Class: Conjur::Resource

Inherits:

RestClient::Resource

• Object
• RestClient::Resource
• Conjur::Resource

Includes:

Exists, HasAttributes, PathBased

Defined in:

lib/conjur/resource.rb

Instance Method Summary

• #create(options = {}) ⇒ Object
• #delete(options = {}) ⇒ Object
• #deny(privilege, role, options = {}) ⇒ Object
• #give_to(owner, options = {}) ⇒ Object

  Changes the owner of a resource.

• #identifier ⇒ Object
• #permit(privilege, role, options = {}) ⇒ Object
• #permitted?(privilege, options = {}) ⇒ Boolean

  True if the logged-in role, or a role specified using the acting-as option, has the specified privilege on this resource.

• #permitted_roles(permission, options = {}) ⇒ Object

  Lists roles that have a specified permission on the resource.

Methods included from PathBased

#account, #kind

Methods included from HasAttributes

#attributes, #attributes=, #refresh, #save, #to_json

Methods included from Exists

#exists?

Instance Method Details

#create(options = {}) ⇒ Object

# File 'lib/conjur/resource.rb', line 11

def create(options = {})
  log do |logger|
    logger << "Creating resource #{kind}:#{identifier}"
    unless options.empty?
      logger << " with options #{options.to_json}"
    end
  end
  self.put(options)
end

#delete(options = {}) ⇒ Object

# File 'lib/conjur/resource.rb', line 31

def delete(options = {})
  log do |logger|
    logger << "Deleting resource #{kind}:#{identifier}"
    unless options.empty?
      logger << " with options #{options.to_json}"
    end
  end
  super options
end

#deny(privilege, role, options = {}) ⇒ Object

# File 'lib/conjur/resource.rb', line 54

def deny(privilege, role, options = {})
  eachable(privilege).each do |p|
    log do |logger|
      logger << "Denying #{p} on resource #{kind}:#{identifier} by #{role}"
      unless options.empty?
        logger << " with options #{options.to_json}"
      end
    end
    self["?deny&privilege=#{query_escape p}&role=#{query_escape role}"].post(options)
  end
end

#give_to(owner, options = {}) ⇒ Object

Changes the owner of a resource

# File 'lib/conjur/resource.rb', line 27

def give_to(owner, options = {})
  self.put(options.merge(owner: owner))
end

#identifier ⇒ Object

# File 'lib/conjur/resource.rb', line 7

def identifier
  match_path(3..-1)
end

#permit(privilege, role, options = {}) ⇒ Object

# File 'lib/conjur/resource.rb', line 41

def permit(privilege, role, options = {})
  eachable(privilege).each do |p|
    log do |logger|
      logger << "Permitting #{p} on resource #{kind}:#{identifier} by #{role}"
      unless options.empty?
        logger << " with options #{options.to_json}"
      end
    end
    
    self["?permit&privilege=#{query_escape p}&role=#{query_escape role}"].post(options)
  end
end

#permitted?(privilege, options = {}) ⇒ Boolean

True if the logged-in role, or a role specified using the acting-as option, has the specified privilege on this resource.

Returns:

• (Boolean)

# File 'lib/conjur/resource.rb', line 68

def permitted?(privilege, options = {})
  self["?check&privilege=#{query_escape privilege}"].get(options)
  true
rescue RestClient::ResourceNotFound
  false
end

#permitted_roles(permission, options = {}) ⇒ Object

Lists roles that have a specified permission on the resource.

# File 'lib/conjur/resource.rb', line 22

def permitted_roles(permission, options = {})
  JSON.parse RestClient::Resource.new(Conjur::Authz::API.host, self.options)["#{account}/roles/allowed_to/#{permission}/#{path_escape kind}/#{path_escape identifier}"].get(options)
end