Class: Conjur::API::TokenFileAuthenticator

Inherits:

Object

• Object
• Conjur::API::TokenFileAuthenticator

Defined in:

lib/conjur/base.rb

Overview

Obtains fresh tokens by reading them from a file. Some other process is assumed to be acquiring tokens and storing them to the file on a regular basis.

This authenticator assumes that the token was created immediately before it was written to the file.

Instance Attribute Summary

• #last_mtime ⇒ Object readonly

  Returns the value of attribute last_mtime.

• #token_file ⇒ Object readonly

  Returns the value of attribute token_file.

Instance Method Summary

• #initialize(token_file) ⇒ TokenFileAuthenticator constructor

  A new instance of TokenFileAuthenticator.

• #mtime ⇒ Object
• #needs_token_refresh? ⇒ Boolean
• #refresh_token ⇒ Object

Constructor Details

#initialize(token_file) ⇒ TokenFileAuthenticator

Returns a new instance of TokenFileAuthenticator.

# File 'lib/conjur/base.rb', line 343

def initialize token_file
  @token_file = token_file
end

Instance Attribute Details

#last_mtime ⇒ Object (readonly)

Returns the value of attribute last_mtime.

# File 'lib/conjur/base.rb', line 347

def last_mtime
  @last_mtime
end

#token_file ⇒ Object (readonly)

Returns the value of attribute token_file.

# File 'lib/conjur/base.rb', line 341

def token_file
  @token_file
end

Instance Method Details

#mtime ⇒ Object

# File 'lib/conjur/base.rb', line 349

def mtime
  File.mtime token_file
end

#needs_token_refresh? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/conjur/base.rb', line 363

def needs_token_refresh?
  mtime != last_mtime
end

#refresh_token ⇒ Object

# File 'lib/conjur/base.rb', line 353

def refresh_token
  # There's a race condition here in which the file could be updated
  # after we read the mtime but before we read the file contents. So to be
  # conservative, use the oldest possible mtime.
  mtime = self.mtime
  File.open token_file, 'r' do |f|
    JSON.load(f.read).tap { @last_mtime = mtime }
  end
end