class CloudFoundry::Perm::V1::Client

Attributes

hostname[R]
port[R]
timeout[R]
trusted_cas[R]
url[R]

Public Class Methods

new(hostname:, port: 6283, trusted_cas:, timeout: 15) click to toggle source
# File lib/perm/v1/client.rb, line 12
def initialize(hostname:, port: 6283, trusted_cas:, timeout: 15)
  raise ArgumentError, 'trusted_cas cannot be empty' if trusted_cas.empty?

  @hostname = hostname
  @port = port
  @url = "#{hostname}:#{port}"
  @trusted_cas = trusted_cas
  @timeout = timeout
end

Public Instance Methods

assign_role(role_name:, actor_id:, namespace:) click to toggle source
# File lib/perm/v1/client.rb, line 46
def assign_role(role_name:, actor_id:, namespace:)
  actor = Protos::Actor.new(id: actor_id, namespace: namespace)
  request = Protos::AssignRoleRequest.new(actor: actor, role_name: role_name)

  grpc_role_service.assign_role(request)

  nil
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end
assign_role_to_group(role_name:, group_id:) click to toggle source
# File lib/perm/v1/client.rb, line 68
def assign_role_to_group(role_name:, group_id:)
  group = Protos::Group.new(id: group_id)
  request = Protos::AssignRoleToGroupRequest.new(group: group, role_name: role_name)

  grpc_role_service.assign_role_to_group(request)

  nil
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end
create_role(role_name:, permissions: []) click to toggle source
# File lib/perm/v1/client.rb, line 22
def create_role(role_name:, permissions: [])
  permission_protos = permissions.map do |p|
    Protos::Permission.new(action: p.action, resource_pattern: p.resource_pattern)
  end
  request = Protos::CreateRoleRequest.new(name: role_name, permissions: permission_protos)

  response = grpc_role_service.create_role(request)
  role = response.role

  Models::Role.new(name: role.name)
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end
delete_role(name) click to toggle source
# File lib/perm/v1/client.rb, line 36
def delete_role(name)
  request = Protos::DeleteRoleRequest.new(name: name)

  grpc_role_service.delete_role(request)

  nil
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end
has_permission?(actor_id:, namespace:, action:, resource:, group_ids: []) click to toggle source

rubocop:disable Metrics/MethodLength

# File lib/perm/v1/client.rb, line 125
def has_permission?(actor_id:, namespace:, action:, resource:, group_ids: [])
  actor = Protos::Actor.new(id: actor_id, namespace: namespace)

  groups = []
  group_ids.each do |group_id|
    groups.push(Protos::Group.new(id: group_id))
  end

  request = Protos::HasPermissionRequest.new(
    actor: actor, action: action, resource: resource, groups: groups
  )

  grpc_permission_service.has_permission(request).has_permission
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end
has_role?(role_name:, actor_id:, namespace:) click to toggle source

rubocop:disable Naming/PredicateName

# File lib/perm/v1/client.rb, line 91
def has_role?(role_name:, actor_id:, namespace:)
  actor = Protos::Actor.new(id: actor_id, namespace: namespace)
  request = Protos::HasRoleRequest.new(actor: actor, role_name: role_name)

  response = grpc_role_service.has_role(request)
  response.has_role
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end
has_role_for_group?(role_name:, group_id:) click to toggle source
# File lib/perm/v1/client.rb, line 101
def has_role_for_group?(role_name:, group_id:)
  group = Protos::Group.new(id: group_id)
  request = Protos::HasRoleForGroupRequest.new(group: group, role_name: role_name)

  response = grpc_role_service.has_role_for_group(request)
  response.has_role
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end
list_resource_patterns(actor_id:, namespace:, action:, group_ids: []) click to toggle source
# File lib/perm/v1/client.rb, line 142
def list_resource_patterns(actor_id:, namespace:, action:, group_ids: [])
  actor = Protos::Actor.new(id: actor_id, namespace: namespace)

  groups = []
  group_ids.each do |group_id|
    groups.push(Protos::Group.new(id: group_id))
  end

  request = Protos::ListResourcePatternsRequest.new(
    actor: actor,
    action: action,
    groups: groups
  )

  response = grpc_permission_service.list_resource_patterns(request)

  response.resource_patterns
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end
list_role_permissions(role_name:) click to toggle source
# File lib/perm/v1/client.rb, line 111
def list_role_permissions(role_name:)
  request = Protos::ListRolePermissionsRequest.new(role_name: role_name)

  response = grpc_role_service.list_role_permissions(request)
  permissions = response.permissions

  permissions.map do |permission|
    Models::Permission.new(action: permission.action, resource_pattern: permission.resource_pattern)
  end
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end
unassign_role(role_name:, actor_id:, namespace:) click to toggle source
# File lib/perm/v1/client.rb, line 57
def unassign_role(role_name:, actor_id:, namespace:)
  actor = Protos::Actor.new(id: actor_id, namespace: namespace)
  request = Protos::UnassignRoleRequest.new(actor: actor, role_name: role_name)

  grpc_role_service.unassign_role(request)

  nil
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end
unassign_role_from_group(role_name:, group_id:) click to toggle source
# File lib/perm/v1/client.rb, line 79
def unassign_role_from_group(role_name:, group_id:)
  group = Protos::Group.new(id: group_id)
  request = Protos::UnassignRoleFromGroupRequest.new(group: group, role_name: role_name)

  grpc_role_service.unassign_role_from_group(request)

  nil
rescue GRPC::BadStatus => e
  raise Errors.from_grpc_error(e)
end

Private Instance Methods

grpc_permission_service() click to toggle source
# File lib/perm/v1/client.rb, line 188
def grpc_permission_service
  @grpc_permission_service ||= Protos::PermissionService::Stub.new(
    url,
    tls_credentials,
    timeout: timeout,
    channel_override: shared_channel
  )
end
grpc_role_service() click to toggle source
# File lib/perm/v1/client.rb, line 179
def grpc_role_service
  @grpc_role_service ||= Protos::RoleService::Stub.new(
    url,
    tls_credentials,
    timeout: timeout,
    channel_override: shared_channel
  )
end
shared_channel() click to toggle source
# File lib/perm/v1/client.rb, line 171
def shared_channel
  @shared_channel ||= GRPC::Core::Channel.new(
    url,
    { 'grpc.primary_user_agent' => "grpc-ruby/#{GRPC::VERSION}" },
    tls_credentials
  )
end
tls_credentials() click to toggle source
# File lib/perm/v1/client.rb, line 167
def tls_credentials
  @tls_credentials ||= GRPC::Core::ChannelCredentials.new(trusted_cas.join("\n"))
end