module PeRbac::Core
Public Class Methods
get_conf()
click to toggle source
# File lib/pe_rbac/core.rb, line 41 def self.get_conf pe_old_pk = "#{@@ssldir}/private_keys/pe-internal-orchestrator.pem" pe_old_cert = "#{@@ssldir}/certs/pe-internal-orchestrator.pem" pe_new_pk = "#{@@ssldir}/private_keys/#{@@fqdn}.pem" pe_new_cert = "#{@@ssldir}/certs/#{@@fqdn}.pem" # pe 2016.4.0 removes the pe-internal-orchestrator.pem file but old systems # will still have the client cert (which won't work), so pick based on # using pe-internal-orchestrator.pem if its available if File.exist?(pe_old_pk) pk = pe_old_pk cert = pe_old_cert else pk = pe_new_pk cert = pe_new_cert end conf = { host: @@fqdn, port: 4433, cert: cert, key: pk, cacert: @@ssldir + '/certs/ca.pem' } end
get_fqdn()
click to toggle source
# File lib/pe_rbac/core.rb, line 37 def self.get_fqdn @@fqdn end
get_ssldir()
click to toggle source
# File lib/pe_rbac/core.rb, line 29 def self.get_ssldir @@ssldir end
merge_permissions(existing, ensure_perms)
click to toggle source
return a new array of permissions, adding the permission `ensure` to the existing permissions if required
# File lib/pe_rbac/core.rb, line 107 def self.merge_permissions(existing, ensure_perms) # duplicate existing array of hash permissions = existing.map do |e| e.dup end ensure_perms.each { |ensure_perm| ensure_perm_exists = false existing.each { |existing_perm| if existing_perm['object_type'] == ensure_perm['object_type'] and existing_perm['action'] == ensure_perm['action'] and existing_perm['instance'] == ensure_perm['instance'] ensure_perm_exists = true end } if ! ensure_perm_exists permissions.push(ensure_perm) end } permissions end
request(method, path, payload=nil, raw=false)
click to toggle source
# File lib/pe_rbac/core.rb, line 67 def self.request(method, path, payload=nil, raw=false) conf = get_conf() url = "https://#{conf[:host]}:#{conf[:port]}#{PeRbac::BASE_URI}#{path}" if payload if raw _payload=payload else _payload=payload.to_json end else _payload=nil end begin connection = Excon.new(url, client_cert: conf[:cert], client_key: conf[:key], ssl_ca_file: conf[:cacert], ssl_version: :TLSv1_2) result = connection.request(method: method, headers: {"content-type"=> "application/json", "accept"=>"application/json"}, body: _payload) if result.status >= 400 # There doesn't seem to be a built-in way to check for error codes # without individually specifying each allowable 'good' status (:expect..) # so lets just check for anything that smells bad. Note that the API # sometimes gives us a 3xx code but there doesn't seem to be a need # for us to follow the redirection... Escort::Logger.error.error "Error #{result.status} encountered for '#{url}': Requested '#{_payload}', got '#{result.body}'" result = false end rescue Excon::Error => e Escort::Logger.error.error "Error (#{e.message}) for: #{url}, #{_payload}" result = false end result end
set_fqdn(fqdn)
click to toggle source
# File lib/pe_rbac/core.rb, line 33 def self.set_fqdn(fqdn) @@fqdn = fqdn end
set_ssldir(ssldir)
click to toggle source
# File lib/pe_rbac/core.rb, line 25 def self.set_ssldir(ssldir) @@ssldir = ssldir end