conjur-api 5.3.7 → 5.3.8.pre.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (143) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. metadata +23 -193
  4. data/.codeclimate.yml +0 -10
  5. data/.dockerignore +0 -1
  6. data/.github/CODEOWNERS +0 -10
  7. data/.gitignore +0 -32
  8. data/.gitleaks.toml +0 -219
  9. data/.overcommit.yml +0 -16
  10. data/.project +0 -18
  11. data/.rubocop.yml +0 -3
  12. data/.rubocop_settings.yml +0 -86
  13. data/.rubocop_todo.yml +0 -709
  14. data/.yardopts +0 -1
  15. data/CHANGELOG.md +0 -433
  16. data/CONTRIBUTING.md +0 -141
  17. data/Dockerfile +0 -16
  18. data/Gemfile +0 -7
  19. data/Jenkinsfile +0 -168
  20. data/LICENSE +0 -202
  21. data/README.md +0 -162
  22. data/Rakefile +0 -47
  23. data/SECURITY.md +0 -42
  24. data/bin/parse-changelog.sh +0 -12
  25. data/ci/configure_v4.sh +0 -12
  26. data/ci/configure_v5.sh +0 -14
  27. data/ci/submit-coverage +0 -36
  28. data/conjur-api.gemspec +0 -40
  29. data/dev/Dockerfile.dev +0 -12
  30. data/dev/docker-compose.yml +0 -56
  31. data/dev/start +0 -22
  32. data/dev/stop +0 -5
  33. data/docker-compose.yml +0 -76
  34. data/example/demo_v4.rb +0 -49
  35. data/example/demo_v5.rb +0 -57
  36. data/features/authenticators.feature +0 -33
  37. data/features/authn_local.feature +0 -32
  38. data/features/exists.feature +0 -37
  39. data/features/group.feature +0 -11
  40. data/features/host.feature +0 -50
  41. data/features/host_factory_create_host.feature +0 -28
  42. data/features/host_factory_token.feature +0 -63
  43. data/features/load_policy.feature +0 -61
  44. data/features/members.feature +0 -51
  45. data/features/new_api.feature +0 -36
  46. data/features/permitted.feature +0 -70
  47. data/features/permitted_roles.feature +0 -30
  48. data/features/public_keys.feature +0 -11
  49. data/features/resource_fields.feature +0 -53
  50. data/features/role_fields.feature +0 -15
  51. data/features/rotate_api_key.feature +0 -13
  52. data/features/step_definitions/api_steps.rb +0 -18
  53. data/features/step_definitions/policy_steps.rb +0 -75
  54. data/features/step_definitions/result_steps.rb +0 -7
  55. data/features/support/env.rb +0 -18
  56. data/features/support/hooks.rb +0 -3
  57. data/features/support/world.rb +0 -12
  58. data/features/update_password.feature +0 -14
  59. data/features/user.feature +0 -58
  60. data/features/variable_fields.feature +0 -20
  61. data/features/variable_value.feature +0 -60
  62. data/features_v4/authn_local.feature +0 -27
  63. data/features_v4/exists.feature +0 -29
  64. data/features_v4/host.feature +0 -18
  65. data/features_v4/host_factory_token.feature +0 -49
  66. data/features_v4/members.feature +0 -39
  67. data/features_v4/permitted.feature +0 -15
  68. data/features_v4/permitted_roles.feature +0 -8
  69. data/features_v4/resource_fields.feature +0 -47
  70. data/features_v4/rotate_api_key.feature +0 -13
  71. data/features_v4/step_definitions/api_steps.rb +0 -17
  72. data/features_v4/step_definitions/result_steps.rb +0 -3
  73. data/features_v4/support/env.rb +0 -23
  74. data/features_v4/support/policy.yml +0 -34
  75. data/features_v4/support/world.rb +0 -12
  76. data/features_v4/variable_fields.feature +0 -11
  77. data/features_v4/variable_value.feature +0 -54
  78. data/lib/conjur/acts_as_resource.rb +0 -123
  79. data/lib/conjur/acts_as_role.rb +0 -142
  80. data/lib/conjur/acts_as_rolsource.rb +0 -32
  81. data/lib/conjur/acts_as_user.rb +0 -68
  82. data/lib/conjur/api/authenticators.rb +0 -35
  83. data/lib/conjur/api/authn.rb +0 -125
  84. data/lib/conjur/api/host_factories.rb +0 -71
  85. data/lib/conjur/api/ldap_sync.rb +0 -38
  86. data/lib/conjur/api/policies.rb +0 -56
  87. data/lib/conjur/api/pubkeys.rb +0 -53
  88. data/lib/conjur/api/resources.rb +0 -109
  89. data/lib/conjur/api/roles.rb +0 -98
  90. data/lib/conjur/api/router/v4.rb +0 -206
  91. data/lib/conjur/api/router/v5.rb +0 -248
  92. data/lib/conjur/api/variables.rb +0 -59
  93. data/lib/conjur/api.rb +0 -105
  94. data/lib/conjur/base.rb +0 -355
  95. data/lib/conjur/base_object.rb +0 -57
  96. data/lib/conjur/build_object.rb +0 -47
  97. data/lib/conjur/cache.rb +0 -26
  98. data/lib/conjur/cert_utils.rb +0 -63
  99. data/lib/conjur/cidr.rb +0 -71
  100. data/lib/conjur/configuration.rb +0 -460
  101. data/lib/conjur/escape.rb +0 -129
  102. data/lib/conjur/exceptions.rb +0 -4
  103. data/lib/conjur/group.rb +0 -41
  104. data/lib/conjur/has_attributes.rb +0 -98
  105. data/lib/conjur/host.rb +0 -27
  106. data/lib/conjur/host_factory.rb +0 -75
  107. data/lib/conjur/host_factory_token.rb +0 -78
  108. data/lib/conjur/id.rb +0 -71
  109. data/lib/conjur/layer.rb +0 -9
  110. data/lib/conjur/log.rb +0 -72
  111. data/lib/conjur/log_source.rb +0 -60
  112. data/lib/conjur/policy.rb +0 -34
  113. data/lib/conjur/policy_load_result.rb +0 -61
  114. data/lib/conjur/query_string.rb +0 -12
  115. data/lib/conjur/resource.rb +0 -29
  116. data/lib/conjur/role.rb +0 -29
  117. data/lib/conjur/role_grant.rb +0 -85
  118. data/lib/conjur/routing.rb +0 -29
  119. data/lib/conjur/user.rb +0 -40
  120. data/lib/conjur/variable.rb +0 -208
  121. data/lib/conjur/webservice.rb +0 -30
  122. data/lib/conjur-api/version.rb +0 -24
  123. data/lib/conjur-api.rb +0 -2
  124. data/publish.sh +0 -5
  125. data/spec/api/host_factories_spec.rb +0 -34
  126. data/spec/api_spec.rb +0 -254
  127. data/spec/base_object_spec.rb +0 -13
  128. data/spec/cert_utils_spec.rb +0 -173
  129. data/spec/cidr_spec.rb +0 -34
  130. data/spec/configuration_spec.rb +0 -330
  131. data/spec/has_attributes_spec.rb +0 -63
  132. data/spec/helpers/errors_matcher.rb +0 -34
  133. data/spec/helpers/request_helpers.rb +0 -10
  134. data/spec/id_spec.rb +0 -29
  135. data/spec/ldap_sync_spec.rb +0 -21
  136. data/spec/log_source_spec.rb +0 -13
  137. data/spec/log_spec.rb +0 -42
  138. data/spec/roles_spec.rb +0 -24
  139. data/spec/spec_helper.rb +0 -113
  140. data/spec/ssl_spec.rb +0 -109
  141. data/spec/uri_escape_spec.rb +0 -21
  142. data/test.sh +0 -73
  143. data/tmp/.keep +0 -0
@@ -1,206 +0,0 @@
1
- module Conjur
2
- class API
3
- module Router
4
- module V4
5
- extend Conjur::Escape::ClassMethods
6
- extend Conjur::QueryString
7
- extend self
8
-
9
- def authn_login account, username, password
10
- verify_account(account)
11
- RestClient::Resource.new(
12
- Conjur.configuration.authn_url,
13
- Conjur.configuration.create_rest_client_options(
14
- user: username,
15
- password: password
16
- )
17
- )['users/login']
18
- end
19
-
20
- def authn_authenticate account, username
21
- verify_account(account)
22
- RestClient::Resource.new(
23
- Conjur.configuration.authn_url,
24
- Conjur.configuration.rest_client_options
25
- )['users'][fully_escape username]['authenticate']
26
- end
27
-
28
- # For v4, the authn-local message is the username.
29
- def authn_authenticate_local username, account, expiration, cidr, &block
30
- verify_account(account)
31
-
32
- raise "'expiration' is not supported for authn-local v4" if expiration
33
- raise "'cidr' is not supported for authn-local v4" if cidr
34
-
35
- username
36
- end
37
-
38
- def authn_rotate_api_key credentials, account, id
39
- verify_account(account)
40
- username = id.kind == "user" ? id.identifier : [id.kind, id.identifier].join('/')
41
- RestClient::Resource.new(
42
- Conjur.configuration.authn_url,
43
- Conjur.configuration.create_rest_client_options(credentials)
44
- )['users']["api_key?id=#{username}"]
45
- end
46
-
47
- def authn_rotate_own_api_key account, username, password
48
- verify_account(account)
49
- RestClient::Resource.new(
50
- Conjur.configuration.authn_url,
51
- Conjur.configuration.create_rest_client_options(user: username, password: password)
52
- )['users']["api_key"]
53
- end
54
-
55
- def host_factory_create_host token
56
- http_options = {
57
- headers: { authorization: %Q(Token token="#{token}") }
58
- }
59
- RestClient::Resource.new(
60
- Conjur.configuration.core_url,
61
- Conjur.configuration.create_rest_client_options(http_options)
62
- )['host_factories']['hosts']
63
- end
64
-
65
- def host_factory_create_tokens credentials, id
66
- RestClient::Resource.new(
67
- Conjur.configuration.core_url,
68
- Conjur.configuration.create_rest_client_options(credentials)
69
- )['host_factories'][id.identifier]['tokens']
70
- end
71
-
72
- def host_factory_revoke_token credentials, token
73
- RestClient::Resource.new(
74
- Conjur.configuration.core_url,
75
- Conjur.configuration.create_rest_client_options(credentials)
76
- )['host_factories']['tokens'][token]
77
- end
78
-
79
- def resources_resource credentials, id
80
-
81
- RestClient::Resource.new(
82
- Conjur.configuration.core_url,
83
- Conjur.configuration.create_rest_client_options(credentials)
84
- )['authz'][id.account]['resources'][id.kind][id.identifier]
85
- end
86
-
87
- def resources_check credentials, id, privilege, role
88
- options = {}
89
- options[:check] = true
90
- options[:privilege] = privilege
91
- if role
92
- options[:resource_id] = id
93
- roles_role(credentials, Id.new(role))[options_querystring options].get
94
- else
95
- resources_resource(credentials, id)[options_querystring options].get
96
- end
97
- end
98
-
99
- def resources_permitted_roles credentials, id, privilege
100
- RestClient::Resource.new(
101
- Conjur.configuration.core_url,
102
- Conjur.configuration.create_rest_client_options(credentials)
103
- )['authz'][id.account]['roles']['allowed_to'][privilege][id.kind][id.identifier]
104
- end
105
-
106
- def roles_role credentials, id
107
- RestClient::Resource.new(
108
- Conjur.configuration.core_url,
109
- Conjur.configuration.create_rest_client_options(credentials)
110
- )['authz'][id.account]['roles'][id.kind][id.identifier]
111
- end
112
-
113
- def secrets_add credentials, id
114
- verify_account(id.account)
115
- RestClient::Resource.new(
116
- Conjur.configuration.core_url,
117
- Conjur.configuration.create_rest_client_options(credentials)
118
- )['variables'][fully_escape id.identifier]['values']
119
- end
120
-
121
- def variable credentials, id
122
- verify_account(id.account)
123
- RestClient::Resource.new(
124
- Conjur.configuration.core_url,
125
- Conjur.configuration.create_rest_client_options(credentials)
126
- )['variables'][fully_escape id.identifier]
127
- end
128
-
129
- def secrets_value credentials, id, options
130
- RestClient::Resource.new(
131
- Conjur.configuration.core_url,
132
- Conjur.configuration.create_rest_client_options(credentials)
133
- )['variables'][fully_escape id.identifier]['value'][options_querystring options]
134
- end
135
-
136
- def secrets_values credentials, variable_ids
137
- options = {
138
- vars: Array(variable_ids).map { |v| fully_escape(v.identifier) }.join(',')
139
- }
140
- RestClient::Resource.new(
141
- Conjur.configuration.core_url,
142
- Conjur.configuration.create_rest_client_options(credentials)
143
- )['variables']['values'][options_querystring options]
144
- end
145
-
146
- def group_attributes credentials, resource, id
147
- verify_account(id.account)
148
- JSON.parse(
149
- RestClient::Resource.new(
150
- Conjur.configuration.core_url,
151
- Conjur.configuration.create_rest_client_options(credentials)
152
- )['groups'][fully_escape id.identifier].get
153
- )
154
- end
155
-
156
- def variable_attributes credentials, resource, id
157
- verify_account(id.account)
158
- JSON.parse(
159
- RestClient::Resource.new(
160
- Conjur.configuration.core_url,
161
- Conjur.configuration.create_rest_client_options(credentials)
162
- )['variables'][fully_escape id.identifier].get
163
- )
164
- end
165
-
166
- def user_attributes credentials, resource, id
167
- verify_account(id.account)
168
- JSON.parse(
169
- RestClient::Resource.new(
170
- Conjur.configuration.core_url,
171
- Conjur.configuration.create_rest_client_options(credentials)
172
- )['users'][fully_escape id.identifier].get
173
- )
174
- end
175
-
176
- def parse_group_gidnumber attributes
177
- attributes['gidnumber']
178
- end
179
-
180
- def parse_user_uidnumber attributes
181
- attributes['uidnumber']
182
- end
183
-
184
- def parse_variable_kind attributes
185
- attributes['kind']
186
- end
187
-
188
- def parse_variable_mime_type attributes
189
- attributes['mime_type']
190
- end
191
-
192
- def parse_members credentials, result
193
- result.collect do |json|
194
- RoleGrant.parse_from_json(json, credentials)
195
- end
196
- end
197
-
198
- protected
199
-
200
- def verify_account account
201
- raise "Expecting account to be #{Conjur.configuration.account.inspect}, got #{account.inspect}" unless Conjur.configuration.account == account
202
- end
203
- end
204
- end
205
- end
206
- end
@@ -1,248 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- # Copyright 2017-2018 CyberArk Ltd.
4
- #
5
- # Licensed under the Apache License, Version 2.0 (the "License");
6
- # you may not use this file except in compliance with the License.
7
- # You may obtain a copy of the License at
8
- #
9
- # http://www.apache.org/licenses/LICENSE-2.0
10
- #
11
- # Unless required by applicable law or agreed to in writing, software
12
- # distributed under the License is distributed on an "AS IS" BASIS,
13
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
- # See the License for the specific language governing permissions and
15
- # limitations under the License.
16
-
17
- # rubocop:disable Metrics/ModuleLength
18
- module Conjur
19
- class API
20
- module Router
21
- # V5 translates method arguments to rest-ful API request parameters.
22
- # because of this, most of the methods suffer from :reek:LongParameterList:
23
- # and :reek:UtilityFunction:
24
- module V5
25
- extend Conjur::Escape::ClassMethods
26
- extend Conjur::QueryString
27
- extend self
28
-
29
- def authn_login account, username, password
30
- RestClient::Resource.new(
31
- Conjur.configuration.authn_url,
32
- Conjur.configuration.create_rest_client_options(
33
- user: username,
34
- password: password
35
- )
36
- )[fully_escape account]['login']
37
- end
38
-
39
- def authn_authenticate account, username
40
- RestClient::Resource.new(
41
- Conjur.configuration.authn_url,
42
- Conjur.configuration.rest_client_options
43
- )[fully_escape account][fully_escape username]['authenticate']
44
- end
45
-
46
- def authenticator account, authenticator, service_id, credentials
47
- RestClient::Resource.new(
48
- Conjur.configuration.core_url,
49
- Conjur.configuration.create_rest_client_options(credentials)
50
- )[fully_escape authenticator][fully_escape service_id][fully_escape account]
51
- end
52
-
53
- def authenticators
54
- RestClient::Resource.new(
55
- Conjur.configuration.core_url,
56
- Conjur.configuration.rest_client_options
57
- )['authenticators']
58
- end
59
-
60
- # For v5, the authn-local message is a JSON string with account, sub, and optional fields.
61
- def authn_authenticate_local username, account, expiration, cidr, &block
62
- { account: account, sub: username }.tap do |params|
63
- params[:exp] = expiration if expiration
64
- params[:cidr] = cidr if cidr
65
- end.to_json
66
- end
67
-
68
- def authn_update_password account, username, password
69
- RestClient::Resource.new(
70
- Conjur.configuration.authn_url,
71
- Conjur.configuration.create_rest_client_options(
72
- user: username,
73
- password: password
74
- )
75
- )[fully_escape account]['password']
76
- end
77
-
78
- def authn_rotate_api_key credentials, account, id
79
- RestClient::Resource.new(
80
- Conjur.configuration.core_url,
81
- Conjur.configuration.create_rest_client_options(credentials)
82
- )['authn'][fully_escape account]["api_key?role=#{id}"]
83
- end
84
-
85
- def authn_rotate_own_api_key account, username, password
86
- RestClient::Resource.new(
87
- Conjur.configuration.authn_url,
88
- Conjur.configuration.create_rest_client_options(
89
- user: username,
90
- password: password
91
- )
92
- )[fully_escape account]['api_key']
93
- end
94
-
95
- def host_factory_create_host token
96
- http_options = {
97
- headers: { authorization: %Q(Token token="#{token}") }
98
- }
99
- RestClient::Resource.new(
100
- Conjur.configuration.core_url,
101
- Conjur.configuration.create_rest_client_options(http_options)
102
- )["host_factories"]["hosts"]
103
- end
104
-
105
- def host_factory_create_tokens credentials, id
106
- RestClient::Resource.new(
107
- Conjur.configuration.core_url,
108
- Conjur.configuration.create_rest_client_options(credentials)
109
- )['host_factory_tokens']
110
- end
111
-
112
- def host_factory_revoke_token credentials, token
113
- RestClient::Resource.new(
114
- Conjur.configuration.core_url,
115
- Conjur.configuration.create_rest_client_options(credentials)
116
- )['host_factory_tokens'][token]
117
- end
118
-
119
- def policies_load_policy credentials, account, id
120
- RestClient::Resource.new(
121
- Conjur.configuration.core_url,
122
- Conjur.configuration.create_rest_client_options(credentials)
123
- )['policies'][fully_escape account]['policy'][fully_escape id]
124
- end
125
-
126
- def public_keys_for_user account, username
127
- RestClient::Resource.new(
128
- Conjur.configuration.core_url,
129
- Conjur.configuration.rest_client_options
130
- )['public_keys'][fully_escape account]['user'][fully_escape username]
131
- end
132
-
133
- def resources credentials, account, kind, options
134
- credentials ||= {}
135
-
136
- path = "/resources/#{fully_escape account}"
137
- path += "/#{fully_escape kind}" if kind
138
-
139
- RestClient::Resource.new(
140
- Conjur.configuration.core_url,
141
- Conjur.configuration.create_rest_client_options(credentials)
142
- )[path][options_querystring options]
143
- end
144
-
145
- def resources_resource credentials, id
146
- RestClient::Resource.new(
147
- Conjur.configuration.core_url,
148
- Conjur.configuration.create_rest_client_options(credentials)
149
- )['resources'][id.to_url_path]
150
- end
151
-
152
- def resources_permitted_roles credentials, id, privilege
153
- options = {}
154
- options[:permitted_roles] = true
155
- options[:privilege] = privilege
156
- resources_resource(credentials, id)[options_querystring options]
157
- end
158
-
159
- def resources_check credentials, id, privilege, role
160
- options = {}
161
- options[:check] = true
162
- options[:privilege] = privilege
163
- options[:role] = query_escape(Id.new(role)) if role
164
- resources_resource(credentials, id)[options_querystring options].get
165
- end
166
-
167
- def roles_role credentials, id
168
- RestClient::Resource.new(
169
- Conjur.configuration.core_url,
170
- Conjur.configuration.create_rest_client_options(credentials)
171
- )['roles'][id.to_url_path]
172
- end
173
-
174
- def secrets_add credentials, id
175
- RestClient::Resource.new(
176
- Conjur.configuration.core_url,
177
- Conjur.configuration.create_rest_client_options(credentials)
178
- )['secrets'][id.to_url_path]
179
- end
180
-
181
- def secrets_value credentials, id, options
182
- RestClient::Resource.new(
183
- Conjur.configuration.core_url,
184
- Conjur.configuration.create_rest_client_options(credentials)
185
- )['secrets'][id.to_url_path][options_querystring options]
186
- end
187
-
188
- def secrets_values credentials, variable_ids
189
- options = {
190
- variable_ids: Array(variable_ids).join(',')
191
- }
192
- RestClient::Resource.new(
193
- Conjur.configuration.core_url,
194
- Conjur.configuration.create_rest_client_options(credentials)
195
- )['secrets'][options_querystring(options).gsub("%2C", ',')]
196
- end
197
-
198
- def group_attributes credentials, resource, id
199
- resource_annotations resource
200
- end
201
-
202
- def variable_attributes credentials, resource, id
203
- resource_annotations resource
204
- end
205
-
206
- def user_attributes credentials, resource, id
207
- resource_annotations resource
208
- end
209
-
210
- def parse_group_gidnumber attributes
211
- HasAttributes.annotation_value attributes, 'conjur/gidnumber'
212
- end
213
-
214
- def parse_user_uidnumber attributes
215
- HasAttributes.annotation_value attributes, 'conjur/uidnumber'
216
- end
217
-
218
- def parse_variable_kind attributes
219
- HasAttributes.annotation_value attributes, 'conjur/kind'
220
- end
221
-
222
- def parse_variable_mime_type attributes
223
- HasAttributes.annotation_value attributes, 'conjur/mime_type'
224
- end
225
-
226
- def parse_members credentials, result
227
- result.map do |json|
228
- RoleGrant.parse_from_json(json, credentials)
229
- end
230
- end
231
-
232
- def ldap_sync_policy(credentials, config_name)
233
- RestClient::Resource.new(
234
- Conjur.configuration.core_url,
235
- Conjur.configuration.create_rest_client_options(credentials)
236
- )['ldap-sync']["policy?config_name=#{fully_escape(config_name)}"]
237
- end
238
-
239
- private
240
-
241
- def resource_annotations resource
242
- resource.attributes['annotations']
243
- end
244
- end
245
- end
246
- end
247
- end
248
- # rubocop:enable Metrics/ModuleLength
@@ -1,59 +0,0 @@
1
- #
2
- # Copyright 2013-2017 Conjur Inc
3
- #
4
- # Permission is hereby granted, free of charge, to any person obtaining a copy of
5
- # this software and associated documentation files (the "Software"), to deal in
6
- # the Software without restriction, including without limitation the rights to
7
- # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
8
- # the Software, and to permit persons to whom the Software is furnished to do so,
9
- # subject to the following conditions:
10
- #
11
- # The above copyright notice and this permission notice shall be included in all
12
- # copies or substantial portions of the Software.
13
- #
14
- # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
- # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
16
- # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
17
- # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
18
- # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19
- # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
- #
21
- require 'conjur/variable'
22
-
23
- module Conjur
24
- class API
25
-
26
- #@!group Variables
27
-
28
- # Fetch the values of a list of variables. This operation is more efficient than fetching the
29
- # values one by one.
30
- #
31
- # This method will fail unless:
32
- # * All of the variables exist
33
- # * You have permission to `'execute'` all of the variables
34
- #
35
- # @example Fetch multiple variable values
36
- # values = variable_values ['myorg:variable:postgres_uri', 'myorg:variable:aws_secret_access_key', 'myorg:variable:aws_access_key_id']
37
- # values # =>
38
- # {
39
- # "postgres://...",
40
- # "the-secret-key",
41
- # "the-access-key-id"
42
- # }
43
- #
44
- # This method is used to implement the {http://developer.conjur.net/reference/tools/utilities/conjurenv `conjur env`}
45
- # commands. You may consider using that instead to run your program in an environment with the necessary secrets.
46
- #
47
- # @param [Array<String>] variable_ids list of variable ids to fetch
48
- # @return [Array<String>] a list of variable values corresponding to the variable ids.
49
- # @raise [RestClient::Forbidden, RestClient::ResourceNotFound] if any of the variables don't exist or aren't accessible.
50
- def variable_values variable_ids
51
- raise ArgumentError, "Variables list must be an array" unless variable_ids.kind_of? Array
52
- raise ArgumentError, "Variables list is empty" if variable_ids.empty?
53
-
54
- JSON.parse(url_for(:secrets_values, credentials, variable_ids).get.body)
55
- end
56
-
57
- #@!endgroup
58
- end
59
- end
data/lib/conjur/api.rb DELETED
@@ -1,105 +0,0 @@
1
- #
2
- # Copyright 2013-2017 Conjur Inc
3
- #
4
- # Permission is hereby granted, free of charge, to any person obtaining a copy of
5
- # this software and associated documentation files (the "Software"), to deal in
6
- # the Software without restriction, including without limitation the rights to
7
- # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
8
- # the Software, and to permit persons to whom the Software is furnished to do so,
9
- # subject to the following conditions:
10
- #
11
- # The above copyright notice and this permission notice shall be included in all
12
- # copies or substantial portions of the Software.
13
- #
14
- # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
- # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
16
- # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
17
- # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
18
- # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19
- # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
- #
21
- require 'active_support'
22
- require 'active_support/deprecation'
23
-
24
- require 'conjur/configuration'
25
- require 'conjur/routing'
26
- require 'conjur/id'
27
- require 'conjur/base'
28
- require 'conjur/exceptions'
29
- require 'conjur/build_object'
30
- require 'conjur/base_object'
31
- require 'conjur/acts_as_resource'
32
- require 'conjur/acts_as_role'
33
- require 'conjur/acts_as_rolsource'
34
- require 'conjur/acts_as_user'
35
- require 'conjur/log_source'
36
- require 'conjur/has_attributes'
37
- require 'conjur/api/authenticators'
38
- require 'conjur/api/authn'
39
- require 'conjur/api/roles'
40
- require 'conjur/api/resources'
41
- require 'conjur/api/pubkeys'
42
- require 'conjur/api/variables'
43
- require 'conjur/api/policies'
44
- require 'conjur/api/host_factories'
45
- require 'conjur/api/ldap_sync'
46
- require 'conjur/host'
47
- require 'conjur/group'
48
- require 'conjur/variable'
49
- require 'conjur/layer'
50
- require 'conjur/cache'
51
- require 'conjur-api/version'
52
-
53
- # @api private
54
- class RestClient::Resource
55
- include Conjur::Escape
56
- include Conjur::LogSource
57
-
58
- # @api private
59
- # This method exists so that all {RestClient::Resource}s support JSON serialization. It returns an
60
- # empty hash.
61
- # @return [Hash] the empty hash
62
- def to_json(options = {})
63
- {}
64
- end
65
-
66
- # Creates a Conjur API from this resource's authorization header.
67
- #
68
- # The new API is created using the token, so it will not be able to refresh
69
- # when the token expires (after about 8 minutes). This is equivalent to creating
70
- # an {Conjur::API} instance with {Conjur::API.new_from_token}.
71
- #
72
- # @return {Conjur::API} the new api
73
- def conjur_api
74
- api = Conjur::API.new_from_token token, remote_ip: remote_ip
75
- api
76
- end
77
-
78
- # Get an authentication token from the clients Authorization header.
79
- #
80
- # Useful fields in the token include `"data"`, which holds the username for which the
81
- # token was issued, and `"timestamp"`, which contains the time at which the token was issued.
82
- # The token will expire 8 minutes after timestamp, but we recommend you treat the lifespan as
83
- # about 5 minutes to account for time differences.
84
- #
85
- # @return [Hash] the parsed authentication token
86
- def token
87
- authorization = options[:headers][:authorization]
88
- if authorization && authorization.to_s[/^Token token="(.*)"/]
89
- JSON.parse(Base64.decode64($1))
90
- else
91
- raise AuthorizationError.new("Authorization missing")
92
- end
93
- end
94
-
95
- def remote_ip
96
- options[:headers][:x_forwarded_for]
97
- end
98
-
99
- # The username this resource authenticates as.
100
- #
101
- # @return [String] the username
102
- def username
103
- options[:user] || options[:username]
104
- end
105
- end