Module: VaultApi::Client::Policies

Included in:

VaultApi::Client

Defined in:

lib/vault_api/client/policies.rb

Instance Method Summary

• #create_initial_user_policy(username) ⇒ Object
• #create_policy(username, path = '', capabilities = []) ⇒ Object
• #delete_policy(username) ⇒ Object
• #read_policy(username) ⇒ Object
• #update_policy(username, path = '', capabilities = []) ⇒ Object

Instance Method Details

#create_initial_user_policy(username) ⇒ Object

# File 'lib/vault_api/client/policies.rb', line 7

def create_initial_user_policy(username)
  puts "Creating #{username}_policy"
  if VaultApi.put_policy("#{username}_policy", policy_json(username))
    puts "Created #{username}_policy"
    true
  else
    false
  end
end

#create_policy(username, path = '', capabilities = []) ⇒ Object

# File 'lib/vault_api/client/policies.rb', line 21

def create_policy(username, path = '', capabilities = [])
  policy_rules = {}
  policy_rules[:path] ||= {}
  policy_rules[:path][path.to_s] ||= {}
  policy_rules[:path][path.to_s][:capabilities] = capabilities
  VaultApi.put_policy("#{username}_policy", policy_rules.to_json)
end

#delete_policy(username) ⇒ Object

# File 'lib/vault_api/client/policies.rb', line 37

def delete_policy(username)
  VaultApi.delete_policy("#{username}_policy")
end

#read_policy(username) ⇒ Object

# File 'lib/vault_api/client/policies.rb', line 17

def read_policy(username)
  VaultApi.policy("#{username}_policy")
end

#update_policy(username, path = '', capabilities = []) ⇒ Object

# File 'lib/vault_api/client/policies.rb', line 29

def update_policy(username, path = '', capabilities = [])
  policy = VaultApi.policy("#{username}_policy")
  policy_rules = JSON.parse(policy.rules).with_indifferent_access
  policy_rules[:path][path.to_s] ||= {}
  policy_rules[:path][path.to_s][:capabilities] = capabilities
  VaultApi.put_policy("#{username}_policy", policy_rules.to_json)
end