class Conjur::HostFactory

A Host Factory is a way to allow clients to create Conjur hosts without giving them any other access to Conjur.

Each Host Factory can have 0 or more tokens, each of which is a random string that has an associated expiration and optional CIDR restriction. A user or machine who has a host factory token can use it to create new hosts, or to rotate the API keys of existing hosts.

@see API#host_factory_create_host @see HostFactoryToken

Public Instance Methods

create_token(expiration, cidr: nil) click to toggle source

Create a new token.

@see create_tokens

# File lib/conjur/host_factory.rb, line 59
def create_token expiration, cidr: nil
  create_tokens(expiration, cidr: cidr).first
end
create_tokens(expiration, count: 1, cidr: nil) click to toggle source

Create one or more host factory tokens. Each token can be used to create hosts, using {API#host_factory_create_host}.

@param expiration [Time] the future time at which the token will stop working. @param count [Integer] the number of (identical) tokens to create (default: 1). @param cidr [String] a CIDR restriction on the usage of the token. @return [Array<HostFactoryToken>] the token or tokens.

# File lib/conjur/host_factory.rb, line 44
def create_tokens expiration, count: 1, cidr: nil
  options = {}
  options[:expiration] = expiration.iso8601
  options[:host_factory] = id
  options[:count] = count
  options[:cidr] = cidr if cidr
  response = JSON.parse url_for(:host_factory_create_tokens, credentials, id).post(options)
  response.map do |data|
    HostFactoryToken.new data, credentials
  end
end
tokens() click to toggle source

Enumerate the tokens on the host factory.

@return [Array<HostFactoryToken>] the token or tokens.

# File lib/conjur/host_factory.rb, line 66
def tokens
  # Tokens list is not returned by +show+ if the caller doesn't have permission
  return nil unless self.attributes['tokens']

  self.attributes['tokens'].collect do |data|
    HostFactoryToken.new data, credentials
  end
end