conjur-api 5.3.8.pre.3 → 5.3.8.pre.8

Sign up to get free protection for your applications and to get access to all the features.
Files changed (150) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. metadata +2 -193
  4. data/.codeclimate.yml +0 -10
  5. data/.dockerignore +0 -1
  6. data/.github/CODEOWNERS +0 -10
  7. data/.gitignore +0 -32
  8. data/.gitleaks.toml +0 -219
  9. data/.overcommit.yml +0 -16
  10. data/.project +0 -18
  11. data/.rubocop.yml +0 -3
  12. data/.rubocop_settings.yml +0 -86
  13. data/.rubocop_todo.yml +0 -709
  14. data/.yardopts +0 -1
  15. data/CHANGELOG.md +0 -448
  16. data/CONTRIBUTING.md +0 -138
  17. data/Dockerfile +0 -16
  18. data/Gemfile +0 -7
  19. data/Jenkinsfile +0 -137
  20. data/LICENSE +0 -202
  21. data/README.md +0 -162
  22. data/Rakefile +0 -47
  23. data/SECURITY.md +0 -42
  24. data/bin/parse-changelog.sh +0 -12
  25. data/ci/configure_v4.sh +0 -12
  26. data/ci/configure_v5.sh +0 -19
  27. data/ci/oauth/keycloak/create_client +0 -18
  28. data/ci/oauth/keycloak/create_user +0 -21
  29. data/ci/oauth/keycloak/fetch_certificate +0 -18
  30. data/ci/oauth/keycloak/keycloak_functions.sh +0 -71
  31. data/ci/oauth/keycloak/standalone.xml +0 -578
  32. data/ci/oauth/keycloak/wait_for_server +0 -56
  33. data/ci/submit-coverage +0 -36
  34. data/conjur-api.gemspec +0 -41
  35. data/dev/Dockerfile.dev +0 -12
  36. data/dev/docker-compose.yml +0 -56
  37. data/dev/start +0 -22
  38. data/dev/stop +0 -5
  39. data/docker-compose.yml +0 -98
  40. data/example/demo_v4.rb +0 -49
  41. data/example/demo_v5.rb +0 -57
  42. data/features/authenticators.feature +0 -41
  43. data/features/authn.feature +0 -14
  44. data/features/authn_local.feature +0 -32
  45. data/features/exists.feature +0 -37
  46. data/features/group.feature +0 -11
  47. data/features/host.feature +0 -50
  48. data/features/host_factory_create_host.feature +0 -28
  49. data/features/host_factory_token.feature +0 -63
  50. data/features/load_policy.feature +0 -61
  51. data/features/members.feature +0 -51
  52. data/features/new_api.feature +0 -36
  53. data/features/permitted.feature +0 -70
  54. data/features/permitted_roles.feature +0 -30
  55. data/features/public_keys.feature +0 -11
  56. data/features/resource_fields.feature +0 -53
  57. data/features/role_fields.feature +0 -15
  58. data/features/rotate_api_key.feature +0 -13
  59. data/features/step_definitions/api_steps.rb +0 -52
  60. data/features/step_definitions/policy_steps.rb +0 -134
  61. data/features/step_definitions/result_steps.rb +0 -11
  62. data/features/support/env.rb +0 -19
  63. data/features/support/hooks.rb +0 -3
  64. data/features/support/world.rb +0 -12
  65. data/features/update_password.feature +0 -14
  66. data/features/user.feature +0 -58
  67. data/features/variable_fields.feature +0 -20
  68. data/features/variable_value.feature +0 -60
  69. data/features_v4/authn_local.feature +0 -27
  70. data/features_v4/exists.feature +0 -29
  71. data/features_v4/host.feature +0 -18
  72. data/features_v4/host_factory_token.feature +0 -49
  73. data/features_v4/members.feature +0 -39
  74. data/features_v4/permitted.feature +0 -15
  75. data/features_v4/permitted_roles.feature +0 -8
  76. data/features_v4/resource_fields.feature +0 -47
  77. data/features_v4/rotate_api_key.feature +0 -13
  78. data/features_v4/step_definitions/api_steps.rb +0 -17
  79. data/features_v4/step_definitions/result_steps.rb +0 -3
  80. data/features_v4/support/env.rb +0 -23
  81. data/features_v4/support/policy.yml +0 -34
  82. data/features_v4/support/world.rb +0 -12
  83. data/features_v4/variable_fields.feature +0 -11
  84. data/features_v4/variable_value.feature +0 -54
  85. data/lib/conjur/acts_as_resource.rb +0 -123
  86. data/lib/conjur/acts_as_role.rb +0 -142
  87. data/lib/conjur/acts_as_rolsource.rb +0 -32
  88. data/lib/conjur/acts_as_user.rb +0 -68
  89. data/lib/conjur/api/authenticators.rb +0 -43
  90. data/lib/conjur/api/authn.rb +0 -144
  91. data/lib/conjur/api/host_factories.rb +0 -71
  92. data/lib/conjur/api/ldap_sync.rb +0 -38
  93. data/lib/conjur/api/policies.rb +0 -56
  94. data/lib/conjur/api/pubkeys.rb +0 -53
  95. data/lib/conjur/api/resources.rb +0 -109
  96. data/lib/conjur/api/roles.rb +0 -98
  97. data/lib/conjur/api/router/v4.rb +0 -206
  98. data/lib/conjur/api/router/v5.rb +0 -269
  99. data/lib/conjur/api/variables.rb +0 -59
  100. data/lib/conjur/api.rb +0 -105
  101. data/lib/conjur/base.rb +0 -355
  102. data/lib/conjur/base_object.rb +0 -57
  103. data/lib/conjur/build_object.rb +0 -47
  104. data/lib/conjur/cache.rb +0 -26
  105. data/lib/conjur/cert_utils.rb +0 -63
  106. data/lib/conjur/cidr.rb +0 -71
  107. data/lib/conjur/configuration.rb +0 -460
  108. data/lib/conjur/escape.rb +0 -129
  109. data/lib/conjur/exceptions.rb +0 -4
  110. data/lib/conjur/group.rb +0 -41
  111. data/lib/conjur/has_attributes.rb +0 -98
  112. data/lib/conjur/host.rb +0 -27
  113. data/lib/conjur/host_factory.rb +0 -75
  114. data/lib/conjur/host_factory_token.rb +0 -78
  115. data/lib/conjur/id.rb +0 -71
  116. data/lib/conjur/layer.rb +0 -9
  117. data/lib/conjur/log.rb +0 -72
  118. data/lib/conjur/log_source.rb +0 -60
  119. data/lib/conjur/policy.rb +0 -34
  120. data/lib/conjur/policy_load_result.rb +0 -61
  121. data/lib/conjur/query_string.rb +0 -12
  122. data/lib/conjur/resource.rb +0 -29
  123. data/lib/conjur/role.rb +0 -29
  124. data/lib/conjur/role_grant.rb +0 -85
  125. data/lib/conjur/routing.rb +0 -29
  126. data/lib/conjur/user.rb +0 -40
  127. data/lib/conjur/variable.rb +0 -208
  128. data/lib/conjur/webservice.rb +0 -30
  129. data/lib/conjur-api/version.rb +0 -24
  130. data/lib/conjur-api.rb +0 -2
  131. data/publish.sh +0 -5
  132. data/spec/api/host_factories_spec.rb +0 -34
  133. data/spec/api_spec.rb +0 -254
  134. data/spec/base_object_spec.rb +0 -13
  135. data/spec/cert_utils_spec.rb +0 -173
  136. data/spec/cidr_spec.rb +0 -34
  137. data/spec/configuration_spec.rb +0 -330
  138. data/spec/has_attributes_spec.rb +0 -63
  139. data/spec/helpers/errors_matcher.rb +0 -34
  140. data/spec/helpers/request_helpers.rb +0 -10
  141. data/spec/id_spec.rb +0 -29
  142. data/spec/ldap_sync_spec.rb +0 -21
  143. data/spec/log_source_spec.rb +0 -13
  144. data/spec/log_spec.rb +0 -42
  145. data/spec/roles_spec.rb +0 -24
  146. data/spec/spec_helper.rb +0 -113
  147. data/spec/ssl_spec.rb +0 -109
  148. data/spec/uri_escape_spec.rb +0 -21
  149. data/test.sh +0 -76
  150. data/tmp/.keep +0 -0
@@ -1,60 +0,0 @@
1
- Feature: Work with Variable values.
2
-
3
- Background:
4
- Given I run the code:
5
- """
6
- @variable_id = "password"
7
- $conjur.load_policy 'root', <<-POLICY
8
- - !variable #{@variable_id}
9
- - !variable #{@variable_id}-2
10
- POLICY
11
- @variable = $conjur.resource("cucumber:variable:#{@variable_id}")
12
- @variable_2 = $conjur.resource("cucumber:variable:#{@variable_id}-2")
13
- """
14
-
15
- Scenario: Add a value, retrieve the variable metadata and the value.
16
- When I run the code:
17
- """
18
- @initial_count = @variable.version_count
19
- @variable.add_value 'value-0'
20
- """
21
- And I run the code:
22
- """
23
- expect(@variable.version_count).to eq(@initial_count + 1)
24
- """
25
- And I run the code:
26
- """
27
- @variable.value(@variable.version_count)
28
- """
29
- Then the result should be "value-0"
30
-
31
- Scenario: Retrieve a historical value.
32
- Given I run the code:
33
- """
34
- @variable.add_value 'value-0'
35
- @variable.add_value 'value-1'
36
- @variable.add_value 'value-2'
37
- """
38
- When I run the code:
39
- """
40
- @variable.value(@variable.version_count - 2)
41
- """
42
- Then the result should be "value-0"
43
-
44
- Scenario: Retrieve multiple values in a batch
45
- Given I run the code:
46
- """
47
- @variable.add_value 'value-0'
48
- @variable_2.add_value 'value-2'
49
- """
50
- When I run the code:
51
- """
52
- $conjur.variable_values([ @variable, @variable_2 ].map(&:id))
53
- """
54
- Then the JSON should be:
55
- """
56
- {
57
- "cucumber:variable:password": "value-0",
58
- "cucumber:variable:password-2": "value-2"
59
- }
60
- """
@@ -1,27 +0,0 @@
1
- Feature: When co-located with the Conjur server, the API can use the authn-local service to authenticate.
2
-
3
- Scenario: authn-local can be used to obtain an access token.
4
- When I run the code:
5
- """
6
- Conjur::API.authenticate_local "alice"
7
- """
8
- Then the JSON should have "data"
9
-
10
- Scenario: Conjur API supports construction from authn-local.
11
- When I run the code:
12
- """
13
- @api = Conjur::API.new_from_authn_local "alice"
14
- @api.token
15
- """
16
- Then the JSON should have "data"
17
-
18
- Scenario: Conjur API will automatically refresh the token.
19
- When I run the code:
20
- """
21
- @api = Conjur::API.new_from_authn_local "alice"
22
- @api.token
23
- @api.force_token_refresh
24
- @api.token
25
- """
26
- Then the JSON should have "data"
27
- And the JSON at "data" should be "alice"
@@ -1,29 +0,0 @@
1
- Feature: Check if an object exists.
2
-
3
- Scenario: A created group resource exists
4
- When I run the code:
5
- """
6
- $conjur.resource('cucumber:group:developers').exists?
7
- """
8
- Then the result should be "true"
9
-
10
- Scenario: An un-created resource doesn't exist
11
- When I run the code:
12
- """
13
- $conjur.resource('cucumber:food:bacon').exists?
14
- """
15
- Then the result should be "false"
16
-
17
- Scenario: A created group role exists
18
- When I run the code:
19
- """
20
- $conjur.role('cucumber:group:developers').exists?
21
- """
22
- Then the result should be "true"
23
-
24
- Scenario: An un-created role doesn't exist
25
- When I run the code:
26
- """
27
- $conjur.role('cucumber:food:bacon').exists?
28
- """
29
- Then the result should be "false"
@@ -1,18 +0,0 @@
1
- Feature: Display Host object fields.
2
-
3
- Background:
4
- Given a new host
5
-
6
- Scenario: API key of a newly created host is available and valid.
7
- Then I run the code:
8
- """
9
- expect(@host.exists?).to be(true)
10
- expect(@host.api_key).to be
11
- """
12
-
13
- Scenario: API key of a a host can be rotated.
14
- Then I run the code:
15
- """
16
- api_key = @host.rotate_api_key
17
- Conjur::API.new_from_key("host/#{@host.id.identifier}", api_key).token
18
- """
@@ -1,49 +0,0 @@
1
- Feature: Working with host factory tokens.
2
-
3
- Background:
4
- Given I run the code:
5
- """
6
- @expiration = (DateTime.now + 1.hour).change(sec: 0)
7
- """
8
-
9
-
10
- Scenario: Create a new host factory token.
11
- When I run the code:
12
- """
13
- @token = $host_factory.create_token(@expiration)
14
- """
15
- Then I can run the code:
16
- """
17
- expect(@token).to be_instance_of(Conjur::HostFactoryToken)
18
- expect(@token.token).to be_instance_of(String)
19
- expiration = @token.expiration
20
- expiration = expiration.change(sec: 0)
21
- expect(expiration).to eq(@expiration)
22
- """
23
-
24
- Scenario: Create multiple new host factory tokens.
25
- When I run the code:
26
- """
27
- $host_factory.create_tokens @expiration, count: 2
28
- """
29
- Then the JSON should have 2 items
30
-
31
- Scenario: Revoke a host factory token using the token object.
32
- When I run the code:
33
- """
34
- @token = $host_factory.create_token @expiration
35
- """
36
- Then I can run the code:
37
- """
38
- @token.revoke
39
- """
40
-
41
- Scenario: Revoke a host factory token using the API.
42
- When I run the code:
43
- """
44
- @token = $host_factory.create_token @expiration
45
- """
46
- Then I can run the code:
47
- """
48
- $conjur.revoke_host_factory_token @token.token
49
- """
@@ -1,39 +0,0 @@
1
- Feature: Display role members and memberships.
2
-
3
- Scenario: Show a role's members.
4
- When I run the code:
5
- """
6
- $conjur.role('cucumber:group:everyone').members.map(&:as_json)
7
- """
8
- Then the JSON should be:
9
- """
10
- [
11
- {
12
- "admin_option": false,
13
- "member": "cucumber:group:developers",
14
- "role": "cucumber:group:everyone"
15
- },
16
- {
17
- "admin_option": true,
18
- "member": "cucumber:group:security_admin",
19
- "role": "cucumber:group:everyone"
20
- }
21
- ]
22
- """
23
-
24
- Scenario: Show a role's memberships.
25
- When I run the code:
26
- """
27
- $conjur.role('cucumber:group:developers').memberships.map(&:as_json)
28
- """
29
- Then the JSON should be:
30
- """
31
- [
32
- {
33
- "id": "cucumber:group:developers"
34
- },
35
- {
36
- "id": "cucumber:group:everyone"
37
- }
38
- ]
39
- """
@@ -1,15 +0,0 @@
1
- Feature: Check if a role has permission on a resource.
2
-
3
- Scenario: Check if the current user has the privilege.
4
- When I run the code:
5
- """
6
- $conjur.resource('cucumber:variable:db-password').permitted? 'execute'
7
- """
8
- Then the result should be "true"
9
-
10
- Scenario: Check if a different user has the privilege.
11
- When I run the code:
12
- """
13
- $conjur.resource('cucumber:variable:db-password').permitted? 'execute', role: "cucumber:user:bob"
14
- """
15
- Then the result should be "false"
@@ -1,8 +0,0 @@
1
- Feature: Enumerate roles which have a permission on a resource.
2
-
3
- Scenario: Permitted roles can be enumerated.
4
- When I run the code:
5
- """
6
- $conjur.resource('cucumber:variable:db-password').permitted_roles 'execute'
7
- """
8
- Then the JSON should include "cucumber:layer:myapp"
@@ -1,47 +0,0 @@
1
- Feature: Display basic resource fields.
2
-
3
- Scenario: Group exposes id, kind, identifier, and gidnumber.
4
- When I run the code:
5
- """
6
- resource = $conjur.resource('cucumber:group:developers')
7
- [ resource.id, resource.account, resource.kind, resource.identifier, resource.gidnumber ]
8
- """
9
- Then the JSON should be:
10
- """
11
- [
12
- "cucumber:group:developers",
13
- "cucumber",
14
- "group",
15
- "developers",
16
- 2000
17
- ]
18
- """
19
-
20
- Scenario: User exposes id, kind, identifier, and uidnumber.
21
- When I run the code:
22
- """
23
- resource = $conjur.resource('cucumber:user:alice')
24
- [ resource.id, resource.account, resource.kind, resource.identifier, resource.uidnumber ]
25
- """
26
- Then the JSON should be:
27
- """
28
- [
29
- "cucumber:user:alice",
30
- "cucumber",
31
- "user",
32
- "alice",
33
- 2000
34
- ]
35
- """
36
-
37
- Scenario: Resource#owner is the owner object
38
- When I run the code:
39
- """
40
- $conjur.resource('cucumber:group:developers').owner.id
41
- """
42
- Then the result should be "cucumber:group:security_admin"
43
- And I run the code:
44
- """
45
- $conjur.resource('cucumber:group:developers').class
46
- """
47
- Then the result should be "Conjur::Group"
@@ -1,13 +0,0 @@
1
- Feature: Rotate the API key.
2
-
3
- Scenario: Logged-in user can rotate the API key.
4
- When I run the code:
5
- """
6
- $conjur.role('cucumber:user:alice').rotate_api_key
7
- """
8
- Then I can run the code:
9
- """
10
- @api_key = @result.strip
11
- @conjur = Conjur::API.new_from_key 'alice', @api_key
12
- @conjur.token
13
- """
@@ -1,17 +0,0 @@
1
- Given(/^a new host$/) do
2
- @host_id = "app-#{random_hex}"
3
- host = Conjur::API.host_factory_create_host($token, @host_id)
4
- @host_api_key = host.api_key
5
- expect(@host_api_key).to be
6
-
7
- @host = $conjur.resource("cucumber:host:#{@host_id}")
8
- @host.attributes['api_key'] = @host_api_key
9
- end
10
-
11
- When(/^I(?: can)? run the code:$/) do |code|
12
- @result = eval(code).tap do |result|
13
- if ENV['DEBUG']
14
- puts result
15
- end
16
- end
17
- end
@@ -1,3 +0,0 @@
1
- Then(/^the result should be "([^"]+)"$/) do |expected|
2
- expect(@result.to_s).to eq(expected.to_s)
3
- end
@@ -1,23 +0,0 @@
1
- require 'simplecov'
2
-
3
- SimpleCov.start
4
-
5
- require 'json_spec/cucumber'
6
- require 'conjur/api'
7
-
8
- Conjur.configuration.appliance_url = ENV['CONJUR_APPLIANCE_URL'] || 'https://conjur_4/api'
9
- Conjur.configuration.account = ENV['CONJUR_ACCOUNT'] || 'cucumber'
10
- Conjur.configuration.cert_file = "./tmp/conjur.pem"
11
- Conjur.configuration.authn_local_socket = "/run/authn-local-4/.socket"
12
- Conjur.configuration.version = 4
13
-
14
- Conjur.configuration.apply_cert_config!
15
-
16
- $username = ENV['CONJUR_AUTHN_LOGIN'] || 'admin'
17
- $password = ENV['CONJUR_AUTHN_API_KEY'] || 'secret'
18
-
19
- $api_key = Conjur::API.login $username, $password
20
- $conjur = Conjur::API.new_from_key $username, $api_key
21
-
22
- $host_factory = $conjur.resource('cucumber:host_factory:myapp')
23
- $token = $host_factory.create_token(Time.now + 1.hour)
@@ -1,34 +0,0 @@
1
- - !user
2
- id: alice
3
- uidnumber: 2000
4
-
5
- - !group
6
- id: developers
7
- gidnumber: 2000
8
-
9
- - !group everyone
10
-
11
- - !grant
12
- role: !group everyone
13
- member: !group developers
14
-
15
- - !variable db-password
16
-
17
- - !variable ssh-key
18
-
19
- - !variable
20
- id: ssl-certificate
21
- kind: SSL certificate
22
- mime_type: application/x-pem-file
23
-
24
- - !layer myapp
25
-
26
- - !host-factory
27
- id: myapp
28
- layers: [ !layer myapp ]
29
-
30
- - !permit
31
- role: !layer myapp
32
- privileges: [ read, execute ]
33
- resources:
34
- - !variable db-password
@@ -1,12 +0,0 @@
1
- module ApiWorld
2
- def last_json
3
- @result.to_json
4
- end
5
-
6
- def random_hex nbytes = 12
7
- @random ||= Random.new
8
- @random.bytes(nbytes).unpack('h*').first
9
- end
10
- end
11
-
12
- World ApiWorld
@@ -1,11 +0,0 @@
1
- Feature: Display Variable fields.
2
-
3
- Background:
4
- When I run the code:
5
- """
6
- $conjur.resource('cucumber:variable:ssl-certificate')
7
- """
8
-
9
- Scenario: Display MIME type and kind
10
- Then the JSON at "mime_type" should be "application/x-pem-file"
11
- And the JSON at "kind" should be "SSL certificate"
@@ -1,54 +0,0 @@
1
- Feature: Work with Variable values.
2
- Background:
3
- Given I run the code:
4
- """
5
- @variable = $conjur.resource("cucumber:variable:db-password")
6
- @variable_2 = $conjur.resource("cucumber:variable:ssh-key")
7
- """
8
-
9
- Scenario: Add a value, retrieve the variable metadata and the value.
10
- Given I run the code:
11
- """
12
- @initial_count = @variable.version_count
13
- @variable.add_value 'value-0'
14
- """
15
- When I run the code:
16
- """
17
- expect(@variable.version_count).to eq(@initial_count + 1)
18
- """
19
- And I run the code:
20
- """
21
- @variable.value
22
- """
23
- Then the result should be "value-0"
24
-
25
- Scenario: Retrieve a historical value.
26
- Given I run the code:
27
- """
28
- @variable.add_value 'value-0'
29
- @variable.add_value 'value-1'
30
- @variable.add_value 'value-2'
31
- """
32
- When I run the code:
33
- """
34
- @variable.value(@variable.version_count - 2)
35
- """
36
- Then the result should be "value-0"
37
-
38
- Scenario: Retrieve multiple values in a batch
39
- Given I run the code:
40
- """
41
- @variable.add_value 'value-0'
42
- @variable_2.add_value 'value-2'
43
- """
44
- When I run the code:
45
- """
46
- $conjur.variable_values([ @variable, @variable_2 ].map(&:id))
47
- """
48
- Then the JSON should be:
49
- """
50
- {
51
- "db-password": "value-0",
52
- "ssh-key": "value-2"
53
- }
54
- """
@@ -1,123 +0,0 @@
1
- #
2
- # Copyright 2013-2017 Conjur Inc
3
- #
4
- # Permission is hereby granted, free of charge, to any person obtaining a copy of
5
- # this software and associated documentation files (the "Software"), to deal in
6
- # the Software without restriction, including without limitation the rights to
7
- # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
8
- # the Software, and to permit persons to whom the Software is furnished to do so,
9
- # subject to the following conditions:
10
- #
11
- # The above copyright notice and this permission notice shall be included in all
12
- # copies or substantial portions of the Software.
13
- #
14
- # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
- # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
16
- # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
17
- # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
18
- # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19
- # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
- #
21
-
22
- module Conjur
23
- # This module is included in object classes that have resource behavior.
24
- module ActsAsResource
25
- # @api private
26
- def self.included(base)
27
- base.include HasAttributes
28
- base.include Escape
29
- base.extend QueryString
30
- end
31
-
32
- # The full role id of the role that owns this resource.
33
- #
34
- # @example
35
- # api.current_role # => 'conjur:user:jon'
36
- # resource = api.create_resource 'conjur:example:resource-owner'
37
- # resource.owner # => 'conjur:user:jon'
38
- #
39
- # @return [String] the full role id of this resource's owner.
40
- def owner
41
- build_object attributes['owner'], default_class: Role
42
- end
43
-
44
- # Check whether this object exists by performing a HEAD request to its URL.
45
- #
46
- # This method will return false if the object doesn't exist.
47
- #
48
- # @example
49
- # does_not_exist = api.user 'does-not-exist' # This returns without error.
50
- #
51
- # # this is wrong!
52
- # owner = does_not_exist.owner # raises RestClient::ResourceNotFound
53
- #
54
- # # this is right!
55
- # owner = if does_not_exist.exists?
56
- # does_not_exist.owner
57
- # else
58
- # nil # or some sensible default
59
- # end
60
- #
61
- # @return [Boolean] does it exist?
62
- def exists?
63
- begin
64
- url_for(:resources_resource, credentials, id).head
65
- true
66
- rescue RestClient::Forbidden
67
- true
68
- rescue RestClient::ResourceNotFound
69
- false
70
- end
71
- end
72
-
73
- # Lists roles that have a specified privilege on the resource.
74
- #
75
- # This will return only roles of which api.current_user is a member.
76
- #
77
- # Options:
78
- #
79
- # * **offset** Zero-based offset into the result set.
80
- # * **limit** Total number of records returned.
81
- #
82
- # @example
83
- # resource = api.resource 'conjur:variable:example'
84
- # resource.permitted_roles 'execute' # => ['conjur:user:admin']
85
- # # After permitting 'execute' to user 'jon'
86
- # resource.permitted_roles 'execute' # => ['conjur:user:admin', 'conjur:user:jon']
87
- #
88
- # @param privilege [String] the privilege
89
- # @return [Array<String>] the ids of roles that have `privilege` on this resource.
90
- def permitted_roles privilege
91
- result = JSON.parse url_for(:resources_permitted_roles, credentials, id, privilege).get
92
- if result.is_a?(Hash) && ( count = result['count'] )
93
- count
94
- else
95
- result
96
- end
97
- end
98
-
99
- # True if the logged-in role, or a role specified using the :role option, has the
100
- # specified +privilege+ on this resource.
101
- #
102
- # @example
103
- # api.current_role # => 'conjur:cat:mouse'
104
- # resource.permitted_roles 'execute' # => ['conjur:user:admin', 'conjur:cat:mouse']
105
- # resource.permitted_roles 'update', # => ['conjur:user:admin', 'conjur:cat:gino']
106
- #
107
- # resource.permitted? 'update' # => false, `mouse` can't update this resource
108
- # resource.permitted? 'execute' # => true, `mouse` can execute it.
109
- # resource.permitted? 'update', role: 'conjur:cat:gino' # => true, `gino` can update it.
110
- # @param privilege [String] the privilege to check
111
- # @param role [String,nil] :role check whether the role given by this full role id is permitted
112
- # instead of checking +api.current_role+.
113
- # @return [Boolean]
114
- def permitted? privilege, role: nil
115
- url_for(:resources_check, credentials, id, privilege, role)
116
- true
117
- rescue RestClient::Forbidden
118
- false
119
- rescue RestClient::ResourceNotFound
120
- false
121
- end
122
- end
123
- end