Class: PEClient::Resource::RBACV1::Permissions

Inherits:
Base
  • Object
show all
Defined in:
lib/pe_client/resources/rbac.v1/permissions.rb

Overview

You add permissions to roles to control what users can access and do in PE. Use the permissions endpoints to get information about objects you can create permissions for, what types of permissions you can create, and whether specific users can perform certain actions.

See Also:

Constant Summary collapse

BASE_PATH =

The base path for RBAC API v1 Permissions endpoints.

"#{RBACV1::BASE_PATH}/permitted".freeze

Instance Method Summary collapse

Methods inherited from Base

#initialize

Constructor Details

This class inherits a constructor from PEClient::Resource::Base

Instance Method Details

#instances(object_type:, action:) ⇒ Array<String>

For a specific object_type and action, get a list of instance IDs that the current authenticated user is permitted to take the specified action on.

Parameters:

  • object_type (String)

    Name of an object type.

  • action (String)

    Applicable action for the object type.

Returns:

  • (Array<String>)

    An array of instance IDs that the authenticated user is permitted to perform the supplied action on.



59
60
61
 
# File 'lib/pe_client/resources/rbac.v1/permissions.rb', line 59

def instances(object_type:, action:)
  @client.get "#{BASE_PATH}/#{object_type}/#{action}"
end

#permitted(token:, permissions:) ⇒ Array<Boolean>

Query whether a user or user group can perform specified actions. Use this to check if a user or group already has a certain permission.

Parameters:

  • token (String)

    The UUID of a user or user group.

  • permissions (Array<Hash>)

    An array of JSON objects representing permissions. Each permissions object includes the object_type, action, and instance keys. For more information about these keys and how to populate them, see [Permissions](help.puppet.com/pe/current/topics/rbac_api_v1_permissions_keys.htm).

Returns:

  • (Array<Boolean>)

    The response array has the same length as the request’s permissions array. Each returned Boolean value corresponds to the submitted permission query at the same index. For example, if you query two permissions, the response array contains two values, such as:

    `[true, false]`



49
50
51
 
# File 'lib/pe_client/resources/rbac.v1/permissions.rb', line 49

def permitted(token:, permissions:)
  @client.post BASE_PATH, body: {token:, permissions:}
end

#typesArray<Hash>

Lists each object_type that you can regulate with RBAC permissions, the available actions for each type, and whether each action allows instance specification.

Returns:

  • (Array<Hash>) 


33
34
35
 
# File 'lib/pe_client/resources/rbac.v1/permissions.rb', line 33

def types
  @client.get "/types"
end

#user_instances(object_type:, action:, uuid:) ⇒ Array<String>

For a specific object_type and action, get a list of instance IDs that the specific user (identified by UUID) is permitted to take the specified action on.

Parameters:

  • object_type (String)

    Name of an object type.

  • action (String)

    Applicable action for the object type.

  • uuid (String)

Returns:

  • (Array<String>)

    An array of instance IDs that the specified user is permitted to perform the supplied action on.



70
71
72
 
# File 'lib/pe_client/resources/rbac.v1/permissions.rb', line 70

def user_instances(object_type:, action:, uuid:)
  @client.get "#{BASE_PATH}/#{object_type}/#{action}/#{uuid}"
end