class Conjur::Policy::Planner::Revoke
Public Instance Methods
do_plan()
click to toggle source
# File lib/conjur/policy/planner/grants.rb, line 48 def do_plan facts = RoleFacts.new self # Load all the role members as both requested and existing grants. # Then revoke the Grant record, and see what's left. Array(record.roles).each do |role| facts.role_grants(role) do |grant| grant_record = Types::Grant.new grant_record.role = Types::Role.new(role.roleid) grant_record.member = Types::Member.new Types::Role.new(grant.member.roleid) grant_record.member.admin = grant.admin_option facts.add_requested_grant grant_record facts.add_existing_grant role, grant end end facts.remove_revoked_grant record facts.validate! facts.grants_to_revoke.each do |grant| roleid, memberid = grant revoke = Conjur::Policy::Types::Revoke.new revoke.role = role_record roleid revoke.member = role_record(memberid) action revoke end end