Class: Conjur::Bootstrap::Command::Base

Inherits:
Struct
  • Object
show all
Defined in:
lib/conjur/bootstrap.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#apiObject

Returns the value of attribute api

Returns:

  • (Object)

    the current value of api



4
5
6
 
# File 'lib/conjur/bootstrap.rb', line 4

def api
  @api
end

#listenerObject

Returns the value of attribute listener

Returns:

  • (Object)

    the current value of listener



4
5
6
 
# File 'lib/conjur/bootstrap.rb', line 4

def listener
  @listener
end

Instance Method Details

#auditorsObject 



13
14
15
 
# File 'lib/conjur/bootstrap.rb', line 13

def auditors
  api.group("auditors")
end

#echo(msg) ⇒ Object 



5
6
7
 
# File 'lib/conjur/bootstrap.rb', line 5

def echo msg
  listener.echo msg
end

#find_or_create_record(record, owner = nil, &block) ⇒ Object 



17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/conjur/bootstrap.rb', line 17

def find_or_create_record record, owner = nil, &block
  if record.exists?
    echo "#{record.resource_kind.capitalize} '#{record.id}' already exists"
    record
  else
    echo "Creating #{record.resource_kind} '#{record.id}'"
    options = {}
    options[:ownerid] = owner.roleid if owner
    result = if block_given?
      yield record, options
    else
      api.send "create_#{record.resource_kind}", record.id, options
    end
    store_api_key result if result.attributes['api_key']
    result
  end
end

#find_or_create_resource(resource, owner = nil) ⇒ Object 



35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/conjur/bootstrap.rb', line 35

def find_or_create_resource resource, owner = nil
  if resource.exists?
    echo "#{resource.resource_kind.capitalize} '#{resource.identifier}' already exists"
    # v4.21.0 incorrectly assigned these resources to the admin user
    if resource.ownerid == "#{Conjur.configuration.}:user:admin"
      echo "Giving '#{resource.identifier}' to the security_admin group"
      resource.give_to 'group:security_admin'
    end
  else
    echo "Creating #{resource.resource_kind} '#{resource.identifier}'"
    options = {}
    options[:acting_as] = owner.roleid if owner
    api.create_resource resource.resourceid, options
  end
end

#permit(resource, privilege, role) ⇒ Object 



61
62
63
64
65
66
67
 
# File 'lib/conjur/bootstrap.rb', line 61

def permit resource, privilege, role
  if resource.permitted_roles(privilege).member?(role.roleid)
    echo "#{role.roleid} already has '#{privilege}' privilege on #{resource.resourceid}"
  else
    resource.permit privilege, role
  end
end

#security_adminObject 



9
10
11
 
# File 'lib/conjur/bootstrap.rb', line 9

def security_admin
  api.group("security_admin")
end

#store_api_key(user) ⇒ Object 



51
52
53
54
55
56
57
58
59
 
# File 'lib/conjur/bootstrap.rb', line 51

def store_api_key user
  api.create_variable "text/plain", 
    "conjur-api-key", 
    id: "conjur/#{user.resource_kind.pluralize}/#{user.id}/api-key", 
    value: user.api_key,
    ownerid: security_admin.role.roleid
  echo "The API of #{user.resource_kind} #{user.id} is stored in variable 'conjur/#{user.resource_kind.pluralize}/#{user.id}/api-key'. " +
    "You can retire the variable if you don't want to keep it there."
end