insights-api-common 3.3.1 → 3.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/concerns/insights/api/common/tagging_methods.rb +38 -0
- data/lib/insights/api/common.rb +1 -0
- data/lib/insights/api/common/request.rb +2 -1
- data/lib/insights/api/common/status.rb +17 -0
- data/lib/insights/api/common/version.rb +1 -1
- metadata +4 -6
- data/lib/insights/api/common/rbac/acl.rb +0 -74
- data/lib/insights/api/common/rbac/query_shared_resource.rb +0 -45
- data/lib/insights/api/common/rbac/share_resource.rb +0 -60
- data/lib/insights/api/common/rbac/unshare_resource.rb +0 -32
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e8026f4b784de4017aa2e008109d94bb5556bbdaf747c66a9096b68be6b1cdae
|
4
|
+
data.tar.gz: 83c1e5b44afd8dc53224f8dad912888ad5fad922e0877b01e5c5d5a3d5ecfa30
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ac25d3c924e3bf19802558705d9b9b5a1c63cef56ac987a16bc984543ea473092d46c4c9a7e05b183f6c6bc2426cbd161fdf06831ad62540c03ce081e19331c5
|
7
|
+
data.tar.gz: 9542c208f830361e3e3d23194f506acc3896f891ed8c772de83cd26c2ba6dec54398bd3306f16fd0b9dedaeb9f93f9e9a8a64e2f61019521d3ca717b4fc54dc9
|
@@ -0,0 +1,38 @@
|
|
1
|
+
module Insights
|
2
|
+
module API
|
3
|
+
module Common
|
4
|
+
module TaggingMethods
|
5
|
+
def tag
|
6
|
+
primary_instance = primary_collection_model.find(request_path_parts["primary_collection_id"])
|
7
|
+
|
8
|
+
applied_tags = parsed_body.collect do |i|
|
9
|
+
begin
|
10
|
+
tag = Tag.find_or_create_by!(Tag.parse(i["tag"]))
|
11
|
+
primary_instance.tags << tag
|
12
|
+
i
|
13
|
+
rescue ActiveRecord::RecordNotUnique
|
14
|
+
end
|
15
|
+
end.compact
|
16
|
+
|
17
|
+
# HTTP Not Modified
|
18
|
+
return head(304, :location => "#{instance_link(primary_instance)}/tags") if applied_tags.empty?
|
19
|
+
|
20
|
+
# HTTP Created
|
21
|
+
render :json => parsed_body, :status => 201, :location => "#{instance_link(primary_instance)}/tags"
|
22
|
+
end
|
23
|
+
|
24
|
+
def untag
|
25
|
+
primary_instance = primary_collection_model.find(request_path_parts["primary_collection_id"])
|
26
|
+
|
27
|
+
parsed_body.each do |i|
|
28
|
+
tag = Tag.find_by(Tag.parse(i["tag"]))
|
29
|
+
primary_instance.tags.destroy(tag) if tag
|
30
|
+
end
|
31
|
+
|
32
|
+
# HTTP No Content
|
33
|
+
head 204, :location => "#{instance_link(primary_instance)}/tags"
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
data/lib/insights/api/common.rb
CHANGED
@@ -17,7 +17,8 @@ module Insights
|
|
17
17
|
FORWARDABLE_HEADER_KEYS = [REQUEST_ID_KEY, IDENTITY_KEY, PERSONA_KEY].freeze
|
18
18
|
OPTIONAL_AUTH_PATHS = [
|
19
19
|
%r{\A/api/v[0-9]+(\.[0-9]+)?/openapi.json\z},
|
20
|
-
%r{\A/api/[^/]+/v[0-9]+(\.[0-9]+)?/openapi.json\z}
|
20
|
+
%r{\A/api/[^/]+/v[0-9]+(\.[0-9]+)?/openapi.json\z},
|
21
|
+
%r{\A/health\z}
|
21
22
|
].freeze
|
22
23
|
|
23
24
|
def self.current
|
@@ -0,0 +1,17 @@
|
|
1
|
+
module Insights
|
2
|
+
module API
|
3
|
+
module Common
|
4
|
+
module Status
|
5
|
+
module Api
|
6
|
+
def health
|
7
|
+
if PG::Connection.ping(ENV['DATABASE_URL']) == PG::Connection::PQPING_OK
|
8
|
+
head :ok
|
9
|
+
else
|
10
|
+
head :internal_server_error
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: insights-api-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Insights Authors
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-01-
|
11
|
+
date: 2020-01-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: acts_as_tenant
|
@@ -312,6 +312,7 @@ files:
|
|
312
312
|
- LICENSE.txt
|
313
313
|
- README.md
|
314
314
|
- Rakefile
|
315
|
+
- app/controllers/concerns/insights/api/common/tagging_methods.rb
|
315
316
|
- app/models/authentication.rb
|
316
317
|
- app/models/concerns/encryption_concern.rb
|
317
318
|
- app/models/encryption.rb
|
@@ -358,17 +359,14 @@ files:
|
|
358
359
|
- lib/insights/api/common/option_redirect_enhancements.rb
|
359
360
|
- lib/insights/api/common/paginated_response.rb
|
360
361
|
- lib/insights/api/common/rbac/access.rb
|
361
|
-
- lib/insights/api/common/rbac/acl.rb
|
362
362
|
- lib/insights/api/common/rbac/policies.rb
|
363
|
-
- lib/insights/api/common/rbac/query_shared_resource.rb
|
364
363
|
- lib/insights/api/common/rbac/roles.rb
|
365
364
|
- lib/insights/api/common/rbac/seed.rb
|
366
365
|
- lib/insights/api/common/rbac/service.rb
|
367
|
-
- lib/insights/api/common/rbac/share_resource.rb
|
368
|
-
- lib/insights/api/common/rbac/unshare_resource.rb
|
369
366
|
- lib/insights/api/common/rbac/utilities.rb
|
370
367
|
- lib/insights/api/common/request.rb
|
371
368
|
- lib/insights/api/common/routing.rb
|
369
|
+
- lib/insights/api/common/status.rb
|
372
370
|
- lib/insights/api/common/user.rb
|
373
371
|
- lib/insights/api/common/version.rb
|
374
372
|
- lib/tasks/insights/api/common_tasks.rake
|
@@ -1,74 +0,0 @@
|
|
1
|
-
module Insights
|
2
|
-
module API
|
3
|
-
module Common
|
4
|
-
module RBAC
|
5
|
-
class ACL
|
6
|
-
def create(resource_id, permissions)
|
7
|
-
permissions.collect do |permission|
|
8
|
-
create_acl(permission, resource_id)
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
def remove(acls, resource_id, permissions)
|
13
|
-
permissions.each_with_object(acls) do |permission, as|
|
14
|
-
delete_matching(as, resource_id, permission)
|
15
|
-
end
|
16
|
-
end
|
17
|
-
|
18
|
-
def add(acls, resource_id, permissions)
|
19
|
-
new_acls = permissions.each_with_object([]) do |permission, as|
|
20
|
-
next if find_matching(acls, resource_id, permission)
|
21
|
-
|
22
|
-
as << create_acl(permission, resource_id)
|
23
|
-
end
|
24
|
-
new_acls + acls
|
25
|
-
end
|
26
|
-
|
27
|
-
def resource_defintions_empty?(acls, permission)
|
28
|
-
acls.each do |acl|
|
29
|
-
if acl.permission == permission
|
30
|
-
return acl.resource_definitions.empty?
|
31
|
-
end
|
32
|
-
end
|
33
|
-
true
|
34
|
-
end
|
35
|
-
|
36
|
-
private
|
37
|
-
|
38
|
-
def create_acl(permission, resource_id = nil)
|
39
|
-
resource_def = resource_definition(resource_id) if resource_id
|
40
|
-
RBACApiClient::Access.new.tap do |access|
|
41
|
-
access.permission = permission
|
42
|
-
access.resource_definitions = resource_def ? [resource_def] : []
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|
46
|
-
def resource_definition(resource_id)
|
47
|
-
rdf = RBACApiClient::ResourceDefinitionFilter.new.tap do |obj|
|
48
|
-
obj.key = 'id'
|
49
|
-
obj.operation = 'equal'
|
50
|
-
obj.value = resource_id.to_s
|
51
|
-
end
|
52
|
-
|
53
|
-
RBACApiClient::ResourceDefinition.new.tap do |rd|
|
54
|
-
rd.attribute_filter = rdf
|
55
|
-
end
|
56
|
-
end
|
57
|
-
|
58
|
-
def matches?(access, resource_id, permission)
|
59
|
-
access.permission == permission &&
|
60
|
-
access.resource_definitions.any? { |rdf| rdf.attribute_filter.key == 'id' && rdf.attribute_filter.operation == 'equal' && rdf.attribute_filter.value == resource_id.to_s }
|
61
|
-
end
|
62
|
-
|
63
|
-
def find_matching(acls, resource_id, permission)
|
64
|
-
acls.detect { |access| matches?(access, resource_id, permission) }
|
65
|
-
end
|
66
|
-
|
67
|
-
def delete_matching(acls, resource_id, permission)
|
68
|
-
acls.delete_if { |access| matches?(access, resource_id, permission) }
|
69
|
-
end
|
70
|
-
end
|
71
|
-
end
|
72
|
-
end
|
73
|
-
end
|
74
|
-
end
|
@@ -1,45 +0,0 @@
|
|
1
|
-
module Insights
|
2
|
-
module API
|
3
|
-
module Common
|
4
|
-
module RBAC
|
5
|
-
class QuerySharedResource
|
6
|
-
require 'rbac-api-client'
|
7
|
-
|
8
|
-
include Utilities
|
9
|
-
attr_accessor :share_info
|
10
|
-
|
11
|
-
def initialize(options)
|
12
|
-
@app_name = options[:app_name]
|
13
|
-
@resource_id = options[:resource_id]
|
14
|
-
@resource_name = options[:resource_name]
|
15
|
-
@share_info = []
|
16
|
-
@roles = RBAC::Roles.new("#{@app_name}-#{@resource_name}-#{@resource_id}", 'account')
|
17
|
-
end
|
18
|
-
|
19
|
-
def process
|
20
|
-
build_share_info
|
21
|
-
self
|
22
|
-
end
|
23
|
-
|
24
|
-
private
|
25
|
-
|
26
|
-
def build_share_info
|
27
|
-
@roles.with_each_role do |role|
|
28
|
-
_id, group_uuid = parse_ids_from_name(role.name)
|
29
|
-
group = get_group(group_uuid)
|
30
|
-
@share_info << { 'group_name' => group.name,
|
31
|
-
'group_uuid' => group.uuid,
|
32
|
-
'permissions' => role.access.collect(&:permission)}
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
def get_group(uuid)
|
37
|
-
Service.call(RBACApiClient::GroupApi) do |api_instance|
|
38
|
-
api_instance.get_group(uuid)
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
@@ -1,60 +0,0 @@
|
|
1
|
-
module Insights
|
2
|
-
module API
|
3
|
-
module Common
|
4
|
-
module RBAC
|
5
|
-
class ShareResource
|
6
|
-
require 'rbac-api-client'
|
7
|
-
include Utilities
|
8
|
-
|
9
|
-
def initialize(options)
|
10
|
-
@app_name = options[:app_name]
|
11
|
-
@resource_name = options[:resource_name]
|
12
|
-
@permissions = options[:permissions]
|
13
|
-
@resource_ids = options[:resource_ids]
|
14
|
-
@group_uuids = SortedSet.new(options[:group_uuids])
|
15
|
-
@acls = RBAC::ACL.new
|
16
|
-
end
|
17
|
-
|
18
|
-
def process
|
19
|
-
validate_groups
|
20
|
-
@roles = RBAC::Roles.new("#{@app_name}-#{@resource_name}-", 'account')
|
21
|
-
@group_uuids.each { |uuid| manage_roles_for_group(uuid) }
|
22
|
-
self
|
23
|
-
end
|
24
|
-
|
25
|
-
private
|
26
|
-
|
27
|
-
def manage_roles_for_group(group_uuid)
|
28
|
-
@resource_ids.each do |resource_id|
|
29
|
-
name = unique_name(resource_id, group_uuid)
|
30
|
-
role = @roles.find(name)
|
31
|
-
role ? update_existing_role(role, resource_id) : add_new_role(name, group_uuid, resource_id)
|
32
|
-
end
|
33
|
-
end
|
34
|
-
|
35
|
-
def update_existing_role(role, resource_id)
|
36
|
-
role.access = @acls.add(role.access, resource_id, @permissions)
|
37
|
-
@roles.update(role) if role.access.present?
|
38
|
-
end
|
39
|
-
|
40
|
-
def add_new_role(name, group_uuid, resource_id)
|
41
|
-
acls = @acls.create(resource_id, @permissions)
|
42
|
-
role = @roles.add(name, acls)
|
43
|
-
add_policy(name, group_uuid, role.uuid)
|
44
|
-
end
|
45
|
-
|
46
|
-
def add_policy(name, group_uuid, role_uuid)
|
47
|
-
Service.call(RBACApiClient::PolicyApi) do |api_instance|
|
48
|
-
policy_in = RBACApiClient::PolicyIn.new
|
49
|
-
policy_in.name = name
|
50
|
-
policy_in.description = 'Shared Policy'
|
51
|
-
policy_in.group = group_uuid
|
52
|
-
policy_in.roles = [role_uuid]
|
53
|
-
api_instance.create_policies(policy_in)
|
54
|
-
end
|
55
|
-
end
|
56
|
-
end
|
57
|
-
end
|
58
|
-
end
|
59
|
-
end
|
60
|
-
end
|
@@ -1,32 +0,0 @@
|
|
1
|
-
module Insights
|
2
|
-
module API
|
3
|
-
module Common
|
4
|
-
module RBAC
|
5
|
-
require 'rbac-api-client'
|
6
|
-
|
7
|
-
class UnshareResource < ShareResource
|
8
|
-
attr_accessor :count
|
9
|
-
|
10
|
-
def initialize(options)
|
11
|
-
@count = 0
|
12
|
-
super
|
13
|
-
end
|
14
|
-
|
15
|
-
private
|
16
|
-
|
17
|
-
def manage_roles_for_group(group_uuid)
|
18
|
-
@resource_ids.each do |resource_id|
|
19
|
-
name = unique_name(resource_id, group_uuid)
|
20
|
-
role = @roles.find(name)
|
21
|
-
next unless role
|
22
|
-
|
23
|
-
role.access = @acls.remove(role.access, resource_id, @permissions)
|
24
|
-
role.access.present? ? @roles.update(role) : @roles.delete(role)
|
25
|
-
@count += 1
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|