Class: Conjur::Policy::Executor::Grant

Inherits:

Base

• Object
• Base
• Conjur::Policy::Executor::Grant

Defined in:

lib/conjur/policy/executor/grant.rb

Instance Attribute Summary

Attributes inherited from Base

#actions, #api, #statement

Instance Method Summary

• #add_host_to_layer ⇒ Object
• #execute ⇒ Object
• #grant_role_to_member ⇒ Object

Methods inherited from Base

#action, #initialize, #resource_path, #role_path

Methods included from Logger

included

Constructor Details

This class inherits a constructor from Conjur::Policy::Executor::Base

Instance Method Details

#add_host_to_layer ⇒ Object

# File 'lib/conjur/policy/executor/grant.rb', line 11

def add_host_to_layer
  parameters = { "hostid" => statement.member.role.roleid }
  action({
    'method' => 'post',
    'path' => "layers/#{fully_escape statement.role.id}/hosts",
    'parameters' => parameters
  })
end

#execute ⇒ Object

# File 'lib/conjur/policy/executor/grant.rb', line 3

def execute
  if statement.role.is_a?(Conjur::Policy::Types::Layer) && statement.member.role.is_a?(Conjur::Policy::Types::Host)
    add_host_to_layer
  else
    grant_role_to_member
  end
end

#grant_role_to_member ⇒ Object

# File 'lib/conjur/policy/executor/grant.rb', line 20

def grant_role_to_member
  parameters = { "member" => statement.member.role.roleid }
  parameters['admin_option'] = statement.member.admin unless statement.member.admin.nil?
  action({
    'method' => 'put',
    'path' => "authz/#{statement.role.account}/roles/#{statement.role.role_kind}/#{statement.role.id}?members",
    'parameters' => parameters
  })
end