conjur-api 4.25.0 → 4.25.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e0f792bf6c2fecf1b2c2c5756b612107162435c7
4
- data.tar.gz: 34ee61c0276a1e07ca7f3ba449474d402d867475
3
+ metadata.gz: 6a4d39e4a78aca87161fdd361e061d8fa61eb103
4
+ data.tar.gz: 18c7f65ecd58167229788f3d01ffd55c22198341
5
5
  SHA512:
6
- metadata.gz: cf65304611eb945ad4f5b352a01405096acce35a42b721bf9c999660423fedf8fd9524896d17de26e792ed4fe02292739cf86a49ec5fc04a1aa8ce26bccab152
7
- data.tar.gz: 9a1d53c9643545419e27172f204635b6273155b4a3f0c0920cfda05e8631387f46433a266badc660a8a65b8a5995e2f83e4b5fd9431f31311bcb5b9d0866192e
6
+ metadata.gz: 92e237543b838497692b062f514d3bf17693f82a1705a3527146e262417629c667a3bd5f2c4cf9247eac630bf0985d990a45f31b5d8f1bc93d0e557b1305b2ee
7
+ data.tar.gz: ab2049acd3830d358897ab9b3bc4c2450c088c6c94bc8ac7bab5c03fa4ae320b9294d661ca87a1360944ebe95ef8c1f8bbdfd1aa66c65025d60277b1fc633d32
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ # v4.25.1
2
+
3
+ * Fix token refresh when using `with_privilege`, `with_audit_roles`,
4
+ and `with_audit_resources`.
5
+
1
6
  # v4.25.0
2
7
 
3
8
  * Add a workaround for a bug in Conjur <4.7 where long-running operations
data/Gemfile CHANGED
@@ -7,5 +7,5 @@ source 'https://rubygems.org'
7
7
  gemspec
8
8
 
9
9
  group :development do
10
- gem 'pry'
10
+ gem 'pry-byebug'
11
11
  end
data/jenkins.sh CHANGED
@@ -1,6 +1,6 @@
1
1
  #!/bin/bash -ex
2
2
 
3
- CONJUR_VERSION=${CONJUR_VERSION:-"5.0"}
3
+ CONJUR_VERSION=${CONJUR_VERSION:-"4.8"}
4
4
  DOCKER_IMAGE=${DOCKER_IMAGE:-"registry.tld/conjur-appliance-cuke-master:$CONJUR_VERSION-stable"}
5
5
  NOKILL=${NOKILL:-"0"}
6
6
  PULL=${PULL:-"1"}
@@ -19,6 +19,6 @@
19
19
 
20
20
  module Conjur
21
21
  class API
22
- VERSION = "4.25.0"
22
+ VERSION = "4.25.1"
23
23
  end
24
24
  end
data/lib/conjur/base.rb CHANGED
@@ -104,7 +104,7 @@ module Conjur
104
104
  # @param [String] remote_ip the optional IP address to be recorded in the audit record.
105
105
  # @return [Conjur::API] an api that will authenticate with the given username and api key.
106
106
  def new_from_key(username, api_key, remote_ip = nil)
107
- self.new username, api_key, nil, remote_ip
107
+ self.new.init_from_key username, api_key, remote_ip
108
108
  end
109
109
 
110
110
 
@@ -139,7 +139,7 @@ module Conjur
139
139
  # @param [String] remote_ip the optional IP address to be recorded in the audit record.
140
140
  # @return [Conjur::API] an api that will authenticate with the token
141
141
  def new_from_token(token, remote_ip = nil)
142
- self.new nil, nil, token, remote_ip
142
+ self.new.init_from_token token, remote_ip
143
143
  end
144
144
 
145
145
  def encode_audit_ids(ids)
@@ -151,28 +151,6 @@ module Conjur
151
151
  end
152
152
 
153
153
  end
154
-
155
- # Create a new instance from a username and api key or a token.
156
- #
157
- # @note You should use {Conjur::API.new_from_token} or {Conjur::API.new_from_key} instead of calling this method
158
- # directly.
159
- #
160
- # This method requires that you pass **either** a username and api_key **or** a token Hash.
161
- #
162
- # @param [String] username the username to authenticate as
163
- # @param [String] api_key the api key or password to use when authenticating
164
- # @param [Hash] token the token to use when making authenticated requuests.
165
- # @param [String] remote_ip the optional IP address to be recorded in the audit record.
166
- #
167
- # @api internal
168
- def initialize username, api_key, token, remote_ip = nil
169
- @username = username
170
- @api_key = api_key
171
- @token = token
172
- @remote_ip = remote_ip
173
-
174
- raise "Expecting ( username and api_key ) or token" unless ( username && api_key ) || token
175
- end
176
154
 
177
155
  #@!attribute [r] api_key
178
156
  # The api key used to create this instance. This is only present when you created the api with {Conjur::API.new_from_key}.#
@@ -254,14 +232,14 @@ module Conjur
254
232
  #
255
233
  # @return The API instance.
256
234
  def with_privilege privilege
257
- self.class.new(username, api_key, token, remote_ip).tap do |api|
235
+ self.clone.tap do |api|
258
236
  api.privilege = privilege
259
237
  end
260
238
  end
261
239
 
262
240
  def with_audit_roles role_ids
263
241
  role_ids = Array(role_ids)
264
- self.class.new(username, api_key, token, remote_ip).tap do |api|
242
+ self.clone.tap do |api|
265
243
  # Ensure that all role ids are fully qualified
266
244
  api.audit_roles = role_ids.collect { |id| api.role(id).roleid }
267
245
  end
@@ -269,14 +247,27 @@ module Conjur
269
247
 
270
248
  def with_audit_resources resource_ids
271
249
  resource_ids = Array(resource_ids)
272
- self.class.new(username, api_key, token, remote_ip).tap do |api|
250
+ self.clone.tap do |api|
273
251
  # Ensure that all resource ids are fully qualified
274
252
  api.audit_resources = resource_ids.collect { |id| api.resource(id).resourceid }
275
253
  end
276
254
  end
277
255
 
278
- private
256
+ def init_from_key username, api_key, remote_ip = nil
257
+ @username = username
258
+ @api_key = api_key
259
+ @remote_ip = remote_ip
260
+ self
261
+ end
279
262
 
263
+ def init_from_token token, remote_ip = nil
264
+ @token = token
265
+ @remote_ip = remote_ip
266
+ self
267
+ end
268
+
269
+ private
270
+ attr_accessor :token_born
280
271
 
281
272
  # Tries to refresh the token if possible.
282
273
  #
@@ -284,7 +275,7 @@ module Conjur
284
275
  # unavailable API key; otherwise, the new token.
285
276
  def refresh_token
286
277
  return false unless @api_key
287
- @token_born = gettime
278
+ self.token_born = gettime
288
279
  @token = Conjur::API.authenticate(@username, @api_key)
289
280
  end
290
281
 
@@ -307,7 +298,7 @@ module Conjur
307
298
  end
308
299
 
309
300
  def token_age
310
- @token_born && (gettime - @token_born)
301
+ token_born && (gettime - token_born)
311
302
  end
312
303
  end
313
304
  end
data/spec/lib/api_spec.rb CHANGED
@@ -254,15 +254,38 @@ describe Conjur::API do
254
254
  expect(api.credentials).to eq({ headers: { authorization: "Token token=\"#{Base64.strict_encode64(token.to_json)}\"" }, username: login })
255
255
  end
256
256
 
257
- it "fetches a new token if old" do
258
- allow(Conjur::API).to receive(:authenticate).with(login, api_key).and_return token
259
- expect(Time.parse(api.token['timestamp'])).to be_within(5.seconds).of(Time.now)
257
+ context "after expiration" do
258
+
259
+ shared_examples "it gets a new token" do
260
+ it 'by refreshing' do
261
+ allow(Conjur::API).to receive(:authenticate).with(login, api_key).and_return token
262
+ expect(Time.parse(api.token['timestamp'])).to be_within(5.seconds).of(Time.now)
263
+
264
+ time_travel 6.minutes
265
+ new_token = token.merge "timestamp" => Time.now.to_s
266
+
267
+ expect(Conjur::API).to receive(:authenticate).with(login, api_key).and_return new_token
268
+ expect(api.token).to eq(new_token)
269
+ end
270
+ end
260
271
 
261
- time_travel 6.minutes
262
- new_token = token.merge "timestamp" => Time.now.to_s
272
+ it_should_behave_like "it gets a new token"
273
+
274
+ context "with elevated privilege" do
275
+ subject(:api) { Conjur::API.new_from_key(*api_args).with_privilege('reveal') }
276
+ it_should_behave_like "it gets a new token"
277
+ end
278
+
279
+ context "with audit roles" do
280
+ subject(:api) { Conjur::API.new_from_key(*api_args).with_audit_roles('account:host:host1') }
281
+ it_should_behave_like "it gets a new token"
282
+ end
283
+
284
+ context "with audit resources" do
285
+ subject(:api) { Conjur::API.new_from_key(*api_args).with_audit_resources('account:webservice:service1') }
286
+ it_should_behave_like "it gets a new token"
287
+ end
263
288
 
264
- expect(Conjur::API).to receive(:authenticate).with(login, api_key).and_return new_token
265
- expect(api.token).to eq(new_token)
266
289
  end
267
290
  end
268
291
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: conjur-api
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.25.0
4
+ version: 4.25.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rafal Rzepecki
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2016-06-17 00:00:00.000000000 Z
12
+ date: 2016-06-23 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rest-client