Tivoli::AccessManager::Admin::ProtObject
use Tivoli::AccessManager::Admin; my $resp; my $pd = Tivoli::AccessManager::Admin->new( password => 'foobar' ); my $pobj = Tivoli::AccessManager::Admin::ProtObject->new( $pdadmin, name => '/test/monkey'); # Create the object unless it already exists $resp = $pobj->create unless $pobj->exist; # Set the type and the description $resp = $pobj->type( 'container' ); $resp = $pobj->description( 'Monkey!' ); # Attach an ACL $resp = $pobj->acl( attach => 'default-webseal' ); # Detach an ACL $resp = $pobj->acl( detach => 1 ); # Get the attached and effective ACL $resp = $pobj->acl; my $href = $resp->value; print "Effective ACL: $href->{effective}\n"; print "Attached ACL: $href->{attached}\n"; # Find out where else the ACL is attached $resp = Tivoli::AccessManager::Admin::ProtObject->find( acl => $href->{attached} ); # Attach an authorization rule $resp = $pobj->authzrule( attach => 'silly' ); # Find out where else the authzrule is attached $resp = Tivoli::AccessManager::Admin::ProtObject->find( authzrule => 'silly' ); # Detach an authzrule $resp = $pobj->authzrule( detach => 1 ); # Get the attached and effective Authzrule $resp = $pobj->authzrule; my $href = $resp->value; print "Effective Authz: $href->{effective}\n"; print "Attached Authz: $href->{attached}\n"; # Get a list of the objects under /test my $top = Tivoli::AccessManager::Admin::ProtObject->new( $pd, name => '/test' ); $resp = $top->list; # See what POPs are attached to the object $resp = $pobj->pop; # Set is_policy_attachable bit to 0 $resp = $pobj->policy_attachable( 0 ); # Add some attributes $resp = $pobj->attributes( add => { evil => 1, smoking => [ qw/strawberry crack/ ] }); # Remove one of the values $resp = $pobj->attributes( remove => { smoking => 'crack' } ); # Remove the keys $resp = $pobj->attributes( removekey => [ qw/evil smoking/ ] ) # Finally, delete it $resp = $pobj->delete;
Tivoli::AccessManager::Admin::ProtObject provides the interface to the protected object API calls.
Creates a new Tivoli::AccessManager::Admin::ProtObject object.
A blessed and initialized Tivoli::AccessManager::Admin::Context. This is the only required parameter.
The name of the protected object. This usually looks an awful lot like a UNIX path.
The protected object type. See "Types" for a full discussion of the allowed values.
Some descriptive text.
A blessed Tivoli::AccessManager::Admin::ProtObject object. If the type is specified and it is not a valid type, you will get a nasty warning and a return of undef.
"create", as with all the other modules, can be used to both initialize the Tivoli::AccessManager::Admin::ProtObject instance and create the object in the policy database.
In this case, the newly created instance will be returned to you in a Tivoli::AccessManager::Admin::Response object. See that module's Fine Documentation to learn how to get it.
The parameters are identical to those for "new". The only difference is that the name is now a required parameter.
A Tivoli::AccessManager::Admin::Response object containing the new instance.
Searches the object space for every object to which either the ACL or the authzrule is attached. You can use this method, but I think the find methods for Tivoli::AccessManager::Admin::ACL and Tivoli::AccessManager::Admin::Authzrule make more sense.
You only need to provide either the acl or authzrule. If both are provided, the ACL will win.
The name of the ACL for which we are searching.
The name of the authzrule for which we are searching.
A Tivoli::AccessManager::Admin::Response object containing a possibly empty array of all objects found.
Unless otherwise mentioned, everything returns a Tivoli::AccessManager::Admin::Response object.
Yes, "create" can also be used as a method.
The same as "create" the constructor. You must provide the name of you did not provide it to "new".
Deletes the object from the policy database.
None
Success if the object exists and it can be deleted.
Refreshes the cached ivadmin_protobj structure. This should almost never need to be used by you, unless you decide to bypass my nice interface and go directly to the API calls.
Attaches or detaches an ACL from the object. If called with no parameters, returns the attached and effective ACL for that object. If called with both attach and detach, detaches are handled first.
This will cause the named ACL to be attached to the the object.
The will cause the named ACL to be detached.
Any attempt to attach an ACL that does not exist or detach an ACL not already attached will result in an error.
Otherwise, you will get a hash that looks like this:
The name of the attached ACL if any
The name of the effective ACL.
Attaches and detaches authorization rules. Unlike "acl", this code is currently completely untested. I don't yet know how to create authzrules to test it.
This will cause the named authzrule to be attached to the the object.
The will cause the named authzrule to be detached.
Any attempt to attach an authzrule that does not exist or detach an authzrule not already attached will result in an error.
The name of the attached authzrule if any
The name of the effective authzrule.
Returns the attached and effective POP. See Tivoli::AccessManager::Admin::POP for the attach and detach methods. Don't look at me -- I didn't write the API.
A hash that looks like this:
The name of the attached POP if any
The name of the effective POP.
Sets or gets the object's type. See "Types" for a discussion of the valid types.
The object's new type.
The object's type.
Give the object some enlightening description.
The new description. This is optional, as usual.
The object's description.
Allow policies to be attached or not.
0 to disable attaching policies, 1 to enable.
1 if the object allows policies to be attached, 0 otherwise.
Lists all of the object immediately below the object in question.
A list, possibly empty, of all the sub-objects.
Adds key/value attributes to an object, removes the values and removes the entire key/value pairs. I find these to be the more ... annoying functions.
Causes "attribute" to add any number of key/value pairs to the object. As you can have multiple values associated with any given key, you can either use an array reference for multiple values, or a simple scalar if you are playing with only one.
You can, obviously, add multiple keys with the same call. You can also, strangely enough, add the same value to a key multiple times.
Removes the specified value(s) from the key. This does not remove the key, simply the values from the key. You will get an error if you try to remove a value that is not defined.
Removes both the attribute and any associated values from the object.
A hash of lists. The hash is keyed off of the attribute names. The values for each attribute are returned as a list -- even if there is only one value.
Returns the name of the object. This is returned as a simple string not in a Tivoli::AccessManager::Admin::Response object.
Returns a boolean indicating if the object exists or not. This does not return a Tivoli::AccessManager::Admin::Response object.
See Tivoli::AccessManager::Admin for the full list of acknoledgements.
None known yet, although I am thinking there are parts of the interface that need to change. I do not like having to use a hash in the methods that require only one parameter, but I do not like breaking the pattern almost as much.
Mik Firestone <mikfire@gmail.com>
Copyright (c) 2004-2011 Mik Firestone. All rights reserved. This program is free software; you can redistibute it and/or modify it under the same terms as Perl itself.
Standard IBM copyright, trademark, patent and ownership statement.
To install Tivoli::AccessManager::Admin, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Tivoli::AccessManager::Admin
CPAN shell
perl -MCPAN -e shell install Tivoli::AccessManager::Admin
For more information on module installation, please visit the detailed CPAN module installation guide.