NAME
Tivoli::AccessManager::Admin::ProtObject
SYNOPSIS
use Tivoli::AccessManager::Admin;
my $resp;
my $pd = Tivoli::AccessManager::Admin->new( password => 'foobar' );
my $pobj = Tivoli::AccessManager::Admin::ProtObject->new( $pdadmin,
name => '/test/monkey');
# Create the object unless it already exists
$resp = $pobj->create unless $pobj->exist;
# Set the type and the description
$resp = $pobj->type( 'container' );
$resp = $pobj->description( 'Monkey!' );
# Attach an ACL
$resp = $pobj->acl( attach => 'default-webseal' );
# Detach an ACL
$resp = $pobj->acl( detach => 1 );
# Get the attached and effective ACL
$resp = $pobj->acl;
my $href = $resp->value;
print "Effective ACL: $href->{effective}\n";
print "Attached ACL: $href->{attached}\n";
# Find out where else the ACL is attached
$resp = Tivoli::AccessManager::Admin::ProtObject->find( acl => $href->{attached} );
# Attach an authorization rule
$resp = $pobj->authzrule( attach => 'silly' );
# Find out where else the authzrule is attached
$resp = Tivoli::AccessManager::Admin::ProtObject->find( authzrule => 'silly' );
# Detach an authzrule
$resp = $pobj->authzrule( detach => 1 );
# Get the attached and effective Authzrule
$resp = $pobj->authzrule;
my $href = $resp->value;
print "Effective Authz: $href->{effective}\n";
print "Attached Authz: $href->{attached}\n";
# Get a list of the objects under /test
my $top = Tivoli::AccessManager::Admin::ProtObject->new( $pd, name => '/test' );
$resp = $top->list;
# See what POPs are attached to the object
$resp = $pobj->pop;
# Set is_policy_attachable bit to 0
$resp = $pobj->policy_attachable( 0 );
# Add some attributes
$resp = $pobj->attributes( add => { evil => 1,
smoking => [ qw/strawberry crack/ ]
});
# Remove one of the values
$resp = $pobj->attributes( remove => { smoking => 'crack' } );
# Remove the keys
$resp = $pobj->attributes( removekey => [ qw/evil smoking/ ] )
# Finally, delete it
$resp = $pobj->delete;
DESCRIPTION
Tivoli::AccessManager::Admin::ProtObject provides the interface to the protected object API calls.
CONSTRUCTORS
new( PDADMIN[, name => NAME, type => TYPE, description => DESC ])
Creates a new Tivoli::AccessManager::Admin::ProtObject object.
Parameters
- PDADMIN
-
A blessed and initialized Tivoli::AccessManager::Admin::Context. This is the only required parameter.
- name => NAME
-
The name of the protected object. This usually looks an awful lot like a UNIX path.
- type => TYPE
-
The protected object type. See "Types" for a full discussion of the allowed values.
- description => DESC
-
Some descriptive text.
Returns
A blessed Tivoli::AccessManager::Admin::ProtObject object. If the type is specified and it is not a valid type, you will get a nasty warning and a return of undef.
create(PDADMIN,name => NAME[, type => TYPE, description => DESC ])
"create", as with all the other modules, can be used to both initialize the Tivoli::AccessManager::Admin::ProtObject instance and create the object in the policy database.
In this case, the newly created instance will be returned to you in a Tivoli::AccessManager::Admin::Response object. See that module's Fine Documentation to learn how to get it.
Parameters
The parameters are identical to those for "new". The only difference is that the name is now a required parameter.
Returns
A Tivoli::AccessManager::Admin::Response object containing the new instance.
CLASS METHODS
find(PDADMIN, <acl => 'acl name' | authzrule => 'auth rule name'>)
Searches the object space for every object to which either the ACL or the authzrule is attached. You can use this method, but I think the find methods for Tivoli::AccessManager::Admin::ACL and Tivoli::AccessManager::Admin::Authzrule make more sense.
Parameters
You only need to provide either the acl or authzrule. If both are provided, the ACL will win.
- PDADMIN
-
A blessed and initialized Tivoli::AccessManager::Admin::Context. This is the only required parameter.
- acl => 'acl name'
-
The name of the ACL for which we are searching.
- authzrule => 'auth rule name'
-
The name of the authzrule for which we are searching.
Returns
A Tivoli::AccessManager::Admin::Response object containing a possibly empty array of all objects found.
METHODS
Unless otherwise mentioned, everything returns a Tivoli::AccessManager::Admin::Response object.
create([ name => NAME, type => TYPE, description => DESC ])
Yes, "create" can also be used as a method.
Parameters
The same as "create" the constructor. You must provide the name of you did not provide it to "new".
Returns
A Tivoli::AccessManager::Admin::Response object containing the new instance.
delete
Deletes the object from the policy database.
Parameters
None
Returns
Success if the object exists and it can be deleted.
get
Refreshes the cached ivadmin_protobj structure. This should almost never need to be used by you, unless you decide to bypass my nice interface and go directly to the API calls.
Parameters
None
Returns
None
acl([attach => 'ACL Name', detach => 'ACL Name'])
Attaches or detaches an ACL from the object. If called with no parameters, returns the attached and effective ACL for that object. If called with both attach and detach, detaches are handled first.
Parameters
- attach => 'ACL Name'
-
This will cause the named ACL to be attached to the the object.
- detach => 'ACL Name'
-
The will cause the named ACL to be detached.
Returns
Any attempt to attach an ACL that does not exist or detach an ACL not already attached will result in an error.
Otherwise, you will get a hash that looks like this:
- attached
-
The name of the attached ACL if any
- effective
-
The name of the effective ACL.
authzrule([attach => "Authzrule", detach => "Authzrule"])
Attaches and detaches authorization rules. Unlike "acl", this code is currently completely untested. I don't yet know how to create authzrules to test it.
Parameters
- attach => 'authzrule Name'
-
This will cause the named authzrule to be attached to the the object.
- detach => 'authzrule Name'
-
The will cause the named authzrule to be detached.
Returns
Any attempt to attach an authzrule that does not exist or detach an authzrule not already attached will result in an error.
Otherwise, you will get a hash that looks like this:
- attached
-
The name of the attached authzrule if any
- effective
-
The name of the effective authzrule.
pop
Returns the attached and effective POP. See Tivoli::AccessManager::Admin::POP for the attach and detach methods. Don't look at me -- I didn't write the API.
Parameters
None
Returns
A hash that looks like this:
- attached
-
The name of the attached POP if any
- effective
-
The name of the effective POP.
type([TYPE])
Sets or gets the object's type. See "Types" for a discussion of the valid types.
Parameters
Returns
The object's type.
description(['DESC'])
Give the object some enlightening description.
Parameters
Returns
The object's description.
policy_attachable([0|1])
Allow policies to be attached or not.
Parameters
Returns
1 if the object allows policies to be attached, 0 otherwise.
list
Lists all of the object immediately below the object in question.
Parameters
None
Returns
A list, possibly empty, of all the sub-objects.
attributes([add => { key => [qw/value0 value1/] | 'value0' }, remove => { key => [qw/value0 value1/] | 'value0' }, removekey => [qw/key0 key1] ] )
Adds key/value attributes to an object, removes the values and removes the entire key/value pairs. I find these to be the more ... annoying functions.
Parameters
- add => { key => [qw/ value0 value1/] | 'value0' }
-
Causes "attribute" to add any number of key/value pairs to the object. As you can have multiple values associated with any given key, you can either use an array reference for multiple values, or a simple scalar if you are playing with only one.
You can, obviously, add multiple keys with the same call. You can also, strangely enough, add the same value to a key multiple times.
- remove => { key => [qw/ value0 value1/] | 'value0' }
-
Removes the specified value(s) from the key. This does not remove the key, simply the values from the key. You will get an error if you try to remove a value that is not defined.
- removekey => [qw/key0 key1]
-
Removes both the attribute and any associated values from the object.
Returns
A hash of lists. The hash is keyed off of the attribute names. The values for each attribute are returned as a list -- even if there is only one value.
name
Returns the name of the object. This is returned as a simple string not in a Tivoli::AccessManager::Admin::Response object.
exist
Returns a boolean indicating if the object exists or not. This does not return a Tivoli::AccessManager::Admin::Response object.
ACKNOWLEDGEMENTS
See Tivoli::AccessManager::Admin for the full list of acknoledgements.
BUGS
None known yet, although I am thinking there are parts of the interface that need to change. I do not like having to use a hash in the methods that require only one parameter, but I do not like breaking the pattern almost as much.
AUTHOR
Mik Firestone <mikfire@gmail.com>
COPYRIGHT
Copyright (c) 2004-2011 Mik Firestone. All rights reserved. This program is free software; you can redistibute it and/or modify it under the same terms as Perl itself.
Standard IBM copyright, trademark, patent and ownership statement.