Module: Conjur::Policy::Types::TypeChecking

Included in:

Base

Defined in:

lib/conjur/policy/types/base.rb

Overview

Methods which type-check and transform attributes. Type-checking can be done by duck-typing, with is_a?, or by a procedure.

Instance Method Summary

• #expect_array(name, kind, values) ⇒ Object

  values can be an instance of type (as determined by the type-checking methods), or it must be an array of them.

• #expect_boolean(name, v) ⇒ Object

  v must be true or false.

• #expect_hash(name, value) ⇒ Object

  value can be a Hash, or an object which implements to_h.

• #expect_integer(name, value) ⇒ Object

  value must be a Integer.

• #expect_layer(name, value) ⇒ Object

  If it’s a Layer.

• #expect_member(name, value) ⇒ Object

  value may be a Member; Roles can also be converted to Members.

• #expect_permission(name, value) ⇒ Object

  value must be a Permission.

• #expect_record(name, value) ⇒ Object

  If it’s a Record.

• #expect_resource(name, value) ⇒ Object

  If it looks like a resource.

• #expect_role(name, value) ⇒ Object

  If it looks like a role.

• #expect_string(name, value) ⇒ Object

  value must be a String.

• #expect_type(attr_name, value, type_name, test_function, converter = nil) ⇒ Object

  This is the primary function of the module.

• #test_resource(r) ⇒ Object

  Duck-type resources.

• #test_role(r) ⇒ Object

  Duck-type roles.

Instance Method Details

#expect_array(name, kind, values) ⇒ Object

values can be an instance of type (as determined by the type-checking methods), or it must be an array of them.

# File 'lib/conjur/policy/types/base.rb', line 153

def expect_array name, kind, values
  # Hash gets converted to an array of key/value pairs by Array
  is_hash = values.kind_of?(Hash)
  values = [values] if is_hash

  result = Array(values).map do |v|
    send "expect_#{kind}", name, v
  end

  (values.is_a?(Array) and not is_hash) ? result : result[0]
end

#expect_boolean(name, v) ⇒ Object

v must be true or false.

# File 'lib/conjur/policy/types/base.rb', line 142

def expect_boolean name, v
  v = true if v == "true"
  v = false if v == "false"
  expect_type name,
    v,
    "boolean",
    lambda{ [ true, false ].member?(v) }
end

#expect_hash(name, value) ⇒ Object

value can be a Hash, or an object which implements to_h.

# File 'lib/conjur/policy/types/base.rb', line 133

def expect_hash name, value
  expect_type name,
    value,
    "hash",
    lambda{ value.is_a?(Hash)},
    lambda{ value.to_h.stringify_keys if value.respond_to?(:to_h) }
end

#expect_integer(name, value) ⇒ Object

value must be a Integer.

# File 'lib/conjur/policy/types/base.rb', line 125

def expect_integer name, value
  expect_type name,
    value,
    "integer",
    Integer
end

#expect_layer(name, value) ⇒ Object

If it’s a Layer

# File 'lib/conjur/policy/types/base.rb', line 85

def expect_layer name, value
  expect_type name, value, "Layer", lambda{ value.is_a?(Layer) }
end

#expect_member(name, value) ⇒ Object

value may be a Member; Roles can also be converted to Members.

# File 'lib/conjur/policy/types/base.rb', line 100

def expect_member name, value
  expect_type name,
    value, 
    "Member", 
    Member,
    lambda{ Member.new(value) if test_role(value) }
end

#expect_permission(name, value) ⇒ Object

value must be a Permission.

# File 'lib/conjur/policy/types/base.rb', line 109

def expect_permission name, value
  expect_type name,
    value,
    "Permission", 
    Permission
end

#expect_record(name, value) ⇒ Object

If it’s a Record

# File 'lib/conjur/policy/types/base.rb', line 80

def expect_record name, value
  expect_type name, value, "Record", lambda{ value.is_a?(Record) }
end

#expect_resource(name, value) ⇒ Object

If it looks like a resource.

# File 'lib/conjur/policy/types/base.rb', line 90

def expect_resource name, value
  expect_type name, value, "Resource", lambda{ test_resource value }
end

#expect_role(name, value) ⇒ Object

If it looks like a role.

# File 'lib/conjur/policy/types/base.rb', line 95

def expect_role name, value
  expect_type name, value, "Role", lambda{ test_role value }
end

#expect_string(name, value) ⇒ Object

value must be a String.

# File 'lib/conjur/policy/types/base.rb', line 117

def expect_string name, value
  expect_type name,
    value, 
    "string",
    String
end

#expect_type(attr_name, value, type_name, test_function, converter = nil) ⇒ Object

This is the primary function of the module.

value an input value type_name used only for error messages. test_function a class or function which will determine if the value is already the correct type. converter if the test_function fails, the converter is called to coerce the type. It should return nil if its unable to do so.

# File 'lib/conjur/policy/types/base.rb', line 54

def expect_type attr_name, value, type_name, test_function, converter = nil
  if test_function.is_a?(Class)
    cls = test_function
    test_function = lambda{ value.is_a?(cls) } 
  end
  if test_function.call
    value
  elsif converter && ( v = converter.call )
    v
  else
    name = value.class.respond_to?(:short_name) ? value.class.short_name : value.class.name
    raise "Expected a #{type_name} for field '#{attr_name}', got #{name}"
  end
end

#test_resource(r) ⇒ Object

Duck-type resources.

# File 'lib/conjur/policy/types/base.rb', line 75

def test_resource r
  r.respond_to?(:resource?) && r.resource?
end

#test_role(r) ⇒ Object

Duck-type roles.

# File 'lib/conjur/policy/types/base.rb', line 70

def test_role r
  r.respond_to?(:role?) && r.role?          
end