conjur-api 4.31.0 → 5.0.0.rc1

data/lib/conjur/pubkeys-api.rb

@@ -1,50 +0,0 @@
-#
-# Copyright (C) 2013 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-require 'conjur/api'
-require 'conjur/configuration'
-
-class Conjur::Configuration
-  # @!attribute pubkeys_url
-  # The url for the {http://developer.conjur.net/reference/services/pubkyes Conjur public keys service}.
-  #
-  # @note You should not generally set this value.  Instead, Conjur will derive it from the
-  #   {Conjur::Configuration#account} and {Conjur::Configuration#appliance_url}
-  #   properties.
-  #
-  # @return [String] the pubkeys service url
-  add_option :pubkeys_url do
-    account_service_url 'pubkeys', 400
-  end
-end
-
-class Conjur::API
-  class << self
-    # @api private
-    #
-    # Url to the pubkeys service.
-    # @return [String] the url
-    def pubkeys_asset_host 
-      Conjur.configuration.pubkeys_url
-    end
-  end
-end
-
-require 'conjur/api/pubkeys'

data/lib/conjur/standard_methods.rb

@@ -1,91 +0,0 @@
-#
-# Copyright (C) 2013 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-
-require 'active_support/dependencies/autoload'
-require 'active_support/core_ext'
-
-module Conjur
-  # @api private
-  # This module provides a number of "standard" `REST` helpers,
-  #   to wit, create, list and show.
-  module StandardMethods
-    
-    protected
-
-    # @api private
-    #
-    # Create this resource by sending a POST request to its URL.
-    #
-    # @param [String] host the url of the service (for example, https://conjur.host.com/api)
-    # @param [String] type the asset `kind` (for example, 'user', 'group')
-    # @param [String, nil] id the id of the new asset
-    # @param [Hash] options options to pass through to `RestClient::Resource`'s `post` method.
-    # @return [Object] an instance of a class determined by `type`.  For example, if `type` is
-    #   `'user'`, the class will be `Conjur::User`.
-    def standard_create(host, type, id = nil, options = nil)
-      log do |logger|
-        logger << "Creating #{type}"
-        logger << " #{id}" if id
-        unless options.blank?
-          logger << " with options #{options.to_json}"
-        end
-      end
-      options ||= {}
-      options[:id] = id if id
-      resp = RestClient::Resource.new(host, credentials)[type.to_s.pluralize].post(options)
-      "Conjur::#{type.to_s.classify}".constantize.build_from_response(resp, credentials)
-    end
-
-    # @api private
-    #
-    # Fetch a list of assets by sending a GET request to the URL for resources of the given `type`.
-    #
-    # @param [String] host the url of the service (for example, https://conjur.host.com/api)
-    # @param [String] type the asset `kind` (for example, 'user', 'group')
-    # @param [Hash] options options to pass through to `RestClient::Resource`'s `post` method.
-    # @return [Array<Object>] an array of instances of the asset class determined by `type`.  For example, if
-    #   `type` is `'group'`, and array of `Conjur::Group` instances will be returned.
-    def standard_list(host, type, options)
-      JSON.parse(RestClient::Resource.new(host, credentials)[type.to_s.pluralize].get(options)).collect do |item|
-        # Note that we don't want to fully_escape the ids below -- methods like #layer, #host, etc don't expect
-        # ids to be escaped, and will escape them again!.
-        if item.is_a? String  # lists w/o details are just list of ids 
-          send(type,item)
-        else                  # list w/ details consists of hashes
-          send(type, item['id']).tap { |obj| obj.attributes=item }
-        end
-      end
-    end
-
-    # @api private
-    #
-    # Fetch details of an asset by sending a GET request to its URL.
-    #
-    # @param [String] host the url of the service (for example, https://conjur.host.com/api)
-    # @param [String] type the asset `kind` (for example, 'user', 'group')
-    # @param [String, nil] id the id of the asset to show
-    # @return [Object] an instance of a class determined by `type`.  For example, if `type` is
-    #   `'user'`, the class will be `Conjur::User`.
-    def standard_show(host, type, id)
-      "Conjur::#{type.to_s.classify}".constantize.new(host, credentials)[ [type.to_s.pluralize, fully_escape(id)].join('/') ]
-    end
-  end
-end

data/reqspeed.rb

@@ -1,20 +0,0 @@
-#!/usr/bin/env ruby
-# a hackish script to gauge the time it takes to load various components
-
-$require_level = 0
-alias :orig_require :require
-def require(file)
-  rl = $require_level
-  r0 = Time.now
-  $require_level += 1
-  r = orig_require(file)
-  $require_level -=1
-  c = caller[0][/.*?:[^:]+/]
-  c = '' unless c =~ /conjur/
-  printf "%5.02f %s %s %s\n", Time.now - r0, '-' * rl, file, c + (r ? '' : ' (already required)')
-  r
-end
-
-#$:.prepend 'lib'
-
-require ARGV.first

data/spec/api/authn_spec.rb

@@ -1,81 +0,0 @@
-require 'spec_helper'
-require 'cas_rest_client'
-require 'helpers/request_helpers'
-
-describe Conjur::API do
-  include RequestHelpers
-
-  let(:host) { 'http://authn.example.com' }
-  let(:user) { 'kmitnick' }
-  let(:password) { 'sikret' }
-
-  before do
-    allow(Conjur::Authn::API).to receive_messages host: host
-  end
-
-  describe "::login" do
-    it "gets /users/login" do
-      expect_request(
-        method: :get, url: "http://authn.example.com/users/login", 
-        user: user,
-        password: password, 
-        headers: {}
-      ).and_return(response = double)
-      expect(Conjur::API::login(user, password)).to eq(response)
-    end
-  end
-
-  describe "::login_cas" do
-    let(:response) { "response body" }
-    let(:cas_uri) { 'http://cas.example.com' }
-
-    it "uses CasRestClient to authenticate" do
-      stub_const 'CasRestClient', MockCasRestClient.new(double("response", body: response))
-      expect(Conjur::API.login_cas(user, password, cas_uri)).to eq(response)
-      expect(CasRestClient.options).to eq({
-        username: user,
-        password: password,
-        uri: "http://cas.example.com/v1/tickets",
-        use_cookies: false
-      })
-      expect(CasRestClient.url).to eq("http://authn.example.com/users/login")
-    end
-  end
-
-  describe "::authenticate" do
-    it "posts the password and dejsons the result" do
-      expect_request(
-        method: :post, url: "http://authn.example.com/users/#{user}/authenticate",
-        payload: password, headers: { content_type: 'text/plain' }
-      ).and_return '{ "response": "foo"}'
-      expect(Conjur::API.authenticate(user, password)).to eq({ 'response' => 'foo' })
-    end
-  end
-  
-  describe "::update_password" do
-    it "logs in and puts the new password" do
-      expect_request(
-        method: :put, 
-        url: "http://authn.example.com/users/password",
-        user: user,
-        password: password,
-        payload: 'new-password', 
-        headers: {  }
-      ).and_return :response
-      expect(Conjur::API.update_password(user, password, 'new-password')).to eq(:response)
-    end
-  end
-
-  describe '::rotate_api_key' do
-    it 'puts with basic auth' do
-      expect_request(
-          method: :put,
-          url: 'http://authn.example.com/users/api_key',
-          user: user,
-          password: password,
-          headers: { }
-      ).and_return double('response', body: 'new api key')
-      expect(Conjur::API.rotate_api_key user, password).to eq('new api key')
-    end
-  end
-end

data/spec/api/graph_spec.rb

@@ -1,117 +0,0 @@
-require 'spec_helper'
-
-describe Conjur::Graph do
-  let(:edges){ [
-    [ 'a', 'b' ],
-    [ 'a', 'c'],
-    [ 'c', 'd'],
-    ['b', 'd'],
-    [ 'd', 'e'],
-    # make two connected components
-    ['o', 'q'],
-    ['x', 'o']
-  ]}
-  let(:edges_with_admin) { edges.each {|e| e.push(false)} }
-
-  let(:short_json_graph){ edges.to_json }
-  let(:long_edges){ edges.map{|e| {'parent' => e[0], 'child' => e[1]}} }
-  let(:long_hash_graph){ {'graph' => long_edges} }
-  let(:long_json_graph){ long_hash_graph.to_json }
-
-  describe "json methods" do
-    subject{described_class.new edges}
-    it "converts to long json correctly" do
-      expect(subject.to_json).to eq(long_json_graph)
-      expect(subject.as_json).to eq(long_hash_graph)
-    end
-
-    it "converts to short json correctly" do
-      expect(subject.to_json(true)).to eq(short_json_graph)
-      expect(subject.as_json(true)).to eq(edges)
-    end
-  end
-
-  describe "#vertices" do
-    subject{Conjur::Graph.new(edges).vertices.to_set}
-    it "contains all unique members of edges" do
-      expect(subject.to_set).to eq(edges.flatten.uniq.to_set)
-    end
-  end
-
-  describe "#to_dot" do
-    let(:name){ nil }
-    subject{ Conjur::Graph.new(edges).to_dot(name) }
-    before do
-      File.write('/tmp/conjur-graph-spec.dot', subject)
-    end
-
-    let(:role_to_node_id) do
-      {}.tap do |h|
-        edges.flatten.uniq.each do |v|
-          expect(subject =~ /^\s*([a-z][0-9a-z_\-]*)\s*\[label\="(#{v})"\]/i).to be_truthy
-          h[$2] = $1
-        end
-      end
-    end
-
-    context "when given a name" do
-      let(:name){ 'foo' }
-      it "names the digraph" do
-        expect(subject).to match(/\A\s*digraph\s+foo\s*\{/)
-      end
-    end
-
-    it "defines all the vertices in the graph" do
-      edges.flatten.uniq.each do |v|
-        expect(subject).to match(/^\s*[a-z][0-9a-z_\-]*\s*\[label\="#{v}"\]/i)
-      end
-    end
-
-    it "defines all the edges in the graph" do
-      edges.each do |e|
-        parent_id = role_to_node_id[e[0]]
-        child_id  = role_to_node_id[e[1]]
-        expect(subject).to match(/^\s*#{parent_id}\s*\->\s*#{child_id}/)
-      end
-    end
-  end
-
-  shared_examples "it creates a new Graph" do
-    let(:arg) { graph_edges }
-    let(:edge_objects){ graph_edges.map{|e| Conjur::Graph::Edge.new(*e) }}
-
-    subject{ described_class.new arg }
-
-    def self.it_accepts_the_argument
-      it "accepts the argument" do
-        expect(subject.edges.to_set).to eq(edge_objects.to_set)
-      end
-    end
-    describe "given an array of edges" do
-      it_accepts_the_argument
-    end
-
-    describe "given a hash of {'graph' => <array of edges>}" do
-      let(:arg){ {'graph' => graph_edges} }
-      it_accepts_the_argument
-    end
-
-    describe "given a JSON string" do
-      let(:arg){ {'graph' => graph_edges}.to_json }
-      it_accepts_the_argument
-    end
-  end
-
-  describe "Graph.new" do
-    it_should_behave_like "it creates a new Graph" do
-      let(:graph_edges) { edges }
-    end
-  end
-
-  describe "Graph.new with admin_option present" do
-    it_should_behave_like "it creates a new Graph" do
-      let(:graph_edges) { edges_with_admin }
-    end
-  end
-
-end

data/spec/api/groups_spec.rb

@@ -1,40 +0,0 @@
-require 'spec_helper'
-require 'standard_methods_helper'
-
-describe Conjur::API, api: :dummy do
-  subject { api }
-
-  describe '#groups' do
-    it_should_behave_like 'standard_list with', :group, :options do
-      let(:invoke) { subject.groups :options }
-    end
-  end
-
-  describe '#create_group' do
-    it_should_behave_like 'standard_create with', :group, :id, :options do
-      let(:invoke) { subject.create_group :id, :options }
-    end
-
-    it_should_behave_like 'standard_create with', :group, :id, gidnumber: 371509 do
-      let(:invoke) { subject.create_group :id, gidnumber: 371509 }
-    end
-  end
-
-  describe '#group' do
-    it_should_behave_like 'standard_show with', :group, :id do
-      let(:invoke) { subject.group :id }
-    end
-  end
-
-  describe '#find_groups' do
-    it "searches the group by GID" do
-      expect_request(
-        method: :get,
-        url: "#{core_host}/groups/search?gidnumber=12345",
-        headers: credentials[:headers]
-      ).and_return ['foo'].to_json
-
-      expect(api.find_groups(gidnumber: 12345)).to eq(['foo'])
-    end
-  end
-end

data/spec/api/hosts_spec.rb

@@ -1,36 +0,0 @@
-require 'spec_helper'
-require 'standard_methods_helper'
-require 'cidr_helper'
-
-describe Conjur::API, api: :dummy do
-  describe '::enroll_host' do
-    it "uses Net::HTTP to get something" do
-      response = double "response",
-          code: '200', body: 'foobar'
-      allow(response).to receive(:[]).with('Content-Type').and_return 'text/whatever'
-
-      url = URI.parse "http://example.com"
-      allow(Net::HTTP).to receive(:get_response).with(url).and_return response
-
-      expect(Conjur::API.enroll_host("http://example.com")).to eq(['text/whatever', 'foobar'])
-    end
-  end
-
-  describe '#create_host' do
-    it_should_behave_like "standard_create with", :host, nil, some: :options do
-      let(:invoke) { subject.create_host some: :options }
-    end
-
-    include_examples 'CIDR create' do
-      def create opts
-        api.create_host opts
-      end
-    end
-  end
-
-  describe '#host' do
-    it_should_behave_like "standard_show with", :host, :id do
-      let(:invoke) { subject.host :id }
-    end
-  end
-end

data/spec/api/info_spec.rb

@@ -1,89 +0,0 @@
-require 'spec_helper'
-require 'standard_methods_helper'
-
-describe Conjur::API, api: :dummy do
-  before do
-    # The standard test setup doesn't do this
-    allow(Conjur.configuration).to receive(:appliance_url).and_return 'https://example.com/api'
-  end
-
-  let(:version_string) { '4.5.0-75-gde404a6' }
-  let(:response_json){
-    {
-        'services' => {
-            'authn' => {
-                'version' => version_string
-            }
-        }
-    }
-  }
-  let(:response){ double('response', body: response_json.to_json) }
-
-  describe '+appliance_info' do
-    subject{ Conjur::API.appliance_info }
-    context 'when /info does not exist' do
-      it 'raises a FeatureNotAvailable exception' do
-        expect_request(
-            method: :get,
-            url: 'https://example.com/info'
-        ).and_raise RestClient::ResourceNotFound
-        expect{ subject }.to raise_error(Conjur::FeatureNotAvailable)
-      end
-    end
-
-    context 'when /info exists' do
-      it 'returns the response json' do
-        expect_request(
-            method: :get,
-            url: 'https://example.com/info'
-        ).and_return response
-
-        expect(subject).to eq(response_json)
-      end
-    end
-  end
-
-  describe '+service_names' do
-    subject{ Conjur::API.service_names }
-    it 'returns the service names' do
-      expect_request(
-          method: :get,
-          url: 'https://example.com/info'
-      ).and_return response
-      expect(subject).to eq(%w(authn))
-    end
-  end
-
-  describe '+service_version' do
-    subject{ Conjur::API.service_version(service)}
-    context 'when the service name is valid' do
-      let(:service){'authn'}
-      let(:expected_version){ "4.5.0".to_version }
-      before {
-        expect_request(
-            method: :get,
-            url: 'https://example.com/info'
-        ).at_least(1).times.and_return response
-      }
-      it 'returns the version as a Semantic::Version' do
-        expect(subject).to eq(expected_version)
-      end
-      describe 'can be compared' do
-        it 'returns the version as a Semantic::Version' do
-          expect(subject >= Semantic::Version.new('4.5.0')).to eq(true)
-        end
-      end
-    end
-
-    context 'when the service name is not valid' do
-      let(:service){'blahblah'}
-      it 'raises an exception' do
-        expect_request(
-            method: :get,
-            url: 'https://example.com/info'
-        ).at_least(1).times.and_return response
-        expect{ subject }.to raise_error(RuntimeError, /Unknown service/i)
-      end
-    end
-  end
-end

data/spec/api/layer_spec.rb

@@ -1,18 +0,0 @@
-require 'spec_helper'
-require 'webmock/rspec'
-
-describe Conjur::Layer do
-  subject { Conjur::Layer.new 'http://example.com/layers/my%2Flayername', nil }
-  
-  describe "#add_host" do
-    it "casts Host to roleid" do
-      host = double(:host)
-      expect(host).to receive(:roleid).and_return "the-hostid"
-      stub_request(:post, "http://example.com/layers/my%2Flayername/hosts")
-        .with(body: {hostid: 'the-hostid' })
-
-
-      subject.add_host host
-    end
-  end
-end

data/spec/api/ldapsync_spec.rb

@@ -1,44 +0,0 @@
-#
-# Copyright (C) 2016 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-require 'spec_helper'
-require 'helpers/request_helpers'
-
-describe Conjur::API, api: :dummy do
-  include RequestHelpers
-  describe 'LDAP policy methods' do
-    let(:appliance_url){ "http://example.com/api" }
-    before do
-      allow(Conjur.configuration).to receive(:appliance_url).and_return appliance_url
-    end
-
-    describe '#ldap_sync_policy' do
-      let(:profile) { 'default' }
-      let(:url){ "#{appliance_url}/ldap-sync/policy?config_name=#{profile}" }
-      let(:policy_event){
-        %Q{data: {"policy": "a policy"}}
-      }
-
-      let(:response){ double('response', :body => policy_event, :headers => { :content_type => 'text/event-stream' }) }
-      subject{ api.ldap_sync_policy('default') }
-      before do
-        expect_request(
-            url: url,
-            method: :get,
-            headers: credentials[:headers]
-        ).and_return response
-      end
-
-      it 'returns a Hash with a policy' do
-        expect(subject).to be_kind_of Hash
-      end
-    end
-
-  end
-end

data/spec/api/pubkeys_spec.rb

@@ -1,66 +0,0 @@
-#
-# Copyright (C) 2013 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-require 'spec_helper'
-
-describe Conjur::API, api: :dummy do
-  let(:pubkeys_url){ "http://pubkeys.example.com/api/pubkeys" }
-  def pubkeys_url_for *path
-    [pubkeys_url, path.map{|p| CGI.escape(p)} ].join("/")  
-  end
-  
-  before do
-    allow(Conjur::API).to receive_messages(pubkeys_asset_host: pubkeys_url)
-  end
-  
-  describe "#public_keys" do
-    it "GETs /:username" do
-      expect_request(
-        url: pubkeys_url_for("bob"),
-        method: :get,
-        headers: credentials[:headers],
-      ).and_return "key key key"
-      expect(api.public_keys("bob")).to eq("key key key")
-    end
-  end
-  
-  describe "#add_public_key" do
-    it "POSTs /:username with the data" do
-      expect_request(
-        url: pubkeys_url_for("bob"),
-        method: :post,
-        headers: credentials[:headers],
-        payload: "key data",
-      )
-      api.add_public_key("bob", "key data")
-    end
-  end
-  
-  describe "#delete_public_key" do
-    it "DELETEs /:username/:keyname" do
-      expect_request(
-        url: pubkeys_url_for("bob", "bob-key"),
-        method: :delete,
-        headers: credentials[:headers]
-      )
-      api.delete_public_key("bob", "bob-key")
-    end
-  end
-end