Class: Conjur::Policy::Planner::BaseFacts
- Defined in:
- lib/conjur/policy/planner/facts.rb
Overview
Stores the state of existing and requested grants (roles or privileges).
The difference between the existing and requested grants can be used to determine specifically what actions should be performed in order to bring the state of the server into compliance with the policy.
Direct Known Subclasses
Instance Attribute Summary collapse
-
#existing ⇒ Object
Returns the value of attribute existing.
-
#existing_with_admin_flag ⇒ Object
Returns the value of attribute existing_with_admin_flag.
-
#planner ⇒ Object
Returns the value of attribute planner.
-
#requested ⇒ Object
Returns the value of attribute requested.
-
#requested_with_admin_flag ⇒ Object
Returns the value of attribute requested_with_admin_flag.
Instance Method Summary collapse
- #api ⇒ Object
-
#grants_to_apply ⇒ Object
Return the set of grants which are requested but not already held.
-
#grants_to_revoke ⇒ Object
Return the set of grants which are held but not requested.
-
#initialize(planner) ⇒ BaseFacts
constructor
A new instance of BaseFacts.
- #validate_resource_exists!(resource) ⇒ Object
- #validate_role_exists!(role) ⇒ Object
Constructor Details
#initialize(planner) ⇒ BaseFacts
Returns a new instance of BaseFacts.
16 17 18 19 20 21 22 |
# File 'lib/conjur/policy/planner/facts.rb', line 16 def initialize planner @planner = planner @requested = Set.new @requested_with_admin_flag = Set.new @existing = Set.new @existing_with_admin_flag = Set.new end |
Instance Attribute Details
#existing ⇒ Object
Returns the value of attribute existing.
10 11 12 |
# File 'lib/conjur/policy/planner/facts.rb', line 10 def existing @existing end |
#existing_with_admin_flag ⇒ Object
Returns the value of attribute existing_with_admin_flag.
10 11 12 |
# File 'lib/conjur/policy/planner/facts.rb', line 10 def existing_with_admin_flag @existing_with_admin_flag end |
#planner ⇒ Object
Returns the value of attribute planner.
10 11 12 |
# File 'lib/conjur/policy/planner/facts.rb', line 10 def planner @planner end |
#requested ⇒ Object
Returns the value of attribute requested.
10 11 12 |
# File 'lib/conjur/policy/planner/facts.rb', line 10 def requested @requested end |
#requested_with_admin_flag ⇒ Object
Returns the value of attribute requested_with_admin_flag.
10 11 12 |
# File 'lib/conjur/policy/planner/facts.rb', line 10 def requested_with_admin_flag @requested_with_admin_flag end |
Instance Method Details
#api ⇒ Object
24 25 26 |
# File 'lib/conjur/policy/planner/facts.rb', line 24 def api planner.api end |
#grants_to_apply ⇒ Object
Return the set of grants which are requested but not already held.
Note that if a grant is held with a different admin option than requested, re-applying with the new admin option will update the grant and create the desired state.
33 34 35 |
# File 'lib/conjur/policy/planner/facts.rb', line 33 def grants_to_apply sort(requested_with_admin_flag - existing_with_admin_flag) end |
#grants_to_revoke ⇒ Object
Return the set of grants which are held but not requested.
The admin flag is ignored by this method. So, if a grant exists (with or without admin), and it is not requested (with or without admin), it is revoked. The case in which the grant is held with a different admin option than requested is handled by grants_to_apply
.
43 44 45 |
# File 'lib/conjur/policy/planner/facts.rb', line 43 def grants_to_revoke sort(existing - requested) end |
#validate_resource_exists!(resource) ⇒ Object
51 52 53 |
# File 'lib/conjur/policy/planner/facts.rb', line 51 def validate_resource_exists! resource planner.error("Resource not found: #{resource}") unless planner.resource_exists?(resource) end |
#validate_role_exists!(role) ⇒ Object
47 48 49 |
# File 'lib/conjur/policy/planner/facts.rb', line 47 def validate_role_exists! role planner.error("Role not found: #{role}") unless planner.role_exists?(role) end |