Module: Conjur::API::Router::V4

Extended by:

V4, Escape::ClassMethods

Included in:

V4

Defined in:

lib/conjur/api/router/v4.rb

Instance Method Summary

• #authn_authenticate(account, username) ⇒ Object
• #authn_authenticate_local(username, account, expiration, cidr, &block) ⇒ Object

  For v4, the authn-local message is the username.

• #authn_login(account, username, password) ⇒ Object
• #authn_rotate_api_key(credentials, account, id) ⇒ Object
• #authn_rotate_own_api_key(account, username, password) ⇒ Object
• #group_attributes(credentials, resource, id) ⇒ Object
• #host_factory_create_host(token) ⇒ Object
• #host_factory_create_tokens(credentials, id) ⇒ Object
• #host_factory_revoke_token(credentials, token) ⇒ Object
• #parse_group_gidnumber(attributes) ⇒ Object
• #parse_members(credentials, result) ⇒ Object
• #parse_user_uidnumber(attributes) ⇒ Object
• #parse_variable_kind(attributes) ⇒ Object
• #parse_variable_mime_type(attributes) ⇒ Object
• #resources_check(credentials, id, privilege, role) ⇒ Object
• #resources_permitted_roles(credentials, id, privilege) ⇒ Object
• #resources_resource(credentials, id) ⇒ Object
• #roles_role(credentials, id) ⇒ Object
• #secrets_add(credentials, id) ⇒ Object
• #secrets_value(credentials, id, options) ⇒ Object
• #secrets_values(credentials, variable_ids) ⇒ Object
• #user_attributes(credentials, resource, id) ⇒ Object
• #variable(credentials, id) ⇒ Object
• #variable_attributes(credentials, resource, id) ⇒ Object

Methods included from Escape::ClassMethods

fully_escape, path_escape, path_or_query_escape, query_escape

Instance Method Details

#authn_authenticate(account, username) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 20

def authn_authenticate account, username
  verify_account(account)
  RestClient::Resource.new(
    Conjur.configuration.authn_url,
    Conjur.configuration.rest_client_options
  )['users'][fully_escape username]['authenticate']
end

#authn_authenticate_local(username, account, expiration, cidr, &block) ⇒ Object

For v4, the authn-local message is the username.

# File 'lib/conjur/api/router/v4.rb', line 29

def authn_authenticate_local username, account, expiration, cidr, &block
  verify_account(account)

  raise "'expiration' is not supported for authn-local v4" if expiration
  raise "'cidr' is not supported for authn-local v4" if cidr

  username
end

#authn_login(account, username, password) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 9

def authn_login account, username, password
  verify_account(account)
  RestClient::Resource.new(
    Conjur.configuration.authn_url,
    Conjur.configuration.create_rest_client_options(
      user: username,
      password: password
    )
  )['users/login']
end

#authn_rotate_api_key(credentials, account, id) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 38

def authn_rotate_api_key credentials, account, id
  verify_account(account)
  username = id.kind == "user" ? id.identifier : [id.kind, id.identifier].join('/')
  RestClient::Resource.new(
    Conjur.configuration.authn_url,
    Conjur.configuration.create_rest_client_options(credentials)
  )['users']["api_key?id=#{username}"]
end

#authn_rotate_own_api_key(account, username, password) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 47

def authn_rotate_own_api_key account, username, password
  verify_account(account)
  RestClient::Resource.new(
    Conjur.configuration.authn_url,
    Conjur.configuration.create_rest_client_options(user: username, password: password)
  )['users']["api_key"]
end

#group_attributes(credentials, resource, id) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 146

def group_attributes credentials, resource, id
  verify_account(id.account)
  JSON.parse(
    RestClient::Resource.new(
      Conjur.configuration.core_url,
      Conjur.configuration.create_rest_client_options(credentials)
    )['groups'][fully_escape id.identifier].get
  )
end

#host_factory_create_host(token) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 55

def host_factory_create_host token
  http_options = {
    headers: { authorization: %Q(Token token="#{token}") }
  }
  RestClient::Resource.new(
    Conjur.configuration.core_url,
    Conjur.configuration.create_rest_client_options(http_options)
  )['host_factories']['hosts']
end

#host_factory_create_tokens(credentials, id) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 65

def host_factory_create_tokens credentials, id
  RestClient::Resource.new(
    Conjur.configuration.core_url,
    Conjur.configuration.create_rest_client_options(credentials)
  )['host_factories'][id.identifier]['tokens']
end

#host_factory_revoke_token(credentials, token) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 72

def host_factory_revoke_token credentials, token
  RestClient::Resource.new(
    Conjur.configuration.core_url,
    Conjur.configuration.create_rest_client_options(credentials)
  )['host_factories']['tokens'][token]
end

#parse_group_gidnumber(attributes) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 176

def parse_group_gidnumber attributes
  attributes['gidnumber']
end

#parse_members(credentials, result) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 192

def parse_members credentials, result
  result.collect do |json|
    RoleGrant.parse_from_json(json, credentials)
  end
end

#parse_user_uidnumber(attributes) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 180

def parse_user_uidnumber attributes
  attributes['uidnumber']
end

#parse_variable_kind(attributes) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 184

def parse_variable_kind attributes
  attributes['kind']
end

#parse_variable_mime_type(attributes) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 188

def parse_variable_mime_type attributes
  attributes['mime_type']
end

#resources_check(credentials, id, privilege, role) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 87

def resources_check credentials, id, privilege, role
  options = {}
  options[:check] = true
  options[:privilege] = privilege
  if role
    options[:resource_id] = id
    roles_role(credentials, Id.new(role))[options_querystring options].get
  else
    resources_resource(credentials, id)[options_querystring options].get
  end
end

#resources_permitted_roles(credentials, id, privilege) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 99

def resources_permitted_roles credentials, id, privilege
  RestClient::Resource.new(
    Conjur.configuration.core_url,
    Conjur.configuration.create_rest_client_options(credentials)
  )['authz'][id.account]['roles']['allowed_to'][privilege][id.kind][id.identifier]
end

#resources_resource(credentials, id) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 79

def resources_resource credentials, id

  RestClient::Resource.new(
    Conjur.configuration.core_url,
    Conjur.configuration.create_rest_client_options(credentials)
  )['authz'][id.account]['resources'][id.kind][id.identifier]
end

#roles_role(credentials, id) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 106

def roles_role credentials, id
  RestClient::Resource.new(
    Conjur.configuration.core_url,
    Conjur.configuration.create_rest_client_options(credentials)
  )['authz'][id.account]['roles'][id.kind][id.identifier]
end

#secrets_add(credentials, id) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 113

def secrets_add credentials, id
  verify_account(id.account)
  RestClient::Resource.new(
    Conjur.configuration.core_url,
    Conjur.configuration.create_rest_client_options(credentials)
  )['variables'][fully_escape id.identifier]['values']
end

#secrets_value(credentials, id, options) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 129

def secrets_value credentials, id, options
  RestClient::Resource.new(
    Conjur.configuration.core_url,
    Conjur.configuration.create_rest_client_options(credentials)
  )['variables'][fully_escape id.identifier]['value'][options_querystring options]
end

#secrets_values(credentials, variable_ids) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 136

def secrets_values credentials, variable_ids
  options = {
    vars: Array(variable_ids).map { |v| fully_escape(v.identifier) }.join(',')
  }
  RestClient::Resource.new(
    Conjur.configuration.core_url,
    Conjur.configuration.create_rest_client_options(credentials)
  )['variables']['values'][options_querystring options]
end

#user_attributes(credentials, resource, id) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 166

def user_attributes credentials, resource, id
  verify_account(id.account)
  JSON.parse(
    RestClient::Resource.new(
      Conjur.configuration.core_url,
      Conjur.configuration.create_rest_client_options(credentials)
    )['users'][fully_escape id.identifier].get
  )
end

#variable(credentials, id) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 121

def variable credentials, id
  verify_account(id.account)
  RestClient::Resource.new(
    Conjur.configuration.core_url,
    Conjur.configuration.create_rest_client_options(credentials)
  )['variables'][fully_escape id.identifier]
end

#variable_attributes(credentials, resource, id) ⇒ Object

# File 'lib/conjur/api/router/v4.rb', line 156

def variable_attributes credentials, resource, id
  verify_account(id.account)
  JSON.parse(
    RestClient::Resource.new(
      Conjur.configuration.core_url,
      Conjur.configuration.create_rest_client_options(credentials)
    )['variables'][fully_escape id.identifier].get
  )
end