conjur-api 5.3.8.pre.194 → 5.3.8.pre.319

Sign up to get free protection for your applications and to get access to all the features.
Files changed (143) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. metadata +21 -191
  4. data/.codeclimate.yml +0 -10
  5. data/.dockerignore +0 -1
  6. data/.github/CODEOWNERS +0 -10
  7. data/.gitignore +0 -32
  8. data/.gitleaks.toml +0 -219
  9. data/.overcommit.yml +0 -16
  10. data/.project +0 -18
  11. data/.rubocop.yml +0 -3
  12. data/.rubocop_settings.yml +0 -86
  13. data/.rubocop_todo.yml +0 -709
  14. data/.yardopts +0 -1
  15. data/CHANGELOG.md +0 -435
  16. data/CONTRIBUTING.md +0 -141
  17. data/Dockerfile +0 -16
  18. data/Gemfile +0 -7
  19. data/Jenkinsfile +0 -168
  20. data/LICENSE +0 -202
  21. data/README.md +0 -162
  22. data/Rakefile +0 -47
  23. data/SECURITY.md +0 -42
  24. data/bin/parse-changelog.sh +0 -12
  25. data/ci/configure_v4.sh +0 -12
  26. data/ci/configure_v5.sh +0 -14
  27. data/ci/submit-coverage +0 -36
  28. data/conjur-api.gemspec +0 -40
  29. data/dev/Dockerfile.dev +0 -12
  30. data/dev/docker-compose.yml +0 -56
  31. data/dev/start +0 -22
  32. data/dev/stop +0 -5
  33. data/docker-compose.yml +0 -76
  34. data/example/demo_v4.rb +0 -49
  35. data/example/demo_v5.rb +0 -57
  36. data/features/authenticators.feature +0 -33
  37. data/features/authn_local.feature +0 -32
  38. data/features/exists.feature +0 -37
  39. data/features/group.feature +0 -11
  40. data/features/host.feature +0 -50
  41. data/features/host_factory_create_host.feature +0 -28
  42. data/features/host_factory_token.feature +0 -63
  43. data/features/load_policy.feature +0 -61
  44. data/features/members.feature +0 -51
  45. data/features/new_api.feature +0 -36
  46. data/features/permitted.feature +0 -70
  47. data/features/permitted_roles.feature +0 -30
  48. data/features/public_keys.feature +0 -11
  49. data/features/resource_fields.feature +0 -53
  50. data/features/role_fields.feature +0 -15
  51. data/features/rotate_api_key.feature +0 -13
  52. data/features/step_definitions/api_steps.rb +0 -18
  53. data/features/step_definitions/policy_steps.rb +0 -75
  54. data/features/step_definitions/result_steps.rb +0 -7
  55. data/features/support/env.rb +0 -18
  56. data/features/support/hooks.rb +0 -3
  57. data/features/support/world.rb +0 -12
  58. data/features/update_password.feature +0 -14
  59. data/features/user.feature +0 -58
  60. data/features/variable_fields.feature +0 -20
  61. data/features/variable_value.feature +0 -60
  62. data/features_v4/authn_local.feature +0 -27
  63. data/features_v4/exists.feature +0 -29
  64. data/features_v4/host.feature +0 -18
  65. data/features_v4/host_factory_token.feature +0 -49
  66. data/features_v4/members.feature +0 -39
  67. data/features_v4/permitted.feature +0 -15
  68. data/features_v4/permitted_roles.feature +0 -8
  69. data/features_v4/resource_fields.feature +0 -47
  70. data/features_v4/rotate_api_key.feature +0 -13
  71. data/features_v4/step_definitions/api_steps.rb +0 -17
  72. data/features_v4/step_definitions/result_steps.rb +0 -3
  73. data/features_v4/support/env.rb +0 -23
  74. data/features_v4/support/policy.yml +0 -34
  75. data/features_v4/support/world.rb +0 -12
  76. data/features_v4/variable_fields.feature +0 -11
  77. data/features_v4/variable_value.feature +0 -54
  78. data/lib/conjur/acts_as_resource.rb +0 -123
  79. data/lib/conjur/acts_as_role.rb +0 -142
  80. data/lib/conjur/acts_as_rolsource.rb +0 -32
  81. data/lib/conjur/acts_as_user.rb +0 -68
  82. data/lib/conjur/api/authenticators.rb +0 -35
  83. data/lib/conjur/api/authn.rb +0 -125
  84. data/lib/conjur/api/host_factories.rb +0 -71
  85. data/lib/conjur/api/ldap_sync.rb +0 -38
  86. data/lib/conjur/api/policies.rb +0 -56
  87. data/lib/conjur/api/pubkeys.rb +0 -53
  88. data/lib/conjur/api/resources.rb +0 -109
  89. data/lib/conjur/api/roles.rb +0 -98
  90. data/lib/conjur/api/router/v4.rb +0 -206
  91. data/lib/conjur/api/router/v5.rb +0 -248
  92. data/lib/conjur/api/variables.rb +0 -59
  93. data/lib/conjur/api.rb +0 -105
  94. data/lib/conjur/base.rb +0 -355
  95. data/lib/conjur/base_object.rb +0 -57
  96. data/lib/conjur/build_object.rb +0 -47
  97. data/lib/conjur/cache.rb +0 -26
  98. data/lib/conjur/cert_utils.rb +0 -63
  99. data/lib/conjur/cidr.rb +0 -71
  100. data/lib/conjur/configuration.rb +0 -460
  101. data/lib/conjur/escape.rb +0 -129
  102. data/lib/conjur/exceptions.rb +0 -4
  103. data/lib/conjur/group.rb +0 -41
  104. data/lib/conjur/has_attributes.rb +0 -98
  105. data/lib/conjur/host.rb +0 -27
  106. data/lib/conjur/host_factory.rb +0 -75
  107. data/lib/conjur/host_factory_token.rb +0 -78
  108. data/lib/conjur/id.rb +0 -71
  109. data/lib/conjur/layer.rb +0 -9
  110. data/lib/conjur/log.rb +0 -72
  111. data/lib/conjur/log_source.rb +0 -60
  112. data/lib/conjur/policy.rb +0 -34
  113. data/lib/conjur/policy_load_result.rb +0 -61
  114. data/lib/conjur/query_string.rb +0 -12
  115. data/lib/conjur/resource.rb +0 -29
  116. data/lib/conjur/role.rb +0 -29
  117. data/lib/conjur/role_grant.rb +0 -85
  118. data/lib/conjur/routing.rb +0 -29
  119. data/lib/conjur/user.rb +0 -40
  120. data/lib/conjur/variable.rb +0 -208
  121. data/lib/conjur/webservice.rb +0 -30
  122. data/lib/conjur-api/version.rb +0 -24
  123. data/lib/conjur-api.rb +0 -2
  124. data/publish.sh +0 -5
  125. data/spec/api/host_factories_spec.rb +0 -34
  126. data/spec/api_spec.rb +0 -254
  127. data/spec/base_object_spec.rb +0 -13
  128. data/spec/cert_utils_spec.rb +0 -173
  129. data/spec/cidr_spec.rb +0 -34
  130. data/spec/configuration_spec.rb +0 -330
  131. data/spec/has_attributes_spec.rb +0 -63
  132. data/spec/helpers/errors_matcher.rb +0 -34
  133. data/spec/helpers/request_helpers.rb +0 -10
  134. data/spec/id_spec.rb +0 -29
  135. data/spec/ldap_sync_spec.rb +0 -21
  136. data/spec/log_source_spec.rb +0 -13
  137. data/spec/log_spec.rb +0 -42
  138. data/spec/roles_spec.rb +0 -24
  139. data/spec/spec_helper.rb +0 -113
  140. data/spec/ssl_spec.rb +0 -109
  141. data/spec/uri_escape_spec.rb +0 -21
  142. data/test.sh +0 -73
  143. data/tmp/.keep +0 -0
data/Jenkinsfile DELETED
@@ -1,168 +0,0 @@
1
- #!/usr/bin/env groovy
2
-
3
- // Automated release, promotion and dependencies
4
- properties([
5
- release.addParams()
6
- ])
7
-
8
- if (params.MODE == "PROMOTE") {
9
- release.promote(params.VERSION_TO_PROMOTE) { sourceVersion, targetVersion, assetDirectory ->
10
- sh './publish.sh'
11
- }
12
- return
13
- }
14
-
15
- pipeline {
16
- agent { label 'executor-v2' }
17
-
18
- options {
19
- timestamps()
20
- buildDiscarder(logRotator(numToKeepStr: '30'))
21
- }
22
-
23
- triggers {
24
- cron(getDailyCronString())
25
- }
26
-
27
- environment {
28
- MODE = release.canonicalizeMode()
29
- }
30
-
31
- stages {
32
- stage ("Skip build if triggering job didn't create a release") {
33
- when {
34
- expression {
35
- MODE == "SKIP"
36
- }
37
- }
38
- steps {
39
- script {
40
- currentBuild.result = 'ABORTED'
41
- error("Aborting build because this build was triggered from upstream, but no release was built")
42
- }
43
- }
44
- }
45
- stage('Validate Changelog and set version') {
46
- steps {
47
- sh './bin/parse-changelog.sh'
48
- updateVersion("CHANGELOG.md", "${BUILD_NUMBER}")
49
- }
50
- }
51
-
52
- stage('Prepare CC Report Dir'){
53
- steps {
54
- script {
55
- ccCoverage.dockerPrep()
56
- sh 'mkdir -p coverage'
57
- }
58
- }
59
- }
60
-
61
- stage('Test Ruby 2.5') {
62
- environment {
63
- RUBY_VERSION = '2.5'
64
- }
65
- steps {
66
- sh './test.sh'
67
- }
68
-
69
- post {
70
- always {
71
- junit 'spec/reports/*.xml'
72
- junit 'features/reports/*.xml'
73
- junit 'features_v4/reports/*.xml'
74
- }
75
- }
76
- }
77
-
78
- stage('Test Ruby 2.6') {
79
- environment {
80
- RUBY_VERSION = '2.6'
81
- }
82
- steps {
83
- sh './test.sh'
84
- }
85
-
86
- post {
87
- always {
88
- junit 'spec/reports/*.xml'
89
- junit 'features/reports/*.xml'
90
- junit 'features_v4/reports/*.xml'
91
- }
92
- }
93
- }
94
-
95
- stage('Test Ruby 2.7') {
96
- environment {
97
- RUBY_VERSION = '2.7'
98
- }
99
- steps {
100
- sh './test.sh'
101
- }
102
-
103
- post {
104
- always {
105
- junit 'spec/reports/*.xml'
106
- junit 'features/reports/*.xml'
107
- junit 'features_v4/reports/*.xml'
108
- }
109
- }
110
- }
111
-
112
- stage('Test Ruby 3.0') {
113
- environment {
114
- RUBY_VERSION = '3.0'
115
- }
116
- steps {
117
- sh("./test.sh")
118
- }
119
- post {
120
- always {
121
- junit 'spec/reports/*.xml'
122
- junit 'features/reports/*.xml'
123
- junit 'features_v4/reports/*.xml'
124
- }
125
- }
126
- }
127
-
128
- stage('Submit Coverage Report'){
129
- steps{
130
- sh 'ci/submit-coverage'
131
- publishHTML([reportDir: 'coverage', reportFiles: 'index.html', reportName: 'Coverage Report', reportTitles: '',
132
- allowMissing: false, alwaysLinkToLastBuild: true, keepAll: true])
133
- }
134
-
135
- post {
136
- always {
137
- archiveArtifacts artifacts: "coverage/.resultset.json", fingerprint: false
138
- }
139
- }
140
- }
141
-
142
- stage('Release') {
143
- when {
144
- expression {
145
- MODE == "RELEASE"
146
- }
147
- }
148
-
149
- steps {
150
- release {
151
- // Clean up all but the calculated VERSION
152
- sh '''docker run -i --rm -v $PWD:/src -w /src alpine/git clean -fxd \
153
- -e VERSION \
154
- -e bom-assets/ \
155
- -e release-assets/ '''
156
- sh './publish.sh'
157
- sh 'cp conjur-api-*.gem release-assets/.'
158
- }
159
- }
160
- }
161
- }
162
-
163
- post {
164
- always {
165
- cleanupAndNotify(currentBuild.currentResult)
166
- }
167
- }
168
- }
data/LICENSE DELETED
@@ -1,202 +0,0 @@
1
-
2
- Apache License
3
- Version 2.0, January 2004
4
- http://www.apache.org/licenses/
5
-
6
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
7
-
8
- 1. Definitions.
9
-
10
- "License" shall mean the terms and conditions for use, reproduction,
11
- and distribution as defined by Sections 1 through 9 of this document.
12
-
13
- "Licensor" shall mean the copyright owner or entity authorized by
14
- the copyright owner that is granting the License.
15
-
16
- "Legal Entity" shall mean the union of the acting entity and all
17
- other entities that control, are controlled by, or are under common
18
- control with that entity. For the purposes of this definition,
19
- "control" means (i) the power, direct or indirect, to cause the
20
- direction or management of such entity, whether by contract or
21
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
22
- outstanding shares, or (iii) beneficial ownership of such entity.
23
-
24
- "You" (or "Your") shall mean an individual or Legal Entity
25
- exercising permissions granted by this License.
26
-
27
- "Source" form shall mean the preferred form for making modifications,
28
- including but not limited to software source code, documentation
29
- source, and configuration files.
30
-
31
- "Object" form shall mean any form resulting from mechanical
32
- transformation or translation of a Source form, including but
33
- not limited to compiled object code, generated documentation,
34
- and conversions to other media types.
35
-
36
- "Work" shall mean the work of authorship, whether in Source or
37
- Object form, made available under the License, as indicated by a
38
- copyright notice that is included in or attached to the work
39
- (an example is provided in the Appendix below).
40
-
41
- "Derivative Works" shall mean any work, whether in Source or Object
42
- form, that is based on (or derived from) the Work and for which the
43
- editorial revisions, annotations, elaborations, or other modifications
44
- represent, as a whole, an original work of authorship. For the purposes
45
- of this License, Derivative Works shall not include works that remain
46
- separable from, or merely link (or bind by name) to the interfaces of,
47
- the Work and Derivative Works thereof.
48
-
49
- "Contribution" shall mean any work of authorship, including
50
- the original version of the Work and any modifications or additions
51
- to that Work or Derivative Works thereof, that is intentionally
52
- submitted to Licensor for inclusion in the Work by the copyright owner
53
- or by an individual or Legal Entity authorized to submit on behalf of
54
- the copyright owner. For the purposes of this definition, "submitted"
55
- means any form of electronic, verbal, or written communication sent
56
- to the Licensor or its representatives, including but not limited to
57
- communication on electronic mailing lists, source code control systems,
58
- and issue tracking systems that are managed by, or on behalf of, the
59
- Licensor for the purpose of discussing and improving the Work, but
60
- excluding communication that is conspicuously marked or otherwise
61
- designated in writing by the copyright owner as "Not a Contribution."
62
-
63
- "Contributor" shall mean Licensor and any individual or Legal Entity
64
- on behalf of whom a Contribution has been received by Licensor and
65
- subsequently incorporated within the Work.
66
-
67
- 2. Grant of Copyright License. Subject to the terms and conditions of
68
- this License, each Contributor hereby grants to You a perpetual,
69
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
70
- copyright license to reproduce, prepare Derivative Works of,
71
- publicly display, publicly perform, sublicense, and distribute the
72
- Work and such Derivative Works in Source or Object form.
73
-
74
- 3. Grant of Patent License. Subject to the terms and conditions of
75
- this License, each Contributor hereby grants to You a perpetual,
76
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
77
- (except as stated in this section) patent license to make, have made,
78
- use, offer to sell, sell, import, and otherwise transfer the Work,
79
- where such license applies only to those patent claims licensable
80
- by such Contributor that are necessarily infringed by their
81
- Contribution(s) alone or by combination of their Contribution(s)
82
- with the Work to which such Contribution(s) was submitted. If You
83
- institute patent litigation against any entity (including a
84
- cross-claim or counterclaim in a lawsuit) alleging that the Work
85
- or a Contribution incorporated within the Work constitutes direct
86
- or contributory patent infringement, then any patent licenses
87
- granted to You under this License for that Work shall terminate
88
- as of the date such litigation is filed.
89
-
90
- 4. Redistribution. You may reproduce and distribute copies of the
91
- Work or Derivative Works thereof in any medium, with or without
92
- modifications, and in Source or Object form, provided that You
93
- meet the following conditions:
94
-
95
- (a) You must give any other recipients of the Work or
96
- Derivative Works a copy of this License; and
97
-
98
- (b) You must cause any modified files to carry prominent notices
99
- stating that You changed the files; and
100
-
101
- (c) You must retain, in the Source form of any Derivative Works
102
- that You distribute, all copyright, patent, trademark, and
103
- attribution notices from the Source form of the Work,
104
- excluding those notices that do not pertain to any part of
105
- the Derivative Works; and
106
-
107
- (d) If the Work includes a "NOTICE" text file as part of its
108
- distribution, then any Derivative Works that You distribute must
109
- include a readable copy of the attribution notices contained
110
- within such NOTICE file, excluding those notices that do not
111
- pertain to any part of the Derivative Works, in at least one
112
- of the following places: within a NOTICE text file distributed
113
- as part of the Derivative Works; within the Source form or
114
- documentation, if provided along with the Derivative Works; or,
115
- within a display generated by the Derivative Works, if and
116
- wherever such third-party notices normally appear. The contents
117
- of the NOTICE file are for informational purposes only and
118
- do not modify the License. You may add Your own attribution
119
- notices within Derivative Works that You distribute, alongside
120
- or as an addendum to the NOTICE text from the Work, provided
121
- that such additional attribution notices cannot be construed
122
- as modifying the License.
123
-
124
- You may add Your own copyright statement to Your modifications and
125
- may provide additional or different license terms and conditions
126
- for use, reproduction, or distribution of Your modifications, or
127
- for any such Derivative Works as a whole, provided Your use,
128
- reproduction, and distribution of the Work otherwise complies with
129
- the conditions stated in this License.
130
-
131
- 5. Submission of Contributions. Unless You explicitly state otherwise,
132
- any Contribution intentionally submitted for inclusion in the Work
133
- by You to the Licensor shall be under the terms and conditions of
134
- this License, without any additional terms or conditions.
135
- Notwithstanding the above, nothing herein shall supersede or modify
136
- the terms of any separate license agreement you may have executed
137
- with Licensor regarding such Contributions.
138
-
139
- 6. Trademarks. This License does not grant permission to use the trade
140
- names, trademarks, service marks, or product names of the Licensor,
141
- except as required for reasonable and customary use in describing the
142
- origin of the Work and reproducing the content of the NOTICE file.
143
-
144
- 7. Disclaimer of Warranty. Unless required by applicable law or
145
- agreed to in writing, Licensor provides the Work (and each
146
- Contributor provides its Contributions) on an "AS IS" BASIS,
147
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
148
- implied, including, without limitation, any warranties or conditions
149
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
150
- PARTICULAR PURPOSE. You are solely responsible for determining the
151
- appropriateness of using or redistributing the Work and assume any
152
- risks associated with Your exercise of permissions under this License.
153
-
154
- 8. Limitation of Liability. In no event and under no legal theory,
155
- whether in tort (including negligence), contract, or otherwise,
156
- unless required by applicable law (such as deliberate and grossly
157
- negligent acts) or agreed to in writing, shall any Contributor be
158
- liable to You for damages, including any direct, indirect, special,
159
- incidental, or consequential damages of any character arising as a
160
- result of this License or out of the use or inability to use the
161
- Work (including but not limited to damages for loss of goodwill,
162
- work stoppage, computer failure or malfunction, or any and all
163
- other commercial damages or losses), even if such Contributor
164
- has been advised of the possibility of such damages.
165
-
166
- 9. Accepting Warranty or Additional Liability. While redistributing
167
- the Work or Derivative Works thereof, You may choose to offer,
168
- and charge a fee for, acceptance of support, warranty, indemnity,
169
- or other liability obligations and/or rights consistent with this
170
- License. However, in accepting such obligations, You may act only
171
- on Your own behalf and on Your sole responsibility, not on behalf
172
- of any other Contributor, and only if You agree to indemnify,
173
- defend, and hold each Contributor harmless for any liability
174
- incurred by, or claims asserted against, such Contributor by reason
175
- of your accepting any such warranty or additional liability.
176
-
177
- END OF TERMS AND CONDITIONS
178
-
179
- APPENDIX: How to apply the Apache License to your work.
180
-
181
- To apply the Apache License to your work, attach the following
182
- boilerplate notice, with the fields enclosed by brackets "[]"
183
- replaced with your own identifying information. (Don't include
184
- the brackets!) The text should be enclosed in the appropriate
185
- comment syntax for the file format. We also recommend that a
186
- file or class name and description of purpose be included on the
187
- same "printed page" as the copyright notice for easier
188
- identification within third-party archives.
189
-
190
- Copyright (c) 2021 CyberArk Software Ltd. All rights reserved.
191
-
192
- Licensed under the Apache License, Version 2.0 (the "License");
193
- you may not use this file except in compliance with the License.
194
- You may obtain a copy of the License at
195
-
196
- http://www.apache.org/licenses/LICENSE-2.0
197
-
198
- Unless required by applicable law or agreed to in writing, software
199
- distributed under the License is distributed on an "AS IS" BASIS,
200
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
201
- See the License for the specific language governing permissions and
202
- limitations under the License.
data/README.md DELETED
@@ -1,162 +0,0 @@
1
- # Conjur::API
2
-
3
- Programmatic Ruby access to the Conjur API.
4
-
5
- RDocs are available from the through the [Ruby Gem details page](https://rubygems.org/gems/conjur-api)
6
-
7
- # Server Versions
8
-
9
- The Conjur server comes in two major versions:
10
-
11
- * **4.x** Conjur 4 is a commercial, non-open-source product, which is documented at [https://developer.conjur.net/](https://developer.conjur.net/).
12
- * **5.x** Conjur 5 is open-source software, hosted and documented at [https://www.conjur.org/](https://www.conjur.org/).
13
-
14
- You can use the `main` branch of this project, which is `conjur-api` version `5.x`, to do all of the following things against either type of Conjur server:
15
-
16
- * Authenticate
17
- * Fetch secrets
18
- * Check permissions
19
- * List roles, resources, members, memberships and permitted roles.
20
- * Create hosts using host factory
21
- * Rotate API keys
22
-
23
- Use the configuration setting `Conjur.configuration.version` to select your server version, or set the environment variable `CONJUR_VERSION`. In either case, the valid values are `4` and `5`; the default is `5`.
24
-
25
- If you are using Conjur server version `4.x`, you can also choose to use the `conjur-api` version `4.x`. In this case, the `Configuration.version` setting is not required (actually, it doesn't exist).
26
-
27
- ## Using conjur-api-ruby with Conjur Open Source
28
-
29
- Are you using this project with [Conjur Open Source](https://github.com/cyberark/conjur)? Then we
30
- **strongly** recommend choosing the version of this project to use from the latest [Conjur OSS
31
- suite release](https://docs.conjur.org/Latest/en/Content/Overview/Conjur-OSS-Suite-Overview.html).
32
- Conjur maintainers perform additional testing on the suite release versions to ensure
33
- compatibility. When possible, upgrade your Conjur version to match the
34
- [latest suite release](https://docs.conjur.org/Latest/en/Content/ReleaseNotes/ConjurOSS-suite-RN.htm);
35
- when using integrations, choose the latest suite release that matches your Conjur version. For any
36
- questions, please contact us on [Discourse](https://discuss.cyberarkcommons.org/c/conjur/5).
37
-
38
- # Installation
39
-
40
- Add this line to your application's Gemfile:
41
-
42
- gem 'conjur-api'
43
-
44
- And then execute:
45
-
46
- $ bundle
47
-
48
- Or install it yourself as:
49
-
50
- $ gem install conjur-api
51
-
52
- # Usage
53
-
54
- Connecting to Conjur is a two-step process:
55
-
56
- * **Configuration** Instruct the API where to find the Conjur endpoint and how to secure the connection.
57
- * **Authentication** Provide the API with credentials that it can use to authenticate.
58
-
59
- ## Configuration
60
-
61
- The simplest way to configure the Conjur API is to use the configuration file stored on the machine.
62
- If you have configured the machine with [conjur init](http://developer.conjur.net/reference/tools/init.html),
63
- its default location is `~/.conjurrc`.
64
-
65
- The Conjur configuration process also checks `/etc/conjur.conf` for global settings. This is typically used
66
- in server environments.
67
-
68
- For custom scenarios, the location of the file can be overridden using the `CONJURRC` environment variable.
69
-
70
- You can load the Conjur configuration file using the following Ruby code:
71
-
72
- ```ruby
73
- require 'conjur/cli'
74
- Conjur::Config.load
75
- Conjur::Config.apply
76
- ```
77
-
78
- **Note** this code requires the [conjur-cli](https://github.com/conjurinc/cli-ruby) gem, which should also be in your
79
- gemset or bundle.
80
-
81
- ## Authentication
82
-
83
- Once Conjur is configured, the connection can be established like this:
84
-
85
- ```
86
- conjur = Conjur::Authn.connect nil, noask: true
87
- ```
88
-
89
- To [authenticate](http://developer.conjur.net/reference/services/authentication/authenticate.html), the API client must
90
- provide a `login` name and `api_key`. The `Conjur::Authn.connect` will attempt the following, in order:
91
-
92
- 1. Look for `login` in environment variable `CONJUR_AUTHN_LOGIN`, and `api_key` in `CONJUR_AUTHN_API_KEY`
93
- 2. Look for credentials on disk. The default credentials file is `~/.netrc`. The location of the credentials file
94
- can be overridden using the configuration file `netrc_path` option.
95
- 3. Prompt for credentials. This can be disabled using the option `noask: true`.
96
-
97
- ## Connecting Without Files
98
-
99
- It's possible to configure and authenticate the Conjur connection without using any files, and without requiring
100
- the `conjur-cli` gem.
101
-
102
- To accomplish this, apply the configuration settings directly to the [Conjur::Configuration](https://github.com/conjurinc/api-ruby/blob/master/lib/conjur/configuration.rb)
103
- object.
104
-
105
- For example, specify the `account` and `appliance_url` (both of which are required) like this:
106
-
107
- ```
108
- Conjur.configuration.account = 'my-account'
109
- Conjur.configuration.appliance_url = 'https://conjur.mydomain.com/api'
110
- ```
111
-
112
- You can also specify these values using environment variables, which is often a bit more convenient.
113
- Environment variables are mapped to configuration variables by prepending `CONJUR_` to the all-caps name of the
114
- configuration variable. For example, `appliance_url` is `CONJUR_APPLIANCE_URL`, `account` is `CONJUR_ACCOUNT`.
115
-
116
- In either case, you will also need to configure certificate trust. For example:
117
-
118
- ```
119
- OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.add_file "/etc/conjur-yourorg.pem"
120
- ```
121
-
122
- Once Conjur is configured, you can create a new API client by providing a `login` and `api_key`:
123
-
124
- ```
125
- Conjur::API.new_from_key login, api_key
126
- ```
127
-
128
- Note that if you are connecting as a [Host](http://developer.conjur.net/reference/services/directory/host), the login should be
129
- prefixed with `host/`. For example: `host/myhost.example.com`, not just `myhost.example.com`.
130
-
131
- ## Configuring RestClient
132
-
133
- [Conjur::Configuration](https://github.com/conjurinc/api-ruby/blob/master/lib/conjur/configuration.rb)
134
- allows optional configuration of the [RestClient](https://github.com/rest-client/rest-client)
135
- instance used by Conjur API to communicate with the Conjur server, via the options hash
136
- `Conjur.configuration.rest_client_options`.
137
-
138
- The default value for the options hash is:
139
- ```ruby
140
- {
141
- ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
142
- }
143
- ```
144
-
145
- For example, here's how you would configure the client to use a proxy and `ssl_ca_file` (instead of the default `ssl_cert_store`).
146
- ```ruby
147
- Conjur.configuration.rest_client_options = {
148
- ssl_ca_file: "ca_certificate.pem",
149
- proxy: "http://proxy.example.com/"
150
- }
151
- ```
152
-
153
- ## Contributing
154
-
155
- We welcome contributions of all kinds to this repository. For instructions on how to get started and descriptions of our development workflows, please see our [contributing
156
- guide][contrib].
157
-
158
- [contrib]: https://github.com/cyberark/conjur-api-ruby/blob/main/CONTRIBUTING.md
159
-
160
- ## License
161
-
162
- This repository is licensed under Apache License 2.0 - see [`LICENSE`](LICENSE) for more details.
data/Rakefile DELETED
@@ -1,47 +0,0 @@
1
- #!/usr/bin/env rake
2
- require "bundler/gem_tasks"
3
-
4
- begin
5
- require 'rspec/core/rake_task'
6
- RSpec::Core::RakeTask.new :spec
7
- rescue LoadError
8
- warn "rspec-core not found, rspec task will be unavailable"
9
- end
10
-
11
- begin
12
- require "yard"
13
- YARD::Rake::YardocTask.new(:yard)
14
- rescue LoadError
15
- warn "yard not found, yard task will be unavailable"
16
- end
17
-
18
- require 'fileutils'
19
- task(:init_coverage) { FileUtils.rm_rf 'coverage' }
20
- task(:cuke_report_cleanup) { FileUtils.rm_rf 'features/reports' }
21
-
22
- begin
23
- require 'cucumber'
24
- require 'cucumber/rake/task'
25
-
26
- Cucumber::Rake::Task.new(:cucumber_4) do |t|
27
- t.cucumber_opts = "--tags ~@wip --format pretty --format junit --out features_v4/reports -r features_v4/step_definitions/ -r features_v4/support/ features_v4/"
28
- end
29
-
30
- Cucumber::Rake::Task.new(:cucumber_5) do |t|
31
- t.cucumber_opts = "--tags ~@wip --format pretty --format junit --out features/reports"
32
- end
33
-
34
- begin
35
- require 'ci/reporter/rake/rspec'
36
- desc "Run the spec and cucumber suites, compute the test results and coverage statistics, build Yard docs"
37
- task :jenkins_init => [ :init_coverage, :cuke_report_cleanup ]
38
- task :jenkins_spec => [ :"ci:setup:rspec", :spec ]
39
- task :jenkins_cucumber_v4 => [ :cucumber_4 ]
40
- task :jenkins_cucumber_v5 => [ :cucumber_5 ]
41
- rescue LoadError
42
- warn "ci_reporter_rspec not found, jenkins task will be unavailable"
43
- end
44
- rescue LoadError
45
- warn "cucumber not found, cucumber task will be unavailable"
46
- end
47
-
data/SECURITY.md DELETED
@@ -1,42 +0,0 @@
1
- # Security Policies and Procedures
2
-
3
- This document outlines security procedures and general policies for the CyberArk Conjur
4
- suite of tools and products.
5
-
6
- * [Reporting a Bug](#reporting-a-bug)
7
- * [Disclosure Policy](#disclosure-policy)
8
- * [Comments on this Policy](#comments-on-this-policy)
9
-
10
- ## Reporting a Bug
11
-
12
- The CyberArk Conjur team and community take all security bugs in the Conjur suite seriously.
13
- Thank you for improving the security of the Conjur suite. We appreciate your efforts and
14
- responsible disclosure and will make every effort to acknowledge your
15
- contributions.
16
-
17
- Report security bugs by emailing the lead maintainers at security@conjur.org.
18
-
19
- The maintainers will acknowledge your email within 2 business days. Subsequently, we will
20
- send a more detailed response within 2 business days of our acknowledgement indicating
21
- the next steps in handling your report. After the initial reply to your report, the security
22
- team will endeavor to keep you informed of the progress towards a fix and full
23
- announcement, and may ask for additional information or guidance.
24
-
25
- Report security bugs in third-party modules to the person or team maintaining
26
- the module.
27
-
28
- ## Disclosure Policy
29
-
30
- When the security team receives a security bug report, they will assign it to a
31
- primary handler. This person will coordinate the fix and release process,
32
- involving the following steps:
33
-
34
- * Confirm the problem and determine the affected versions.
35
- * Audit code to find any potential similar problems.
36
- * Prepare fixes for all releases still under maintenance. These fixes will be
37
- released as fast as possible.
38
-
39
- ## Comments on this Policy
40
-
41
- If you have suggestions on how this process could be improved please submit a
42
- pull request.
@@ -1,12 +0,0 @@
1
- #!/bin/bash -ex
2
-
3
- cd "$(dirname "$0")"
4
-
5
- docker run --rm \
6
- -v "$PWD/..:/work" \
7
- -w "/work" \
8
- ruby:2.5 bash -ec "
9
- gem install -N parse_a_changelog
10
- parse ./CHANGELOG.md
11
- "
12
-
data/ci/configure_v4.sh DELETED
@@ -1,12 +0,0 @@
1
- #!/bin/bash -e
2
-
3
- cat << "CONFIGURE" | docker exec -i $(docker-compose ps -q conjur_4) bash
4
- set -e
5
-
6
- /opt/conjur/evoke/bin/wait_for_conjur
7
- evoke ca regenerate conjur_4
8
- /opt/conjur/evoke/bin/wait_for_conjur
9
- env CONJUR_AUTHN_LOGIN=admin CONJUR_AUTHN_API_KEY=secret conjur policy load --as-group security_admin /etc/policy.yml
10
- CONFIGURE
11
-
12
- docker cp $(docker-compose ps -q conjur_4):/opt/conjur/etc/ssl/ca.pem ./tmp/conjur.pem
data/ci/configure_v5.sh DELETED
@@ -1,14 +0,0 @@
1
- #!/bin/bash -e
2
-
3
- cat << "CONFIGURE" | docker exec -i $(docker-compose ps -q conjur_5) bash
4
- set -e
5
-
6
- for _ in $(seq 20); do
7
- curl -o /dev/null -fs -X OPTIONS http://localhost > /dev/null && break
8
- echo .
9
- sleep 2
10
- done
11
-
12
- # So we fail if the server isn't up yet:
13
- curl -o /dev/null -fs -X OPTIONS http://localhost > /dev/null
14
- CONFIGURE