conjur-api 4.14.0 → 4.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +3 -0
  3. data/CHANGELOG.md +4 -0
  4. data/lib/conjur-api/version.rb +1 -1
  5. data/lib/conjur/acts_as_asset.rb +44 -3
  6. data/lib/conjur/acts_as_resource.rb +53 -4
  7. data/lib/conjur/acts_as_user.rb +17 -7
  8. data/lib/conjur/annotations.rb +49 -3
  9. data/lib/conjur/api.rb +30 -3
  10. data/lib/conjur/api/deputies.rb +25 -1
  11. data/lib/conjur/api/resources.rb +109 -5
  12. data/lib/conjur/api/roles.rb +103 -11
  13. data/lib/conjur/api/secrets.rb +16 -1
  14. data/lib/conjur/api/users.rb +65 -1
  15. data/lib/conjur/api/variables.rb +65 -1
  16. data/lib/conjur/audit-api.rb +3 -0
  17. data/lib/conjur/authn-api.rb +4 -0
  18. data/lib/conjur/authz-api.rb +4 -0
  19. data/lib/conjur/base.rb +31 -30
  20. data/lib/conjur/build_from_response.rb +11 -0
  21. data/lib/conjur/cast.rb +5 -1
  22. data/lib/conjur/core-api.rb +22 -2
  23. data/lib/conjur/deputy.rb +19 -2
  24. data/lib/conjur/env.rb +18 -3
  25. data/lib/conjur/escape.rb +65 -4
  26. data/lib/conjur/event_source.rb +15 -2
  27. data/lib/conjur/graph.rb +103 -12
  28. data/lib/conjur/has_id.rb +13 -1
  29. data/lib/conjur/has_identifier.rb +9 -6
  30. data/lib/conjur/has_owner.rb +21 -7
  31. data/lib/conjur/host.rb +8 -0
  32. data/lib/conjur/layer-api.rb +4 -0
  33. data/lib/conjur/layer.rb +50 -3
  34. data/lib/conjur/log.rb +22 -2
  35. data/lib/conjur/log_source.rb +27 -0
  36. data/lib/conjur/path_based.rb +47 -2
  37. data/lib/conjur/pubkeys-api.rb +12 -0
  38. data/lib/conjur/role.rb +220 -9
  39. data/lib/conjur/role_grant.rb +50 -2
  40. data/lib/conjur/secret.rb +9 -1
  41. data/lib/conjur/standard_methods.rb +31 -3
  42. data/lib/conjur/user.rb +55 -3
  43. data/spec/lib/role_spec.rb +1 -2
  44. metadata +2 -2
@@ -19,8 +19,56 @@
19
19
  # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
20
  #
21
21
  module Conjur
22
- RoleGrant = Struct.new(:member, :grantor, :admin_option) do
22
+ # A `RoleGrant` instance represents the membership of a role in some unspecified role. `RoleGrant`s are returned
23
+ # by {Conjur::Role#members} and represent members of the role on which the method was invoked.
24
+ #
25
+ # @example
26
+ # alice.members.map{|grant| grant.member}.include? admin_role # => true
27
+ # admin_role.members.map{|grant| grant.member}.include? alice # => true
28
+ #
29
+ class RoleGrant
30
+
31
+
32
+ # The member role in the relationship
33
+ # @return [Conjur::Role] the member
34
+ attr_reader :member
35
+
36
+ # The role that created this grant.
37
+ #
38
+ # @return [Conjur::Role] the role that created the grant
39
+ attr_reader :grantor
40
+
41
+ # When true, the role {#member} is allowed to give this grant to other roles
42
+ #
43
+ # @return [Boolean] whether the role can grant the role to others
44
+ attr_reader :admin_option
45
+
46
+
47
+ # @api private
48
+ #
49
+ # Create a new RoleGrant instance.
50
+ #
51
+ # @param [Conjur::Role] member the member to which the role was granted
52
+ # @param [Conjur::Role] grantor the role that created this grant
53
+ # @param [Boolean] admin_option whether `member` can give the grant to other roles
54
+ def initialize member, grantor, admin_option
55
+ @member = member
56
+ @grantor = grantor
57
+ @admin_option = admin_option
58
+ end
59
+
60
+ #@!attribute member
61
+ # The member thing
62
+ # @return [Conjur::Role] a ret?
63
+
23
64
  class << self
65
+ # @api private
66
+ #
67
+ # Create a `RoleGrant` from a JSON respnose
68
+ #
69
+ # @param [Hash] json the parsed JSON response
70
+ # @param [Hash] credentials the credentials used to create APIs for the member and grantor role objects
71
+ # @return [Conjur::RoleGrant]
24
72
  def parse_from_json(json, credentials)
25
73
  member = Role.new(Conjur::Authz::API.host, credentials)[Conjur::API.parse_role_id(json['member']).join('/')]
26
74
  grantor = Role.new(Conjur::Authz::API.host, credentials)[Conjur::API.parse_role_id(json['grantor']).join('/')]
@@ -28,4 +76,4 @@ module Conjur
28
76
  end
29
77
  end
30
78
  end
31
- end
79
+ end
data/lib/conjur/secret.rb CHANGED
@@ -19,9 +19,17 @@
19
19
  # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
20
  #
21
21
  module Conjur
22
+ # @api private
23
+ #
24
+ # Secrets are primitive encrypted values upon which {Conjur::Variable}s are built.
25
+ # You probably want to use {Conjur::Variable} instead.
22
26
  class Secret < RestClient::Resource
23
27
  include ActsAsAsset
24
-
28
+
29
+ # @api private
30
+ # Return the value of the secret
31
+ #
32
+ # @return [String] the value stored by this secret
25
33
  def value
26
34
  self['value'].get.body
27
35
  end
@@ -29,7 +29,17 @@ module Conjur
29
29
  module StandardMethods
30
30
 
31
31
  protected
32
-
32
+
33
+ # @api private
34
+ #
35
+ # Create this resource by sending a POST request to its URL.
36
+ #
37
+ # @param [String] host the url of the service (for example, https://conjur.host.com/api)
38
+ # @param [String] type the asset `kind` (for example, 'user', 'group')
39
+ # @param [String, nil] id the id of the new asset
40
+ # @param [Hash] options options to pass through to `RestClient::Resource`'s `post` method.
41
+ # @return [Object] an instance of a class determined by `type`. For example, if `type` is
42
+ # `'user'`, the class will be `Conjur::User`.
33
43
  def standard_create(host, type, id = nil, options = nil)
34
44
  log do |logger|
35
45
  logger << "Creating #{type}"
@@ -43,7 +53,16 @@ module Conjur
43
53
  resp = RestClient::Resource.new(host, credentials)[type.to_s.pluralize].post(options)
44
54
  "Conjur::#{type.to_s.classify}".constantize.build_from_response(resp, credentials)
45
55
  end
46
-
56
+
57
+ # @api private
58
+ #
59
+ # Fetch a list of assets by sending a GET request to the URL for resources of the given `type`.
60
+ #
61
+ # @param [String] host the url of the service (for example, https://conjur.host.com/api)
62
+ # @param [String] type the asset `kind` (for example, 'user', 'group')
63
+ # @param [Hash] options options to pass through to `RestClient::Resource`'s `post` method.
64
+ # @return [Array<Object>] an array of instances of the asset class determined by `type`. For example, if
65
+ # `type` is `'group'`, and array of `Conjur::Group` instances will be returned.
47
66
  def standard_list(host, type, options)
48
67
  JSON.parse(RestClient::Resource.new(host, credentials)[type.to_s.pluralize].get(options)).collect do |item|
49
68
  # Note that we don't want to fully_escape the ids below -- methods like #layer, #host, etc don't expect
@@ -55,7 +74,16 @@ module Conjur
55
74
  end
56
75
  end
57
76
  end
58
-
77
+
78
+ # @api private
79
+ #
80
+ # Fetch details of an asset by sending a GET request to its URL.
81
+ #
82
+ # @param [String] host the url of the service (for example, https://conjur.host.com/api)
83
+ # @param [String] type the asset `kind` (for example, 'user', 'group')
84
+ # @param [String, nil] id the id of the asset to show
85
+ # @return [Object] an instance of a class determined by `type`. For example, if `type` is
86
+ # `'user'`, the class will be `Conjur::User`.
59
87
  def standard_show(host, type, id)
60
88
  "Conjur::#{type.to_s.classify}".constantize.new(host, credentials)[ [type.to_s.pluralize, fully_escape(id)].join('/') ]
61
89
  end
data/lib/conjur/user.rb CHANGED
@@ -21,15 +21,67 @@
21
21
  module Conjur
22
22
  class InvalidToken < Exception
23
23
  end
24
-
24
+
25
+ # This class represents a {http://developer.conjur.net/reference/services/directory/user Conjur User}.
25
26
  class User < RestClient::Resource
26
27
  include ActsAsAsset
27
28
  include ActsAsUser
28
-
29
- alias login id
30
29
 
30
+ # Using a method instead of an alias here to make the docs look nicer :-/ - jjm
31
+
32
+ # This method is simply an alias for {#id}. It returns the user's *unqualified* id, which is referred to as
33
+ # `login` here because it can be used to login to Conjur.
34
+ # @return [String] the login for this user
35
+ def login; id end
36
+
37
+ # Assign new attributes to the user. Currently, this method only lets you change the
38
+ # `:uidnumber` attribute.
39
+ #
40
+ # If a user with the given `:uidnumber` already exists, this method will raise `RestClient::Forbidden`, with
41
+ # the response body providing additional details if possible.
42
+ #
43
+ # ### Permissions
44
+ # You must be a member of the user's role to call this method.
45
+ #
46
+ # @note This feature requires Conjur server version 4.3 or later.
47
+ #
48
+ # @param [Hash] options attributes to change
49
+ # @option options [FixNum] :uidnumber the new uidnumber for this user. This option *must* be present.
50
+ # @return [void]
51
+ # @raise [RestClient::Conflict] if the uidnumber is already in use
52
+ # @raise [ArgumentError] if uidnumber isn't a `Fixnum` or isn't present in `options`
31
53
  def update options
54
+ # Currently the server raises a 400 Bad Request if uidnumber is missing, require it here
55
+ raise ArgumentError "options[:uidnumber] is required" unless uidnumber = options[:uidnumber]
56
+ raise ArgumentError, "options[:uidnumber] must be a Fixnum" unless uidnumber.kind_of?(Fixnum)
32
57
  self.put(options)
33
58
  end
59
+
60
+ # Get the user's uidnumber, which is used by LDAP and SSH login, among other things.
61
+ #
62
+ # ### Permissions
63
+ # You must have the `'show'` permission on the user's resource to call this method
64
+ #
65
+ # @note This feature requires Conjur server version 4.3 or later.
66
+ #
67
+ # @return [Fixnum] the uidnumber
68
+ # @raise [RestClient::Forbidden] if you don't have permission to `show` the user.
69
+ def uidnumber
70
+ attributes['uidnumber']
71
+ end
72
+
73
+ # Set the user's uidnumber, which is used by LDAP and SSH login.
74
+ #
75
+ # ### Permissions
76
+ # You must be a member of the user's role to call this method.
77
+ #
78
+ # @note This feature requires Conjur server version 4.3 or later.
79
+ #
80
+ # @param [Fixnum] uidnumber the new uidnumber
81
+ # @return [void]
82
+ # @raise [RestClient::Conflict] if the uidnumber is already in use.
83
+ def uidnumber= uidnumber
84
+ update uidnumber: uidnumber
85
+ end
34
86
  end
35
87
  end
@@ -190,8 +190,7 @@ describe Conjur::Role, api: :dummy do
190
190
  grants = %w(foo bar)
191
191
  expect_request(
192
192
  method: :get,
193
- url: role.url + "/?members",
194
- headers: {}
193
+ url: role.url + "/?members"
195
194
  ).and_return grants.to_json
196
195
  grants.each do |g|
197
196
  expect(Conjur::RoleGrant).to receive(:parse_from_json).with(g, anything).and_return g
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: conjur-api
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.14.0
4
+ version: 4.15.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rafal Rzepecki
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2015-03-26 00:00:00.000000000 Z
12
+ date: 2015-04-23 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rest-client