Class: Arcp::Runtime::CredentialRegistry

Inherits:

Object

Object
Arcp::Runtime::CredentialRegistry

show all

Defined in:: lib/arcp/runtime/credential_registry.rb

Instance Method Summary collapse

#initialize(provisioner:, store:, clock: Arcp::SystemClock.new) ⇒ CredentialRegistry constructor

A new instance of CredentialRegistry.
#issue_for(job_id:, lease:, agent:, principal_id:) ⇒ Object
#reconcile_on_startup! ⇒ Object
#revoke_all(job_id:) ⇒ Object
#rotate(job_id:, credential_id:, new_value:) ⇒ Object

Constructor Details

#initialize(provisioner:, store:, clock: Arcp::SystemClock.new) ⇒ `CredentialRegistry`

Returns a new instance of CredentialRegistry.

# File 'lib/arcp/runtime/credential_registry.rb', line 10

def initialize(provisioner:, store:, clock: Arcp::SystemClock.new)
  @provisioner = provisioner
  @store = store
  @clock = clock
  @mutex = Mutex.new
end

Instance Method Details

#issue_for(job_id:, lease:, agent:, principal_id:) ⇒ `Object`

# File 'lib/arcp/runtime/credential_registry.rb', line 17

def issue_for(job_id:, lease:, agent:, principal_id:)
  credentials = @provisioner.issue(
    lease: lease, job_id: job_id, agent: agent, principal_id: principal_id
  )
  Array(credentials).each do |credential|
    @store.record(job_id: job_id, credential_id: credential.id)
  end
  Array(credentials).freeze
end

#reconcile_on_startup! ⇒ `Object`

# File 'lib/arcp/runtime/credential_registry.rb', line 42

def reconcile_on_startup!
  @store.all_outstanding.each do |job_id, credential_ids|
    credential_ids.each do |credential_id|
      @store.forget(job_id: job_id, credential_id: credential_id) if revoke(credential_id)
    end
  end
  nil
end

#revoke_all(job_id:) ⇒ `Object`

# File 'lib/arcp/runtime/credential_registry.rb', line 34

def revoke_all(job_id:)
  @store.outstanding(job_id: job_id).count do |credential_id|
    revoke(credential_id).tap do |revoked|
      @store.forget(job_id: job_id, credential_id: credential_id) if revoked
    end
  end
end

#rotate(job_id:, credential_id:, new_value:) ⇒ `Object`

# File 'lib/arcp/runtime/credential_registry.rb', line 27

def rotate(job_id:, credential_id:, new_value:)
  revoke(credential_id)
  new_id = "#{credential_id}_rotated_#{@clock.now.to_i}"
  @store.record(job_id: job_id, credential_id: new_id)
  new_id
end

Class: Arcp::Runtime::CredentialRegistry

Instance Method Summary collapse

Constructor Details

#initialize(provisioner:, store:, clock: Arcp::SystemClock.new) ⇒ CredentialRegistry

Instance Method Details

#issue_for(job_id:, lease:, agent:, principal_id:) ⇒ Object

#reconcile_on_startup! ⇒ Object

#revoke_all(job_id:) ⇒ Object

#rotate(job_id:, credential_id:, new_value:) ⇒ Object

#initialize(provisioner:, store:, clock: Arcp::SystemClock.new) ⇒ `CredentialRegistry`

#issue_for(job_id:, lease:, agent:, principal_id:) ⇒ `Object`

#reconcile_on_startup! ⇒ `Object`

#revoke_all(job_id:) ⇒ `Object`

#rotate(job_id:, credential_id:, new_value:) ⇒ `Object`