conjur-api 5.3.6 → 5.3.7.pre.183

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7ff5a377ccb9f8a1e9bf489c3c4e8a403adf795ce73f2eb88d204ff9963f9e15
-  data.tar.gz: ce065cc5820c6deaabd504f8cc3893da57ed0043ef621327134e53df4ce689b9
+  metadata.gz: 510a87b647a26d2abc902433920963157b3f1f3452178c8d2df33b88101d9d76
+  data.tar.gz: 6855d313b355ce713485bc94941d6c9335ff394a8cb60a113a0e497379354d1f
 SHA512:
-  metadata.gz: 888764fb96ae3122eb82a9ed9d652548a46c33109d5c85ab09ece0ce0cd65982f429376b559ebdd47d77c76ed911d2de0cec36b92bf6eeff1e92051d7ce36892
-  data.tar.gz: 4ecd8d2df762195c14167e513e4379a985076f8dec2fc7f62d09d013ad472c24a3e44c068c733859a2b9051a852be709521251ce46d049fd54b56db7b2a9d8ed
+  metadata.gz: d5112f1adbceee7b4364c9ad2f050696a9f25778c751df39cb8355220f479461a213536adc823a5dc8397e7651d655e08cf0b10e25c9c49cce8d059952f5ecf4
+  data.tar.gz: bac9ba81f5487f492cfbebc00b0efe9420d96ec1a9024533cc8d3563f48ee9666a091e03fc3f0fac4f08735acdb90292aca3547245b1c3ed641bb43040f08f47

data/CHANGELOG.md

@@ -4,9 +4,20 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
-## [Unreleased]
+## Unreleased
+### Changed
+- Nothing should go in this section, please add to the latest unreleased version
+  (and update the corresponding date), or add a new version.
+
+## [5.3.7] - 2021-12-28
+
+### Changed
+- Change addressable gem dependency.
+  [cyberark/conjur-api-ruby#199](https://github.com/cyberark/conjur-api-ruby/pull/199)
+- Update to use automated release process
 
 ## [5.3.6] - 2021-12-09
+
 ### Changed
 - Support ruby-3.0.2.
   [cyberark/conjur-api-ruby#197](https://github.com/cyberark/conjur-api-ruby/pull/197)
@@ -352,6 +363,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ## [2.0.0] - 2013-13-12
 
 [Unreleased]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.6...HEAD
+[5.3.7]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.6...v5.3.7
 [5.3.6]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.5...v5.3.6
 [5.3.5]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.4...v5.3.5
 [5.3.4]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.3...v5.3.4

data/Dockerfile

@@ -5,7 +5,7 @@ RUN apt-get update && apt-get install -y vim curl
 
 WORKDIR /src/conjur-api
 
-COPY Gemfile conjur-api.gemspec ./
+COPY Gemfile conjur-api.gemspec VERSION ./
 COPY lib/conjur-api/version.rb ./lib/conjur-api/
 
 RUN bundle

data/Jenkinsfile

@@ -1,5 +1,17 @@
 #!/usr/bin/env groovy
 
+// Automated release, promotion and dependencies
+properties([
+  release.addParams()
+])
+
+if (params.MODE == "PROMOTE") {
+  release.promote(params.VERSION_TO_PROMOTE) { sourceVersion, targetVersion, assetDirectory ->
+    sh './publish.sh'
+  }
+  return
+}
+
 pipeline {
   agent { label 'executor-v2' }
 
@@ -12,9 +24,29 @@ pipeline {
     cron(getDailyCronString())
   }
 
+  environment {
+    MODE = release.canonicalizeMode()
+  }
+
   stages {
-    stage('Validate Changelog') {
-      steps { sh './bin/parse-changelog.sh' }
+    stage ("Skip build if triggering job didn't create a release") {
+      when {
+        expression {
+          MODE == "SKIP"
+        }
+      }
+      steps {
+        script {
+          currentBuild.result = 'ABORTED'
+          error("Aborting build because this build was triggered from upstream, but no release was built")
+        }
+      }
+    }
+    stage('Validate Changelog and set version') {
+      steps {
+        sh './bin/parse-changelog.sh'
+        updateVersion("CHANGELOG.md", "${BUILD_NUMBER}")
+      }
     }
 
     stage('Prepare CC Report Dir'){
@@ -107,23 +139,25 @@ pipeline {
       }
     }
 
-    // Only publish to RubyGems if the tag begins with 'v' ex) v5.3.2
-    stage('Publish to RubyGems?') {
-      agent { label 'executor-v2' }
+    stage('Release') {
+      when {
+        expression {
+          MODE == "RELEASE"
+        }
+      }
 
-      when { tag "v*" }
       steps {
-        // Clean up first
-        sh 'docker run -i --rm -v $PWD:/src -w /src alpine/git clean -fxd'
-
-        sh './publish.sh'
-
-        // Clean up again...
-        sh 'docker run -i --rm -v $PWD:/src -w /src alpine/git clean -fxd'
-        deleteDir()
+        release {
+          // Clean up all but the calculated VERSION
+          sh '''docker run -i --rm -v $PWD:/src -w /src alpine/git clean -fxd \
+                -e VERSION \
+                -e bom-assets/ \
+                -e release-assets/ '''
+          sh './publish.sh'
+          sh 'cp conjur-api-*.gem release-assets/.'
+        }
       }
     }
-
   }
 
   post {

data/VERSION

@@ -0,0 +1 @@
+5.3.7-183

data/conjur-api.gemspec

@@ -9,7 +9,7 @@ Gem::Specification.new do |gem|
   gem.homepage      = "https://github.com/cyberark/conjur-api-ruby/"
   gem.license       = "Apache-2.0"
 
-  gem.files         = `git ls-files`.split($\) + Dir['build_number']
+  gem.files         = `git ls-files`.split($\).append("VERSION") + Dir['build_number']
   gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
   gem.name          = "conjur-api"
@@ -23,7 +23,7 @@ Gem::Specification.new do |gem|
 
   gem.add_dependency 'rest-client'
   gem.add_dependency 'activesupport', '>= 4.2'
-  gem.add_dependency 'addressable', '~> 2.8.0'
+  gem.add_dependency 'addressable', '~> 2.0'
 
   gem.add_development_dependency 'rake', '>= 12.3.3'
   gem.add_development_dependency 'rspec', '~> 3'

data/dev/start

@@ -11,6 +11,11 @@ function v5_development() {
   docker exec -e CONJUR_AUTHN_API_KEY="$api_key" -it --detach-keys 'ctrl-\' $(docker-compose ps -q gem) bash
 }
 
+# Set up VERSION file for local development
+if [ ! -f "../VERSION" ]; then
+  echo -n "0.0.dev" > ../VERSION
+fi
+
 docker-compose pull
 docker-compose build
 

data/features/permitted.feature

@@ -4,6 +4,8 @@ Feature: Check if a role has permission on a resource.
     Given I run the code:
     """
     @host_id = "app-#{random_hex}"
+    @test_user = "user$#{random_hex}"
+    @test_host = "host?#{random_hex}"
     response = $conjur.load_policy 'root', <<-POLICY
     - !variable db-password
 
@@ -15,6 +17,17 @@ Feature: Check if a role has permission on a resource.
       role: !layer myapp
       privilege: execute
       resource: !variable db-password
+
+    - !policy
+      id: test
+      body:
+        - !user #{@test_user}
+        - !host #{@test_host}
+
+    - !permit
+      role: !user #{@test_user}@test
+      privilege: execute
+      resource: !variable db-password
     POLICY
     @host_api_key = response.created_roles["cucumber:host:#{@host_id}"]['api_key']
     expect(@host_api_key).to be
@@ -34,6 +47,20 @@ Feature: Check if a role has permission on a resource.
     """
     Then the result should be "false"
 
+  Scenario: Check if a different user from subpolicy has the privilege.
+    When I run the code:
+    """
+    $conjur.resource('cucumber:variable:db-password').permitted? 'execute', role: "cucumber:user:#{@test_user}@test"
+    """
+    Then the result should be "true"
+
+  Scenario: Check if a different host from subpolicy has the privilege.
+    When I run the code:
+    """
+    $conjur.resource('cucumber:variable:db-password').permitted? 'execute', role: "cucumber:host:test/#{@test_host}"
+    """
+    Then the result should be "false"
+
   Scenario: Check if a different user has the privilege, while logged in as that user.
     When I run the code:
     """

data/lib/conjur-api/version.rb

@@ -19,6 +19,6 @@
 
 module Conjur
   class API
-    VERSION = "5.3.6"
+    VERSION = File.read(File.expand_path('../../VERSION', __dir__))
   end
 end

data/publish.sh

@@ -1,7 +1,5 @@
-#!/bin/bash -e
-
-docker pull registry.tld/conjurinc/publish-rubygem
+#!/usr/bin/env bash
+set -e
 
 summon --yaml "RUBYGEMS_API_KEY: !var rubygems/api-key" \
-  docker run --rm --env-file @SUMMONENVFILE -v "$(pwd)":/opt/src \
-  registry.tld/conjurinc/publish-rubygem conjur-api
+  publish-rubygem conjur-api

data/test.sh

@@ -13,6 +13,10 @@ function finish {
 
 trap finish EXIT
 
+# Set up VERSION file for local development
+if [ ! -f "../VERSION" ]; then
+  echo -n "0.0.dev" > ../VERSION
+fi
 
 function main() {
   if ! docker info >/dev/null 2>&1; then

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: conjur-api
 version: !ruby/object:Gem::Version
-  version: 5.3.6
+  version: 5.3.7.pre.183
 platform: ruby
 authors:
 - CyberArk Maintainers
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-12-12 00:00:00.000000000 Z
+date: 2022-01-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.8.0
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.8.0
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -253,6 +253,7 @@ files:
 - README.md
 - Rakefile
 - SECURITY.md
+- VERSION
 - bin/parse-changelog.sh
 - ci/configure_v4.sh
 - ci/configure_v5.sh
@@ -388,11 +389,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '1.9'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubygems_version: 3.1.6
+rubyforge_project: 
+rubygems_version: 2.7.6.2
 signing_key: 
 specification_version: 4
 summary: Conjur API