Sha256: 838a591f3b56a9070d3c930d980ed0c124bb9171ebfcb1f7d9fa2e913bd0d4a3

Contents?: true

Size: 1.34 KB

Versions: 5

Compression:

Stored size: 1.34 KB

Contents

module Conjur
  module Policy
    module Types
      class Permit < Base
        attribute :role, kind: :member
        attribute :privilege, kind: :string, dsl_accessor: true
        attribute :resource, dsl_accessor: true
        attribute :replace, kind: :boolean, singular: true, dsl_accessor: true

        self.description = %(
Give permissions on a [Resource](#reference/resource) to a [Role](#reference/role). (contrast: [Deny](#reference/deny))

The permissions are:
1. read (see the resource)
2. execute (use the resource)
3. update (make changes to the resource)

[More](/key_concepts/rbac.html) on role-based access control in Conjur.
)

        self.example = %(
- !variable answer
- !user deep_thought

- !permit
    role: !user deep_thought
    privileges: [ read, execute, update ]
    resource: !variable answer
)
        
        include ResourceMemberDSL
        
        def initialize privilege = nil
          self.privilege = privilege
        end
        
        def to_s
          if Array === role
            role_string = role.map &:role
            admin = false
          else
            role_string = role.role
            admin = role.admin
          end
          "Permit #{role_string} to [#{Array(privilege).join(', ')}] on #{Array(resource).join(', ')}#{admin ? ' with grant option' : ''}"
        end
      end
    end
  end
end

Version data entries

5 entries across 5 versions & 1 rubygems

Version Path
conjur-asset-policy-0.8.3 lib/conjur/policy/types/permit.rb
conjur-asset-policy-0.8.2 lib/conjur/policy/types/permit.rb
conjur-asset-policy-0.8.1 lib/conjur/policy/types/permit.rb
conjur-asset-policy-0.8.0 lib/conjur/policy/types/permit.rb
conjur-asset-policy-0.7.1 lib/conjur/policy/types/permit.rb