Class: RestClient::Resource

Inherits:

Object

• Object
• RestClient::Resource

Includes:

Conjur::Cast, Conjur::Escape, Conjur::LogSource

Defined in:

lib/conjur/api.rb

Direct Known Subclasses

Conjur::Deputy, Conjur::Group, Conjur::HostFactory, Conjur::HostFactoryToken, Conjur::Layer, Conjur::Resource, Conjur::Role, Conjur::User, Conjur::Variable

Instance Method Summary

• #audit_resources ⇒ Object
• #audit_roles ⇒ Object
• #conjur_api ⇒ Conjur::API

  Creates a Conjur API from this resource's authorization header.

• #conjur_privilege ⇒ Object
• #remote_ip ⇒ Object
• #token ⇒ Hash

  Get an authentication token from the clients Authorization header.

• #username ⇒ String

  The username this resource authenticates as.

Methods included from Conjur::LogSource

#log

Methods included from Conjur::Escape

#fully_escape, #path_escape, #query_escape

Instance Method Details

#audit_resources ⇒ Object

# File 'lib/conjur/api.rb', line 136

def audit_resources
  options[:headers][:conjur_audit_resources].try { |r| Conjur::API.decode_audit_ids(r) }
end

#audit_roles ⇒ Object

# File 'lib/conjur/api.rb', line 132

def audit_roles
  options[:headers][:conjur_audit_roles].try { |r| Conjur::API.decode_audit_ids(r) }
end

#conjur_api ⇒ Conjur::API

Creates a Conjur API from this resource's authorization header.

The new API is created using the token, so it will not be able to refresh when the token expires (after about 8 minutes). This is equivalent to creating an Conjur::API instance with Conjur::API.new_from_token.

Returns:

• (Conjur::API) —

  the new api

# File 'lib/conjur/api.rb', line 99

def conjur_api
  api = Conjur::API.new_from_token token, remote_ip
  api = api.with_privilege(conjur_privilege) if conjur_privilege
  api = api.with_audit_roles(audit_roles) if audit_roles
  api = api.with_audit_resources(audit_resources) if audit_resources
  api
end

#conjur_privilege ⇒ Object

# File 'lib/conjur/api.rb', line 128

def conjur_privilege
  options[:headers][:x_conjur_privilege]
end

#remote_ip ⇒ Object

# File 'lib/conjur/api.rb', line 124

def remote_ip
  options[:headers][:x_forwarded_for]
end

#token ⇒ Hash

Get an authentication token from the clients Authorization header.

Useful fields in the token include "data", which holds the username for which the token was issued, and "timestamp", which contains the time at which the token was issued. The token will expire 8 minutes after timestamp, but we recommend you treat the lifespan as about 5 minutes to account for time differences.

Returns:

• (Hash) —

  the parsed authentication token

# File 'lib/conjur/api.rb', line 115

def token
  authorization = options[:headers][:authorization]
  if authorization && authorization.to_s[/^Token token="(.*)"/]
    JSON.parse(Base64.decode64($1))
  else
    raise AuthorizationError.new("Authorization missing")
  end
end

#username ⇒ String

The username this resource authenticates as.

Returns:

• (String) —

  the username

# File 'lib/conjur/api.rb', line 143

def username
  options[:user] || options[:username]
end