Class: CloudFoundry::Perm::V1::Client

Inherits:

Object

• Object
• CloudFoundry::Perm::V1::Client

Defined in:

lib/perm/v1/client.rb

Instance Attribute Summary

• #hostname ⇒ Object readonly

  Returns the value of attribute hostname.

• #port ⇒ Object readonly

  Returns the value of attribute port.

Instance Method Summary

• #assign_role(role_name:, actor_id:, namespace:) ⇒ Object
• #assign_role_to_group(role_name:, group_id:) ⇒ Object
• #create_role(role_name:, permissions: []) ⇒ Object
• #delete_role(name) ⇒ Object
• #has_permission?(actor_id:, namespace:, action:, resource:, group_ids: []) ⇒ Boolean

  rubocop:disable Metrics/MethodLength.

• #has_role?(role_name:, actor_id:, namespace:) ⇒ Boolean

  rubocop:disable Naming/PredicateName.

• #has_role_for_group?(role_name:, group_id:) ⇒ Boolean
• #initialize(hostname:, port: 6283, trusted_cas:, timeout: 15) ⇒ Client constructor

  A new instance of Client.

• #list_resource_patterns(actor_id:, namespace:, action:, group_ids: []) ⇒ Object
• #list_role_permissions(role_name:) ⇒ Object
• #unassign_role(role_name:, actor_id:, namespace:) ⇒ Object
• #unassign_role_from_group(role_name:, group_id:) ⇒ Object

Constructor Details

#initialize(hostname:, port: 6283, trusted_cas:, timeout: 15) ⇒ Client

Returns a new instance of Client.

Raises:

• (ArgumentError)

# File 'lib/perm/v1/client.rb', line 12

def initialize(hostname:, port: 6283, trusted_cas:, timeout: 15)
  raise ArgumentError, 'trusted_cas cannot be empty' if trusted_cas.empty?

  @hostname = hostname
  @port = port
  @url = "#{hostname}:#{port}"
  @trusted_cas = trusted_cas
  @timeout = timeout
end

Instance Attribute Details

#hostname ⇒ Object (readonly)

Returns the value of attribute hostname.

# File 'lib/perm/v1/client.rb', line 10

def hostname
  @hostname
end

#port ⇒ Object (readonly)

Returns the value of attribute port.

# File 'lib/perm/v1/client.rb', line 10

def port
  @port
end

Instance Method Details

#assign_role(role_name:, actor_id:, namespace:) ⇒ Object

# File 'lib/perm/v1/client.rb', line 46

def assign_role(role_name:, actor_id:, namespace:)
  actor = Protos::Actor.new(id: actor_id, namespace: namespace)
  request = Protos::AssignRoleRequest.new(actor: actor, role_name: role_name)

  grpc_role_service.assign_role(request)

  nil
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end

#assign_role_to_group(role_name:, group_id:) ⇒ Object

# File 'lib/perm/v1/client.rb', line 68

def assign_role_to_group(role_name:, group_id:)
  group = Protos::Group.new(id: group_id)
  request = Protos::AssignRoleToGroupRequest.new(group: group, role_name: role_name)

  grpc_role_service.assign_role_to_group(request)

  nil
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end

#create_role(role_name:, permissions: []) ⇒ Object

# File 'lib/perm/v1/client.rb', line 22

def create_role(role_name:, permissions: [])
  permission_protos = permissions.map do |p|
    Protos::Permission.new(action: p.action, resource_pattern: p.resource_pattern)
  end
  request = Protos::CreateRoleRequest.new(name: role_name, permissions: permission_protos)

  response = grpc_role_service.create_role(request)
  role = response.role

  Models::Role.new(name: role.name)
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end

#delete_role(name) ⇒ Object

# File 'lib/perm/v1/client.rb', line 36

def delete_role(name)
  request = Protos::DeleteRoleRequest.new(name: name)

  grpc_role_service.delete_role(request)

  nil
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end

#has_permission?(actor_id:, namespace:, action:, resource:, group_ids: []) ⇒ Boolean

rubocop:disable Metrics/MethodLength

Returns:

• (Boolean)

# File 'lib/perm/v1/client.rb', line 125

def has_permission?(actor_id:, namespace:, action:, resource:, group_ids: [])
  actor = Protos::Actor.new(id: actor_id, namespace: namespace)

  groups = []
  group_ids.each do |group_id|
    groups.push(Protos::Group.new(id: group_id))
  end

  request = Protos::HasPermissionRequest.new(
    actor: actor, action: action, resource: resource, groups: groups
  )

  grpc_permission_service.has_permission(request).has_permission
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end

#has_role?(role_name:, actor_id:, namespace:) ⇒ Boolean

rubocop:disable Naming/PredicateName

Returns:

• (Boolean)

# File 'lib/perm/v1/client.rb', line 91

def has_role?(role_name:, actor_id:, namespace:)
  actor = Protos::Actor.new(id: actor_id, namespace: namespace)
  request = Protos::HasRoleRequest.new(actor: actor, role_name: role_name)

  response = grpc_role_service.has_role(request)
  response.has_role
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end

#has_role_for_group?(role_name:, group_id:) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/perm/v1/client.rb', line 101

def has_role_for_group?(role_name:, group_id:)
  group = Protos::Group.new(id: group_id)
  request = Protos::HasRoleForGroupRequest.new(group: group, role_name: role_name)

  response = grpc_role_service.has_role_for_group(request)
  response.has_role
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end

#list_resource_patterns(actor_id:, namespace:, action:, group_ids: []) ⇒ Object

# File 'lib/perm/v1/client.rb', line 142

def list_resource_patterns(actor_id:, namespace:, action:, group_ids: [])
  actor = Protos::Actor.new(id: actor_id, namespace: namespace)

  groups = []
  group_ids.each do |group_id|
    groups.push(Protos::Group.new(id: group_id))
  end

  request = Protos::ListResourcePatternsRequest.new(
    actor: actor,
    action: action,
    groups: groups
  )

  response = grpc_permission_service.list_resource_patterns(request)

  response.resource_patterns
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end

#list_role_permissions(role_name:) ⇒ Object

# File 'lib/perm/v1/client.rb', line 111

def list_role_permissions(role_name:)
  request = Protos::ListRolePermissionsRequest.new(role_name: role_name)

  response = grpc_role_service.list_role_permissions(request)
  permissions = response.permissions

  permissions.map do |permission|
    Models::Permission.new(action: permission.action, resource_pattern: permission.resource_pattern)
  end
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end

#unassign_role(role_name:, actor_id:, namespace:) ⇒ Object

# File 'lib/perm/v1/client.rb', line 57

def unassign_role(role_name:, actor_id:, namespace:)
  actor = Protos::Actor.new(id: actor_id, namespace: namespace)
  request = Protos::UnassignRoleRequest.new(actor: actor, role_name: role_name)

  grpc_role_service.unassign_role(request)

  nil
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end

#unassign_role_from_group(role_name:, group_id:) ⇒ Object

# File 'lib/perm/v1/client.rb', line 79

def unassign_role_from_group(role_name:, group_id:)
  group = Protos::Group.new(id: group_id)
  request = Protos::UnassignRoleFromGroupRequest.new(group: group, role_name: role_name)

  grpc_role_service.unassign_role_from_group(request)

  nil
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end