conjur-api 5.3.7 → 5.3.8.pre.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- metadata +23 -193
- data/.codeclimate.yml +0 -10
- data/.dockerignore +0 -1
- data/.github/CODEOWNERS +0 -10
- data/.gitignore +0 -32
- data/.gitleaks.toml +0 -219
- data/.overcommit.yml +0 -16
- data/.project +0 -18
- data/.rubocop.yml +0 -3
- data/.rubocop_settings.yml +0 -86
- data/.rubocop_todo.yml +0 -709
- data/.yardopts +0 -1
- data/CHANGELOG.md +0 -433
- data/CONTRIBUTING.md +0 -141
- data/Dockerfile +0 -16
- data/Gemfile +0 -7
- data/Jenkinsfile +0 -168
- data/LICENSE +0 -202
- data/README.md +0 -162
- data/Rakefile +0 -47
- data/SECURITY.md +0 -42
- data/bin/parse-changelog.sh +0 -12
- data/ci/configure_v4.sh +0 -12
- data/ci/configure_v5.sh +0 -14
- data/ci/submit-coverage +0 -36
- data/conjur-api.gemspec +0 -40
- data/dev/Dockerfile.dev +0 -12
- data/dev/docker-compose.yml +0 -56
- data/dev/start +0 -22
- data/dev/stop +0 -5
- data/docker-compose.yml +0 -76
- data/example/demo_v4.rb +0 -49
- data/example/demo_v5.rb +0 -57
- data/features/authenticators.feature +0 -33
- data/features/authn_local.feature +0 -32
- data/features/exists.feature +0 -37
- data/features/group.feature +0 -11
- data/features/host.feature +0 -50
- data/features/host_factory_create_host.feature +0 -28
- data/features/host_factory_token.feature +0 -63
- data/features/load_policy.feature +0 -61
- data/features/members.feature +0 -51
- data/features/new_api.feature +0 -36
- data/features/permitted.feature +0 -70
- data/features/permitted_roles.feature +0 -30
- data/features/public_keys.feature +0 -11
- data/features/resource_fields.feature +0 -53
- data/features/role_fields.feature +0 -15
- data/features/rotate_api_key.feature +0 -13
- data/features/step_definitions/api_steps.rb +0 -18
- data/features/step_definitions/policy_steps.rb +0 -75
- data/features/step_definitions/result_steps.rb +0 -7
- data/features/support/env.rb +0 -18
- data/features/support/hooks.rb +0 -3
- data/features/support/world.rb +0 -12
- data/features/update_password.feature +0 -14
- data/features/user.feature +0 -58
- data/features/variable_fields.feature +0 -20
- data/features/variable_value.feature +0 -60
- data/features_v4/authn_local.feature +0 -27
- data/features_v4/exists.feature +0 -29
- data/features_v4/host.feature +0 -18
- data/features_v4/host_factory_token.feature +0 -49
- data/features_v4/members.feature +0 -39
- data/features_v4/permitted.feature +0 -15
- data/features_v4/permitted_roles.feature +0 -8
- data/features_v4/resource_fields.feature +0 -47
- data/features_v4/rotate_api_key.feature +0 -13
- data/features_v4/step_definitions/api_steps.rb +0 -17
- data/features_v4/step_definitions/result_steps.rb +0 -3
- data/features_v4/support/env.rb +0 -23
- data/features_v4/support/policy.yml +0 -34
- data/features_v4/support/world.rb +0 -12
- data/features_v4/variable_fields.feature +0 -11
- data/features_v4/variable_value.feature +0 -54
- data/lib/conjur/acts_as_resource.rb +0 -123
- data/lib/conjur/acts_as_role.rb +0 -142
- data/lib/conjur/acts_as_rolsource.rb +0 -32
- data/lib/conjur/acts_as_user.rb +0 -68
- data/lib/conjur/api/authenticators.rb +0 -35
- data/lib/conjur/api/authn.rb +0 -125
- data/lib/conjur/api/host_factories.rb +0 -71
- data/lib/conjur/api/ldap_sync.rb +0 -38
- data/lib/conjur/api/policies.rb +0 -56
- data/lib/conjur/api/pubkeys.rb +0 -53
- data/lib/conjur/api/resources.rb +0 -109
- data/lib/conjur/api/roles.rb +0 -98
- data/lib/conjur/api/router/v4.rb +0 -206
- data/lib/conjur/api/router/v5.rb +0 -248
- data/lib/conjur/api/variables.rb +0 -59
- data/lib/conjur/api.rb +0 -105
- data/lib/conjur/base.rb +0 -355
- data/lib/conjur/base_object.rb +0 -57
- data/lib/conjur/build_object.rb +0 -47
- data/lib/conjur/cache.rb +0 -26
- data/lib/conjur/cert_utils.rb +0 -63
- data/lib/conjur/cidr.rb +0 -71
- data/lib/conjur/configuration.rb +0 -460
- data/lib/conjur/escape.rb +0 -129
- data/lib/conjur/exceptions.rb +0 -4
- data/lib/conjur/group.rb +0 -41
- data/lib/conjur/has_attributes.rb +0 -98
- data/lib/conjur/host.rb +0 -27
- data/lib/conjur/host_factory.rb +0 -75
- data/lib/conjur/host_factory_token.rb +0 -78
- data/lib/conjur/id.rb +0 -71
- data/lib/conjur/layer.rb +0 -9
- data/lib/conjur/log.rb +0 -72
- data/lib/conjur/log_source.rb +0 -60
- data/lib/conjur/policy.rb +0 -34
- data/lib/conjur/policy_load_result.rb +0 -61
- data/lib/conjur/query_string.rb +0 -12
- data/lib/conjur/resource.rb +0 -29
- data/lib/conjur/role.rb +0 -29
- data/lib/conjur/role_grant.rb +0 -85
- data/lib/conjur/routing.rb +0 -29
- data/lib/conjur/user.rb +0 -40
- data/lib/conjur/variable.rb +0 -208
- data/lib/conjur/webservice.rb +0 -30
- data/lib/conjur-api/version.rb +0 -24
- data/lib/conjur-api.rb +0 -2
- data/publish.sh +0 -5
- data/spec/api/host_factories_spec.rb +0 -34
- data/spec/api_spec.rb +0 -254
- data/spec/base_object_spec.rb +0 -13
- data/spec/cert_utils_spec.rb +0 -173
- data/spec/cidr_spec.rb +0 -34
- data/spec/configuration_spec.rb +0 -330
- data/spec/has_attributes_spec.rb +0 -63
- data/spec/helpers/errors_matcher.rb +0 -34
- data/spec/helpers/request_helpers.rb +0 -10
- data/spec/id_spec.rb +0 -29
- data/spec/ldap_sync_spec.rb +0 -21
- data/spec/log_source_spec.rb +0 -13
- data/spec/log_spec.rb +0 -42
- data/spec/roles_spec.rb +0 -24
- data/spec/spec_helper.rb +0 -113
- data/spec/ssl_spec.rb +0 -109
- data/spec/uri_escape_spec.rb +0 -21
- data/test.sh +0 -73
- data/tmp/.keep +0 -0
@@ -1,98 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Copyright 2013-2017 Conjur Inc
|
3
|
-
#
|
4
|
-
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
-
# this software and associated documentation files (the "Software"), to deal in
|
6
|
-
# the Software without restriction, including without limitation the rights to
|
7
|
-
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
-
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
-
# subject to the following conditions:
|
10
|
-
#
|
11
|
-
# The above copyright notice and this permission notice shall be included in all
|
12
|
-
# copies or substantial portions of the Software.
|
13
|
-
#
|
14
|
-
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
-
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
-
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
-
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
-
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
-
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
-
#
|
21
|
-
module Conjur
|
22
|
-
# Many Conjur assets have key-value attributes. Although these should generally be accessed via
|
23
|
-
# methods on specific asset classes (for example, {Conjur::Resource#owner}), the are available as
|
24
|
-
# a `Hash` on all types supporting attributes.
|
25
|
-
module HasAttributes
|
26
|
-
class << self
|
27
|
-
|
28
|
-
# @api private
|
29
|
-
def annotation_value annotations, name
|
30
|
-
(annotations.find{|a| a['name'] == name} || {})['value']
|
31
|
-
end
|
32
|
-
end
|
33
|
-
|
34
|
-
def as_json options={}
|
35
|
-
result = super(options)
|
36
|
-
if @attributes
|
37
|
-
result.merge!(@attributes.as_json(options))
|
38
|
-
end
|
39
|
-
result
|
40
|
-
end
|
41
|
-
|
42
|
-
def to_s
|
43
|
-
to_json.to_s
|
44
|
-
end
|
45
|
-
|
46
|
-
# @api private
|
47
|
-
# Set the attributes for this Resource.
|
48
|
-
# @param [Hash] attributes new attributes for the object.
|
49
|
-
# @return [Hash] the new attributes
|
50
|
-
def attributes=(attributes); @attributes = attributes; end
|
51
|
-
|
52
|
-
# Get the attributes for this asset. This is an immutable Hash, unless the attributes
|
53
|
-
# are changed via policy update.
|
54
|
-
#
|
55
|
-
# @return [Hash] the asset's attributes.
|
56
|
-
def attributes
|
57
|
-
return @attributes if @attributes
|
58
|
-
fetch
|
59
|
-
end
|
60
|
-
|
61
|
-
# Call a block that will perform actions that might change the asset's attributes.
|
62
|
-
# No matter what happens in the block, this method ensures that the cached attributes
|
63
|
-
# will be invalidated.
|
64
|
-
#
|
65
|
-
# @note this is mainly used internally, but included in the public api for completeness.
|
66
|
-
#
|
67
|
-
# @return [void]
|
68
|
-
def invalidate(&block)
|
69
|
-
yield
|
70
|
-
ensure
|
71
|
-
@attributes = nil
|
72
|
-
end
|
73
|
-
|
74
|
-
def annotations
|
75
|
-
Hash[(attributes['annotations']||{}).collect {|e| [e['name'],e['value']]}]
|
76
|
-
end
|
77
|
-
|
78
|
-
protected
|
79
|
-
|
80
|
-
def annotation_value name
|
81
|
-
annotations[name]
|
82
|
-
end
|
83
|
-
|
84
|
-
# @api private
|
85
|
-
# Fetch the attributes, overwriting any current ones.
|
86
|
-
def fetch
|
87
|
-
@attributes ||= fetch_attributes
|
88
|
-
end
|
89
|
-
|
90
|
-
# @api private
|
91
|
-
def fetch_attributes
|
92
|
-
cache_key = Conjur.cache_key username, url_for(:resources_resource, credentials, id).url
|
93
|
-
Conjur.cache.fetch_attributes cache_key do
|
94
|
-
JSON.parse(url_for(:resources_resource, credentials, id).get.body)
|
95
|
-
end
|
96
|
-
end
|
97
|
-
end
|
98
|
-
end
|
data/lib/conjur/host.rb
DELETED
@@ -1,27 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Copyright 2013-2017 Conjur Inc
|
3
|
-
#
|
4
|
-
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
-
# this software and associated documentation files (the "Software"), to deal in
|
6
|
-
# the Software without restriction, including without limitation the rights to
|
7
|
-
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
-
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
-
# subject to the following conditions:
|
10
|
-
#
|
11
|
-
# The above copyright notice and this permission notice shall be included in all
|
12
|
-
# copies or substantial portions of the Software.
|
13
|
-
#
|
14
|
-
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
-
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
-
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
-
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
-
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
-
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
-
#
|
21
|
-
module Conjur
|
22
|
-
# This class represents a Conjur Host. Hosts are created in Conjur policy, or with
|
23
|
-
# {Conjur::HostFactory}.
|
24
|
-
class Host < BaseObject
|
25
|
-
include ActsAsUser
|
26
|
-
end
|
27
|
-
end
|
data/lib/conjur/host_factory.rb
DELETED
@@ -1,75 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Copyright 2013-2017 Conjur Inc
|
3
|
-
#
|
4
|
-
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
-
# this software and associated documentation files (the "Software"), to deal in
|
6
|
-
# the Software without restriction, including without limitation the rights to
|
7
|
-
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
-
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
-
# subject to the following conditions:
|
10
|
-
#
|
11
|
-
# The above copyright notice and this permission notice shall be included in all
|
12
|
-
# copies or substantial portions of the Software.
|
13
|
-
#
|
14
|
-
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
-
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
-
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
-
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
-
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
-
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
-
#
|
21
|
-
require 'conjur/host_factory_token'
|
22
|
-
|
23
|
-
module Conjur
|
24
|
-
# A Host Factory is a way to allow clients to create Conjur hosts without giving them
|
25
|
-
# any other access to Conjur.
|
26
|
-
#
|
27
|
-
# Each Host Factory can have 0 or more tokens, each of which is a random string that
|
28
|
-
# has an associated expiration and optional CIDR restriction. A user or machine who has
|
29
|
-
# a host factory token can use it to create new hosts, or to rotate the API keys of
|
30
|
-
# existing hosts.
|
31
|
-
#
|
32
|
-
# @see API#host_factory_create_host
|
33
|
-
# @see HostFactoryToken
|
34
|
-
class HostFactory < BaseObject
|
35
|
-
include ActsAsRolsource
|
36
|
-
|
37
|
-
# Create one or more host factory tokens. Each token can be used to create
|
38
|
-
# hosts, using {API#host_factory_create_host}.
|
39
|
-
#
|
40
|
-
# @param expiration [Time] the future time at which the token will stop working.
|
41
|
-
# @param count [Integer] the number of (identical) tokens to create (default: 1).
|
42
|
-
# @param cidr [String] a CIDR restriction on the usage of the token.
|
43
|
-
# @return [Array<HostFactoryToken>] the token or tokens.
|
44
|
-
def create_tokens expiration, count: 1, cidr: nil
|
45
|
-
options = {}
|
46
|
-
options[:expiration] = expiration.iso8601
|
47
|
-
options[:host_factory] = id
|
48
|
-
options[:count] = count
|
49
|
-
options[:cidr] = cidr if cidr
|
50
|
-
response = JSON.parse url_for(:host_factory_create_tokens, credentials, id).post(options)
|
51
|
-
response.map do |data|
|
52
|
-
HostFactoryToken.new data, credentials
|
53
|
-
end
|
54
|
-
end
|
55
|
-
|
56
|
-
# Create a new token.
|
57
|
-
#
|
58
|
-
# @see #create_tokens
|
59
|
-
def create_token expiration, cidr: nil
|
60
|
-
create_tokens(expiration, cidr: cidr).first
|
61
|
-
end
|
62
|
-
|
63
|
-
# Enumerate the tokens on the host factory.
|
64
|
-
#
|
65
|
-
# @return [Array<HostFactoryToken>] the token or tokens.
|
66
|
-
def tokens
|
67
|
-
# Tokens list is not returned by +show+ if the caller doesn't have permission
|
68
|
-
return nil unless self.attributes['tokens']
|
69
|
-
|
70
|
-
self.attributes['tokens'].collect do |data|
|
71
|
-
HostFactoryToken.new data, credentials
|
72
|
-
end
|
73
|
-
end
|
74
|
-
end
|
75
|
-
end
|
@@ -1,78 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Copyright 2013-2017 Conjur Inc
|
3
|
-
#
|
4
|
-
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
-
# this software and associated documentation files (the "Software"), to deal in
|
6
|
-
# the Software without restriction, including without limitation the rights to
|
7
|
-
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
-
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
-
# subject to the following conditions:
|
10
|
-
#
|
11
|
-
# The above copyright notice and this permission notice shall be included in all
|
12
|
-
# copies or substantial portions of the Software.
|
13
|
-
#
|
14
|
-
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
-
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
-
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
-
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
-
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
-
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
-
#
|
21
|
-
module Conjur
|
22
|
-
class HostFactoryToken
|
23
|
-
def initialize data, credentials
|
24
|
-
@data = data
|
25
|
-
@credentials = credentials
|
26
|
-
end
|
27
|
-
|
28
|
-
# Convert the object to JSON.
|
29
|
-
#
|
30
|
-
# Fields:
|
31
|
-
#
|
32
|
-
# * token
|
33
|
-
# * expiration
|
34
|
-
# * cidr
|
35
|
-
def to_json(options = {})
|
36
|
-
{ token: token, expiration: expiration, cidr: cidr }
|
37
|
-
end
|
38
|
-
|
39
|
-
# Format the token as a string, using JSON format.
|
40
|
-
def to_s
|
41
|
-
to_json.to_s
|
42
|
-
end
|
43
|
-
|
44
|
-
# Gets the token string.
|
45
|
-
#
|
46
|
-
# @return [String]
|
47
|
-
def token
|
48
|
-
@data['token']
|
49
|
-
end
|
50
|
-
|
51
|
-
# Gets the expiration.
|
52
|
-
#
|
53
|
-
# @return [DateTime]
|
54
|
-
def expiration
|
55
|
-
DateTime.iso8601(@data['expiration'])
|
56
|
-
end
|
57
|
-
|
58
|
-
# Gets the CIDR restriction.
|
59
|
-
#
|
60
|
-
# @return [String]
|
61
|
-
def cidr
|
62
|
-
@data['cidr']
|
63
|
-
end
|
64
|
-
|
65
|
-
# Revokes the token, after which it cannot be used any more.
|
66
|
-
def revoke
|
67
|
-
Conjur::API.revoke_host_factory_token @credentials, token
|
68
|
-
end
|
69
|
-
|
70
|
-
def ==(other)
|
71
|
-
other.class == self.class &&
|
72
|
-
other.token == self.token &&
|
73
|
-
other.expiration == self.expiration &&
|
74
|
-
other.cidr == self.cidr
|
75
|
-
end
|
76
|
-
|
77
|
-
end
|
78
|
-
end
|
data/lib/conjur/id.rb
DELETED
@@ -1,71 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
# Copyright 2013-2018 CyberArk Ltd.
|
4
|
-
#
|
5
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
-
# you may not use this file except in compliance with the License.
|
7
|
-
# You may obtain a copy of the License at
|
8
|
-
#
|
9
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
-
#
|
11
|
-
# Unless required by applicable law or agreed to in writing, software
|
12
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
-
# See the License for the specific language governing permissions and
|
15
|
-
# limitations under the License.
|
16
|
-
|
17
|
-
require 'conjur/escape'
|
18
|
-
|
19
|
-
module Conjur
|
20
|
-
# Encapsulates a Conjur id, which consists of account, kind, and identifier.
|
21
|
-
class Id
|
22
|
-
include Conjur::Escape
|
23
|
-
|
24
|
-
attr_reader :id
|
25
|
-
|
26
|
-
def initialize id
|
27
|
-
@id = Id.normalize id
|
28
|
-
end
|
29
|
-
|
30
|
-
# The organization account, obtained from the first component of the id.
|
31
|
-
def account; id.split(':', 3)[0]; end
|
32
|
-
# The object kind, obtained from the second component of the id.
|
33
|
-
def kind; id.split(':', 3)[1]; end
|
34
|
-
# The object identifier, obtained from the third component of the id. The
|
35
|
-
# identifier must be unique within the `account` and `kind`.
|
36
|
-
def identifier; id.split(':', 3)[2]; end
|
37
|
-
|
38
|
-
# Defines id equivalence using the string representation.
|
39
|
-
def == other
|
40
|
-
if other.is_a?(String)
|
41
|
-
to_s == other
|
42
|
-
else
|
43
|
-
super
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
# @return [String] the id string.
|
48
|
-
def as_json options={}
|
49
|
-
@id
|
50
|
-
end
|
51
|
-
|
52
|
-
# Splits the id into 3 components, and then joins them with a forward-slash `/`.
|
53
|
-
def to_url_path
|
54
|
-
id.split(':', 3)
|
55
|
-
.map(&method(:fully_escape))
|
56
|
-
.join('/')
|
57
|
-
end
|
58
|
-
|
59
|
-
# @return [String] the id string
|
60
|
-
def to_s
|
61
|
-
id
|
62
|
-
end
|
63
|
-
|
64
|
-
def self.normalize id
|
65
|
-
Array(id).join(':').tap do |id|
|
66
|
-
raise ArgumentError, "id must be fully qualified: #{id}" \
|
67
|
-
unless id =~ /.*:.*:.*/
|
68
|
-
end
|
69
|
-
end
|
70
|
-
end
|
71
|
-
end
|
data/lib/conjur/layer.rb
DELETED
@@ -1,9 +0,0 @@
|
|
1
|
-
module Conjur
|
2
|
-
|
3
|
-
# A Conjur Layer is a type of role whose members are Conjur Hosts. The hosts inherit
|
4
|
-
# permissions from the layer. Automatic roles on the layer can also be used to manage
|
5
|
-
# SSH permissions to the hosts.
|
6
|
-
class Layer < BaseObject
|
7
|
-
include ActsAsRolsource
|
8
|
-
end
|
9
|
-
end
|
data/lib/conjur/log.rb
DELETED
@@ -1,72 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Copyright 2013-2017 Conjur Inc
|
3
|
-
#
|
4
|
-
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
-
# this software and associated documentation files (the "Software"), to deal in
|
6
|
-
# the Software without restriction, including without limitation the rights to
|
7
|
-
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
-
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
-
# subject to the following conditions:
|
10
|
-
#
|
11
|
-
# The above copyright notice and this permission notice shall be included in all
|
12
|
-
# copies or substantial portions of the Software.
|
13
|
-
#
|
14
|
-
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
-
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
-
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
-
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
-
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
-
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
-
#
|
21
|
-
require 'logger'
|
22
|
-
|
23
|
-
module Conjur
|
24
|
-
# Assign a Logger for use by Conjur API methods. This method accepts
|
25
|
-
# several argument forms:
|
26
|
-
# * The strings 'stdout' and 'stderr' cause log messages to be sent to the corresponding stream.
|
27
|
-
# * Other stings are treated as paths and will cause log messages to be sent to those files.
|
28
|
-
# * A `Logger` instance will be used as is.
|
29
|
-
#
|
30
|
-
# Note that the logger specified by the `CONJURAPI_LOG` environment variable will override
|
31
|
-
# the value set here.
|
32
|
-
#
|
33
|
-
# @param [String, Logger,nil] log the new logger to use
|
34
|
-
# @return [void]
|
35
|
-
def self.log= log
|
36
|
-
@@log = create_log log
|
37
|
-
end
|
38
|
-
|
39
|
-
# @api private
|
40
|
-
# Create a log from a String or Logger param
|
41
|
-
#
|
42
|
-
# @param [String, Logger, nil] param the value to create the logger from
|
43
|
-
# @return Logger
|
44
|
-
def self.create_log param
|
45
|
-
if param
|
46
|
-
if param.is_a? String
|
47
|
-
if param == 'stdout'
|
48
|
-
Logger.new $stdout
|
49
|
-
elsif param == 'stderr'
|
50
|
-
Logger.new $stderr
|
51
|
-
else
|
52
|
-
Logger.new param
|
53
|
-
end
|
54
|
-
else
|
55
|
-
param
|
56
|
-
end
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
@@env_log = create_log ENV['CONJURAPI_LOG']
|
61
|
-
|
62
|
-
@@log = nil
|
63
|
-
|
64
|
-
# @api private
|
65
|
-
# @note this method may return nil if no log has been set, so you **must** check the value
|
66
|
-
# before attempting to use the logger.
|
67
|
-
#
|
68
|
-
# You should consider using {Conjur::LogSource} instead.
|
69
|
-
def self.log
|
70
|
-
@@env_log || @@log
|
71
|
-
end
|
72
|
-
end
|
data/lib/conjur/log_source.rb
DELETED
@@ -1,60 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Copyright 2013-2017 Conjur Inc
|
3
|
-
#
|
4
|
-
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
-
# this software and associated documentation files (the "Software"), to deal in
|
6
|
-
# the Software without restriction, including without limitation the rights to
|
7
|
-
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
-
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
-
# subject to the following conditions:
|
10
|
-
#
|
11
|
-
# The above copyright notice and this permission notice shall be included in all
|
12
|
-
# copies or substantial portions of the Software.
|
13
|
-
#
|
14
|
-
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
-
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
-
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
-
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
-
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
-
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
-
#
|
21
|
-
module Conjur
|
22
|
-
# This module provides logging support for actions taken by the Conjur API.
|
23
|
-
#
|
24
|
-
# @example
|
25
|
-
# class Example
|
26
|
-
# include LogSource
|
27
|
-
#
|
28
|
-
# def something_interesting param
|
29
|
-
# log{|l| l << "doing something interesting with #{param}"}
|
30
|
-
#
|
31
|
-
# # Do something interesting...
|
32
|
-
# end
|
33
|
-
#
|
34
|
-
# end
|
35
|
-
# # ...
|
36
|
-
#
|
37
|
-
# Example.new.something_interesting 'foo'
|
38
|
-
# # will log:
|
39
|
-
# # [admin] doing something interesting with foo
|
40
|
-
#
|
41
|
-
module LogSource
|
42
|
-
# Yield a logger to the block. You should use the `<<` method to write to the
|
43
|
-
# logger so that you don't send newlines or formatting. The block will only be called
|
44
|
-
# if {Conjur.log} is not nil.
|
45
|
-
#
|
46
|
-
# The log format is `"[<username>]<messages logged in block>\n"`.
|
47
|
-
#
|
48
|
-
# @yieldparam [#<<] logger a logger to write messages
|
49
|
-
# @return [void]
|
50
|
-
def log(&block)
|
51
|
-
if Conjur.log
|
52
|
-
Conjur.log << "["
|
53
|
-
Conjur.log << username
|
54
|
-
Conjur.log << "] "
|
55
|
-
yield Conjur.log
|
56
|
-
Conjur.log << "\n"
|
57
|
-
end
|
58
|
-
end
|
59
|
-
end
|
60
|
-
end
|
data/lib/conjur/policy.rb
DELETED
@@ -1,34 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Copyright 2013-2017 Conjur Inc
|
3
|
-
#
|
4
|
-
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
-
# this software and associated documentation files (the "Software"), to deal in
|
6
|
-
# the Software without restriction, including without limitation the rights to
|
7
|
-
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
-
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
-
# subject to the following conditions:
|
10
|
-
#
|
11
|
-
# The above copyright notice and this permission notice shall be included in all
|
12
|
-
# copies or substantial portions of the Software.
|
13
|
-
#
|
14
|
-
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
-
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
-
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
-
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
-
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
-
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
-
#
|
21
|
-
module Conjur
|
22
|
-
|
23
|
-
# Defines an set of objects, permission grants and role grants. All objects in a policy
|
24
|
-
# share a common naming prefix, which is the id of the policy. (Exception: the root
|
25
|
-
# policy does not add a naming prefix to each of its objects).
|
26
|
-
#
|
27
|
-
# Policies are defined using a YAML syntax, which is extensively documented on the Conjur
|
28
|
-
# web site. To load a policy, define it using YAML and then use {API#load_policy}.
|
29
|
-
#
|
30
|
-
# @see API#load_policy
|
31
|
-
class Policy < BaseObject
|
32
|
-
include ActsAsRolsource
|
33
|
-
end
|
34
|
-
end
|
@@ -1,61 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Copyright 2013-2017 Conjur Inc
|
3
|
-
#
|
4
|
-
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
-
# this software and associated documentation files (the "Software"), to deal in
|
6
|
-
# the Software without restriction, including without limitation the rights to
|
7
|
-
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
-
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
-
# subject to the following conditions:
|
10
|
-
#
|
11
|
-
# The above copyright notice and this permission notice shall be included in all
|
12
|
-
# copies or substantial portions of the Software.
|
13
|
-
#
|
14
|
-
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
-
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
-
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
-
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
-
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
-
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
-
#
|
21
|
-
module Conjur
|
22
|
-
# The result of loading a policy. When a policy is loaded, two types of data
|
23
|
-
# are always provided:
|
24
|
-
#
|
25
|
-
# * {#created_roles} the API keys of any new roles which were created
|
26
|
-
# * {#version} the new version of the policy.
|
27
|
-
class PolicyLoadResult
|
28
|
-
def initialize data
|
29
|
-
@data = data
|
30
|
-
end
|
31
|
-
|
32
|
-
# @api private
|
33
|
-
def to_h
|
34
|
-
@data
|
35
|
-
end
|
36
|
-
|
37
|
-
# @api private
|
38
|
-
def to_json options = {}
|
39
|
-
@data.to_json(options)
|
40
|
-
end
|
41
|
-
|
42
|
-
# @api private
|
43
|
-
def to_s
|
44
|
-
@data.to_s
|
45
|
-
end
|
46
|
-
|
47
|
-
# API keys for roles which were created when loading the policy.
|
48
|
-
#
|
49
|
-
# @return [Hash] Hash keys are the role ids, and hash values are the API keys.
|
50
|
-
def created_roles
|
51
|
-
@data['created_roles']
|
52
|
-
end
|
53
|
-
|
54
|
-
# The new version of the policy. When a policy is updated, a new version is appended
|
55
|
-
# to that policy. The YAML of previous versions of the policy can be obtained
|
56
|
-
# by fetching the policy resource using {API#resource}.
|
57
|
-
def version
|
58
|
-
@data['version']
|
59
|
-
end
|
60
|
-
end
|
61
|
-
end
|
data/lib/conjur/query_string.rb
DELETED
data/lib/conjur/resource.rb
DELETED
@@ -1,29 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Copyright 2013-2017 Conjur Inc
|
3
|
-
#
|
4
|
-
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
-
# this software and associated documentation files (the "Software"), to deal in
|
6
|
-
# the Software without restriction, including without limitation the rights to
|
7
|
-
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
-
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
-
# subject to the following conditions:
|
10
|
-
#
|
11
|
-
# The above copyright notice and this permission notice shall be included in all
|
12
|
-
# copies or substantial portions of the Software.
|
13
|
-
#
|
14
|
-
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
-
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
-
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
-
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
-
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
-
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
-
#
|
21
|
-
|
22
|
-
module Conjur
|
23
|
-
|
24
|
-
# A Conjur custom Resource. This object is used for resources whose `kind` is not
|
25
|
-
# any of the pre-defined common types such as {Group}, {Host}, {Variable}, etc.
|
26
|
-
class Resource < BaseObject
|
27
|
-
include ActsAsResource
|
28
|
-
end
|
29
|
-
end
|
data/lib/conjur/role.rb
DELETED
@@ -1,29 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Copyright 2013-2017 Conjur Inc
|
3
|
-
#
|
4
|
-
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
-
# this software and associated documentation files (the "Software"), to deal in
|
6
|
-
# the Software without restriction, including without limitation the rights to
|
7
|
-
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
-
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
-
# subject to the following conditions:
|
10
|
-
#
|
11
|
-
# The above copyright notice and this permission notice shall be included in all
|
12
|
-
# copies or substantial portions of the Software.
|
13
|
-
#
|
14
|
-
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
-
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
-
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
-
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
-
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
-
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
-
#
|
21
|
-
require 'conjur/role_grant'
|
22
|
-
|
23
|
-
module Conjur
|
24
|
-
# A Conjur custom Role. This object is used for roles whose `kind` is not
|
25
|
-
# any of the pre-defined common types such as {Group}, {Host}, {Layer}, etc.
|
26
|
-
class Role < BaseObject
|
27
|
-
include ActsAsRole
|
28
|
-
end
|
29
|
-
end
|