conjur-api 5.3.7.pre.168 → 5.3.8.pre.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 78dd828b0df7d1c654cdc6b018cda3cbf8af65b5778892216e1e4d9914d8d2f8
4
- data.tar.gz: 054d9b0969de1c5d382158c1ed1f8207bc0d5a17d6f6be38cc4dafc5e4ef52e1
3
+ metadata.gz: 6e542258c40773ab19a843a4f736ecc11aaebf6af17845d18ccd7f66ad9984be
4
+ data.tar.gz: aab3735f0a132de15e9d70d87ad6382fe8678339e2bab0f4d9164985095077c0
5
5
  SHA512:
6
- metadata.gz: d75f6f3d509da1f3b3777a927f17ebe0b795ae5d65885e551b41a1d79556ea8e2debd53cd1c1afbc79340888115aac0e5707a80cedac32c7d794ce3efe4b0c72
7
- data.tar.gz: 88c2bb2eb83ce02f5aecb76af719602531b9a0fcb3943ebb0643bf364da9ce07d125610f0cdd50c156693202fd2b55edbb85855bb7b1c6ace9d7ea021c10aad9
6
+ metadata.gz: 0bf6b1653ade8fa65e6a6f63c87303a5112df9c61871a783dcc6bae21a698bf11b214c74fccbf8124182150d086db233bb26bb803e78a85c5fc9afc93e461882
7
+ data.tar.gz: 9dbf3a5fca29ba9dd88d1e087985956b2fc7414a06fca45d20c6bafda903abbe5dbc5a3df245b084651e6592b97ea980b603cb076cbd72e0e5316a47d6f3de7e
@@ -1,5 +1,5 @@
1
1
  AllCops:
2
- TargetRubyVersion: 2.5
2
+ TargetRubyVersion: 2.7
3
3
 
4
4
  # These non-default settings best reflect our current code style.
5
5
  Style/MethodDefParentheses:
data/CHANGELOG.md CHANGED
@@ -9,6 +9,20 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
9
9
  - Nothing should go in this section, please add to the latest unreleased version
10
10
  (and update the corresponding date), or add a new version.
11
11
 
12
+ ## [5.3.8] - 2022-07-19
13
+
14
+ ### Added
15
+ - Added support for OIDC V2 authentication endpoint.
16
+ [cyberark/cojnur-api-ruby#207](https://github.com/cyberark/conjur-api-ruby/pull/207)
17
+ - Added support for OIDC authenticator providers endpoint.
18
+ [cyberark/cojnur-api-ruby#207](https://github.com/cyberark/conjur-api-ruby/pull/207)
19
+
20
+ ### Changed
21
+ - Remove support for Ruby versions <2.7 which are [end of life](https://endoflife.date/ruby).
22
+ [cyberark/conjur-api-ruby#206](https://github.com/cyberark/conjur-api-ruby/pull/206)
23
+ - Adding operation call to fetch authentication providers
24
+ [cyberark/conjur-api-ruby#206](https://github.com/cyberark/conjur-api-ruby/pull/206)
25
+
12
26
  ## [5.3.7] - 2021-12-28
13
27
 
14
28
  ### Changed
@@ -362,7 +376,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
362
376
 
363
377
  ## [2.0.0] - 2013-13-12
364
378
 
365
- [Unreleased]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.6...HEAD
379
+ [Unreleased]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.8...HEAD
380
+ [5.3.8]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.7...v5.3.8
366
381
  [5.3.7]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.6...v5.3.7
367
382
  [5.3.6]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.5...v5.3.6
368
383
  [5.3.5]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.4...v5.3.5
data/CONTRIBUTING.md CHANGED
@@ -123,11 +123,8 @@ $ docker-compose down
123
123
  ### Update the version and changelog
124
124
 
125
125
  1. Create a new branch for the version bump.
126
- 1. Based on the unreleased content, determine the new version number and update
127
- the [version.rb](lib/conjur-api/version.rb) file.
128
126
  1. Commit these changes - `Bump version to x.y.z` is an acceptable commit message - and open a PR
129
- for review. Your PR should include updates to `lib/conjur-api/version.rb`, and
130
- `CHANGELOG.md`.
127
+ for review. Your PR should include updates to `CHANGELOG.md`.
131
128
 
132
129
  ### Add a git tag
133
130
 
data/Jenkinsfile CHANGED
@@ -1,4 +1,5 @@
1
1
  #!/usr/bin/env groovy
2
+ @Library('conjur@test-fix-git-directory-permissions') _
2
3
 
3
4
  // Automated release, promotion and dependencies
4
5
  properties([
@@ -58,40 +59,6 @@ pipeline {
58
59
  }
59
60
  }
60
61
 
61
- stage('Test Ruby 2.5') {
62
- environment {
63
- RUBY_VERSION = '2.5'
64
- }
65
- steps {
66
- sh './test.sh'
67
- }
68
-
69
- post {
70
- always {
71
- junit 'spec/reports/*.xml'
72
- junit 'features/reports/*.xml'
73
- junit 'features_v4/reports/*.xml'
74
- }
75
- }
76
- }
77
-
78
- stage('Test Ruby 2.6') {
79
- environment {
80
- RUBY_VERSION = '2.6'
81
- }
82
- steps {
83
- sh './test.sh'
84
- }
85
-
86
- post {
87
- always {
88
- junit 'spec/reports/*.xml'
89
- junit 'features/reports/*.xml'
90
- junit 'features_v4/reports/*.xml'
91
- }
92
- }
93
- }
94
-
95
62
  stage('Test Ruby 2.7') {
96
63
  environment {
97
64
  RUBY_VERSION = '2.7'
@@ -149,11 +116,14 @@ pipeline {
149
116
  steps {
150
117
  release {
151
118
  // Clean up all but the calculated VERSION
152
- sh '''docker run -i --rm -v $PWD:/src -w /src alpine/git clean -fxd \
153
- -e VERSION \
154
- -e bom-assets/ \
155
- -e release-assets/ '''
119
+ sh '''docker run -i --rm -v $(pwd):/src -w /src --entrypoint /bin/sh alpine/git \
120
+ -c "git config --global --add safe.directory /src && \
121
+ git clean -fdx \
122
+ -e VERSION \
123
+ -e bom-assets/ \
124
+ -e release-assets" '''
156
125
  sh './publish.sh'
126
+ sh 'cp conjur-api-*.gem release-assets/.'
157
127
  }
158
128
  }
159
129
  }
data/VERSION CHANGED
@@ -1 +1 @@
1
- 5.3.7-168
1
+ 5.3.8-3
@@ -5,7 +5,7 @@ cd "$(dirname "$0")"
5
5
  docker run --rm \
6
6
  -v "$PWD/..:/work" \
7
7
  -w "/work" \
8
- ruby:2.5 bash -ec "
8
+ ruby:2.7 bash -ec "
9
9
  gem install -N parse_a_changelog
10
10
  parse ./CHANGELOG.md
11
11
  "
data/ci/configure_v5.sh CHANGED
@@ -1,5 +1,7 @@
1
1
  #!/bin/bash -e
2
2
 
3
+ source ./ci/oauth/keycloak/keycloak_functions.sh
4
+
3
5
  cat << "CONFIGURE" | docker exec -i $(docker-compose ps -q conjur_5) bash
4
6
  set -e
5
7
 
@@ -12,3 +14,6 @@ done
12
14
  # So we fail if the server isn't up yet:
13
15
  curl -o /dev/null -fs -X OPTIONS http://localhost > /dev/null
14
16
  CONFIGURE
17
+
18
+ fetch_keycloak_certificate
19
+ create_keycloak_users
@@ -0,0 +1,18 @@
1
+ #!/bin/sh
2
+
3
+
4
+ keycloak/bin/kcreg.sh config credentials \
5
+ --server http://localhost:8080/auth \
6
+ --realm master \
7
+ --user "$KEYCLOAK_USER" \
8
+ --password "$KEYCLOAK_PASSWORD"
9
+
10
+ keycloak/bin/kcreg.sh create \
11
+ -s clientId="$KEYCLOAK_CLIENT_ID" \
12
+ -s "redirectUris=[\"$KEYCLOAK_REDIRECT_URI\"]" \
13
+ -s "secret=$KEYCLOAK_CLIENT_SECRET"
14
+
15
+ # Enable direct access to get an id token with username & password
16
+ keycloak/bin/kcreg.sh update conjurClient -s directAccessGrantsEnabled=true
17
+
18
+ keycloak/bin/kcreg.sh get "$KEYCLOAK_CLIENT_ID" | jq '.secret'
@@ -0,0 +1,21 @@
1
+ #!/bin/sh
2
+
3
+ echo "login as admin with user $KEYCLOAK_USER"
4
+
5
+ keycloak/bin/kcadm.sh config credentials \
6
+ --server http://localhost:8080/auth \
7
+ --realm master \
8
+ --user "$KEYCLOAK_USER" \
9
+ --password "$KEYCLOAK_PASSWORD"
10
+
11
+ echo "creating user $1 with email $3"
12
+
13
+ keycloak/bin/kcadm.sh create users \
14
+ -s username="$1" \
15
+ -s email="$3" \
16
+ -s enabled=true
17
+
18
+ echo "setting password of user $1 to $2"
19
+ keycloak/bin/kcadm.sh set-password \
20
+ --username "$1" \
21
+ -p "$2"
@@ -0,0 +1,18 @@
1
+ #!/bin/sh
2
+
3
+ # This script retrieves a certificate from the keycloak OIDC provider
4
+ # and puts it to a trusted operating system store.
5
+ # It is needed to communicate with the provider via SSL for validating ID tokens
6
+
7
+ openssl s_client \
8
+ -showcerts \
9
+ -connect keycloak:8443 \
10
+ -servername keycloak \
11
+ </dev/null | \
12
+ openssl x509 \
13
+ -outform PEM \
14
+ >/etc/ssl/certs/keycloak.pem
15
+
16
+ hash=$(openssl x509 -hash -in /etc/ssl/certs/keycloak.pem -out /dev/null)
17
+
18
+ ln -s /etc/ssl/certs/keycloak.pem "/etc/ssl/certs/${hash}.0"
@@ -0,0 +1,71 @@
1
+ #!/usr/bin/env bash
2
+
3
+ KEYCLOAK_SERVICE_NAME="keycloak"
4
+
5
+ # Note: the single arg is a nameref, which this function sets to an array
6
+ # containing items of the form "KEY=VAL".
7
+ function _hydrate_keycloak_env_args() {
8
+ local -n arr=$1
9
+ local keycloak_items
10
+
11
+ readarray -t keycloak_items < <(
12
+ set -o pipefail
13
+ # Note: This prints all lines that look like:
14
+ # KEYCLOAK_XXX=someval
15
+ docker-compose exec -T ${KEYCLOAK_SERVICE_NAME} printenv | awk '/KEYCLOAK/'
16
+ )
17
+
18
+ # shellcheck disable=SC2034
19
+ arr=(
20
+ "${keycloak_items[@]}"
21
+ "PROVIDER_URI=https://keycloak:8443/auth/realms/master"
22
+ "PROVIDER_INTERNAL_URI=http://keycloak:8080/auth/realms/master/protocol/openid-connect"
23
+ "PROVIDER_ISSUER=http://keycloak:8080/auth/realms/master"
24
+ "ID_TOKEN_USER_PROPERTY=preferred_username"
25
+ )
26
+ }
27
+
28
+ # The arguments must be unexpanded variable names. Eg:
29
+ #
30
+ # _create_keycloak_user '$APP_USER' '$APP_PW' '$APP_EMAIL'
31
+ #
32
+ # This is because those variables are not available to this script. They are
33
+ # available to bash commands run via "docker-compose exec keycloak bash
34
+ # -c...", since they're defined in the docker-compose.yml.
35
+ function _create_keycloak_user() {
36
+ local user_var=$1
37
+ local pw_var=$2
38
+ local email_var=$3
39
+
40
+ docker-compose exec -T \
41
+ ${KEYCLOAK_SERVICE_NAME} \
42
+ bash -c "/scripts/create_user \"$user_var\" \"$pw_var\" \"$email_var\""
43
+ }
44
+
45
+ function create_keycloak_users() {
46
+ echo "Defining keycloak client"
47
+
48
+ docker-compose exec -T ${KEYCLOAK_SERVICE_NAME} /scripts/create_client
49
+
50
+ echo "Creating user 'alice' in Keycloak"
51
+
52
+ # Note: We want to pass the bash command thru without expansion here.
53
+ # shellcheck disable=SC2016
54
+ _create_keycloak_user \
55
+ '$KEYCLOAK_APP_USER' \
56
+ '$KEYCLOAK_APP_USER_PASSWORD' \
57
+ '$KEYCLOAK_APP_USER_EMAIL'
58
+ }
59
+
60
+ function wait_for_keycloak_server() {
61
+ docker-compose exec -T \
62
+ ${KEYCLOAK_SERVICE_NAME} /scripts/wait_for_server
63
+ }
64
+
65
+ function fetch_keycloak_certificate() {
66
+ # there's a dep on the docker-compose.yml volumes.
67
+ # Fetch SSL cert to communicate with keycloak (OIDC provider).
68
+ echo "Initialize keycloak certificate in conjur server"
69
+ docker-compose exec -T \
70
+ conjur_5 /scripts/fetch_certificate
71
+ }