Module: PeRbac::Core

Defined in:
lib/pe_rbac/core.rb

Constant Summary collapse

@@ssldir = 
'/etc/puppetlabs/puppet/ssl'
@@fqdn = 
%x(facter fqdn).strip.downcase

Class Method Summary collapse

Class Method Details

.get_confObject 



41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
# File 'lib/pe_rbac/core.rb', line 41

def self.get_conf
  pe_old_pk   = "#{@@ssldir}/private_keys/pe-internal-orchestrator.pem"
  pe_old_cert = "#{@@ssldir}/certs/pe-internal-orchestrator.pem"
  pe_new_pk   = "#{@@ssldir}/private_keys/#{@@fqdn}.pem"
  pe_new_cert = "#{@@ssldir}/certs/#{@@fqdn}.pem"

  # pe 2016.4.0 removes the pe-internal-orchestrator.pem file but old systems
  # will still have the client cert (which won't work), so pick based on
  # using pe-internal-orchestrator.pem if its available
  if File.exist?(pe_old_pk)
    pk    = pe_old_pk
    cert  = pe_old_cert
  else
    pk    = pe_new_pk
    cert  = pe_new_cert
  end

  conf = {
    host: @@fqdn,
    port: 4433,
    cert: cert,
    key: pk,
    cacert: @@ssldir + '/certs/ca.pem'
  }
end

.get_fqdnObject 



37
38
39
 
# File 'lib/pe_rbac/core.rb', line 37

def self.get_fqdn
  @@fqdn
end

.get_ssldirObject 



29
30
31
 
# File 'lib/pe_rbac/core.rb', line 29

def self.get_ssldir
  @@ssldir
end

.merge_permissions(existing, ensure_perms) ⇒ Object

return a new array of permissions, adding the permission ‘ensure` to the existing permissions if required



107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'lib/pe_rbac/core.rb', line 107

def self.merge_permissions(existing, ensure_perms)
  # duplicate existing array of hash
  permissions = existing.map do |e| e.dup end

  ensure_perms.each { |ensure_perm|
    ensure_perm_exists = false
    existing.each { |existing_perm|
      if  existing_perm['object_type']  == ensure_perm['object_type'] and
          existing_perm['action']       == ensure_perm['action'] and
          existing_perm['instance']     == ensure_perm['instance']
        ensure_perm_exists = true
      end
    }
    if ! ensure_perm_exists
      permissions.push(ensure_perm)
    end
  }

  permissions
end

.request(method, path, payload = nil, raw = false) ⇒ Object 



67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'lib/pe_rbac/core.rb', line 67

def self.request(method, path, payload=nil, raw=false)
  conf = get_conf()
  url = "https://#{conf[:host]}:#{conf[:port]}#{PeRbac::BASE_URI}#{path}"
  if payload
    if raw
      _payload=payload
    else
      _payload=payload.to_json
    end
  else
    _payload=nil
  end
  begin
    connection = Excon.new(url,
                           client_cert: conf[:cert],
                           client_key: conf[:key],
                           ssl_ca_file: conf[:cacert],
                           ssl_version: :TLSv1_2)
    result = connection.request(method: method,
                                headers: {"content-type"=> "application/json", "accept"=>"application/json"},
                                body: _payload)
    if result.status >= 400
      # There doesn't seem to be a built-in way to check for error codes
      # without individually specifying each allowable 'good' status (:expect..)
      # so lets just check for anything that smells bad.  Note that the API
      # sometimes gives us a 3xx code but there doesn't seem to be a need
      # for us to follow the redirection...
      Escort::Logger.error.error "Error #{result.status} encountered for '#{url}':  Requested '#{_payload}', got '#{result.body}'"
      result = false
    end
  rescue Excon::Error => e
    Escort::Logger.error.error "Error (#{e.message}) for: #{url}, #{_payload}"
    result = false
  end
  result
end

.set_fqdn(fqdn) ⇒ Object 



33
34
35
 
# File 'lib/pe_rbac/core.rb', line 33

def self.set_fqdn(fqdn)
  @@fqdn = fqdn
end

.set_ssldir(ssldir) ⇒ Object 



25
26
27
 
# File 'lib/pe_rbac/core.rb', line 25

def self.set_ssldir(ssldir)
  @@ssldir = ssldir
end