Module: Conjur::API::Router::V4
Instance Method Summary
collapse
-
#authn_authenticate(account, username) ⇒ Object
-
#authn_authenticate_local(username, account, expiration, cidr, &block) ⇒ Object
For v4, the authn-local message is the username.
-
#authn_login(account, username, password) ⇒ Object
-
#authn_rotate_api_key(credentials, account, id) ⇒ Object
-
#authn_rotate_own_api_key(account, username, password) ⇒ Object
-
#group_attributes(credentials, resource, id) ⇒ Object
-
#host_factory_create_host(token) ⇒ Object
-
#host_factory_create_tokens(credentials, id) ⇒ Object
-
#host_factory_revoke_token(credentials, token) ⇒ Object
-
#parse_group_gidnumber(attributes) ⇒ Object
-
#parse_members(credentials, result) ⇒ Object
-
#parse_user_uidnumber(attributes) ⇒ Object
-
#parse_variable_kind(attributes) ⇒ Object
-
#parse_variable_mime_type(attributes) ⇒ Object
-
#resources_check(credentials, id, privilege, role) ⇒ Object
-
#resources_permitted_roles(credentials, id, privilege) ⇒ Object
-
#resources_resource(credentials, id) ⇒ Object
-
#roles_role(credentials, id) ⇒ Object
-
#secrets_add(credentials, id) ⇒ Object
-
#secrets_value(credentials, id, options) ⇒ Object
-
#secrets_values(credentials, variable_ids) ⇒ Object
-
#user_attributes(credentials, resource, id) ⇒ Object
-
#variable(credentials, id) ⇒ Object
-
#variable_attributes(credentials, resource, id) ⇒ Object
fully_escape, path_escape, path_or_query_escape, query_escape
Instance Method Details
#authn_authenticate(account, username) ⇒ Object
14
15
16
17
|
# File 'lib/conjur/api/router/v4.rb', line 14
def authn_authenticate account, username
verify_account(account)
RestClient::Resource.new(Conjur.configuration.authn_url)['users'][fully_escape username]['authenticate']
end
|
#authn_authenticate_local(username, account, expiration, cidr, &block) ⇒ Object
For v4, the authn-local message is the username.
20
21
22
23
24
25
26
27
|
# File 'lib/conjur/api/router/v4.rb', line 20
def authn_authenticate_local username, account, expiration, cidr, &block
verify_account(account)
raise "'expiration' is not supported for authn-local v4" if expiration
raise "'cidr' is not supported for authn-local v4" if cidr
username
end
|
#authn_login(account, username, password) ⇒ Object
9
10
11
12
|
# File 'lib/conjur/api/router/v4.rb', line 9
def authn_login account, username, password
verify_account(account)
RestClient::Resource.new(Conjur.configuration.authn_url, user: username, password: password)['users/login']
end
|
#authn_rotate_api_key(credentials, account, id) ⇒ Object
29
30
31
32
33
34
35
36
37
|
# File 'lib/conjur/api/router/v4.rb', line 29
def authn_rotate_api_key credentials, account, id
verify_account(account)
username = if id.kind == "user"
id.identifier
else
[ id.kind, id.identifier ].join('/')
end
RestClient::Resource.new(Conjur.configuration.authn_url, credentials)['users']["api_key?id=#{username}"]
end
|
#authn_rotate_own_api_key(account, username, password) ⇒ Object
39
40
41
42
|
# File 'lib/conjur/api/router/v4.rb', line 39
def authn_rotate_own_api_key account, username, password
verify_account(account)
RestClient::Resource.new(Conjur.configuration.authn_url, user: username, password: password)['users']["api_key"]
end
|
#group_attributes(credentials, resource, id) ⇒ Object
104
105
106
107
|
# File 'lib/conjur/api/router/v4.rb', line 104
def group_attributes credentials, resource, id
verify_account(id.account)
JSON.parse(RestClient::Resource.new(Conjur.configuration.core_url, credentials)['groups'][fully_escape id.identifier].get)
end
|
#host_factory_create_host(token) ⇒ Object
44
45
46
47
48
49
|
# File 'lib/conjur/api/router/v4.rb', line 44
def host_factory_create_host token
http_options = {
headers: { authorization: %Q(Token token="#{token}") }
}
RestClient::Resource.new(Conjur.configuration.core_url, http_options)['host_factories']['hosts']
end
|
#host_factory_create_tokens(credentials, id) ⇒ Object
51
52
53
|
# File 'lib/conjur/api/router/v4.rb', line 51
def host_factory_create_tokens credentials, id
RestClient::Resource.new(Conjur.configuration.core_url, credentials)['host_factories'][id.identifier]['tokens']
end
|
#host_factory_revoke_token(credentials, token) ⇒ Object
55
56
57
|
# File 'lib/conjur/api/router/v4.rb', line 55
def host_factory_revoke_token credentials, token
RestClient::Resource.new(Conjur.configuration.core_url, credentials)['host_factories']['tokens'][token]
end
|
#parse_group_gidnumber(attributes) ⇒ Object
119
120
121
|
# File 'lib/conjur/api/router/v4.rb', line 119
def parse_group_gidnumber attributes
attributes['gidnumber']
end
|
#parse_members(credentials, result) ⇒ Object
135
136
137
138
139
|
# File 'lib/conjur/api/router/v4.rb', line 135
def parse_members credentials, result
result.collect do |json|
RoleGrant.parse_from_json(json, credentials)
end
end
|
#parse_user_uidnumber(attributes) ⇒ Object
123
124
125
|
# File 'lib/conjur/api/router/v4.rb', line 123
def parse_user_uidnumber attributes
attributes['uidnumber']
end
|
#parse_variable_kind(attributes) ⇒ Object
127
128
129
|
# File 'lib/conjur/api/router/v4.rb', line 127
def parse_variable_kind attributes
attributes['kind']
end
|
#parse_variable_mime_type(attributes) ⇒ Object
131
132
133
|
# File 'lib/conjur/api/router/v4.rb', line 131
def parse_variable_mime_type attributes
attributes['mime_type']
end
|
#resources_check(credentials, id, privilege, role) ⇒ Object
63
64
65
66
67
68
69
70
71
72
73
|
# File 'lib/conjur/api/router/v4.rb', line 63
def resources_check credentials, id, privilege, role
options = {}
options[:check] = true
options[:privilege] = privilege
if role
options[:resource_id] = id
roles_role(credentials, Id.new(role))[options_querystring options].get
else
resources_resource(credentials, id)[options_querystring options].get
end
end
|
#resources_permitted_roles(credentials, id, privilege) ⇒ Object
75
76
77
|
# File 'lib/conjur/api/router/v4.rb', line 75
def resources_permitted_roles credentials, id, privilege
RestClient::Resource.new(Conjur.configuration.core_url, credentials)['authz'][id.account]['roles']['allowed_to'][privilege][id.kind][id.identifier]
end
|
#resources_resource(credentials, id) ⇒ Object
59
60
61
|
# File 'lib/conjur/api/router/v4.rb', line 59
def resources_resource credentials, id
RestClient::Resource.new(Conjur.configuration.core_url, credentials)['authz'][id.account]['resources'][id.kind][id.identifier]
end
|
#roles_role(credentials, id) ⇒ Object
79
80
81
|
# File 'lib/conjur/api/router/v4.rb', line 79
def roles_role credentials, id
RestClient::Resource.new(Conjur.configuration.core_url, credentials)['authz'][id.account]['roles'][id.kind][id.identifier]
end
|
#secrets_add(credentials, id) ⇒ Object
83
84
85
86
|
# File 'lib/conjur/api/router/v4.rb', line 83
def secrets_add credentials, id
verify_account(id.account)
RestClient::Resource.new(Conjur.configuration.core_url, credentials)['variables'][fully_escape id.identifier]['values']
end
|
#secrets_value(credentials, id, options) ⇒ Object
93
94
95
|
# File 'lib/conjur/api/router/v4.rb', line 93
def secrets_value credentials, id, options
RestClient::Resource.new(Conjur.configuration.core_url, credentials)['variables'][fully_escape id.identifier]['value'][options_querystring options]
end
|
#secrets_values(credentials, variable_ids) ⇒ Object
97
98
99
100
101
102
|
# File 'lib/conjur/api/router/v4.rb', line 97
def secrets_values credentials, variable_ids
options = {
vars: Array(variable_ids).map { |v| fully_escape(v.identifier) }.join(',')
}
RestClient::Resource.new(Conjur.configuration.core_url, credentials)['variables']['values'][options_querystring options]
end
|
#user_attributes(credentials, resource, id) ⇒ Object
114
115
116
117
|
# File 'lib/conjur/api/router/v4.rb', line 114
def user_attributes credentials, resource, id
verify_account(id.account)
JSON.parse(RestClient::Resource.new(Conjur.configuration.core_url, credentials)['users'][fully_escape id.identifier].get)
end
|
#variable(credentials, id) ⇒ Object
88
89
90
91
|
# File 'lib/conjur/api/router/v4.rb', line 88
def variable credentials, id
verify_account(id.account)
RestClient::Resource.new(Conjur.configuration.core_url, credentials)['variables'][fully_escape id.identifier]
end
|
#variable_attributes(credentials, resource, id) ⇒ Object
109
110
111
112
|
# File 'lib/conjur/api/router/v4.rb', line 109
def variable_attributes credentials, resource, id
verify_account(id.account)
JSON.parse(RestClient::Resource.new(Conjur.configuration.core_url, credentials)['variables'][fully_escape id.identifier].get)
end
|