_delete
authz_api.delete(prefix)
end
|
#expand_actions(action) ⇒ Object
181
182
183
184
185
186
|
# File 'lib/chef_fixie_shahid/authz_objects.rb', line 181
def expand_actions(action)
if action == :all
action = AuthzUtils::ACTIONS
end
action.is_a?(Array) ? action : [action]
end
|
#is_authorized(action, actor) ⇒ Object
145
146
147
148
|
# File 'lib/chef_fixie_shahid/authz_objects.rb', line 145
def is_authorized(action, actor)
result = authz_api.get("#{prefix}/acl/#{action}/ace/#{actor.authz_id}")
[:unparsed, result] end
|
#prefix ⇒ Object
we expect to be mixed in with a class that has the authz_id method
141
142
143
|
# File 'lib/chef_fixie_shahid/authz_objects.rb', line 141
def prefix
"#{to_resource(type)}/#{authz_id}"
end
|
#type ⇒ Object
132
133
134
|
# File 'lib/chef_fixie_shahid/authz_objects.rb', line 132
def type
:object
end
|