Module: ChefFixie::AuthzObjectMixin

Includes:
AuthzUtils
Included in:
AuthzActorMixin, AuthzContainerMixin, AuthzGroupMixin, Sql::Cookbook, Sql::CookbookArtifact, Sql::DataBag, Sql::Environment, Sql::Node, Sql::Org, Sql::Policy, Sql::PolicyGroup, Sql::Role
Defined in:
lib/chef_fixie/authz_objects.rb

Constant Summary

Constants included from AuthzUtils

ChefFixie::AuthzUtils::ACTIONS, ChefFixie::AuthzUtils::TYPES

Class Method Summary collapse

Instance Method Summary collapse

Methods included from AuthzUtils

#check_action, #check_actor_or_group, #get_authz_id, #get_type, #resourcify_actor_or_group, #to_resource

Class Method Details

.included(base) ⇒ Object 



125
126
127
128
129
130
 
# File 'lib/chef_fixie/authz_objects.rb', line 125

def self.included(base)
#      pp :note=>"Include", :base=>base, :super=>(base.superclass rescue :nil)
#      block = lambda { :object }
#      base.send(:define_method, :type_me, block )
#      pp :methods=>(base.methods.sort - Object.methods)
end

Instance Method Details

#ace(action) ⇒ Object

Todo: filter this by scope and type



177
178
179
 
# File 'lib/chef_fixie/authz_objects.rb', line 177

def ace(action)
  ChefFixie::AuthzMapper.struct_to_name(ace_raw(action))
end

#ace_add(action, entity) ⇒ Object 



198
199
200
201
 
# File 'lib/chef_fixie/authz_objects.rb', line 198

def ace_add(action, entity)
  actions = expand_actions(action)
  actions.each { |a| ace_add_raw(a, entity.type, entity) }
end

#ace_add_raw(action, actor_or_group, entity) ⇒ Object

add actor or group to acl



188
189
190
191
192
193
194
195
196
 
# File 'lib/chef_fixie/authz_objects.rb', line 188

def ace_add_raw(action, actor_or_group, entity)
  # groups or actors
  a_or_g_resource = resourcify_actor_or_group(actor_or_group)
  resource, ace = ace_get_util(action)

  ace[a_or_g_resource] << get_authz_id(entity)
  ace[a_or_g_resource].uniq!
  authz_api.put("#{resource}", ace)
end

#ace_delete(action, entity) ⇒ Object 



213
214
215
216
 
# File 'lib/chef_fixie/authz_objects.rb', line 213

def ace_delete(action, entity)
  actions = expand_actions(action)
  actions.each { |a| ace_delete_raw(a, entity.type, entity) }
end

#ace_delete_raw(action, actor_or_group, entity) ⇒ Object 



203
204
205
206
207
208
209
210
211
 
# File 'lib/chef_fixie/authz_objects.rb', line 203

def ace_delete_raw(action, actor_or_group, entity)
  # groups or actors
  a_or_g_resource = resourcify_actor_or_group(actor_or_group)
  resource, ace = ace_get_util(action)

  ace[a_or_g_resource] -= [get_authz_id(entity)]
  ace[a_or_g_resource].uniq!
  authz_api.put("#{resource}", ace)
end

#ace_get_util(action) ⇒ Object 



163
164
165
166
167
168
169
 
# File 'lib/chef_fixie/authz_objects.rb', line 163

def ace_get_util(action)
  check_action(action)

  resource = "#{prefix}/acl/#{action}"
  ace = authz_api.get(resource)
  [resource, ace]
end

#ace_member?(action, entity) ⇒ Boolean

Returns:

  • (Boolean) 


218
219
220
221
222
 
# File 'lib/chef_fixie/authz_objects.rb', line 218

def ace_member?(action, entity)
  a_or_g_resource = resourcify_actor_or_group(entity.type)
  resource, ace = ace_get_util(action)
  ace[a_or_g_resource].member?(entity.authz_id)
end

#ace_raw(action) ⇒ Object 



171
172
173
174
 
# File 'lib/chef_fixie/authz_objects.rb', line 171

def ace_raw(action)
  resource, ace = ace_get_util(action)
  ace
end

#aclObject

Todo: filter this by scope and type



159
160
161
 
# File 'lib/chef_fixie/authz_objects.rb', line 159

def acl
  ChefFixie::AuthzMapper.struct_to_name(acl_raw)
end

#acl_add_from_object(object) ⇒ Object 



224
225
226
227
228
229
230
231
232
233
234
235
 
# File 'lib/chef_fixie/authz_objects.rb', line 224

def acl_add_from_object(object)
  src = object.acl_raw

  # this could be made more efficient by refactoring ace_add_raw to split fetch and update, but this works
  src.each do |action, ace|
    ace.each do |type, list|
      list.each do |item|
        ace_add_raw(action.to_sym, type, item)
      end
    end
  end
end

#acl_rawObject 



154
155
156
 
# File 'lib/chef_fixie/authz_objects.rb', line 154

def acl_raw
  authz_api.get("#{prefix}/acl")
end

#authz_apiObject 



136
137
138
 
# File 'lib/chef_fixie/authz_objects.rb', line 136

def authz_api
  @@authz_api_as_superuser ||= AuthzApi.new
end

#authz_deleteObject 



150
151
152
 
# File 'lib/chef_fixie/authz_objects.rb', line 150

def authz_delete
  authz_api.delete(prefix)
end

#expand_actions(action) ⇒ Object 



181
182
183
184
185
186
 
# File 'lib/chef_fixie/authz_objects.rb', line 181

def expand_actions(action)
  if action == :all
    action = AuthzUtils::ACTIONS
  end
  action.is_a?(Array) ? action : [action]
end

#is_authorized(action, actor) ⇒ Object 



145
146
147
148
 
# File 'lib/chef_fixie/authz_objects.rb', line 145

def is_authorized(action, actor)
  result = authz_api.get("#{prefix}/acl/#{action}/ace/#{actor.authz_id}")
  [:unparsed, result] # todo figure this out in more detail
end

#prefixObject

we expect to be mixed in with a class that has the authz_id method



141
142
143
 
# File 'lib/chef_fixie/authz_objects.rb', line 141

def prefix
  "#{to_resource(type)}/#{authz_id}"
end

#typeObject 



132
133
134
 
# File 'lib/chef_fixie/authz_objects.rb', line 132

def type
  :object
end