conjur-api 5.3.7.pre.168 → 5.3.8.pre.8

data/lib/conjur/role_grant.rb

@@ -1,85 +0,0 @@
-# frozen_string_literal: true
-
-# Copyright 2013-2018 CyberArk Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-module Conjur
-  # Represents the membership of a role. `RoleGrant`s are returned
-  # by {ActsAsRole#members} and represent members of the role on which the method was invoked.
-  #
-  # @example
-  #   alice.members.map{|grant| grant.member}.include? admin_role # => true
-  #   admin_role.members.map{|grant| grant.member}.include? alice # => true
-  #
-  class RoleGrant
-    extend BuildObject::ClassMethods
-
-    # The role which was granted.
-    # @return [Conjur::Role]
-    attr_reader :role
-
-    # The member role in the relationship
-    # @return [Conjur::Role]
-    attr_reader :member
-
-    # When true, the role {#member} is allowed to give this grant to other roles
-    #
-    # @return [Boolean]
-    attr_reader :admin_option
-
-    # @api private
-    #
-    # Create a new RoleGrant instance.
-    #
-    # @param [Conjur::Role] member the member to which the role was granted
-    # @param [Boolean] admin_option whether `member` can give the grant to other roles
-    def initialize role, member, admin_option
-      @role = role
-      @member = member
-      @admin_option = admin_option
-    end
-
-    # Representation of the role grant as a hash.
-    def to_h
-      {
-        role: role.id,
-        member: member.id,
-        admin_option: admin_option
-      }
-    end
-    
-    def to_s
-      to_h.to_s
-    end
-
-    def as_json options = {}
-      to_h.as_json(options)
-    end
-
-    class << self
-      # @api private
-      #
-      # Create a `RoleGrant` from a JSON respnose
-      #
-      # @param [Hash] json the parsed JSON response
-      # @param [Hash] credentials the credentials used to create APIs for the member and grantor role objects
-      # @return [Conjur::RoleGrant]
-      def parse_from_json(json, credentials)
-        role = build_object(json['role'], credentials, default_class: Role)
-        member = build_object(json['member'], credentials, default_class: Role)
-        RoleGrant.new(role, member, json['admin_option'])
-      end
-    end
-  end
-end

data/lib/conjur/routing.rb

@@ -1,29 +0,0 @@
-module Conjur
-  module Routing
-    def url_for method, *args
-      router.send method, *args
-    end
-
-    def parser_for method, *args
-      router.send "parse_#{method}", *args
-    end
-
-    protected
-
-    def router
-      require 'conjur/api/router/v4'
-      require 'conjur/api/router/v5'
-
-      variable_id = "@v#{Conjur.configuration.version}_router"
-      router = instance_variable_get variable_id
-      if router.nil?
-        router = instance_variable_set variable_id, router_for_version
-      end
-      router
-    end
-
-    def router_for_version
-      Conjur::API::Router.const_get("V#{Conjur.configuration.version}")
-    end
-  end
-end

data/lib/conjur/user.rb

@@ -1,40 +0,0 @@
-#
-# Copyright 2013-2017 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-module Conjur
-  # A Conjur User.
-  class User < BaseObject
-    include ActsAsUser
-
-    # Get the user's uidnumber, which can be used by LDAP and SSH login, among other things.
-    #
-    # @return [Fixnum] the uidnumber
-    # @raise [RestClient::Forbidden] if you don't have permission to `show` the user.
-    def uidnumber
-      parser_for(:user_uidnumber, user_attributes)
-    end
-
-    private
-
-    def user_attributes
-      @user_attributes ||= url_for(:user_attributes, credentials, self, id)
-    end
-  end
-end

data/lib/conjur/variable.rb

@@ -1,208 +0,0 @@
-#
-# Copyright 2013-2017 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-module Conjur
-
-  # Protected (secret) data stored in Conjur.
-  # 
-  # The code responsible for the actual encryption of variables is open source as part of the
-  # {https://github.com/conjurinc/slosilo Slosilo} library.
-  #
-  # Each variables has some standard metadata (`mime-type` and secret `kind`).
-  #
-  # Variables are *versioned*.  Storing secrets in multiple places is a bad security practice, but
-  # overwriting a secret accidentally can create a major problem for development and ops teams.  Conjur
-  # discourages bad security practices while avoiding ops disasters by storing previous versions of
-  # a secret (up to a fixed limit, to avoid unbounded database growth).
-  #
-  # ### Important
-  # A common pitfall when trying to access older versions of a variable is to assume that `0` is the oldest
-  # version.  Variable versions are `1`-based, with `1` being the oldest.
-  #
-  # ### Permissions
-  #
-  # * To *fetch* the value of a `variable`, you must have permission to `'execute'` the variable.
-  # * To *add* a value to a `variable`, you must have permission to `'update'` the variable.
-  # * To *show* metadata associated with a variable, but *not* the value of the secret, you must have `'read'`
-  #     permission on the variable.
-  #
-  # @example Get a variable and access its metadata and the latest value
-  #   variable = api.resource 'myorg:variable:example'
-  #   puts variable.kind      # "example-secret"
-  #   puts variable.mime_type # "text/plain"
-  #   puts variable.value     # "supahsecret"
-
-  # @example Variables are versioned
-  #   variable = api.resource 'myorg:variable:example'
-  #   # Unless you set a variables value when you create it, the variable starts out without a value and version_count
-  #   # is 0.
-  #   var.version_count # => 0
-  #   var.value # raises RestClient::ResourceNotFound (404)
-  #
-  #   # Add a value
-  #   var.add_value 'value 1'
-  #   var.version_count # => 1
-  #   var.value # => 'value 1'
-  #
-  #   # Add another value
-  #   var.add_value 'value 2'
-  #   var.version_count # => 2
-  #
-  #   # 'value' with no argument returns the most recent value
-  #   var.value # => 'value 2'
-  #
-  #   # We can access older versions by their 1 based index:
-  #   var.value 1 # => 'value 1'
-  #   var.value 2 # => 'value 2'
-  #   # Notice that version 0 of a variable is always the most recent:
-  #   var.value 0 # => 'value 2'
-  #
-  class Variable < BaseObject
-    include ActsAsResource
-
-    def as_json options={}
-      result = super(options)
-      result["mime_type"] = mime_type
-      result["kind"] = kind
-      result
-    end
-    
-    # The kind of secret represented by this variable,  for example, `'postgres-url'` or
-    # `'aws-secret-access-key'`.
-    #
-    # You must have the **`'read'`** permission on a variable to call this method.
-    #
-    # This attribute is only for human consumption, and does not take part in the Conjur permissions
-    # model.
-    #
-    # @note this is **not** the same as the `kind` part of a qualified Conjur id.
-    # @return [String] a string representing the kind of secret.
-    def kind
-      parser_for(:variable_kind, variable_attributes) || "secret"
-    end
-
-    # The MIME Type of the variable's value.
-    #
-    # You must have the **`'read'`** permission on a variable to call this method.
-    #
-    # This attribute is used by the Conjur services to set a response `Content-Type` header when
-    # returning the value of a variable.  Conjur applies the same MIME Type to all versions of a variable,
-    # so if you plan on accessing the variable in a way that depends on a correct `Content-Type` header
-    # you should make sure to store appropriate data for the mime type in all versions.
-    #
-    # @return [String] a MIME type, such as `'text/plain'` or `'application/octet-stream'`.
-    def mime_type
-      parser_for(:variable_mime_type, variable_attributes) || "text/plain"
-    end
-
-    # Add a new value to the variable.
-    #
-    # You must have the **`'update'`** permission on a variable to call this method.
-    #
-    # @example Add a value to a variable
-    #   var = api.variable 'my-secret'
-    #   puts var.version_count     #  1
-    #   puts var.value             #  'supersecret'
-    #   var.add_value "new_secret"
-    #   puts var.version_count     # 2
-    #   puts var.value             # 'new_secret'
-    # @param [String] value the new value to add
-    # @return [void]
-    def add_value value
-      log do |logger|
-        logger << "Adding a value to variable #{id}"
-      end
-      invalidate do
-        route = url_for(:secrets_add, credentials, id)
-        Conjur.configuration.version_logic lambda {
-            route.post value: value
-          }, lambda {
-            route.post value
-          }
-      end
-    end
-
-    # Return the number of versions of the variable.
-    #
-    # You must have the **`'read'`** permission on a variable to call this method.
-    #
-    # @example
-    #   var.version_count # => 4
-    #   var.add_value "something new"
-    #   var.version_count # => 5
-    #
-    # @return [Integer] the number of versions
-    def version_count
-      Conjur.configuration.version_logic lambda {
-          JSON.parse(url_for(:variable, credentials, id).get)['version_count']
-        }, lambda {
-          secrets = attributes['secrets']
-          if secrets.empty?
-            0
-          else
-            secrets.last['version']
-          end
-        }
-    end
-
-    # Return the version of a variable.
-    #
-    # You must have the **`'execute'`** permission on a variable to call this method.
-    #
-    # When no argument is given, the most recent version is returned.
-    #
-    # When a `version` argument is given, the method returns a version according to the following rules:
-    #  * If `version` is 0, the *most recent* version is returned.
-    #  * If `version` is less than 0 or greater than {#version_count}, a `RestClient::ResourceNotFound` exception
-    #   will be raised.
-    #  * If {#version_count} is 0, a `RestClient::ResourceNotFound` exception will be raised.
-    #  * If `version` is >= 1 and `version` <= {#version_count}, the version at the **1 based** index given by `version`
-    #    will be returned.
-    #
-    # @example Fetch all versions of a variable
-    #   versions = (1..var.version_count).map do |version|
-    #     var.value version
-    #   end
-    #
-    # @example Get the current version of a variable
-    #   # All of these return the same thing:
-    #   var.value
-    #   var.value 0
-    #   var.value var.version_count
-    #
-    # @example Get the value of an expired variable
-    #   var.value nil, show_expired: true
-    #
-    # @param [Integer] version the **1 based** version.
-    # @param options [Hash]
-    # @option options [Boolean, false] :show_expired show value even if variable has expired
-    # @return [String] the value of the variable
-    def value version = nil, options = {}
-      options['version'] = version if version
-      url_for(:secrets_value, credentials, id, options).get.body
-    end
-
-    private
-
-    def variable_attributes
-      @variable_attributes ||= url_for(:variable_attributes, credentials, self, id)
-    end
-  end  
-end

data/lib/conjur/webservice.rb

@@ -1,30 +0,0 @@
-#
-# Copyright 2013-2017 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-module Conjur
-  # A Conjur Webservice, which protects access to service code.
-  #
-  # Permissions on webservices can be granted and interpreted in a free-form way
-  # which is appropriate to the domain. For example, for a Docker registry
-  # which is guarded by a Webservice, the likely privileges would be `pull` and `push`.
-  class Webservice < BaseObject
-    include ActsAsResource
-  end
-end

data/lib/conjur-api/version.rb

@@ -1,24 +0,0 @@
-# Copyright 2013-2021 Conjur Inc.
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-module Conjur
-  class API
-    VERSION = File.read(File.expand_path('../../VERSION', __dir__))
-  end
-end

data/lib/conjur-api.rb

@@ -1,2 +0,0 @@
-# Just a stub so that require 'conjur-api' works
-require 'conjur/api'

data/publish.sh

@@ -1,7 +0,0 @@
-#!/bin/bash -e
-
-docker pull registry.tld/conjurinc/publish-rubygem
-
-summon --yaml "RUBYGEMS_API_KEY: !var rubygems/api-key" \
-  docker run --rm --env-file @SUMMONENVFILE -v "$(pwd)":/opt/src \
-  registry.tld/conjurinc/publish-rubygem conjur-api

data/spec/api/host_factories_spec.rb

@@ -1,34 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-require 'conjur/api/host_factories'
-
-describe "Conjur::API.host_factory_create_host", api: :dummy do
-  it "returns a Host instance correctly on v4" do
-    token = "host factory token"
-    id = "test-host"
-
-    allow(Conjur::API).to receive(:url_for)
-      .with(:host_factory_create_host, token).and_return(
-        resource = instance_double(RestClient::Resource, "hosts")
-      )
-
-    allow(resource).to receive(:post).with(id: id).and_return(
-      instance_double(RestClient::Response, "host response", body: '
-        {
-          "id": "test-host",
-          "userid": "hosts",
-          "created_at": "2015-11-13T22:57:14Z",
-          "ownerid": "cucumber:group:ops",
-          "roleid": "cucumber:host:test-host",
-          "resource_identifier": "cucumber:host:test-host",
-          "api_key": "14x82x72syhnnd1h8jj24zj1kqd2j09sjy3tddwxc35cmy5nx33ph7"
-        }
-      ')
-    )
-
-    host = Conjur::API.host_factory_create_host token, id
-
-    expect(host).to be_a Conjur::Host
-  end
-end