conjur-api 5.3.1 → 5.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c69b83e45b2a9d77d8ca416e581048574d19e42d540e01883ebadb0b3e70db7d
-  data.tar.gz: 735da4d3e1d375143b32bc6defa28d3247c90f66809170ba38ff2ae4d8da71a5
+  metadata.gz: 184486b0770526d9426247e1d6add16572cc73791a160bc828265ea39f01e288
+  data.tar.gz: 35f3aae54507b549c5c43e7b66034eff28ab4ed331574c4f80301c32c6c42070
 SHA512:
-  metadata.gz: fbfb72a8fff290174df1e4b43e3119e52f4e45dec82855d16ba246a56f029c9c11ebb2e54d7dbd938dad0a9c2c00021bcc8bfb3207ed758e2476a22a065a5a8f
-  data.tar.gz: f113611c6bbb6e9ba8dea768794e7cc02d3907873bf816685bbd3380c0184cbb76eb51268d0ca90d326cd1a6977a6eea6ac258578f48167d8490c4b55ce4e6db
+  metadata.gz: b289c3c2e41af4e7847d08b0a7229df9d9a96a2ef1c981ad6ac69bc1db588f99e4f63467152678d34f55c37eeb2ae30daf7ed55f39eb8e3ec9630b1749af6509
+  data.tar.gz: 0a3aba01a8046572a9a1dfea88a71c250727731e2df836f2a262c70a08514dde2b8281c544feb55243fd081f9da0dabf13ecaa7a99bf5d7adf86c0ed1fc7d370

data/.codeclimate.yml

@@ -1,8 +1,10 @@
 plugins:
   rubocop:
     enabled: true
-    channel: rubocop-0-58
+    channel: rubocop-0-76
   reek:
     enabled: true
   brakeman:
+    enabled: false
+  shellcheck:
     enabled: true

data/.github/ISSUE_TEMPLATE/bug.md

@@ -0,0 +1,27 @@
+---
+name: Bug
+about: Create a bug report to help us improve
+title: ''
+labels: component/api/ruby, kind/bug
+assignees: ''
+
+---
+
+## Summary
+A clear and concise description of what the bug is.
+
+## Steps to Reproduce
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+## Expected Results
+A clear and concise description of what you expected to happen.
+
+## Actual Results (including error logs, if applicable)
+A clear and concise description of what actually did happen.
+
+## Additional Information
+Add any other context about the problem here.

data/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,27 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: kind/enhancement, component/api/ruby
+assignees: ''
+
+---
+
+## Is your feature request related to a problem? Please describe.
+
+A clear and concise description of what the problem is. Ex. `I would like to see [...] because [...]`.
+Please include the intended use case and what the feature would improve on so that we can prioritize
+the feature accordingly.
+
+## Describe the solution you would like
+
+A clear and concise description of what the desired end result(s) would be.
+
+## Describe alternatives you have considered
+
+A clear and concise description of any alternative solutions or features that may be related to this that
+you have considered.
+
+## Additional context
+
+Add any other context information about the feature request here.

data/.gitignore

@@ -12,6 +12,7 @@ Gemfile.lock
 InstalledFiles
 _yardoc
 coverage
+coverage_v4
 doc/
 lib/bundler/man
 pkg

data/.gitleaks.toml

@@ -0,0 +1,219 @@
+title = "Secretless Broker gitleaks config"
+
+# This is the config file for gitleaks. You can configure gitleaks what to search for and what to whitelist.
+# If GITLEAKS_CONFIG environment variable
+# is set, gitleaks will load configurations from that path. If option --config-path is set, gitleaks will load
+# configurations from that path. Gitleaks does not whitelist anything by default.
+# - https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf
+# - https://github.com/dxa4481/truffleHogRegexes/blob/master/truffleHogRegexes/regexes.json
+[[rules]]
+description = "AWS Client ID"
+regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+tags = ["key", "AWS"]
+
+[[rules]]
+description = "AWS Secret Key"
+regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
+tags = ["key", "AWS"]
+
+[[rules]]
+description = "AWS MWS key"
+regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
+tags = ["key", "AWS", "MWS"]
+
+[[rules]]
+description = "PKCS8"
+regex = '''-----BEGIN PRIVATE KEY-----'''
+tags = ["key", "PKCS8"]
+
+[[rules]]
+description = "RSA"
+regex = '''-----BEGIN RSA PRIVATE KEY-----'''
+tags = ["key", "RSA"]
+
+[[rules]]
+description = "SSH"
+regex = '''-----BEGIN OPENSSH PRIVATE KEY-----'''
+tags = ["key", "SSH"]
+
+[[rules]]
+description = "PGP"
+regex = '''-----BEGIN PGP PRIVATE KEY BLOCK-----'''
+tags = ["key", "PGP"]
+
+[[rules]]
+description = "Facebook Secret Key"
+regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
+tags = ["key", "Facebook"]
+
+[[rules]]
+description = "Facebook Client ID"
+regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
+tags = ["key", "Facebook"]
+
+[[rules]]
+description = "Facebook access token"
+regex = '''EAACEdEose0cBA[0-9A-Za-z]+'''
+tags = ["key", "Facebook"]
+
+[[rules]]
+description = "Twitter Secret Key"
+regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]'''
+tags = ["key", "Twitter"]
+
+[[rules]]
+description = "Twitter Client ID"
+regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]'''
+tags = ["client", "Twitter"]
+
+[[rules]]
+description = "Github"
+regex = '''(?i)github(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}['\"]'''
+tags = ["key", "Github"]
+
+[[rules]]
+description = "LinkedIn Client ID"
+regex = '''(?i)linkedin(.{0,20})?(?-i)['\"][0-9a-z]{12}['\"]'''
+tags = ["client", "Twitter"]
+
+[[rules]]
+description = "LinkedIn Secret Key"
+regex = '''(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]'''
+tags = ["secret", "Twitter"]
+
+[[rules]]
+description = "Slack"
+regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
+tags = ["key", "Slack"]
+
+[[rules]]
+description = "EC"
+regex = '''-----BEGIN EC PRIVATE KEY-----'''
+tags = ["key", "EC"]
+
+[[rules]]
+description = "Generic API key"
+regex = '''(?i)(api_key|apikey)(.{0,20})?['|"][0-9a-zA-Z]{32,45}['|"]'''
+tags = ["key", "API", "generic"]
+
+[[rules]]
+description = "Generic Secret"
+regex = '''(?i)secret(.{0,20})?['|"][0-9a-zA-Z]{32,45}['|"]'''
+tags = ["key", "Secret", "generic"]
+
+[[rules]]
+description = "Google API key"
+regex = '''AIza[0-9A-Za-z\\-_]{35}'''
+tags = ["key", "Google"]
+
+[[rules]]
+description = "Google Cloud Platform API key"
+regex = '''(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"][AIza[0-9a-z\\-_]{35}]['\"]'''
+tags = ["key", "Google", "GCP"]
+
+[[rules]]
+description = "Google OAuth"
+regex = '''(?i)(google|gcp|auth)(.{0,20})?['"][0-9]+-[0-9a-z_]{32}\.apps\.googleusercontent\.com['"]'''
+tags = ["key", "Google", "OAuth"]
+
+[[rules]]
+description = "Google OAuth access token"
+regex = '''ya29\.[0-9A-Za-z\-_]+'''
+tags = ["key", "Google", "OAuth"]
+
+[[rules]]
+description = "Heroku API key"
+regex = '''(?i)heroku(.{0,20})?['"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"]'''
+tags = ["key", "Heroku"]
+
+[[rules]]
+description = "MailChimp API key"
+regex = '''(?i)(mailchimp|mc)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]'''
+tags = ["key", "Mailchimp"]
+
+[[rules]]
+description = "Mailgun API key"
+regex = '''(?i)(mailgun|mg)(.{0,20})?['"][0-9a-z]{32}['"]'''
+tags = ["key", "Mailgun"]
+
+[[rules]]
+description = "Password in URL"
+regex = '''[a-zA-Z]{3,10}:\/\/[^\/\s:@]{3,20}:[^\/\s:@]{3,20}@.{1,100}\/?.?'''
+tags = ["key", "URL", "generic"]
+
+[[rules]]
+description = "PayPal Braintree access token"
+regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
+tags = ["key", "Paypal"]
+
+[[rules]]
+description = "Picatic API key"
+regex = '''sk_live_[0-9a-z]{32}'''
+tags = ["key", "Picatic"]
+
+[[rules]]
+description = "Slack Webhook"
+regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'''
+tags = ["key", "slack"]
+
+[[rules]]
+description = "Stripe API key"
+regex = '''(?i)stripe(.{0,20})?['\"][sk|rk]_live_[0-9a-zA-Z]{24}'''
+tags = ["key", "Stripe"]
+
+[[rules]]
+description = "Square access token"
+regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
+tags = ["key", "square"]
+
+[[rules]]
+description = "Square OAuth secret"
+regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
+tags = ["key", "square"]
+
+[[rules]]
+description = "Twilio API key"
+regex = '''(?i)twilio(.{0,20})?['\"][0-9a-f]{32}['\"]'''
+tags = ["key", "twilio"]
+
+[whitelist]
+files = [
+#  "(.*?)(jpg|gif|doc|pdf|bin)$",
+  ".gitleaks.toml",
+  "spec/ssl_spec.rb" # unit test file that has sample RSA key
+]
+regexes = [
+  "mysql://username:password@mysql.somehost.com/mydb", # sample mysql connection string from code comment
+  "http://master:master@localhost", # sample URI in unit test data
+  "http://admin:%5E6feWZpr@localhost" # sample URI in unit test data
+]
+
+# Additional Examples
+
+# [[rules]]
+# description = "Generic Key"
+# regex = '''(?i)key(.{0,6})?(:|=|=>|:=)'''
+# entropies = [
+#     "4.1-4.3",
+#     "5.5-6.3",
+# ]
+# entropyROI = "line"
+# filetypes = [".go", ".py", ".c"]
+# tags = ["key"]
+# severity = "8"
+#
+#
+# [[rules]]
+# description = "Generic Key"
+# regex = '''(?i)key(.{0,6})?(:|=|=>|:=)'''
+# entropies = ["4.1-4.3"]
+# filetypes = [".gee"]
+# entropyROI = "line"
+# tags = ["key"]
+# severity = "medium"
+
+# [[rules]]
+# description = "Any pem file"
+# filetypes = [".key"]
+# tags = ["pem"]
+# severity = "high"

data/.rubocop_settings.yml

@@ -63,9 +63,9 @@ Layout/EndAlignment:
   EnforcedStyleAlignWith: start_of_line
 Layout/ExtraSpacing:
   AllowForAlignment: false
-Layout/FirstParameterIndentation:
+Layout/IndentFirstArgument:
   EnforcedStyle: consistent
-Layout/IndentHash:
+Layout/IndentFirstHashElement:
   EnforcedStyle: consistent
 Layout/MultilineMethodCallIndentation:
   EnforcedStyle: indented
@@ -83,3 +83,4 @@ Metrics/BlockLength:
     - 'Rakefile'
     - '**/*.rake'
     - 'spec/**/*.rb'
+    - 'conjur-api.gemspec'

data/.rubocop_todo.yml

@@ -120,7 +120,7 @@ Layout/ExtraSpacing:
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, IndentationWidth.
 # SupportedStyles: consistent, consistent_relative_to_receiver, special_for_inner_method_call, special_for_inner_method_call_in_parentheses
-Layout/FirstParameterIndentation:
+Layout/IndentFirstArgument:
   Exclude:
     - 'spec/ssl_spec.rb'
 
@@ -128,7 +128,7 @@ Layout/FirstParameterIndentation:
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, IndentationWidth.
 # SupportedStyles: special_inside_parentheses, consistent, align_brackets
-Layout/IndentArray:
+Layout/IndentFirstArrayElement:
   Exclude:
     - 'spec/api_spec.rb'
 

data/CHANGELOG.md

@@ -1,227 +1,381 @@
-# Latest
+# Changelog
+All notable changes to this project will be documented in this file.
 
-# v5.3.1
+The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
-* Updates URI path parameter escaping to consistently encode resource ids
+## [Unreleased]
 
-# v5.3.0
+## 5.3.2 - 2018-09-24
+### Added
+- Add `Conjur::API.authenticator_list`, `Conjur::API.authenticator_enable`, and
+  ``Conjur::API.authenticator_disable` to inspect and manage authenticator status.
 
-* Add `Conjur::API.ldap_sync_policy` for fetching the LDAP sync policy.
+## [5.3.1] - 2018-09-24
+### Added
+- Updates URI path parameter escaping to consistently encode resource ids
 
-# v5.2.1
+## [5.3.0] - 2018-06-19
+### Added
+- Add `Conjur::API.ldap_sync_policy` for fetching the LDAP sync policy.
 
-* Fix `Conjur::BuildObject#build_object` so it only tries to create
+## 5.2.1 - 0000-00-00
+### Fixed
+- Fix `Conjur::BuildObject#build_object` so it only tries to create
   instances of objects for classes that inherit from BaseObject.
-* require `openssl` before using it.
 
-# v5.2.0
-
-* Adds support for the Role endpoint for searching and paging Role Members
-* Adds additional escaping to URL parameters on requests to handle special characters (e.g. spaces)
-
-# v5.1.0
-
-* Introduces backwards compatibility with Conjur 4.x for most API methods.
-* Adds the configuration setting `version`, which is auto-populated from the environment variable `CONJUR_VERSION`.
-* Adds support for the `authn-local` service, which can be used when the API client runs on the server.
-
-# v5.0.0
-
-* Provides compatibility with [cyberark/conjur](https://github.com/cyberark/conjur), Conjur 5 CE.
-* Changed license to Apache 2.0
-
-# v5.0.0-beta.4
-
-* Support for batch secret retrieval.
-
-# v5.0.0-beta.3
-
-* Removed hard dependency on older version of `rest-client` gem.
-
-# v5.0.0-beta.1
-
-* Migrated to be compatible with Conjur 5 API.
-
-# v4.31.0
-
-* Internal refactor to improve performance and facilitate caching.
-
-# v4.30.0
-
-The following enhancements require Conjur server 4.9.1.0 or later:
-
-* Supports filter and pagination of role-listing methods.
-* Supports non-recursive retrieval of role memberships.
-* Supports the +role+ field on `Conjur::RoleGrant`.
-
-On older server versions, the new options will be ignored by the server.
-
-# v4.29.2
-
-* `Conjur::API#resources` now supports `:owner` to retrieve all resources owned (directly or indirectly) by the indicated role. This capability has always been provided by the service, but was not exposed by the Ruby API.
-
-# v4.29.1
-
-* `Conjur::API#audit` now supports `:has_annotation` to retrieve audit events for resources annotated with the given name.
-
-# v4.29.0
-
-* Add `Conjur::API#new_from_token_file` to create an API instance from a file which contains an access token, which should be periodically updated by another process.
-
-# v4.28.2
-
-* Make sure certificate file is readable before trying to use it.
-
-# v4.28.1
-
-* `Conjur::API#ldap_sync_policy` now returns log events generated when
+### Added
+- require `openssl` before using it.
+
+## 5.2.0 - 0000-00-00
+### Added
+- Adds support for the Role endpoint for searching and paging Role Members
+- Adds additional escaping to URL parameters on requests to handle special characters (e.g. spaces)
+
+## [5.1.0] - 2017-12-19
+### Added
+- Introduces backwards compatibility with Conjur 4.x for most API methods.
+- Adds the configuration setting `version`, which is auto-populated from the environment variable `CONJUR_VERSION`.
+- Adds support for the `authn-local` service, which can be used when the API client runs on the server.
+
+## [5.0.0] - 2017-09-19
+### Added
+- Provides compatibility with [cyberark/conjur](https://github.com/cyberark/conjur), Conjur 5 CE.
+
+### Changed
+- Changed license to Apache 2.0
+- *5.0.0-beta.4*
+- - Support for batch secret retrieval.
+- *v5.0.0-beta.3*
+- - Removed hard dependency on older version of `rest-client` gem.
+- *v5.0.0-beta.1*
+- - Migrated to be compatible with Conjur 5 API.
+
+## [4.31.0] - 2017-03-27
+### Added
+- Internal refactor to improve performance and facilitate caching.
+
+## [4.30.0] - 2017-03-07
+### Added
+- The following enhancements require Conjur server 4.9.1.0 or later:
+- Supports filter and pagination of role-listing methods.
+- Supports non-recursive retrieval of role memberships.
+- Supports the +role+ field on `Conjur::RoleGrant`.
+- On older server versions, the new options will be ignored by the server.
+
+## [4.29.2] - 2017-02-22
+### Added
+- `Conjur::API#resources` now supports `:owner` to retrieve all resources owned (directly or indirectly) by the indicated role. This capability has always been provided by the service, but was not exposed by the Ruby API.
+
+## 4.29.1 - 0000-00-00
+### Added
+-  `Conjur::API#audit` now supports `:has_annotation` to retrieve audit events for resources annotated with the given name.
+
+## [4.29.0] - 2017-02-01
+### Added
+- Add `Conjur::API#new_from_token_file` to create an API instance from a file which contains an access token, which should be periodically updated by another process.
+
+## 4.28.2 - 0000-00-00
+### Added
+- Make sure certificate file is readable before trying to use it.
+
+## [4.28.1] - 2016-11-30
+### Added
+- `Conjur::API#ldap_sync_policy` now returns log events generated when
   showing a policy.
 
-# v4.28.0
-
-* Add `Conjur::API#ldap_sync_policy` to fetch the policy to use to
+## [4.28.0] - 2016-11-16
+### Added
+- Add `Conjur::API#ldap_sync_policy` to fetch the policy to use to
   bring Conjur and the LDAP server into sync.
 
-* Remove `Conjur::API#ldap_sync_now` and `Conjur::API#ldap_sync_jobs`
-
-# v4.27.0
-
-* Add `Conjur::API#resources_permitted?"
+### Removed
+- Remove `Conjur::API#ldap_sync_now` and `Conjur::API#ldap_sync_jobs`
 
-* `Conjur::API#ldap_sync_now` now accepts an options Hash which will
+## 4.27.0 - 0000-00-00
+### Added
+- Add `Conjur::API#resources_permitted?"
+- `Conjur::API#ldap_sync_now` now accepts an options Hash which will
   be passed on to the `/sync` entrypoint. The old argument list is
   maintained for backwards compatibility.
-
-* `Conjur::Api#resources` now supports `:has_annotation` for
+-  `Conjur::Api#resources` now supports `:has_annotation` for
   retrieving Conjur resources that have an annotation with the given
   name.
 
-# v4.26.0
-
-* expose admin_option in the role graph (only populated by Conjur 4.8 and later)
-
-# v4.25.1
+## [4.26.0] - 2016-07-01
+### Added
+- expose admin_option in the role graph (only populated by Conjur 4.8 and later)
 
-* Fix token refresh when using `with_privilege`, `with_audit_roles`,
+## [4.25.1] - 2016-06-22
+### Fixed
+- Fix token refresh when using `with_privilege`, `with_audit_roles`,
   and `with_audit_resources`.
 
-# v4.25.0
-
-* Add a workaround for a bug in Conjur <4.7 where long-running operations
+## [4.25.0] - 2016-06-17
+### Added
+- Add a workaround for a bug in Conjur <4.7 where long-running operations
   (such as policy load) would sometimes fail with 404 after five minutes.
 
-# v4.24.1
-
-* Clarify the handling of the dry-run argument to `Conjur::API#ldap_sync_now`.
-
-# v4.24.0
+## [4.24.1] - 2016-06-10
+### Changed
+- Clarify the handling of the dry-run argument to `Conjur::API#ldap_sync_now`.
 
-* Add `Conjur::API#ldap_sync_now` (requires Conjur 4.7 or later).
-* Don't trust the system clock and don't check token validity. Rely on the
-  server to verify the token instead, and only try to refresh if enough time
-  has passed locally (using monotonic clock for reference where available).
-* Don't try refreshing the token if the required credentials are not available.
+## [4.24.0] - 2016-05-24
+### Added
+- Add `Conjur::API#ldap_sync_now` (requires Conjur 4.7 or later).
+- Don't trust the system clock and don't check token validity. Rely on the server to verify the token instead, and only try to refresh if enough time has passed locally (using monotonic clock for reference where available).
+- Don't try refreshing the token if the required credentials are not available.
 
-# v4.23.0
-
-* Add `with_audit_roles` and `with_audit_resources` to `Conjur::API`
+## [4.23.0] - 2016-04-22
+### Added
+- Add `with_audit_roles` and `with_audit_resources` to `Conjur::API`
   to add additional roles and resources to audit records generated by
   requests
 
-* Fix encoding of spaces in some urls.
-
-# v4.22.1
-
-* `bootstrap` creates host and webservice `conjur/expiration`.
+### Fixed
+- Fix encoding of spaces in some urls.
 
-# v4.22.0
+## [4.22.1] - 2016-04-13
+### Added
+- `bootstrap` creates host and webservice `conjur/expiration`.
 
-* Add `show_expired` argument to `Conjur::Variable#value` to allow
+## [4.22.0] - 2016-03-08
+### Added
+- Add `show_expired` argument to `Conjur::Variable#value` to allow
   retrieval of values of expired variables.
-* Properly assign ownership of bootstrap-created webservice resources to the `security_admin` group.
-
-# v4.21.0
-
-* Add extensible Bootstrap commands as API methods.
-* `bootstrap` grants `reveal` and `elevate` to the `security_admin` group.
-* `bootstrap` creates `webservice:authn-tv`.
-* `bootstrap` creates an `auditors` group and gives `reveal` privilege to it.
-
-# v4.20.1
-
-* BUGFIX: Better handling for unicode and special characters in user ids.
-
-# v4.20.0
-
-* Add support for Host Factory functionality (replaces conjur-asset-host-factory plugin).
-* Add support for sending audit events (replaces conjur-asset-audit-send plugin).
-* Add support for variable expiration. Variable expiration is available in version 4.6 of the Conjur server.
-* Add `Conjur::API` methods to querying service versions : `service_version`, `service_names`, `appliance_info`.
-* Add `Conjur::API` method for querying server health: `appliance_health(remote_host=nil)`
-* Support ISO8601 duration strings as arguments in variable expiration methods.
-* Add support for CIDR restrictions
-
-# v4.19.1
-
-* BUGFIX: Allow Configuration to parse several certs in a string
-
-# v4.19.0
-
-* Rename `sudo` to `elevate` throughout the spec and docstrings. This is an incompatible change, but it
-occurs before the Conjur 4.5 server that implements `elevate` is released.
-
-# v4.18.0
-
-* Add method `global_privilege_permitted?` to facilitate working with Conjur 4.5 global privileges.
+- Properly assign ownership of bootstrap-created webservice resources to the `security_admin` group.
+
+## [4.21.0] - 2016-03-02
+### Added
+- Add extensible Bootstrap commands as API methods.
+- `bootstrap` grants `reveal` and `elevate` to the `security_admin` group.
+- `bootstrap` creates `webservice:authn-tv`.
+- `bootstrap` creates an `auditors` group and gives `reveal` privilege to it.
+
+## [4.20.1] - 2016-02-18
+### Fixed
+- BUGFIX: Better handling for unicode and special characters in user ids.
+
+## [4.20.0] - 2016-02-05
+### Added
+- Add support for Host Factory functionality (replaces conjur-asset-host-factory plugin).
+- Add support for sending audit events (replaces conjur-asset-audit-send plugin).
+- Add support for variable expiration. Variable expiration is available in version 4.6 of the Conjur server.
+- Add `Conjur::API` methods to querying service versions : `service_version`, `service_names`, `appliance_info`.
+- Add `Conjur::API` method for querying server health: `appliance_health(remote_host=nil)`
+- Support ISO8601 duration strings as arguments in variable expiration methods.
+- Add support for CIDR restrictions
+
+## 4.19.1 - 0000-00-00
+### Fixed
+- BUGFIX: Allow Configuration to parse several certs in a string
+
+## [4.19.0] - 2015-08-28
+### Changed
+- Rename `sudo` to `elevate` throughout the spec and docstrings. This is an incompatible change, but it occurs before the Conjur 4.5 server that implements `elevate` is released.
+
+## 4.18.0 - 0000-00-00
+### Added
+- Add method `global_privilege_permitted?` to facilitate working with Conjur 4.5 global privileges.
 
-# v4.17.0
+## 4.17.0 - 0000-00-00
+### Added
+- Add handling for `X-Forwarded-For` and `X-Conjur-Privilege` ("conjur sudo")
+- Transform embedded whitespace in certificate string into newlines
 
-* Add handling for `X-Forwarded-For` and `X-Conjur-Privilege` ("conjur sudo")
-* Transform embedded whitespace in certificate string into newlines
+## [4.16.0] - 2015-04-28
+### Added
+- Add ssl_certificate option to allow certs to be provided as strings (helpful in heroku)
+- Add `Conjur::Configuration#apply_cert_config!` method to add certs from `#cert_file` and `#ssl_certificate` to the default cert store.
 
-# v4.16.0
-  * Add ssl_certificate option to allow certs to be provided as strings (helpful in heroku)
-  * Add `Conjur::Configuration#apply_cert_config!` method to add certs from `#cert_file` and `#ssl_certificate`
-     to the default cert store.
-# v4.15.0
- * Extensive documentation improvements
- * A few additional methoods, for example `Conjur::API#public_key_names`.
+## [4.15.0] - 2015-04-23
+### Added
+- Extensive documentation improvements
+- A few additional methoods, for example `Conjur::API#public_key_names`.
 
-# v4.14.0
+## [4.14.0] - 2015-03-26
+### Added
+- Bump rest-client version, remove the troublesome mime-types patch
+- Make sure SSL certificate verification is enabled
+- Bugfix: Don't escape ids twice when listing records
+- Add a stub so that require 'conjur-api' works
+- Lots of doc updates
 
-* Bump rest-client version, remove the troublesome mime-types patch
-* Make sure SSL certificate verification is enabled
-* Bugfix: Don't escape ids twice when listing records
-* Add a stub so that require 'conjur-api' works
-* Lots of doc updates
+## [4.13.0] - 2015-02-11
+### Added
+- Add GID handling utilities
 
-# v4.13.0
+## [4.12.0] - 2015-01-27
+### Added
+- Add the API method `role_graph` for retrieving role relationships in bulk
 
-* Add GID handling utilities
+## 4.11.2 - 0000-00-00
+### Added
+- Patch rest-client's patch of mime-types to support lazy loading
 
-# v4.12.0
+### Removed
+- Remove 'wrong' dependency for faster loading
 
-* Add the API method `role_graph` for retrieving role relationships in bulk
+## 4.11.0 - 0000-00-00
+### Fixed
+- Fixed bug retrieving `Variable#version_count`
+- Include CONJUR_ENV in `Conjur.configuration`
 
-# v4.11.2
+### Added
+- Add `cert_file` option to `Conjur.configuration`
 
-* Patch rest-client's patch of mime-types to support lazy loading
-* Remove 'wrong' dependency for faster loading
+## [4.10.2] - 2014-09-22
+### Added
+- Authn token is refetched before the expiration
+- Support for configuration `sticky` option is discarded
+- Resource#exists? refactored -- no overloading, code from exists.rb used
+- Tests use Rspec v3 and reset configuration between test cases
 
-# v4.11.0
+## [4.10.1] - 2014-09-04
+### Added
+- Resource#exists? returns true if access to resource is forbidden
+- Thread-local configuration for working with different endpoints
 
-* Fixed bug retrieving `Variable#version_count`
-* Include CONJUR_ENV in `Conjur.configuration`
-* Add `cert_file` option to `Conjur.configuration`
+## [4.10.0] - 2014-08-15
+### Added
+- User#update
+- Added Users#find_users
 
+## [4.9.2] - 2014-08-05
+### Changed
+- Always construct Heroku service names that are valid Heroku names
+- authz resource#exists? anticipates a result of 403 Forbidden, and interprets this as true
+- Provide a method to detect whether each configuration setting has been explicitly set via the environment
 
-# v.4.10.2
-* Authn token is refetched before the expiration
-* Support for configuration `sticky` option is discarded
-* Resource#exists? refactored -- no overloading, code from exists.rb used
-* Tests use Rspec v3 and reset configuration between test cases
+## [4.9.1] - 2014-07-17
+### Changed
+- Require rest-client gem version 1.6.7, as version 1.7 has bugs in SSL certificate trust options
 
+## [4.9.0] - 2014-06-06
+### Changed
+- Layer and Pubkeys are now part of the core API
 
-# v.4.10.1
-* Resource#exists? returns true if access to resource is forbidden
-* Thread-local configuration for working with different endpoints
+## [4.8.0] - 2014-05-23
+### Added
+- Variable#variable_values, batch fetching of variables to support the new conjur env command
+
+## [4.7.2] - 2014-03-18
+
+## [4.7.1] - 2014-03-13
+
+## [4.6.1] - 2014-02-28
+
+## [4.6.0] - 2014-01-11
+
+## [4.4.1] - 2013-12-23
+
+## [4.4.0] - 2013-12-23
+
+## [4.3.0] - 2013-11-19
+
+## [4.1.1] - 2013-10-24
+
+## [2.7.1] - 2013-10-24
+
+## [4.0.0] - 2013-10-17
+
+## [2.5.1] - 2013-07-26
+
+## [2.4.0] - 2013-06-05
+
+## [2.3.1] - 2013-06-03
+
+## [2.2.3] - 2013-05-31
+
+## [2.2.2] - 2013-05-23
+
+## [2.2.1] - 2013-05-20
+
+## [2.2.0] - 2013-05-16
+
+## [2.1.8] - 2013-05-15
+
+## [2.1.7] - 2013-05-10
+
+## [2.1.6] - 2013-04-30
+
+## [2.1.5] - 2013-04-24
+
+## [2.1.4] - 2013-04-24
+
+## [2.1.3] - 2013-04-12
+
+## [2.1.2] - 2013-04-12
+
+## [2.1.1] - 2013-03-29
+
+## [2.1.0] - 2013-03-25
+
+## [2.0.1] - 2013-03-14
+
+## [2.0.0] - 2013-13-12
+
+[Unreleased]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.1...HEAD
+[5.3.1]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.0...v5.3.1
+[5.3.0]: https://github.com/cyberark/conjur-api-ruby/compare/v5.1.0...v5.3.0
+[5.1.0]: https://github.com/cyberark/conjur-api-ruby/compare/v5.0.0...v5.1.0
+[5.0.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.31.0...v5.0.0
+[4.31.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.30.0...v4.31.0
+[4.30.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.29.2...v4.30.0
+[4.29.2]: https://github.com/cyberark/conjur-api-ruby/compare/v4.29.0...v4.29.2
+[4.29.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.28.1...v4.29.0
+[4.28.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.28.0...v4.28.1
+[4.28.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.26.0...v4.28.0
+[4.26.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.25.1...v4.26.0
+[4.25.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.25.0...v4.25.1
+[4.25.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.24.1...v4.25.0
+[4.24.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.24.0...v4.24.1
+[4.24.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.23.0...v4.24.0
+[4.23.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.22.1...v4.23.0
+[4.22.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.22.0...v4.22.1
+[4.22.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.21.0...v4.22.0
+[4.21.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.20.1...v4.21.0
+[4.20.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.20.0...v4.20.1
+[4.20.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.19.1...v4.20.0
+[4.19.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.19.0...v4.19.1
+[4.19.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.16.0...v4.19.0
+[4.16.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.15.0...v4.16.0
+[4.15.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.14.0...v4.15.0
+[4.14.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.13.0...v4.14.0
+[4.13.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.12.0...v4.13.0
+[4.12.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.10.2...v4.12.0
+[4.10.2]: https://github.com/cyberark/conjur-api-ruby/compare/v4.10.1...v4.10.2
+[4.10.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.10.0...v4.10.1
+[4.10.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.9.2...v4.10.0
+[4.9.2]: https://github.com/cyberark/conjur-api-ruby/compare/v4.9.1...v4.9.2
+[4.9.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.9.0...v4.9.1
+[4.9.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.8.0...v4.9.0
+[4.8.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.7.2...v4.8.0
+[4.7.2]: https://github.com/cyberark/conjur-api-ruby/compare/v4.7.1...v4.7.2
+[4.7.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.6.1...v4.7.1
+[4.6.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.6.0...v4.6.1
+[4.6.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.4.1...v4.6.0
+[4.4.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.4.0...v4.4.1
+[4.4.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.3.0...v4.4.0
+[4.3.0]: https://github.com/cyberark/conjur-api-ruby/compare/v4.1.1...v4.3.0
+[4.1.1]: https://github.com/cyberark/conjur-api-ruby/compare/v2.7.1...v4.1.1
+[2.7.1]: https://github.com/cyberark/conjur-api-ruby/compare/v4.0.0...v2.7.1
+[4.0.0]: https://github.com/cyberark/conjur-api-ruby/compare/v2.5.1...v4.0.0
+[2.5.1]: https://github.com/cyberark/conjur-api-ruby/compare/v2.4.0...v2.5.1
+[2.4.0]: https://github.com/cyberark/conjur-api-ruby/compare/v2.3.1...v2.4.0
+[2.3.1]: https://github.com/cyberark/conjur-api-ruby/compare/v2.2.3...v2.3.1
+[2.2.3]: https://github.com/cyberark/conjur-api-ruby/compare/v2.2.2...v2.2.3
+[2.2.2]: https://github.com/cyberark/conjur-api-ruby/compare/v2.2.1...v2.2.2
+[2.2.1]: https://github.com/cyberark/conjur-api-ruby/compare/v2.2.0...v2.2.1
+[2.2.0]: https://github.com/cyberark/conjur-api-ruby/compare/v2.1.8...v2.2.0
+[2.1.8]: https://github.com/cyberark/conjur-api-ruby/compare/v2.1.7...v2.1.8
+[2.1.7]: https://github.com/cyberark/conjur-api-ruby/compare/v2.1.6...v2.1.7
+[2.1.6]: https://github.com/cyberark/conjur-api-ruby/compare/v2.1.5...v2.1.6
+[2.1.5]: https://github.com/cyberark/conjur-api-ruby/compare/v2.1.4...v2.1.5
+[2.1.4]: https://github.com/cyberark/conjur-api-ruby/compare/v2.1.3...v2.1.4
+[2.1.3]: https://github.com/cyberark/conjur-api-ruby/compare/v2.1.2...v2.1.3
+[2.1.2]: https://github.com/cyberark/conjur-api-ruby/compare/v2.1.1...v2.1.2
+[2.1.1]: https://github.com/cyberark/conjur-api-ruby/compare/v2.1.0...v2.1.1
+[2.1.0]: https://github.com/cyberark/conjur-api-ruby/compare/v2.0.1...v2.1.0
+[2.0.1]: https://github.com/cyberark/conjur-api-ruby/compare/v2.0.0...v2.0.1
+[2.0.0]: https://github.com/cyberark/conjur-api-ruby/releases/tag/v2.0.0