Class: Conjur::Role
- Inherits:
-
RestClient::Resource
- Object
- RestClient::Resource
- Conjur::Role
- Defined in:
- lib/conjur/role.rb
Instance Method Summary collapse
- #all(options = {}) ⇒ Object
- #create(options = {}) ⇒ Object
- #grant_to(member, options = {}) ⇒ Object
- #identifier ⇒ Object (also: #id)
- #member_of?(other_role) ⇒ Boolean
- #members ⇒ Object
- #permitted?(resource_id, privilege, options = {}) ⇒ Boolean
- #revoke_from(member, options = {}) ⇒ Object
- #roleid ⇒ Object
Methods included from PathBased
Methods included from Exists
Instance Method Details
#all(options = {}) ⇒ Object
48 49 50 51 52 53 54 55 56 57 58 |
# File 'lib/conjur/role.rb', line 48 def all( = {}) query_string = "?all" if filter = .delete(:filter) filter = [filter] unless filter.is_a?(Array) (query_string << "&" << filter.to_query("filter")) unless filter.empty? end JSON.parse(self[query_string].get()).collect do |id| Role.new(Conjur::Authz::API.host, self.)[Conjur::API.parse_role_id(id).join('/')] end end |
#create(options = {}) ⇒ Object
38 39 40 41 42 43 44 45 46 |
# File 'lib/conjur/role.rb', line 38 def create( = {}) log do |logger| logger << "Creating role #{kind}:#{identifier}" unless .empty? logger << " with options #{.to_json}" end end self.put() end |
#grant_to(member, options = {}) ⇒ Object
64 65 66 67 68 69 70 71 72 |
# File 'lib/conjur/role.rb', line 64 def grant_to(member, ={}) log do |logger| logger << "Granting role #{identifier} to #{member}" unless .blank? logger << " with options #{.to_json}" end end self["?members&member=#{query_escape member}"].put() end |
#identifier ⇒ Object Also known as: id
28 29 30 |
# File 'lib/conjur/role.rb', line 28 def identifier match_path(3..-1) end |
#member_of?(other_role) ⇒ Boolean
60 61 62 |
# File 'lib/conjur/role.rb', line 60 def member_of?(other_role) not all(filter: (other_role.roleid rescue other_role)).empty? end |
#members ⇒ Object
92 93 94 95 96 |
# File 'lib/conjur/role.rb', line 92 def members JSON.parse(self["?members"].get()).collect do |json| RoleGrant.parse_from_json(json, self.) end end |
#permitted?(resource_id, privilege, options = {}) ⇒ Boolean
84 85 86 87 88 89 90 |
# File 'lib/conjur/role.rb', line 84 def permitted?(resource_id, privilege, = {}) # NOTE: in previous versions there was 'kind' passed separately. Now it is part of id self["?check&resource_id=#{query_escape resource_id}&privilege=#{query_escape privilege}"].get() true rescue RestClient::ResourceNotFound false end |
#revoke_from(member, options = {}) ⇒ Object
74 75 76 77 78 79 80 81 82 |
# File 'lib/conjur/role.rb', line 74 def revoke_from(member, = {}) log do |logger| logger << "Revoking role #{identifier} from #{member}" unless .empty? logger << " with options #{.to_json}" end end self["?members&member=#{query_escape member}"].delete() end |
#roleid ⇒ Object
34 35 36 |
# File 'lib/conjur/role.rb', line 34 def roleid [ account, kind, identifier ].join(':') end |