Class: Conjur::Policy::Resolver

Inherits:

Object

• Object
• Conjur::Policy::Resolver

Defined in:

lib/conjur/policy/resolver.rb

Direct Known Subclasses

AccountResolver, CompactOutputResolver, DuplicateResolver, FlattenResolver, OwnerResolver, SubstitutionResolver

Instance Attribute Summary

• #account ⇒ Object readonly

  Returns the value of attribute account.

• #namespace ⇒ Object readonly

  Returns the value of attribute namespace.

• #ownerid ⇒ Object readonly

  Returns the value of attribute ownerid.

Class Method Summary

• .resolve(records, account, ownerid, namespace = nil) ⇒ Object

  Resolve records to the specified owner id and namespace.

Instance Method Summary

• #initialize(account, ownerid, namespace = nil) ⇒ Resolver constructor

  account is required.

Constructor Details

#initialize(account, ownerid, namespace = nil) ⇒ Resolver

account is required. It’s the default account whenever no account is specified. ownerid is required. Any records without an owner will be assigned this owner. The exception is records defined in a policy, which are always owned by the policy role unless an explicit owner is indicated (which would be rare). namespace is optional. It’s prepended to the id of every record, except for ids which begin with a ‘/’ character.

# File 'lib/conjur/policy/resolver.rb', line 24

def initialize account, ownerid, namespace = nil
  @account = account
  @ownerid   = ownerid
  @namespace = namespace
  
  raise "account is required" unless account
  raise "ownerid is required" unless ownerid
  raise "ownerid must be fully qualified" unless ownerid.split(":", 3).length == 3
end

Instance Attribute Details

#account ⇒ Object (readonly)

Returns the value of attribute account.

# File 'lib/conjur/policy/resolver.rb', line 4

def account
  @account
end

#namespace ⇒ Object (readonly)

Returns the value of attribute namespace.

# File 'lib/conjur/policy/resolver.rb', line 4

def namespace
  @namespace
end

#ownerid ⇒ Object (readonly)

Returns the value of attribute ownerid.

# File 'lib/conjur/policy/resolver.rb', line 4

def ownerid
  @ownerid
end

Class Method Details

.resolve(records, account, ownerid, namespace = nil) ⇒ Object

Resolve records to the specified owner id and namespace.

# File 'lib/conjur/policy/resolver.rb', line 8

def resolve records, account, ownerid, namespace = nil
  resolver_classes = [ AccountResolver, IdSubstitutionResolver, AnnotationSubstitutionResolver, OwnerResolver, FlattenResolver, DuplicateResolver ]
  resolver_classes.each do |cls|
    resolver = cls.new account, ownerid, namespace
    records = resolver.resolve records
  end
  records
end