Class: RestClient::Resource

Inherits:
Object
  • Object
show all
Includes:
Conjur::Cast, Conjur::Escape, Conjur::LogSource
Defined in:
lib/conjur/api.rb

Instance Method Summary collapse

Methods included from Conjur::LogSource

#log

Methods included from Conjur::Escape

#fully_escape, #path_escape, #query_escape

Instance Method Details

#audit_resourcesObject



136
137
138
# File 'lib/conjur/api.rb', line 136

def audit_resources
  options[:headers][:conjur_audit_resources].try { |r| Conjur::API.decode_audit_ids(r) }
end

#audit_rolesObject



132
133
134
# File 'lib/conjur/api.rb', line 132

def audit_roles
  options[:headers][:conjur_audit_roles].try { |r| Conjur::API.decode_audit_ids(r) }
end

#conjur_apiConjur::API

Creates a Conjur API from this resource's authorization header.

The new API is created using the token, so it will not be able to refresh when the token expires (after about 8 minutes). This is equivalent to creating an Conjur::API instance with Conjur::API.new_from_token.

Returns:



99
100
101
102
103
104
105
# File 'lib/conjur/api.rb', line 99

def conjur_api
  api = Conjur::API.new_from_token token, remote_ip
  api = api.with_privilege(conjur_privilege) if conjur_privilege
  api = api.with_audit_roles(audit_roles) if audit_roles
  api = api.with_audit_resources(audit_resources) if audit_resources
  api
end

#conjur_privilegeObject



128
129
130
# File 'lib/conjur/api.rb', line 128

def conjur_privilege
  options[:headers][:x_conjur_privilege]
end

#remote_ipObject



124
125
126
# File 'lib/conjur/api.rb', line 124

def remote_ip
  options[:headers][:x_forwarded_for]
end

#tokenHash

Get an authentication token from the clients Authorization header.

Useful fields in the token include "data", which holds the username for which the token was issued, and "timestamp", which contains the time at which the token was issued. The token will expire 8 minutes after timestamp, but we recommend you treat the lifespan as about 5 minutes to account for time differences.

Returns:

  • (Hash)

    the parsed authentication token



115
116
117
118
119
120
121
122
# File 'lib/conjur/api.rb', line 115

def token
  authorization = options[:headers][:authorization]
  if authorization && authorization.to_s[/^Token token="(.*)"/]
    JSON.parse(Base64.decode64($1))
  else
    raise AuthorizationError.new("Authorization missing")
  end
end

#usernameString

The username this resource authenticates as.

Returns:

  • (String)

    the username



143
144
145
# File 'lib/conjur/api.rb', line 143

def username
  options[:user] || options[:username]
end