Module: Scooter::HttpDispatchers::Rbac
- Includes:
- V1, Utilities
- Included in:
- ConsoleDispatcher
- Defined in:
- lib/scooter/httpdispatchers/rbac.rb,
lib/scooter/httpdispatchers/rbac/v1/v1.rb,
lib/scooter/httpdispatchers/rbac/v1/directory_service.rb
Overview
Methods added here are not representative of endpoints, but are more generalized to be helper methods to to acquire data, such as getting the id of a user based on their login name. Be cautious about using these methods if you are utilizing a dispatcher with credentials; the user is not guaranteed to have privileges for all the methods defined here, or the user may not be signed in. If you have a method defined here that is using the connection object directly, you should probably be using a method defined in the version module instead.
Defined Under Namespace
Modules: V1
Instance Method Summary
collapse
Methods included from V1
#acquire_token, #create_local_user, #create_password_reset_token, #create_role, #delete_local_user, #delete_role, #get_current_user_data, #get_list_of_groups, #get_list_of_roles, #get_list_of_users, #get_single_user_data, #import_ldap_group, #replace_role, #update_local_user
#attach_ds_to_rbac, #ds_default_settings, #test_attach_ds_to_rbac
Instance Method Details
#acquire_token_with_credentials(lifetime = nil) ⇒ Object
169
170
171
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 169
def acquire_token_with_credentials(lifetime=nil)
@token = acquire_token(credentials.login, credentials.password, lifetime)
end
|
#add_user_to_role(console_dispatcher, role) ⇒ Object
68
69
70
71
72
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 68
def add_user_to_role(console_dispatcher, role)
user_id = get_user_id_of_console_dispatcher(console_dispatcher)
role['user_ids'].push(user_id)
replace_role(role)
end
|
#delete_local_console_dispatcher(console_dispatcher) ⇒ Object
115
116
117
118
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 115
def delete_local_console_dispatcher(console_dispatcher)
uuid = get_user_id_of_console_dispatcher(console_dispatcher)
delete_local_user(uuid)
end
|
#delete_role_by_name(role_name) ⇒ Object
63
64
65
66
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 63
def delete_role_by_name(role_name)
role_id = get_role_id(role_name)
delete_role(role_id)
end
|
#generate_local_user(options = {}) ⇒ Object
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 25
def generate_local_user(options = {})
email = options['email'] || "#{RandomString.generate(8)}@example.com"
display_name = options['display_name'] || RandomString.generate(8)
login = options['login'] || RandomString.generate(16)
role_ids = options['role_ids'] || []
password = options['password'] || 'Puppet11'
user_hash = { 'email' => email,
'display_name' => display_name,
'login' => login,
'role_ids' => role_ids,
'password' => password }
response = create_local_user(user_hash)
return response if response.env.status != 200
Scooter::HttpDispatchers::ConsoleDispatcher.new(@host,
login: login,
password: password)
end
|
#generate_role(options = {}) ⇒ Object
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 45
def generate_role(options = {})
permissions = options['permissions'] || []
user_ids = options['user_ids'] || []
group_ids = options['group_ids'] || []
display_name = options['display_name'] || RandomString.generate
description = options['description'] || RandomString.generate
role_hash = { 'permissions' => permissions,
'user_ids' => user_ids,
'group_ids' => group_ids,
'display_name' => display_name,
'description' => description }
response = create_role(role_hash)
return response if response.env.status != 200
response.env.body
end
|
#get_console_dispatcher_data(console_dispatcher) ⇒ Object
89
90
91
92
93
94
95
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 89
def get_console_dispatcher_data(console_dispatcher)
users = get_list_of_users
users.each do |user|
return user if user['login'] == console_dispatcher.credentials.login
end
nil end
|
#get_current_user_id ⇒ Object
85
86
87
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 85
def get_current_user_id
get_current_user_data['id']
end
|
#get_group_data_by_name(name) ⇒ Object
120
121
122
123
124
125
126
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 120
def get_group_data_by_name(name)
groups = get_list_of_groups
groups.each do |group|
return group if name == group['login']
end
nil end
|
#get_group_id(group_name) ⇒ Object
128
129
130
131
132
133
134
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 128
def get_group_id(group_name)
groups = get_list_of_groups
groups.each do |group|
return group['id'] if group_name == group['display_name']
end
nil end
|
#get_password_reset_token_for_console_dispatcher(console_dispatcher) ⇒ Object
164
165
166
167
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 164
def get_password_reset_token_for_console_dispatcher(console_dispatcher)
uuid = get_user_id_of_console_dispatcher(console_dispatcher)
create_password_reset_token(uuid)
end
|
#get_role_by_name(role_name) ⇒ Object
136
137
138
139
140
141
142
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 136
def get_role_by_name(role_name)
roles = get_list_of_roles
roles.each do |role|
return role if role['display_name'] == role_name
end
nil end
|
#get_role_id(role_name) ⇒ Object
144
145
146
147
148
149
150
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 144
def get_role_id(role_name)
roles = get_list_of_roles
roles.each do |role|
return role['id'] if role['display_name'] == role_name
end
nil end
|
#get_user_id_by_login_name(name) ⇒ Object
107
108
109
110
111
112
113
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 107
def get_user_id_by_login_name(name)
users = get_list_of_users
users.each do |user|
return user['id'] if user['login'] == name
end
nil end
|
#get_user_id_of_console_dispatcher(console_dispatcher) ⇒ Object
80
81
82
83
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 80
def get_user_id_of_console_dispatcher(console_dispatcher)
return get_user_id_by_login_name('api_user') if console_dispatcher.credentials == nil
get_user_id_by_login_name(console_dispatcher.credentials.login)
end
|
#rbac_database_matches_self?(replica_host) ⇒ Boolean
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 173
def rbac_database_matches_self?(replica_host)
original_host_name = host.host_hash[:vmhostname]
begin
host.host_hash[:vmhostname] = replica_host.hostname
other_users = get_list_of_users
other_groups = get_list_of_groups
other_roles = get_list_of_roles
ensure
host.host_hash[:vmhostname] = original_host_name
end
self_users = get_list_of_users
self_groups = get_list_of_groups
self_roles = get_list_of_roles
errors = ''
errors << "Users do not match\r\n" unless users_match?(self_users, other_users)
errors << "Groups do not match\r\n" unless groups_match?(self_groups, other_groups)
errors << "Roles do not match\r\n" unless roles_match?(self_roles, other_roles)
host.logger.warn(errors.chomp) unless errors.empty?
errors.empty?
end
|
#remove_user_from_role(console_dispatcher, role) ⇒ Object
74
75
76
77
78
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 74
def remove_user_from_role(console_dispatcher, role)
user_id = get_user_id_of_console_dispatcher(console_dispatcher)
role['user_ids'].delete(user_id)
replace_role(role)
end
|
#reset_console_dispatcher_password(console_dispatcher, password) ⇒ Object
152
153
154
155
156
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 152
def reset_console_dispatcher_password(console_dispatcher, password)
token = get_password_reset_token_for_console_dispatcher(console_dispatcher)
reset_local_user_password(token, password)
console_dispatcher.credentials.password = password
end
|
#reset_console_dispatcher_password_to_default(console_dispatcher) ⇒ Object
158
159
160
161
162
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 158
def reset_console_dispatcher_password_to_default(console_dispatcher)
token = get_password_reset_token_for_console_dispatcher(console_dispatcher)
reset_local_user_password(token, 'Puppet11')
console_dispatcher.credentials.password = 'Puppet11'
end
|
#revoke_console_dispatcher(console_dispatcher) ⇒ Object
103
104
105
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 103
def revoke_console_dispatcher(console_dispatcher)
update_console_dispatcher({ 'is_revoked' => true }, console_dispatcher)
end
|
#set_rbac_path(connection = self.connection) ⇒ Object
20
21
22
23
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 20
def set_rbac_path(connection=self.connection)
set_url_prefix
connection.url_prefix.path = '/rbac-api'
end
|
#update_console_dispatcher(update_hash, console_dispatcher) ⇒ Object
97
98
99
100
101
|
# File 'lib/scooter/httpdispatchers/rbac.rb', line 97
def update_console_dispatcher(update_hash, console_dispatcher)
user = get_console_dispatcher_data(console_dispatcher)
user.merge!(update_hash)
update_local_user(user)
end
|