Class: Conjur::Policy::Executor::Revoke
- Inherits:
-
Base
show all
- Defined in:
- lib/conjur/policy/executor/revoke.rb
Instance Attribute Summary
Attributes inherited from Base
#actions, #api, #statement
Instance Method Summary
collapse
Methods inherited from Base
#action, #initialize, #resource_path, #role_path
Methods included from Logger
included
Instance Method Details
3
4
5
6
7
8
9
|
# File 'lib/conjur/policy/executor/revoke.rb', line 3
def execute
if statement.role.is_a?(Conjur::Policy::Types::Layer) && statement.member.is_a?(Conjur::Policy::Types::Host)
remove_host_from_layer
else
revoke_role_from_member
end
end
|
#remove_host_from_layer ⇒ Object
11
12
13
14
15
16
17
|
# File 'lib/conjur/policy/executor/revoke.rb', line 11
def remove_host_from_layer
action({
'method' => 'delete',
'path' => "layers/#{fully_escape statement.role.id}/hosts/#{fully_escape statement.member.roleid}",
'parameters' => {}
})
end
|
#revoke_role_from_member ⇒ Object
19
20
21
22
23
24
25
|
# File 'lib/conjur/policy/executor/revoke.rb', line 19
def revoke_role_from_member
action({
'method' => 'delete',
'path' => "#{role_path(statement.role)}?members",
'parameters' => { "member" => statement.member.roleid }
})
end
|