class Sailpoint::Rest

Used for created REST API calls to the organizations IdentityIQ source

Constants

EMPTY_HASH
EMPTY_RESPONSE

Public Class Methods

authenticate() click to toggle source

Used to verify if the supplied credentials are valid @return [Hash] - The responses body as a JSON hash

# File lib/sailpoint/rest.rb, line 15
def self.authenticate
  set_rest_interface
  response = HTTParty.get([Sailpoint.config.url, 'authentication'].join('/'),
                          headers: Sailpoint.config.auth_header,
                          output: 'json', timeout: 10)
  JSON.parse(response)
end
check_roles(identity, roles) click to toggle source

Verify if the user has any policies set within the specified roles @param identity [String] - The user in which you are requesting data for @param roles [String, Array] - Roles specified to validate against (either: role or ['role1','role2']) @return [Hash] - Return data associated with there users roles

# File lib/sailpoint/rest.rb, line 27
def self.check_roles(identity, roles)
  # Values for both attributes are required in order to create the request
  # And verify the user exists before attempting to create the request (this prevents IdentityIQ from making a long last query looking for a non-existant user)
  return EMPTY_HASH if identity.blank? || roles.blank? || get_user(identity).empty?

  set_rest_interface
  # the roles attribute should either be 'Contractor,Assistant' or ['Contractor', 'Assistant']
  roles = roles.join(',') if roles.is_a?(Array)
  response = HTTParty.get([Sailpoint.config.url, "policies/checkRolePolicies?identity=#{identity&.escape_str}&roles=#{roles}"].join('/'),
                          headers: Sailpoint.config.auth_header,
                          output: 'json', timeout: 10)
  JSON.parse(response&.body || EMPTY_RESPONSE)
end
get_identity(identity) click to toggle source

Used to fetch the specified user identiy from the REST API interface @param identity [String] - The user in which you are requesting data for @return [Hash] - If no user if found an empty hash will be returned. If a a user is found, their parsed JSON will be returned as a result

# File lib/sailpoint/rest.rb, line 44
def self.get_identity(identity)
  set_rest_interface
  response = HTTParty.get([Sailpoint.config.url, 'identities', identity&.escape_str, 'managedIdentities'].join('/'),
                          headers: Sailpoint.config.auth_header,
                          output: 'json', timeout: 10)
  return [].freeze if response.code == '500'

  JSON.parse(response&.body || EMPTY_RESPONSE).first
end
get_user(identity) click to toggle source

Used to fetch the specified users associated data @param identity [String] - The user in which you are requesting data for @return [Hash] - If no user if found an empty hash will be returned. If a a user is found, their parsed JSON will be returned as a result

# File lib/sailpoint/rest.rb, line 57
def self.get_user(identity)
  set_rest_interface
  response = HTTParty.get([Sailpoint.config.url, 'identities', identity&.escape_str].join('/'),
                          headers: Sailpoint.config.auth_header,
                          output: 'json', timeout: 10)
  raise Sailpoint::Helpers::AuthenticationException, 'Invalid credentials, please try again.' if response.code == 401

  JSON.parse(response&.body || EMPTY_RESPONSE)
end
permitted_roles(identity = '') click to toggle source

Get a users roles within the Organization @return [Hash] - The users roles associated within the Organization

# File lib/sailpoint/rest.rb, line 69
def self.permitted_roles(identity = '')
  # Before requesting a users roles we need to verify if the identiy matches a valid user first
  return EMPTY_HASH if identity.blank? || get_user(identity).blank?

  set_rest_interface
  response = HTTParty.get([Sailpoint.config.url, "roles/assignablePermits/?roleMode=assignable&identity=#{identity&.escape_str}"].join('/'),
                          headers: Sailpoint.config.auth_header,
                          output: 'json', timeout: 10)
  response_body = JSON.parse(response&.body || EMPTY_RESPONSE)
  return response_body['objects'].map { |role| role['name'] } if response['status'].present? && response['status'] == 'success'

  response_body
rescue
  EMPTY_HASH
end
ping() click to toggle source

Used to verify your credentials are valid and IdentityIQ reource is properly responding @return [Hash] - The head and body of the response

# File lib/sailpoint/rest.rb, line 87
def self.ping
  set_rest_interface
  HTTParty.get([Sailpoint.config.url, 'ping'].join('/'),
               headers: Sailpoint.config.auth_header,
               output: 'json', timeout: 10)
rescue
  false
end

Private Class Methods

set_rest_interface() click to toggle source
# File lib/sailpoint/rest.rb, line 96
def self.set_rest_interface
  Sailpoint.config.interface = 'rest'
end