Class: RestClient::Resource
- Inherits:
-
Object
- Object
- RestClient::Resource
- Includes:
- Conjur::Cast, Conjur::Escape, Conjur::LogSource
- Defined in:
- lib/conjur/api.rb
Direct Known Subclasses
Conjur::Deputy, Conjur::Group, Conjur::HostFactory, Conjur::HostFactoryToken, Conjur::Layer, Conjur::Resource, Conjur::Role, Conjur::User, Conjur::Variable
Instance Method Summary collapse
- #audit_resources ⇒ Object
- #audit_roles ⇒ Object
-
#conjur_api ⇒ Conjur::API
Creates a Conjur API from this resource's authorization header.
- #conjur_privilege ⇒ Object
- #remote_ip ⇒ Object
-
#token ⇒ Hash
Get an authentication token from the clients Authorization header.
-
#username ⇒ String
The username this resource authenticates as.
Methods included from Conjur::LogSource
Methods included from Conjur::Escape
#fully_escape, #path_escape, #query_escape
Instance Method Details
#audit_resources ⇒ Object
136 137 138 |
# File 'lib/conjur/api.rb', line 136 def audit_resources [:headers][:conjur_audit_resources].try { |r| Conjur::API.decode_audit_ids(r) } end |
#audit_roles ⇒ Object
132 133 134 |
# File 'lib/conjur/api.rb', line 132 def audit_roles [:headers][:conjur_audit_roles].try { |r| Conjur::API.decode_audit_ids(r) } end |
#conjur_api ⇒ Conjur::API
Creates a Conjur API from this resource's authorization header.
The new API is created using the token, so it will not be able to refresh when the token expires (after about 8 minutes). This is equivalent to creating an Conjur::API instance with Conjur::API.new_from_token.
99 100 101 102 103 104 105 |
# File 'lib/conjur/api.rb', line 99 def conjur_api api = Conjur::API.new_from_token token, remote_ip api = api.with_privilege(conjur_privilege) if conjur_privilege api = api.with_audit_roles(audit_roles) if audit_roles api = api.with_audit_resources(audit_resources) if audit_resources api end |
#conjur_privilege ⇒ Object
128 129 130 |
# File 'lib/conjur/api.rb', line 128 def conjur_privilege [:headers][:x_conjur_privilege] end |
#remote_ip ⇒ Object
124 125 126 |
# File 'lib/conjur/api.rb', line 124 def remote_ip [:headers][:x_forwarded_for] end |
#token ⇒ Hash
Get an authentication token from the clients Authorization header.
Useful fields in the token include "data"
, which holds the username for which the
token was issued, and "timestamp"
, which contains the time at which the token was issued.
The token will expire 8 minutes after timestamp, but we recommend you treat the lifespan as
about 5 minutes to account for time differences.
115 116 117 118 119 120 121 122 |
# File 'lib/conjur/api.rb', line 115 def token = [:headers][:authorization] if && .to_s[/^Token token="(.*)"/] JSON.parse(Base64.decode64($1)) else raise AuthorizationError.new("Authorization missing") end end |
#username ⇒ String
The username this resource authenticates as.
143 144 145 |
# File 'lib/conjur/api.rb', line 143 def username [:user] || [:username] end |