Module: Conjur::API::Router::V5

Extended by:

V5, Escape::ClassMethods

Included in:

V5

Defined in:

lib/conjur/api/router/v5.rb

Overview

V5 translates method arguments to rest-ful API request parameters. because of this, most of the methods suffer from :reek:LongParameterList: and :reek:UtilityFunction:

Instance Method Summary

• #authenticator(account, authenticator, service_id, credentials) ⇒ Object
• #authenticators ⇒ Object
• #authn_authenticate(account, username) ⇒ Object
• #authn_authenticate_local(username, account, expiration, cidr, &block) ⇒ Object

  For v5, the authn-local message is a JSON string with account, sub, and optional fields.

• #authn_login(account, username, password) ⇒ Object
• #authn_rotate_api_key(credentials, account, id) ⇒ Object
• #authn_rotate_own_api_key(account, username, password) ⇒ Object
• #authn_update_password(account, username, password) ⇒ Object
• #group_attributes(credentials, resource, id) ⇒ Object
• #host_factory_create_host(token) ⇒ Object
• #host_factory_create_tokens(credentials, id) ⇒ Object
• #host_factory_revoke_token(credentials, token) ⇒ Object
• #ldap_sync_policy(credentials, config_name) ⇒ Object
• #parse_group_gidnumber(attributes) ⇒ Object
• #parse_members(credentials, result) ⇒ Object
• #parse_user_uidnumber(attributes) ⇒ Object
• #parse_variable_kind(attributes) ⇒ Object
• #parse_variable_mime_type(attributes) ⇒ Object
• #policies_load_policy(credentials, account, id) ⇒ Object
• #public_keys_for_user(account, username) ⇒ Object
• #resources(credentials, account, kind, options) ⇒ Object
• #resources_check(credentials, id, privilege, role) ⇒ Object
• #resources_permitted_roles(credentials, id, privilege) ⇒ Object
• #resources_resource(credentials, id) ⇒ Object
• #roles_role(credentials, id) ⇒ Object
• #secrets_add(credentials, id) ⇒ Object
• #secrets_value(credentials, id, options) ⇒ Object
• #secrets_values(credentials, variable_ids) ⇒ Object
• #user_attributes(credentials, resource, id) ⇒ Object
• #variable_attributes(credentials, resource, id) ⇒ Object

Methods included from Escape::ClassMethods

fully_escape, path_escape, path_or_query_escape, query_escape

Instance Method Details

#authenticator(account, authenticator, service_id, credentials) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 37

def authenticator account, authenticator, service_id, credentials
  RestClient::Resource.new(Conjur.configuration.core_url, credentials)[fully_escape authenticator][fully_escape service_id][fully_escape account]
end

#authenticators ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 41

def authenticators
  RestClient::Resource.new(Conjur.configuration.core_url)['authenticators']
end

#authn_authenticate(account, username) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 33

def authn_authenticate account, username
  RestClient::Resource.new(Conjur.configuration.authn_url)[fully_escape account][fully_escape username]['authenticate']
end

#authn_authenticate_local(username, account, expiration, cidr, &block) ⇒ Object

For v5, the authn-local message is a JSON string with account, sub, and optional fields.

# File 'lib/conjur/api/router/v5.rb', line 46

def authn_authenticate_local username, account, expiration, cidr, &block
  { account: account, sub: username }.tap do |params|
    params[:exp] = expiration if expiration
    params[:cidr] = cidr if cidr
  end.to_json
end

#authn_login(account, username, password) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 29

def authn_login account, username, password
  RestClient::Resource.new(Conjur.configuration.authn_url, user: username, password: password)[fully_escape account]['login']
end

#authn_rotate_api_key(credentials, account, id) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 57

def authn_rotate_api_key credentials, account, id
  RestClient::Resource.new(Conjur.configuration.core_url, credentials)['authn'][fully_escape account]["api_key?role=#{id}"]
end

#authn_rotate_own_api_key(account, username, password) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 61

def authn_rotate_own_api_key account, username, password
  RestClient::Resource.new(Conjur.configuration.authn_url, user: username, password: password)[fully_escape account]['api_key']
end

#authn_update_password(account, username, password) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 53

def authn_update_password account, username, password
  RestClient::Resource.new(Conjur.configuration.authn_url, user: username, password: password)[fully_escape account]['password']
end

#group_attributes(credentials, resource, id) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 135

def group_attributes credentials, resource, id
  resource_annotations resource
end

#host_factory_create_host(token) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 65

def host_factory_create_host token
  http_options = {
    headers: { authorization: %Q(Token token="#{token}") }
  }
  RestClient::Resource.new(Conjur.configuration.core_url, http_options)["host_factories"]["hosts"]
end

#host_factory_create_tokens(credentials, id) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 72

def host_factory_create_tokens credentials, id
  RestClient::Resource.new(Conjur.configuration.core_url, credentials)['host_factory_tokens']
end

#host_factory_revoke_token(credentials, token) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 76

def host_factory_revoke_token credentials, token
  RestClient::Resource.new(Conjur.configuration.core_url, credentials)['host_factory_tokens'][token]
end

#ldap_sync_policy(credentials, config_name) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 169

def ldap_sync_policy(credentials, config_name)
  RestClient::Resource.new(Conjur.configuration.core_url, credentials)['ldap-sync']["policy?config_name=#{fully_escape(config_name)}"]
end

#parse_group_gidnumber(attributes) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 147

def parse_group_gidnumber attributes
  HasAttributes.annotation_value attributes, 'conjur/gidnumber'
end

#parse_members(credentials, result) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 163

def parse_members credentials, result
  result.map do |json|
    RoleGrant.parse_from_json(json, credentials)
  end
end

#parse_user_uidnumber(attributes) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 151

def parse_user_uidnumber attributes
  HasAttributes.annotation_value attributes, 'conjur/uidnumber'
end

#parse_variable_kind(attributes) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 155

def parse_variable_kind attributes
  HasAttributes.annotation_value attributes, 'conjur/kind'
end

#parse_variable_mime_type(attributes) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 159

def parse_variable_mime_type attributes
  HasAttributes.annotation_value attributes, 'conjur/mime_type'
end

#policies_load_policy(credentials, account, id) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 80

def policies_load_policy credentials, account, id
  RestClient::Resource.new(Conjur.configuration.core_url, credentials)['policies'][fully_escape account]['policy'][fully_escape id]
end

#public_keys_for_user(account, username) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 84

def public_keys_for_user account, username
  RestClient::Resource.new(Conjur.configuration.core_url)['public_keys'][fully_escape account]['user'][fully_escape username]
end

#resources(credentials, account, kind, options) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 88

def resources credentials, account, kind, options
  credentials ||= {}

  path = "/resources/#{fully_escape account}"
  path += "/#{fully_escape kind}" if kind

  RestClient::Resource.new(Conjur.configuration.core_url, credentials)[path][options_querystring options]
end

#resources_check(credentials, id, privilege, role) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 108

def resources_check credentials, id, privilege, role
  options = {}
  options[:check] = true
  options[:privilege] = privilege
  options[:role] = query_escape(Id.new(role)) if role
  resources_resource(credentials, id)[options_querystring options].get
end

#resources_permitted_roles(credentials, id, privilege) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 101

def resources_permitted_roles credentials, id, privilege
  options = {}
  options[:permitted_roles] = true
  options[:privilege] = privilege
  resources_resource(credentials, id)[options_querystring options]
end

#resources_resource(credentials, id) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 97

def resources_resource credentials, id
  RestClient::Resource.new(Conjur.configuration.core_url, credentials)['resources'][id.to_url_path]
end

#roles_role(credentials, id) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 116

def roles_role credentials, id
  RestClient::Resource.new(Conjur.configuration.core_url, credentials)['roles'][id.to_url_path]
end

#secrets_add(credentials, id) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 120

def secrets_add credentials, id
  RestClient::Resource.new(Conjur.configuration.core_url, credentials)['secrets'][id.to_url_path]
end

#secrets_value(credentials, id, options) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 124

def secrets_value credentials, id, options
  RestClient::Resource.new(Conjur.configuration.core_url, credentials)['secrets'][id.to_url_path][options_querystring options]
end

#secrets_values(credentials, variable_ids) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 128

def secrets_values credentials, variable_ids
  options = {
    variable_ids: Array(variable_ids).join(',')
  }
  RestClient::Resource.new(Conjur.configuration.core_url, credentials)['secrets'][options_querystring(options).gsub("%2C", ',')]
end

#user_attributes(credentials, resource, id) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 143

def user_attributes credentials, resource, id
  resource_annotations resource
end

#variable_attributes(credentials, resource, id) ⇒ Object

# File 'lib/conjur/api/router/v5.rb', line 139

def variable_attributes credentials, resource, id
  resource_annotations resource
end