class Conjur::WebServer::AuditStream

Constants

HEADERS

Public Instance Methods

api() click to toggle source
# File lib/conjur/webserver/audit_stream.rb, line 87
def api
  Conjur::API.new_from_token Conjur::Authn.authenticate
end
call(env) click to toggle source
# File lib/conjur/webserver/audit_stream.rb, line 27
def call env
  body = Body.new
  stream_events(env) do |events|
    write_events body, events
  end
  [200, HEADERS, body]
end
fetch_events(env, options) click to toggle source
# File lib/conjur/webserver/audit_stream.rb, line 63
def fetch_events env, options
  kind, id = parse_path env
  args = if kind == 'role' && id.nil?
    [:audit_current_role, options] 
  else
    [:"audit_#{kind}", id, options]
  end
  format = Rack::Request.new(env).params['format'] || 'string'
  format_method = case format
  when 'table'
    :tableize
  else
    :humanize
  end
  api.send(*args).each {|e| send(format_method, e)}
end
parse_path(env) click to toggle source

Returns [kind, id]

# File lib/conjur/webserver/audit_stream.rb, line 57
def parse_path env
  path = env["SCRIPT_NAME"] + env["PATH_INFO"]
  %r{^/api/audit/stream/(.*?)(?:/(.*))?$} =~ path
  [$1, $2]
end
self_event?(env, e) click to toggle source

Returns true if this looks like a permission check performed by the audit service

# File lib/conjur/webserver/audit_stream.rb, line 48
def self_event? env, e
  e['action'] == 'check' && e['asset'] == 'resource' && e['conjur_role'] == e['role'] && e['role'] == env['conjur.roleid']
end
show_self_events?(env) click to toggle source
# File lib/conjur/webserver/audit_stream.rb, line 52
def show_self_events? env
  !!Rack::Request.new(env).params['self']
end
stream_events(env, &block) click to toggle source
# File lib/conjur/webserver/audit_stream.rb, line 35
def stream_events env, &block
  # This could be a lot more "EventMachineish" by using for example
  # EM::HttpRequest, but putting it in the thread pool should be
  # good enough for our purposes.
  EM.defer do
    follower = Conjur::Audit::Follower.new{|opts| fetch_events(env, opts)}
    follower.filter{|e| self_event?(env, e)} unless show_self_events?(env)
    follower.follow &block
  end
end
write_events(body, events) click to toggle source
# File lib/conjur/webserver/audit_stream.rb, line 80
def write_events body, events
  events.each do |e|
    body.write "id: #{e['event_id']}\n"
    body.write "data: #{JSON.generate e}\n\n"
  end
end