Module: Conjur::API::Router
Overview
Router translates method arguments to rest-ful API request parameters.
because of this, most of the methods suffer from :reek:LongParameterList:
and :reek:UtilityFunction:
Instance Method Summary
collapse
-
#authentication_providers(account, authenticator, credentials) ⇒ Object
-
#authenticator(account, authenticator, service_id, credentials) ⇒ Object
-
#authenticator_authenticate(account, service_id, authenticator, options) ⇒ Object
-
#authenticators ⇒ Object
-
#authn_authenticate(account, username) ⇒ Object
-
#authn_authenticate_local(username, account, expiration, cidr, &block) ⇒ Object
The authn-local message is a JSON string with account, sub, and optional fields.
-
#authn_cert_authenticate(account, service_id, host_id, cert_options) ⇒ Object
Builds the RestClient::Resource for an authn-cert authentication request.
-
#authn_login(account, username, password) ⇒ Object
-
#authn_rotate_api_key(credentials, account, id) ⇒ Object
-
#authn_rotate_own_api_key(account, username, password) ⇒ Object
-
#authn_update_password(account, username, password) ⇒ Object
-
#group_attributes(credentials, resource, id) ⇒ Object
-
#host_factory_create_host(token) ⇒ Object
-
#host_factory_create_tokens(credentials, id) ⇒ Object
-
#host_factory_revoke_token(credentials, token) ⇒ Object
-
#ldap_sync_policy(credentials, config_name) ⇒ Object
-
#parse_group_gidnumber(attributes) ⇒ Object
-
#parse_members(credentials, result) ⇒ Object
-
#parse_user_uidnumber(attributes) ⇒ Object
-
#parse_variable_kind(attributes) ⇒ Object
-
#parse_variable_mime_type(attributes) ⇒ Object
-
#policies_load_policy(credentials, account, id) ⇒ Object
-
#public_keys_for_user(account, username) ⇒ Object
-
#resources(credentials, account, kind, options) ⇒ Object
-
#resources_check(credentials, id, privilege, role) ⇒ Object
-
#resources_permitted_roles(credentials, id, privilege) ⇒ Object
-
#resources_resource(credentials, id) ⇒ Object
-
#roles_role(credentials, id) ⇒ Object
-
#secrets_add(credentials, id) ⇒ Object
-
#secrets_value(credentials, id, options) ⇒ Object
-
#secrets_values(credentials, variable_ids) ⇒ Object
-
#user_attributes(credentials, resource, id) ⇒ Object
-
#variable_attributes(credentials, resource, id) ⇒ Object
-
#whoami(credentials) ⇒ Object
fully_escape, path_escape, path_or_query_escape, query_escape
Instance Method Details
#authentication_providers(account, authenticator, credentials) ⇒ Object
#authenticator(account, authenticator, service_id, credentials) ⇒ Object
#authenticator_authenticate(account, service_id, authenticator, options) ⇒ Object
57
58
59
60
61
62
|
# File 'lib/conjur/api/router.rb', line 57
def authenticator_authenticate(account, service_id, authenticator, options)
RestClient::Resource.new(
Conjur.configuration.core_url,
Conjur.configuration.rest_client_options
)[fully_escape authenticator][fully_escape service_id][fully_escape account]['authenticate'][options_querystring options]
end
|
#authn_authenticate(account, username) ⇒ Object
#authn_authenticate_local(username, account, expiration, cidr, &block) ⇒ Object
The authn-local message is a JSON string with account, sub, and optional fields.
86
87
88
89
90
91
|
# File 'lib/conjur/api/router.rb', line 86
def authn_authenticate_local username, account, expiration, cidr, &block
{ account: account, sub: username }.tap do |params|
params[:exp] = expiration if expiration
params[:cidr] = cidr if cidr
end.to_json
end
|
#authn_cert_authenticate(account, service_id, host_id, cert_options) ⇒ Object
Builds the RestClient::Resource for an authn-cert authentication request.
cert_options must include :ssl_client_cert and :ssl_client_key so that
the client certificate is presented during the TLS handshake.
48
49
50
51
52
53
54
55
|
# File 'lib/conjur/api/router.rb', line 48
def authn_cert_authenticate account, service_id, host_id, cert_options
options = Conjur.configuration.create_rest_client_options(cert_options)
resource = RestClient::Resource.new(
Conjur.configuration.core_url,
options
)['authn-cert'][fully_escape service_id][fully_escape account]
host_id ? resource[fully_escape host_id]['authenticate'] : resource['authenticate']
end
|
#authn_login(account, username, password) ⇒ Object
#authn_rotate_api_key(credentials, account, id) ⇒ Object
#authn_rotate_own_api_key(account, username, password) ⇒ Object
#authn_update_password(account, username, password) ⇒ Object
#group_attributes(credentials, resource, id) ⇒ Object
223
224
225
|
# File 'lib/conjur/api/router.rb', line 223
def group_attributes credentials, resource, id
resource_annotations resource
end
|
#host_factory_create_host(token) ⇒ Object
#host_factory_create_tokens(credentials, id) ⇒ Object
#host_factory_revoke_token(credentials, token) ⇒ Object
#ldap_sync_policy(credentials, config_name) ⇒ Object
#parse_group_gidnumber(attributes) ⇒ Object
235
236
237
|
# File 'lib/conjur/api/router.rb', line 235
def parse_group_gidnumber attributes
HasAttributes.annotation_value attributes, 'conjur/gidnumber'
end
|
#parse_members(credentials, result) ⇒ Object
251
252
253
254
255
|
# File 'lib/conjur/api/router.rb', line 251
def parse_members credentials, result
result.map do |json|
RoleGrant.parse_from_json(json, credentials)
end
end
|
#parse_user_uidnumber(attributes) ⇒ Object
239
240
241
|
# File 'lib/conjur/api/router.rb', line 239
def parse_user_uidnumber attributes
HasAttributes.annotation_value attributes, 'conjur/uidnumber'
end
|
#parse_variable_kind(attributes) ⇒ Object
243
244
245
|
# File 'lib/conjur/api/router.rb', line 243
def parse_variable_kind attributes
HasAttributes.annotation_value attributes, 'conjur/kind'
end
|
#parse_variable_mime_type(attributes) ⇒ Object
247
248
249
|
# File 'lib/conjur/api/router.rb', line 247
def parse_variable_mime_type attributes
HasAttributes.annotation_value attributes, 'conjur/mime_type'
end
|
#policies_load_policy(credentials, account, id) ⇒ Object
#public_keys_for_user(account, username) ⇒ Object
#resources(credentials, account, kind, options) ⇒ Object
158
159
160
161
162
163
164
165
166
167
168
|
# File 'lib/conjur/api/router.rb', line 158
def resources credentials, account, kind, options
credentials ||= {}
path = "/resources/#{fully_escape account}"
path += "/#{fully_escape kind}" if kind
RestClient::Resource.new(
Conjur.configuration.core_url,
Conjur.configuration.create_rest_client_options(credentials)
)[path][options_querystring options]
end
|
#resources_check(credentials, id, privilege, role) ⇒ Object
184
185
186
187
188
189
190
|
# File 'lib/conjur/api/router.rb', line 184
def resources_check credentials, id, privilege, role
options = {}
options[:check] = true
options[:privilege] = privilege
options[:role] = query_escape(Id.new(role)) if role
resources_resource(credentials, id)[options_querystring options].get
end
|
#resources_permitted_roles(credentials, id, privilege) ⇒ Object
177
178
179
180
181
182
|
# File 'lib/conjur/api/router.rb', line 177
def resources_permitted_roles credentials, id, privilege
options = {}
options[:permitted_roles] = true
options[:privilege] = privilege
resources_resource(credentials, id)[options_querystring options]
end
|
#resources_resource(credentials, id) ⇒ Object
#roles_role(credentials, id) ⇒ Object
#secrets_add(credentials, id) ⇒ Object
#secrets_value(credentials, id, options) ⇒ Object
#secrets_values(credentials, variable_ids) ⇒ Object
213
214
215
216
217
218
219
220
221
|
# File 'lib/conjur/api/router.rb', line 213
def secrets_values credentials, variable_ids
options = {
variable_ids: Array(variable_ids).join(',')
}
RestClient::Resource.new(
Conjur.configuration.core_url,
Conjur.configuration.create_rest_client_options(credentials)
)['secrets'][options_querystring(options).gsub("%2C", ',')]
end
|
#user_attributes(credentials, resource, id) ⇒ Object
231
232
233
|
# File 'lib/conjur/api/router.rb', line 231
def user_attributes credentials, resource, id
resource_annotations resource
end
|
#variable_attributes(credentials, resource, id) ⇒ Object
227
228
229
|
# File 'lib/conjur/api/router.rb', line 227
def variable_attributes credentials, resource, id
resource_annotations resource
end
|
#whoami(credentials) ⇒ Object