conjur-api 4.31.0 → 5.0.0.rc1

data/lib/conjur/api/resources.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2013 Conjur Inc
+# Copyright 2013-2017 Conjur Inc
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy of
 # this software and associated documentation files (the "Software"), to deal in
@@ -22,44 +22,11 @@ require 'conjur/resource'
 
 module Conjur
   class API
-    #@!group Authorization: Resources
-
-    # Create a {http://developer.conjur.net/reference/services/authorization/resource Conjur Resource}.
-    # Resources are entities on which roles have permissions.  A resource might represent a secret, a
-    # web service route, or be part of a higher level construct such as a user or group.
-    #
-    # If `:acting_as` is not present in `options`, you will be the owner of the new role.  If it is present,
-    # your role must be a member of the given role (see {Conjur::Role#member_of?}).
-    #
-    # @example Create an abstract resource to represent a web service route
-    #   # Notice that we can omit the account in the identifier
-    #   service_resource = api.create_resource 'web-service:list-gadgets'
-    #   service_resource.resource_id # => 'conjur:web-service:list-gadgets'
-    #
-    #   # In a gatekeeper for the web service, we can use the resource to control access
-    #   get '/gadgets' do
-    #     # We'll assume that we've verified the Conjur authn token in the request, and stored the
-    #     # corresponding identifier in `request_role_id`
-    #     halt(403) unless api.resource('conjur:web-service:list-gadgets').permitted? 'read', request_role_id
-    #     render_json find_gadgets
-    #   end
-    #
-    # @example Create a role owned by another role
-    #   alice = api.role('user:alice')
-    #   api.current_role.member_of? alice # true, the operation will fail if this is false
-    #   res = api.create_resource 'example:owned', acting_as: 'user:alice'
-    #   res.owner # "conjur:user:alice"
-    #
-    # @param [String] identifier an id of the form `"<account>:<kind>:<id>"` or `"<kind>:<id>"`
-    # @param options [Hash] options for the request
-    # @option options [String, #role_id] :acting_as the role-ish thing or role id that will own the new resource
-    # @return [Conjur::Role] the new role
-    def create_resource(identifier, options = {})
-      resource(identifier).tap do |r|
-        r.create(options)
-      end
-    end
+    include QueryString
+    include BuildObject
     
+    #@!group Resources
+
     # Find a resource by it's id.  The id given to this method must be qualified by a kind, but the account is
     # optional.
     #
@@ -68,23 +35,10 @@ module Conjur
     # The resource **must** be visible to the current role.  This is the case if the current role is the owner of
     # the resource, or has any privilege on it.
     #
-    # @example Find or create a resource
-    #    def find_or_create_resource resource_id
-    #       resource = api.resource resource_id
-    #       unless resource.exists?
-    #         resource = api.create_resource resource_id
-    #       end
-    #       resource
-    #     end
-    #
-    #     # ...
-    #     example_resource = find_or_create_resource 'example:find-or-create'
-    #     example_resource.exists? # always true
-    #
-    # @param identifier [String] a qualified resource identifier, optionally including an account
+    # @param id [String] a fully qualified resource identifier
     # @return [Conjur::Resource] the resource, which may or may not exist
-    def resource identifier
-      Resource.new(Conjur::Authz::API.host, credentials)[self.class.parse_resource_id(identifier).join('/')]
+    def resource id
+      build_object id
     end
 
     # Find all resources visible to the current role that match the given search criteria.
@@ -108,19 +62,12 @@ module Conjur
     # @example Search for resources annotated with the text "WebService Route"
     #    webservice_routes = api.resources search: "WebService Route"
     #
-    #    # Check that it worked:
-    #    webservice_routes.each do |resource|
-    #       searchable = [resource.annotations.to_h.values, resource.resource_id]
-    #       raise "FAILED" unless searchable.flatten.any?{|s| s.include? "WebService Route"}
-    #    end
-    #
     # @example Restrict the search to 'group' resources
     #   groups = api.resources kind: 'group'
     #
     #   # Correct behavior:
     #   expect(groups.all?{|g| g.kind == 'group'}).to be_true
     #
-    #
     # @example Get every single resource in a performant way
     #   resources = []
     #   limit = 25
@@ -131,17 +78,32 @@ module Conjur
     #   end
     #   # do something with your resources
     #
-    # @param opts [Hash] search criteria
-    # @option opts [String]   :search find resources whose ids or annotations contain this string
-    # @option opts [String]   :kind find resources whose `kind` matches this string
-    # @option opts [Integer]  :limit the maximum number of records to return (Conjur may return fewer)
-    # @option opts [Integer]  :offset offset of the first record to return
+    # @param options [Hash] search criteria
+    # @option options [String]   :search find resources whose ids or annotations contain this string
+    # @option options [String]   :kind find resources whose `kind` matches this string
+    # @option options [Integer]  :limit the maximum number of records to return (Conjur may return fewer)
+    # @option options [Integer]  :offset offset of the first record to return
+    # @option options [Boolean]  :count return a count of records instead of the records themselves when set to true
     # @return [Array<Conjur::Resource>] the resources matching the criteria given
-    def resources opts = {}
-      opts = { host: Conjur::Authz::API.host, credentials: credentials }.merge opts
-      opts[:account] ||= Conjur.account
+    def resources options = {}
+      options = { host: Conjur.configuration.core_url, credentials: credentials }.merge options
+      options[:account] ||= Conjur.configuration.account
       
-      result = Resource.all(opts)
+      host, credentials, account, kind = options.values_at(*[:host, :credentials, :account, :kind])
+      fail ArgumentError, "host and account are required" unless [host, account].all?
+      %w(host credentials account kind).each do |name|
+        options.delete(name.to_sym)
+      end
+
+      credentials ||= {}
+
+      path = "/resources/#{path_escape account}" 
+      path += "/#{path_escape kind}" if kind
+
+      result = JSON.parse(RestClient::Resource.new(Conjur.configuration.core_url, credentials)[path][options_querystring options].get)
+
+      result = result['count'] if result.is_a?(Hash)
+
       if result.is_a?(Numeric)
         result
       else
@@ -152,51 +114,5 @@ module Conjur
         end
       end
     end
-
-    # The resource which grants global privileges to Conjur.
-    # Privileges given on this resource apply to any record in the system.
-    # There are two defined global privileges:
-    #
-    # * **elevate** permission is granted for any action.
-    # * **reveal** methods which list records will always return every matching
-    #   record, regardless of whether the user has any privileges on these records or not.
-    #   Services can also choose to attach additional semantics to *reveal*, such as allowing
-    #   the user to show non-sensitive attributes of any record.
-    #
-    # Global privileges are available in Conjur 4.5 and later.
-    GLOBAL_PRIVILEGE_RESOURCE = "!:!:conjur"
-    
-    # Checks whether the client has a particular global privilege.
-    # The global privileges are *elevate* and *reveal*.
-    def global_privilege_permitted? privilege
-      resource(GLOBAL_PRIVILEGE_RESOURCE).permitted? privilege
-    end
-
-    # Check to see if the logged-in role has the specified +privilege+
-    # on the resources specified by +kind+ and +identifiers+.
-    #
-    # @example
-    #   secret1 = api.create_variable 'text/plain', 'secret1', id: 'secret1', value: 'my_first_secret'
-    #   secret2 = api.create_variable 'text/plain', 'secret2', id: 'secret2', value: 'another_secret'
-    #   all_permitted, results = api.resources_permitted? 'variable', ['secret1', 'secret2'], 'execute'
-
-    # @param [String] kind the kind of resources to check
-    # @param [Array<String>] identifiers the (unqualified) identifiers of the resources
-    # @param [String] privilege the privilege to check for
-    # @return [Array] first element is a Boolean, true if all checks passed, false otherwise. 
-    #                 If some checks fail, second element is the check result for each resource.
-    def resources_permitted? kind, identifiers, privilege
-      options = {
-        privilege: privilege,
-        identifiers: identifiers
-      }
-      resp = RestClient::Resource.new(Conjur::Authz::API.host, credentials)["#{Conjur.account}/resources/#{kind}?check=true"].post(options)
-      if resp.code == 204
-        [true, []]
-      else
-        [false, JSON.parse(resp.body)]
-      end
-    end
-
   end
 end

data/lib/conjur/api/roles.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2013 Conjur Inc
+# Copyright 2013-2017 Conjur Inc
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy of
 # this software and associated documentation files (the "Software"), to deal in
@@ -19,82 +19,26 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 require 'conjur/role'
-require 'conjur/graph'
 
 module Conjur
   class API
-    #@!group Authorization: Roles
+    include BuildObject
 
-    # Fetch a {Conjur::Graph} representing the relationships of a given role or roles.  Such graphs are transitive,
-    # and follow the normal permissions for role visibility.
-    #
-    # @param [Array<Conjur::Role, String>, String, Conjur::Role] roles role or or array of roles
-    #   roles whose relationships we're interested in
-    # @param [Hash] options options for the request
-    # @option options [Boolean] :ancestors Whether to return ancestors ("roles that your role has") of the given roles (true by default)
-    # @option options [Boolean] :descendants Whether to return descendants ("roles that have your role") of the given roles (true by default)
-    # @option options [Conjur::Role, String] :as_role Only roles visible to this role will be included in the graph
-    # @return [Conjur::Graph] An object representing the role memberships digraph
-    def role_graph roles, options = {}
-      roles = [roles] unless roles.kind_of? Array
-      roles.map!{|r| normalize_roleid(r) }
-      options[:as_role] = normalize_roleid(options[:as_role]) if options.include?(:as_role)
-      options.reverse_merge! as_role: normalize_roleid(current_role), descendants: true, ancestors: true
-
-      query = {from_role: options.delete(:as_role)}
-        .merge(options.slice(:ancestors, :descendants))
-        .merge(roles: roles).to_query
-      Conjur::Graph.new RestClient::Resource.new(Conjur::Authz::API.host, credentials)["#{Conjur.account}/roles?#{query}"].get
-    end
-
-    # Create a {Conjur::Role} with the given id.
-    #
-    # ### Permissions
-    # * All Conjur roles can create new roles.
-    # * The creator role (either the current role or the role given by the `:acting_as` option)
-    #   is made a member of the new role.  The new role is also made a member of itself.
-    # * If you give an `:acting_as` option, you must be a (transitive) member of the `:acting_as`
-    #   role.
-    # * The new role is granted to the creator role with *admin option*: that is, the creator role
-    #   is able to grant the created role to other roles.
-    #
-    # @example Basic role creation
-    #   # Current role is 'user:jon', assume the organizational account is 'conjur'
-    #    api.current_role # => 'conjur:user:jon'
-    #
-    #   # Create a Conjur actor to control the permissions of a chron job (rebuild_indices)
-    #   role = api.create_role 'robot:rebuild_indices'
-    #   role.role_id # => "conjur:robot:rebuild_indices"
-    #   role.members.map{ |grant| grant.member.role_id } # => ['conjur:user:jon', 'conjur:robot:rebuild_indices']
-    #   api.role('user:jon').admin_of?(role) # => true
-    #
-    #
-    # @param [String] role a qualified role identifier for the new role
-    # @param [Hash] options options for the action
-    # @option options [String] :acting_as the resource will effectively be created by this role
-    # @return [Conjur::Role] the created role
-    # @raise [RestClient::MethodNotAllowed] if the role already exists.  Note that this differs from
-    #   the `RestClient::Conflict` exception raised when trying to create existing high level (user, group, etc.)
-    #   Conjur assets.
-    def create_role(role, options = {})
-      role(role).tap do |r|
-        r.create(options)
-      end
-    end
+    #@!group Roles
 
     # Return a {Conjur::Role} representing a role with the given id.  Note that the {Conjur::Role} may or
     # may not exist (see {Conjur::Exists#exists?}).
     #
     # ### Permissions
+    #
     # Because this method returns roles that may or may not exist, it doesn't require any permissions to call it:
     # in fact, it does not perform an HTTP request (except for authentication if necessary).
     #
     # @example Create and show a role
-    #   api.create_role 'cat:iggy'
     #   iggy = api.role 'cat:iggy'
     #   iggy.exists? # true
-    #   iggy.members.map(&:member).map(&:roleid) # => ['conjur:user:admin']
-    #   api.current_role.roleid # => 'conjur:user:admin' # creator role is a member of created role.
+    #   iggy.members.map(&:member).map(&:id) # => ['conjur:user:admin']
+    #   api.current_role.id # => 'conjur:user:admin' # creator role is a member of created role.
     #
     # @example No permissions are required to call this method
     #   api.current_role # => "user:no-access"
@@ -105,70 +49,49 @@ module Conjur
     #   admin.exists? # => true
     #   admin.members # => RestClient::Forbidden: 403 Forbidden
     #
-    # @param [String] role the id of the role, which must contain at least kind and id tokens (account is optional).
+    # @param id [String] a fully qualified role identifier
     # @return [Conjur::Role] an object representing the role
-    def role role
-      Role.new(Conjur::Authz::API.host, credentials)[self.class.parse_role_id(role).join('/')]
+    def role id
+      build_object id, default_class: Role
     end
 
-    # Return a {Conjur::Role} object representing the role (typically a user or host) that this api is authenticated
+    # Return a {Conjur::Role} object representing the role (typically a user or host) that this API instance is authenticated
     # as.  This is derived either from the `login` argument to {Conjur::API.new_from_key} or from the contents of the
-    # `token` given to {Conjur::API.new_from_token}.
+    # `token` given to {Conjur::API.new_from_token} or {Conjur::API.new_from_token_file}.
     #
     # @example Current role for a user
     #   api = Conjur::API.new_from_key 'jon', 'somepassword'
-    #   api.current_role.roleid # => 'conjur:user:jon'
+    #   api.current_role.id # => 'conjur:user:jon'
     #
     # @example Current role for a host
     #   host = api.create_host id: 'exapmle-host'
     #
     #   # Host and User have an `api` method that returns an api with their credentials.  Note
     #   # that this only works with a newly created host or user, which has an `api_key` attribute.
-    #   host.api.current_role.roleid # => 'conjur:host:example-host'
+    #   host.api.current_role.id # => 'conjur:host:example-host'
     #
+    # @param [String] account the organization account 
     # @return [Conjur::Role] the authenticated role for this API instance
-    def current_role
-      role_from_username username
+    def current_role account
+      self.class.role_from_username self, username, account
     end
 
     #@!endgroup
 
-    # @api private
-    #
-    # Get a Role instance from a username or host id
-    # @param [String] username the username or host id
-    # @return [Conjur::Role]
-    def role_from_username username
-      role(role_name_from_username username)
-    end
-
-    # @api private
-    #
-    # Convert a username or host id to a role identifier.
-    # This handles conversion of logins like 'host/foo' to 'host:foo'
-    # @param [String] username the user name or host id
-    # @return [String] A full role id for the user or host
-    def role_name_from_username username = self.username
-      tokens = username.split('/')
-      if tokens.size == 1
-        [ 'user', username ].join(':')
-      else
-        [ tokens[0], tokens[1..-1].join('/') ].join(':')
+    class << self
+      # @api private
+      def role_from_username api, username, account
+        api.role role_name_from_username(username, account)
       end
-    end
-
-    private
 
-    # @api  private
-    # Use of this method is deprecated in favor of Conjur::Cast#cast
-    # @deprecated
-    # @param [String, Conjur::Role] role object to extract a role id from
-    # @return [String] the role id
-    def normalize_roleid role
-      case role
-        when String then role
-        when Role then role.roleid
-          else raise "Can't normalize #{role}@#{role.class}"
+      # @api private
+      def role_name_from_username username, account
+        tokens = username.split('/')
+        if tokens.size == 1
+          [ account, 'user', username ].join(':')
+        else
+          [ account, tokens[0], tokens[1..-1].join('/') ].join(':')
+        end
       end
     end
   end

data/lib/conjur/api/variables.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2013 Conjur Inc
+# Copyright 2013-2017 Conjur Inc
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy of
 # this software and associated documentation files (the "Software"), to deal in
@@ -22,54 +22,8 @@ require 'conjur/variable'
 
 module Conjur
   class API
-    #@!group Directory: Variables
-
-    # Create a {http://developer.conjur.net/reference/services/directory/variable Conjur Variable}.
-    # See {Conjur::Variable} for operations on Conjur variables.
-    #
-    # ### Permissions
-    # Any authenticated role may call this method
-    #
-    # @example Create a variable to store a database connection string
-    #   db_uri = "mysql://username:password@mysql.somehost.com/mydb"
-    #   var = api.create_variable 'text/plain', 'mysql-connection-string', id: 'production/mysql/uri'
-    #   var.add_value db_uri
-    #
-    #   # Alternatively, we could have done this:
-    #   var = api.create_variable 'text/plain', 'mysql-connection-string',
-    #         id: 'production/mysql/uri',
-    #         value: db_uri
-    #
-    # @example Create a variable with a unique random id
-    #   var = api.create_variable 'text/plain', 'secret'
-    #   var.id # => 'kngeqg'
-    #
-    # @param [String] mime_type MIME type for the variable value, used to set the `"Content-Type"`header
-    #   when serving the variable's value.  Must be non-empty.
-    # @param [String] kind user defined `kind` for the variable.  This is useful as a simple way to document
-    #   the variable's purpose.  Must be non-empty
-    # @param [Hash] options options for the new variable
-    # @option options [String] :id specify an id for the new variable. Must be non-empty.
-    # @option options [String] :value specify an initial value for the variable
-    # @return [Conjur::Variable] an object representing the new variable
-    # @raise [RestClient::Conflict] if you give an `:id` option and the variable already exists
-    # @raise [RestClient::UnprocessableEntity] if `mime_type`, `kind`, or `options[:id]` is the empty string.
-    def create_variable(mime_type, kind, options = {})
-      standard_create Conjur::Core::API.host, :variable, nil, options.merge(mime_type: mime_type, kind: kind)
-    end
-
-    # Retrieve an object representing a {http://developer.conjur.net/reference/services/directory/variable Conjur Variable}.
-    # The {Conjur::Variable} returned may or may not exist, and
-    # your permissions on the corresponding resource determine the operations you can perform on it.
-    #
-    # ### Permissions
-    # Any authenticated role can call this method.
-    #
-    # @param [String] id the unqualified id of the variable
-    # @return [Conjur::Variable] and object representing the variable.
-    def variable id
-      standard_show Conjur::Core::API.host, :variable, id
-    end
+  
+    #@!group Variables
 
     # Fetch the values of a list of variables.  This operation is more efficient than fetching the
     # values one by one.
@@ -79,56 +33,33 @@ module Conjur
     #   * You have permission to `'execute'` all of the variables
     #
     # @example Fetch multiple variable values
-    #   values = variable_values ['postgres_uri', 'aws_secret_access_key', 'aws_access_key_id']
+    #   values = variable_values ['myorg:variable:postgres_uri', 'myorg:variable:aws_secret_access_key', 'myorg:variable:aws_access_key_id']
     #   values # =>
     #   {
-    #      "postgres_uri" => "postgres://..."
-    #      "aws_secret_access_key" => "..."
-    #      "aws_access_key_id" => "..."
+    #      "postgres://...",
+    #      "the-secret-key",
+    #      "the-access-key-id"
     #   }
-    #
+    # 
     # This method is used to implement the {http://developer.conjur.net/reference/tools/utilities/conjurenv `conjur env`}
     # commands.  You may consider using that instead to run your program in an environment with the necessary secrets.
     #
-    # @param [Array<String>] varlist list of variable ids to fetch
-    # @return [Hash] a hash mapping variable ids to variable values
+    # @param [Array<String>] variable_ids list of variable ids to fetch
+    # @return [Array<String>] a list of variable values corresponding to the variable ids.
     # @raise [RestClient::Forbidden, RestClient::ResourceNotFound] if any of the variables don't exist or aren't accessible.
-    def variable_values(varlist)
-      raise ArgumentError, "Variables list must be an array" unless varlist.kind_of? Array 
-      raise ArgumentError, "Variables list is empty" if varlist.empty?
-      opts = "?vars=#{varlist.map { |v| fully_escape(v) }.join(',')}"
-      begin 
-        resp = RestClient::Resource.new(Conjur::Core::API.host, self.credentials)['variables/values'+opts].get
-        return JSON.parse( resp.body ) 
-      rescue RestClient::ResourceNotFound 
-        return Hash[ *varlist.map { |v| [ v, variable(v).value ]  }.flatten ]  
-      end
+    def variable_values variable_ids
+      raise ArgumentError, "Variables list must be an array" unless variable_ids.kind_of? Array 
+      raise ArgumentError, "Variables list is empty" if variable_ids.empty?
+      
+      opts = "?variable_ids=#{variable_ids.map { |v| fully_escape(v) }.join(',')}"
+      
+      response =
+        RestClient::Resource.
+          new(Conjur.configuration.core_url,credentials)['secrets'+opts].get
+      
+      return JSON.parse(response.body) 
     end
-
-    # Fetch all visible variables that expire within the given
-    # interval (relative to the current time on the Conjur Server). If
-    # no interval is specifed, all variables that are set to expire
-    # will be returned.
-    #
-    # interval should either be a String containing an ISO8601
-    # duration, or it should implement #to_i to return a number of
-    # seconds.
-    #
-    # @example Use an ISO8601 duration to return variables expiring in the next month
-    #   expirations = api.variable_expirations('P1M')
-    #
-    # @example Use ActiveSupport to return variables expiring in the next month
-    #   require 'active_support/all'
-    #   expirations = api.variable_expirations(1.month)
-
-    # param interval a String containing an ISO8601 duration , or a number of seconds 
-    # return [Hash] variable expirations that occur within the interval
-    def variable_expirations(interval = nil)
-      duration = interval.try { |i| i.respond_to?(:to_str) ? i : "PT#{i.to_i}S" }
-      params = {}.tap { |p| p.merge!({:params => {:duration => duration }}) if duration }
-      JSON.parse(RestClient::Resource.new(Conjur::Core::API.host, self.credentials)['variables/expirations'].get(params).body)
-    end
-
+    
     #@!endgroup
   end
 end

data/lib/conjur/api.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2013 Conjur Inc
+# Copyright 2013-2017 Conjur Inc
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy of
 # this software and associated documentation files (the "Software"), to deal in
@@ -21,36 +21,36 @@
 require 'active_support'
 require 'active_support/deprecation'
 
-require 'conjur/cast'
 require 'conjur/configuration'
-require 'conjur/env'
+require 'conjur/id'
 require 'conjur/base'
 require 'conjur/exceptions'
-require 'conjur/build_from_response'
+require 'conjur/build_object'
+require 'conjur/base_object'
 require 'conjur/acts_as_resource'
 require 'conjur/acts_as_role'
+require 'conjur/acts_as_rolsource'
 require 'conjur/acts_as_user'
 require 'conjur/log_source'
 require 'conjur/has_attributes'
-require 'conjur/has_identifier'
-require 'conjur/has_id'
-require 'conjur/acts_as_asset'
-require 'conjur/authn-api'
-require 'conjur/authz-api'
-require 'conjur/audit-api'
-require 'conjur/core-api'
-require 'conjur/layer-api'
-require 'conjur/pubkeys-api'
-require 'conjur/host-factory-api'
-require 'conjur/bootstrap'
+require 'conjur/api/authn'
+require 'conjur/api/roles'
+require 'conjur/api/resources'
+require 'conjur/api/pubkeys'
+require 'conjur/api/variables'
+require 'conjur/api/policies'
+require 'conjur/api/host_factories'
+require 'conjur/host'
+require 'conjur/group'
+require 'conjur/variable'
+require 'conjur/layer'
 require 'conjur/cache'
 require 'conjur-api/version'
-require 'conjur/api/info'
-require 'conjur/api/ldapsync'
 
 # Monkey patch RestClient::Request so it always uses
 # :ssl_cert_store. (RestClient::Resource uses Request to send
 # requests, so it sees :ssl_cert_store, too).
+# @api private
 class RestClient::Request
   alias_method :initialize_without_defaults, :initialize
 
@@ -63,24 +63,12 @@ class RestClient::Request
   def initialize args
     initialize_without_defaults default_args.merge(args)
   end
-
 end
 
-
+# @api private
 class RestClient::Resource
   include Conjur::Escape
   include Conjur::LogSource
-  include Conjur::Cast
-  extend  Conjur::BuildFromResponse
-
-  # @api private
-  # @deprecated
-  # The account used by the core service.  This  is deprecated in favor of {Conjur.account} and
-  # {Conjur::Configuration#account}.
-  # @return [String] the core account
-  def core_conjur_account
-    Conjur::Core::API.conjur_account
-  end
 
   # @api private
   # This method exists so that all {RestClient::Resource}s support JSON serialization.  It returns an
@@ -98,10 +86,7 @@ class RestClient::Resource
   #
   # @return {Conjur::API} the new api
   def conjur_api
-    api = Conjur::API.new_from_token token, remote_ip
-    api = api.with_privilege(conjur_privilege) if conjur_privilege
-    api = api.with_audit_roles(audit_roles) if audit_roles
-    api = api.with_audit_resources(audit_resources) if audit_resources
+    api = Conjur::API.new_from_token token, remote_ip: remote_ip
     api
   end
 
@@ -126,18 +111,6 @@ class RestClient::Resource
     options[:headers][:x_forwarded_for]
   end
 
-  def conjur_privilege
-    options[:headers][:x_conjur_privilege]
-  end
-
-  def audit_roles
-    options[:headers][:conjur_audit_roles].try { |r| Conjur::API.decode_audit_ids(r) }
-  end
-
-  def audit_resources
-    options[:headers][:conjur_audit_resources].try { |r| Conjur::API.decode_audit_ids(r) }
-  end
-
   # The username this resource authenticates as.
   #
   # @return [String] the username