conjur-api 4.31.0 → 5.0.0.rc1

data/lib/conjur/graph.rb

@@ -1,295 +0,0 @@
-#
-# Copyright (C) 2015 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-module Conjur
-
-  # A Graph represents a directed graph of roles.
-  #
-  # An instance of this class is returned by {Conjur::API#role_graph}.
-  #
-  # @example Graphs act like arrays of edges
-  #   graph.each do |edge|
-  #     puts "#{edge.parent} -> #{edge.child}"
-  #   end
-  #   # role1 -> role2
-  #   # role2 -> role3
-  #
-  class Graph
-
-    include Enumerable
-
-    # Returns an array containing the directed edges of the graph.
-    #
-    # @return [Array<Conjur::Graph::Edge>] the edges of this graph
-    attr_reader :edges
-
-    # @api private
-    #
-    # @param val [String, Hash, Array, Graph] Data from which to initialize the instance
-    def initialize val
-      @edges = case val
-        when String then JSON.parse(val)['graph']
-        when Hash then val['graph']
-        when Array then val
-        when Graph then val.edges
-        else raise ArgumentError, "don't know how to turn #{val}:#{val.class} into a Graph"
-      end.map{|pair| Edge.new(*pair) }.freeze
-      @next_node_id = 0
-      @node_ids = Hash.new
-    end
-
-    # Enumerates the edges of this graph.
-    #
-    # @yieldparam [Conjur::Graph::Edge] edge each edge of the graph
-    # @return [Conjur::Graph] this graph
-    def each_edge
-      return enum_for(__method__) unless block_given?
-      edges.each{|e| yield e}
-      self
-    end
-
-    alias each each_edge
-
-    # Enumerates the vertices (roles) of this graph
-    # @yieldparam  [Conjur::Role] vertex each vertex in this graph
-    # @return [Conjur::Graph] this graph
-    def each_vertex
-      return enum_for(__method__) unless block_given?
-      vertices.each{|v| yield v}
-    end
-
-    # Serialize the graph as JSON
-    # @param [Boolean] short when true, the graph is serialized as an array of arrays instead of an array of hashes.
-    # @return [String] the JSON serialized graph.
-    # @see #as_json
-    #
-    def to_json short =  false
-      as_json(short).to_json
-    end
-
-    # Convert the graph to a JSON serializable data structure.  The value returned by this method can have two
-    # forms:  An array of arrays when `short` is `true`, or hash like
-    # `{ 'graph' => [ {'parent' => 'roleid', 'child' => 'roleid'} ]}` otherwise.
-    #
-    # @example Graph formats
-    #   graph = api.role_graph 'conjur:group:pubkeys-1.0/key-managers'
-    #
-    #   # Short format
-    #   graph.as_json true
-    #   #  => [
-    #   #  ["conjur:group:pubkeys-1.0/key-managers", "conjur:group:pubkeys-1.0/admin"],
-    #   #  ["conjur:group:pubkeys-1.0/admin", "conjur:user:admin"]
-    #   # ]
-    #
-    #   # Default format (you can omit the false parameter in this case)
-    #   graph.as_json false
-    #   # => {
-    #   #  "graph" => [
-    #   #    {"parent"=>"conjur:group:pubkeys-1.0/key-managers", "child"=>"conjur:group:pubkeys-1.0/admin"},
-    #   #    {"parent"=>"conjur:group:pubkeys-1.0/admin", "child"=>"conjur:user:admin"}
-    #   #  ]
-    #   #}
-    #
-    # @param [Boolean] short whether to use short of default format
-    # @return [Hash, Array] JSON serializable representation of the graph
-    def as_json short = false
-      edges = self.edges.map{|e| e.as_json(short)}
-      short ? edges : {'graph' => edges}
-    end
-
-    # Returns a string formatted for use by the {http://www.graphviz.org/ graphviz dot} tool.
-    #
-    # @param [String, NilClass] name An identifier to assign to the graph. This can be omitted unless you
-    #   are writing multiple graphs to a single file.  This must be in the ID format specified by
-    #   http://www.graphviz.org/content/dot-language.
-    #
-    # @return [String] the dot format (used by graphviz, among others) representation of this graph.
-    def to_dot name = nil
-      dot = "digraph #{name || ''} {"
-      vertices.each do |v|
-        dot << "\n\t" << dot_node(v)
-      end
-      edges.each do |e|
-        dot << "\n\t" << dot_edge(e)
-      end
-      dot << "\n}"
-    end
-
-    # Return the vertices (roles) of the graph as an array.
-    # @return [Array<Conjur::Role>] the vertices/roles
-    def vertices
-      @vertices ||= edges.inject([]) {|a, pair| a.concat pair.to_a }.uniq
-    end
-
-    alias roles vertices
-
-    private
-
-    def node_id_for role
-      role = role.id if role.respond_to?(:id)
-      node_id = @node_ids[role]
-      if node_id.nil?
-        node_id = @node_ids[role] = next_node_id
-      end
-      node_id
-    end
-
-    def next_node_id
-      id = @next_node_id
-      @next_node_id += 1
-      "node_#{id}"
-    end
-
-    def node_label_for role
-      role = role.id if role.respond_to? :id
-      if single_account?
-        role = role.split(':', 2).last
-        if single_kind?
-          role = role.split(':', 2).last
-        end
-      end
-      role
-    end
-
-    def single_account?
-      if @single_account.nil?
-        @single_account = roles.map do |role|
-          role = role.id if role.respond_to?(:id)
-          role.split(':').first
-        end.uniq.size == 1
-      end
-      @single_account
-    end
-
-    def single_kind?
-      if @single_kind.nil?
-        return @single_kind = false unless single_account?
-        @single_kind = roles.map do |role|
-          role = role.id if role.respond_to?(:id)
-          role.split(':')[1]
-        end.uniq.size == 1
-      end
-      @single_kind
-    end
-
-    def dot_node v
-      id = node_id_for v
-      label = node_label_for v
-      "#{id} [label=\"#{label}\"]"
-    end
-
-    def dot_edge e
-      parent_id = node_id_for(e.parent)
-      child_id = node_id_for(e.child)
-      "#{parent_id} -> #{child_id}"
-    end
-
-    # Represents a directed Edge between a parent role and a child role.
-    #
-    # In this context, the parent role is a *member of* the child role.  For example,
-    # the `admin` role is a parent of every role, either directly or indirectly, because
-    # it is added as a member to all roles it creates.
-    class Edge
-
-      # Return the parent of this edge. The {#parent} role *is a member of* the {#child} role.
-      # @return [Conjur::Role] the parent role
-      attr_reader :parent
-
-      # Return the child of this edge.  The {#parent} role *is a member of* the {#child} role.
-      # @return [Conjur::Role] the child role
-      attr_reader :child
-
-      # Was the role granted with admin_option? May be nil if unknown
-      # (e.g. if the server doesn't return it).
-      attr_reader :admin_option
-      alias :admin_option? :admin_option
-
-      # Create a directed edge with a parent and child
-      #
-      # @param [Conjur::Role] parent the parent or source of this edge
-      # @param  [Conjur::Role] child the child or destination of this edge
-      def initialize parent, child, admin_option = nil
-        @parent = parent
-        @child = child
-        @admin_option = admin_option
-      end
-
-      # Serialize this edge as JSON.
-      #
-      # @see #as_json
-      # @param [Boolean] short when true, serialize the edge as an Array instead of a Hash
-      # @return [String] the JSON serialized edge
-      def to_json short = false
-        as_json(short).to_json
-      end
-
-      # Return a value suitable for JSON serialization.
-      #
-      # The `short` parameter determines whether to return a `["parent", "child"]` Array
-      # or a Hash like `{"parent" => "parent-role", "child" => "child-role"}`.
-      #
-      # @param [Boolean] short return an Array when true, otherwise return a Hash.
-      # @return [Array, Hash] value suitable for JSON serialization
-      def as_json short = false
-        short ? to_a : to_h
-      end
-
-      # Return this edge as a Hash like {"parent" => "...", "child" => "..."}.
-      #
-      # Note that the keys in the hash are strings.
-      #
-      # @return [Hash] a Hash representing this edge
-      def to_h
-        # return string keys to make testing less brittle
-        {'parent' => @parent, 'child' => @child}.tap {|h| h['admin_option'] = @admin_option unless @admin_option.nil?}
-      end
-
-      # Return this edge as an Array like ["parent", "child"]
-      #
-      # @return [Array<String>] the edge as an Array
-      def to_a
-        [@parent, @child].tap {|a| a.push(@admin_option) unless @admin_option.nil?}
-      end
-
-      # @api private
-      # :nodoc:
-      def to_s
-        "<Edge #{parent.id} --> #{child.id} (admin: #{@admin_option.inspect})>"
-      end
-
-      # Support using edges as hash keys
-      # @api private
-      # :nodoc:
-      def hash
-        @hash ||= to_a.map(&:to_s).hash
-      end
-
-      # Support using edges as hash keys and equality testing
-      # @api private
-      # :nodoc:
-      def == other
-        other.kind_of?(self.class) and other.parent == parent and other.child == child
-      end
-
-      alias eql? ==
-    end
-
-  end
-end

data/lib/conjur/has_id.rb

@@ -1,43 +0,0 @@
-#
-# Copyright (C) 2013 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-module Conjur
-
-  # Included in classes for assets that derive their id from their urls.
-  module HasId
-    # @api private
-    # This method is provided to support basic JSON serialization for all objects with `id`s.
-    #
-    # @param [Hash] options provided for backwards compatibility, do not use.
-    # @return [Hash] the JSON hash.
-    def to_json(options = {})
-      { id: id }
-    end
-
-
-    # Get this assets id.  This is the *unqualified* Conjur id for the asset,
-    # and is derived from the asset's url.
-    #
-    # @return [String] the asset's id
-    def id
-      URI.unescape self.url.split('/')[-1]
-    end    
-  end
-end

data/lib/conjur/has_identifier.rb

@@ -1,36 +0,0 @@
-#
-# Copyright (C) 2013 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-module Conjur
-  # Included in Conjur assets that have an identifier attribute.
-  module HasIdentifier
-    include HasAttributes
-
-    # Get the identifier attribute.  This is a *fully qualified* Conjur id.
-    #
-    # ### Permissions
-    # You must have the "`read`" permission on the underlying resource to call this method.
-    #
-    # @return [String] the asset's fully qualified id
-    def identifier
-      attributes['identifier']
-    end    
-  end
-end

data/lib/conjur/has_owner.rb

@@ -1,51 +0,0 @@
-#
-# Copyright (C) 2013 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-module Conjur
-  # Included in assets that have an *owner*.
-  module HasOwner
-    include HasAttributes
-
-    # Return the `userid` attribute.  This is the id of the Conjur role that
-    # created this asset.
-    #
-    # ### Permissions
-    # You must have the "`read`" permission on the underlying resource to call this method.
-    #
-    # @return [String] the userid
-    def userid
-      attributes['userid']
-    end    
-
-
-    # Return the owner of this resource or asset.
-    #
-    # The owner of a resource or an asset with an underlying resource is allowed to do anything to the resource,
-    # including granting permissions to other roles.
-    #
-    # ### Permissions
-    # You must have the "`read`" permission on the underlying resource to call this method.
-    #
-    # @return [String] the fully qualified role id of the asset's  owner.
-    def ownerid
-      attributes['ownerid']
-    end    
-  end
-end

data/lib/conjur/host-factory-api.rb

@@ -1,38 +0,0 @@
-#
-# Copyright (C) 2014 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-require 'conjur/api'
-require 'conjur/configuration'
-
-class Conjur::Configuration
-  add_option :host_factory_url do
-    account_service_url 'host_factories', 500
-  end
-end
-
-class Conjur::API
-  class << self
-    def host_factory_asset_host
-      Conjur.configuration.host_factory_url
-    end
-  end
-end
-
-require 'conjur/api/host_factories'

data/lib/conjur/layer-api.rb

@@ -1,13 +0,0 @@
-class Conjur::API
-  class << self
-    # @api private
-    #
-    # Url to the layers service.
-    # @return [String] the url
-    def layer_asset_host
-      ENV["CONJUR_LAYER_ASSET_URL"] || Conjur::Core::API.host
-    end
-  end
-end
-
-require 'conjur/api/layers'

data/lib/conjur/ldap_sync_job.rb

@@ -1,89 +0,0 @@
-require 'conjur/event_source'
-
-module Conjur
-  class LdapSyncJob
-
-    attr_reader :hash
-
-    # Creates a new `LdapSyncJob` from a Hash as returned
-    # by the LDAP sync service's `GET /jobs` route.
-    def self.new_from_json api, hash
-      new(api, hash)
-    end
-
-    def initialize api, hash
-      @api = api
-      @hash = hash.with_indifferent_access
-    end
-
-    def exclusive?
-      self.exclusive
-    end
-
-    def [](k)
-      @hash[k]
-    end
-
-    def method_missing(sym, *arguments, &block)
-      @hash[sym]
-    end
-
-    # Stop this job (if running) and remove it from the list of jobs.
-    def delete
-      job_resource.delete
-    end
-
-    # Receive output from this job and pass them to the given block.
-    def output &block
-      events = []
-      wrapper = lambda do |e|
-        events << e
-        block[e] if block
-      end
-
-      follow_job_output(&wrapper)
-
-      events
-    end
-
-    def to_s
-      "<LdapSyncJob #{id} type=#{type} state=#{state}#{exclusive? ? ' exclusive' : ''}>"
-    end
-
-    def to_h
-      @hash
-    end
-
-    alias as_json to_h
-
-    def to_json _unused
-      as_json.to_json
-    end
-    private
-
-    def follow_job_output &block
-      options = @api.credentials.dup.tap{|h| h[:headers][:accept] = 'text/event-stream'}
-
-      handle_response = lambda do |response|
-        response.error! unless response.code == '200'
-        es = EventSource.new
-        es.message{ |e| block[e.data] }
-
-        response.read_body do |chunk|
-          es.feed chunk
-        end
-      end
-
-      RestClient::Request.execute(
-          url: "#{job_resource['output'].url}",
-          headers: options[:headers],
-          method: :get,
-          block_response: handle_response
-      )
-    end
-
-    def job_resource
-      RestClient::Resource.new(Conjur.configuration.appliance_url, @api.credentials)['ldap-sync']['jobs'][id]
-    end
-  end
-end

data/lib/conjur/path_based.rb

@@ -1,86 +0,0 @@
-#
-# Copyright (C) 2013 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-module Conjur
-  # This module provides methods for determining Conjur id components from an asset's
-  # REST URL.
-  module PathBased
-    # Return the Conjur {http://developer.conjur.net/reference/services/authorization#Organization.Account
-    # organizational account} for this role or resource.  The `account`
-    # is the first token in a fully qualified Conjur id, like `"account:kind:identifier"`
-    #
-    # @example
-    #   role = api.role 'foo:bar:baz'
-    #   role.account # => 'foo'
-    #
-    # @return [String] the Conjur organizational account
-    def account
-      match_path(0..0)
-    end
-
-    # Return the *kind* for this role or resource.  The kind partitions the space of roles and resources, generally
-    # according to their purpose (for example, roles representing users have kind `'user'`).  The `kind` of a role or
-    # resource is the second token of a fully qualified Conjur id, like `"account:kind:identifier"`.
-    #
-    # @example Get the kind of a role
-    #   role = api.host('postgres-1').role
-    #   role.kind # => 'host'
-    #
-    # @example Get the kind of a resource
-    #   res  = api.host('postgres-1').resource
-    #   res.kind # => 'host'
-    #
-    # @return [String] the kind of the role or resource
-    def kind
-      match_path(2..2)
-    end
-    
-    protected
-
-    # @api private
-    #
-    # Returns the path parts in the given range.
-    #
-    # @example
-    #   self.url # => "https://10.0.3.100/api/authz/foo/roles/bar/baz"
-    #   self.match_path 0..2 # => "foo/roles/bar"
-    #   self.match_path 2..-1 # => "bar/baz"
-    #
-    # @param [Range] range the range of parts
-    # @return [String] the parts joined by `'/'`
-    def match_path(range)
-      tokens[range].map{|t| URI.unescape(t)}.join('/')
-    end
-
-    # @api private
-    #
-    # Returns the components of this asset's path starting with the first component
-    # that isn't part of the authz service url.
-    #
-    # @example
-    #   self.url # => "https://10.0.3.100/api/authz/foo/roles/bar/baz"
-    #   self.tokens # => ["foo", "roles", "bar", "baz"]
-    #
-    # @return [Array<String>] the path components
-    def tokens
-      self.url[RestClient::Resource.new(Conjur::Authz::API.host)[''].url.length..-1].split('/')
-    end
-  end
-end