conjur-api 5.3.8.pre.194 → 5.4.0.pre.341

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 55410ede74a66c16a7fec901e52d6b934ff385317c6563610e3143a331a2c379
4
- data.tar.gz: bda62f61a578d58845a0f78ede6141aea1c074a02ba5fa74b02ebc95f154aae1
3
+ metadata.gz: ebf83cd8d162a64929094a300fa96a7d1a3bac22ef728826d0bb4dd2addf3ad9
4
+ data.tar.gz: b10ff6b557c5cc16879950f638b0cacf7149a4fa68c752125d54f94bea78b298
5
5
  SHA512:
6
- metadata.gz: e17d66e8b4cddcf0ad19c9c8c4acad960a4392718a03d284fc97be650fd5b4bad590f7fd80cc448a3587c8f1485c3fd23fa7504b2e2ce1e649e65ad540762db3
7
- data.tar.gz: 6d46d1442222981f6b36899a6f8cd247dd55dea420c6c621677af2780c750f5d72ebed1d283701be1514a43b646c8ca22ba4998b43c5221e05b25722113b3962
6
+ metadata.gz: 8e72a11c756d9bbf6517f5a6298a73ede7ef4087d74f021808471fe831d06db86bf23c9cf8f7e5efe78da248d032ec577c51813d5f0bbc12a345701f3d89eb61
7
+ data.tar.gz: 4614348f7e47a4eb1643740e5015512d9b66413331ab8a7e777047811fdf7370fa40e4e4ae455919cf0fa4398dad754718c0ca44fa3e16f80eb55b0a16d44648
@@ -1,5 +1,5 @@
1
1
  AllCops:
2
- TargetRubyVersion: 2.5
2
+ TargetRubyVersion: 2.7
3
3
 
4
4
  # These non-default settings best reflect our current code style.
5
5
  Style/MethodDefParentheses:
data/CHANGELOG.md CHANGED
@@ -9,7 +9,19 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
9
9
  - Nothing should go in this section, please add to the latest unreleased version
10
10
  (and update the corresponding date), or add a new version.
11
11
 
12
- ## [5.3.8] - 2022-01-31
12
+ ## [5.4.0] - 2022-08-16
13
+
14
+ ### Added
15
+ - Added support for OIDC V2 authentication endpoint.
16
+ [cyberark/cojnur-api-ruby#207](https://github.com/cyberark/conjur-api-ruby/pull/207)
17
+ - Added support for OIDC authenticator providers endpoint.
18
+ [cyberark/cojnur-api-ruby#207](https://github.com/cyberark/conjur-api-ruby/pull/207)
19
+
20
+ ### Changed
21
+ - Remove support for Ruby versions <2.7 which are [end of life](https://endoflife.date/ruby).
22
+ [cyberark/conjur-api-ruby#206](https://github.com/cyberark/conjur-api-ruby/pull/206)
23
+ - Adding operation call to fetch authentication providers
24
+ [cyberark/conjur-api-ruby#206](https://github.com/cyberark/conjur-api-ruby/pull/206)
13
25
 
14
26
  ## [5.3.7] - 2021-12-28
15
27
 
@@ -364,7 +376,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
364
376
 
365
377
  ## [2.0.0] - 2013-13-12
366
378
 
367
- [Unreleased]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.6...HEAD
379
+ [Unreleased]: https://github.com/cyberark/conjur-api-ruby/compare/v5.4.0...HEAD
380
+ [5.4.0]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.7...v5.4.0
368
381
  [5.3.7]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.6...v5.3.7
369
382
  [5.3.6]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.5...v5.3.6
370
383
  [5.3.5]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.4...v5.3.5
data/CONTRIBUTING.md CHANGED
@@ -123,11 +123,8 @@ $ docker-compose down
123
123
  ### Update the version and changelog
124
124
 
125
125
  1. Create a new branch for the version bump.
126
- 1. Based on the unreleased content, determine the new version number and update
127
- the [version.rb](lib/conjur-api/version.rb) file.
128
126
  1. Commit these changes - `Bump version to x.y.z` is an acceptable commit message - and open a PR
129
- for review. Your PR should include updates to `lib/conjur-api/version.rb`, and
130
- `CHANGELOG.md`.
127
+ for review. Your PR should include updates to `CHANGELOG.md`.
131
128
 
132
129
  ### Add a git tag
133
130
 
data/Jenkinsfile CHANGED
@@ -58,40 +58,6 @@ pipeline {
58
58
  }
59
59
  }
60
60
 
61
- stage('Test Ruby 2.5') {
62
- environment {
63
- RUBY_VERSION = '2.5'
64
- }
65
- steps {
66
- sh './test.sh'
67
- }
68
-
69
- post {
70
- always {
71
- junit 'spec/reports/*.xml'
72
- junit 'features/reports/*.xml'
73
- junit 'features_v4/reports/*.xml'
74
- }
75
- }
76
- }
77
-
78
- stage('Test Ruby 2.6') {
79
- environment {
80
- RUBY_VERSION = '2.6'
81
- }
82
- steps {
83
- sh './test.sh'
84
- }
85
-
86
- post {
87
- always {
88
- junit 'spec/reports/*.xml'
89
- junit 'features/reports/*.xml'
90
- junit 'features_v4/reports/*.xml'
91
- }
92
- }
93
- }
94
-
95
61
  stage('Test Ruby 2.7') {
96
62
  environment {
97
63
  RUBY_VERSION = '2.7'
@@ -149,10 +115,12 @@ pipeline {
149
115
  steps {
150
116
  release {
151
117
  // Clean up all but the calculated VERSION
152
- sh '''docker run -i --rm -v $PWD:/src -w /src alpine/git clean -fxd \
153
- -e VERSION \
154
- -e bom-assets/ \
155
- -e release-assets/ '''
118
+ sh '''docker run -i --rm -v $(pwd):/src -w /src --entrypoint /bin/sh alpine/git \
119
+ -c "git config --global --add safe.directory /src && \
120
+ git clean -fdx \
121
+ -e VERSION \
122
+ -e bom-assets/ \
123
+ -e release-assets" '''
156
124
  sh './publish.sh'
157
125
  sh 'cp conjur-api-*.gem release-assets/.'
158
126
  }
data/VERSION CHANGED
@@ -1 +1 @@
1
- 5.3.8-194
1
+ 5.4.0-341
@@ -5,7 +5,7 @@ cd "$(dirname "$0")"
5
5
  docker run --rm \
6
6
  -v "$PWD/..:/work" \
7
7
  -w "/work" \
8
- ruby:2.5 bash -ec "
8
+ ruby:2.7 bash -ec "
9
9
  gem install -N parse_a_changelog
10
10
  parse ./CHANGELOG.md
11
11
  "
data/ci/configure_v5.sh CHANGED
@@ -1,5 +1,7 @@
1
1
  #!/bin/bash -e
2
2
 
3
+ source ./ci/oauth/keycloak/keycloak_functions.sh
4
+
3
5
  cat << "CONFIGURE" | docker exec -i $(docker-compose ps -q conjur_5) bash
4
6
  set -e
5
7
 
@@ -12,3 +14,6 @@ done
12
14
  # So we fail if the server isn't up yet:
13
15
  curl -o /dev/null -fs -X OPTIONS http://localhost > /dev/null
14
16
  CONFIGURE
17
+
18
+ fetch_keycloak_certificate
19
+ create_keycloak_users
@@ -0,0 +1,18 @@
1
+ #!/bin/sh
2
+
3
+
4
+ keycloak/bin/kcreg.sh config credentials \
5
+ --server http://localhost:8080/auth \
6
+ --realm master \
7
+ --user "$KEYCLOAK_USER" \
8
+ --password "$KEYCLOAK_PASSWORD"
9
+
10
+ keycloak/bin/kcreg.sh create \
11
+ -s clientId="$KEYCLOAK_CLIENT_ID" \
12
+ -s "redirectUris=[\"$KEYCLOAK_REDIRECT_URI\"]" \
13
+ -s "secret=$KEYCLOAK_CLIENT_SECRET"
14
+
15
+ # Enable direct access to get an id token with username & password
16
+ keycloak/bin/kcreg.sh update conjurClient -s directAccessGrantsEnabled=true
17
+
18
+ keycloak/bin/kcreg.sh get "$KEYCLOAK_CLIENT_ID" | jq '.secret'
@@ -0,0 +1,21 @@
1
+ #!/bin/sh
2
+
3
+ echo "login as admin with user $KEYCLOAK_USER"
4
+
5
+ keycloak/bin/kcadm.sh config credentials \
6
+ --server http://localhost:8080/auth \
7
+ --realm master \
8
+ --user "$KEYCLOAK_USER" \
9
+ --password "$KEYCLOAK_PASSWORD"
10
+
11
+ echo "creating user $1 with email $3"
12
+
13
+ keycloak/bin/kcadm.sh create users \
14
+ -s username="$1" \
15
+ -s email="$3" \
16
+ -s enabled=true
17
+
18
+ echo "setting password of user $1 to $2"
19
+ keycloak/bin/kcadm.sh set-password \
20
+ --username "$1" \
21
+ -p "$2"
@@ -0,0 +1,18 @@
1
+ #!/bin/sh
2
+
3
+ # This script retrieves a certificate from the keycloak OIDC provider
4
+ # and puts it to a trusted operating system store.
5
+ # It is needed to communicate with the provider via SSL for validating ID tokens
6
+
7
+ openssl s_client \
8
+ -showcerts \
9
+ -connect keycloak:8443 \
10
+ -servername keycloak \
11
+ </dev/null | \
12
+ openssl x509 \
13
+ -outform PEM \
14
+ >/etc/ssl/certs/keycloak.pem
15
+
16
+ hash=$(openssl x509 -hash -in /etc/ssl/certs/keycloak.pem -out /dev/null)
17
+
18
+ ln -s /etc/ssl/certs/keycloak.pem "/etc/ssl/certs/${hash}.0"
@@ -0,0 +1,71 @@
1
+ #!/usr/bin/env bash
2
+
3
+ KEYCLOAK_SERVICE_NAME="keycloak"
4
+
5
+ # Note: the single arg is a nameref, which this function sets to an array
6
+ # containing items of the form "KEY=VAL".
7
+ function _hydrate_keycloak_env_args() {
8
+ local -n arr=$1
9
+ local keycloak_items
10
+
11
+ readarray -t keycloak_items < <(
12
+ set -o pipefail
13
+ # Note: This prints all lines that look like:
14
+ # KEYCLOAK_XXX=someval
15
+ docker-compose exec -T ${KEYCLOAK_SERVICE_NAME} printenv | awk '/KEYCLOAK/'
16
+ )
17
+
18
+ # shellcheck disable=SC2034
19
+ arr=(
20
+ "${keycloak_items[@]}"
21
+ "PROVIDER_URI=https://keycloak:8443/auth/realms/master"
22
+ "PROVIDER_INTERNAL_URI=http://keycloak:8080/auth/realms/master/protocol/openid-connect"
23
+ "PROVIDER_ISSUER=http://keycloak:8080/auth/realms/master"
24
+ "ID_TOKEN_USER_PROPERTY=preferred_username"
25
+ )
26
+ }
27
+
28
+ # The arguments must be unexpanded variable names. Eg:
29
+ #
30
+ # _create_keycloak_user '$APP_USER' '$APP_PW' '$APP_EMAIL'
31
+ #
32
+ # This is because those variables are not available to this script. They are
33
+ # available to bash commands run via "docker-compose exec keycloak bash
34
+ # -c...", since they're defined in the docker-compose.yml.
35
+ function _create_keycloak_user() {
36
+ local user_var=$1
37
+ local pw_var=$2
38
+ local email_var=$3
39
+
40
+ docker-compose exec -T \
41
+ ${KEYCLOAK_SERVICE_NAME} \
42
+ bash -c "/scripts/create_user \"$user_var\" \"$pw_var\" \"$email_var\""
43
+ }
44
+
45
+ function create_keycloak_users() {
46
+ echo "Defining keycloak client"
47
+
48
+ docker-compose exec -T ${KEYCLOAK_SERVICE_NAME} /scripts/create_client
49
+
50
+ echo "Creating user 'alice' in Keycloak"
51
+
52
+ # Note: We want to pass the bash command thru without expansion here.
53
+ # shellcheck disable=SC2016
54
+ _create_keycloak_user \
55
+ '$KEYCLOAK_APP_USER' \
56
+ '$KEYCLOAK_APP_USER_PASSWORD' \
57
+ '$KEYCLOAK_APP_USER_EMAIL'
58
+ }
59
+
60
+ function wait_for_keycloak_server() {
61
+ docker-compose exec -T \
62
+ ${KEYCLOAK_SERVICE_NAME} /scripts/wait_for_server
63
+ }
64
+
65
+ function fetch_keycloak_certificate() {
66
+ # there's a dep on the docker-compose.yml volumes.
67
+ # Fetch SSL cert to communicate with keycloak (OIDC provider).
68
+ echo "Initialize keycloak certificate in conjur server"
69
+ docker-compose exec -T \
70
+ conjur_5 /scripts/fetch_certificate
71
+ }