conjur-api 5.3.8.pre.194 → 5.3.8.pre.319
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- metadata +21 -191
- data/.codeclimate.yml +0 -10
- data/.dockerignore +0 -1
- data/.github/CODEOWNERS +0 -10
- data/.gitignore +0 -32
- data/.gitleaks.toml +0 -219
- data/.overcommit.yml +0 -16
- data/.project +0 -18
- data/.rubocop.yml +0 -3
- data/.rubocop_settings.yml +0 -86
- data/.rubocop_todo.yml +0 -709
- data/.yardopts +0 -1
- data/CHANGELOG.md +0 -435
- data/CONTRIBUTING.md +0 -141
- data/Dockerfile +0 -16
- data/Gemfile +0 -7
- data/Jenkinsfile +0 -168
- data/LICENSE +0 -202
- data/README.md +0 -162
- data/Rakefile +0 -47
- data/SECURITY.md +0 -42
- data/bin/parse-changelog.sh +0 -12
- data/ci/configure_v4.sh +0 -12
- data/ci/configure_v5.sh +0 -14
- data/ci/submit-coverage +0 -36
- data/conjur-api.gemspec +0 -40
- data/dev/Dockerfile.dev +0 -12
- data/dev/docker-compose.yml +0 -56
- data/dev/start +0 -22
- data/dev/stop +0 -5
- data/docker-compose.yml +0 -76
- data/example/demo_v4.rb +0 -49
- data/example/demo_v5.rb +0 -57
- data/features/authenticators.feature +0 -33
- data/features/authn_local.feature +0 -32
- data/features/exists.feature +0 -37
- data/features/group.feature +0 -11
- data/features/host.feature +0 -50
- data/features/host_factory_create_host.feature +0 -28
- data/features/host_factory_token.feature +0 -63
- data/features/load_policy.feature +0 -61
- data/features/members.feature +0 -51
- data/features/new_api.feature +0 -36
- data/features/permitted.feature +0 -70
- data/features/permitted_roles.feature +0 -30
- data/features/public_keys.feature +0 -11
- data/features/resource_fields.feature +0 -53
- data/features/role_fields.feature +0 -15
- data/features/rotate_api_key.feature +0 -13
- data/features/step_definitions/api_steps.rb +0 -18
- data/features/step_definitions/policy_steps.rb +0 -75
- data/features/step_definitions/result_steps.rb +0 -7
- data/features/support/env.rb +0 -18
- data/features/support/hooks.rb +0 -3
- data/features/support/world.rb +0 -12
- data/features/update_password.feature +0 -14
- data/features/user.feature +0 -58
- data/features/variable_fields.feature +0 -20
- data/features/variable_value.feature +0 -60
- data/features_v4/authn_local.feature +0 -27
- data/features_v4/exists.feature +0 -29
- data/features_v4/host.feature +0 -18
- data/features_v4/host_factory_token.feature +0 -49
- data/features_v4/members.feature +0 -39
- data/features_v4/permitted.feature +0 -15
- data/features_v4/permitted_roles.feature +0 -8
- data/features_v4/resource_fields.feature +0 -47
- data/features_v4/rotate_api_key.feature +0 -13
- data/features_v4/step_definitions/api_steps.rb +0 -17
- data/features_v4/step_definitions/result_steps.rb +0 -3
- data/features_v4/support/env.rb +0 -23
- data/features_v4/support/policy.yml +0 -34
- data/features_v4/support/world.rb +0 -12
- data/features_v4/variable_fields.feature +0 -11
- data/features_v4/variable_value.feature +0 -54
- data/lib/conjur/acts_as_resource.rb +0 -123
- data/lib/conjur/acts_as_role.rb +0 -142
- data/lib/conjur/acts_as_rolsource.rb +0 -32
- data/lib/conjur/acts_as_user.rb +0 -68
- data/lib/conjur/api/authenticators.rb +0 -35
- data/lib/conjur/api/authn.rb +0 -125
- data/lib/conjur/api/host_factories.rb +0 -71
- data/lib/conjur/api/ldap_sync.rb +0 -38
- data/lib/conjur/api/policies.rb +0 -56
- data/lib/conjur/api/pubkeys.rb +0 -53
- data/lib/conjur/api/resources.rb +0 -109
- data/lib/conjur/api/roles.rb +0 -98
- data/lib/conjur/api/router/v4.rb +0 -206
- data/lib/conjur/api/router/v5.rb +0 -248
- data/lib/conjur/api/variables.rb +0 -59
- data/lib/conjur/api.rb +0 -105
- data/lib/conjur/base.rb +0 -355
- data/lib/conjur/base_object.rb +0 -57
- data/lib/conjur/build_object.rb +0 -47
- data/lib/conjur/cache.rb +0 -26
- data/lib/conjur/cert_utils.rb +0 -63
- data/lib/conjur/cidr.rb +0 -71
- data/lib/conjur/configuration.rb +0 -460
- data/lib/conjur/escape.rb +0 -129
- data/lib/conjur/exceptions.rb +0 -4
- data/lib/conjur/group.rb +0 -41
- data/lib/conjur/has_attributes.rb +0 -98
- data/lib/conjur/host.rb +0 -27
- data/lib/conjur/host_factory.rb +0 -75
- data/lib/conjur/host_factory_token.rb +0 -78
- data/lib/conjur/id.rb +0 -71
- data/lib/conjur/layer.rb +0 -9
- data/lib/conjur/log.rb +0 -72
- data/lib/conjur/log_source.rb +0 -60
- data/lib/conjur/policy.rb +0 -34
- data/lib/conjur/policy_load_result.rb +0 -61
- data/lib/conjur/query_string.rb +0 -12
- data/lib/conjur/resource.rb +0 -29
- data/lib/conjur/role.rb +0 -29
- data/lib/conjur/role_grant.rb +0 -85
- data/lib/conjur/routing.rb +0 -29
- data/lib/conjur/user.rb +0 -40
- data/lib/conjur/variable.rb +0 -208
- data/lib/conjur/webservice.rb +0 -30
- data/lib/conjur-api/version.rb +0 -24
- data/lib/conjur-api.rb +0 -2
- data/publish.sh +0 -5
- data/spec/api/host_factories_spec.rb +0 -34
- data/spec/api_spec.rb +0 -254
- data/spec/base_object_spec.rb +0 -13
- data/spec/cert_utils_spec.rb +0 -173
- data/spec/cidr_spec.rb +0 -34
- data/spec/configuration_spec.rb +0 -330
- data/spec/has_attributes_spec.rb +0 -63
- data/spec/helpers/errors_matcher.rb +0 -34
- data/spec/helpers/request_helpers.rb +0 -10
- data/spec/id_spec.rb +0 -29
- data/spec/ldap_sync_spec.rb +0 -21
- data/spec/log_source_spec.rb +0 -13
- data/spec/log_spec.rb +0 -42
- data/spec/roles_spec.rb +0 -24
- data/spec/spec_helper.rb +0 -113
- data/spec/ssl_spec.rb +0 -109
- data/spec/uri_escape_spec.rb +0 -21
- data/test.sh +0 -73
- data/tmp/.keep +0 -0
data/spec/ssl_spec.rb
DELETED
@@ -1,109 +0,0 @@
|
|
1
|
-
require 'active_support'
|
2
|
-
require 'spec_helper'
|
3
|
-
|
4
|
-
require 'helpers/errors_matcher'
|
5
|
-
|
6
|
-
require 'webrick'
|
7
|
-
require 'webrick/https'
|
8
|
-
|
9
|
-
describe 'SSL connection' do
|
10
|
-
context 'with an untrusted certificate' do
|
11
|
-
it 'fails' do
|
12
|
-
expect { Conjur::API.login 'foo', 'bar', account: "the-account" }.to \
|
13
|
-
raise_one_of(RestClient::SSLCertificateNotVerified, OpenSSL::SSL::SSLError)
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
context 'with certificate added to the default OpenSSL cert store' do
|
18
|
-
before do
|
19
|
-
cert_store.add_cert(cert)
|
20
|
-
end
|
21
|
-
|
22
|
-
it 'works' do
|
23
|
-
expect { Conjur::API.login 'foo', 'bar', account: "the-account" }.to raise_error RestClient::ResourceNotFound
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
|
-
let(:server) do
|
28
|
-
server = WEBrick::HTTPServer.new \
|
29
|
-
Port: 0, SSLEnable: true,
|
30
|
-
AccessLog: [], Logger: Logger.new('/dev/null'), # shut up, WEBrick
|
31
|
-
SSLCertificate: cert, SSLPrivateKey: key
|
32
|
-
end
|
33
|
-
let(:port) { server.config[:Port] }
|
34
|
-
let(:cert_store) { OpenSSL::X509::Store.new }
|
35
|
-
|
36
|
-
before do
|
37
|
-
# Reset configuration to allow each test to use its own stub
|
38
|
-
# of OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.
|
39
|
-
Conjur.configuration = nil
|
40
|
-
stub_const 'OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE', cert_store
|
41
|
-
|
42
|
-
allow(Conjur.configuration).to receive(:authn_url).and_return "https://localhost:#{port}"
|
43
|
-
end
|
44
|
-
|
45
|
-
around do |example|
|
46
|
-
server_thread = Thread.new do
|
47
|
-
server.start
|
48
|
-
end
|
49
|
-
example.run
|
50
|
-
server.shutdown
|
51
|
-
server_thread.join
|
52
|
-
end
|
53
|
-
|
54
|
-
let(:cert) do
|
55
|
-
OpenSSL::X509::Certificate.new """
|
56
|
-
-----BEGIN CERTIFICATE-----
|
57
|
-
MIIDCzCCAfOgAwIBAgIUaApjB95cJZlMTwDg4EBk4Mf1y4swDQYJKoZIhvcNAQEL
|
58
|
-
BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTIxMDQyODIxNTA1OFoYDzQ3NTkw
|
59
|
-
MzI1MjE1MDU4WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB
|
60
|
-
AQUAA4IBDwAwggEKAoIBAQC+MIx1LCzBeAl7kHfI21wYmA6W8luyq14+DecaQPMd
|
61
|
-
bW7fMlHSMJC/nlFDQyqmfYfKlVCiJRV/QTdUtA9hCytPlEKjlVmm4WIYLKfjj8Sp
|
62
|
-
A+X9VURk75Fz+Z7UsF8u2J3pF9wFfhBzznwePlFdcWYyQMIRtghoHk/WSsbJVXVQ
|
63
|
-
so7+0BLFyMYB3otfCyK+H/iyoXWLZll2irYZJedVm/lyTlnc9dT1XDAWWI8kSeUV
|
64
|
-
lCkEulqOf8qZyU7wNUafRkzBuYkR7ddp1Qdkq+QYw7blmfZXyJbAYSt4gEMyDMk8
|
65
|
-
ArScP8j+Efz5D54wS7fZFwmQp41+iP5WTxGsSU3dh44fAgMBAAGjUzBRMB0GA1Ud
|
66
|
-
DgQWBBS4ZJDxXOs8rK3+SyfLopDFqK0IWDAfBgNVHSMEGDAWgBS4ZJDxXOs8rK3+
|
67
|
-
SyfLopDFqK0IWDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAE
|
68
|
-
WuzjqQ/gyho/pluX31hq7EMAFgqqz7ECN6DqmvpqabMD6s1kQ662KTo7gCBEcNtA
|
69
|
-
nC7QycFp4v/Cr8+aUEa1W3+q2MqbmshORonUrLE/vxejK+NUvhSCWnmrM8v60zhR
|
70
|
-
pn9lSSgQCBKWDgaU0VQVn0I9MuexeAj64Qv2uUHnZK3QUx+Gk3uurTmhKEN5FI+D
|
71
|
-
sC7xO0qquTZ1Vv1EkLEso4dnFVW84EjdfmfeiW6JmHO7z1p1ebGsRwoQead/qTKw
|
72
|
-
ze+Y1A1w3GzuhDo55aHlWE/Wvnou0aM3O9gUd++a2j+XJ2P7qaTB/L7SJk4qZ9RA
|
73
|
-
t2PbKVP+tyZjXKtXmgzp
|
74
|
-
-----END CERTIFICATE-----
|
75
|
-
""".lines.map(&:strip).join("\n")
|
76
|
-
end
|
77
|
-
|
78
|
-
let(:key) do
|
79
|
-
OpenSSL::PKey.read """
|
80
|
-
-----BEGIN RSA PRIVATE KEY-----
|
81
|
-
MIIEowIBAAKCAQEAvjCMdSwswXgJe5B3yNtcGJgOlvJbsqtePg3nGkDzHW1u3zJR
|
82
|
-
0jCQv55RQ0Mqpn2HypVQoiUVf0E3VLQPYQsrT5RCo5VZpuFiGCyn44/EqQPl/VVE
|
83
|
-
ZO+Rc/me1LBfLtid6RfcBX4Qc858Hj5RXXFmMkDCEbYIaB5P1krGyVV1ULKO/tAS
|
84
|
-
xcjGAd6LXwsivh/4sqF1i2ZZdoq2GSXnVZv5ck5Z3PXU9VwwFliPJEnlFZQpBLpa
|
85
|
-
jn/KmclO8DVGn0ZMwbmJEe3XadUHZKvkGMO25Zn2V8iWwGEreIBDMgzJPAK0nD/I
|
86
|
-
/hH8+Q+eMEu32RcJkKeNfoj+Vk8RrElN3YeOHwIDAQABAoIBAQCnW0ctkDqt3/fQ
|
87
|
-
MHcHWue2iI9GCmvgU+WxC0DSHFcSDQrkAn53S98DjseJPaBZMtr7y9pRY/p/qR6M
|
88
|
-
PYnO5iotc5QUKEbkjy1nglwV5Zuy8kg+XPq7Kwg+GmjGVZDcQybpRuKIPr8xeIBF
|
89
|
-
iKbGaBP6ontjZGAPZqTwN4qm/bkm0QRQkMEVQLpBaOlXjl0BCknhCMgyNA1F0jGc
|
90
|
-
HLqJpFO46qvWDkDaKriMY/ezrkGYxlvV8xGJ2lzoaNWBsQeMXtcDJXuFMJO3lZl4
|
91
|
-
VUjeNbyPprUzL6/kLZGMVFdRWhzKAluJEy3B6zybY4xxmgmifqn8/OxIaT172IXN
|
92
|
-
KACuEorpAoGBAOYZEfuON+73dcstpjq3062+XUOxAAc77aFcGFQ2pqDTUtvoR05R
|
93
|
-
o0uXrSuQqt0/FJVdZqdDx1and6idI7j/LfkOwvmPPg2dJIwKV73T2HdR7BpJaYlI
|
94
|
-
KS6Bgl0AiW2ibjZJbBFJMiINb2tRGeYcOPfWlis309D2DXxl1f1TJTKTAoGBANOZ
|
95
|
-
aDH1VJXh7rdAHrwNonTjoCeYKG7oAh0WTfqmCqcBjAkXsVc7dBd/98XKGS5LPRtl
|
96
|
-
dIaJdYngeYyH5Ey5O2l/63tk0d4sqE8l+GVy+OHFn2AZMuaVXS0JXIQspn4s/U7F
|
97
|
-
CuawmFszE8fv41WgVNhF00ijheoRz/X19yu0ULHFAoGAYmJZ1AutUtowXZ25M+Yh
|
98
|
-
9motCqKF9pHjO1lbdbagbKevCCQ7SPuTLOE/xB7pUAyGyo7TM7XBaAXXHhuCiLlj
|
99
|
-
eNic+YQL7lpApDhP5/TK28oFf//fxjk6ko4Bpa5zFJOdOE0QjhuT+gdwmpxkzIVI
|
100
|
-
vn/cWcJXKUPr5ELOyrBgeU0CgYBWqIUbsLWrjJQPSJtNuOfHp1F35cDpausyrmfR
|
101
|
-
Nx81tlR7hNCEQT0SQr5eqp4Vb4rfJXXLg5A3n08oVp8RLOtAEbuHFYs9ylxDzfEk
|
102
|
-
2ylCjYTv/mHyPUmjoCnbl8237wTutZP5VmmPMCPxxjT8ZGVbDX2ySgYWDqV0vf80
|
103
|
-
TuydYQKBgG24Wpes1CJmKiuWGnPi5I/+iIKZRfpEGidpjnsktkr3O+VZSZNQtDfC
|
104
|
-
uWp/NgMxzxXxYdmmaQTwektB5axrsPUnxxiHmb8KkVU1IcMpYvUulFYiKVvFx+JJ
|
105
|
-
bx/fkItCZ4AP3CG2Onz8xZdosg+c+MEdIlCrg94dA1EmHewCt2Hv
|
106
|
-
-----END RSA PRIVATE KEY-----
|
107
|
-
""".lines.map(&:strip).join("\n")
|
108
|
-
end
|
109
|
-
end
|
data/spec/uri_escape_spec.rb
DELETED
@@ -1,21 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'conjur/id'
|
3
|
-
require 'conjur/api/router/v5'
|
4
|
-
|
5
|
-
describe 'url escaping' do
|
6
|
-
it 'Id to path is escaped' do
|
7
|
-
id = Conjur::Id.new('cucumber:variable:one two/three')
|
8
|
-
expect(id.to_url_path).to eq('cucumber/variable/one%20two%2Fthree')
|
9
|
-
end
|
10
|
-
|
11
|
-
it 'Resources path is escaped' do
|
12
|
-
request = Conjur::API::Router::V5.resources(nil, 'cucumber/two', 'extended variable', {})
|
13
|
-
expect(request.url).to eq('http://localhost:5000/resources/cucumber%2Ftwo/extended%20variable/')
|
14
|
-
end
|
15
|
-
|
16
|
-
it 'Resource path is escaped' do
|
17
|
-
resource = Conjur::Id.new('cucumber:variable:one two/three')
|
18
|
-
request = Conjur::API::Router::V5.resources_resource(nil, resource)
|
19
|
-
expect(request.url).to eq('http://localhost:5000/resources/cucumber/variable/one%20two%2Fthree')
|
20
|
-
end
|
21
|
-
end
|
data/test.sh
DELETED
@@ -1,73 +0,0 @@
|
|
1
|
-
#!/bin/bash -e
|
2
|
-
|
3
|
-
: "${RUBY_VERSION=3.0}"
|
4
|
-
# My local RUBY_VERSION is set to ruby-#.#.# so this allows running locally.
|
5
|
-
RUBY_VERSION="$(cut -d '-' -f 2 <<< "$RUBY_VERSION")"
|
6
|
-
|
7
|
-
|
8
|
-
function finish {
|
9
|
-
echo 'Removing test environment'
|
10
|
-
echo '---'
|
11
|
-
docker-compose down --rmi 'local' --volumes
|
12
|
-
}
|
13
|
-
|
14
|
-
trap finish EXIT
|
15
|
-
|
16
|
-
# Set up VERSION file for local development
|
17
|
-
if [ ! -f "../VERSION" ]; then
|
18
|
-
echo -n "0.0.dev" > ../VERSION
|
19
|
-
fi
|
20
|
-
|
21
|
-
function main() {
|
22
|
-
if ! docker info >/dev/null 2>&1; then
|
23
|
-
echo "Docker does not seem to be running, run it first and retry"
|
24
|
-
exit 1
|
25
|
-
fi
|
26
|
-
# Generate reports folders locally
|
27
|
-
mkdir -p spec/reports features/reports features_v4/reports
|
28
|
-
|
29
|
-
startConjur
|
30
|
-
runTests_5
|
31
|
-
runTests_4
|
32
|
-
}
|
33
|
-
|
34
|
-
function startConjur() {
|
35
|
-
echo 'Starting Conjur environment'
|
36
|
-
echo '-----'
|
37
|
-
|
38
|
-
# We want to pull to make sure we're testing against the newest release;
|
39
|
-
# failing to ensure that has caused many mysterious failures in CI.
|
40
|
-
# However, unconditionally pulling prevents working offline even
|
41
|
-
# with a warm cache. So try to pull, but ignore failures.
|
42
|
-
docker-compose pull --ignore-pull-failures
|
43
|
-
docker-compose build --build-arg RUBY_VERSION="$RUBY_VERSION"
|
44
|
-
docker-compose up -d pg conjur_4 conjur_5
|
45
|
-
}
|
46
|
-
|
47
|
-
function runTests_5() {
|
48
|
-
echo 'Waiting for Conjur v5 to come up, and configuring it...'
|
49
|
-
./ci/configure_v5.sh
|
50
|
-
|
51
|
-
local api_key=$(docker-compose exec -T conjur_5 rake 'role:retrieve-key[cucumber:user:admin]')
|
52
|
-
|
53
|
-
echo 'Running tests'
|
54
|
-
echo '-----'
|
55
|
-
docker-compose run --rm \
|
56
|
-
-e CONJUR_AUTHN_API_KEY="$api_key" \
|
57
|
-
tester_5 rake jenkins_init jenkins_spec jenkins_cucumber_v5
|
58
|
-
}
|
59
|
-
|
60
|
-
function runTests_4() {
|
61
|
-
echo 'Waiting for Conjur v4 to come up, and configuring it...'
|
62
|
-
./ci/configure_v4.sh
|
63
|
-
|
64
|
-
local api_key=$(docker-compose exec -T conjur_4 su conjur -c "conjur-plugin-service authn env RAILS_ENV=appliance rails r \"puts User['admin'].api_key\" 2>/dev/null")
|
65
|
-
|
66
|
-
echo 'Running tests'
|
67
|
-
echo '-----'
|
68
|
-
docker-compose run --rm \
|
69
|
-
-e CONJUR_AUTHN_API_KEY="$api_key" \
|
70
|
-
tester_4 rake jenkins_cucumber_v4
|
71
|
-
}
|
72
|
-
|
73
|
-
main
|
data/tmp/.keep
DELETED
File without changes
|