pe_rbac 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/exe/pe_rbac +8 -1
- data/lib/pe_rbac/action.rb +7 -0
- data/lib/pe_rbac/permission.rb +29 -0
- data/lib/pe_rbac/role.rb +6 -2
- data/lib/pe_rbac/version.rb +1 -1
- data/pe_rbac.gemspec +2 -0
- metadata +17 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 56e58098a25e422d8137e4efadf5b370379528ae
|
|
4
|
+
data.tar.gz: ae014b2b5aaab17146877eeac905852a8459d81e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e3f574eac122619ffb1d0ee39c4a041762af5c7b9ee14c625051658f5c06fdaa54f73b6f76205bb8c644931e26d46cf704d4ebc70b771fb3c1de9627fcaf2318
|
|
7
|
+
data.tar.gz: b5c016384239f66d858660140d31d46f5d64b8aeab8d3225dbc419c0383314a9a6d5ee190b45593452504854b21050a506295f7c3d6d26da220e1e79b3a9cfc6
|
data/exe/pe_rbac
CHANGED
|
@@ -171,7 +171,7 @@ Escort::App.create do |app|
|
|
|
171
171
|
app.command :reset_password do |command|
|
|
172
172
|
command.summary "Reset a logon password"
|
|
173
173
|
command.description "Obtain a reset token and then reset a password"
|
|
174
|
-
command.action do |options, arguments
|
|
174
|
+
command.action do |options, arguments|
|
|
175
175
|
# fixme - obtain automatically
|
|
176
176
|
cmd = :reset_password
|
|
177
177
|
username = options[:global][:commands][cmd][:options][:username]
|
|
@@ -193,4 +193,11 @@ Escort::App.create do |app|
|
|
|
193
193
|
end
|
|
194
194
|
end
|
|
195
195
|
|
|
196
|
+
app.command :show_permissions do |command|
|
|
197
|
+
command.summary "Show available permissions"
|
|
198
|
+
command.action do |options, arguments|
|
|
199
|
+
PeRbac::Action::show_permissions()
|
|
200
|
+
end
|
|
201
|
+
end
|
|
202
|
+
|
|
196
203
|
end
|
data/lib/pe_rbac/action.rb
CHANGED
|
@@ -15,6 +15,9 @@
|
|
|
15
15
|
|
|
16
16
|
require 'pe_rbac/core'
|
|
17
17
|
require 'pe_rbac/user'
|
|
18
|
+
require 'pe_rbac/permission'
|
|
19
|
+
require 'json'
|
|
20
|
+
|
|
18
21
|
module PeRbac
|
|
19
22
|
module Action
|
|
20
23
|
|
|
@@ -63,6 +66,10 @@ module PeRbac
|
|
|
63
66
|
status
|
|
64
67
|
end
|
|
65
68
|
|
|
69
|
+
def self.show_permissions
|
|
70
|
+
resp = PeRbac::Permission::get_permissions
|
|
71
|
+
puts JSON.pretty_generate(resp)
|
|
72
|
+
end
|
|
66
73
|
|
|
67
74
|
end
|
|
68
75
|
end
|
data/lib/pe_rbac/permission.rb
CHANGED
|
@@ -24,5 +24,34 @@ module PeRbac
|
|
|
24
24
|
resp = PeRbac::Core::request(:get, "/types")
|
|
25
25
|
resp ? JSON.parse(resp.body) : false
|
|
26
26
|
end
|
|
27
|
+
|
|
28
|
+
# Not all requested permissions may be avaiable per use (change between
|
|
29
|
+
# versions). To mitigate this, requeste the list of all valid permissions
|
|
30
|
+
# and remove any permissions that are not in the list from the final list of
|
|
31
|
+
# permissions to request
|
|
32
|
+
def self.safe_permissions(want_perms)
|
|
33
|
+
safe_perms = []
|
|
34
|
+
valid_perms = Permission::get_permissions()
|
|
35
|
+
|
|
36
|
+
if want_perms
|
|
37
|
+
want_perms.each { |wp|
|
|
38
|
+
valid = false
|
|
39
|
+
valid_perms.each { |vp|
|
|
40
|
+
if wp['object_type'] == vp['object_type']
|
|
41
|
+
vp['actions'].each { |va|
|
|
42
|
+
# scan for valid action inside object permissions
|
|
43
|
+
if wp['action'] == va['name']
|
|
44
|
+
valid = true
|
|
45
|
+
end
|
|
46
|
+
}
|
|
47
|
+
end
|
|
48
|
+
}
|
|
49
|
+
if valid
|
|
50
|
+
safe_perms << wp
|
|
51
|
+
end
|
|
52
|
+
}
|
|
53
|
+
end
|
|
54
|
+
safe_perms
|
|
55
|
+
end
|
|
27
56
|
end
|
|
28
57
|
end
|
data/lib/pe_rbac/role.rb
CHANGED
|
@@ -53,8 +53,10 @@ module PeRbac
|
|
|
53
53
|
|
|
54
54
|
# https://docs.puppet.com/pe/latest/rbac_roles_v1.html#post-roles
|
|
55
55
|
def self.create_role(display_name, description=display_name, permissions=[], user_ids=[], group_ids=[])
|
|
56
|
+
safe_perms = Permission::safe_permissions(permissions)
|
|
57
|
+
|
|
56
58
|
role = {
|
|
57
|
-
"permissions" =>
|
|
59
|
+
"permissions" => safe_perms,
|
|
58
60
|
"user_ids" => Array(user_ids),
|
|
59
61
|
"group_ids" => Array(group_ids),
|
|
60
62
|
"display_name" => display_name,
|
|
@@ -65,12 +67,13 @@ module PeRbac
|
|
|
65
67
|
|
|
66
68
|
def self.update_role(display_name, description=nil, permissions=nil, user_ids=nil, group_ids=nil)
|
|
67
69
|
role_id = get_role_id(display_name)
|
|
70
|
+
safe_perms = Permission::safe_permissions(permissions)
|
|
68
71
|
status = false
|
|
69
72
|
if role_id
|
|
70
73
|
role = get_role(role_id)
|
|
71
74
|
role['display_name'] = display_name ? display_name : role['display_name']
|
|
72
75
|
role['description'] = description ? display_name : role['description']
|
|
73
|
-
role['permissions'] =
|
|
76
|
+
role['permissions'] = safe_perms ? safe_perms : role['permissions']
|
|
74
77
|
role['user_ids'] = user_ids ? Array(user_ids) : role['user_ids']
|
|
75
78
|
role['group_ids'] = group_ids ? Array(group_ids) : role['group_ids']
|
|
76
79
|
|
|
@@ -79,5 +82,6 @@ module PeRbac
|
|
|
79
82
|
end
|
|
80
83
|
status
|
|
81
84
|
end
|
|
85
|
+
|
|
82
86
|
end
|
|
83
87
|
end
|
data/lib/pe_rbac/version.rb
CHANGED
data/pe_rbac.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pe_rbac
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Geoff Williams
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-03-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -164,6 +164,20 @@ dependencies:
|
|
|
164
164
|
- - '='
|
|
165
165
|
- !ruby/object:Gem::Version
|
|
166
166
|
version: 0.4.0
|
|
167
|
+
- !ruby/object:Gem::Dependency
|
|
168
|
+
name: json
|
|
169
|
+
requirement: !ruby/object:Gem::Requirement
|
|
170
|
+
requirements:
|
|
171
|
+
- - '='
|
|
172
|
+
- !ruby/object:Gem::Version
|
|
173
|
+
version: 2.0.3
|
|
174
|
+
type: :runtime
|
|
175
|
+
prerelease: false
|
|
176
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
177
|
+
requirements:
|
|
178
|
+
- - '='
|
|
179
|
+
- !ruby/object:Gem::Version
|
|
180
|
+
version: 2.0.3
|
|
167
181
|
description: Programatically do stuff with Puppet Enterprise RBAC
|
|
168
182
|
email:
|
|
169
183
|
- geoff@geoffwilliams.me.uk
|
|
@@ -211,7 +225,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
211
225
|
version: '0'
|
|
212
226
|
requirements: []
|
|
213
227
|
rubyforge_project:
|
|
214
|
-
rubygems_version: 2.
|
|
228
|
+
rubygems_version: 2.5.2
|
|
215
229
|
signing_key:
|
|
216
230
|
specification_version: 4
|
|
217
231
|
summary: Ruby API for Puppet Enterprise RBAC
|