conjur-api 5.3.7.pre.168 → 5.3.8.pre.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (143) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. metadata +21 -190
  4. data/.codeclimate.yml +0 -10
  5. data/.dockerignore +0 -1
  6. data/.github/CODEOWNERS +0 -10
  7. data/.gitignore +0 -32
  8. data/.gitleaks.toml +0 -219
  9. data/.overcommit.yml +0 -16
  10. data/.project +0 -18
  11. data/.rubocop.yml +0 -3
  12. data/.rubocop_settings.yml +0 -86
  13. data/.rubocop_todo.yml +0 -709
  14. data/.yardopts +0 -1
  15. data/CHANGELOG.md +0 -433
  16. data/CONTRIBUTING.md +0 -141
  17. data/Dockerfile +0 -16
  18. data/Gemfile +0 -7
  19. data/Jenkinsfile +0 -167
  20. data/LICENSE +0 -202
  21. data/README.md +0 -162
  22. data/Rakefile +0 -47
  23. data/SECURITY.md +0 -42
  24. data/bin/parse-changelog.sh +0 -12
  25. data/ci/configure_v4.sh +0 -12
  26. data/ci/configure_v5.sh +0 -14
  27. data/ci/submit-coverage +0 -36
  28. data/conjur-api.gemspec +0 -40
  29. data/dev/Dockerfile.dev +0 -12
  30. data/dev/docker-compose.yml +0 -56
  31. data/dev/start +0 -17
  32. data/dev/stop +0 -5
  33. data/docker-compose.yml +0 -76
  34. data/example/demo_v4.rb +0 -49
  35. data/example/demo_v5.rb +0 -57
  36. data/features/authenticators.feature +0 -33
  37. data/features/authn_local.feature +0 -32
  38. data/features/exists.feature +0 -37
  39. data/features/group.feature +0 -11
  40. data/features/host.feature +0 -50
  41. data/features/host_factory_create_host.feature +0 -28
  42. data/features/host_factory_token.feature +0 -63
  43. data/features/load_policy.feature +0 -61
  44. data/features/members.feature +0 -51
  45. data/features/new_api.feature +0 -36
  46. data/features/permitted.feature +0 -70
  47. data/features/permitted_roles.feature +0 -30
  48. data/features/public_keys.feature +0 -11
  49. data/features/resource_fields.feature +0 -53
  50. data/features/role_fields.feature +0 -15
  51. data/features/rotate_api_key.feature +0 -13
  52. data/features/step_definitions/api_steps.rb +0 -18
  53. data/features/step_definitions/policy_steps.rb +0 -75
  54. data/features/step_definitions/result_steps.rb +0 -7
  55. data/features/support/env.rb +0 -18
  56. data/features/support/hooks.rb +0 -3
  57. data/features/support/world.rb +0 -12
  58. data/features/update_password.feature +0 -14
  59. data/features/user.feature +0 -58
  60. data/features/variable_fields.feature +0 -20
  61. data/features/variable_value.feature +0 -60
  62. data/features_v4/authn_local.feature +0 -27
  63. data/features_v4/exists.feature +0 -29
  64. data/features_v4/host.feature +0 -18
  65. data/features_v4/host_factory_token.feature +0 -49
  66. data/features_v4/members.feature +0 -39
  67. data/features_v4/permitted.feature +0 -15
  68. data/features_v4/permitted_roles.feature +0 -8
  69. data/features_v4/resource_fields.feature +0 -47
  70. data/features_v4/rotate_api_key.feature +0 -13
  71. data/features_v4/step_definitions/api_steps.rb +0 -17
  72. data/features_v4/step_definitions/result_steps.rb +0 -3
  73. data/features_v4/support/env.rb +0 -23
  74. data/features_v4/support/policy.yml +0 -34
  75. data/features_v4/support/world.rb +0 -12
  76. data/features_v4/variable_fields.feature +0 -11
  77. data/features_v4/variable_value.feature +0 -54
  78. data/lib/conjur/acts_as_resource.rb +0 -123
  79. data/lib/conjur/acts_as_role.rb +0 -142
  80. data/lib/conjur/acts_as_rolsource.rb +0 -32
  81. data/lib/conjur/acts_as_user.rb +0 -68
  82. data/lib/conjur/api/authenticators.rb +0 -35
  83. data/lib/conjur/api/authn.rb +0 -125
  84. data/lib/conjur/api/host_factories.rb +0 -71
  85. data/lib/conjur/api/ldap_sync.rb +0 -38
  86. data/lib/conjur/api/policies.rb +0 -56
  87. data/lib/conjur/api/pubkeys.rb +0 -53
  88. data/lib/conjur/api/resources.rb +0 -109
  89. data/lib/conjur/api/roles.rb +0 -98
  90. data/lib/conjur/api/router/v4.rb +0 -206
  91. data/lib/conjur/api/router/v5.rb +0 -248
  92. data/lib/conjur/api/variables.rb +0 -59
  93. data/lib/conjur/api.rb +0 -105
  94. data/lib/conjur/base.rb +0 -355
  95. data/lib/conjur/base_object.rb +0 -57
  96. data/lib/conjur/build_object.rb +0 -47
  97. data/lib/conjur/cache.rb +0 -26
  98. data/lib/conjur/cert_utils.rb +0 -63
  99. data/lib/conjur/cidr.rb +0 -71
  100. data/lib/conjur/configuration.rb +0 -460
  101. data/lib/conjur/escape.rb +0 -129
  102. data/lib/conjur/exceptions.rb +0 -4
  103. data/lib/conjur/group.rb +0 -41
  104. data/lib/conjur/has_attributes.rb +0 -98
  105. data/lib/conjur/host.rb +0 -27
  106. data/lib/conjur/host_factory.rb +0 -75
  107. data/lib/conjur/host_factory_token.rb +0 -78
  108. data/lib/conjur/id.rb +0 -71
  109. data/lib/conjur/layer.rb +0 -9
  110. data/lib/conjur/log.rb +0 -72
  111. data/lib/conjur/log_source.rb +0 -60
  112. data/lib/conjur/policy.rb +0 -34
  113. data/lib/conjur/policy_load_result.rb +0 -61
  114. data/lib/conjur/query_string.rb +0 -12
  115. data/lib/conjur/resource.rb +0 -29
  116. data/lib/conjur/role.rb +0 -29
  117. data/lib/conjur/role_grant.rb +0 -85
  118. data/lib/conjur/routing.rb +0 -29
  119. data/lib/conjur/user.rb +0 -40
  120. data/lib/conjur/variable.rb +0 -208
  121. data/lib/conjur/webservice.rb +0 -30
  122. data/lib/conjur-api/version.rb +0 -24
  123. data/lib/conjur-api.rb +0 -2
  124. data/publish.sh +0 -7
  125. data/spec/api/host_factories_spec.rb +0 -34
  126. data/spec/api_spec.rb +0 -254
  127. data/spec/base_object_spec.rb +0 -13
  128. data/spec/cert_utils_spec.rb +0 -173
  129. data/spec/cidr_spec.rb +0 -34
  130. data/spec/configuration_spec.rb +0 -330
  131. data/spec/has_attributes_spec.rb +0 -63
  132. data/spec/helpers/errors_matcher.rb +0 -34
  133. data/spec/helpers/request_helpers.rb +0 -10
  134. data/spec/id_spec.rb +0 -29
  135. data/spec/ldap_sync_spec.rb +0 -21
  136. data/spec/log_source_spec.rb +0 -13
  137. data/spec/log_spec.rb +0 -42
  138. data/spec/roles_spec.rb +0 -24
  139. data/spec/spec_helper.rb +0 -113
  140. data/spec/ssl_spec.rb +0 -109
  141. data/spec/uri_escape_spec.rb +0 -21
  142. data/test.sh +0 -69
  143. data/tmp/.keep +0 -0
@@ -1,460 +0,0 @@
1
- #
2
- # Copyright 2013-2017 Conjur Inc
3
- #
4
- # Permission is hereby granted, free of charge, to any person obtaining a copy of
5
- # this software and associated documentation files (the "Software"), to deal in
6
- # the Software without restriction, including without limitation the rights to
7
- # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
8
- # the Software, and to permit persons to whom the Software is furnished to do so,
9
- # subject to the following conditions:
10
- #
11
- # The above copyright notice and this permission notice shall be included in all
12
- # copies or substantial portions of the Software.
13
- #
14
- # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
- # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
16
- # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
17
- # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
18
- # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19
- # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
- #
21
-
22
- require 'openssl'
23
- require 'set'
24
- require 'conjur/cert_utils'
25
-
26
- module Conjur
27
- class << self
28
- # Saves the current thread local {Conjur::Configuration},
29
- # sets the thread local {Conjur::Configuration} to `config`, yields to the block, and ensures that
30
- # the original thread local configuration is restored.
31
- #
32
- # Because Conjur configuration is accessed from the 'global' {Conjur.configuration} method by all Conjur
33
- # API methods, this method provides the ability to set a thread local value for use within the current,
34
- # or within a block in a single threaded application.
35
- #
36
- # Note that the {Conjur.configuration=} method sets the *global* {Conjur::Configuration}, not the thread-local
37
- # value.
38
- #
39
- # @example Override Configuration in a Thread
40
- # # in this rather contrived example, we'll override the {Conjur::Configuration#appliance_url} parameter
41
- # # used by calls within a thread.
42
- #
43
- # # Set up the configuration in the main thread
44
- # Conjur.configure do |c|
45
- # # ...
46
- # c.appliance_url = 'https://conjur.main-url.com/api'
47
- # end
48
- #
49
- # # Start a new thread that will perform requests to another server. In practice, you might
50
- # # have a web server that uses a Conjur endpoint specified by a request header.
51
- # Thread.new do
52
- # Conjur.with_configuration Conjur.config.clone(appliance_url: 'https://conjur.local-url.com/api') do
53
- # sleep 2
54
- # puts "Thread local url is #{Conjur.config.appliance_url}"
55
- # end
56
- # end
57
- # puts "Global url is #{Conjur.config.appliance_url}"
58
- # # Outputs:
59
- # Global url is https://conjur.main-url.com/api
60
- # Thread local url is https://conjur.local-url.com/api
61
- #
62
- # @return [void]
63
- def with_configuration(config)
64
- oldvalue = Thread.current[:conjur_configuration]
65
- Thread.current[:conjur_configuration] = config
66
- yield
67
- ensure
68
- Thread.current[:conjur_configuration] = oldvalue
69
- end
70
-
71
- # Gets the current thread-local or global configuration.
72
- #
73
- # The thread-local Conjur configuration can only be set using the {Conjur.with_configuration}
74
- # method. This method will try to return that value first, then the global configuration as
75
- # set with {Conjur.configuration=} (which is lazily initialized if not set).
76
- #
77
- # @return [Conjur::Configuration] the thread-local or global Conjur configuration.
78
- def configuration
79
- Thread.current[:conjur_configuration] || (@config ||= Configuration.new)
80
- end
81
-
82
- # Sets the global configuration.
83
- #
84
- # This method *has no effect* on the thread local configuration. Use {Conjur.with_configuration} instead if
85
- # that's what you want.
86
- #
87
- # @param [Conjur::Configuration] config the new configuration
88
- # @return [Conjur::Configuration] the new value of the configuration
89
- def configuration=(config)
90
- @config = config
91
- end
92
-
93
- alias config configuration
94
- alias config= configuration=
95
-
96
- # Configure Conjur with a block.
97
- #
98
- # @example
99
- # Conjur.configure do |c|
100
- # c.account = 'some-account'
101
- # c.appliance_url = 'https://conjur.companyname.com/api'
102
- # end
103
- #
104
- # @yieldparam [Conjur::Configuration] c the configuration instance to modify.
105
- def configure
106
- yield configuration
107
- end
108
- end
109
-
110
- # Stores a configuration for the Conjur API client. This class provides *global* and *thread local* storage
111
- # for common options used by the Conjur API. Most importantly, it specifies the
112
- #
113
- # * REST endpoints, derived from the {Conjur::Configuration#appliance_url} and {Conjur::Configuration#account} options
114
- # * The certificate used for secure connections to the Conjur appliance ({Conjur::Configuration#cert_file})
115
- #
116
- # ### Environment Variables
117
- #
118
- # Option values used by Conjur can be given by environment variables, using a standard naming scheme. Specifically,
119
- # an environment variable named `CONJUR_ACCOUNT` will be used to provide a default value for the {Conjur::Configuration#account}
120
- # option.
121
- #
122
- #
123
- # ### Required Options
124
- #
125
- # The {Conjur::Configuration#account} and {Conjur::Configuration#appliance_url} are always required. Except in
126
- # special cases, the {Conjur::Configuration#cert_file} is also required, but you may omit it if your Conjur root
127
- # certificate is in the OpenSSl default certificate store.
128
- #
129
- # ### Thread Local Configuration
130
- #
131
- # While using a globally available configuration is convenient for most applications, sometimes you will need to
132
- # use different configurations in different threads. This is supported by returning a thread local version from {Conjur.configuration}
133
- # if one has been set by {Conjur.with_configuration}.
134
- #
135
- # @see Conjur.configuration
136
- # @see Conjur.configure
137
- # @see Conjur.with_configuration
138
- #
139
- # @example Basic Configuration
140
- # Conjur.configure do |c|
141
- # c.account = 'the-account'
142
- # c.cert_file = find_conjur_cert_file
143
- # end
144
- #
145
- # @example Setting the appliance_url from an environment variable
146
- # ENV['CONJUR_APPLIANCE_URL'] = 'https://some-host.com/api'
147
- # Conjur::Configuration.new.appliance_url # => 'https://some-host.com/api'
148
- #
149
- # @example Using thread local configuration in a web application request handler
150
- # # Assume that we're in a request handler thread in a multithreaded web server.
151
- #
152
- # requested_appliance_url = request.header 'X-Conjur-Appliance-Url'
153
- #
154
- # with_configuration Conjur.config.clone(appliance_url: requested_appliance_url) do
155
- # # `api` is an instance attribute. Note that we can use an api that was created
156
- # # before we modified the thread local configuration.
157
- #
158
- #
159
- # # 404 if the user doesn't exist
160
- #
161
- # user = api.user request.header('X-Conjur-Login')
162
- # raise HttpError, 404, "User #{user.login} does not exist" unless user.exists?
163
- # # ... finish the request
164
- # end
165
- #
166
- #
167
- class Configuration
168
- # @api private
169
- attr_reader :explicit
170
-
171
- # @api private
172
- attr_reader :supplied
173
-
174
- # @api private
175
- attr_reader :computed
176
-
177
- # Create a new {Conjur::Configuration}, setting initial values from
178
- # `options`.
179
- #
180
- # @note `options` must use symbols for keys.
181
- #
182
- # @example
183
- # Conjur.config = Conjur::Configuration.new account: 'companyname'
184
- # Conjur.config.account # => 'companyname'
185
- #
186
- # @param [Hash] options hash of options to set on the new instance.
187
- #
188
- def initialize options = {}
189
- @explicit = options.dup
190
- @supplied = options.dup
191
- @computed = Hash.new
192
- end
193
-
194
- class << self
195
- # @api private
196
- def accepted_options
197
- require 'set'
198
- @options ||= Set.new
199
- end
200
-
201
- # @param [Symbol] name
202
- # @param [Hash] options
203
- # @option options [Boolean] :boolean (false) whether this option should have a '?' accessor
204
- # @option options [Boolean, String] :env Environment variable for this option. Set to false
205
- # to disallow environment based configuration. Default is CONJUR_<OPTION_NAME>.
206
- # @option options [Proc, *] :default Default value or proc to provide it
207
- # @option options [Boolean] :required (false) when true, raise an exception if the option is
208
- # not set
209
- # @option options [Proc, #to_proc] :convert proc-ish to convert environment
210
- # values to appropriate types
211
- # @param [Proc] def_proc block to provide default values
212
- # @api private
213
- def add_option name, options = {}, &def_proc
214
- accepted_options << name
215
- allow_env = options[:env].nil? || options[:env]
216
- env_var = options[:env] || "CONJUR_#{name.to_s.upcase}"
217
- def_val = options[:default]
218
- opt_name = name
219
-
220
- def_proc ||= if def_val.respond_to?(:call)
221
- def_val
222
- elsif options[:required]
223
- proc { raise "Missing required option #{opt_name}" }
224
- else
225
- proc { def_val }
226
- end
227
-
228
- convert = options[:convert] || ->(x){ x }
229
- # Allow a Symbol, for example
230
- convert = convert.to_proc if convert.respond_to?(:to_proc)
231
-
232
- define_method("#{name}=") do |value|
233
- set name, value
234
- end
235
-
236
- define_method("#{name}_env_var") do
237
- allow_env ? env_var : nil
238
- end
239
-
240
- define_method(name) do
241
- value = computed[name]
242
- return value unless value.nil?
243
-
244
- if supplied.member?(name)
245
- supplied[name]
246
- elsif allow_env && ENV.member?(env_var)
247
- instance_exec(ENV[env_var], &convert)
248
- else
249
- instance_eval(&def_proc)
250
- end.tap do |value|
251
- computed[name] = value
252
- end
253
- end
254
-
255
- alias_method("#{name}?", name) if options[:boolean]
256
- end
257
- end
258
-
259
- # Return a copy of this {Conjur::Configuration} instance, optionally
260
- # updating the copy with options from the `override_options` hash.
261
- #
262
- # @example
263
- # original = Conjur.configuration
264
- # original.account # => 'conjur'
265
- # copy = original.clone account: 'some-other-account'
266
- # copy.account # => 'some-other-account'
267
- # original.account # => 'conjur'
268
- #
269
- # @param [Hash] override_options options to set on the new instance
270
- # @return [Conjur::Configuration] a copy of this configuration
271
- def clone override_options = {}
272
- self.class.new self.explicit.dup.merge(override_options)
273
- end
274
-
275
- # Manually set an option. Note that setting an option not present in
276
- # {Conjur::Configuration.accepted_options} is a no op.
277
- # @api private
278
- # @param [Symbol, String] key the name of the option to set
279
- # @param [Object] value the option value.
280
- def set(key, value)
281
- if self.class.accepted_options.include?(key.to_sym)
282
- explicit[key.to_sym] = value
283
- supplied[key.to_sym] = value
284
- computed.clear
285
- end
286
- end
287
-
288
- # @!attribute authn_url
289
- #
290
- # The url for the {http://developer.conjur.net/reference/services/authentication Conjur authentication service}.
291
- #
292
- # By default, this will be built from the +appliance_url+. To use a custom authenticator,
293
- # set this option in code or set `CONJUR_AUTHN_URL`.
294
- #
295
- #
296
- # @return [String] the authentication service url
297
- add_option :authn_url do
298
- global_service_url 0, service_name: 'authn'
299
- end
300
-
301
- # @!attribute core_url
302
- #
303
- # The url for the core Conjur services.
304
- #
305
- # @note You should not generally set this value. Instead, Conjur will derive it from the
306
- # {Conjur::Configuration#account} and {Conjur::Configuration#appliance_url}
307
- # properties.
308
- #
309
- # @return [String] the base service url
310
- add_option :core_url do
311
- global_service_url 0
312
- end
313
-
314
- # @!attribute appliance_url
315
- # The url for your Conjur appliance.
316
- #
317
- # If your appliance's hostname is `'conjur.companyname.com'`, then your `appliance_url` will
318
- # be `'https://conjur.companyname.com/api'`.
319
- #
320
- # @note If you are using an appliance (if you're not sure, you probably are), this option is *required*.
321
- #
322
- # @return [String] the appliance URL
323
- add_option :appliance_url
324
-
325
- # NOTE DO NOT DOCUMENT THIS AS AN ATTRIBUTE, IT IS PRIVATE AND YARD DOESN'T SUPPORT @api private ON ATTRIBUTES.
326
- #
327
- # The port used to derive ports for conjur services running locally. You will only use this if you are
328
- # running the Conjur services locally, in which case you are probably a Conjur developer, and should ask
329
- # someone in chat ;-)
330
- #
331
- add_option :service_base_port, default: 5000
332
-
333
- # @!attribute account
334
- # The organizational account used by Conjur.
335
- #
336
- # On Conjur appliances, this option will be set once when the appliance is first configured. You can get the
337
- # value for the acccount option from your conjur administrator, or if you have installed
338
- # the {http://developer.conjur.net/client_setup/cli.html Conjur command line tools} by running
339
- # {http://developer.conjur.net/reference/services/authentication/whoami.html conjur authn whoami},
340
- # or examining your {http://developer.conjur.net/client_setup/cli.html#Configure .conjurrc file}.
341
- #
342
- # @note this option is **required**, and attempting to make any api calls prior to setting it (either
343
- # explicitly or with the `"CONJUR_ACCOUNT"` environment variable) will raise an exception.
344
- #
345
- # @return [String]
346
- add_option :account, required: true
347
-
348
- # @!attribute cert_file
349
- #
350
- # Path to the certificate file to use when making secure connections to your Conjur appliance.
351
- #
352
- # This should be the path to the root Conjur SSL certificate in PEM format. You will normally get the
353
- # certificate file using the {http://developer.conjur.net/reference/tools/utilities/init.html conjur init} command.
354
- # This option is not required if the certificate or its root is in the OpenSSL default cert store.
355
- # If your program throws an error indicating that SSL verification has failed, you probably need
356
- # to set or fix this option.
357
- #
358
- # @return [String, nil] path to the certificate file, or nil if you aren't using one.
359
- add_option :cert_file
360
-
361
- # @!attribute ssl_certificate
362
- #
363
- # Contents of a certificate file. This can be used instead of :cert_file in environments like Heroku where you
364
- # can't use a certificate file.
365
- #
366
- # This option overrides the value of {#cert_file} if both are given, and issues a warning.
367
- #
368
- # @see cert_file
369
- add_option :ssl_certificate
370
-
371
- # @!attribute rest_client_options
372
- #
373
- # Custom options for the underlying RestClient Requests. This defaults to:
374
- # ```
375
- # {
376
- # ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
377
- # }
378
- # ``
379
- #
380
- # The `ssl_cert_store` value aligns with the default certificate store used by
381
- # {#apply_cert_config!}.
382
- #
383
- # NOTE: When setting the value of rest_client_options the defaults are not retained,
384
- # you must manually set them on the value you provide.
385
- add_option :rest_client_options do
386
- {
387
- ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
388
- }
389
- end
390
-
391
- # @!attribute version
392
- #
393
- # Selects the major API version of the Conjur server. With this setting, the API
394
- # will use the routing scheme for API version `4` or `5`.
395
- #
396
- # Methods which are not available in the selected version will raise NoMethodError.
397
- add_option :version, default: 5
398
-
399
- # @!attribute authn_local_socket
400
- #
401
- # File path to the Unix socket used for local authentication.
402
- # This is only available when the API client is running on the Conjur server.
403
- add_option :authn_local_socket, default: "/run/authn-local/.socket"
404
-
405
- # Create rest_client_options by merging the input with the
406
- # rest_client_options present on the configuration object.
407
- def create_rest_client_options options
408
- rest_client_options.merge(options || {})
409
- end
410
-
411
- # Calls a major-version-specific function.
412
- def version_logic v4_logic, v5_logic
413
- case version.to_s
414
- when "4"
415
- v4_logic.call
416
- when "5"
417
- v5_logic.call
418
- else
419
- raise "Unsupported major version #{version}"
420
- end
421
- end
422
-
423
- # Add the certificate configured by the {#ssl_certificate} and {#cert_file} options to the certificate
424
- # store used by Conjur clients.
425
- #
426
- # NOTE: If you specify a non-default `store` value, you must manually set the
427
- # `ssl_cert_store` value on {#rest_client_options} to the same value.
428
- #
429
- # @param [OpenSSL::X509::Store] store the certificate store that the certificate will be installed in.
430
- # @return [Boolean] whether a certificate was added to the store.
431
- def apply_cert_config! store=OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
432
- if ssl_certificate
433
- CertUtils.add_chained_cert(store, ssl_certificate)
434
- elsif cert_file
435
- ensure_cert_readable!(cert_file)
436
- store.add_file cert_file
437
- else
438
- return false
439
- end
440
- true
441
- end
442
-
443
- private
444
-
445
- def global_service_url service_port_offset, service_name: nil
446
- if appliance_url
447
- URI.join([appliance_url, service_name].compact.join('/')).to_s
448
- else
449
- "http://localhost:#{service_base_port + service_port_offset}"
450
- end
451
- end
452
-
453
- def ensure_cert_readable!(path)
454
- # Try to open the file to make sure it exists and that it's
455
- # readable. Don't rescue exceptions from it, just let them
456
- # propagate.
457
- File.open(path) {}
458
- end
459
- end
460
- end
data/lib/conjur/escape.rb DELETED
@@ -1,129 +0,0 @@
1
- #
2
- # Copyright (C) 2013-2017 Conjur Inc
3
- #
4
- # Permission is hereby granted, free of charge, to any person obtaining a copy of
5
- # this software and associated documentation files (the "Software"), to deal in
6
- # the Software without restriction, including without limitation the rights to
7
- # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
8
- # the Software, and to permit persons to whom the Software is furnished to do so,
9
- # subject to the following conditions:
10
- #
11
- # The above copyright notice and this permission notice shall be included in all
12
- # copies or substantial portions of the Software.
13
- #
14
- # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
- # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
16
- # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
17
- # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
18
- # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19
- # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
- #
21
- module Conjur
22
-
23
- # Provides helpers for escaping url components.
24
- #
25
- # The helpers are added as both class and isntance methods.
26
- module Escape
27
- module ClassMethods
28
- # URL escape the entire string. This is essentially the same as calling `CGI.escape str`,
29
- # and then substituting `%20` for `+`.
30
- #
31
- # @example
32
- # fully_escape 'foo/bar@baz'
33
- # # => "foo%2Fbar%40baz"
34
- #
35
- # @example
36
- # fully_escape 'test/Domain Controllers'
37
- # # => "test%2FDomain%20Controllers"
38
- #
39
- # @param [String] str the string to escape
40
- # @return [String] the escaped string
41
- def fully_escape(str)
42
- # CGI escape uses + for spaces, which our services don't support :-(
43
- # We just gsub it.
44
- CGI.escape(str.to_s).gsub('+', '%20')
45
- end
46
-
47
-
48
- # Escape a URI path component.
49
- #
50
- # This method simply calls {Conjur::Escape::ClassMethods#path_or_query_escape}.
51
- #
52
- # @param [String] str the string to escape
53
- # @return [String] the escaped string
54
- # @see Conjur::Escape::ClassMethods#path_or_query_escape
55
- def path_escape(str)
56
- path_or_query_escape str
57
- end
58
-
59
- # Escape a URI query value.
60
- #
61
- # This method simply calls {Conjur::Escape::ClassMethods#path_or_query_escape}.
62
- #
63
- # @param [String] str the string to escape
64
- # @return [String] the escaped string
65
- # @see Conjur::Escape::ClassMethods#path_or_query_escape
66
- def query_escape(str)
67
- path_or_query_escape str
68
- end
69
-
70
- # Escape a path or query value.
71
- #
72
- # This method is *similar* to `URI.escape`, but it has several important differences:
73
- # * If a falsey value is given, the string `"false"` is returned.
74
- # * If the value given responds to `#id`, the value returned by `str.id` is escaped instead.
75
- # * The value is escaped without modifying `':'` or `'/'`.
76
- #
77
- # @param [String, FalseClass, NilClass, #id] str the value to escape
78
- # @return [String] the value escaped as described
79
- def path_or_query_escape(str)
80
- return "false" unless str
81
- str = str.id if str.respond_to?(:id)
82
- # Leave colons and forward slashes alone
83
- require 'addressable/uri'
84
- Addressable::URI.encode(str.to_s)
85
- end
86
- end
87
-
88
- # @api private
89
- def self.included(base)
90
- base.extend ClassMethods
91
- end
92
-
93
- # URL escape the entire string. This is essentially the same as calling `CGI.escape str`.
94
- #
95
- # @example
96
- # fully_escape 'foo/bar@baz'
97
- # # => "foo%2Fbar%40baz"
98
- #
99
- # @param [String] str the string to escape
100
- # @return [String] the escaped string
101
- # @see Conjur::Escape::ClassMethods#fully_escape
102
- def fully_escape(str)
103
- self.class.fully_escape str
104
- end
105
-
106
- # Escape a URI path component.
107
- #
108
- # This method simply calls {Conjur::Escape::ClassMethods#path_or_query_escape}.
109
- #
110
- # @param [String] str the string to escape
111
- # @return [String] the escaped string
112
- # @see Conjur::Escape::ClassMethods#path_or_query_escape
113
- def path_escape(str)
114
- self.class.path_escape str
115
- end
116
-
117
-
118
- # Escape a URI query value.
119
- #
120
- # This method simply calls {Conjur::Escape::ClassMethods#path_or_query_escape}.
121
- #
122
- # @param [String] str the string to escape
123
- # @return [String] the escaped string
124
- # @see Conjur::Escape::ClassMethods#path_or_query_escape
125
- def query_escape(str)
126
- self.class.query_escape str
127
- end
128
- end
129
- end
@@ -1,4 +0,0 @@
1
- module Conjur
2
- class FeatureNotAvailable < StandardError
3
- end
4
- end
data/lib/conjur/group.rb DELETED
@@ -1,41 +0,0 @@
1
- # Copyright 2013-2017 Conjur Inc.
2
- #
3
- # Permission is hereby granted, free of charge, to any person obtaining a copy of
4
- # this software and associated documentation files (the "Software"), to deal in
5
- # the Software without restriction, including without limitation the rights to
6
- # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
7
- # the Software, and to permit persons to whom the Software is furnished to do so,
8
- # subject to the following conditions:
9
- #
10
- # The above copyright notice and this permission notice shall be included in all
11
- # copies or substantial portions of the Software.
12
- #
13
- # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14
- # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
15
- # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
16
- # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
17
- # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
18
- # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
19
- #
20
- module Conjur
21
-
22
- # A Conjur Group represents a collection of Conjur Users, Groups and Layers.
23
- #
24
- class Group < BaseObject
25
- include ActsAsRolsource
26
-
27
- # Get the group's gidnumber, which can be used by LDAP and SSH login, among other things.
28
- #
29
- # @return [Fixnum] the gidnumber
30
- # @raise [RestClient::Forbidden] if you don't have permission to `show` the group.
31
- def gidnumber
32
- parser_for(:group_gidnumber, group_attributes)
33
- end
34
-
35
- private
36
-
37
- def group_attributes
38
- @group_attributes ||= url_for(:group_attributes, credentials, self, id)
39
- end
40
- end
41
- end