Class: RestClient::Resource

Inherits:

Object

• Object
• RestClient::Resource

Includes:

Conjur::Cast, Conjur::Escape, Conjur::LogSource

Defined in:

lib/conjur/api.rb

Direct Known Subclasses

Conjur::Deputy, Conjur::Group, Conjur::Layer, Conjur::Resource, Conjur::Role, Conjur::User, Conjur::Variable

Instance Method Summary

• #conjur_api ⇒ Conjur::API

  Creates a Conjur API from this resource's authorization header.

• #conjur_privilege ⇒ Object
• #default_options ⇒ Object
• #initialize(url, options = nil, &block) ⇒ Resource constructor

  A new instance of Resource.

• #initialize_without_defaults ⇒ Object
• #remote_ip ⇒ Object
• #token ⇒ Hash

  Get an authentication token from the clients Authorization header.

• #username ⇒ String

  The username this resource authenticates as.

Methods included from Conjur::LogSource

#log

Methods included from Conjur::Escape

#fully_escape, #path_escape, #query_escape

Constructor Details

#initialize(url, options = nil, &block) ⇒ Resource

Returns a new instance of Resource.

# File 'lib/conjur/api.rb', line 53

def initialize url, options = nil, &block
  initialize_without_defaults url, default_options.merge(options || {}), &block
end

Instance Method Details

#conjur_api ⇒ Conjur::API

Creates a Conjur API from this resource's authorization header.

The new API is created using the token, so it will not be able to refresh when the token expires (after about 8 minutes). This is equivalent to creating an Conjur::API instance with Conjur::API.new_from_token.

Returns:

• (Conjur::API) —

  the new api

# File 'lib/conjur/api.rb', line 87

def conjur_api
  api = Conjur::API.new_from_token token, remote_ip
  if conjur_privilege
    api.with_privilege conjur_privilege
  else
    api
  end
end

#conjur_privilege ⇒ Object

# File 'lib/conjur/api.rb', line 117

def conjur_privilege
  options[:headers][:x_conjur_privilege]
end

#default_options ⇒ Object

# File 'lib/conjur/api.rb', line 57

def default_options
  {
    ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
  }
end

#initialize_without_defaults ⇒ Object

# File 'lib/conjur/api.rb', line 51

alias_method :initialize_without_defaults, :initialize

#remote_ip ⇒ Object

# File 'lib/conjur/api.rb', line 113

def remote_ip
  options[:headers][:x_forwarded_for]
end

#token ⇒ Hash

Get an authentication token from the clients Authorization header.

Useful fields in the token include "data", which holds the username for which the token was issued, and "timestamp", which contains the time at which the token was issued. The token will expire 8 minutes after timestamp, but we recommend you treat the lifespan as about 5 minutes to account for time differences.

Returns:

• (Hash) —

  the parsed authentication token

# File 'lib/conjur/api.rb', line 104

def token
  authorization = options[:headers][:authorization]
  if authorization && authorization.to_s[/^Token token="(.*)"/]
    JSON.parse(Base64.decode64($1))
  else
    raise AuthorizationError.new("Authorization missing")
  end
end

#username ⇒ String

The username this resource authenticates as.

Returns:

• (String) —

  the username

# File 'lib/conjur/api.rb', line 124

def username
  options[:user] || options[:username]
end