conjur-api 5.3.2 → 5.3.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 184486b0770526d9426247e1d6add16572cc73791a160bc828265ea39f01e288
-  data.tar.gz: 35f3aae54507b549c5c43e7b66034eff28ab4ed331574c4f80301c32c6c42070
+  metadata.gz: 4d068a6fcf42161573c1d317260549dd7e30001e1c53d9edeb36e8c8646f7db7
+  data.tar.gz: 0ea117aee05921d67c2feef6b863fae286f5556833134f410dbab73a18cc13b9
 SHA512:
-  metadata.gz: b289c3c2e41af4e7847d08b0a7229df9d9a96a2ef1c981ad6ac69bc1db588f99e4f63467152678d34f55c37eeb2ae30daf7ed55f39eb8e3ec9630b1749af6509
-  data.tar.gz: 0a3aba01a8046572a9a1dfea88a71c250727731e2df836f2a262c70a08514dde2b8281c544feb55243fd081f9da0dabf13ecaa7a99bf5d7adf86c0ed1fc7d370
+  metadata.gz: bda454b83559d845aad1a5b13e824937f9574420c9c14d0743fd93c56f79ac6de462648901bc3c9d7612ad6243099a659f1292d9b4fe7628865e6f6ca8dfa562
+  data.tar.gz: a6e5d7397c882d4d43ee95eead36bf51519fa5d6ea7c754b0c2648388769b9800180df8757c1ac5d3e968738e6e92dd013ba71c08686f2a3e6f85b1700556558

data/.github/CODEOWNERS

@@ -0,0 +1,10 @@
+* @cyberark/conjur-core-team @conjurinc/conjur-core-team @conjurdemos/conjur-core-team
+
+# Changes to .trivyignore require Security Architect approval
+.trivyignore @cyberark/security-architects @conjurinc/security-architects @conjurdemos/security-architects
+
+# Changes to .codeclimate.yml require Quality Architect approval
+.codeclimate.yml @cyberark/quality-architects @conjurinc/quality-architects @conjurdemos/quality-architects
+
+# Changes to SECURITY.md require Security Architect approval
+SECURITY.md @cyberark/security-architects @conjurinc/security-architects @conjurdemos/security-architects

data/.github/ISSUE_TEMPLATE/bug.md

@@ -23,5 +23,20 @@ A clear and concise description of what you expected to happen.
 ## Actual Results (including error logs, if applicable)
 A clear and concise description of what actually did happen.
 
+## Reproducible
+   * [ ] Always 
+   * [ ] Sometimes
+   * [ ] Non-Reproducible
+   
+## Version/Tag number
+What version of the product are you running? Any version info that you can share is helpful. 
+For example, you might give the version from Docker logs, the Docker tag, a specific download URL, 
+the output of the `/info` route, etc.
+
+## Environment setup
+Can you describe the environment in which this product is running? Is it running on a VM / in a container / in a cloud? 
+Which cloud provider? Which container orchestrator (including version)? 
+The more info you can share about your runtime environment, the better we may be able to reproduce the issue.
+
 ## Additional Information
-Add any other context about the problem here.
+Add any other context about the problem here.

data/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,21 @@
+### What does this PR do?
+- _What's changed? Why were these changes made?_
+- _How should the reviewer approach this PR, especially if manual tests are required?_
+- _Are there relevant screenshots you can add to the PR description?_
+
+### What ticket does this PR close?
+Connected to #[relevant GitHub issues, eg 76]
+
+### Checklists
+
+#### Change log
+- [ ] The CHANGELOG has been updated, or
+- [ ] This PR does not include user-facing changes and doesn't require a CHANGELOG update
+
+#### Test coverage
+- [ ] This PR includes new unit and integration tests to go with the code changes, or
+- [ ] The changes in this PR do not require tests
+
+#### Documentation
+- [ ] Docs (e.g. `README`s) were updated in this PR, and/or there is a follow-on issue to update docs, or
+- [ ] This PR does not require updating any documentation

data/CHANGELOG.md

@@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## [5.3.3] - 2020-08-18
+### Changed
+- Release process is updated to ensure that the published Ruby Gem matches a tag in this repository,
+  so that consumers of this gem can always reference the correct source code included in any given version.
+  [cyberark/conjur-api-ruby](https://github.com/cyberark/conjur-api-ruby/issues/173)
+
 ## 5.3.2 - 2018-09-24
 ### Added
 - Add `Conjur::API.authenticator_list`, `Conjur::API.authenticator_enable`, and
@@ -315,7 +321,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [2.0.0] - 2013-13-12
 
-[Unreleased]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.1...HEAD
+[Unreleased]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.3...HEAD
+[5.3.3]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.1...v5.3.3
 [5.3.1]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.0...v5.3.1
 [5.3.0]: https://github.com/cyberark/conjur-api-ruby/compare/v5.1.0...v5.3.0
 [5.1.0]: https://github.com/cyberark/conjur-api-ruby/compare/v5.0.0...v5.1.0

data/CONTRIBUTING.md

@@ -120,30 +120,22 @@ $ docker-compose down
 
 ## Releasing
 
-Releasing a new version of this Gem involves a two step process:
-1. Tag and Release (using `bin/release`)
-2. Approving the push to RubyGems in Jenkins
+### Update the version and changelog
 
-### Step 1: Tag and Release
+1. Create a new branch for the version bump.
+1. Based on the unreleased content, determine the new version number and update
+    the [version.rb](lib/conjur-api/version.rb) file.
+1. Commit these changes - `Bump version to x.y.z` is an acceptable commit message - and open a PR
+   for review. Your PR should include updates to `lib/conjur-api/version.rb`, and
+    `CHANGELOG.md`.
 
-First, update the following files:
+### Add a git tag
 
-- The version file (`lib/conjur-api/version.rb`) has been updated with an appropriate Semantic version number.
-- The `CHANGELOG.md` file has been updated to reflect the release version and appropriate release notes.
+1. Once your changes have been **reviewed and merged into master**, tag the version
+   using `git tag -a "vx.y.z" -m "vx.y.z release"`. Note this requires you to be able to sign releases.
+   Consult the [github documentation on signing commits](https://help.github.com/articles/signing-commits-with-gpg/)
+   on how to set this up. `vx.y.z release` is an acceptable tag message.
+1. Push the tag: `git push vx.y.z` (or `git push origin vx.y.z` if you are working
+   from your local machine).
 
-Next, save -- but do not commit -- the changes above.
-
-Finally, when you're ready to release, run the following:
-
-```sh
-$ bin/release
-```
-
-### Step 2: Approve the push to RubyGems in Jenkins
-
-- Navigate to Jenkins: https://jenkins.conjur.net/job/cyberark--conjur-api-ruby/job/master/.
-- Once the pipeline reaches the `Publish to RubyGems?` stage, click the blue box, and then click `Logs`.
-- Open the confirmation step (`Wait for interactive input -- Publish to RubyGems?`), and click `Proceed`. Nothing appears to happen, but the "Publish" stage will be run.
-- Finally, verify that the new library is present in RubyGems: https://rubygems.org/gems/conjur-api
-
-The release is now complete.
+After pushing the tag, a matching version will be published to [RubyGems](https://rubygems.org/gems/conjur-api/versions)!

data/Jenkinsfile

@@ -40,34 +40,11 @@ pipeline {
       }
     }
 
-    // Only publish to RubyGems if branch is 'master'
-    // AND someone confirms this stage within 5 minutes
+    // Only publish to RubyGems if the tag begins with 'v' ex) v5.3.2
     stage('Publish to RubyGems?') {
-      agent { label 'releaser-v2' }
+      agent { label 'executor-v2' }
 
-      when {
-        allOf {
-          branch 'master'
-          expression {
-            boolean publish = false
-
-            if (env.PUBLISH_GEM == "true") {
-                return true
-            }
-
-            try {
-              timeout(time: 5, unit: 'MINUTES') {
-                input(message: 'Publish to RubyGems?')
-                publish = true
-              }
-            } catch (final ignore) {
-              publish = false
-            }
-
-            return publish
-          }
-        }
-      }
+      when { tag "v*" }
       steps {
         // Clean up first
         sh 'docker run -i --rm -v $PWD:/src -w /src alpine/git clean -fxd'

data/README.md

@@ -24,6 +24,17 @@ Use the configuration setting `Conjur.configuration.version` to select your serv
 
 If you are using Conjur server version `4.x`, you can also choose to use the `conjur-api` version `4.x`. In this case, the `Configuration.version` setting is not required (actually, it doesn't exist).
 
+## Using conjur-api-ruby with Conjur OSS 
+
+Are you using this project with [Conjur OSS](https://github.com/cyberark/conjur)? Then we 
+**strongly** recommend choosing the version of this project to use from the latest [Conjur OSS 
+suite release](https://docs.conjur.org/Latest/en/Content/Overview/Conjur-OSS-Suite-Overview.html). 
+Conjur maintainers perform additional testing on the suite release versions to ensure 
+compatibility. When possible, upgrade your Conjur version to match the 
+[latest suite release](https://docs.conjur.org/Latest/en/Content/ReleaseNotes/ConjurOSS-suite-RN.htm); 
+when using integrations, choose the latest suite release that matches your Conjur version. For any 
+questions, please contact us on [Discourse](https://discuss.cyberarkcommons.org/c/conjur/5).
+
 # Installation
 
 Add this line to your application's Gemfile:

data/SECURITY.md

@@ -0,0 +1,42 @@
+# Security Policies and Procedures
+
+This document outlines security procedures and general policies for the CyberArk Conjur
+suite of tools and products.
+
+  * [Reporting a Bug](#reporting-a-bug)
+  * [Disclosure Policy](#disclosure-policy)
+  * [Comments on this Policy](#comments-on-this-policy)
+
+## Reporting a Bug
+
+The CyberArk Conjur team and community take all security bugs in the Conjur suite seriously.
+Thank you for improving the security of the Conjur suite. We appreciate your efforts and
+responsible disclosure and will make every effort to acknowledge your
+contributions.
+
+Report security bugs by emailing the lead maintainers at security@conjur.org.
+
+The maintainers will acknowledge your email within 2 business days. Subsequently, we will 
+send a more detailed response within 2 business days of our acknowledgement indicating
+the next steps in handling your report. After the initial reply to your report, the security
+team will endeavor to keep you informed of the progress towards a fix and full
+announcement, and may ask for additional information or guidance.
+
+Report security bugs in third-party modules to the person or team maintaining
+the module.
+
+## Disclosure Policy
+
+When the security team receives a security bug report, they will assign it to a
+primary handler. This person will coordinate the fix and release process,
+involving the following steps:
+
+  * Confirm the problem and determine the affected versions.
+  * Audit code to find any potential similar problems.
+  * Prepare fixes for all releases still under maintenance. These fixes will be
+    released as fast as possible.
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved please submit a
+pull request.

data/lib/conjur-api/version.rb

@@ -19,6 +19,6 @@
 
 module Conjur
   class API
-    VERSION = "5.3.2"
+    VERSION = "5.3.3"
   end
 end

data/test.sh

@@ -12,6 +12,9 @@ function publishToCodeClimate() {
   docker build -f ci/codeclimate.dockerfile -t cyberark/code-climate:latest .
   docker run \
     --rm \
+    -e GIT_BRANCH \
+    -e GIT_COMMIT \
+    -e TRID \
     --volume "$PWD:/src/conjur-api" \
     -w "/src/conjur-api" \
     cyberark/code-climate:latest \

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-api
 version: !ruby/object:Gem::Version
-  version: 5.3.2
+  version: 5.3.3
 platform: ruby
 authors:
 - Rafal Rzepecki
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-06 00:00:00.000000000 Z
+date: 2020-08-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -211,15 +211,16 @@ description: Conjur API
 email:
 - rafal@conjur.net
 - kgilpin@conjur.net
-executables:
-- release
+executables: []
 extensions: []
 extra_rdoc_files: []
 files:
 - ".codeclimate.yml"
 - ".dockerignore"
+- ".github/CODEOWNERS"
 - ".github/ISSUE_TEMPLATE/bug.md"
 - ".github/ISSUE_TEMPLATE/feature_request.md"
+- ".github/PULL_REQUEST_TEMPLATE.md"
 - ".gitignore"
 - ".gitleaks.toml"
 - ".overcommit.yml"
@@ -236,8 +237,8 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- SECURITY.md
 - bin/parse-changelog.sh
-- bin/release
 - ci/codeclimate.dockerfile
 - ci/configure_v4.sh
 - ci/configure_v5.sh
@@ -377,7 +378,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Conjur API

data/bin/release

@@ -1,43 +0,0 @@
-#!/bin/bash -e
-
-git fetch --tags
-
-if [ "$(git rev-parse --abbrev-ref HEAD)" != "master" ]; then
-  echo "Must be on the master branch to releases.  Please switch with 'git checkout master'."
-  exit 1
-fi
-
-version_file="$(cat lib/conjur-api/version.rb)"
-re='VERSION = "([0-9]{1,}\.[0-9]{1,}\.[0-9]{1,})"'
-if [[ "$version_file" =~ $re ]]; then
-  version="v${BASH_REMATCH[1]}"
-else
-  echo "Failed to find a version in 'lib/conjur-api/version.rb'"
-  exit 1
-fi
-
-last_release=$(git describe --abbrev=0 --tags)
-
-echo "The last release was: $last_release"
-echo "The next release will be: $version"
-
-if [ "$version" = "$last_release" ]; then
-  echo 'To release, the VERSION file must be incremented to the latest release number.'
-  exit 1
-fi
-
-if [[ ! $(git status --porcelain) ]]; then
-  echo 'Your Git is clean. Please update the lib/conjur-api/version.rb, and CHANGELOG.md before releasing.  The script will handle commits and pushing.'
-  exit 1
-fi
-
-# Make sure we have the most recent changes, without destroying local changes.
-git stash
-git pull --rebase origin master
-git stash pop
-
-# Perform a commit, tag, and push. The tag needs to be present before the commit
-# to insure Jenkins has what it needs to make a decision about a release.
-git commit -am "$version"
-git tag -a "$version" -m "$version release"
-git push --follow-tags