class Conjur::Policy::Resolver
Attributes
account[R]
namespace[R]
ownerid[R]
Public Class Methods
new(account, ownerid, namespace = nil)
click to toggle source
account
is required. It's the default account whenever no account is specified. ownerid
is required. Any records without an owner will be assigned this owner. The exception is records defined in a policy, which are always owned by the policy role unless an explicit owner is indicated (which would be rare). namespace
is optional. It's prepended to the id of every record, except for ids which begin with a '/' character.
# File lib/conjur/policy/resolver.rb, line 24 def initialize account, ownerid, namespace = nil @account = account @ownerid = ownerid @namespace = namespace raise "account is required" unless account raise "ownerid is required" unless ownerid raise "ownerid must be fully qualified" unless ownerid.split(":", 3).length == 3 end
resolve(records, account, ownerid, namespace = nil)
click to toggle source
Resolve records to the specified owner id and namespace.
# File lib/conjur/policy/resolver.rb, line 8 def resolve records, account, ownerid, namespace = nil resolver_classes = [ AccountResolver, IdSubstitutionResolver, AnnotationSubstitutionResolver, OwnerResolver, FlattenResolver, DuplicateResolver ] resolver_classes.each do |cls| resolver = cls.new account, ownerid, namespace records = resolver.resolve records end records end
Protected Instance Methods
id_of(record)
click to toggle source
# File lib/conjur/policy/resolver.rb, line 47 def id_of record record.object_id end
traverse(records, visited, handler, policy_handler = nil)
click to toggle source
Traverse an Array-ish of records, calling a handler
method for each one. If a record is a Policy
, then the policy_handler
is invoked, after the handler
.
# File lib/conjur/policy/resolver.rb, line 38 def traverse records, visited, handler, policy_handler = nil Array(records).flatten.each do |record| next unless visited.add?(id_of(record)) handler.call record, visited policy_handler.call record, visited if policy_handler && record.is_a?(Types::Policy) end end