class Conjur::DSL2::Planner::BaseFacts
Stores the state of existing and requested grants (roles or privileges).
The difference between the existing and requested grants can be used to determine specifically what actions should be performed in order to bring the state of the server into compliance with the policy.
Attributes
Public Class Methods
# File lib/conjur/dsl2/planner/facts.rb, line 16 def initialize planner @planner = planner @requested = Set.new @requested_with_admin_flag = Set.new @existing = Set.new @existing_with_admin_flag = Set.new end
Public Instance Methods
# File lib/conjur/dsl2/planner/facts.rb, line 24 def api planner.api end
Return the set of grants which are requested but not already held.
Note that if a grant is held with a different admin option than requested, re-applying with the new admin option will update the grant and create the desired state.
# File lib/conjur/dsl2/planner/facts.rb, line 33 def grants_to_apply sort(requested_with_admin_flag - existing_with_admin_flag) end
Return the set of grants which are held but not requested.
The admin flag is ignored by this method. So, if a grant exists (with or without admin), and it is not requested (with or without admin), it is revoked. The case in which the grant is held with a different admin option than requested is handled by grants_to_apply
.
# File lib/conjur/dsl2/planner/facts.rb, line 43 def grants_to_revoke sort(existing - requested) end
# File lib/conjur/dsl2/planner/facts.rb, line 51 def validate_resource_exists! resource planner.error("Resource not found: #{resource}") unless planner.resource_exists?(resource) end
# File lib/conjur/dsl2/planner/facts.rb, line 47 def validate_role_exists! role planner.error("Role not found: #{role}") unless planner.role_exists?(role) end
Protected Instance Methods
Sort a result if sort
is enabled.
# File lib/conjur/dsl2/planner/facts.rb, line 58 def sort result self.class.sort ? result.to_a.sort : result end