class Conjur::DSL2::Planner::Revoke

Public Instance Methods

do_plan() click to toggle source
# File lib/conjur/dsl2/planner/grants.rb, line 48
def do_plan
  facts = RoleFacts.new self
  
  # Load all the role members as both requested and existing grants.
  # Then revoke the Grant record, and see what's left.
  Array(record.roles).each do |role|
    facts.role_grants(role) do |grant|
      grant_record = Types::Grant.new
      grant_record.role = Types::Role.new(role.roleid)
      grant_record.member = Types::Member.new Types::Role.new(grant.member.roleid)
      grant_record.member.admin = grant.admin_option
      facts.add_requested_grant grant_record
      
      facts.add_existing_grant role, grant
    end
  end

  facts.remove_revoked_grant record
  
  facts.validate!
  
  facts.grants_to_revoke.each do |grant|
    roleid, memberid = grant
    revoke = Conjur::DSL2::Types::Revoke.new
    revoke.role = role_record roleid
    revoke.member = role_record(memberid)
    action revoke
  end
end