/
resource.go
159 lines (130 loc) · 3.68 KB
/
resource.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
package conjurapi
import (
"encoding/json"
"fmt"
"net/http"
"github.com/cyberark/conjur-api-go/conjurapi/response"
)
type ResourceFilter struct {
Kind string
Search string
Limit int
Offset int
Role string
}
// CheckPermission determines whether the authenticated user has a specified privilege
// on a resource.
func (c *Client) CheckPermission(resourceID string, privilege string) (bool, error) {
req, err := c.CheckPermissionRequest(resourceID, privilege)
if err != nil {
return false, err
}
return c.processPermissionCheck(req)
}
// CheckPermissionForRole determines whether the provided role has a specific
// privilege on a resource.
func (c *Client) CheckPermissionForRole(resourceID string, roleID string, privilege string) (bool, error) {
req, err := c.CheckPermissionForRoleRequest(resourceID, roleID, privilege)
if err != nil {
return false, err
}
return c.processPermissionCheck(req)
}
func (c *Client) processPermissionCheck(req *http.Request) (bool, error) {
resp, err := c.SubmitRequest(req)
if err != nil {
return false, err
}
if resp.StatusCode >= 200 && resp.StatusCode < 300 {
return true, nil
} else if resp.StatusCode == 404 || resp.StatusCode == 403 {
return false, nil
} else {
return false, fmt.Errorf("Permission check failed with HTTP status %d", resp.StatusCode)
}
}
// ResourceExists checks whether or not a resource exists
func (c *Client) ResourceExists(resourceID string) (bool, error) {
req, err := c.ResourceRequest(resourceID)
if err != nil {
return false, err
}
resp, err := c.SubmitRequest(req)
if err != nil {
return false, err
}
if (resp.StatusCode >= 200 && resp.StatusCode < 300) || resp.StatusCode == 403 {
return true, nil
} else if resp.StatusCode == 404 {
return false, nil
} else {
return false, fmt.Errorf("Resource exists check failed with HTTP status %d", resp.StatusCode)
}
}
// Resource fetches a single user-visible resource by id.
func (c *Client) Resource(resourceID string) (resource map[string]interface{}, err error) {
req, err := c.ResourceRequest(resourceID)
if err != nil {
return
}
resp, err := c.SubmitRequest(req)
if err != nil {
return
}
data, err := response.DataResponse(resp)
if err != nil {
return
}
resource = make(map[string]interface{})
err = json.Unmarshal(data, &resource)
return
}
// Resources fetches user-visible resources. The set of resources can
// be limited by the given ResourceFilter. If filter is non-nil, only
// non-zero-valued members of the filter will be applied.
func (c *Client) Resources(filter *ResourceFilter) (resources []map[string]interface{}, err error) {
req, err := c.ResourcesRequest(filter)
if err != nil {
return
}
resp, err := c.SubmitRequest(req)
if err != nil {
return
}
data, err := response.DataResponse(resp)
if err != nil {
return
}
resources = make([]map[string]interface{}, 1)
err = json.Unmarshal(data, &resources)
return
}
func (c *Client) ResourceIDs(filter *ResourceFilter) ([]string, error) {
resources, err := c.Resources(filter)
if err != nil {
return nil, err
}
resourceIDs := make([]string, 0)
for _, element := range resources {
resourceIDs = append(resourceIDs, element["id"].(string))
}
return resourceIDs, nil
}
// PermittedRoles lists the roles which have the named permission on a resource
func (c *Client) PermittedRoles(resourceID, privilege string) ([]string, error) {
req, err := c.PermittedRolesRequest(resourceID, privilege)
if err != nil {
return nil, err
}
resp, err := c.SubmitRequest(req)
if err != nil {
return nil, err
}
data, err := response.DataResponse(resp)
if err != nil {
return nil, err
}
roles := make([]string, 0)
err = json.Unmarshal(data, &roles)
return roles, nil
}