class Conjur::Env

Public Class Methods

new(options={}) click to toggle source
# File lib/conjur/conjurenv.rb, line 64
def initialize(options={})
  raise ":file and :yaml options can not be provided together" if ( options.has_key?(:file) and options.has_key?(:yaml) )

  yaml = if options.has_key?(:yaml)
    raise ":yaml option should be non-empty string" unless options[:yaml].kind_of?(String)
    raise ":yaml option should be non-empty string" if options[:yaml].empty?
    options[:yaml]
  elsif options.has_key?(:file)
    raise ":file option should be non-empty string" unless options[:file].kind_of?(String)
    raise ":file option should be non-empty string" if options[:file].empty?
    File.read(options[:file])
  else
    raise "either :file or :yaml option is mandatory"
  end
  parse_arguments = [ yaml ]
  parse_arguments << options[:substitutions] if options[:substitutions]
  @definition = parse(*parse_arguments)
end

Public Instance Methods

check(api) click to toggle source
# File lib/conjur/conjurenv.rb, line 123
def check(api)
  Hash[
    @definition.map.each do |k,v|
      if v.respond_to? :conjur_id
        if api.resource(v.conjur_id).permitted?(:execute)
          status = :available
        else
          status = :unavailable
        end
      else
        status = :literal
      end
      [ k, status ]
    end
  ]
end
obtain(api) click to toggle source
# File lib/conjur/conjurenv.rb, line 106
def obtain(api)
  runtime_environment = {}
  @definition.each do |environment_name, v|
    value = if v.conjur_id
      api.resource(v.conjur_id).value
    else
      v
    end
    if v.respond_to?(:evaluate)
      runtime_environment[environment_name] = v.evaluate(value)
    else
      runtime_environment[environment_name] = v # is a literal value
    end
  end
  return runtime_environment
end
parse(yaml, substitutions = {}) click to toggle source
# File lib/conjur/conjurenv.rb, line 83
def parse(yaml, substitutions = {})
  YAML.add_tag("!var", ConjurVariable)
  YAML.add_tag("!tmp", ConjurTempfile)

  fix_safeyaml! %w(!tmp !var)

  definition = YAML.load(yaml)
  raise "Definition should be a Hash" unless definition.kind_of?(Hash)
  # convert fixnums to literals -- to make definitions of e.g. ports more convenient
  definition.keys.select { |k| definition[k].kind_of? Fixnum }.each { |k| definition[k]="#{definition[k]}" }
  bad_types = definition.values.select { |v| not (v.kind_of?(String) or v.kind_of?(CustomTag)) }.map {|v| v.class}.uniq
  raise "Definition can not include values of types: #{bad_types}" unless bad_types.empty?
  definition.inject({}) do |memo,e|
    key, value = e
    substitutions.each do |k,v|
      value.gsub! k, v
    end
    memo[key] = value
    memo
  end
  definition
end

Private Instance Methods

fix_safeyaml!(tags) click to toggle source
# File lib/conjur/conjurenv.rb, line 142
def fix_safeyaml! tags
  # Including `conjur-asset-policy` adds the safe_yaml gem, which patches
  # YAML.load to do so without deserializing objects with custom tags.
  if defined?(SafeYAML)
    SafeYAML::OPTIONS[:whitelisted_tags] =
        SafeYAML::OPTIONS[:whitelisted_tags].concat(tags).uniq
  end
end