class Insights::API::Common::RBAC::Access

Constants

ADMIN_SCOPE
GROUP_SCOPE
USER_SCOPE

Attributes

acl[R]

Public Class Methods

enabled?() click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 48
def self.enabled?
  ENV['BYPASS_RBAC'] != "true"
end
new(app_name_filter = ENV["APP_NAME"]) click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 11
def initialize(app_name_filter = ENV["APP_NAME"])
  @app_name_filter = app_name_filter
end

Public Instance Methods

accessible?(resource, verb, app_name = ENV['APP_NAME']) click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 31
def accessible?(resource, verb, app_name = ENV['APP_NAME'])
  regexp = create_regexp(app_name, resource, verb)
  @acls.any? { |item| regexp.match?(item.permission) }
end
admin_scope?(resource, verb, app_name = ENV['APP_NAME']) click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 36
def admin_scope?(resource, verb, app_name = ENV['APP_NAME'])
  scope?(app_name, resource, verb, ADMIN_SCOPE)
end
group_scope?(resource, verb, app_name = ENV['APP_NAME']) click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 40
def group_scope?(resource, verb, app_name = ENV['APP_NAME'])
  scope?(app_name, resource, verb, GROUP_SCOPE)
end
process() click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 15
def process
  Service.call(RBACApiClient::AccessApi) do |api|
    @acls ||= api.get_principal_access(@app_name_filter).data
  end
  self
end
scopes(resource, verb, app_name = ENV['APP_NAME']) click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 22
def scopes(resource, verb, app_name = ENV['APP_NAME'])
  regexp = create_regexp(app_name, resource, verb)
  @acls.each_with_object([]) do |item, memo|
    if regexp.match?(item.permission)
      memo << all_scopes(item)
    end
  end.flatten.uniq.sort
end
user_scope?(resource, verb, app_name = ENV['APP_NAME']) click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 44
def user_scope?(resource, verb, app_name = ENV['APP_NAME'])
  scope?(app_name, resource, verb, USER_SCOPE)
end

Private Instance Methods

all_scopes(item) click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 69
def all_scopes(item)
  item.resource_definitions.each_with_object([]) do |rd, memo|
    if rd.attribute_filter.key == 'scope' &&
      rd.attribute_filter.operation == 'equal'
      memo << rd.attribute_filter.value
    end
  end
end
create_regexp(app_name, resource, verb) click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 78
def create_regexp(app_name, resource, verb)
  Regexp.new("(#{Regexp.escape(app_name)}):(#{Regexp.escape(resource)}):(#{Regexp.escape(verb)})")
end
scope?(app_name, resource, verb, scope) click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 54
def scope?(app_name, resource, verb, scope)
  regexp = create_regexp(app_name, resource, verb)
  @acls.any? do |item|
    regexp.match?(item.permission) && scope_matches?(item, scope)
  end
end
scope_matches?(item, scope) click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 61
def scope_matches?(item, scope)
  item.resource_definitions.any? do |rd|
    rd.attribute_filter.key == 'scope' &&
      rd.attribute_filter.operation == 'equal' &&
      rd.attribute_filter.value == scope
  end
end