lib/conjur/base.rb in conjur-api-4.22.1 vs lib/conjur/base.rb in conjur-api-4.23.0

@@ -139,10 +139,19 @@
       # @param [String] remote_ip the optional IP address to be recorded in the audit record.
       # @return [Conjur::API] an api that will authenticate with the token
       def new_from_token(token, remote_ip = nil)
         self.new nil, nil, token, remote_ip
       end
+      
+      def encode_audit_ids(ids)
+        ids.collect{|id| CGI::escape(id)}.join('&')
+      end
+
+      def decode_audit_ids(ids)
+        ids.split('&').collect{|id| CGI::unescape(id)}
+      end
+
     end
     
     # Create a new instance from a username and api key or a token.
     #
     # @note You should use {Conjur::API.new_from_token} or {Conjur::API.new_from_key} instead of calling this method
@@ -177,10 +186,20 @@
 
     #@!attribute [rw] privilege
     # The optional global privilege (e.g. 'elevate' or 'reveal') which should be attempted on the request.
     attr_accessor :privilege
 
+    #@!attribute [rw] audit_roles
+    # An array of role ids that should be included in any audit
+    # records generated by requsts made by this instance of the api.
+    attr_accessor :audit_roles
+
+    #@!attribute [rw] audit_resources
+    # An array of resource ids that should be included in any audit
+    # records generated by requsts made by this instance of the api.
+    attr_accessor :audit_resources
+
     # The name of the user as which this api instance is authenticated.  This is available whether the api
     # instance was created from credentials or an authentication token.
     #
     # @return [String] the login of the current user.
     def username
@@ -231,10 +250,12 @@
     def credentials
       headers = {}.tap do |h|
         h[:authorization] = "Token token=\"#{Base64.strict_encode64 token.to_json}\""
         h[:x_conjur_privilege] = @privilege if @privilege
         h[:x_forwarded_for] = @remote_ip if @remote_ip
+        h[:conjur_audit_roles] = Conjur::API.encode_audit_ids(@audit_roles) if @audit_roles
+        h[:conjur_audit_resources] = Conjur::API.encode_audit_ids(@audit_resources) if @audit_resources
       end
       { headers: headers, username: username }
     end
 
     # Return a new API object with the specified X-Conjur-Privilege.
@@ -243,10 +264,26 @@
     def with_privilege privilege
       self.class.new(username, api_key, token, remote_ip).tap do |api|
         api.privilege = privilege
       end
     end
-    
+
+    def with_audit_roles role_ids
+      role_ids = Array(role_ids)
+      self.class.new(username, api_key, token, remote_ip).tap do |api|
+        # Ensure that all role ids are fully qualified
+        api.audit_roles = role_ids.collect { |id| api.role(id).roleid }
+      end
+    end
+
+    def with_audit_resources resource_ids
+      resource_ids = Array(resource_ids)
+      self.class.new(username, api_key, token, remote_ip).tap do |api|
+        # Ensure that all resource ids are fully qualified
+        api.audit_resources = resource_ids.collect { |id| api.resource(id).resourceid }
+      end
+    end
+
     private
 
     def token_valid?
       begin
         validate_token