Module: ChefFixie::AuthzObjectMixin

Includes:

AuthzUtils

Included in:

AuthzActorMixin, AuthzContainerMixin, AuthzGroupMixin, Sql::Cookbook, Sql::CookbookArtifact, Sql::DataBag, Sql::Environment, Sql::Node, Sql::Org, Sql::Policy, Sql::PolicyGroup, Sql::Role

Defined in:

lib/chef_fixie/authz_objects.rb

Constant Summary

Constants included from AuthzUtils

ChefFixie::AuthzUtils::Actions, ChefFixie::AuthzUtils::Types

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #ace(action) ⇒ Object

  Todo: filter this by scope and type.

• #ace_add(action, entity) ⇒ Object
• #ace_add_raw(action, actor_or_group, entity) ⇒ Object

  add actor or group to acl.

• #ace_delete(action, entity) ⇒ Object
• #ace_delete_raw(action, actor_or_group, entity) ⇒ Object
• #ace_get_util(action) ⇒ Object
• #ace_member?(action, entity) ⇒ Boolean
• #ace_raw(action) ⇒ Object
• #acl ⇒ Object

  Todo: filter this by scope and type.

• #acl_add_from_object(object) ⇒ Object
• #acl_raw ⇒ Object
• #authz_api ⇒ Object
• #authz_delete ⇒ Object
• #expand_actions(action) ⇒ Object
• #is_authorized(action, actor) ⇒ Object
• #prefix ⇒ Object

  we expect to be mixed in with a class that has the authz_id method.

• #type ⇒ Object

Methods included from AuthzUtils

#check_action, #check_actor_or_group, #get_authz_id, #get_type, #resourcify_actor_or_group, #to_resource

Class Method Details

.included(base) ⇒ Object

# File 'lib/chef_fixie/authz_objects.rb', line 122

def self.included(base)
#      pp :note=>"Include", :base=>base, :super=>(base.superclass rescue :nil)
#      block = lambda { :object }
#      base.send(:define_method, :type_me, block )
#      pp :methods=>(base.methods.sort - Object.methods)
end

Instance Method Details

#ace(action) ⇒ Object

Todo: filter this by scope and type

# File 'lib/chef_fixie/authz_objects.rb', line 174

def ace(action)
  ChefFixie::AuthzMapper.struct_to_name(ace_raw(action))
end

#ace_add(action, entity) ⇒ Object

# File 'lib/chef_fixie/authz_objects.rb', line 197

def ace_add(action, entity)
  actions = expand_actions(action)
  actions.each {|a| ace_add_raw(a, entity.type, entity) }
end

#ace_add_raw(action, actor_or_group, entity) ⇒ Object

add actor or group to acl

# File 'lib/chef_fixie/authz_objects.rb', line 188

def ace_add_raw(action, actor_or_group, entity)
  # groups or actors
  a_or_g_resource = resourcify_actor_or_group(actor_or_group)
  resource, ace = ace_get_util(action)

  ace[a_or_g_resource] << get_authz_id(entity)
  ace[a_or_g_resource].uniq!
  authz_api.put("#{resource}", ace)
end

#ace_delete(action, entity) ⇒ Object

# File 'lib/chef_fixie/authz_objects.rb', line 212

def ace_delete(action, entity)
  actions = expand_actions(action)
  actions.each {|a| ace_delete_raw(a, entity.type, entity) }
end

#ace_delete_raw(action, actor_or_group, entity) ⇒ Object

# File 'lib/chef_fixie/authz_objects.rb', line 202

def ace_delete_raw(action, actor_or_group, entity)
  # groups or actors
  a_or_g_resource = resourcify_actor_or_group(actor_or_group)
  resource, ace = ace_get_util(action)

  ace[a_or_g_resource] -= [get_authz_id(entity)]
  ace[a_or_g_resource].uniq!
  authz_api.put("#{resource}", ace)
end

#ace_get_util(action) ⇒ Object

# File 'lib/chef_fixie/authz_objects.rb', line 160

def ace_get_util(action)
  check_action(action)

  resource = "#{prefix}/acl/#{action}"
  ace = authz_api.get(resource)
  [resource, ace]
end

#ace_member?(action, entity) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/chef_fixie/authz_objects.rb', line 217

def ace_member?(action, entity)
  a_or_g_resource = resourcify_actor_or_group(entity.type)
  resource, ace = ace_get_util(action)
  ace[a_or_g_resource].member?(entity.authz_id)
end

#ace_raw(action) ⇒ Object

# File 'lib/chef_fixie/authz_objects.rb', line 169

def ace_raw(action)
  resource,ace = ace_get_util(action)
  ace
end

#acl ⇒ Object

Todo: filter this by scope and type

# File 'lib/chef_fixie/authz_objects.rb', line 156

def acl
  ChefFixie::AuthzMapper.struct_to_name(acl_raw)
end

#acl_add_from_object(object) ⇒ Object

# File 'lib/chef_fixie/authz_objects.rb', line 224

def acl_add_from_object(object)
  src = object.acl_raw

  # this could be made more efficient by refactoring ace_add_raw to split fetch and update, but this works
  src.each do |action, ace|
    ace.each do |type, list|
      list.each do |item|
        ace_add_raw(action.to_sym, type, item)
      end
    end
  end
end

#acl_raw ⇒ Object

# File 'lib/chef_fixie/authz_objects.rb', line 152

def acl_raw
  authz_api.get("#{prefix}/acl")
end

#authz_api ⇒ Object

# File 'lib/chef_fixie/authz_objects.rb', line 133

def authz_api
   @@authz_apiAsSuperUser ||= AuthzApi.new
end

#authz_delete ⇒ Object

# File 'lib/chef_fixie/authz_objects.rb', line 148

def authz_delete
  authz_api.delete(prefix)
end

#expand_actions(action) ⇒ Object

# File 'lib/chef_fixie/authz_objects.rb', line 178

def expand_actions(action)
  if action == :all
    action = AuthzUtils::Actions
  end
  action.is_a?(Array) ? action : [action]
end

#is_authorized(action, actor) ⇒ Object

# File 'lib/chef_fixie/authz_objects.rb', line 143

def is_authorized(action, actor)
  result = authz_api.get("#{prefix}/acl/#{action}/ace/#{actor.authz_id}")
  [:unparsed, result] # todo figure this out in more detail
end

#prefix ⇒ Object

we expect to be mixed in with a class that has the authz_id method

# File 'lib/chef_fixie/authz_objects.rb', line 139

def prefix
  "#{to_resource(type)}/#{authz_id}"
end

#type ⇒ Object

# File 'lib/chef_fixie/authz_objects.rb', line 129

def type
  :object
end