Module: Scooter::HttpDispatchers::Rbac

Includes:
V1, Utilities
Included in:
ConsoleDispatcher
Defined in:
lib/scooter/httpdispatchers/rbac.rb,
lib/scooter/httpdispatchers/rbac/v1/v1.rb,
lib/scooter/httpdispatchers/rbac/v1/directory_service.rb

Overview

Methods added here are not representative of endpoints, but are more generalized to be helper methods to to acquire data, such as getting the id of a user based on their login name. Be cautious about using these methods if you are utilizing a dispatcher with credentials; the user is not guaranteed to have privileges for all the methods defined here, or the user may not be signed in. If you have a method defined here that is using the connection object directly, you should probably be using a method defined in the version module instead.

Defined Under Namespace

Modules: V1

Instance Method Summary collapse

Methods included from V1

#acquire_token, #create_local_user, #create_password_reset_token, #create_role, #delete_local_user, #delete_role, #get_current_user_data, #get_list_of_groups, #get_list_of_roles, #get_list_of_users, #get_single_user_data, #import_ldap_group, #replace_role, #update_local_user

Methods included from V1::DirectoryService

#attach_ds_to_rbac, #ds_default_settings, #test_attach_ds_to_rbac

Instance Method Details

#acquire_token_with_credentials(lifetime = nil) ⇒ Object 



169
170
171
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 169

def acquire_token_with_credentials(lifetime=nil)
  @token = acquire_token(credentials., credentials.password, lifetime)
end

#add_user_to_role(console_dispatcher, role) ⇒ Object 



68
69
70
71
72
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 68

def add_user_to_role(console_dispatcher, role)
  user_id = get_user_id_of_console_dispatcher(console_dispatcher)
  role['user_ids'].push(user_id)
  replace_role(role)
end

#delete_local_console_dispatcher(console_dispatcher) ⇒ Object 



115
116
117
118
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 115

def delete_local_console_dispatcher(console_dispatcher)
  uuid = get_user_id_of_console_dispatcher(console_dispatcher)
  delete_local_user(uuid)
end

#delete_role_by_name(role_name) ⇒ Object 



63
64
65
66
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 63

def delete_role_by_name(role_name)
  role_id = get_role_id(role_name)
  delete_role(role_id)
end

#generate_local_user(options = {}) ⇒ Object 



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 25

def generate_local_user(options = {})
  email        = options['email'] || "#{RandomString.generate(8)}@example.com"
  display_name = options['display_name'] || RandomString.generate(8)
          = options['login'] || RandomString.generate(16)
  role_ids     = options['role_ids'] || []
  password     = options['password'] || 'Puppet11'

  user_hash = { 'email'        => email,
                'display_name' => display_name,
                'login'        => ,
                'role_ids'     => role_ids,
                'password'     => password }

  response = create_local_user(user_hash)
  return response if response.env.status != 200
  Scooter::HttpDispatchers::ConsoleDispatcher.new(@host,
                                                  login:    ,
                                                  password: password)
end

#generate_role(options = {}) ⇒ Object 



45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 45

def generate_role(options = {})
  permissions  = options['permissions'] || []
  user_ids     = options['user_ids'] || []
  group_ids    = options['group_ids'] || []
  display_name = options['display_name'] || RandomString.generate
  description  = options['description'] || RandomString.generate

  role_hash = { 'permissions'  => permissions,
                'user_ids'     => user_ids,
                'group_ids'    => group_ids,
                'display_name' => display_name,
                'description'  => description }

  response = create_role(role_hash)
  return response if response.env.status != 200
  response.env.body
end

#get_console_dispatcher_data(console_dispatcher) ⇒ Object 



89
90
91
92
93
94
95
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 89

def get_console_dispatcher_data(console_dispatcher)
  users = get_list_of_users
  users.each do |user|
    return user if user['login'] == console_dispatcher.credentials.
  end
  nil #return nil if the console dispatcher is not found
end

#get_current_user_idObject 



85
86
87
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 85

def get_current_user_id
  get_current_user_data['id']
end

#get_group_data_by_name(name) ⇒ Object 



120
121
122
123
124
125
126
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 120

def get_group_data_by_name(name)
  groups = get_list_of_groups
  groups.each do |group|
    return group if name == group['login']
  end
  nil #return nil if name is not found
end

#get_group_id(group_name) ⇒ Object 



128
129
130
131
132
133
134
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 128

def get_group_id(group_name)
  groups = get_list_of_groups
  groups.each do |group|
    return group['id'] if group_name == group['display_name']
  end
  nil #return nil if group_name not found
end

#get_password_reset_token_for_console_dispatcher(console_dispatcher) ⇒ Object 



164
165
166
167
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 164

def get_password_reset_token_for_console_dispatcher(console_dispatcher)
  uuid = get_user_id_of_console_dispatcher(console_dispatcher)
  create_password_reset_token(uuid)
end

#get_role_by_name(role_name) ⇒ Object 



136
137
138
139
140
141
142
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 136

def get_role_by_name(role_name)
  roles = get_list_of_roles
  roles.each do |role|
    return role if role['display_name'] == role_name
  end
  nil # return nil if role_name not found
end

#get_role_id(role_name) ⇒ Object 



144
145
146
147
148
149
150
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 144

def get_role_id(role_name)
  roles = get_list_of_roles
  roles.each do |role|
    return role['id'] if role['display_name'] == role_name
  end
  nil #return nil if role_name not found
end

#get_user_id_by_login_name(name) ⇒ Object 



107
108
109
110
111
112
113
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 107

def (name)
  users = get_list_of_users
  users.each do |user|
    return user['id'] if user['login'] == name
  end
  nil #return nil if name is not found
end

#get_user_id_of_console_dispatcher(console_dispatcher) ⇒ Object 



80
81
82
83
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 80

def get_user_id_of_console_dispatcher(console_dispatcher)
  return ('api_user') if console_dispatcher.credentials == nil
  (console_dispatcher.credentials.)
end

#rbac_database_matches_self?(replica_host) ⇒ Boolean

Returns:

  • (Boolean) 


173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 173

def rbac_database_matches_self?(replica_host)
  # Save a beaker host_hash[:vmhostname], set it to the supplied host_name param,
  # and then set it back to the original at the end of the ensure. The :vmhostname
  #overrides the host.hostname, and nothing should win out over it.
  original_host_name = host.host_hash[:vmhostname]
  begin
    host.host_hash[:vmhostname] = replica_host.hostname

    other_users  = get_list_of_users
    other_groups = get_list_of_groups
    other_roles  = get_list_of_roles
  ensure
    host.host_hash[:vmhostname] = original_host_name
  end

  self_users  = get_list_of_users
  self_groups = get_list_of_groups
  self_roles  = get_list_of_roles

  errors = ''
  errors << "Users do not match\r\n" unless users_match?(self_users, other_users)
  errors << "Groups do not match\r\n" unless groups_match?(self_groups, other_groups)
  errors << "Roles do not match\r\n" unless roles_match?(self_roles, other_roles)

  host.logger.warn(errors.chomp) unless errors.empty?
  errors.empty?
end

#remove_user_from_role(console_dispatcher, role) ⇒ Object 



74
75
76
77
78
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 74

def remove_user_from_role(console_dispatcher, role)
  user_id = get_user_id_of_console_dispatcher(console_dispatcher)
  role['user_ids'].delete(user_id)
  replace_role(role)
end

#reset_console_dispatcher_password(console_dispatcher, password) ⇒ Object 



152
153
154
155
156
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 152

def reset_console_dispatcher_password(console_dispatcher, password)
  token = get_password_reset_token_for_console_dispatcher(console_dispatcher)
  reset_local_user_password(token, password)
  console_dispatcher.credentials.password = password
end

#reset_console_dispatcher_password_to_default(console_dispatcher) ⇒ Object 



158
159
160
161
162
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 158

def reset_console_dispatcher_password_to_default(console_dispatcher)
  token = get_password_reset_token_for_console_dispatcher(console_dispatcher)
  reset_local_user_password(token, 'Puppet11')
  console_dispatcher.credentials.password = 'Puppet11'
end

#revoke_console_dispatcher(console_dispatcher) ⇒ Object 



103
104
105
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 103

def revoke_console_dispatcher(console_dispatcher)
  update_console_dispatcher({ 'is_revoked' => true }, console_dispatcher)
end

#set_rbac_path(connection = self.connection) ⇒ Object 



20
21
22
23
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 20

def set_rbac_path(connection=self.connection)
  set_url_prefix
  connection.url_prefix.path = '/rbac-api'
end

#update_console_dispatcher(update_hash, console_dispatcher) ⇒ Object 



97
98
99
100
101
 
# File 'lib/scooter/httpdispatchers/rbac.rb', line 97

def update_console_dispatcher(update_hash, console_dispatcher)
  user = get_console_dispatcher_data(console_dispatcher)
  user.merge!(update_hash)
  update_local_user(user)
end