module PeRbac::Core

Public Class Methods

get_conf() click to toggle source
# File lib/pe_rbac/core.rb, line 41
def self.get_conf
  pe_old_pk   = "#{@@ssldir}/private_keys/pe-internal-orchestrator.pem"
  pe_old_cert = "#{@@ssldir}/certs/pe-internal-orchestrator.pem"
  pe_new_pk   = "#{@@ssldir}/private_keys/#{@@fqdn}.pem"
  pe_new_cert = "#{@@ssldir}/certs/#{@@fqdn}.pem"

  # pe 2016.4.0 removes the pe-internal-orchestrator.pem file but old systems
  # will still have the client cert (which won't work), so pick based on
  # using pe-internal-orchestrator.pem if its available
  if File.exist?(pe_old_pk)
    pk    = pe_old_pk
    cert  = pe_old_cert
  else
    pk    = pe_new_pk
    cert  = pe_new_cert
  end

  conf = {
    host: @@fqdn,
    port: 4433,
    cert: cert,
    key: pk,
    cacert: @@ssldir + '/certs/ca.pem'
  }
end
get_fqdn() click to toggle source
# File lib/pe_rbac/core.rb, line 37
def self.get_fqdn
  @@fqdn
end
get_ssldir() click to toggle source
# File lib/pe_rbac/core.rb, line 29
def self.get_ssldir
  @@ssldir
end
merge_permissions(existing, ensure_perms) click to toggle source

return a new array of permissions, adding the permission `ensure` to the existing permissions if required

# File lib/pe_rbac/core.rb, line 107
def self.merge_permissions(existing, ensure_perms)
  # duplicate existing array of hash
  permissions = existing.map do |e| e.dup end

  ensure_perms.each { |ensure_perm|
    ensure_perm_exists = false
    existing.each { |existing_perm|
      if  existing_perm['object_type']  == ensure_perm['object_type'] and
          existing_perm['action']       == ensure_perm['action'] and
          existing_perm['instance']     == ensure_perm['instance']
        ensure_perm_exists = true
      end
    }
    if ! ensure_perm_exists
      permissions.push(ensure_perm)
    end
  }

  permissions
end
request(method, path, payload=nil, raw=false) click to toggle source
# File lib/pe_rbac/core.rb, line 67
def self.request(method, path, payload=nil, raw=false)
  conf = get_conf()
  url = "https://#{conf[:host]}:#{conf[:port]}#{PeRbac::BASE_URI}#{path}"
  if payload
    if raw
      _payload=payload
    else
      _payload=payload.to_json
    end
  else
    _payload=nil
  end
  begin
    connection = Excon.new(url,
                           client_cert: conf[:cert],
                           client_key: conf[:key],
                           ssl_ca_file: conf[:cacert],
                           ssl_version: :TLSv1_2)
    result = connection.request(method: method,
                                headers: {"content-type"=> "application/json", "accept"=>"application/json"},
                                body: _payload)
    if result.status >= 400
      # There doesn't seem to be a built-in way to check for error codes
      # without individually specifying each allowable 'good' status (:expect..)
      # so lets just check for anything that smells bad.  Note that the API
      # sometimes gives us a 3xx code but there doesn't seem to be a need
      # for us to follow the redirection...
      Escort::Logger.error.error "Error #{result.status} encountered for '#{url}':  Requested '#{_payload}', got '#{result.body}'"
      result = false
    end
  rescue Excon::Error => e
    Escort::Logger.error.error "Error (#{e.message}) for: #{url}, #{_payload}"
    result = false
  end
  result
end
set_fqdn(fqdn) click to toggle source
# File lib/pe_rbac/core.rb, line 33
def self.set_fqdn(fqdn)
  @@fqdn = fqdn
end
set_ssldir(ssldir) click to toggle source
# File lib/pe_rbac/core.rb, line 25
def self.set_ssldir(ssldir)
  @@ssldir = ssldir
end