pe_rbac 0.4.0 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/exe/pe_rbac +8 -1
- data/lib/pe_rbac/action.rb +7 -0
- data/lib/pe_rbac/permission.rb +29 -0
- data/lib/pe_rbac/role.rb +6 -2
- data/lib/pe_rbac/version.rb +1 -1
- data/pe_rbac.gemspec +2 -0
- metadata +17 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 56e58098a25e422d8137e4efadf5b370379528ae
|
|
4
|
+
data.tar.gz: ae014b2b5aaab17146877eeac905852a8459d81e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e3f574eac122619ffb1d0ee39c4a041762af5c7b9ee14c625051658f5c06fdaa54f73b6f76205bb8c644931e26d46cf704d4ebc70b771fb3c1de9627fcaf2318
|
|
7
|
+
data.tar.gz: b5c016384239f66d858660140d31d46f5d64b8aeab8d3225dbc419c0383314a9a6d5ee190b45593452504854b21050a506295f7c3d6d26da220e1e79b3a9cfc6
|
data/exe/pe_rbac
CHANGED
|
@@ -171,7 +171,7 @@ Escort::App.create do |app|
|
|
|
171
171
|
app.command :reset_password do |command|
|
|
172
172
|
command.summary "Reset a logon password"
|
|
173
173
|
command.description "Obtain a reset token and then reset a password"
|
|
174
|
-
command.action do |options, arguments
|
|
174
|
+
command.action do |options, arguments|
|
|
175
175
|
# fixme - obtain automatically
|
|
176
176
|
cmd = :reset_password
|
|
177
177
|
username = options[:global][:commands][cmd][:options][:username]
|
|
@@ -193,4 +193,11 @@ Escort::App.create do |app|
|
|
|
193
193
|
end
|
|
194
194
|
end
|
|
195
195
|
|
|
196
|
+
app.command :show_permissions do |command|
|
|
197
|
+
command.summary "Show available permissions"
|
|
198
|
+
command.action do |options, arguments|
|
|
199
|
+
PeRbac::Action::show_permissions()
|
|
200
|
+
end
|
|
201
|
+
end
|
|
202
|
+
|
|
196
203
|
end
|
data/lib/pe_rbac/action.rb
CHANGED
|
@@ -15,6 +15,9 @@
|
|
|
15
15
|
|
|
16
16
|
require 'pe_rbac/core'
|
|
17
17
|
require 'pe_rbac/user'
|
|
18
|
+
require 'pe_rbac/permission'
|
|
19
|
+
require 'json'
|
|
20
|
+
|
|
18
21
|
module PeRbac
|
|
19
22
|
module Action
|
|
20
23
|
|
|
@@ -63,6 +66,10 @@ module PeRbac
|
|
|
63
66
|
status
|
|
64
67
|
end
|
|
65
68
|
|
|
69
|
+
def self.show_permissions
|
|
70
|
+
resp = PeRbac::Permission::get_permissions
|
|
71
|
+
puts JSON.pretty_generate(resp)
|
|
72
|
+
end
|
|
66
73
|
|
|
67
74
|
end
|
|
68
75
|
end
|
data/lib/pe_rbac/permission.rb
CHANGED
|
@@ -24,5 +24,34 @@ module PeRbac
|
|
|
24
24
|
resp = PeRbac::Core::request(:get, "/types")
|
|
25
25
|
resp ? JSON.parse(resp.body) : false
|
|
26
26
|
end
|
|
27
|
+
|
|
28
|
+
# Not all requested permissions may be avaiable per use (change between
|
|
29
|
+
# versions). To mitigate this, requeste the list of all valid permissions
|
|
30
|
+
# and remove any permissions that are not in the list from the final list of
|
|
31
|
+
# permissions to request
|
|
32
|
+
def self.safe_permissions(want_perms)
|
|
33
|
+
safe_perms = []
|
|
34
|
+
valid_perms = Permission::get_permissions()
|
|
35
|
+
|
|
36
|
+
if want_perms
|
|
37
|
+
want_perms.each { |wp|
|
|
38
|
+
valid = false
|
|
39
|
+
valid_perms.each { |vp|
|
|
40
|
+
if wp['object_type'] == vp['object_type']
|
|
41
|
+
vp['actions'].each { |va|
|
|
42
|
+
# scan for valid action inside object permissions
|
|
43
|
+
if wp['action'] == va['name']
|
|
44
|
+
valid = true
|
|
45
|
+
end
|
|
46
|
+
}
|
|
47
|
+
end
|
|
48
|
+
}
|
|
49
|
+
if valid
|
|
50
|
+
safe_perms << wp
|
|
51
|
+
end
|
|
52
|
+
}
|
|
53
|
+
end
|
|
54
|
+
safe_perms
|
|
55
|
+
end
|
|
27
56
|
end
|
|
28
57
|
end
|
data/lib/pe_rbac/role.rb
CHANGED
|
@@ -53,8 +53,10 @@ module PeRbac
|
|
|
53
53
|
|
|
54
54
|
# https://docs.puppet.com/pe/latest/rbac_roles_v1.html#post-roles
|
|
55
55
|
def self.create_role(display_name, description=display_name, permissions=[], user_ids=[], group_ids=[])
|
|
56
|
+
safe_perms = Permission::safe_permissions(permissions)
|
|
57
|
+
|
|
56
58
|
role = {
|
|
57
|
-
"permissions" =>
|
|
59
|
+
"permissions" => safe_perms,
|
|
58
60
|
"user_ids" => Array(user_ids),
|
|
59
61
|
"group_ids" => Array(group_ids),
|
|
60
62
|
"display_name" => display_name,
|
|
@@ -65,12 +67,13 @@ module PeRbac
|
|
|
65
67
|
|
|
66
68
|
def self.update_role(display_name, description=nil, permissions=nil, user_ids=nil, group_ids=nil)
|
|
67
69
|
role_id = get_role_id(display_name)
|
|
70
|
+
safe_perms = Permission::safe_permissions(permissions)
|
|
68
71
|
status = false
|
|
69
72
|
if role_id
|
|
70
73
|
role = get_role(role_id)
|
|
71
74
|
role['display_name'] = display_name ? display_name : role['display_name']
|
|
72
75
|
role['description'] = description ? display_name : role['description']
|
|
73
|
-
role['permissions'] =
|
|
76
|
+
role['permissions'] = safe_perms ? safe_perms : role['permissions']
|
|
74
77
|
role['user_ids'] = user_ids ? Array(user_ids) : role['user_ids']
|
|
75
78
|
role['group_ids'] = group_ids ? Array(group_ids) : role['group_ids']
|
|
76
79
|
|
|
@@ -79,5 +82,6 @@ module PeRbac
|
|
|
79
82
|
end
|
|
80
83
|
status
|
|
81
84
|
end
|
|
85
|
+
|
|
82
86
|
end
|
|
83
87
|
end
|
data/lib/pe_rbac/version.rb
CHANGED
data/pe_rbac.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pe_rbac
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Geoff Williams
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-03-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -164,6 +164,20 @@ dependencies:
|
|
|
164
164
|
- - '='
|
|
165
165
|
- !ruby/object:Gem::Version
|
|
166
166
|
version: 0.4.0
|
|
167
|
+
- !ruby/object:Gem::Dependency
|
|
168
|
+
name: json
|
|
169
|
+
requirement: !ruby/object:Gem::Requirement
|
|
170
|
+
requirements:
|
|
171
|
+
- - '='
|
|
172
|
+
- !ruby/object:Gem::Version
|
|
173
|
+
version: 2.0.3
|
|
174
|
+
type: :runtime
|
|
175
|
+
prerelease: false
|
|
176
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
177
|
+
requirements:
|
|
178
|
+
- - '='
|
|
179
|
+
- !ruby/object:Gem::Version
|
|
180
|
+
version: 2.0.3
|
|
167
181
|
description: Programatically do stuff with Puppet Enterprise RBAC
|
|
168
182
|
email:
|
|
169
183
|
- geoff@geoffwilliams.me.uk
|
|
@@ -211,7 +225,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
211
225
|
version: '0'
|
|
212
226
|
requirements: []
|
|
213
227
|
rubyforge_project:
|
|
214
|
-
rubygems_version: 2.
|
|
228
|
+
rubygems_version: 2.5.2
|
|
215
229
|
signing_key:
|
|
216
230
|
specification_version: 4
|
|
217
231
|
summary: Ruby API for Puppet Enterprise RBAC
|