Module: Kessel::RBAC::V2

Includes:

Inventory::V1beta2

Included in:

Console

Defined in:

lib/kessel/rbac/v2.rb,
lib/kessel/rbac/v2_http.rb,
lib/kessel/rbac/v2_helpers.rb

Defined Under Namespace

Classes: Workspace

Constant Summary

WORKSPACE_ENDPOINT =

'/api/rbac/v2/workspaces/'

DEFAULT_PAGE_LIMIT =

1000

Constants included from Inventory::V1beta2

Inventory::V1beta2::Allowed, Inventory::V1beta2::CheckBulkRequest, Inventory::V1beta2::CheckBulkRequestItem, Inventory::V1beta2::CheckBulkResponse, Inventory::V1beta2::CheckBulkResponseItem, Inventory::V1beta2::CheckBulkResponsePair, Inventory::V1beta2::CheckForUpdateBulkRequest, Inventory::V1beta2::CheckForUpdateBulkResponse, Inventory::V1beta2::CheckForUpdateBulkResponseItem, Inventory::V1beta2::CheckForUpdateBulkResponsePair, Inventory::V1beta2::CheckForUpdateRequest, Inventory::V1beta2::CheckForUpdateResponse, Inventory::V1beta2::CheckRequest, Inventory::V1beta2::CheckResponse, Inventory::V1beta2::CheckSelfBulkRequest, Inventory::V1beta2::CheckSelfBulkRequestItem, Inventory::V1beta2::CheckSelfBulkResponse, Inventory::V1beta2::CheckSelfBulkResponseItem, Inventory::V1beta2::CheckSelfBulkResponsePair, Inventory::V1beta2::CheckSelfRequest, Inventory::V1beta2::CheckSelfResponse, Inventory::V1beta2::Consistency, Inventory::V1beta2::ConsistencyToken, Inventory::V1beta2::DeleteResourceRequest, Inventory::V1beta2::DeleteResourceResponse, Inventory::V1beta2::ReportResourceRequest, Inventory::V1beta2::ReportResourceResponse, Inventory::V1beta2::ReporterReference, Inventory::V1beta2::RepresentationMetadata, Inventory::V1beta2::RepresentationType, Inventory::V1beta2::RequestPagination, Inventory::V1beta2::ResourceReference, Inventory::V1beta2::ResourceRepresentations, Inventory::V1beta2::ResponsePagination, Inventory::V1beta2::StreamedListObjectsRequest, Inventory::V1beta2::StreamedListObjectsResponse, Inventory::V1beta2::StreamedListSubjectsRequest, Inventory::V1beta2::StreamedListSubjectsResponse, Inventory::V1beta2::SubjectReference, Inventory::V1beta2::WriteVisibility

Instance Method Summary

• #fetch_default_workspace(rbac_base_endpoint, org_id, auth: nil, http_client: nil) ⇒ Object
• #fetch_root_workspace(rbac_base_endpoint, org_id, auth: nil, http_client: nil) ⇒ Object
• #list_workspaces(inventory, subject, relation, continuation_token = nil, consistency: nil) ⇒ Enumerator

  Lists all workspaces that a subject has a specific relation to.

• #principal_resource(id, domain) ⇒ Object
• #principal_subject(id, domain) ⇒ Object
• #role_resource(resource_id) ⇒ Object
• #role_type ⇒ Object
• #subject(resource_ref, relation = nil) ⇒ Object
• #workspace_resource(resource_id) ⇒ Object
• #workspace_type ⇒ Object

Instance Method Details

#fetch_default_workspace(rbac_base_endpoint, org_id, auth: nil, http_client: nil) ⇒ Object

# File 'lib/kessel/rbac/v2.rb', line 17

def fetch_default_workspace(rbac_base_endpoint, org_id, auth: nil, http_client: nil)
  fetch_workspace(rbac_base_endpoint, org_id, 'default', auth: auth, http_client: http_client)
end

#fetch_root_workspace(rbac_base_endpoint, org_id, auth: nil, http_client: nil) ⇒ Object

# File 'lib/kessel/rbac/v2.rb', line 21

def fetch_root_workspace(rbac_base_endpoint, org_id, auth: nil, http_client: nil)
  fetch_workspace(rbac_base_endpoint, org_id, 'root', auth: auth, http_client: http_client)
end

#list_workspaces(inventory, subject, relation, continuation_token = nil, consistency: nil) ⇒ Enumerator

Lists all workspaces that a subject has a specific relation to.

Pagination is handled automatically – continuation tokens are managed internally. The returned Enumerator is lazy; each page is fetched only when the next element is requested.

Examples:

Lazy iteration (constant memory)

consistency = Kessel::Inventory::V1beta2::Consistency.new(minimize_latency: true)
list_workspaces(inventory, subject, "viewer", consistency: consistency).each do |response|
  puts response.object.resource_id
end

Materialise into an Array (eager, all results in memory)

consistency = Kessel::Inventory::V1beta2::Consistency.new(minimize_latency: true)
all_workspaces = list_workspaces(inventory, subject, "viewer", consistency: consistency).to_a

Parameters:

• inventory (Object) —

  the inventory service client stub

• subject (SubjectReference) —

  the subject to check permissions for

• relation (String) —

  the relationship type (e.g. “member”, “admin”, “viewer”)

• continuation_token (String, nil) (defaults to: nil) —

  optional token to resume listing

• consistency (Consistency, nil) (defaults to: nil) —

  optional consistency requirements for each request

Returns:

• (Enumerator) —

  a lazy enumerator of StreamedListObjectsResponse objects

# File 'lib/kessel/rbac/v2.rb', line 48

def list_workspaces(inventory, subject, relation, continuation_token = nil, consistency: nil)
  Enumerator.new do |yielder|
    loop do
      request = StreamedListObjectsRequest.new(
        object_type: workspace_type,
        relation: relation,
        subject: subject,
        pagination: RequestPagination.new(
          limit: DEFAULT_PAGE_LIMIT,
          continuation_token: continuation_token
        ),
        consistency: consistency
      )

      has_responses = false
      streamed_response = inventory.streamed_list_objects(request)
      streamed_response.each do |response|
        has_responses = true
        yielder << response

        continuation_token = response&.pagination&.continuation_token
      end

      break if !has_responses || !continuation_token
    end
  end
end

#principal_resource(id, domain) ⇒ Object

# File 'lib/kessel/rbac/v2_helpers.rb', line 24

def principal_resource(id, domain)
  ResourceReference.new(
    resource_type: 'principal',
    resource_id: "#{domain}/#{id}",
    reporter: ReporterReference.new(
      type: 'rbac'
    )
  )
end

#principal_subject(id, domain) ⇒ Object

# File 'lib/kessel/rbac/v2_helpers.rb', line 54

def principal_subject(id, domain)
  SubjectReference.new(
    resource: principal_resource(id, domain)
  )
end

#role_resource(resource_id) ⇒ Object

# File 'lib/kessel/rbac/v2_helpers.rb', line 34

def role_resource(resource_id)
  ResourceReference.new(
    resource_type: 'role',
    resource_id: resource_id,
    reporter: ReporterReference.new(
      type: 'rbac'
    )
  )
end

#role_type ⇒ Object

# File 'lib/kessel/rbac/v2_helpers.rb', line 17

def role_type
  RepresentationType.new(
    resource_type: 'role',
    reporter_type: 'rbac'
  )
end

#subject(resource_ref, relation = nil) ⇒ Object

# File 'lib/kessel/rbac/v2_helpers.rb', line 60

def subject(resource_ref, relation = nil)
  SubjectReference.new(
    resource: resource_ref,
    relation: relation
  )
end

#workspace_resource(resource_id) ⇒ Object

# File 'lib/kessel/rbac/v2_helpers.rb', line 44

def workspace_resource(resource_id)
  ResourceReference.new(
    resource_type: 'workspace',
    resource_id: resource_id,
    reporter: ReporterReference.new(
      type: 'rbac'
    )
  )
end

#workspace_type ⇒ Object

# File 'lib/kessel/rbac/v2_helpers.rb', line 10

def workspace_type
  RepresentationType.new(
    resource_type: 'workspace',
    reporter_type: 'rbac'
  )
end