Module: Conjur::API::Router::V5
Instance Method Summary
collapse
-
#authn_authenticate(account, username) ⇒ Object
-
#authn_authenticate_local(username, account, expiration, cidr, &block) ⇒ Object
For v5, the authn-local message is a JSON string with account, sub, and optional fields.
-
#authn_login(account, username, password) ⇒ Object
-
#authn_rotate_api_key(credentials, account, id) ⇒ Object
-
#authn_rotate_own_api_key(account, username, password) ⇒ Object
-
#authn_update_password(account, username, password) ⇒ Object
-
#group_attributes(credentials, resource, id) ⇒ Object
-
#host_factory_create_host(token) ⇒ Object
-
#host_factory_create_tokens(credentials, id) ⇒ Object
-
#host_factory_revoke_token(credentials, token) ⇒ Object
-
#ldap_sync_policy(credentials, config_name) ⇒ Object
-
#parse_group_gidnumber(attributes) ⇒ Object
-
#parse_members(credentials, result) ⇒ Object
-
#parse_user_uidnumber(attributes) ⇒ Object
-
#parse_variable_kind(attributes) ⇒ Object
-
#parse_variable_mime_type(attributes) ⇒ Object
-
#policies_load_policy(credentials, account, id) ⇒ Object
-
#public_keys_for_user(account, username) ⇒ Object
-
#resources(credentials, account, kind, options) ⇒ Object
-
#resources_check(credentials, id, privilege, role) ⇒ Object
-
#resources_permitted_roles(credentials, id, privilege) ⇒ Object
-
#resources_resource(credentials, id) ⇒ Object
-
#roles_role(credentials, id) ⇒ Object
-
#secrets_add(credentials, id) ⇒ Object
-
#secrets_value(credentials, id, options) ⇒ Object
-
#secrets_values(credentials, variable_ids) ⇒ Object
-
#user_attributes(credentials, resource, id) ⇒ Object
-
#variable_attributes(credentials, resource, id) ⇒ Object
fully_escape, path_escape, path_or_query_escape, query_escape
Instance Method Details
#authn_authenticate(account, username) ⇒ Object
29
30
31
|
# File 'lib/conjur/api/router/v5.rb', line 29
def authn_authenticate account, username
RestClient::Resource.new(Conjur.configuration.authn_url)[fully_escape account][fully_escape username]['authenticate']
end
|
#authn_authenticate_local(username, account, expiration, cidr, &block) ⇒ Object
For v5, the authn-local message is a JSON string with account, sub, and optional fields.
34
35
36
37
38
39
|
# File 'lib/conjur/api/router/v5.rb', line 34
def authn_authenticate_local username, account, expiration, cidr, &block
{ account: account, sub: username }.tap do |params|
params[:exp] = expiration if expiration
params[:cidr] = cidr if cidr
end.to_json
end
|
#authn_login(account, username, password) ⇒ Object
25
26
27
|
# File 'lib/conjur/api/router/v5.rb', line 25
def authn_login account, username, password
RestClient::Resource.new(Conjur.configuration.authn_url, user: username, password: password)[fully_escape account]['login']
end
|
#authn_rotate_api_key(credentials, account, id) ⇒ Object
45
46
47
|
# File 'lib/conjur/api/router/v5.rb', line 45
def authn_rotate_api_key credentials, account, id
RestClient::Resource.new(Conjur.configuration.core_url, credentials)['authn'][fully_escape account]["api_key?role=#{id}"]
end
|
#authn_rotate_own_api_key(account, username, password) ⇒ Object
49
50
51
|
# File 'lib/conjur/api/router/v5.rb', line 49
def authn_rotate_own_api_key account, username, password
RestClient::Resource.new(Conjur.configuration.authn_url, user: username, password: password)[fully_escape account]['api_key']
end
|
#authn_update_password(account, username, password) ⇒ Object
41
42
43
|
# File 'lib/conjur/api/router/v5.rb', line 41
def authn_update_password account, username, password
RestClient::Resource.new(Conjur.configuration.authn_url, user: username, password: password)[fully_escape account]['password']
end
|
#group_attributes(credentials, resource, id) ⇒ Object
123
124
125
|
# File 'lib/conjur/api/router/v5.rb', line 123
def group_attributes credentials, resource, id
resource_annotations resource
end
|
#host_factory_create_host(token) ⇒ Object
53
54
55
56
57
58
|
# File 'lib/conjur/api/router/v5.rb', line 53
def host_factory_create_host token
http_options = {
headers: { authorization: %Q(Token token="#{token}") }
}
RestClient::Resource.new(Conjur.configuration.core_url, http_options)["host_factories"]["hosts"]
end
|
#host_factory_create_tokens(credentials, id) ⇒ Object
60
61
62
|
# File 'lib/conjur/api/router/v5.rb', line 60
def host_factory_create_tokens credentials, id
RestClient::Resource.new(Conjur.configuration.core_url, credentials)['host_factory_tokens']
end
|
#host_factory_revoke_token(credentials, token) ⇒ Object
64
65
66
|
# File 'lib/conjur/api/router/v5.rb', line 64
def host_factory_revoke_token credentials, token
RestClient::Resource.new(Conjur.configuration.core_url, credentials)['host_factory_tokens'][token]
end
|
#ldap_sync_policy(credentials, config_name) ⇒ Object
157
158
159
|
# File 'lib/conjur/api/router/v5.rb', line 157
def ldap_sync_policy(credentials, config_name)
RestClient::Resource.new(Conjur.configuration.core_url, credentials)['ldap-sync']["policy?config_name=#{fully_escape(config_name)}"]
end
|
#parse_group_gidnumber(attributes) ⇒ Object
135
136
137
|
# File 'lib/conjur/api/router/v5.rb', line 135
def parse_group_gidnumber attributes
HasAttributes.annotation_value attributes, 'conjur/gidnumber'
end
|
#parse_members(credentials, result) ⇒ Object
151
152
153
154
155
|
# File 'lib/conjur/api/router/v5.rb', line 151
def parse_members credentials, result
result.map do |json|
RoleGrant.parse_from_json(json, credentials)
end
end
|
#parse_user_uidnumber(attributes) ⇒ Object
139
140
141
|
# File 'lib/conjur/api/router/v5.rb', line 139
def parse_user_uidnumber attributes
HasAttributes.annotation_value attributes, 'conjur/uidnumber'
end
|
#parse_variable_kind(attributes) ⇒ Object
143
144
145
|
# File 'lib/conjur/api/router/v5.rb', line 143
def parse_variable_kind attributes
HasAttributes.annotation_value attributes, 'conjur/kind'
end
|
#parse_variable_mime_type(attributes) ⇒ Object
147
148
149
|
# File 'lib/conjur/api/router/v5.rb', line 147
def parse_variable_mime_type attributes
HasAttributes.annotation_value attributes, 'conjur/mime_type'
end
|
#policies_load_policy(credentials, account, id) ⇒ Object
68
69
70
|
# File 'lib/conjur/api/router/v5.rb', line 68
def policies_load_policy credentials, account, id
RestClient::Resource.new(Conjur.configuration.core_url, credentials)['policies'][fully_escape account]['policy'][fully_escape id]
end
|
#public_keys_for_user(account, username) ⇒ Object
72
73
74
|
# File 'lib/conjur/api/router/v5.rb', line 72
def public_keys_for_user account, username
RestClient::Resource.new(Conjur.configuration.core_url)['public_keys'][fully_escape account]['user'][fully_escape username]
end
|
#resources(credentials, account, kind, options) ⇒ Object
76
77
78
79
80
81
82
83
|
# File 'lib/conjur/api/router/v5.rb', line 76
def resources credentials, account, kind, options
credentials ||= {}
path = "/resources/#{fully_escape account}"
path += "/#{fully_escape kind}" if kind
RestClient::Resource.new(Conjur.configuration.core_url, credentials)[path][options_querystring options]
end
|
#resources_check(credentials, id, privilege, role) ⇒ Object
96
97
98
99
100
101
102
|
# File 'lib/conjur/api/router/v5.rb', line 96
def resources_check credentials, id, privilege, role
options = {}
options[:check] = true
options[:privilege] = privilege
options[:role] = query_escape(Id.new(role)) if role
resources_resource(credentials, id)[options_querystring options].get
end
|
#resources_permitted_roles(credentials, id, privilege) ⇒ Object
89
90
91
92
93
94
|
# File 'lib/conjur/api/router/v5.rb', line 89
def resources_permitted_roles credentials, id, privilege
options = {}
options[:permitted_roles] = true
options[:privilege] = privilege
resources_resource(credentials, id)[options_querystring options]
end
|
#resources_resource(credentials, id) ⇒ Object
85
86
87
|
# File 'lib/conjur/api/router/v5.rb', line 85
def resources_resource credentials, id
RestClient::Resource.new(Conjur.configuration.core_url, credentials)['resources'][id.to_url_path]
end
|
#roles_role(credentials, id) ⇒ Object
104
105
106
|
# File 'lib/conjur/api/router/v5.rb', line 104
def roles_role credentials, id
RestClient::Resource.new(Conjur.configuration.core_url, credentials)['roles'][id.to_url_path]
end
|
#secrets_add(credentials, id) ⇒ Object
108
109
110
|
# File 'lib/conjur/api/router/v5.rb', line 108
def secrets_add credentials, id
RestClient::Resource.new(Conjur.configuration.core_url, credentials)['secrets'][id.to_url_path]
end
|
#secrets_value(credentials, id, options) ⇒ Object
112
113
114
|
# File 'lib/conjur/api/router/v5.rb', line 112
def secrets_value credentials, id, options
RestClient::Resource.new(Conjur.configuration.core_url, credentials)['secrets'][id.to_url_path][options_querystring options]
end
|
#secrets_values(credentials, variable_ids) ⇒ Object
116
117
118
119
120
121
|
# File 'lib/conjur/api/router/v5.rb', line 116
def secrets_values credentials, variable_ids
options = {
variable_ids: Array(variable_ids).join(',')
}
RestClient::Resource.new(Conjur.configuration.core_url, credentials)['secrets'][options_querystring(options).gsub("%2C", ',')]
end
|
#user_attributes(credentials, resource, id) ⇒ Object
131
132
133
|
# File 'lib/conjur/api/router/v5.rb', line 131
def user_attributes credentials, resource, id
resource_annotations resource
end
|
#variable_attributes(credentials, resource, id) ⇒ Object
127
128
129
|
# File 'lib/conjur/api/router/v5.rb', line 127
def variable_attributes credentials, resource, id
resource_annotations resource
end
|