Class: Conjur::Authenticator

Inherits:

Object

• Object
• Conjur::Authenticator

Defined in:

lib/conjur/authenticator.rb

Overview

Keeps a fresh Conjur access token in a named file by re-authenticating as needed.

Constant Summary

TOKEN_LIFESPAN =

( ENV['CONJUR_TOKEN_LIFESPAN'] || 5 * 60 ).to_i.seconds

DELAY =

( ENV['CONJUR_TOKEN_REFRESH_DELAY'] || 10 ).to_i.seconds

Instance Attribute Summary

• #authenticate ⇒ Object readonly

  Returns the value of attribute authenticate.

• #filename ⇒ Object readonly

  Returns the value of attribute filename.

Class Method Summary

• .default_filename ⇒ Object
• .run(authenticate:, filename: default_filename) ⇒ Object

  Check the token every DELAY seconds and refresh it if it’s out of date.

Instance Method Summary

• #fresh? ⇒ Boolean
• #initialize(authenticate, filename) ⇒ Authenticator constructor

  authenticate should be a proc that authenticates with Conjur and returns an access token as a Hash.

• #refresh ⇒ Object

  Perform atomic replacement of the token.

• #token ⇒ Object

Constructor Details

#initialize(authenticate, filename) ⇒ Authenticator

authenticate should be a proc that authenticates with Conjur and returns an access token as a Hash.

# File 'lib/conjur/authenticator.rb', line 14

def initialize authenticate, filename
  @authenticate = authenticate
  @filename = filename
end

Instance Attribute Details

#authenticate ⇒ Object (readonly)

Returns the value of attribute authenticate.

# File 'lib/conjur/authenticator.rb', line 10

def authenticate
  @authenticate
end

#filename ⇒ Object (readonly)

Returns the value of attribute filename.

# File 'lib/conjur/authenticator.rb', line 10

def filename
  @filename
end

Class Method Details

.default_filename ⇒ Object

# File 'lib/conjur/authenticator.rb', line 20

def default_filename
  "/run/conjur-access-token"
end

.run(authenticate:, filename: default_filename) ⇒ Object

Check the token every DELAY seconds and refresh it if it’s out of date.

# File 'lib/conjur/authenticator.rb', line 25

def run authenticate:, filename: default_filename
  while true
    authenticator = Authenticator.new(authenticate, filename)
    authenticator.refresh unless authenticator.fresh?
    sleep DELAY
  end
end

Instance Method Details

#fresh? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/conjur/authenticator.rb', line 34

def fresh?
  token && (token_age <= TOKEN_LIFESPAN)
end

#refresh ⇒ Object

Perform atomic replacement of the token

# File 'lib/conjur/authenticator.rb', line 39

def refresh
  token = authenticate.call
  file = Tempfile.new('conjur-access-token.')
  begin
    file.write JSON.pretty_generate(token)
    file.close
    FileUtils.mv file.path, filename
    Conjur.log << "Refreshed Conjur auth token to #{filename.inspect}\n" if Conjur.log
  ensure
    file.unlink
  end
rescue
  $stderr.puts $!
end

#token ⇒ Object

# File 'lib/conjur/authenticator.rb', line 54

def token
  return false if @token == false
  @token ||= load_token
end