conjur-api 5.3.8.pre.3 → 5.3.8.pre.8

data/lib/conjur/acts_as_role.rb

@@ -1,142 +0,0 @@
-# frozen_string_literal: true
-
-# Copyright 2013-2018 CyberArk Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-module Conjur
-
-  # This module provides methods for things that have an associated {Conjur::Role}.
-  #
-  # All high level Conjur assets (groups and users, for example) are composed of both a role and a resource.  This allows
-  # these assets to have permissions on other assets, and for other assets to have permission
-  # on them.
-  #
-  # The {Conjur::ActsAsRole} module itself should be considered private, but it's methods are
-  # public when added to a Conjur asset class.
-  module ActsAsRole
-    
-    # Login name of the role. This is formed from the role kind and role id.
-    # For users, the role kind can be omitted.
-    def login
-      [ kind, identifier ].delete_if{|t| t == "user"}.join('/')
-    end
-
-    # Check whether this object exists by performing a HEAD request to its URL.
-    #
-    # This method will return false if the object doesn't exist.
-    #
-    # @example
-    #   does_not_exist = api.user 'does-not-exist' # This returns without error.
-    #
-    #   # this is wrong!
-    #   owner = does_not_exist.members # raises RestClient::ResourceNotFound
-    #
-    #   # this is right!
-    #   owner = if does_not_exist.exists?
-    #     does_not_exist.members
-    #   else
-    #     nil # or some sensible default
-    #   end
-    #
-    # @return [Boolean] does it exist?
-    def exists?
-      begin
-        rbac_role_resource.head
-        true
-      rescue RestClient::Forbidden
-        true
-      rescue RestClient::ResourceNotFound
-        false
-      end
-    end
-
-    # Find all roles of which this role is a member.  By default, role relationships are recursively expanded,
-    # so if `a` is a member of `b`, and `b` is a member of `c`, `a.all` will include `c`.
-    #
-    # ### Permissions
-    # You must be a member of the role to call this method.
-    #
-    # You can restrict the roles returned to one or more role ids.  This feature is mainly useful
-    # for checking whether this role is a member of any of a set of roles.
-    #
-    # ### Options
-    #
-    # * **recursive** Defaults to +true+, performs recursive expansion of the memberships.
-    #
-    # @example Show all roles of which `"conjur:group:pubkeys-1.0/key-managers"` is a member
-    #   # Add alice to the group, so we see something interesting
-    #   key_managers = api.group('pubkeys-1.0/key-managers')
-    #   key_managers.add_member api.user('alice')
-    #
-    #   # Show the memberships, mapped to the member ids.
-    #   key_managers.role.all.map(&:id)
-    #   # => ["conjur:group:pubkeys-1.0/admin", "conjur:user:alice"]
-    #
-    # @example See if role `"conjur:user:alice"` is a member of either `"conjur:groups:developers"` or `"conjur:group:ops"`
-    #   is_member = api.role('conjur:user:alice').all(filter: ['conjur:group:developers', 'conjur:group:ops']).any?
-    #
-    # @param [Hash] options options for the request
-    # @return [Array<Conjur::Role>] Roles of which this role is a member
-    def memberships options = {}
-      request = if options.delete(:recursive) == false
-        options["memberships"] = true
-      else
-        options["all"] = true
-      end
-      if filter = options.delete(:filter)
-        filter = [filter] unless filter.is_a?(Array)
-        options["filter"] = filter.map(&Id.method(:new))
-      end
-
-      result = JSON.parse(rbac_role_resource[options_querystring options].get)
-      if result.is_a?(Hash) && ( count = result['count'] )
-        count
-      else
-        host = Conjur.configuration.core_url
-        result.collect do |item|
-          if item.is_a?(String)
-            build_object(item, default_class: Role)
-          else
-            RoleGrant.parse_from_json(item, self.options)
-          end
-        end
-      end
-    end
-    
-    # Fetch the direct members of this role. The results are *not* recursively expanded).
-    #
-    # ### Permissions
-    # You must be a member of the role to call this method.
-    # 
-    # @param options [Hash, nil] extra parameters to pass to the webservice method.
-    # @return [Array<Conjur::RoleGrant>] the role memberships
-    # @raise [RestClient::Forbidden] if you don't have permission to perform this operation
-    def members options = {}
-      options["members"] = true
-      result = JSON.parse(rbac_role_resource[options_querystring options].get)
-      if result.is_a?(Hash) && ( count = result['count'] )
-        count
-      else
-        parser_for(:members, credentials, result)
-      end
-    end
-
-    private
-
-    # RestClient::Resource for RBAC role operations.
-    def rbac_role_resource
-      url_for(:roles_role, credentials, id)    
-    end
-  end
-end

data/lib/conjur/acts_as_rolsource.rb

@@ -1,32 +0,0 @@
-#
-# Copyright (C) 2013-2017 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-module Conjur
-
-  # This module provides methods for things that have an associated {Conjur::Role} and
-  # {Conjur::Resource}.
-  module ActsAsRolsource
-    # @api private
-    def self.included(base)
-      base.include ActsAsRole
-      base.include ActsAsResource
-    end
-  end
-end

data/lib/conjur/acts_as_user.rb

@@ -1,68 +0,0 @@
-#
-# Copyright 2013-2017 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-module Conjur
-  # This module provides methods for things that are like users (specifically, those that have
-  # api keys).
-  module ActsAsUser
-    # @api private
-    def self.included(base)
-      base.include ActsAsRolsource
-    end
-
-    # Returns a newly created user's api_key.
-    #
-    # @note The API key is not returned by {API#resource}. It is only available
-    # via {API#login}, when the object is newly created, and when the API key is rotated.
-    #
-    # @return [String] the api key
-    # @raise [Exception] when the object isn't newly created.
-    def api_key
-      attributes['api_key'] or raise "api_key is only available on a newly created #{kind}"
-    end
-
-    # Create an api logged in as this user-like thing.
-    #
-    # @note As with {#api_key}, this method only works on newly created instances.
-    # @see #api_key
-    # @return [Conjur::API] an api logged in as this user-like thing.
-    def api
-      Conjur::API.new_from_key login, api_key, account: account
-    end
-
-    # Rotate this role's API key. You must have `update` permission on the user to do so.
-    #
-    # @note You will not be able to access the API key returned by this method later, so you should
-    #   probably hang onto it it.
-    #
-    # @note You cannot rotate your own API key with this method. To do so, use `Conjur::API.rotate_api_key`.
-    #
-    # @note This feature requires a Conjur appliance running version 4.6 or higher.
-    #
-    # @return [String] the new API key for this user.
-    def rotate_api_key
-      if login == username
-        raise 'You cannot rotate your own API key via this method. To do so, use `Conjur::API.rotate_api_key`'
-      end
-
-      url_for(:authn_rotate_api_key, credentials, account, id).put("").body
-    end
-  end
-end

data/lib/conjur/api/authenticators.rb

@@ -1,43 +0,0 @@
-# frozen_string_literal: true
-
-require 'conjur/webservice'
-
-module Conjur
-  # API contains each of the methods for access the Conjur API endpoints
-  #-- :reek:DataClump for authenticator identifier fields (name, id, account)
-  class API
-    # @!group Authenticators
-
-    # List all configured authenticators
-    def authenticator_list
-      JSON.parse(url_for(:authenticators).get)
-    end
-
-    # Fetches the available authentication providers for the authenticator and account.
-    # The authenticators must be loaded in Conjur policy prior to fetching.
-    #
-    # @param [String] authenticator the authenticator type to retrieve providers for
-    def authentication_providers authenticator, account: Conjur.configuration.account
-      JSON.parse(url_for(:authentication_providers, account, authenticator, credentials).get)
-    end
-
-    # Enables an authenticator in Conjur. The authenticator must be defined and
-    # loaded in Conjur policy prior to enabling it.
-    # 
-    # @param [String] authenticator the authenticator type to enable (e.g. authn-k8s)
-    # @param [String] id the service ID of the authenticator to enable
-    def authenticator_enable authenticator, id, account: Conjur.configuration.account
-      url_for(:authenticator, account, authenticator, id, credentials).patch(enabled: true)
-    end
-
-    # Disables an authenticator in Conjur.
-    # 
-    # @param [String] authenticator the authenticator type to disable (e.g. authn-k8s)
-    # @param [String] id the service ID of the authenticator to disable
-    def authenticator_disable authenticator, id, account: Conjur.configuration.account
-      url_for(:authenticator, account, authenticator, id, credentials).patch(enabled: false)
-    end
-
-    # @!endgroup
-  end
-end

data/lib/conjur/api/authn.rb

@@ -1,144 +0,0 @@
-#
-# Copyright 2013-2017 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-require 'conjur/user'
-
-module Conjur
-  class API
-    def whoami
-      JSON.parse(url_for(:whoami, credentials).get)
-    end
-
-    class << self
-      #@!group Authentication
-
-      # Exchanges a username and a password for an api key.  The api key
-      #   is preferable for storage and use in code, as it can be rotated and has far greater entropy than
-      #   a user memorizable password.
-      #
-      #  * Note that this method works only for {Conjur::User}s. While
-      #   {Conjur::Host}s are roles, they do not have passwords.
-      #  * If you pass an api key to this method instead of a password, it will verify and return the API key.
-      #  * This method uses HTTP Basic Authentication to send the credentials.
-      #
-      # @example
-      #   bob_api_key = Conjur::API.login('bob', 'bob_password')
-      #   bob_api_key == Conjur::API.login('bob', bob_api_key)  # => true
-      #
-      # @param [String] username The `username` or `login` for the
-      #   {http://developer.conjur.net/reference/services/directory/user Conjur User}.
-      # @param [String] password The `password` or `api key` to authenticate with.
-      # @param [String] account The organization account.
-      # @return [String] the API key.
-      def login username, password, account: Conjur.configuration.account
-        if Conjur.log
-          Conjur.log << "Logging in #{username} to account #{account} via Basic authentication\n"
-        end
-        url_for(:authn_login, account, username, password).get
-      end
-
-      # Authenticates using a third party authenticator like authn-oidc.  It will return an
-      # access token to be used to authenticate further API calls.
-      #
-      # @param [String] authenticator
-      # @param [String] service_id
-      # @param [String] account The organization account.
-      # @param [Hash] params Additional params to send to authenticator
-      # @return [String] A JSON formatted authentication token.
-      def authenticator_authenticate authenticator, service_id, account: Conjur.configuration.account, options: {}
-        if Conjur.log
-          Conjur.log << "Authenticating to account #{account} using #{authenticator}/#{service_id}\n"
-        end
-        JSON.parse url_for(:authenticator_authenticate, account, service_id, authenticator, options).get
-      end
-
-      # Exchanges Conjur the API key (refresh token) for an access token.  The access token can
-      # then be used to authenticate further API calls.
-      #
-      # @param [String] username The username or host id for which we want a token
-      # @param [String] api_key The api key
-      # @param [String] account The organization account.
-      # @return [String] A JSON formatted authentication token.
-      def authenticate username, api_key, account: Conjur.configuration.account
-        account ||= Conjur.configuration.account
-        if Conjur.log
-          Conjur.log << "Authenticating #{username} to account #{account}\n"
-        end
-        JSON.parse url_for(:authn_authenticate, account, username).post(api_key, content_type: 'text/plain')
-      end
-
-      # Obtains an access token from the +authn_local+ service. The access token can
-      # then be used to authenticate further API calls.
-      #
-      # @param [String] username The username or host id for which we want a token
-      # @param [String] account The organization account.
-      # @return [String] A JSON formatted authentication token.
-      def authenticate_local username, account: Conjur.configuration.account, expiration: nil, cidr: nil
-        account ||= Conjur.configuration.account
-        if Conjur.log
-          Conjur.log << "Authenticating #{username} to account #{account} using authn_local\n"
-        end
-
-        require 'json'
-        require 'socket'
-        message = url_for(:authn_authenticate_local, username, account, expiration, cidr)
-        JSON.parse(UNIXSocket.open(Conjur.configuration.authn_local_socket) {|s| s.puts message; s.gets })
-      end
-
-      # Change a user's password.  To do this, you must have the user's current password.  This does not change or rotate
-      #   api keys. However, you *can* use the user's api key as the *current* password, if the user was not created
-      #   with a password.
-      #
-      # @param [String] username the name of the user whose password we want to change.
-      # @param [String] password the user's *current* password *or* api key.
-      # @param [String] new_password the new password for the user.
-      # @param [String] account The organization account.
-      # @return [void]
-      def update_password username, password, new_password, account: Conjur.configuration.account
-        if Conjur.log
-          Conjur.log << "Updating password for #{username} in account #{account}\n"
-        end
-        url_for(:authn_update_password, account, username, password).put new_password
-      end
-
-      #@!endgroup
-
-      #@!group Password and API key management
-
-      # Rotate the currently authenticated user or host API key by generating and returning a new one.
-      # The old API key is no longer valid after calling this method.  You must have the current
-      # API key or password to perform this operation.  This method *does not* affect a user's password.
-      #
-      # @param [String] username the name of the user or host whose API key we want to change
-      # @param [String] password the user's current api key
-      # @param [String] account The organization account.
-      # @return [String] the new API key
-      def rotate_api_key username, password, account: Conjur.configuration.account
-        if Conjur.log
-          Conjur.log << "Rotating API key for self (#{username} in account #{account})\n"
-        end
-
-        url_for(:authn_rotate_own_api_key, account, username, password).put('').body
-      end
-
-      #@!endgroup
-    end
-  end
-end

data/lib/conjur/api/host_factories.rb

@@ -1,71 +0,0 @@
-# frozen_string_literal: true
-
-# Copyright 2013-2018 CyberArk Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-require 'conjur/host_factory'
-
-module Conjur
-  class API
-    #@!group Host Factory
-
-    class << self
-      # Use a host factory token to create a new host. Unlike most other methods, this
-      # method does not require a Conjur access token. The host factory token is the
-      # authentication and authorization to create the host.
-      #
-      # The token must be valid. The host id can be a new host, or an existing host. 
-      # If the host already exists, the server verifies that its layer memberships
-      # match the host factory exactly. Then, its API key is rotated and returned with
-      # the response.
-      # 
-      # @param [String] token the host factory token.
-      # @param [String] id the id of a new or existing host.
-      # @param options [Hash] additional host creation options.
-      # @return [Host]
-      def host_factory_create_host token, id, options = {}
-        token = token.token if token.is_a?(HostFactoryToken)
-        response = url_for(:host_factory_create_host, token)
-          .post(options.merge(id: id)).body
-
-        attributes = JSON.parse(response)
-        # in v4 'id' is just the identifier
-        host_id = attributes['roleid'] || attributes['id']
-
-        Host.new(host_id, {}).tap do |host|
-          host.attributes = attributes
-        end
-      end
-      
-      # Revokes a host factory token. After revocation, the token can no longer be used to 
-      # create hosts.
-      # 
-      # @param [Hash] credentials authentication credentials of the current user.
-      # @param [String] token the host factory token.
-      def revoke_host_factory_token credentials, token
-        url_for(:host_factory_revoke_token, credentials, token).delete
-      end
-    end
-    
-      # Revokes a host factory token. After revocation, the token can no longer be used to 
-      # create hosts.
-      # 
-      # @param [String] token the host factory token.
-    def revoke_host_factory_token token
-      self.class.revoke_host_factory_token credentials, token
-    end
-
-    #@!endgroup
-  end
-end

data/lib/conjur/api/ldap_sync.rb

@@ -1,38 +0,0 @@
-#
-# Copyright 2013-2018 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-
-module Conjur
-  class API
-    
-    # Retrieve the policy for the given LDAP sync
-    # configuration. Configurations created through the Conjur UI are
-    # named +default+, so the default value of +config_name+ can be
-    # used.
-    #
-    # For details on the use of LDAP sync, see
-    # https://developer.conjur.net/reference/services/ldap_sync/ .
-    #
-    # @param [String] config_name the name of the LDAP sync configuration.
-    def ldap_sync_policy config_name: 'default'
-      JSON.parse(url_for(:ldap_sync_policy, credentials, config_name).get)
-    end
-  end
-end

data/lib/conjur/api/policies.rb

@@ -1,56 +0,0 @@
-#
-# Copyright 2013-2017 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-require 'conjur/policy_load_result'
-require 'conjur/policy'
-
-module Conjur
-  class API
-    #@!group Policy management
-    
-    # Append only.
-    POLICY_METHOD_POST = :post
-    # Allow explicit deletion statements, but don't delete implicitly delete data.
-    POLICY_METHOD_PATCH = :patch
-    # Replace the policy entirely, deleting any existing data that is not declared in the new policy.
-    POLICY_METHOD_PUT = :put
-
-    # Load a policy document into the server.
-    #
-    # The modes are support for policy loading:
-    #
-    # * POLICY_METHOD_POST Policy data will be added to the named policy. Deletions are not allowed.
-    # * POLICY_METHOD_PATCH Policy data can be added to or deleted from the named policy. Deletions
-    # are performed by an explicit `!delete` statement.
-    # * POLICY_METHOD_PUT The policy completely replaces the name policy. Policy data which is present
-    # in the server, but not present in the new policy definition, is deleted.
-    #
-    # @param id [String] id of the policy to load.
-    # @param policy [String] YAML-formatted policy definition. 
-    # @param account [String] Conjur organization account
-    # @param method [Symbol] Policy load method to use: {POLICY_METHOD_POST} (default), {POLICY_METHOD_PATCH}, or {POLICY_METHOD_PUT}.
-    def load_policy id, policy, account: Conjur.configuration.account, method: POLICY_METHOD_POST
-      request = url_for(:policies_load_policy, credentials, account, id)
-      PolicyLoadResult.new JSON.parse(request.send(method, policy))
-    end
-
-    #@!endgroup
-  end
-end

data/lib/conjur/api/pubkeys.rb

@@ -1,53 +0,0 @@
-#
-# Copyright 2013-2017 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-
-module Conjur
-
-  class API
-    class << self
-      # @!group Public Keys
-
-      # Fetch *all*  public keys for the user.  This method returns a newline delimited
-      # String for compatibility with the authorized_keys SSH format.
-      #
-      #
-      # If the given user does not exist, an empty String will be returned.  This is to prevent attackers from determining whether
-      # a user exists.
-      #
-      # ## Permissions
-      # You do not need any special permissions to call this method, since public keys are, well, public.
-      #
-      #
-      # @example
-      #   puts api.public_keys('jon')
-      #   # ssh-rsa [big long string] jon@albert
-      #   # ssh-rsa [big long string] jon@conjurops
-      #
-      # @param [String] username the *unqualified* Conjur username
-      # @return [String] newline delimited public keys
-      def public_keys username, account: Conjur.configuration.account
-        url_for(:public_keys_for_user, account, username).get
-      end
-
-      #@!endgroup
-    end
-  end
-end