conjur-api 2.0.0

data/lib/conjur/api/resources.rb

@@ -0,0 +1,9 @@
+require 'conjur/resource'
+
+module Conjur
+  class API
+    def resource kind, identifier
+      Resource.new("#{Conjur::Authz::API.host}/#{kind}/#{path_escape identifier}", credentials)
+    end
+  end
+end

data/lib/conjur/api/roles.rb

@@ -0,0 +1,18 @@
+require 'conjur/role'
+
+module Conjur
+  class API
+    def create_role(role, options = {})
+      log do |logger|
+        logger << "Creating role "
+        logger << role
+      end
+      RestClient::Resource.new(Conjur::Authz::API.host, credentials)["/roles/#{path_escape role}"].put(options)
+      Role.new(role, credentials)
+    end
+
+    def role identifier
+      Role.new("#{Conjur::Authz::API.host}/roles/#{path_escape identifier}", credentials)
+    end
+  end
+end

data/lib/conjur/api/secrets.rb

@@ -0,0 +1,23 @@
+require 'conjur/secret'
+
+module Conjur
+  class API
+    def create_secret(value, options = {})
+      log do |logger|
+        logger << "Creating secret "
+        logger << value
+      end
+      resp = RestClient::Resource.new(Conjur::Core::API.host, credentials)['/secrets'].post(options.merge(value: value))
+      Secret.new(resp.headers[:location], credentials).tap do |secret|
+        log do |logger|
+          logger << "Created secret "
+          logger << secret.id
+        end
+      end
+    end
+    
+    def secret id
+      Secret.new("#{Conjur::Core::API.host}/secrets/#{path_escape id}", credentials)
+    end
+  end
+end

data/lib/conjur/api/users.rb

@@ -0,0 +1,23 @@
+require 'conjur/user'
+
+module Conjur
+  class API
+    def create_user(login, options = {})
+      log do |logger|
+        logger << "Creating user "
+        logger << login
+      end
+      resp = JSON.parse RestClient::Resource.new(Conjur::Core::API.host, credentials)['/users'].post(options.merge(login: login))
+      user(resp['login']).tap do |u|
+        log do |logger|
+          logger << "Created user #{u.login}"
+        end
+        u.attributes = resp
+      end
+    end
+
+    def user login
+      User.new(Conjur::Core::API.host, credentials)["/users/#{path_escape login}"]
+    end
+  end
+end

data/lib/conjur/api/variables.rb

@@ -0,0 +1,25 @@
+require 'conjur/variable'
+
+module Conjur
+  class API
+    def create_variable(mime_type, kind, options = {})
+      log do |logger|
+        logger << "Creating #{mime_type} variable #{kind}"
+        if options
+          logger << " with options #{options.inspect}"
+        end
+      end
+      resp = RestClient::Resource.new(Conjur::Core::API.host, credentials)['variables'].post(options.merge(mime_type: mime_type, kind: kind))
+      Variable.new(resp.headers[:location], credentials).tap do |variable|
+        log do |logger|
+          logger << "Created variable "
+          logger << variable.id
+        end
+      end
+    end
+    
+    def variable id
+      Variable.new("#{Conjur::Core::API.host}/variables/#{path_escape id}", credentials)
+    end
+  end
+end

data/lib/conjur/authn-api.rb

@@ -0,0 +1,22 @@
+module Conjur
+  module Authn
+    class API < Conjur::API
+      class << self
+        def host
+          ENV['CONJUR_AUTHN_URL'] || default_host
+        end
+        
+        def default_host
+          case Conjur.env
+          when 'test', 'development'
+            "http://localhost:#{Conjur.service_base_port}"
+          else
+            "https://authn-#{Conjur.stack}-conjur.herokuapp.com"
+          end
+        end
+      end
+    end
+  end
+end
+
+require 'conjur/api/authn'

data/lib/conjur/authz-api.rb

@@ -0,0 +1,23 @@
+module Conjur
+  module Authz
+    class API < Conjur::API
+      class << self
+        def host
+          ENV['CONJUR_AUTHZ_URL'] || default_host
+        end
+        
+        def default_host
+          case Conjur.env
+          when 'test', 'development'
+            "http://localhost:#{Conjur.service_base_port + 100}"
+          else
+            "https://authz-#{Conjur.stack}-conjur.herokuapp.com"
+          end
+        end
+      end
+    end
+  end
+end
+
+require 'conjur/api/roles'
+require 'conjur/api/resources'

data/lib/conjur/base.rb

@@ -0,0 +1,50 @@
+require 'rest-client'
+require 'json'
+
+require 'conjur/exists'
+require 'conjur/has_attributes'
+require 'conjur/escape'
+require 'conjur/log'
+require 'conjur/log_source'
+
+module Conjur
+  class API
+    include Escape
+    include LogSource
+    
+    class << self
+      def new_from_key(username, api_key)
+        self.new username, api_key, nil
+      end
+
+      def new_from_token(token)
+        self.new nil, nil, token
+      end
+    end
+    
+    def initialize username, api_key, token
+      @username = username
+      @api_key = api_key
+      @token = token
+      raise "Expecting ( username and api_key ) or token" unless ( username && api_key ) || token
+    end
+    
+    attr_reader :api_key, :username, :token
+    
+    def username
+      @username || token['data']
+    end
+    
+    def host
+      self.class.host
+    end
+    
+    def credentials
+      if token
+        { headers: { authorization: "Token token=\"#{Base64.strict_encode64 token.to_json}\"" }, username: username }
+      else
+        { user: username, password: api_key }
+      end
+    end
+  end
+end

data/lib/conjur/core-api.rb

@@ -0,0 +1,26 @@
+module Conjur
+  module Core
+    class API < Conjur::API
+      class << self
+        def host
+          ENV['CONJUR_CORE_URL'] || default_host
+        end
+        
+        def default_host
+          case Conjur.env
+          when 'test', 'development'
+            "http://localhost:#{Conjur.service_base_port + 300}"
+          else
+            "https://core-#{Conjur.stack}-conjur.herokuapp.com"
+          end
+        end
+      end
+    end
+  end
+end
+
+require 'conjur/api/hosts'
+require 'conjur/api/secrets'
+require 'conjur/api/users'
+require 'conjur/api/groups'
+require 'conjur/api/variables'

data/lib/conjur/das-api.rb

@@ -0,0 +1,22 @@
+module Conjur
+  module DAS
+    class API < Conjur::API
+      class << self
+        def host
+          ENV['CONJUR_DAS_URL'] || default_host
+        end
+        
+        def default_host
+          case Conjur.env
+          when 'test', 'development'
+            "http://localhost:#{Conjur.service_base_port + 200}"
+          else
+            "https://das-#{Conjur.stack}-conjur.herokuapp.com"
+          end
+        end
+      end
+    end
+  end
+end
+
+require 'conjur/api/das'

data/lib/conjur/env.rb

@@ -0,0 +1,24 @@
+module Conjur
+  extend self
+
+  def service_base_port
+    (ENV['CONJUR_SERVICE_BASE_PORT'] || 5000 ).to_i
+  end
+  
+  def account
+    ENV['CONJUR_ACCOUNT'] or raise "No CONJUR_ACCOUNT defined"
+  end
+  
+  def env
+    ENV['CONJUR_ENV'] || ENV['RAILS_ENV'] || ENV['RACK_ENV'] || "development"
+  end
+  
+  def stack
+    ENV['CONJUR_STACK'] || case env
+    when "production"
+      "v2"
+    else
+      env
+    end
+  end
+end

data/lib/conjur/escape.rb

@@ -0,0 +1,31 @@
+module Conjur
+  module Escape
+    module ClassMethods
+      def path_escape(str)
+        return "false" unless str
+        str = str.id if str.respond_to?(:id)
+        require 'uri'
+        URI.escape(str.to_s, Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
+      end
+
+      def query_escape(str)
+        return "false" unless str
+        str = str.id if str.respond_to?(:id)
+        require 'uri'
+        URI.escape(str.to_s, Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
+      end
+    end
+    
+    def self.included(base)
+      base.extend ClassMethods
+    end
+
+    def path_escape(str)
+      self.class.path_escape str
+    end
+
+    def query_escape(str)
+      self.class.query_escape str
+    end
+  end
+end

data/lib/conjur/exists.rb

@@ -0,0 +1,12 @@
+module Conjur
+  module Exists
+    def exists?(options = {})
+      begin
+        self.head(options)
+        true
+      rescue RestClient::ResourceNotFound
+        false
+      end
+    end
+  end
+end

data/lib/conjur/group.rb

@@ -0,0 +1,11 @@
+module Conjur
+  class Group < RestClient::Resource
+    include ActsAsResource
+    include ActsAsRole
+    include HasId
+    
+    def roleid
+      "group:#{id}"
+    end
+  end
+end

data/lib/conjur/has_attributes.rb

@@ -0,0 +1,30 @@
+module Conjur
+  module HasAttributes
+    def attributes=(a); @attributes = a; end
+    def attributes
+      return @attributes if @attributes
+      fetch
+    end
+    
+    def save
+      self.put(attributes.to_json)
+    end
+    
+    # Reload the attributes. This action can be used to guarantee a current view of the entity in the case
+    # that it has been modified by an update method or by an external party.
+    def refresh
+      fetch
+    end
+    
+    protected
+    
+    def invalidate(&block)
+      yield
+      @attributes = nil
+    end
+    
+    def fetch
+      @attributes = JSON.parse(get.body)
+    end
+  end
+end

data/lib/conjur/has_id.rb

@@ -0,0 +1,8 @@
+module Conjur
+  module HasId
+    def id
+      require 'uri'
+      URI.unescape URI.parse(self.url).path.split('/')[-1]
+    end    
+  end
+end

data/lib/conjur/has_identifier.rb

@@ -0,0 +1,13 @@
+module Conjur
+  module HasIdentifier
+    def self.included(base)
+      base.instance_eval do
+        include HasAttributes
+      end
+    end
+    
+    def identifier
+      attributes['identifier']
+    end    
+  end
+end

data/lib/conjur/host.rb

@@ -0,0 +1,20 @@
+module Conjur
+  class Host < RestClient::Resource
+    include Exists
+    include HasId
+    include HasIdentifier
+    include HasAttributes
+    include ActsAsUser
+    
+    def roleid
+      "host-#{id}"
+    end
+    
+    def enrollment_url
+      log do |logger|
+        logger << "Fetching enrollment_url for #{id}"
+      end
+      self['enrollment_url'].head{|response, request, result| response }.headers[:location]
+    end
+  end
+end

data/lib/conjur/log.rb

@@ -0,0 +1,52 @@
+# Logging mechanism borrowed from rest-client
+module Conjur
+  # You can also configure logging by the environment variable CONJURAPI_LOG.
+  def self.log= log
+    @@log = create_log log
+  end
+
+  # Create a log that respond to << like a logger
+  # param can be 'stdout', 'stderr', a string (then we will log to that file) or a logger (then we return it)
+  def self.create_log param
+    if param
+      if param.is_a? String
+        if param == 'stdout'
+          stdout_logger = Class.new do
+            def << obj
+              STDOUT.write obj
+            end
+          end
+          stdout_logger.new
+        elsif param == 'stderr'
+          stderr_logger = Class.new do
+            def << obj
+              STDERR.write obj
+            end
+          end
+          stderr_logger.new
+        else
+          file_logger = Class.new do
+            attr_writer :target_file
+
+            def << obj
+              File.open(@target_file, 'a') { |f| f.write obj }
+            end
+          end
+          logger = file_logger.new
+          logger.target_file = param
+          logger
+        end
+      else
+        param
+      end
+    end
+  end
+
+  @@env_log = create_log ENV['CONJURAPI_LOG']
+
+  @@log = nil
+
+  def self.log # :nodoc:
+    @@env_log || @@log
+  end
+end