Class: Sailpoint::Rest

Inherits:

Object

• Object
• Sailpoint::Rest

Defined in:

lib/sailpoint/rest.rb

Overview

Used for created REST API calls to the organizations IdentityIQ source

Class Method Summary

• .authenticate ⇒ Hash

  Used to verify if the supplied credentials are valid.

• .check_roles(identity, roles) ⇒ Hash

  Verify if the user has any policies set within the specified roles.

• .get_identity(identity) ⇒ Hash

  Used to fetch the specified user identiy from the REST API interface.

• .get_user(identity) ⇒ Hash

  Used to fetch the specified users associated data.

• .permitted_roles(identity) ⇒ Hash

  Get a users roles within the Organization.

• .ping ⇒ Hash

  Used to verify your credentials are valid and IdentityIQ reource is properly responding.

Class Method Details

.authenticate ⇒ Hash

Used to verify if the supplied credentials are valid

Returns:

• (Hash) —

  • The responses body as a JSON hash

# File 'lib/sailpoint/rest.rb', line 10

def self.authenticate
  response = HTTParty.get([Sailpoint::Config.url('rest'), 'authentication'].join('/'),
                          headers: Sailpoint::Config.auth_header,
                          output: 'json')
  JSON.parse(response)
end

.check_roles(identity, roles) ⇒ Hash

Verify if the user has any policies set within the specified roles

Parameters:

• identity (String) —

  • The user in which you are requesting data for

• roles (String, Array) —

  • Roles specified to validate against (either: role or ['role1','role2'])

Returns:

• (Hash) —

  • Return data associated with there users roles

# File 'lib/sailpoint/rest.rb', line 21

def self.check_roles(identity, roles)
  # Values for both attributes are required in order to create the request
  # And verify the user exists before attempting to create the request (this prevents IdentityIQ from making a long last query looking for a non-existant user)
  return {} if identity.blank? || roles.blank? || get_user(identity).empty?

  # the roles attribute should either be 'Contractor,Assistant' or ['Contractor', 'Assistant']
  roles = roles.join(',') if roles.is_a?(Array)
  response = HTTParty.get([Sailpoint::Config.url('rest'), "policies/checkRolePolicies?identity=#{identity.escape_str}&roles=#{roles}"].join('/'),
                          headers: Sailpoint::Config.auth_header,
                          output: 'json')
  JSON.parse(response&.body || '{}')
end

.get_identity(identity) ⇒ Hash

Used to fetch the specified user identiy from the REST API interface

Parameters:

• identity (String) —

  • The user in which you are requesting data for

Returns:

• (Hash) —

  • If no user if found an empty hash will be returned. If a a user is found, their parsed JSON will be returned as a result

# File 'lib/sailpoint/rest.rb', line 37

def self.get_identity(identity)
  response = HTTParty.get([Sailpoint::Config.url('rest'), 'identities', identity.escape_str, 'managedIdentities'].join('/'),
                          headers: Sailpoint::Config.auth_header,
                          output: 'json')
  return [] if response.code == '500'

  JSON.parse(response&.body || '{}').first
end

.get_user(identity) ⇒ Hash

Used to fetch the specified users associated data

Parameters:

• identity (String) —

  • The user in which you are requesting data for

Returns:

• (Hash) —

  • If no user if found an empty hash will be returned. If a a user is found, their parsed JSON will be returned as a result

Raises:

• (AuthenticationException)

# File 'lib/sailpoint/rest.rb', line 49

def self.get_user(identity)
  response = HTTParty.get([Sailpoint::Config.url('rest'), 'identities', identity.escape_str].join('/'),
                          headers: Sailpoint::Config.auth_header,
                          output: 'json')
  raise AuthenticationException, 'Invalid credentials, please try again.' if response.code == 401

  JSON.parse(response&.body || '{}')
end

.permitted_roles(identity) ⇒ Hash

Get a users roles within the Organization

Returns:

• (Hash) —

  • The users roles associated within the Organization

# File 'lib/sailpoint/rest.rb', line 60

def self.permitted_roles(identity)
  # Before requesting a users roles we need to verify if the identiy matches a valid user first
  return {} if identity.blank? || get_user(identity).empty?

  response = HTTParty.get([Sailpoint::Config.url('rest'), "roles/assignablePermits/?roleMode=assignable&identity=#{identity.escape_str}"].join('/'),
                          headers: Sailpoint::Config.auth_header,
                          output: 'json')
  response_body = JSON.parse(response&.body || '{}')
  return response_body['objects'].map { |role| role['name'] } if response['status'].present? && response['status'] == 'success'

  response_body
end

.ping ⇒ Hash

Used to verify your credentials are valid and IdentityIQ reource is properly responding

Returns:

• (Hash) —

  • The head and body of the response

# File 'lib/sailpoint/rest.rb', line 75

def self.ping
  HTTParty.get([Sailpoint::Config.url('rest'), 'ping'].join('/'),
               headers: Sailpoint::Config.auth_header,
               output: 'json')
end