conjur-api 5.4.2.pre.638 → 6.0.0.pre.94

data/lib/conjur/api/router/v4.rb

@@ -1,206 +0,0 @@
-module Conjur
-  class API
-    module Router
-      module V4
-        extend Conjur::Escape::ClassMethods
-        extend Conjur::QueryString
-        extend self
-
-        def authn_login account, username, password
-          verify_account(account)
-          RestClient::Resource.new(
-            Conjur.configuration.authn_url,
-            Conjur.configuration.create_rest_client_options(
-              user: username,
-              password: password
-            )
-          )['users/login']
-        end
-
-        def authn_authenticate account, username
-          verify_account(account)
-          RestClient::Resource.new(
-            Conjur.configuration.authn_url,
-            Conjur.configuration.rest_client_options
-          )['users'][fully_escape username]['authenticate']
-        end
-
-        # For v4, the authn-local message is the username.
-        def authn_authenticate_local username, account, expiration, cidr, &block
-          verify_account(account)
-
-          raise "'expiration' is not supported for authn-local v4" if expiration
-          raise "'cidr' is not supported for authn-local v4" if cidr
-
-          username
-        end
-
-        def authn_rotate_api_key credentials, account, id
-          verify_account(account)
-          username = id.kind == "user" ? id.identifier : [id.kind, id.identifier].join('/')
-          RestClient::Resource.new(
-            Conjur.configuration.authn_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['users']["api_key?id=#{username}"]
-        end
-
-        def authn_rotate_own_api_key account, username, password
-          verify_account(account)
-          RestClient::Resource.new(
-            Conjur.configuration.authn_url,
-            Conjur.configuration.create_rest_client_options(user: username, password: password)
-          )['users']["api_key"]
-        end
-
-        def host_factory_create_host token
-          http_options = {
-            headers: { authorization: %Q(Token token="#{token}") }
-          }
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(http_options)
-          )['host_factories']['hosts']
-        end
-
-        def host_factory_create_tokens credentials, id
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['host_factories'][id.identifier]['tokens']
-        end
-
-        def host_factory_revoke_token credentials, token
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['host_factories']['tokens'][token]
-        end
-
-        def resources_resource credentials, id
-
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['authz'][id.account]['resources'][id.kind][id.identifier]
-        end
-
-        def resources_check credentials, id, privilege, role
-          options = {}
-          options[:check] = true
-          options[:privilege] = privilege
-          if role
-            options[:resource_id] = id
-            roles_role(credentials, Id.new(role))[options_querystring options].get
-          else
-            resources_resource(credentials, id)[options_querystring options].get
-          end
-        end
-
-        def resources_permitted_roles credentials, id, privilege
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['authz'][id.account]['roles']['allowed_to'][privilege][id.kind][id.identifier]
-        end
-
-        def roles_role credentials, id
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['authz'][id.account]['roles'][id.kind][id.identifier]
-        end
-
-        def secrets_add credentials, id
-          verify_account(id.account)
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['variables'][fully_escape id.identifier]['values']
-        end
-
-        def variable credentials, id
-          verify_account(id.account)
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['variables'][fully_escape id.identifier]
-        end
-
-        def secrets_value credentials, id, options
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['variables'][fully_escape id.identifier]['value'][options_querystring options]
-        end
-
-        def secrets_values credentials, variable_ids
-          options = {
-            vars: Array(variable_ids).map { |v| fully_escape(v.identifier) }.join(',')
-          }
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['variables']['values'][options_querystring options]
-        end
-
-        def group_attributes credentials, resource, id
-          verify_account(id.account)
-          JSON.parse(
-            RestClient::Resource.new(
-              Conjur.configuration.core_url,
-              Conjur.configuration.create_rest_client_options(credentials)
-            )['groups'][fully_escape id.identifier].get
-          )
-        end
-
-        def variable_attributes credentials, resource, id
-          verify_account(id.account)
-          JSON.parse(
-            RestClient::Resource.new(
-              Conjur.configuration.core_url,
-              Conjur.configuration.create_rest_client_options(credentials)
-            )['variables'][fully_escape id.identifier].get
-          )
-        end
-
-        def user_attributes credentials, resource, id
-          verify_account(id.account)
-          JSON.parse(
-            RestClient::Resource.new(
-              Conjur.configuration.core_url,
-              Conjur.configuration.create_rest_client_options(credentials)
-            )['users'][fully_escape id.identifier].get
-          )
-        end
-
-        def parse_group_gidnumber attributes
-          attributes['gidnumber']
-        end
-
-        def parse_user_uidnumber attributes
-          attributes['uidnumber']
-        end
-
-        def parse_variable_kind attributes
-          attributes['kind']
-        end
-
-        def parse_variable_mime_type attributes
-          attributes['mime_type']
-        end
-
-        def parse_members credentials, result
-          result.collect do |json|
-            RoleGrant.parse_from_json(json, credentials)
-          end
-        end
-
-        protected
-
-        def verify_account account
-          raise "Expecting account to be #{Conjur.configuration.account.inspect}, got #{account.inspect}" unless Conjur.configuration.account == account
-        end
-      end
-    end
-  end
-end

data/lib/conjur/api/router/v5.rb

@@ -1,269 +0,0 @@
-# frozen_string_literal: true
-
-# Copyright 2017-2018 CyberArk Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# rubocop:disable Metrics/ModuleLength
-module Conjur
-  class API
-    module Router
-      # V5 translates method arguments to rest-ful API request parameters.
-      # because of this, most of the methods suffer from :reek:LongParameterList:
-      # and :reek:UtilityFunction:
-      module V5
-        extend Conjur::Escape::ClassMethods
-        extend Conjur::QueryString
-        extend self
-
-        def authn_login account, username, password
-          RestClient::Resource.new(
-            Conjur.configuration.authn_url,
-            Conjur.configuration.create_rest_client_options(
-              user: username,
-              password: password
-            )
-          )[fully_escape account]['login']
-        end
-
-        def authn_authenticate account, username
-          RestClient::Resource.new(
-            Conjur.configuration.authn_url,
-            Conjur.configuration.rest_client_options
-          )[fully_escape account][fully_escape username]['authenticate']
-        end
-
-        def authenticator_authenticate(account, service_id, authenticator, options)
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.rest_client_options
-          )[fully_escape authenticator][fully_escape service_id][fully_escape account]['authenticate'][options_querystring options]
-        end
-
-        def authenticator account, authenticator, service_id, credentials
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )[fully_escape authenticator][fully_escape service_id][fully_escape account]
-        end
-
-        def authenticators
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.rest_client_options
-          )['authenticators']
-        end
-
-        def authentication_providers(account, authenticator, credentials)
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )[fully_escape authenticator][fully_escape account]['providers']
-        end
-
-        # For v5, the authn-local message is a JSON string with account, sub, and optional fields.
-        def authn_authenticate_local username, account, expiration, cidr, &block
-          { account: account, sub: username }.tap do |params|
-            params[:exp] = expiration if expiration
-            params[:cidr] = cidr if cidr
-          end.to_json
-        end
-
-        def authn_update_password account, username, password
-          RestClient::Resource.new(
-            Conjur.configuration.authn_url,
-            Conjur.configuration.create_rest_client_options(
-              user: username,
-              password: password
-            )
-          )[fully_escape account]['password']
-        end
-
-        def authn_rotate_api_key credentials, account, id
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['authn'][fully_escape account]["api_key?role=#{id}"]
-        end
-
-        def authn_rotate_own_api_key account, username, password
-          RestClient::Resource.new(
-            Conjur.configuration.authn_url,
-            Conjur.configuration.create_rest_client_options(
-              user: username,
-              password: password
-            )
-          )[fully_escape account]['api_key']
-        end
-
-        def host_factory_create_host token
-          http_options = {
-            headers: { authorization: %Q(Token token="#{token}") }
-          }
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(http_options)
-          )["host_factories"]["hosts"]
-        end
-
-        def host_factory_create_tokens credentials, id
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['host_factory_tokens']
-        end
-
-        def host_factory_revoke_token credentials, token
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['host_factory_tokens'][token]
-        end
-
-        def policies_load_policy credentials, account, id
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['policies'][fully_escape account]['policy'][fully_escape id]
-        end
-
-        def public_keys_for_user account, username
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.rest_client_options
-          )['public_keys'][fully_escape account]['user'][fully_escape username]
-        end
-
-        def resources credentials, account, kind, options
-          credentials ||= {}
-
-          path = "/resources/#{fully_escape account}"
-          path += "/#{fully_escape kind}" if kind
-
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )[path][options_querystring options]
-        end
-
-        def resources_resource credentials, id
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['resources'][id.to_url_path]
-        end
-
-        def resources_permitted_roles credentials, id, privilege
-          options = {}
-          options[:permitted_roles] = true
-          options[:privilege] = privilege
-          resources_resource(credentials, id)[options_querystring options]
-        end
-
-        def resources_check credentials, id, privilege, role
-          options = {}
-          options[:check] = true
-          options[:privilege] = privilege
-          options[:role] = query_escape(Id.new(role)) if role
-          resources_resource(credentials, id)[options_querystring options].get
-        end
-
-        def roles_role credentials, id
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['roles'][id.to_url_path]
-        end
-
-        def secrets_add credentials, id
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['secrets'][id.to_url_path]
-        end
-
-        def secrets_value credentials, id, options
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['secrets'][id.to_url_path][options_querystring options]
-        end
-
-        def secrets_values credentials, variable_ids
-          options = {
-            variable_ids: Array(variable_ids).join(',')
-          }
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['secrets'][options_querystring(options).gsub("%2C", ',')]
-        end
-
-        def group_attributes credentials, resource, id
-          resource_annotations resource
-        end
-
-        def variable_attributes credentials, resource, id
-          resource_annotations resource
-        end
-
-        def user_attributes credentials, resource, id
-          resource_annotations resource
-        end
-
-        def parse_group_gidnumber attributes
-          HasAttributes.annotation_value attributes, 'conjur/gidnumber'
-        end
-
-        def parse_user_uidnumber attributes
-          HasAttributes.annotation_value attributes, 'conjur/uidnumber'
-        end
-
-        def parse_variable_kind attributes
-          HasAttributes.annotation_value attributes, 'conjur/kind'
-        end
-
-        def parse_variable_mime_type attributes
-          HasAttributes.annotation_value attributes, 'conjur/mime_type'
-        end
-
-        def parse_members credentials, result
-          result.map do |json|
-            RoleGrant.parse_from_json(json, credentials)
-          end
-        end
-
-        def ldap_sync_policy(credentials, config_name)
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['ldap-sync']["policy?config_name=#{fully_escape(config_name)}"]
-        end
-
-        def whoami(credentials)
-          RestClient::Resource.new(
-            Conjur.configuration.core_url,
-            Conjur.configuration.create_rest_client_options(credentials)
-          )['whoami']
-        end
-
-        private
-
-        def resource_annotations resource
-          resource.attributes['annotations']
-        end
-      end
-    end
-  end
-end
-# rubocop:enable Metrics/ModuleLength