Class: RestClient::Resource

Inherits:
Object
  • Object
show all
Includes:
Conjur::Cast, Conjur::Escape, Conjur::LogSource
Defined in:
lib/conjur/api.rb

Instance Method Summary collapse

Methods included from Conjur::LogSource

#log

Methods included from Conjur::Escape

#fully_escape, #path_escape, #query_escape

Instance Method Details

#conjur_apiConjur::API

Creates a Conjur API from this resource's authorization header.

The new API is created using the token, so it will not be able to refresh when the token expires (after about 8 minutes). This is equivalent to creating an Conjur::API instance with Conjur::API.new_from_token.



94
95
96
97
98
99
100
101
 
# File 'lib/conjur/api.rb', line 94

def conjur_api
  api = Conjur::API.new_from_token token, remote_ip
  if conjur_privilege
    api.with_privilege conjur_privilege
  else
    api
  end
end

#conjur_privilegeObject 



124
125
126
 
# File 'lib/conjur/api.rb', line 124

def conjur_privilege
  options[:headers][:x_conjur_privilege]
end

#remote_ipObject 



120
121
122
 
# File 'lib/conjur/api.rb', line 120

def remote_ip
  options[:headers][:x_forwarded_for]
end

#tokenHash

Get an authentication token from the clients Authorization header.

Useful fields in the token include "data", which holds the username for which the token was issued, and "timestamp", which contains the time at which the token was issued. The token will expire 8 minutes after timestamp, but we recommend you treat the lifespan as about 5 minutes to account for time differences.



111
112
113
114
115
116
117
118
 
# File 'lib/conjur/api.rb', line 111

def token
  authorization = options[:headers][:authorization]
  if authorization && authorization.to_s[/^Token token="(.*)"/]
    JSON.parse(Base64.decode64($1))
  else
    raise AuthorizationError.new("Authorization missing")
  end
end

#usernameString

The username this resource authenticates as.



131
132
133
 
# File 'lib/conjur/api.rb', line 131

def username
  options[:user] || options[:username]
end