module VaultApi::Client::Policies
Public Instance Methods
create_initial_user_policy(username)
click to toggle source
# File lib/vault_api/client/policies.rb, line 7 def create_initial_user_policy(username) puts "Creating #{username}_policy" if VaultApi.put_policy("#{username}_policy", policy_json(username)) puts "Created #{username}_policy" true else false end end
create_policy(username, path = '', capabilities = [])
click to toggle source
# File lib/vault_api/client/policies.rb, line 21 def create_policy(username, path = '', capabilities = []) policy_rules = {} policy_rules[:path] ||= {} policy_rules[:path][path.to_s] ||= {} policy_rules[:path][path.to_s][:capabilities] = capabilities VaultApi.put_policy("#{username}_policy", policy_rules.to_json) end
delete_policy(username)
click to toggle source
# File lib/vault_api/client/policies.rb, line 37 def delete_policy(username) VaultApi.delete_policy("#{username}_policy") end
read_policy(username)
click to toggle source
# File lib/vault_api/client/policies.rb, line 17 def read_policy(username) VaultApi.policy("#{username}_policy") end
update_policy(username, path = '', capabilities = [])
click to toggle source
# File lib/vault_api/client/policies.rb, line 29 def update_policy(username, path = '', capabilities = []) policy = VaultApi.policy("#{username}_policy") policy_rules = JSON.parse(policy.rules).with_indifferent_access policy_rules[:path][path.to_s] ||= {} policy_rules[:path][path.to_s][:capabilities] = capabilities VaultApi.put_policy("#{username}_policy", policy_rules.to_json) end
Private Instance Methods
policy_json(username)
click to toggle source
# File lib/vault_api/client/policies.rb, line 43 def policy_json(username) { path: { "secret/#{VaultApi.env}/#{username}/*" => { capabilities: %w[create read update delete list] }, "#{VaultApi.secret_global_base_path}/*" => { capabilities: %w[read list] }, :'secret/*' => { capabilities: %w[read list] }, :'auth/token/lookup-self' => { capabilities: %w[read] }, :'sys/capabilities-self' => { capabilities: %w[update read] }, :'sys/mounts' => { capabilities: %w[read] }, :'sys/auth' => { capabilities: %w[read] }, "sys/policy/#{username}_policy" => { capabilities: %w[read] } } }.to_json end