Class: Conjur::Policy::OwnerResolver

Inherits:

Resolver

• Object
• Resolver
• Conjur::Policy::OwnerResolver

Defined in:

lib/conjur/policy/resolver.rb

Overview

Sets the owner field for any records which support it, and don’t have an owner specified. Within a policy, the default owner is the policy role. For global records, the default owner is the ownerid specified in the constructor.

Instance Attribute Summary

Attributes inherited from Resolver

#account, #namespace, #ownerid

Instance Method Summary

• #on_resolve_policy(policy, visited) ⇒ Object
• #resolve(records) ⇒ Object
• #resolve_owner(record, visited) ⇒ Object

Methods inherited from Resolver

#initialize, resolve

Constructor Details

This class inherits a constructor from Conjur::Policy::Resolver

Instance Method Details

#on_resolve_policy(policy, visited) ⇒ Object

# File 'lib/conjur/policy/resolver.rb', line 138

def on_resolve_policy policy, visited
  saved_ownerid = @ownerid
  @ownerid = [ policy.account, "policy", policy.id ].join(":")
  traverse policy.body, visited, method(:resolve_owner), method(:on_resolve_policy)
ensure
  @ownerid = saved_ownerid
end

#resolve(records) ⇒ Object

# File 'lib/conjur/policy/resolver.rb', line 128

def resolve records
  traverse records, Set.new, method(:resolve_owner), method(:on_resolve_policy)
end

#resolve_owner(record, visited) ⇒ Object

# File 'lib/conjur/policy/resolver.rb', line 132

def resolve_owner record, visited
  if record.respond_to?(:owner) && record.respond_to?(:owner) && record.owner.nil?
    record.owner = Types::Role.new(@ownerid)
  end
end