Module: ChefRunDeck::Auth

Extended by:

Auth

Included in:

Auth

Defined in:

lib/chef-rundeck/auth.rb

Overview

> Authorization Module

Instance Attribute Summary

• #auth ⇒ Object

  > This holds the Authorization State.

Instance Method Summary

• #admin? ⇒ Boolean
• #creator?(node) ⇒ Boolean
• #key? ⇒ Boolean

  > Validate the User’s Authentication Key ## TODO: Use this, passthrough from a RunDeck Option Field.

• #parse(user = nil) ⇒ Object
• #project_admin?(project = nil) ⇒ Boolean

  > TODO: Project-Based Validation.

• #reset! ⇒ Object
• #role_admin?(run_list = nil) ⇒ Boolean

  > Role-Based Administration.

Instance Attribute Details

#auth ⇒ Object

> This holds the Authorization State

# File 'lib/chef-rundeck/auth.rb', line 26

def auth
  @auth
end

Instance Method Details

#admin? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/chef-rundeck/auth.rb', line 45

def admin?
  # => Check if a User is an Administrator
  auth['roles'].any? { |x| x.casecmp('admin').zero? }
end

#creator?(node) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/chef-rundeck/auth.rb', line 50

def creator?(node)
  # => Grab the Node-State Object
  existing = State.find_state(node)
  return false unless existing
  # => Check if Auth User was the Node-State Creator
  existing[:creator].to_s.casecmp(Config.query_params['auth_user'].to_s).zero?
end

#key? ⇒ Boolean

> Validate the User’s Authentication Key ## TODO: Use this, passthrough from a RunDeck Option Field

Returns:

• (Boolean)

# File 'lib/chef-rundeck/auth.rb', line 59

def key?
  # => We store a SHA512 Hex Digest of the Key
  return false unless Config.query_params['auth_key']
  Digest::SHA512.hexdigest(Config.query_params['auth_key']) == auth['auth_key']
end

#parse(user = nil) ⇒ Object

# File 'lib/chef-rundeck/auth.rb', line 38

def parse(user = nil)
  # => Try to Find the User and their Authorization
  auth = Util.parse_json_config(Config.auth_file, false)
  return reset! unless auth && auth[user]
  @auth = auth[user]
end

#project_admin?(project = nil) ⇒ Boolean

> TODO: Project-Based Validation

Returns:

• (Boolean)

# File 'lib/chef-rundeck/auth.rb', line 66

def project_admin?(project = nil)
  return false unless project.is_a?(Array)
  # => parse_auth.include?(user) && parse_auth[user]['roles'].any? { |r| ['admin', project].include? r.to_s.downcase }
  auth['roles'].any? { |r| ['admin', project].include? r.to_s.downcase }
end

#reset! ⇒ Object

# File 'lib/chef-rundeck/auth.rb', line 33

def reset!
  # => Reset Authorization
  @auth = { 'roles' => [] }
end

#role_admin?(run_list = nil) ⇒ Boolean

> Role-Based Administration

Returns:

• (Boolean)

# File 'lib/chef-rundeck/auth.rb', line 73

def role_admin?(run_list = nil)
  return false unless run_list.is_a?(Array)
  # => This will Authorize Anyone if the RunList is Empty or the Chef Node does not exist!!!
  run_list.empty? || auth['roles'].any? { |role| run_list.any? { |r| r =~ /role\[#{role}\]/i } }
end