Class: Conjur::Policy::IdResolver

Inherits:

Resolver

• Object
• Resolver
• Conjur::Policy::IdResolver

Defined in:

lib/conjur/policy/resolver.rb

Overview

Makes all ids absolute, by prepending the namespace (if any) and the enclosing policy (if any).

Constant Summary

SUBSTITUTIONS =

{ "$namespace" => :namespace }

Instance Attribute Summary

Attributes inherited from Resolver

#account, #namespace, #ownerid

Instance Method Summary

• #on_resolve_policy(policy, visited) ⇒ Object
• #resolve(records) ⇒ Object
• #resolve_id(record, visited) ⇒ Object

Methods inherited from Resolver

#initialize, resolve

Constructor Details

This class inherits a constructor from Conjur::Policy::Resolver

Instance Method Details

#on_resolve_policy(policy, visited) ⇒ Object

# File 'lib/conjur/policy/resolver.rb', line 102

def on_resolve_policy policy, visited
  saved_namespace = @namespace
  @namespace = policy.id
  traverse policy.body, visited, method(:resolve_id), method(:on_resolve_policy)
ensure
  @namespace = saved_namespace
end

#resolve(records) ⇒ Object

# File 'lib/conjur/policy/resolver.rb', line 74

def resolve records
  traverse records, Set.new, method(:resolve_id), method(:on_resolve_policy)
end

#resolve_id(record, visited) ⇒ Object

# File 'lib/conjur/policy/resolver.rb', line 78

def resolve_id record, visited
  if record.respond_to?(:id) && record.respond_to?(:id=)
    id = record.id
    if id.blank?
      raise "#{record.class.simple_name} has no id" unless namespace
      id = namespace
    elsif id[0] == '/'
      id = id[1..-1]
    else
      if record.respond_to?(:resource_kind) && record.resource_kind == "user"
        id = [ id, namespace ].compact.join('@')
      else
        id = [ namespace, id ].compact.join('/')
      end
    end

    substitute! id
    
    record.id = id
  end
  
  traverse record.referenced_records, visited, method(:resolve_id), method(:on_resolve_policy)
end