class Conjur::DSL2::Planner::RoleFacts
Role
grants are a tuple of [ roleid, member_roleid, admin_option ].
Public Instance Methods
add_existing_grant(role, grant)
click to toggle source
Add a Conjur::API::Rolerevoke that is already held.
# File lib/conjur/dsl2/planner/facts.rb, line 110 def add_existing_grant role, grant existing.add [ role.roleid, grant.member.roleid ] existing_with_admin_flag.add [ role.roleid, grant.member.roleid, grant.admin_option ] end
add_requested_grant(grant)
click to toggle source
Add a Types::Grant
to the set of requested grants.
# File lib/conjur/dsl2/planner/facts.rb, line 89 def add_requested_grant grant Array(grant.roles).each do |role| Array(grant.members).each do |member| requested.add [ role.roleid, member.role.roleid ] requested_with_admin_flag.add [ role.roleid, member.role.roleid, !!member.admin ] end end end
remove_revoked_grant(revoke)
click to toggle source
Removes a Types::Revoke
from the set of requested grants.
# File lib/conjur/dsl2/planner/facts.rb, line 99 def remove_revoked_grant revoke Array(revoke.roles).each do |role| Array(revoke.members).each do |member| requested.delete [ role.roleid, member.roleid ] requested_with_admin_flag.delete [ role.roleid, member.roleid, true ] requested_with_admin_flag.delete [ role.roleid, member.roleid, false ] end end end
role_grants(role) { |grant| ... }
click to toggle source
Enumerate all existing grants on the specified role
. Each grant is yielded to the block.
# File lib/conjur/dsl2/planner/facts.rb, line 68 def role_grants role, &block begin api.role(role.roleid).members rescue RestClient::ResourceNotFound if api.role(role.roleid).exists? $stderr.puts "WARNING: Unable to fetch members of role #{role.roleid}. Use 'elevate' mode, or at least 'reveal' mode, for policy management." end [] end.each do |grant| yield grant end end
validate!()
click to toggle source
Validate that all the requested roles exist.
# File lib/conjur/dsl2/planner/facts.rb, line 82 def validate! requested.to_a.flatten.uniq.each do |roleid| validate_role_exists! roleid end end