conjur-api 5.3.1 → 5.3.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c69b83e45b2a9d77d8ca416e581048574d19e42d540e01883ebadb0b3e70db7d
4
- data.tar.gz: 735da4d3e1d375143b32bc6defa28d3247c90f66809170ba38ff2ae4d8da71a5
3
+ metadata.gz: 184486b0770526d9426247e1d6add16572cc73791a160bc828265ea39f01e288
4
+ data.tar.gz: 35f3aae54507b549c5c43e7b66034eff28ab4ed331574c4f80301c32c6c42070
5
5
  SHA512:
6
- metadata.gz: fbfb72a8fff290174df1e4b43e3119e52f4e45dec82855d16ba246a56f029c9c11ebb2e54d7dbd938dad0a9c2c00021bcc8bfb3207ed758e2476a22a065a5a8f
7
- data.tar.gz: f113611c6bbb6e9ba8dea768794e7cc02d3907873bf816685bbd3380c0184cbb76eb51268d0ca90d326cd1a6977a6eea6ac258578f48167d8490c4b55ce4e6db
6
+ metadata.gz: b289c3c2e41af4e7847d08b0a7229df9d9a96a2ef1c981ad6ac69bc1db588f99e4f63467152678d34f55c37eeb2ae30daf7ed55f39eb8e3ec9630b1749af6509
7
+ data.tar.gz: 0a3aba01a8046572a9a1dfea88a71c250727731e2df836f2a262c70a08514dde2b8281c544feb55243fd081f9da0dabf13ecaa7a99bf5d7adf86c0ed1fc7d370
@@ -1,8 +1,10 @@
1
1
  plugins:
2
2
  rubocop:
3
3
  enabled: true
4
- channel: rubocop-0-58
4
+ channel: rubocop-0-76
5
5
  reek:
6
6
  enabled: true
7
7
  brakeman:
8
+ enabled: false
9
+ shellcheck:
8
10
  enabled: true
@@ -0,0 +1,27 @@
1
+ ---
2
+ name: Bug
3
+ about: Create a bug report to help us improve
4
+ title: ''
5
+ labels: component/api/ruby, kind/bug
6
+ assignees: ''
7
+
8
+ ---
9
+
10
+ ## Summary
11
+ A clear and concise description of what the bug is.
12
+
13
+ ## Steps to Reproduce
14
+ Steps to reproduce the behavior:
15
+ 1. Go to '...'
16
+ 2. Click on '....'
17
+ 3. Scroll down to '....'
18
+ 4. See error
19
+
20
+ ## Expected Results
21
+ A clear and concise description of what you expected to happen.
22
+
23
+ ## Actual Results (including error logs, if applicable)
24
+ A clear and concise description of what actually did happen.
25
+
26
+ ## Additional Information
27
+ Add any other context about the problem here.
@@ -0,0 +1,27 @@
1
+ ---
2
+ name: Feature request
3
+ about: Suggest an idea for this project
4
+ title: ''
5
+ labels: kind/enhancement, component/api/ruby
6
+ assignees: ''
7
+
8
+ ---
9
+
10
+ ## Is your feature request related to a problem? Please describe.
11
+
12
+ A clear and concise description of what the problem is. Ex. `I would like to see [...] because [...]`.
13
+ Please include the intended use case and what the feature would improve on so that we can prioritize
14
+ the feature accordingly.
15
+
16
+ ## Describe the solution you would like
17
+
18
+ A clear and concise description of what the desired end result(s) would be.
19
+
20
+ ## Describe alternatives you have considered
21
+
22
+ A clear and concise description of any alternative solutions or features that may be related to this that
23
+ you have considered.
24
+
25
+ ## Additional context
26
+
27
+ Add any other context information about the feature request here.
data/.gitignore CHANGED
@@ -12,6 +12,7 @@ Gemfile.lock
12
12
  InstalledFiles
13
13
  _yardoc
14
14
  coverage
15
+ coverage_v4
15
16
  doc/
16
17
  lib/bundler/man
17
18
  pkg
@@ -0,0 +1,219 @@
1
+ title = "Secretless Broker gitleaks config"
2
+
3
+ # This is the config file for gitleaks. You can configure gitleaks what to search for and what to whitelist.
4
+ # If GITLEAKS_CONFIG environment variable
5
+ # is set, gitleaks will load configurations from that path. If option --config-path is set, gitleaks will load
6
+ # configurations from that path. Gitleaks does not whitelist anything by default.
7
+ # - https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf
8
+ # - https://github.com/dxa4481/truffleHogRegexes/blob/master/truffleHogRegexes/regexes.json
9
+ [[rules]]
10
+ description = "AWS Client ID"
11
+ regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
12
+ tags = ["key", "AWS"]
13
+
14
+ [[rules]]
15
+ description = "AWS Secret Key"
16
+ regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
17
+ tags = ["key", "AWS"]
18
+
19
+ [[rules]]
20
+ description = "AWS MWS key"
21
+ regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
22
+ tags = ["key", "AWS", "MWS"]
23
+
24
+ [[rules]]
25
+ description = "PKCS8"
26
+ regex = '''-----BEGIN PRIVATE KEY-----'''
27
+ tags = ["key", "PKCS8"]
28
+
29
+ [[rules]]
30
+ description = "RSA"
31
+ regex = '''-----BEGIN RSA PRIVATE KEY-----'''
32
+ tags = ["key", "RSA"]
33
+
34
+ [[rules]]
35
+ description = "SSH"
36
+ regex = '''-----BEGIN OPENSSH PRIVATE KEY-----'''
37
+ tags = ["key", "SSH"]
38
+
39
+ [[rules]]
40
+ description = "PGP"
41
+ regex = '''-----BEGIN PGP PRIVATE KEY BLOCK-----'''
42
+ tags = ["key", "PGP"]
43
+
44
+ [[rules]]
45
+ description = "Facebook Secret Key"
46
+ regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
47
+ tags = ["key", "Facebook"]
48
+
49
+ [[rules]]
50
+ description = "Facebook Client ID"
51
+ regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
52
+ tags = ["key", "Facebook"]
53
+
54
+ [[rules]]
55
+ description = "Facebook access token"
56
+ regex = '''EAACEdEose0cBA[0-9A-Za-z]+'''
57
+ tags = ["key", "Facebook"]
58
+
59
+ [[rules]]
60
+ description = "Twitter Secret Key"
61
+ regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]'''
62
+ tags = ["key", "Twitter"]
63
+
64
+ [[rules]]
65
+ description = "Twitter Client ID"
66
+ regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]'''
67
+ tags = ["client", "Twitter"]
68
+
69
+ [[rules]]
70
+ description = "Github"
71
+ regex = '''(?i)github(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}['\"]'''
72
+ tags = ["key", "Github"]
73
+
74
+ [[rules]]
75
+ description = "LinkedIn Client ID"
76
+ regex = '''(?i)linkedin(.{0,20})?(?-i)['\"][0-9a-z]{12}['\"]'''
77
+ tags = ["client", "Twitter"]
78
+
79
+ [[rules]]
80
+ description = "LinkedIn Secret Key"
81
+ regex = '''(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]'''
82
+ tags = ["secret", "Twitter"]
83
+
84
+ [[rules]]
85
+ description = "Slack"
86
+ regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
87
+ tags = ["key", "Slack"]
88
+
89
+ [[rules]]
90
+ description = "EC"
91
+ regex = '''-----BEGIN EC PRIVATE KEY-----'''
92
+ tags = ["key", "EC"]
93
+
94
+ [[rules]]
95
+ description = "Generic API key"
96
+ regex = '''(?i)(api_key|apikey)(.{0,20})?['|"][0-9a-zA-Z]{32,45}['|"]'''
97
+ tags = ["key", "API", "generic"]
98
+
99
+ [[rules]]
100
+ description = "Generic Secret"
101
+ regex = '''(?i)secret(.{0,20})?['|"][0-9a-zA-Z]{32,45}['|"]'''
102
+ tags = ["key", "Secret", "generic"]
103
+
104
+ [[rules]]
105
+ description = "Google API key"
106
+ regex = '''AIza[0-9A-Za-z\\-_]{35}'''
107
+ tags = ["key", "Google"]
108
+
109
+ [[rules]]
110
+ description = "Google Cloud Platform API key"
111
+ regex = '''(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"][AIza[0-9a-z\\-_]{35}]['\"]'''
112
+ tags = ["key", "Google", "GCP"]
113
+
114
+ [[rules]]
115
+ description = "Google OAuth"
116
+ regex = '''(?i)(google|gcp|auth)(.{0,20})?['"][0-9]+-[0-9a-z_]{32}\.apps\.googleusercontent\.com['"]'''
117
+ tags = ["key", "Google", "OAuth"]
118
+
119
+ [[rules]]
120
+ description = "Google OAuth access token"
121
+ regex = '''ya29\.[0-9A-Za-z\-_]+'''
122
+ tags = ["key", "Google", "OAuth"]
123
+
124
+ [[rules]]
125
+ description = "Heroku API key"
126
+ regex = '''(?i)heroku(.{0,20})?['"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"]'''
127
+ tags = ["key", "Heroku"]
128
+
129
+ [[rules]]
130
+ description = "MailChimp API key"
131
+ regex = '''(?i)(mailchimp|mc)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]'''
132
+ tags = ["key", "Mailchimp"]
133
+
134
+ [[rules]]
135
+ description = "Mailgun API key"
136
+ regex = '''(?i)(mailgun|mg)(.{0,20})?['"][0-9a-z]{32}['"]'''
137
+ tags = ["key", "Mailgun"]
138
+
139
+ [[rules]]
140
+ description = "Password in URL"
141
+ regex = '''[a-zA-Z]{3,10}:\/\/[^\/\s:@]{3,20}:[^\/\s:@]{3,20}@.{1,100}\/?.?'''
142
+ tags = ["key", "URL", "generic"]
143
+
144
+ [[rules]]
145
+ description = "PayPal Braintree access token"
146
+ regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
147
+ tags = ["key", "Paypal"]
148
+
149
+ [[rules]]
150
+ description = "Picatic API key"
151
+ regex = '''sk_live_[0-9a-z]{32}'''
152
+ tags = ["key", "Picatic"]
153
+
154
+ [[rules]]
155
+ description = "Slack Webhook"
156
+ regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'''
157
+ tags = ["key", "slack"]
158
+
159
+ [[rules]]
160
+ description = "Stripe API key"
161
+ regex = '''(?i)stripe(.{0,20})?['\"][sk|rk]_live_[0-9a-zA-Z]{24}'''
162
+ tags = ["key", "Stripe"]
163
+
164
+ [[rules]]
165
+ description = "Square access token"
166
+ regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
167
+ tags = ["key", "square"]
168
+
169
+ [[rules]]
170
+ description = "Square OAuth secret"
171
+ regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
172
+ tags = ["key", "square"]
173
+
174
+ [[rules]]
175
+ description = "Twilio API key"
176
+ regex = '''(?i)twilio(.{0,20})?['\"][0-9a-f]{32}['\"]'''
177
+ tags = ["key", "twilio"]
178
+
179
+ [whitelist]
180
+ files = [
181
+ # "(.*?)(jpg|gif|doc|pdf|bin)$",
182
+ ".gitleaks.toml",
183
+ "spec/ssl_spec.rb" # unit test file that has sample RSA key
184
+ ]
185
+ regexes = [
186
+ "mysql://username:password@mysql.somehost.com/mydb", # sample mysql connection string from code comment
187
+ "http://master:master@localhost", # sample URI in unit test data
188
+ "http://admin:%5E6feWZpr@localhost" # sample URI in unit test data
189
+ ]
190
+
191
+ # Additional Examples
192
+
193
+ # [[rules]]
194
+ # description = "Generic Key"
195
+ # regex = '''(?i)key(.{0,6})?(:|=|=>|:=)'''
196
+ # entropies = [
197
+ # "4.1-4.3",
198
+ # "5.5-6.3",
199
+ # ]
200
+ # entropyROI = "line"
201
+ # filetypes = [".go", ".py", ".c"]
202
+ # tags = ["key"]
203
+ # severity = "8"
204
+ #
205
+ #
206
+ # [[rules]]
207
+ # description = "Generic Key"
208
+ # regex = '''(?i)key(.{0,6})?(:|=|=>|:=)'''
209
+ # entropies = ["4.1-4.3"]
210
+ # filetypes = [".gee"]
211
+ # entropyROI = "line"
212
+ # tags = ["key"]
213
+ # severity = "medium"
214
+
215
+ # [[rules]]
216
+ # description = "Any pem file"
217
+ # filetypes = [".key"]
218
+ # tags = ["pem"]
219
+ # severity = "high"
@@ -63,9 +63,9 @@ Layout/EndAlignment:
63
63
  EnforcedStyleAlignWith: start_of_line
64
64
  Layout/ExtraSpacing:
65
65
  AllowForAlignment: false
66
- Layout/FirstParameterIndentation:
66
+ Layout/IndentFirstArgument:
67
67
  EnforcedStyle: consistent
68
- Layout/IndentHash:
68
+ Layout/IndentFirstHashElement:
69
69
  EnforcedStyle: consistent
70
70
  Layout/MultilineMethodCallIndentation:
71
71
  EnforcedStyle: indented
@@ -83,3 +83,4 @@ Metrics/BlockLength:
83
83
  - 'Rakefile'
84
84
  - '**/*.rake'
85
85
  - 'spec/**/*.rb'
86
+ - 'conjur-api.gemspec'
@@ -120,7 +120,7 @@ Layout/ExtraSpacing:
120
120
  # Cop supports --auto-correct.
121
121
  # Configuration parameters: EnforcedStyle, IndentationWidth.
122
122
  # SupportedStyles: consistent, consistent_relative_to_receiver, special_for_inner_method_call, special_for_inner_method_call_in_parentheses
123
- Layout/FirstParameterIndentation:
123
+ Layout/IndentFirstArgument:
124
124
  Exclude:
125
125
  - 'spec/ssl_spec.rb'
126
126
 
@@ -128,7 +128,7 @@ Layout/FirstParameterIndentation:
128
128
  # Cop supports --auto-correct.
129
129
  # Configuration parameters: EnforcedStyle, IndentationWidth.
130
130
  # SupportedStyles: special_inside_parentheses, consistent, align_brackets
131
- Layout/IndentArray:
131
+ Layout/IndentFirstArrayElement:
132
132
  Exclude:
133
133
  - 'spec/api_spec.rb'
134
134
 
@@ -1,227 +1,381 @@
1
- # Latest
1
+ # Changelog
2
+ All notable changes to this project will be documented in this file.
2
3
 
3
- # v5.3.1
4
+ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
5
+ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
4
6
 
5
- * Updates URI path parameter escaping to consistently encode resource ids
7
+ ## [Unreleased]
6
8
 
7
- # v5.3.0
9
+ ## 5.3.2 - 2018-09-24
10
+ ### Added
11
+ - Add `Conjur::API.authenticator_list`, `Conjur::API.authenticator_enable`, and
12
+ ``Conjur::API.authenticator_disable` to inspect and manage authenticator status.
8
13
 
9
- * Add `Conjur::API.ldap_sync_policy` for fetching the LDAP sync policy.
14
+ ## [5.3.1] - 2018-09-24
15
+ ### Added
16
+ - Updates URI path parameter escaping to consistently encode resource ids
10
17
 
11
- # v5.2.1
18
+ ## [5.3.0] - 2018-06-19
19
+ ### Added
20
+ - Add `Conjur::API.ldap_sync_policy` for fetching the LDAP sync policy.
12
21
 
13
- * Fix `Conjur::BuildObject#build_object` so it only tries to create
22
+ ## 5.2.1 - 0000-00-00
23
+ ### Fixed
24
+ - Fix `Conjur::BuildObject#build_object` so it only tries to create
14
25
  instances of objects for classes that inherit from BaseObject.
15
- * require `openssl` before using it.
16
26
 
17
- # v5.2.0
18
-
19
- * Adds support for the Role endpoint for searching and paging Role Members
20
- * Adds additional escaping to URL parameters on requests to handle special characters (e.g. spaces)
21
-
22
- # v5.1.0
23
-
24
- * Introduces backwards compatibility with Conjur 4.x for most API methods.
25
- * Adds the configuration setting `version`, which is auto-populated from the environment variable `CONJUR_VERSION`.
26
- * Adds support for the `authn-local` service, which can be used when the API client runs on the server.
27
-
28
- # v5.0.0
29
-
30
- * Provides compatibility with [cyberark/conjur](https://github.com/cyberark/conjur), Conjur 5 CE.
31
- * Changed license to Apache 2.0
32
-
33
- # v5.0.0-beta.4
34
-
35
- * Support for batch secret retrieval.
36
-
37
- # v5.0.0-beta.3
38
-
39
- * Removed hard dependency on older version of `rest-client` gem.
40
-
41
- # v5.0.0-beta.1
42
-
43
- * Migrated to be compatible with Conjur 5 API.
44
-
45
- # v4.31.0
46
-
47
- * Internal refactor to improve performance and facilitate caching.
48
-
49
- # v4.30.0
50
-
51
- The following enhancements require Conjur server 4.9.1.0 or later:
52
-
53
- * Supports filter and pagination of role-listing methods.
54
- * Supports non-recursive retrieval of role memberships.
55
- * Supports the +role+ field on `Conjur::RoleGrant`.
56
-
57
- On older server versions, the new options will be ignored by the server.
58
-
59
- # v4.29.2
60
-
61
- * `Conjur::API#resources` now supports `:owner` to retrieve all resources owned (directly or indirectly) by the indicated role. This capability has always been provided by the service, but was not exposed by the Ruby API.
62
-
63
- # v4.29.1
64
-
65
- * `Conjur::API#audit` now supports `:has_annotation` to retrieve audit events for resources annotated with the given name.
66
-
67
- # v4.29.0
68
-
69
- * Add `Conjur::API#new_from_token_file` to create an API instance from a file which contains an access token, which should be periodically updated by another process.
70
-
71
- # v4.28.2
72
-
73
- * Make sure certificate file is readable before trying to use it.
74
-
75
- # v4.28.1
76
-
77
- * `Conjur::API#ldap_sync_policy` now returns log events generated when
27
+ ### Added
28
+ - require `openssl` before using it.
29
+
30
+ ## 5.2.0 - 0000-00-00
31
+ ### Added
32
+ - Adds support for the Role endpoint for searching and paging Role Members
33
+ - Adds additional escaping to URL parameters on requests to handle special characters (e.g. spaces)
34
+
35
+ ## [5.1.0] - 2017-12-19
36
+ ### Added
37
+ - Introduces backwards compatibility with Conjur 4.x for most API methods.
38
+ - Adds the configuration setting `version`, which is auto-populated from the environment variable `CONJUR_VERSION`.
39
+ - Adds support for the `authn-local` service, which can be used when the API client runs on the server.
40
+
41
+ ## [5.0.0] - 2017-09-19
42
+ ### Added
43
+ - Provides compatibility with [cyberark/conjur](https://github.com/cyberark/conjur), Conjur 5 CE.
44
+
45
+ ### Changed
46
+ - Changed license to Apache 2.0
47
+ - *5.0.0-beta.4*
48
+ - - Support for batch secret retrieval.
49
+ - *v5.0.0-beta.3*
50
+ - - Removed hard dependency on older version of `rest-client` gem.
51
+ - *v5.0.0-beta.1*
52
+ - - Migrated to be compatible with Conjur 5 API.
53
+
54
+ ## [4.31.0] - 2017-03-27
55
+ ### Added
56
+ - Internal refactor to improve performance and facilitate caching.
57
+
58
+ ## [4.30.0] - 2017-03-07
59
+ ### Added
60
+ - The following enhancements require Conjur server 4.9.1.0 or later:
61
+ - Supports filter and pagination of role-listing methods.
62
+ - Supports non-recursive retrieval of role memberships.
63
+ - Supports the +role+ field on `Conjur::RoleGrant`.
64
+ - On older server versions, the new options will be ignored by the server.
65
+
66
+ ## [4.29.2] - 2017-02-22
67
+ ### Added
68
+ - `Conjur::API#resources` now supports `:owner` to retrieve all resources owned (directly or indirectly) by the indicated role. This capability has always been provided by the service, but was not exposed by the Ruby API.
69
+
70
+ ## 4.29.1 - 0000-00-00
71
+ ### Added
72
+ - `Conjur::API#audit` now supports `:has_annotation` to retrieve audit events for resources annotated with the given name.
73
+
74
+ ## [4.29.0] - 2017-02-01
75
+ ### Added
76
+ - Add `Conjur::API#new_from_token_file` to create an API instance from a file which contains an access token, which should be periodically updated by another process.
77
+
78
+ ## 4.28.2 - 0000-00-00
79
+ ### Added
80
+ - Make sure certificate file is readable before trying to use it.
81
+
82
+ ## [4.28.1] - 2016-11-30
83
+ ### Added
84
+ - `Conjur::API#ldap_sync_policy` now returns log events generated when
78
85
  showing a policy.
79
86
 
80
- # v4.28.0
81
-
82
- * Add `Conjur::API#ldap_sync_policy` to fetch the policy to use to
87
+ ## [4.28.0] - 2016-11-16
88
+ ### Added
89
+ - Add `Conjur::API#ldap_sync_policy` to fetch the policy to use to
83
90
  bring Conjur and the LDAP server into sync.
84
91
 
85
- * Remove `Conjur::API#ldap_sync_now` and `Conjur::API#ldap_sync_jobs`
86
-
87
- # v4.27.0
88
-
89
- * Add `Conjur::API#resources_permitted?"
92
+ ### Removed
93
+ - Remove `Conjur::API#ldap_sync_now` and `Conjur::API#ldap_sync_jobs`
90
94
 
91
- * `Conjur::API#ldap_sync_now` now accepts an options Hash which will
95
+ ## 4.27.0 - 0000-00-00
96
+ ### Added
97
+ - Add `Conjur::API#resources_permitted?"
98
+ - `Conjur::API#ldap_sync_now` now accepts an options Hash which will
92
99
  be passed on to the `/sync` entrypoint. The old argument list is
93
100
  maintained for backwards compatibility.
94
-
95
- * `Conjur::Api#resources` now supports `:has_annotation` for
101
+ - `Conjur::Api#resources` now supports `:has_annotation` for
96
102
  retrieving Conjur resources that have an annotation with the given
97
103
  name.
98
104
 
99
- # v4.26.0
100
-
101
- * expose admin_option in the role graph (only populated by Conjur 4.8 and later)
102
-
103
- # v4.25.1
105
+ ## [4.26.0] - 2016-07-01
106
+ ### Added
107
+ - expose admin_option in the role graph (only populated by Conjur 4.8 and later)
104
108
 
105
- * Fix token refresh when using `with_privilege`, `with_audit_roles`,
109
+ ## [4.25.1] - 2016-06-22
110
+ ### Fixed
111
+ - Fix token refresh when using `with_privilege`, `with_audit_roles`,
106
112
  and `with_audit_resources`.
107
113
 
108
- # v4.25.0
109
-
110
- * Add a workaround for a bug in Conjur <4.7 where long-running operations
114
+ ## [4.25.0] - 2016-06-17
115
+ ### Added
116
+ - Add a workaround for a bug in Conjur <4.7 where long-running operations
111
117
  (such as policy load) would sometimes fail with 404 after five minutes.
112
118
 
113
- # v4.24.1
114
-
115
- * Clarify the handling of the dry-run argument to `Conjur::API#ldap_sync_now`.
116
-
117
- # v4.24.0
119
+ ## [4.24.1] - 2016-06-10
120
+ ### Changed
121
+ - Clarify the handling of the dry-run argument to `Conjur::API#ldap_sync_now`.
118
122
 
119
- * Add `Conjur::API#ldap_sync_now` (requires Conjur 4.7 or later).
120
- * Don't trust the system clock and don't check token validity. Rely on the
121
- server to verify the token instead, and only try to refresh if enough time
122
- has passed locally (using monotonic clock for reference where available).
123
- * Don't try refreshing the token if the required credentials are not available.
123
+ ## [4.24.0] - 2016-05-24
124
+ ### Added
125
+ - Add `Conjur::API#ldap_sync_now` (requires Conjur 4.7 or later).
126
+ - Don't trust the system clock and don't check token validity. Rely on the server to verify the token instead, and only try to refresh if enough time has passed locally (using monotonic clock for reference where available).
127
+ - Don't try refreshing the token if the required credentials are not available.
124
128
 
125
- # v4.23.0
126
-
127
- * Add `with_audit_roles` and `with_audit_resources` to `Conjur::API`
129
+ ## [4.23.0] - 2016-04-22
130
+ ### Added
131
+ - Add `with_audit_roles` and `with_audit_resources` to `Conjur::API`
128
132
  to add additional roles and resources to audit records generated by
129
133
  requests
130
134
 
131
- * Fix encoding of spaces in some urls.
132
-
133
- # v4.22.1
134
-
135
- * `bootstrap` creates host and webservice `conjur/expiration`.
135
+ ### Fixed
136
+ - Fix encoding of spaces in some urls.
136
137
 
137
- # v4.22.0
138
+ ## [4.22.1] - 2016-04-13
139
+ ### Added
140
+ - `bootstrap` creates host and webservice `conjur/expiration`.
138
141
 
139
- * Add `show_expired` argument to `Conjur::Variable#value` to allow
142
+ ## [4.22.0] - 2016-03-08
143
+ ### Added
144
+ - Add `show_expired` argument to `Conjur::Variable#value` to allow
140
145
  retrieval of values of expired variables.
141
- * Properly assign ownership of bootstrap-created webservice resources to the `security_admin` group.
142
-
143
- # v4.21.0
144
-
145
- * Add extensible Bootstrap commands as API methods.
146
- * `bootstrap` grants `reveal` and `elevate` to the `security_admin` group.
147
- * `bootstrap` creates `webservice:authn-tv`.
148
- * `bootstrap` creates an `auditors` group and gives `reveal` privilege to it.
149
-
150
- # v4.20.1
151
-
152
- * BUGFIX: Better handling for unicode and special characters in user ids.
153
-
154
- # v4.20.0
155
-
156
- * Add support for Host Factory functionality (replaces conjur-asset-host-factory plugin).
157
- * Add support for sending audit events (replaces conjur-asset-audit-send plugin).
158
- * Add support for variable expiration. Variable expiration is available in version 4.6 of the Conjur server.
159
- * Add `Conjur::API` methods to querying service versions : `service_version`, `service_names`, `appliance_info`.
160
- * Add `Conjur::API` method for querying server health: `appliance_health(remote_host=nil)`
161
- * Support ISO8601 duration strings as arguments in variable expiration methods.
162
- * Add support for CIDR restrictions
163
-
164
- # v4.19.1
165
-
166
- * BUGFIX: Allow Configuration to parse several certs in a string
167
-
168
- # v4.19.0
169
-
170
- * Rename `sudo` to `elevate` throughout the spec and docstrings. This is an incompatible change, but it
171
- occurs before the Conjur 4.5 server that implements `elevate` is released.
172
-
173
- # v4.18.0
174
-
175
- * Add method `global_privilege_permitted?` to facilitate working with Conjur 4.5 global privileges.
146
+ - Properly assign ownership of bootstrap-created webservice resources to the `security_admin` group.
147
+
148
+ ## [4.21.0] - 2016-03-02
149
+ ### Added
150
+ - Add extensible Bootstrap commands as API methods.
151
+ - `bootstrap` grants `reveal` and `elevate` to the `security_admin` group.
152
+ - `bootstrap` creates `webservice:authn-tv`.
153
+ - `bootstrap` creates an `auditors` group and gives `reveal` privilege to it.
154
+
155
+ ## [4.20.1] - 2016-02-18
156
+ ### Fixed
157
+ - BUGFIX: Better handling for unicode and special characters in user ids.
158
+
159
+ ## [4.20.0] - 2016-02-05
160
+ ### Added
161
+ - Add support for Host Factory functionality (replaces conjur-asset-host-factory plugin).
162
+ - Add support for sending audit events (replaces conjur-asset-audit-send plugin).
163
+ - Add support for variable expiration. Variable expiration is available in version 4.6 of the Conjur server.
164
+ - Add `Conjur::API` methods to querying service versions : `service_version`, `service_names`, `appliance_info`.
165
+ - Add `Conjur::API` method for querying server health: `appliance_health(remote_host=nil)`
166
+ - Support ISO8601 duration strings as arguments in variable expiration methods.
167
+ - Add support for CIDR restrictions
168
+
169
+ ## 4.19.1 - 0000-00-00
170
+ ### Fixed
171
+ - BUGFIX: Allow Configuration to parse several certs in a string
172
+
173
+ ## [4.19.0] - 2015-08-28
174
+ ### Changed
175
+ - Rename `sudo` to `elevate` throughout the spec and docstrings. This is an incompatible change, but it occurs before the Conjur 4.5 server that implements `elevate` is released.
176
+
177
+ ## 4.18.0 - 0000-00-00
178
+ ### Added
179
+ - Add method `global_privilege_permitted?` to facilitate working with Conjur 4.5 global privileges.
176
180
 
177
- # v4.17.0
181
+ ## 4.17.0 - 0000-00-00
182
+ ### Added
183
+ - Add handling for `X-Forwarded-For` and `X-Conjur-Privilege` ("conjur sudo")
184
+ - Transform embedded whitespace in certificate string into newlines
178
185
 
179
- * Add handling for `X-Forwarded-For` and `X-Conjur-Privilege` ("conjur sudo")
180
- * Transform embedded whitespace in certificate string into newlines
186
+ ## [4.16.0] - 2015-04-28
187
+ ### Added
188
+ - Add ssl_certificate option to allow certs to be provided as strings (helpful in heroku)
189
+ - Add `Conjur::Configuration#apply_cert_config!` method to add certs from `#cert_file` and `#ssl_certificate` to the default cert store.
181
190
 
182
- # v4.16.0
183
- * Add ssl_certificate option to allow certs to be provided as strings (helpful in heroku)
184
- * Add `Conjur::Configuration#apply_cert_config!` method to add certs from `#cert_file` and `#ssl_certificate`
185
- to the default cert store.
186
- # v4.15.0
187
- * Extensive documentation improvements
188
- * A few additional methoods, for example `Conjur::API#public_key_names`.
191
+ ## [4.15.0] - 2015-04-23
192
+ ### Added
193
+ - Extensive documentation improvements
194
+ - A few additional methoods, for example `Conjur::API#public_key_names`.
189
195
 
190
- # v4.14.0
196
+ ## [4.14.0] - 2015-03-26
197
+ ### Added
198
+ - Bump rest-client version, remove the troublesome mime-types patch
199
+ - Make sure SSL certificate verification is enabled
200
+ - Bugfix: Don't escape ids twice when listing records
201
+ - Add a stub so that require 'conjur-api' works
202
+ - Lots of doc updates
191
203
 
192
- * Bump rest-client version, remove the troublesome mime-types patch
193
- * Make sure SSL certificate verification is enabled
194
- * Bugfix: Don't escape ids twice when listing records
195
- * Add a stub so that require 'conjur-api' works
196
- * Lots of doc updates
204
+ ## [4.13.0] - 2015-02-11
205
+ ### Added
206
+ - Add GID handling utilities
197
207
 
198
- # v4.13.0
208
+ ## [4.12.0] - 2015-01-27
209
+ ### Added
210
+ - Add the API method `role_graph` for retrieving role relationships in bulk
199
211
 
200
- * Add GID handling utilities
212
+ ## 4.11.2 - 0000-00-00
213
+ ### Added
214
+ - Patch rest-client's patch of mime-types to support lazy loading
201
215
 
202
- # v4.12.0
216
+ ### Removed
217
+ - Remove 'wrong' dependency for faster loading
203
218
 
204
- * Add the API method `role_graph` for retrieving role relationships in bulk
219
+ ## 4.11.0 - 0000-00-00
220
+ ### Fixed
221
+ - Fixed bug retrieving `Variable#version_count`
222
+ - Include CONJUR_ENV in `Conjur.configuration`
205
223
 
206
- # v4.11.2
224
+ ### Added
225
+ - Add `cert_file` option to `Conjur.configuration`
207
226
 
208
- * Patch rest-client's patch of mime-types to support lazy loading
209
- * Remove 'wrong' dependency for faster loading
227
+ ## [4.10.2] - 2014-09-22
228
+ ### Added
229
+ - Authn token is refetched before the expiration
230
+ - Support for configuration `sticky` option is discarded
231
+ - Resource#exists? refactored -- no overloading, code from exists.rb used
232
+ - Tests use Rspec v3 and reset configuration between test cases
210
233
 
211
- # v4.11.0
234
+ ## [4.10.1] - 2014-09-04
235
+ ### Added
236
+ - Resource#exists? returns true if access to resource is forbidden
237
+ - Thread-local configuration for working with different endpoints
212
238
 
213
- * Fixed bug retrieving `Variable#version_count`
214
- * Include CONJUR_ENV in `Conjur.configuration`
215
- * Add `cert_file` option to `Conjur.configuration`
239
+ ## [4.10.0] - 2014-08-15
240
+ ### Added
241
+ - User#update
242
+ - Added Users#find_users
216
243
 
244
+ ## [4.9.2] - 2014-08-05
245
+ ### Changed
246
+ - Always construct Heroku service names that are valid Heroku names
247
+ - authz resource#exists? anticipates a result of 403 Forbidden, and interprets this as true
248
+ - Provide a method to detect whether each configuration setting has been explicitly set via the environment
217
249
 
218
- # v.4.10.2
219
- * Authn token is refetched before the expiration
220
- * Support for configuration `sticky` option is discarded
221
- * Resource#exists? refactored -- no overloading, code from exists.rb used
222
- * Tests use Rspec v3 and reset configuration between test cases
250
+ ## [4.9.1] - 2014-07-17
251
+ ### Changed
252
+ - Require rest-client gem version 1.6.7, as version 1.7 has bugs in SSL certificate trust options
223
253
 
254
+ ## [4.9.0] - 2014-06-06
255
+ ### Changed
256
+ - Layer and Pubkeys are now part of the core API
224
257
 
225
- # v.4.10.1
226
- * Resource#exists? returns true if access to resource is forbidden
227
- * Thread-local configuration for working with different endpoints
258
+ ## [4.8.0] - 2014-05-23
259
+ ### Added
260
+ - Variable#variable_values, batch fetching of variables to support the new conjur env command
261
+
262
+ ## [4.7.2] - 2014-03-18
263
+
264
+ ## [4.7.1] - 2014-03-13
265
+
266
+ ## [4.6.1] - 2014-02-28
267
+
268
+ ## [4.6.0] - 2014-01-11
269
+
270
+ ## [4.4.1] - 2013-12-23
271
+
272
+ ## [4.4.0] - 2013-12-23
273
+
274
+ ## [4.3.0] - 2013-11-19
275
+
276
+ ## [4.1.1] - 2013-10-24
277
+
278
+ ## [2.7.1] - 2013-10-24
279
+
280
+ ## [4.0.0] - 2013-10-17
281
+
282
+ ## [2.5.1] - 2013-07-26
283
+
284
+ ## [2.4.0] - 2013-06-05
285
+
286
+ ## [2.3.1] - 2013-06-03
287
+
288
+ ## [2.2.3] - 2013-05-31
289
+
290
+ ## [2.2.2] - 2013-05-23
291
+
292
+ ## [2.2.1] - 2013-05-20
293
+
294
+ ## [2.2.0] - 2013-05-16
295
+
296
+ ## [2.1.8] - 2013-05-15
297
+
298
+ ## [2.1.7] - 2013-05-10
299
+
300
+ ## [2.1.6] - 2013-04-30
301
+
302
+ ## [2.1.5] - 2013-04-24
303
+
304
+ ## [2.1.4] - 2013-04-24
305
+
306
+ ## [2.1.3] - 2013-04-12
307
+
308
+ ## [2.1.2] - 2013-04-12
309
+
310
+ ## [2.1.1] - 2013-03-29
311
+
312
+ ## [2.1.0] - 2013-03-25
313
+
314
+ ## [2.0.1] - 2013-03-14
315
+
316
+ ## [2.0.0] - 2013-13-12
317
+
318
+ [Unreleased]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.1...HEAD
319
+ [5.3.1]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.0...v5.3.1
320
+ [5.3.0]: https://github.com/cyberark/conjur-api-ruby/compare/v5.1.0...v5.3.0
321
+ [5.1.0]: https://github.com/cyberark/conjur-api-ruby/compare/v5.0.0...v5.1.0
322
+ [5.0.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.31.0...v5.0.0
323
+ [4.31.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.30.0...v4.31.0
324
+ [4.30.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.29.2...v4.30.0
325
+ [4.29.2]: https://github.com/cyberark/conjur-api-ruby/compare/v4.29.0...v4.29.2
326
+ [4.29.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.28.1...v4.29.0
327
+ [4.28.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.28.0...v4.28.1
328
+ [4.28.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.26.0...v4.28.0
329
+ [4.26.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.25.1...v4.26.0
330
+ [4.25.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.25.0...v4.25.1
331
+ [4.25.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.24.1...v4.25.0
332
+ [4.24.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.24.0...v4.24.1
333
+ [4.24.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.23.0...v4.24.0
334
+ [4.23.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.22.1...v4.23.0
335
+ [4.22.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.22.0...v4.22.1
336
+ [4.22.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.21.0...v4.22.0
337
+ [4.21.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.20.1...v4.21.0
338
+ [4.20.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.20.0...v4.20.1
339
+ [4.20.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.19.1...v4.20.0
340
+ [4.19.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.19.0...v4.19.1
341
+ [4.19.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.16.0...v4.19.0
342
+ [4.16.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.15.0...v4.16.0
343
+ [4.15.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.14.0...v4.15.0
344
+ [4.14.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.13.0...v4.14.0
345
+ [4.13.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.12.0...v4.13.0
346
+ [4.12.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.10.2...v4.12.0
347
+ [4.10.2]: https://github.com/cyberark/conjur-api-ruby/compare/v4.10.1...v4.10.2
348
+ [4.10.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.10.0...v4.10.1
349
+ [4.10.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.9.2...v4.10.0
350
+ [4.9.2]: https://github.com/cyberark/conjur-api-ruby/compare/v4.9.1...v4.9.2
351
+ [4.9.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.9.0...v4.9.1
352
+ [4.9.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.8.0...v4.9.0
353
+ [4.8.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.7.2...v4.8.0
354
+ [4.7.2]: https://github.com/cyberark/conjur-api-ruby/compare/v4.7.1...v4.7.2
355
+ [4.7.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.6.1...v4.7.1
356
+ [4.6.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.6.0...v4.6.1
357
+ [4.6.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.4.1...v4.6.0
358
+ [4.4.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.4.0...v4.4.1
359
+ [4.4.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.3.0...v4.4.0
360
+ [4.3.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.1.1...v4.3.0
361
+ [4.1.1]: https://github.com/cyberark/conjur-api-ruby/compare/v2.7.1...v4.1.1
362
+ [2.7.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.0.0...v2.7.1
363
+ [4.0.0]: https://github.com/cyberark/conjur-api-ruby/compare/v2.5.1...v4.0.0
364
+ [2.5.1]: https://github.com/cyberark/conjur-api-ruby/compare/v2.4.0...v2.5.1
365
+ [2.4.0]: https://github.com/cyberark/conjur-api-ruby/compare/v2.3.1...v2.4.0
366
+ [2.3.1]: https://github.com/cyberark/conjur-api-ruby/compare/v2.2.3...v2.3.1
367
+ [2.2.3]: https://github.com/cyberark/conjur-api-ruby/compare/v2.2.2...v2.2.3
368
+ [2.2.2]: https://github.com/cyberark/conjur-api-ruby/compare/v2.2.1...v2.2.2
369
+ [2.2.1]: https://github.com/cyberark/conjur-api-ruby/compare/v2.2.0...v2.2.1
370
+ [2.2.0]: https://github.com/cyberark/conjur-api-ruby/compare/v2.1.8...v2.2.0
371
+ [2.1.8]: https://github.com/cyberark/conjur-api-ruby/compare/v2.1.7...v2.1.8
372
+ [2.1.7]: https://github.com/cyberark/conjur-api-ruby/compare/v2.1.6...v2.1.7
373
+ [2.1.6]: https://github.com/cyberark/conjur-api-ruby/compare/v2.1.5...v2.1.6
374
+ [2.1.5]: https://github.com/cyberark/conjur-api-ruby/compare/v2.1.4...v2.1.5
375
+ [2.1.4]: https://github.com/cyberark/conjur-api-ruby/compare/v2.1.3...v2.1.4
376
+ [2.1.3]: https://github.com/cyberark/conjur-api-ruby/compare/v2.1.2...v2.1.3
377
+ [2.1.2]: https://github.com/cyberark/conjur-api-ruby/compare/v2.1.1...v2.1.2
378
+ [2.1.1]: https://github.com/cyberark/conjur-api-ruby/compare/v2.1.0...v2.1.1
379
+ [2.1.0]: https://github.com/cyberark/conjur-api-ruby/compare/v2.0.1...v2.1.0
380
+ [2.0.1]: https://github.com/cyberark/conjur-api-ruby/compare/v2.0.0...v2.0.1
381
+ [2.0.0]: https://github.com/cyberark/conjur-api-ruby/releases/tag/v2.0.0