conjur-api 5.3.7 → 5.3.8.pre.319

data/Jenkinsfile

@@ -1,168 +0,0 @@
-#!/usr/bin/env groovy
-
-// Automated release, promotion and dependencies
-properties([
-  release.addParams()
-])
-
-if (params.MODE == "PROMOTE") {
-  release.promote(params.VERSION_TO_PROMOTE) { sourceVersion, targetVersion, assetDirectory ->
-    sh './publish.sh'
-  }
-  return
-}
-
-pipeline {
-  agent { label 'executor-v2' }
-
-  options {
-    timestamps()
-    buildDiscarder(logRotator(numToKeepStr: '30'))
-  }
-
-  triggers {
-    cron(getDailyCronString())
-  }
-
-  environment {
-    MODE = release.canonicalizeMode()
-  }
-
-  stages {
-    stage ("Skip build if triggering job didn't create a release") {
-      when {
-        expression {
-          MODE == "SKIP"
-        }
-      }
-      steps {
-        script {
-          currentBuild.result = 'ABORTED'
-          error("Aborting build because this build was triggered from upstream, but no release was built")
-        }
-      }
-    }
-    stage('Validate Changelog and set version') {
-      steps {
-        sh './bin/parse-changelog.sh'
-        updateVersion("CHANGELOG.md", "${BUILD_NUMBER}")
-      }
-    }
-
-    stage('Prepare CC Report Dir'){
-      steps {
-        script {
-          ccCoverage.dockerPrep()
-          sh 'mkdir -p coverage'
-        }
-      }
-    }
-
-    stage('Test Ruby 2.5') {
-      environment {
-        RUBY_VERSION = '2.5'
-      }
-      steps {
-        sh './test.sh'
-      }
-
-      post {
-        always {
-          junit 'spec/reports/*.xml'
-          junit 'features/reports/*.xml'
-          junit 'features_v4/reports/*.xml'
-        }
-      }
-    }
-
-    stage('Test Ruby 2.6') {
-      environment {
-        RUBY_VERSION = '2.6'
-      }
-      steps {
-        sh './test.sh'
-      }
-
-      post {
-        always {
-          junit 'spec/reports/*.xml'
-          junit 'features/reports/*.xml'
-          junit 'features_v4/reports/*.xml'
-        }
-      }
-    }
-
-    stage('Test Ruby 2.7') {
-      environment {
-        RUBY_VERSION = '2.7'
-      }
-      steps {
-        sh './test.sh'
-      }
-
-      post {
-        always {
-          junit 'spec/reports/*.xml'
-          junit 'features/reports/*.xml'
-          junit 'features_v4/reports/*.xml'
-        }
-      }
-    }
-
-    stage('Test Ruby 3.0') {
-      environment {
-        RUBY_VERSION = '3.0'
-      }
-      steps {
-        sh("./test.sh")
-      }
-      post {
-        always {
-          junit 'spec/reports/*.xml'
-          junit 'features/reports/*.xml'
-          junit 'features_v4/reports/*.xml'
-        }
-      }
-    }
-
-    stage('Submit Coverage Report'){
-      steps{
-        sh 'ci/submit-coverage'
-        publishHTML([reportDir: 'coverage', reportFiles: 'index.html', reportName: 'Coverage Report', reportTitles: '',
-          allowMissing: false, alwaysLinkToLastBuild: true, keepAll: true])
-      }
-
-      post {
-        always {
-          archiveArtifacts artifacts: "coverage/.resultset.json", fingerprint: false
-        }
-      }
-    }
-
-    stage('Release') {
-      when {
-        expression {
-          MODE == "RELEASE"
-        }
-      }
-
-      steps {
-        release {
-          // Clean up all but the calculated VERSION
-          sh '''docker run -i --rm -v $PWD:/src -w /src alpine/git clean -fxd \
-                -e VERSION \
-                -e bom-assets/ \
-                -e release-assets/ '''
-          sh './publish.sh'
-          sh 'cp conjur-api-*.gem release-assets/.'
-        }
-      }
-    }
-  }
-
-  post {
-    always {
-      cleanupAndNotify(currentBuild.currentResult)
-    }
-  }
-}

data/LICENSE

@@ -1,202 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright (c) 2021 CyberArk Software Ltd. All rights reserved.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.

data/README.md

@@ -1,162 +0,0 @@
-# Conjur::API
-
-Programmatic Ruby access to the Conjur API.
-
-RDocs are available from the through the [Ruby Gem details page](https://rubygems.org/gems/conjur-api)
-
-# Server Versions
-
-The Conjur server comes in two major versions:
-
-* **4.x** Conjur 4 is a commercial, non-open-source product, which is documented at [https://developer.conjur.net/](https://developer.conjur.net/).
-* **5.x** Conjur 5 is open-source software, hosted and documented at [https://www.conjur.org/](https://www.conjur.org/).
-
-You can use the `main` branch of this project, which is `conjur-api` version `5.x`, to do all of the following things against either type of Conjur server:
-
-* Authenticate
-* Fetch secrets
-* Check permissions
-* List roles, resources, members, memberships and permitted roles.
-* Create hosts using host factory
-* Rotate API keys
-
-Use the configuration setting `Conjur.configuration.version` to select your server version, or set the environment variable `CONJUR_VERSION`. In either case, the valid values are `4` and `5`; the default is `5`.
-
-If you are using Conjur server version `4.x`, you can also choose to use the `conjur-api` version `4.x`. In this case, the `Configuration.version` setting is not required (actually, it doesn't exist).
-
-## Using conjur-api-ruby with Conjur Open Source 
-
-Are you using this project with [Conjur Open Source](https://github.com/cyberark/conjur)? Then we 
-**strongly** recommend choosing the version of this project to use from the latest [Conjur OSS 
-suite release](https://docs.conjur.org/Latest/en/Content/Overview/Conjur-OSS-Suite-Overview.html). 
-Conjur maintainers perform additional testing on the suite release versions to ensure 
-compatibility. When possible, upgrade your Conjur version to match the 
-[latest suite release](https://docs.conjur.org/Latest/en/Content/ReleaseNotes/ConjurOSS-suite-RN.htm); 
-when using integrations, choose the latest suite release that matches your Conjur version. For any 
-questions, please contact us on [Discourse](https://discuss.cyberarkcommons.org/c/conjur/5).
-
-# Installation
-
-Add this line to your application's Gemfile:
-
-    gem 'conjur-api'
-
-And then execute:
-
-    $ bundle
-
-Or install it yourself as:
-
-    $ gem install conjur-api
-
-# Usage
-
-Connecting to Conjur is a two-step process:
-
-* **Configuration** Instruct the API where to find the Conjur endpoint and how to secure the connection.
-* **Authentication** Provide the API with credentials that it can use to authenticate.
-
-## Configuration
-
-The simplest way to configure the Conjur API is to use the configuration file stored on the machine.
-If you have configured the machine with [conjur init](http://developer.conjur.net/reference/tools/init.html),
-its default location is `~/.conjurrc`.
-
-The Conjur configuration process also checks `/etc/conjur.conf` for global settings. This is typically used
-in server environments.
-
-For custom scenarios, the location of the file can be overridden using the `CONJURRC` environment variable.
-
-You can load the Conjur configuration file using the following Ruby code:
-
-```ruby
-require 'conjur/cli'
-Conjur::Config.load
-Conjur::Config.apply
-```
-
-**Note** this code requires the [conjur-cli](https://github.com/conjurinc/cli-ruby) gem, which should also be in your
-gemset or bundle.
-
-## Authentication
-
-Once Conjur is configured, the connection can be established like this:
-
-```
-conjur = Conjur::Authn.connect nil, noask: true
-```
-
-To [authenticate](http://developer.conjur.net/reference/services/authentication/authenticate.html), the API client must
-provide a `login` name and `api_key`. The `Conjur::Authn.connect` will attempt the following, in order:
-
-1. Look for `login` in environment variable `CONJUR_AUTHN_LOGIN`, and `api_key` in `CONJUR_AUTHN_API_KEY`
-2. Look for credentials on disk. The default credentials file is `~/.netrc`. The location of the credentials file
-can be overridden using the configuration file `netrc_path` option.
-3. Prompt for credentials. This can be disabled using the option `noask: true`.
-
-## Connecting Without Files
-
-It's possible to configure and authenticate the Conjur connection without using any files, and without requiring
-the `conjur-cli` gem.
-
-To accomplish this, apply the configuration settings directly to the [Conjur::Configuration](https://github.com/conjurinc/api-ruby/blob/master/lib/conjur/configuration.rb)
-object.
-
-For example, specify the `account` and `appliance_url` (both of which are required) like this:
-
-```
-Conjur.configuration.account = 'my-account'
-Conjur.configuration.appliance_url = 'https://conjur.mydomain.com/api'
-```
-
-You can also specify these values using environment variables, which is often a bit more convenient.
-Environment variables are mapped to configuration variables by prepending `CONJUR_` to the all-caps name of the
-configuration variable. For example, `appliance_url` is `CONJUR_APPLIANCE_URL`, `account` is `CONJUR_ACCOUNT`.
-
-In either case, you will also need to configure certificate trust. For example:
-
-```
-OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.add_file "/etc/conjur-yourorg.pem"
-```
-
-Once Conjur is configured, you can create a new API client by providing a `login` and `api_key`:
-
-```
-Conjur::API.new_from_key login, api_key
-```
-
-Note that if you are connecting as a [Host](http://developer.conjur.net/reference/services/directory/host), the login should be
-prefixed with `host/`. For example: `host/myhost.example.com`, not just `myhost.example.com`.
-
-## Configuring RestClient
-
-[Conjur::Configuration](https://github.com/conjurinc/api-ruby/blob/master/lib/conjur/configuration.rb)
-allows optional configuration of the [RestClient](https://github.com/rest-client/rest-client)
-instance used by Conjur API to communicate with the Conjur server, via the options hash
-`Conjur.configuration.rest_client_options`.
-
-The default value for the options hash is:
-```ruby
-{
-  ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
-}
-```
-
-For example, here's how you would configure the client to use a proxy and `ssl_ca_file` (instead of the default `ssl_cert_store`).
-```ruby
-Conjur.configuration.rest_client_options = {
-    ssl_ca_file: "ca_certificate.pem",
-    proxy: "http://proxy.example.com/"
-}
-```
-
-## Contributing
-
-We welcome contributions of all kinds to this repository. For instructions on how to get started and descriptions of our development workflows, please see our [contributing
-guide][contrib].
-
-[contrib]: https://github.com/cyberark/conjur-api-ruby/blob/main/CONTRIBUTING.md
-
-## License
-
-This repository is licensed under Apache License 2.0 - see [`LICENSE`](LICENSE) for more details.

data/Rakefile

@@ -1,47 +0,0 @@
-#!/usr/bin/env rake
-require "bundler/gem_tasks"
-
-begin
-  require 'rspec/core/rake_task'
-  RSpec::Core::RakeTask.new :spec
-rescue LoadError
-  warn "rspec-core not found, rspec task will be unavailable"
-end
-
-begin
-  require "yard"
-  YARD::Rake::YardocTask.new(:yard)
-rescue LoadError
-  warn "yard not found, yard task will be unavailable"
-end
-
-require 'fileutils'
-task(:init_coverage) { FileUtils.rm_rf 'coverage' }
-task(:cuke_report_cleanup) { FileUtils.rm_rf 'features/reports' }
-
-begin
-  require 'cucumber'
-  require 'cucumber/rake/task'
-
-  Cucumber::Rake::Task.new(:cucumber_4) do |t|
-    t.cucumber_opts = "--tags ~@wip --format pretty --format junit --out features_v4/reports -r features_v4/step_definitions/ -r features_v4/support/ features_v4/"
-  end
-
-  Cucumber::Rake::Task.new(:cucumber_5) do |t|
-    t.cucumber_opts = "--tags ~@wip --format pretty --format junit --out features/reports"
-  end
-
-  begin
-    require 'ci/reporter/rake/rspec'
-    desc "Run the spec and cucumber suites, compute the test results and coverage statistics, build Yard docs"
-    task :jenkins_init => [ :init_coverage, :cuke_report_cleanup ]
-    task :jenkins_spec => [ :"ci:setup:rspec", :spec ]
-    task :jenkins_cucumber_v4 => [ :cucumber_4 ]
-    task :jenkins_cucumber_v5 => [ :cucumber_5 ]
-  rescue LoadError
-    warn "ci_reporter_rspec not found, jenkins task will be unavailable"
-  end
-rescue LoadError
-  warn "cucumber not found, cucumber task will be unavailable"
-end
-

data/SECURITY.md

@@ -1,42 +0,0 @@
-# Security Policies and Procedures
-
-This document outlines security procedures and general policies for the CyberArk Conjur
-suite of tools and products.
-
-  * [Reporting a Bug](#reporting-a-bug)
-  * [Disclosure Policy](#disclosure-policy)
-  * [Comments on this Policy](#comments-on-this-policy)
-
-## Reporting a Bug
-
-The CyberArk Conjur team and community take all security bugs in the Conjur suite seriously.
-Thank you for improving the security of the Conjur suite. We appreciate your efforts and
-responsible disclosure and will make every effort to acknowledge your
-contributions.
-
-Report security bugs by emailing the lead maintainers at security@conjur.org.
-
-The maintainers will acknowledge your email within 2 business days. Subsequently, we will 
-send a more detailed response within 2 business days of our acknowledgement indicating
-the next steps in handling your report. After the initial reply to your report, the security
-team will endeavor to keep you informed of the progress towards a fix and full
-announcement, and may ask for additional information or guidance.
-
-Report security bugs in third-party modules to the person or team maintaining
-the module.
-
-## Disclosure Policy
-
-When the security team receives a security bug report, they will assign it to a
-primary handler. This person will coordinate the fix and release process,
-involving the following steps:
-
-  * Confirm the problem and determine the affected versions.
-  * Audit code to find any potential similar problems.
-  * Prepare fixes for all releases still under maintenance. These fixes will be
-    released as fast as possible.
-
-## Comments on this Policy
-
-If you have suggestions on how this process could be improved please submit a
-pull request.

data/bin/parse-changelog.sh

@@ -1,12 +0,0 @@
-#!/bin/bash -ex
-
-cd "$(dirname "$0")"
-
-docker run --rm \
-  -v "$PWD/..:/work" \
-  -w "/work" \
-  ruby:2.5 bash -ec "
-    gem install -N parse_a_changelog
-    parse ./CHANGELOG.md
-  "
-

data/ci/configure_v4.sh

@@ -1,12 +0,0 @@
-#!/bin/bash -e
-
-cat << "CONFIGURE" | docker exec -i $(docker-compose ps -q conjur_4) bash
-set -e
-
-/opt/conjur/evoke/bin/wait_for_conjur
-evoke ca regenerate conjur_4
-/opt/conjur/evoke/bin/wait_for_conjur
-env CONJUR_AUTHN_LOGIN=admin CONJUR_AUTHN_API_KEY=secret conjur policy load --as-group security_admin /etc/policy.yml
-CONFIGURE
-
-docker cp $(docker-compose ps -q conjur_4):/opt/conjur/etc/ssl/ca.pem ./tmp/conjur.pem

data/ci/configure_v5.sh

@@ -1,14 +0,0 @@
-#!/bin/bash -e
-
-cat << "CONFIGURE" | docker exec -i $(docker-compose ps -q conjur_5) bash
-set -e
-
-for _ in $(seq 20); do
-  curl -o /dev/null -fs -X OPTIONS http://localhost > /dev/null && break
-  echo .
-  sleep 2
-done
-
-# So we fail if the server isn't up yet:
-curl -o /dev/null -fs -X OPTIONS http://localhost > /dev/null
-CONFIGURE