Module: PeRbac::Core

Defined in:
lib/pe_rbac/core.rb

Constant Summary collapse

@@ssldir = 
'/etc/puppetlabs/puppet/ssl'
@@fqdn = 
%x(facter fqdn).strip.downcase

Class Method Summary collapse

Class Method Details

.get_confObject 



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/pe_rbac/core.rb', line 38

def self.get_conf
  pe_old_pk   = "#{@@ssldir}/private_keys/pe-internal-orchestrator.pem"
  pe_old_cert = "#{@@ssldir}/certs/pe-internal-orchestrator.pem"
  pe_new_pk   = "#{@@ssldir}/private_keys/#{@@fqdn}.pem"
  pe_new_cert = "#{@@ssldir}/certs/#{@@fqdn}.pem"

  # pe 2016.4.0 removes the pe-internal-orchestrator.pem file but old systems
  # will still have the client cert (which won't work), so pick based on
  # using pe-internal-orchestrator.pem if its available
  if File.exist?(pe_old_pk)
    pk    = pe_old_pk
    cert  = pe_old_cert
  else
    pk    = pe_new_pk
    cert  = pe_new_cert
  end

  conf = {
    host: @@fqdn,
    port: 4433,
    cert: cert,
    key: pk,
    cacert: @@ssldir + '/certs/ca.pem'
  }
end

.get_fqdnObject 



34
35
36
 
# File 'lib/pe_rbac/core.rb', line 34

def self.get_fqdn
  @@fqdn
end

.get_ssldirObject 



26
27
28
 
# File 'lib/pe_rbac/core.rb', line 26

def self.get_ssldir
  @@ssldir
end

.merge_permissions(existing, ensure_perms) ⇒ Object

return a new array of permissions, adding the permission ‘ensure` to the existing permissions if required



100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
# File 'lib/pe_rbac/core.rb', line 100

def self.merge_permissions(existing, ensure_perms)
  # duplicate existing array of hash
  permissions = existing.map do |e| e.dup end

  ensure_perms.each { |ensure_perm|
    ensure_perm_exists = false
    existing.each { |existing_perm|
      if  existing_perm['object_type']  == ensure_perm['object_type'] and
          existing_perm['action']       == ensure_perm['action'] and
          existing_perm['instance']     == ensure_perm['instance']
        ensure_perm_exists = true
      end
    }
    if ! ensure_perm_exists
      permissions.push(ensure_perm)
    end
  }

  permissions
end

.request(method, path, payload = nil, raw = false) ⇒ Object 



64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
 
# File 'lib/pe_rbac/core.rb', line 64

def self.request(method, path, payload=nil, raw=false)
  conf = get_conf()
  url = "https://#{conf[:host]}:#{conf[:port]}#{PeRbac::BASE_URI}#{path}"
  if payload
    if raw
      _payload=payload
    else
      _payload=payload.to_json
    end
  else
    _payload=nil
  end
  begin
    result = RestClient::Request.execute(
      method: method,
      url: url,
      ssl_ca_file: conf[:cacert],
      ssl_client_cert: OpenSSL::X509::Certificate.new(File.read(conf[:cert])),
      ssl_client_key: OpenSSL::PKey::RSA.new(File.read(conf[:key])),
      ssl_version: :TLSv1_2,
      headers: {:content_type => :json, :accept => :json},
      payload: _payload,
    )
  rescue RestClient::ExceptionWithResponse => e
    Escort::Logger.error.error url
    Escort::Logger.error.error _payload
    Escort::Logger.error.error e.response
    result = false
  end

  result
end

.set_fqdn(fqdn) ⇒ Object 



30
31
32
 
# File 'lib/pe_rbac/core.rb', line 30

def self.set_fqdn(fqdn)
  @@fqdn = fqdn
end

.set_ssldir(ssldir) ⇒ Object 



22
23
24
 
# File 'lib/pe_rbac/core.rb', line 22

def self.set_ssldir(ssldir)
  @@ssldir = ssldir
end