conjur-api 5.3.7.pre.168 → 5.3.8.pre.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (143) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. metadata +21 -190
  4. data/.codeclimate.yml +0 -10
  5. data/.dockerignore +0 -1
  6. data/.github/CODEOWNERS +0 -10
  7. data/.gitignore +0 -32
  8. data/.gitleaks.toml +0 -219
  9. data/.overcommit.yml +0 -16
  10. data/.project +0 -18
  11. data/.rubocop.yml +0 -3
  12. data/.rubocop_settings.yml +0 -86
  13. data/.rubocop_todo.yml +0 -709
  14. data/.yardopts +0 -1
  15. data/CHANGELOG.md +0 -433
  16. data/CONTRIBUTING.md +0 -141
  17. data/Dockerfile +0 -16
  18. data/Gemfile +0 -7
  19. data/Jenkinsfile +0 -167
  20. data/LICENSE +0 -202
  21. data/README.md +0 -162
  22. data/Rakefile +0 -47
  23. data/SECURITY.md +0 -42
  24. data/bin/parse-changelog.sh +0 -12
  25. data/ci/configure_v4.sh +0 -12
  26. data/ci/configure_v5.sh +0 -14
  27. data/ci/submit-coverage +0 -36
  28. data/conjur-api.gemspec +0 -40
  29. data/dev/Dockerfile.dev +0 -12
  30. data/dev/docker-compose.yml +0 -56
  31. data/dev/start +0 -17
  32. data/dev/stop +0 -5
  33. data/docker-compose.yml +0 -76
  34. data/example/demo_v4.rb +0 -49
  35. data/example/demo_v5.rb +0 -57
  36. data/features/authenticators.feature +0 -33
  37. data/features/authn_local.feature +0 -32
  38. data/features/exists.feature +0 -37
  39. data/features/group.feature +0 -11
  40. data/features/host.feature +0 -50
  41. data/features/host_factory_create_host.feature +0 -28
  42. data/features/host_factory_token.feature +0 -63
  43. data/features/load_policy.feature +0 -61
  44. data/features/members.feature +0 -51
  45. data/features/new_api.feature +0 -36
  46. data/features/permitted.feature +0 -70
  47. data/features/permitted_roles.feature +0 -30
  48. data/features/public_keys.feature +0 -11
  49. data/features/resource_fields.feature +0 -53
  50. data/features/role_fields.feature +0 -15
  51. data/features/rotate_api_key.feature +0 -13
  52. data/features/step_definitions/api_steps.rb +0 -18
  53. data/features/step_definitions/policy_steps.rb +0 -75
  54. data/features/step_definitions/result_steps.rb +0 -7
  55. data/features/support/env.rb +0 -18
  56. data/features/support/hooks.rb +0 -3
  57. data/features/support/world.rb +0 -12
  58. data/features/update_password.feature +0 -14
  59. data/features/user.feature +0 -58
  60. data/features/variable_fields.feature +0 -20
  61. data/features/variable_value.feature +0 -60
  62. data/features_v4/authn_local.feature +0 -27
  63. data/features_v4/exists.feature +0 -29
  64. data/features_v4/host.feature +0 -18
  65. data/features_v4/host_factory_token.feature +0 -49
  66. data/features_v4/members.feature +0 -39
  67. data/features_v4/permitted.feature +0 -15
  68. data/features_v4/permitted_roles.feature +0 -8
  69. data/features_v4/resource_fields.feature +0 -47
  70. data/features_v4/rotate_api_key.feature +0 -13
  71. data/features_v4/step_definitions/api_steps.rb +0 -17
  72. data/features_v4/step_definitions/result_steps.rb +0 -3
  73. data/features_v4/support/env.rb +0 -23
  74. data/features_v4/support/policy.yml +0 -34
  75. data/features_v4/support/world.rb +0 -12
  76. data/features_v4/variable_fields.feature +0 -11
  77. data/features_v4/variable_value.feature +0 -54
  78. data/lib/conjur/acts_as_resource.rb +0 -123
  79. data/lib/conjur/acts_as_role.rb +0 -142
  80. data/lib/conjur/acts_as_rolsource.rb +0 -32
  81. data/lib/conjur/acts_as_user.rb +0 -68
  82. data/lib/conjur/api/authenticators.rb +0 -35
  83. data/lib/conjur/api/authn.rb +0 -125
  84. data/lib/conjur/api/host_factories.rb +0 -71
  85. data/lib/conjur/api/ldap_sync.rb +0 -38
  86. data/lib/conjur/api/policies.rb +0 -56
  87. data/lib/conjur/api/pubkeys.rb +0 -53
  88. data/lib/conjur/api/resources.rb +0 -109
  89. data/lib/conjur/api/roles.rb +0 -98
  90. data/lib/conjur/api/router/v4.rb +0 -206
  91. data/lib/conjur/api/router/v5.rb +0 -248
  92. data/lib/conjur/api/variables.rb +0 -59
  93. data/lib/conjur/api.rb +0 -105
  94. data/lib/conjur/base.rb +0 -355
  95. data/lib/conjur/base_object.rb +0 -57
  96. data/lib/conjur/build_object.rb +0 -47
  97. data/lib/conjur/cache.rb +0 -26
  98. data/lib/conjur/cert_utils.rb +0 -63
  99. data/lib/conjur/cidr.rb +0 -71
  100. data/lib/conjur/configuration.rb +0 -460
  101. data/lib/conjur/escape.rb +0 -129
  102. data/lib/conjur/exceptions.rb +0 -4
  103. data/lib/conjur/group.rb +0 -41
  104. data/lib/conjur/has_attributes.rb +0 -98
  105. data/lib/conjur/host.rb +0 -27
  106. data/lib/conjur/host_factory.rb +0 -75
  107. data/lib/conjur/host_factory_token.rb +0 -78
  108. data/lib/conjur/id.rb +0 -71
  109. data/lib/conjur/layer.rb +0 -9
  110. data/lib/conjur/log.rb +0 -72
  111. data/lib/conjur/log_source.rb +0 -60
  112. data/lib/conjur/policy.rb +0 -34
  113. data/lib/conjur/policy_load_result.rb +0 -61
  114. data/lib/conjur/query_string.rb +0 -12
  115. data/lib/conjur/resource.rb +0 -29
  116. data/lib/conjur/role.rb +0 -29
  117. data/lib/conjur/role_grant.rb +0 -85
  118. data/lib/conjur/routing.rb +0 -29
  119. data/lib/conjur/user.rb +0 -40
  120. data/lib/conjur/variable.rb +0 -208
  121. data/lib/conjur/webservice.rb +0 -30
  122. data/lib/conjur-api/version.rb +0 -24
  123. data/lib/conjur-api.rb +0 -2
  124. data/publish.sh +0 -7
  125. data/spec/api/host_factories_spec.rb +0 -34
  126. data/spec/api_spec.rb +0 -254
  127. data/spec/base_object_spec.rb +0 -13
  128. data/spec/cert_utils_spec.rb +0 -173
  129. data/spec/cidr_spec.rb +0 -34
  130. data/spec/configuration_spec.rb +0 -330
  131. data/spec/has_attributes_spec.rb +0 -63
  132. data/spec/helpers/errors_matcher.rb +0 -34
  133. data/spec/helpers/request_helpers.rb +0 -10
  134. data/spec/id_spec.rb +0 -29
  135. data/spec/ldap_sync_spec.rb +0 -21
  136. data/spec/log_source_spec.rb +0 -13
  137. data/spec/log_spec.rb +0 -42
  138. data/spec/roles_spec.rb +0 -24
  139. data/spec/spec_helper.rb +0 -113
  140. data/spec/ssl_spec.rb +0 -109
  141. data/spec/uri_escape_spec.rb +0 -21
  142. data/test.sh +0 -69
  143. data/tmp/.keep +0 -0
@@ -1,49 +0,0 @@
1
- Feature: Working with host factory tokens.
2
-
3
- Background:
4
- Given I run the code:
5
- """
6
- @expiration = (DateTime.now + 1.hour).change(sec: 0)
7
- """
8
-
9
-
10
- Scenario: Create a new host factory token.
11
- When I run the code:
12
- """
13
- @token = $host_factory.create_token(@expiration)
14
- """
15
- Then I can run the code:
16
- """
17
- expect(@token).to be_instance_of(Conjur::HostFactoryToken)
18
- expect(@token.token).to be_instance_of(String)
19
- expiration = @token.expiration
20
- expiration = expiration.change(sec: 0)
21
- expect(expiration).to eq(@expiration)
22
- """
23
-
24
- Scenario: Create multiple new host factory tokens.
25
- When I run the code:
26
- """
27
- $host_factory.create_tokens @expiration, count: 2
28
- """
29
- Then the JSON should have 2 items
30
-
31
- Scenario: Revoke a host factory token using the token object.
32
- When I run the code:
33
- """
34
- @token = $host_factory.create_token @expiration
35
- """
36
- Then I can run the code:
37
- """
38
- @token.revoke
39
- """
40
-
41
- Scenario: Revoke a host factory token using the API.
42
- When I run the code:
43
- """
44
- @token = $host_factory.create_token @expiration
45
- """
46
- Then I can run the code:
47
- """
48
- $conjur.revoke_host_factory_token @token.token
49
- """
@@ -1,39 +0,0 @@
1
- Feature: Display role members and memberships.
2
-
3
- Scenario: Show a role's members.
4
- When I run the code:
5
- """
6
- $conjur.role('cucumber:group:everyone').members.map(&:as_json)
7
- """
8
- Then the JSON should be:
9
- """
10
- [
11
- {
12
- "admin_option": false,
13
- "member": "cucumber:group:developers",
14
- "role": "cucumber:group:everyone"
15
- },
16
- {
17
- "admin_option": true,
18
- "member": "cucumber:group:security_admin",
19
- "role": "cucumber:group:everyone"
20
- }
21
- ]
22
- """
23
-
24
- Scenario: Show a role's memberships.
25
- When I run the code:
26
- """
27
- $conjur.role('cucumber:group:developers').memberships.map(&:as_json)
28
- """
29
- Then the JSON should be:
30
- """
31
- [
32
- {
33
- "id": "cucumber:group:developers"
34
- },
35
- {
36
- "id": "cucumber:group:everyone"
37
- }
38
- ]
39
- """
@@ -1,15 +0,0 @@
1
- Feature: Check if a role has permission on a resource.
2
-
3
- Scenario: Check if the current user has the privilege.
4
- When I run the code:
5
- """
6
- $conjur.resource('cucumber:variable:db-password').permitted? 'execute'
7
- """
8
- Then the result should be "true"
9
-
10
- Scenario: Check if a different user has the privilege.
11
- When I run the code:
12
- """
13
- $conjur.resource('cucumber:variable:db-password').permitted? 'execute', role: "cucumber:user:bob"
14
- """
15
- Then the result should be "false"
@@ -1,8 +0,0 @@
1
- Feature: Enumerate roles which have a permission on a resource.
2
-
3
- Scenario: Permitted roles can be enumerated.
4
- When I run the code:
5
- """
6
- $conjur.resource('cucumber:variable:db-password').permitted_roles 'execute'
7
- """
8
- Then the JSON should include "cucumber:layer:myapp"
@@ -1,47 +0,0 @@
1
- Feature: Display basic resource fields.
2
-
3
- Scenario: Group exposes id, kind, identifier, and gidnumber.
4
- When I run the code:
5
- """
6
- resource = $conjur.resource('cucumber:group:developers')
7
- [ resource.id, resource.account, resource.kind, resource.identifier, resource.gidnumber ]
8
- """
9
- Then the JSON should be:
10
- """
11
- [
12
- "cucumber:group:developers",
13
- "cucumber",
14
- "group",
15
- "developers",
16
- 2000
17
- ]
18
- """
19
-
20
- Scenario: User exposes id, kind, identifier, and uidnumber.
21
- When I run the code:
22
- """
23
- resource = $conjur.resource('cucumber:user:alice')
24
- [ resource.id, resource.account, resource.kind, resource.identifier, resource.uidnumber ]
25
- """
26
- Then the JSON should be:
27
- """
28
- [
29
- "cucumber:user:alice",
30
- "cucumber",
31
- "user",
32
- "alice",
33
- 2000
34
- ]
35
- """
36
-
37
- Scenario: Resource#owner is the owner object
38
- When I run the code:
39
- """
40
- $conjur.resource('cucumber:group:developers').owner.id
41
- """
42
- Then the result should be "cucumber:group:security_admin"
43
- And I run the code:
44
- """
45
- $conjur.resource('cucumber:group:developers').class
46
- """
47
- Then the result should be "Conjur::Group"
@@ -1,13 +0,0 @@
1
- Feature: Rotate the API key.
2
-
3
- Scenario: Logged-in user can rotate the API key.
4
- When I run the code:
5
- """
6
- $conjur.role('cucumber:user:alice').rotate_api_key
7
- """
8
- Then I can run the code:
9
- """
10
- @api_key = @result.strip
11
- @conjur = Conjur::API.new_from_key 'alice', @api_key
12
- @conjur.token
13
- """
@@ -1,17 +0,0 @@
1
- Given(/^a new host$/) do
2
- @host_id = "app-#{random_hex}"
3
- host = Conjur::API.host_factory_create_host($token, @host_id)
4
- @host_api_key = host.api_key
5
- expect(@host_api_key).to be
6
-
7
- @host = $conjur.resource("cucumber:host:#{@host_id}")
8
- @host.attributes['api_key'] = @host_api_key
9
- end
10
-
11
- When(/^I(?: can)? run the code:$/) do |code|
12
- @result = eval(code).tap do |result|
13
- if ENV['DEBUG']
14
- puts result
15
- end
16
- end
17
- end
@@ -1,3 +0,0 @@
1
- Then(/^the result should be "([^"]+)"$/) do |expected|
2
- expect(@result.to_s).to eq(expected.to_s)
3
- end
@@ -1,23 +0,0 @@
1
- require 'simplecov'
2
-
3
- SimpleCov.start
4
-
5
- require 'json_spec/cucumber'
6
- require 'conjur/api'
7
-
8
- Conjur.configuration.appliance_url = ENV['CONJUR_APPLIANCE_URL'] || 'https://conjur_4/api'
9
- Conjur.configuration.account = ENV['CONJUR_ACCOUNT'] || 'cucumber'
10
- Conjur.configuration.cert_file = "./tmp/conjur.pem"
11
- Conjur.configuration.authn_local_socket = "/run/authn-local-4/.socket"
12
- Conjur.configuration.version = 4
13
-
14
- Conjur.configuration.apply_cert_config!
15
-
16
- $username = ENV['CONJUR_AUTHN_LOGIN'] || 'admin'
17
- $password = ENV['CONJUR_AUTHN_API_KEY'] || 'secret'
18
-
19
- $api_key = Conjur::API.login $username, $password
20
- $conjur = Conjur::API.new_from_key $username, $api_key
21
-
22
- $host_factory = $conjur.resource('cucumber:host_factory:myapp')
23
- $token = $host_factory.create_token(Time.now + 1.hour)
@@ -1,34 +0,0 @@
1
- - !user
2
- id: alice
3
- uidnumber: 2000
4
-
5
- - !group
6
- id: developers
7
- gidnumber: 2000
8
-
9
- - !group everyone
10
-
11
- - !grant
12
- role: !group everyone
13
- member: !group developers
14
-
15
- - !variable db-password
16
-
17
- - !variable ssh-key
18
-
19
- - !variable
20
- id: ssl-certificate
21
- kind: SSL certificate
22
- mime_type: application/x-pem-file
23
-
24
- - !layer myapp
25
-
26
- - !host-factory
27
- id: myapp
28
- layers: [ !layer myapp ]
29
-
30
- - !permit
31
- role: !layer myapp
32
- privileges: [ read, execute ]
33
- resources:
34
- - !variable db-password
@@ -1,12 +0,0 @@
1
- module ApiWorld
2
- def last_json
3
- @result.to_json
4
- end
5
-
6
- def random_hex nbytes = 12
7
- @random ||= Random.new
8
- @random.bytes(nbytes).unpack('h*').first
9
- end
10
- end
11
-
12
- World ApiWorld
@@ -1,11 +0,0 @@
1
- Feature: Display Variable fields.
2
-
3
- Background:
4
- When I run the code:
5
- """
6
- $conjur.resource('cucumber:variable:ssl-certificate')
7
- """
8
-
9
- Scenario: Display MIME type and kind
10
- Then the JSON at "mime_type" should be "application/x-pem-file"
11
- And the JSON at "kind" should be "SSL certificate"
@@ -1,54 +0,0 @@
1
- Feature: Work with Variable values.
2
- Background:
3
- Given I run the code:
4
- """
5
- @variable = $conjur.resource("cucumber:variable:db-password")
6
- @variable_2 = $conjur.resource("cucumber:variable:ssh-key")
7
- """
8
-
9
- Scenario: Add a value, retrieve the variable metadata and the value.
10
- Given I run the code:
11
- """
12
- @initial_count = @variable.version_count
13
- @variable.add_value 'value-0'
14
- """
15
- When I run the code:
16
- """
17
- expect(@variable.version_count).to eq(@initial_count + 1)
18
- """
19
- And I run the code:
20
- """
21
- @variable.value
22
- """
23
- Then the result should be "value-0"
24
-
25
- Scenario: Retrieve a historical value.
26
- Given I run the code:
27
- """
28
- @variable.add_value 'value-0'
29
- @variable.add_value 'value-1'
30
- @variable.add_value 'value-2'
31
- """
32
- When I run the code:
33
- """
34
- @variable.value(@variable.version_count - 2)
35
- """
36
- Then the result should be "value-0"
37
-
38
- Scenario: Retrieve multiple values in a batch
39
- Given I run the code:
40
- """
41
- @variable.add_value 'value-0'
42
- @variable_2.add_value 'value-2'
43
- """
44
- When I run the code:
45
- """
46
- $conjur.variable_values([ @variable, @variable_2 ].map(&:id))
47
- """
48
- Then the JSON should be:
49
- """
50
- {
51
- "db-password": "value-0",
52
- "ssh-key": "value-2"
53
- }
54
- """
@@ -1,123 +0,0 @@
1
- #
2
- # Copyright 2013-2017 Conjur Inc
3
- #
4
- # Permission is hereby granted, free of charge, to any person obtaining a copy of
5
- # this software and associated documentation files (the "Software"), to deal in
6
- # the Software without restriction, including without limitation the rights to
7
- # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
8
- # the Software, and to permit persons to whom the Software is furnished to do so,
9
- # subject to the following conditions:
10
- #
11
- # The above copyright notice and this permission notice shall be included in all
12
- # copies or substantial portions of the Software.
13
- #
14
- # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
- # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
16
- # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
17
- # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
18
- # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19
- # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
- #
21
-
22
- module Conjur
23
- # This module is included in object classes that have resource behavior.
24
- module ActsAsResource
25
- # @api private
26
- def self.included(base)
27
- base.include HasAttributes
28
- base.include Escape
29
- base.extend QueryString
30
- end
31
-
32
- # The full role id of the role that owns this resource.
33
- #
34
- # @example
35
- # api.current_role # => 'conjur:user:jon'
36
- # resource = api.create_resource 'conjur:example:resource-owner'
37
- # resource.owner # => 'conjur:user:jon'
38
- #
39
- # @return [String] the full role id of this resource's owner.
40
- def owner
41
- build_object attributes['owner'], default_class: Role
42
- end
43
-
44
- # Check whether this object exists by performing a HEAD request to its URL.
45
- #
46
- # This method will return false if the object doesn't exist.
47
- #
48
- # @example
49
- # does_not_exist = api.user 'does-not-exist' # This returns without error.
50
- #
51
- # # this is wrong!
52
- # owner = does_not_exist.owner # raises RestClient::ResourceNotFound
53
- #
54
- # # this is right!
55
- # owner = if does_not_exist.exists?
56
- # does_not_exist.owner
57
- # else
58
- # nil # or some sensible default
59
- # end
60
- #
61
- # @return [Boolean] does it exist?
62
- def exists?
63
- begin
64
- url_for(:resources_resource, credentials, id).head
65
- true
66
- rescue RestClient::Forbidden
67
- true
68
- rescue RestClient::ResourceNotFound
69
- false
70
- end
71
- end
72
-
73
- # Lists roles that have a specified privilege on the resource.
74
- #
75
- # This will return only roles of which api.current_user is a member.
76
- #
77
- # Options:
78
- #
79
- # * **offset** Zero-based offset into the result set.
80
- # * **limit** Total number of records returned.
81
- #
82
- # @example
83
- # resource = api.resource 'conjur:variable:example'
84
- # resource.permitted_roles 'execute' # => ['conjur:user:admin']
85
- # # After permitting 'execute' to user 'jon'
86
- # resource.permitted_roles 'execute' # => ['conjur:user:admin', 'conjur:user:jon']
87
- #
88
- # @param privilege [String] the privilege
89
- # @return [Array<String>] the ids of roles that have `privilege` on this resource.
90
- def permitted_roles privilege
91
- result = JSON.parse url_for(:resources_permitted_roles, credentials, id, privilege).get
92
- if result.is_a?(Hash) && ( count = result['count'] )
93
- count
94
- else
95
- result
96
- end
97
- end
98
-
99
- # True if the logged-in role, or a role specified using the :role option, has the
100
- # specified +privilege+ on this resource.
101
- #
102
- # @example
103
- # api.current_role # => 'conjur:cat:mouse'
104
- # resource.permitted_roles 'execute' # => ['conjur:user:admin', 'conjur:cat:mouse']
105
- # resource.permitted_roles 'update', # => ['conjur:user:admin', 'conjur:cat:gino']
106
- #
107
- # resource.permitted? 'update' # => false, `mouse` can't update this resource
108
- # resource.permitted? 'execute' # => true, `mouse` can execute it.
109
- # resource.permitted? 'update', role: 'conjur:cat:gino' # => true, `gino` can update it.
110
- # @param privilege [String] the privilege to check
111
- # @param role [String,nil] :role check whether the role given by this full role id is permitted
112
- # instead of checking +api.current_role+.
113
- # @return [Boolean]
114
- def permitted? privilege, role: nil
115
- url_for(:resources_check, credentials, id, privilege, role)
116
- true
117
- rescue RestClient::Forbidden
118
- false
119
- rescue RestClient::ResourceNotFound
120
- false
121
- end
122
- end
123
- end
@@ -1,142 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- # Copyright 2013-2018 CyberArk Ltd.
4
- #
5
- # Licensed under the Apache License, Version 2.0 (the "License");
6
- # you may not use this file except in compliance with the License.
7
- # You may obtain a copy of the License at
8
- #
9
- # http://www.apache.org/licenses/LICENSE-2.0
10
- #
11
- # Unless required by applicable law or agreed to in writing, software
12
- # distributed under the License is distributed on an "AS IS" BASIS,
13
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
- # See the License for the specific language governing permissions and
15
- # limitations under the License.
16
-
17
- module Conjur
18
-
19
- # This module provides methods for things that have an associated {Conjur::Role}.
20
- #
21
- # All high level Conjur assets (groups and users, for example) are composed of both a role and a resource. This allows
22
- # these assets to have permissions on other assets, and for other assets to have permission
23
- # on them.
24
- #
25
- # The {Conjur::ActsAsRole} module itself should be considered private, but it's methods are
26
- # public when added to a Conjur asset class.
27
- module ActsAsRole
28
-
29
- # Login name of the role. This is formed from the role kind and role id.
30
- # For users, the role kind can be omitted.
31
- def login
32
- [ kind, identifier ].delete_if{|t| t == "user"}.join('/')
33
- end
34
-
35
- # Check whether this object exists by performing a HEAD request to its URL.
36
- #
37
- # This method will return false if the object doesn't exist.
38
- #
39
- # @example
40
- # does_not_exist = api.user 'does-not-exist' # This returns without error.
41
- #
42
- # # this is wrong!
43
- # owner = does_not_exist.members # raises RestClient::ResourceNotFound
44
- #
45
- # # this is right!
46
- # owner = if does_not_exist.exists?
47
- # does_not_exist.members
48
- # else
49
- # nil # or some sensible default
50
- # end
51
- #
52
- # @return [Boolean] does it exist?
53
- def exists?
54
- begin
55
- rbac_role_resource.head
56
- true
57
- rescue RestClient::Forbidden
58
- true
59
- rescue RestClient::ResourceNotFound
60
- false
61
- end
62
- end
63
-
64
- # Find all roles of which this role is a member. By default, role relationships are recursively expanded,
65
- # so if `a` is a member of `b`, and `b` is a member of `c`, `a.all` will include `c`.
66
- #
67
- # ### Permissions
68
- # You must be a member of the role to call this method.
69
- #
70
- # You can restrict the roles returned to one or more role ids. This feature is mainly useful
71
- # for checking whether this role is a member of any of a set of roles.
72
- #
73
- # ### Options
74
- #
75
- # * **recursive** Defaults to +true+, performs recursive expansion of the memberships.
76
- #
77
- # @example Show all roles of which `"conjur:group:pubkeys-1.0/key-managers"` is a member
78
- # # Add alice to the group, so we see something interesting
79
- # key_managers = api.group('pubkeys-1.0/key-managers')
80
- # key_managers.add_member api.user('alice')
81
- #
82
- # # Show the memberships, mapped to the member ids.
83
- # key_managers.role.all.map(&:id)
84
- # # => ["conjur:group:pubkeys-1.0/admin", "conjur:user:alice"]
85
- #
86
- # @example See if role `"conjur:user:alice"` is a member of either `"conjur:groups:developers"` or `"conjur:group:ops"`
87
- # is_member = api.role('conjur:user:alice').all(filter: ['conjur:group:developers', 'conjur:group:ops']).any?
88
- #
89
- # @param [Hash] options options for the request
90
- # @return [Array<Conjur::Role>] Roles of which this role is a member
91
- def memberships options = {}
92
- request = if options.delete(:recursive) == false
93
- options["memberships"] = true
94
- else
95
- options["all"] = true
96
- end
97
- if filter = options.delete(:filter)
98
- filter = [filter] unless filter.is_a?(Array)
99
- options["filter"] = filter.map(&Id.method(:new))
100
- end
101
-
102
- result = JSON.parse(rbac_role_resource[options_querystring options].get)
103
- if result.is_a?(Hash) && ( count = result['count'] )
104
- count
105
- else
106
- host = Conjur.configuration.core_url
107
- result.collect do |item|
108
- if item.is_a?(String)
109
- build_object(item, default_class: Role)
110
- else
111
- RoleGrant.parse_from_json(item, self.options)
112
- end
113
- end
114
- end
115
- end
116
-
117
- # Fetch the direct members of this role. The results are *not* recursively expanded).
118
- #
119
- # ### Permissions
120
- # You must be a member of the role to call this method.
121
- #
122
- # @param options [Hash, nil] extra parameters to pass to the webservice method.
123
- # @return [Array<Conjur::RoleGrant>] the role memberships
124
- # @raise [RestClient::Forbidden] if you don't have permission to perform this operation
125
- def members options = {}
126
- options["members"] = true
127
- result = JSON.parse(rbac_role_resource[options_querystring options].get)
128
- if result.is_a?(Hash) && ( count = result['count'] )
129
- count
130
- else
131
- parser_for(:members, credentials, result)
132
- end
133
- end
134
-
135
- private
136
-
137
- # RestClient::Resource for RBAC role operations.
138
- def rbac_role_resource
139
- url_for(:roles_role, credentials, id)
140
- end
141
- end
142
- end
@@ -1,32 +0,0 @@
1
- #
2
- # Copyright (C) 2013-2017 Conjur Inc
3
- #
4
- # Permission is hereby granted, free of charge, to any person obtaining a copy of
5
- # this software and associated documentation files (the "Software"), to deal in
6
- # the Software without restriction, including without limitation the rights to
7
- # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
8
- # the Software, and to permit persons to whom the Software is furnished to do so,
9
- # subject to the following conditions:
10
- #
11
- # The above copyright notice and this permission notice shall be included in all
12
- # copies or substantial portions of the Software.
13
- #
14
- # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
- # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
16
- # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
17
- # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
18
- # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19
- # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
- #
21
- module Conjur
22
-
23
- # This module provides methods for things that have an associated {Conjur::Role} and
24
- # {Conjur::Resource}.
25
- module ActsAsRolsource
26
- # @api private
27
- def self.included(base)
28
- base.include ActsAsRole
29
- base.include ActsAsResource
30
- end
31
- end
32
- end