conjur-api 5.3.0 → 5.3.1

data/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Latest
 
+# v5.3.1
+
+* Updates URI path parameter escaping to consistently encode resource ids
+
 # v5.3.0
 
 * Add `Conjur::API.ldap_sync_policy` for fetching the LDAP sync policy.

data/README.md

@@ -1,6 +1,6 @@
 # Conjur::API
 
-Programmatic Ruby access to the Conjur API. 
+Programmatic Ruby access to the Conjur API.
 
 RDocs are available from the through the [Ruby Gem details page](https://rubygems.org/gems/conjur-api)
 
@@ -220,6 +220,24 @@ To bring it down, run:
 $ docker-compose down
 ```
 
+# Releasing
+Releasing a new version of this Gem involves a two step process:
+1. Tag and Release (using `bin/release`)
+2. Approving the push to RubyGems in Jenkins
+
+Before releasing, make sure:
+- The version file (`lib/conjur-api/version.rb`) has been updated with an appropriate Semantic version number.
+- The `CHANGELOG.md` file has been updated to reflect the release version and appropriate release notes.
+
+Save, but do not commit these the changes above. When your ready to release, run the following:
+```sh
+$ bin/release
+```
+
+Navigate to Jenkins, and approve: https://jenkins.conjur.net/job/cyberark--conjur-api-ruby/job/master/.
+
+Finally, verify that the new library is present in RubyGems: https://rubygems.org/gems/conjur-api
+
 # Contributing
 
 1. Fork it

data/lib/conjur-api/version.rb

@@ -19,6 +19,6 @@
 
 module Conjur
   class API
-    VERSION = "5.3.0"
+    VERSION = "5.3.1"
   end
 end

data/lib/conjur/acts_as_role.rb

@@ -1,23 +1,19 @@
+# frozen_string_literal: true
+
+# Copyright 2013-2018 CyberArk Ltd.
 #
-# Copyright 2013-2017 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
 #
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#   http://www.apache.org/licenses/LICENSE-2.0
 #
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 module Conjur
 
   # This module provides methods for things that have an associated {Conjur::Role}.
@@ -100,7 +96,7 @@ module Conjur
       end
       if filter = options.delete(:filter)
         filter = [filter] unless filter.is_a?(Array)
-        options["filter"] = filter.map{ |obj| cast_to_id(obj) }
+        options["filter"] = filter.map(&Id.method(:new))
       end
 
       result = JSON.parse(rbac_role_resource[options_querystring options].get)
@@ -143,4 +139,4 @@ module Conjur
       url_for(:roles_role, credentials, id)    
     end
   end
-end
+end

data/lib/conjur/api/host_factories.rb

@@ -1,23 +1,19 @@
+# frozen_string_literal: true
+
+# Copyright 2013-2018 CyberArk Ltd.
 #
-# Copyright 2013-2017 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
 #
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#   http://www.apache.org/licenses/LICENSE-2.0
 #
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 require 'conjur/host_factory'
 
 module Conjur
@@ -40,9 +36,14 @@ module Conjur
       # @return [Host]
       def host_factory_create_host token, id, options = {}
         token = token.token if token.is_a?(HostFactoryToken)
-        response = url_for(:host_factory_create_host, token).post(options.merge(id: id)).body
+        response = url_for(:host_factory_create_host, token)
+          .post(options.merge(id: id)).body
+
         attributes = JSON.parse(response)
-        Host.new(attributes['id'], {}).tap do |host|
+        # in v4 'id' is just the identifier
+        host_id = attributes['roleid'] || attributes['id']
+
+        Host.new(host_id, {}).tap do |host|
           host.attributes = attributes
         end
       end

data/lib/conjur/api/resources.rb

@@ -1,23 +1,19 @@
+# frozen_string_literal: true
+
+# Copyright 2013-2018 CyberArk Ltd.
 #
-# Copyright 2013-2017 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
 #
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#   http://www.apache.org/licenses/LICENSE-2.0
 #
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 require 'conjur/resource'
 
 module Conjur
@@ -27,8 +23,8 @@ module Conjur
     
     #@!group Resources
 
-    # Find a resource by it's id.  The id given to this method must be qualified by a kind, but the account is
-    # optional.
+    # Find a resource by its id.
+    # @note The id given to this method must be fully qualified.
     #
     # ### Permissions
     #

data/lib/conjur/api/router/v5.rb

@@ -1,10 +1,25 @@
+# frozen_string_literal: true
+
+# Copyright 2017-2018 CyberArk Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 module Conjur
   class API
     module Router
       module V5
         extend Conjur::Escape::ClassMethods
         extend Conjur::QueryString
-        extend Conjur::Cast
         extend self
 
         def authn_login account, username, password
@@ -28,7 +43,7 @@ module Conjur
         end
 
         def authn_rotate_api_key credentials, account, id
-          RestClient::Resource.new(Conjur.configuration.core_url, credentials)['authn'][path_escape account]["api_key?role=#{id}"]
+          RestClient::Resource.new(Conjur.configuration.core_url, credentials)['authn'][fully_escape account]["api_key?role=#{id}"]
         end
 
         def authn_rotate_own_api_key account, username, password
@@ -51,18 +66,18 @@ module Conjur
         end
 
         def policies_load_policy credentials, account, id
-          RestClient::Resource.new(Conjur.configuration.core_url, credentials)['policies'][path_escape account]['policy'][path_escape id]
+          RestClient::Resource.new(Conjur.configuration.core_url, credentials)['policies'][fully_escape account]['policy'][fully_escape id]
         end
 
         def public_keys_for_user account, username
-          RestClient::Resource.new(Conjur.configuration.core_url)['public_keys'][fully_escape account]['user'][path_escape username]
+          RestClient::Resource.new(Conjur.configuration.core_url)['public_keys'][fully_escape account]['user'][fully_escape username]
         end
 
         def resources credentials, account, kind, options
           credentials ||= {}
 
-          path = "/resources/#{path_escape account}" 
-          path += "/#{path_escape kind}" if kind
+          path = "/resources/#{fully_escape account}"
+          path += "/#{fully_escape kind}" if kind
 
           RestClient::Resource.new(Conjur.configuration.core_url, credentials)[path][options_querystring options]
         end
@@ -82,7 +97,7 @@ module Conjur
           options = {}
           options[:check] = true
           options[:privilege] = privilege
-          options[:role] = path_escape(cast_to_id(role)) if role
+          options[:role] = query_escape(Id.new(role)) if role
           resources_resource(credentials, id)[options_querystring options].get
         end
 

data/lib/conjur/base_object.rb

@@ -1,28 +1,21 @@
+# frozen_string_literal: true
+
+# Copyright 2013-2018 CyberArk Ltd.
 #
-# Copyright 2013-2017 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
 #
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#   http://www.apache.org/licenses/LICENSE-2.0
 #
-require 'conjur/cast'
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 
 module Conjur
   class BaseObject
-    include Cast
     include QueryString
     include LogSource
     include BuildObject
@@ -31,7 +24,7 @@ module Conjur
     attr_reader :id, :credentials
     
     def initialize id, credentials
-      @id = cast_to_id(id)
+      @id = Id.new id
       @credentials = credentials
     end
 

data/lib/conjur/build_object.rb

@@ -1,37 +1,30 @@
+# frozen_string_literal: true
+
+# Copyright 2013-2018 CyberArk Ltd.
 #
-# Copyright 2013-2017 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
 #
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#   http://www.apache.org/licenses/LICENSE-2.0
 #
-require 'conjur/cast'
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 
 module Conjur
   module BuildObject
     def self.included base
       base.module_eval do
-        extend Cast
         extend ClassMethods
       end
     end
 
     module ClassMethods
       def build_object id, credentials, default_class:
-        id = cast_to_id(id)
+        id = Id.new id
         class_name = id.kind.classify.to_sym
         find_class(class_name, default_class)
           .new(id, credentials)

data/lib/conjur/id.rb

@@ -1,23 +1,19 @@
+# frozen_string_literal: true
+
+# Copyright 2013-2018 CyberArk Ltd.
 #
-# Copyright 2013-2017 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
 #
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#   http://www.apache.org/licenses/LICENSE-2.0
 #
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 require 'conjur/escape'
 
 module Conjur
@@ -28,7 +24,7 @@ module Conjur
     attr_reader :id
 
     def initialize id
-      @id = id
+      @id = Id.normalize id
     end
 
     # The organization account, obtained from the first component of the id.
@@ -56,7 +52,7 @@ module Conjur
     # Splits the id into 3 components, and then joins them with a forward-slash `/`.
     def to_url_path
       id.split(':', 3)
-        .map(&method(:path_escape))
+        .map(&method(:fully_escape))
         .join('/')
     end
     
@@ -64,5 +60,12 @@ module Conjur
     def to_s
       id
     end
+
+    def self.normalize id
+      Array(id).join(':').tap do |id|
+        raise ArgumentError, "id must be fully qualified: #{id}" \
+          unless id =~ /.*:.*:.*/
+      end
+    end
   end
 end

data/lib/conjur/role_grant.rb

@@ -1,23 +1,19 @@
+# frozen_string_literal: true
+
+# Copyright 2013-2018 CyberArk Ltd.
 #
-# Copyright 2013-2017 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
 #
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#   http://www.apache.org/licenses/LICENSE-2.0
 #
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 module Conjur
   # Represents the membership of a role. `RoleGrant`s are returned
   # by {ActsAsRole#members} and represent members of the role on which the method was invoked.
@@ -28,7 +24,6 @@ module Conjur
   #
   class RoleGrant
     extend BuildObject::ClassMethods
-    extend Cast
 
     # The role which was granted.
     # @return [Conjur::Role]