Class: Bosh::Director::Api::UAAIdentityProvider

Inherits:

Object

Object
Bosh::Director::Api::UAAIdentityProvider

show all

Defined in:: lib/bosh/director/api/uaa_identity_provider.rb

Instance Method Summary collapse

#client_info ⇒ Object
#get_user(request_env) ⇒ Object
#initialize(options, director_uuid_provider) ⇒ UAAIdentityProvider constructor

A new instance of UAAIdentityProvider.
#required_scopes(requested_access) ⇒ Object
#supports_api_update? ⇒ Boolean
#valid_access?(user, requested_access) ⇒ Boolean

Constructor Details

#initialize(options, director_uuid_provider) ⇒ `UAAIdentityProvider`

Returns a new instance of UAAIdentityProvider.

# File 'lib/bosh/director/api/uaa_identity_provider.rb', line 7

def initialize(options, director_uuid_provider)
  @url = options.fetch('url')
  Config.logger.debug "Initializing UAA Identity provider with url #{@url}"
  @director_uuid = director_uuid_provider.uuid
  @token_coder = CF::UAA::TokenCoder.new(skey: options.fetch('symmetric_key', nil), pkey: options.fetch('public_key', nil), scope: [])
end

Instance Method Details

#client_info ⇒ `Object`

# File 'lib/bosh/director/api/uaa_identity_provider.rb', line 18

def client_info
  {
    'type' => 'uaa',
    'options' => {
      'url' => @url
    }
  }
end

#get_user(request_env) ⇒ `Object`

# File 'lib/bosh/director/api/uaa_identity_provider.rb', line 27

def get_user(request_env)
  auth_header = request_env['HTTP_AUTHORIZATION']
  token = @token_coder.decode(auth_header)
  UaaUser.new(token)
rescue CF::UAA::DecodeError, CF::UAA::AuthError => e
  raise AuthenticationError, e.message
end

#required_scopes(requested_access) ⇒ `Object`



44
45
46

# File 'lib/bosh/director/api/uaa_identity_provider.rb', line 44

def required_scopes(requested_access)
  permissions[requested_access]
end

#supports_api_update? ⇒ `Boolean`

Returns:

(Boolean)



14
15
16

# File 'lib/bosh/director/api/uaa_identity_provider.rb', line 14

def supports_api_update?
  false
end

#valid_access?(user, requested_access) ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/bosh/director/api/uaa_identity_provider.rb', line 35

def valid_access?(user, requested_access)
  if user.scopes
    required_scopes = required_scopes(requested_access)
    return has_admin_scope?(user.scopes) || contains_requested_scope?(required_scopes, user.scopes)
  end

  false
end

Class: Bosh::Director::Api::UAAIdentityProvider

Instance Method Summary collapse

Constructor Details

#initialize(options, director_uuid_provider) ⇒ UAAIdentityProvider

Instance Method Details

#client_info ⇒ Object

#get_user(request_env) ⇒ Object

#required_scopes(requested_access) ⇒ Object

#supports_api_update? ⇒ Boolean

#valid_access?(user, requested_access) ⇒ Boolean

#initialize(options, director_uuid_provider) ⇒ `UAAIdentityProvider`

#client_info ⇒ `Object`

#get_user(request_env) ⇒ `Object`

#required_scopes(requested_access) ⇒ `Object`

#supports_api_update? ⇒ `Boolean`

#valid_access?(user, requested_access) ⇒ `Boolean`