Class: Vault::Provision::Auth::Ldap::Groups

Inherits:

Prototype

Object
Prototype
Vault::Provision::Auth::Ldap::Groups

show all

Defined in:: lib/vault/provision/auth/ldap/groups.rb

Overview

placeholder

Instance Method Summary collapse

#group_files(auth_point) ⇒ Object
#provision! ⇒ Object
#repo_files ⇒ Object

Vault supports multiple instances of the ‘ldap’ backend mounted concurrently.

Instance Method Details

#group_files(auth_point) ⇒ `Object`

# File 'lib/vault/provision/auth/ldap/groups.rb', line 3

def group_files auth_point
  groups_path = "#{@instance_dir}/auth/#{auth_point}/groups/"
  return [] unless Dir.exist? groups_path
  Find.find(groups_path).select do |rf|
    FileTest.file?(rf) && rf.end_with?('.json')
  end
end

#provision! ⇒ `Object`

# File 'lib/vault/provision/auth/ldap/groups.rb', line 21

def provision!
  repo_files.each do |rf|
    group = File.basename(rf, '.json')
    auth_point = rf.split('/')[-3]
    @vault.post "v1/auth/#{auth_point}/groups/#{group}", File.read(rf)
  end
end

#repo_files ⇒ `Object`

Vault supports multiple instances of the ‘ldap’ backend mounted concurrently. The map-reducey method repo_files gets the list of ldap mounts, calls group_files() once for each of the mounts, then concatenates all those filenames into one big flat array

# File 'lib/vault/provision/auth/ldap/groups.rb', line 15

def repo_files
  @vault.sys.auths.select { |_,v| v.type == 'ldap' }
        .keys
        .inject([]) { |acc, elem| acc + group_files(elem) }
end