Class: RestClient::Resource

Inherits:

Object

• Object
• RestClient::Resource

Includes:

Conjur::Cast, Conjur::Escape, Conjur::LogSource

Defined in:

lib/conjur/api.rb

Direct Known Subclasses

Conjur::Deputy, Conjur::Group, Conjur::Layer, Conjur::Resource, Conjur::Role, Conjur::User, Conjur::Variable

Instance Method Summary

• #conjur_api ⇒ Conjur::API

  Creates a Conjur API from this resource's authorization header.

• #default_options ⇒ Object
• #initialize(url, options = nil, &block) ⇒ Resource constructor

  A new instance of Resource.

• #initialize_without_defaults ⇒ Object
• #token ⇒ Hash

  Get an authentication token from the clients Authorization header.

• #username ⇒ String

  The username this resource authenticates as.

Methods included from Conjur::LogSource

#log

Methods included from Conjur::Escape

#fully_escape, #path_escape, #query_escape

Constructor Details

#initialize(url, options = nil, &block) ⇒ Resource

# File 'lib/conjur/api.rb', line 53

def initialize url, options = nil, &block
  initialize_without_defaults url, default_options.merge(options || {}), &block
end

Instance Method Details

#conjur_api ⇒ Conjur::API

Creates a Conjur API from this resource's authorization header.

The new API is created using the token, so it will not be able to refresh when the token expires (after about 8 minutes). This is equivalent to creating an Conjur::API instance with Conjur::API.new_from_token.

# File 'lib/conjur/api.rb', line 87

def conjur_api
  Conjur::API.new_from_token token
end

#default_options ⇒ Object

# File 'lib/conjur/api.rb', line 57

def default_options
  {
    ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
  }
end

#initialize_without_defaults ⇒ Object

# File 'lib/conjur/api.rb', line 51

alias_method :initialize_without_defaults, :initialize

#token ⇒ Hash

Get an authentication token from the clients Authorization header.

Useful fields in the token include "data", which holds the username for which the token was issued, and "timestamp", which contains the time at which the token was issued. The token will expire 8 minutes after timestamp, but we recommend you treat the lifespan as about 5 minutes to account for time differences.

# File 'lib/conjur/api.rb', line 99

def token
  authorization = options[:headers][:authorization]
  if authorization && authorization.to_s[/^Token token="(.*)"/]
    JSON.parse(Base64.decode64($1))
  else
    raise AuthorizationError.new("Authorization missing")
  end
end

#username ⇒ String

The username this resource authenticates as.

# File 'lib/conjur/api.rb', line 111

def username
  options[:user] || options[:username]
end