Class: Conjur::Resource
Instance Method Summary
collapse
Methods included from PathBased
#account, #kind
#attributes, #attributes=, #refresh, #save, #to_json
Methods included from Exists
#exists?
Instance Method Details
#create(options = {}) ⇒ Object
11
12
13
14
15
16
17
18
19
|
# File 'lib/conjur/resource.rb', line 11
def create(options = {})
log do |logger|
logger << "Creating resource #{kind}:#{identifier}"
unless options.empty?
logger << " with options #{options.to_json}"
end
end
self.put(options)
end
|
#delete(options = {}) ⇒ Object
31
32
33
34
35
36
37
38
39
|
# File 'lib/conjur/resource.rb', line 31
def delete(options = {})
log do |logger|
logger << "Deleting resource #{kind}:#{identifier}"
unless options.empty?
logger << " with options #{options.to_json}"
end
end
super options
end
|
#deny(privilege, role, options = {}) ⇒ Object
54
55
56
57
58
59
60
61
62
63
64
|
# File 'lib/conjur/resource.rb', line 54
def deny(privilege, role, options = {})
eachable(privilege).each do |p|
log do |logger|
logger << "Denying #{p} on resource #{kind}:#{identifier} by #{role}"
unless options.empty?
logger << " with options #{options.to_json}"
end
end
self["?deny&privilege=#{query_escape p}&role=#{query_escape role}"].post(options)
end
end
|
#give_to(owner, options = {}) ⇒ Object
Changes the owner of a resource
27
28
29
|
# File 'lib/conjur/resource.rb', line 27
def give_to(owner, options = {})
self.put(options.merge(owner: owner))
end
|
#identifier ⇒ Object
7
8
9
|
# File 'lib/conjur/resource.rb', line 7
def identifier
match_path(3..-1)
end
|
#permit(privilege, role, options = {}) ⇒ Object
41
42
43
44
45
46
47
48
49
50
51
52
|
# File 'lib/conjur/resource.rb', line 41
def permit(privilege, role, options = {})
eachable(privilege).each do |p|
log do |logger|
logger << "Permitting #{p} on resource #{kind}:#{identifier} by #{role}"
unless options.empty?
logger << " with options #{options.to_json}"
end
end
self["?permit&privilege=#{query_escape p}&role=#{query_escape role}"].post(options)
end
end
|
#permitted?(privilege, options = {}) ⇒ Boolean
True if the logged-in role, or a role specified using the acting-as option, has the specified privilege
on this resource.
68
69
70
71
72
73
|
# File 'lib/conjur/resource.rb', line 68
def permitted?(privilege, options = {})
self["?check&privilege=#{query_escape privilege}"].get(options)
true
rescue RestClient::ResourceNotFound
false
end
|
#permitted_roles(permission, options = {}) ⇒ Object
Lists roles that have a specified permission on the resource.
22
23
24
|
# File 'lib/conjur/resource.rb', line 22
def permitted_roles(permission, options = {})
JSON.parse RestClient::Resource.new(Conjur::Authz::API.host, self.options)["#{account}/roles/allowed_to/#{permission}/#{path_escape kind}/#{path_escape identifier}"].get(options)
end
|