Module: ChefFixie::AuthzObjectMixin

Includes:
AuthzUtils
Included in:
AuthzActorMixin, AuthzContainerMixin, AuthzGroupMixin, Sql::Cookbook, Sql::CookbookArtifact, Sql::DataBag, Sql::Environment, Sql::Node, Sql::Org, Sql::Policy, Sql::PolicyGroup, Sql::Role
Defined in:
lib/chef_fixie/authz_objects.rb

Constant Summary

Constants included from AuthzUtils

ChefFixie::AuthzUtils::Actions, ChefFixie::AuthzUtils::Types

Class Method Summary collapse

Instance Method Summary collapse

Methods included from AuthzUtils

#check_action, #check_actor_or_group, #get_authz_id, #get_type, #resourcify_actor_or_group, #to_resource

Class Method Details

.included(base) ⇒ Object 



122
123
124
125
126
127
 
# File 'lib/chef_fixie/authz_objects.rb', line 122

def self.included(base)
#      pp :note=>"Include", :base=>base, :super=>(base.superclass rescue :nil)
#      block = lambda { :object }
#      base.send(:define_method, :type_me, block )
#      pp :methods=>(base.methods.sort - Object.methods)
end

Instance Method Details

#ace(action) ⇒ Object

Todo: filter this by scope and type



170
171
172
 
# File 'lib/chef_fixie/authz_objects.rb', line 170

def ace(action)
  ChefFixie::AuthzMapper.struct_to_name(ace_raw(action))
end

#ace_add(action, entity) ⇒ Object 



193
194
195
196
 
# File 'lib/chef_fixie/authz_objects.rb', line 193

def ace_add(action, entity)
  actions = expand_actions(action)
  actions.each {|a| ace_add_raw(a, entity.type, entity) }
end

#ace_add_raw(action, actor_or_group, entity) ⇒ Object

add actor or group to acl



184
185
186
187
188
189
190
191
192
 
# File 'lib/chef_fixie/authz_objects.rb', line 184

def ace_add_raw(action, actor_or_group, entity)
  # groups or actors
  a_or_g_resource = resourcify_actor_or_group(actor_or_group)
  resource, ace = ace_get_util(action)

  ace[a_or_g_resource] << get_authz_id(entity)
  ace[a_or_g_resource].uniq!
  authz_api.put("#{resource}", ace)
end

#ace_delete(action, entity) ⇒ Object 



208
209
210
211
 
# File 'lib/chef_fixie/authz_objects.rb', line 208

def ace_delete(action, entity)
  actions = expand_actions(action)
  actions.each {|a| ace_delete_raw(a, entity.type, entity) }
end

#ace_delete_raw(action, actor_or_group, entity) ⇒ Object 



198
199
200
201
202
203
204
205
206
 
# File 'lib/chef_fixie/authz_objects.rb', line 198

def ace_delete_raw(action, actor_or_group, entity)
  # groups or actors
  a_or_g_resource = resourcify_actor_or_group(actor_or_group)
  resource, ace = ace_get_util(action)

  ace[a_or_g_resource] -= [get_authz_id(entity)]
  ace[a_or_g_resource].uniq!
  authz_api.put("#{resource}", ace)
end

#ace_get_util(action) ⇒ Object 



156
157
158
159
160
161
162
 
# File 'lib/chef_fixie/authz_objects.rb', line 156

def ace_get_util(action)
  check_action(action)

  resource = "#{prefix}/acl/#{action}"
  ace = authz_api.get(resource)
  [resource, ace]
end

#ace_member?(action, entity) ⇒ Boolean

Returns:

  • (Boolean) 


213
214
215
216
217
 
# File 'lib/chef_fixie/authz_objects.rb', line 213

def ace_member?(action, entity)
  a_or_g_resource = resourcify_actor_or_group(entity.type)
  resource, ace = ace_get_util(action)
  ace[a_or_g_resource].member?(entity.authz_id)
end

#ace_raw(action) ⇒ Object 



165
166
167
168
 
# File 'lib/chef_fixie/authz_objects.rb', line 165

def ace_raw(action)
  resource,ace = ace_get_util(action)
  ace
end

#aclObject

Todo: filter this by scope and type



152
153
154
 
# File 'lib/chef_fixie/authz_objects.rb', line 152

def acl
  ChefFixie::AuthzMapper.struct_to_name(acl_raw)
end

#acl_add_from_object(object) ⇒ Object 



220
221
222
223
224
225
226
227
228
229
230
231
 
# File 'lib/chef_fixie/authz_objects.rb', line 220

def acl_add_from_object(object)
  src = object.acl_raw

  # this could be made more efficient by refactoring ace_add_raw to split fetch and update, but this works
  src.each do |action, ace|
    ace.each do |type, list|
      list.each do |item|
        ace_add_raw(action.to_sym, type, item)
      end
    end
  end
end

#acl_rawObject 



148
149
150
 
# File 'lib/chef_fixie/authz_objects.rb', line 148

def acl_raw
  authz_api.get("#{prefix}/acl")
end

#authz_apiObject 



133
134
135
 
# File 'lib/chef_fixie/authz_objects.rb', line 133

def authz_api
   @@authz_apiAsSuperUser ||= AuthzApi.new
end

#expand_actions(action) ⇒ Object 



174
175
176
177
178
179
 
# File 'lib/chef_fixie/authz_objects.rb', line 174

def expand_actions(action)
  if action == :all
    action = AuthzUtils::Actions
  end
  action.is_a?(Array) ? action : [action]
end

#is_authorized(action, actor) ⇒ Object 



143
144
145
146
 
# File 'lib/chef_fixie/authz_objects.rb', line 143

def is_authorized(action, actor)
  result = authz_api.get("#{prefix}/acl/#{action}/ace/#{actor.authz_id}")
  [:unparsed, result] # todo figure this out in more detail
end

#prefixObject

we expect to be mixed in with a class that has the authz_id method



139
140
141
 
# File 'lib/chef_fixie/authz_objects.rb', line 139

def prefix
  "#{to_resource(type)}/#{authz_id}"
end

#typeObject 



129
130
131
 
# File 'lib/chef_fixie/authz_objects.rb', line 129

def type
  :object
end