conjur-asset-ui-api 1.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: de26f41cb7967fb35721ea8a7f0f63c9a839224f
+  data.tar.gz: ebd5a26239e74212c595d69298eed97bdbe81fcd
+SHA512:
+  metadata.gz: a6faf7355101b509e800604e39b7b2173b24048e0ddd28ef564536d39deac108ee840fc75be67a473e4be4179d72e2b17146bf5e7b3fd6c3323450418d9b77d6
+  data.tar.gz: 225521cc4f10ba28ac536175522042eba3f1da11db74283b05ca8a1b9f05d0532eae7db8f5b1d83617fd119e03bb1d5d7f067841fd856641cdf15d9a4dac5f5f

data/.git-hooks/pre_commit/ensure_livescript_compiled.rb

@@ -0,0 +1,31 @@
+require 'pathname'
+
+module Overcommit::Hook::PreCommit
+  # Ensure the livescript source files are compiled.
+  # Also make sure they're included in the commit.
+  class EnsureLivescriptCompiled < Base
+    def compiled_path ls
+      ls.sub('livescript/', 'public/js/').sub(/\.ls$/, '.js')
+    end
+
+    def relative path
+      Pathname.new(path).relative_path_from Pathname.getwd
+    end
+
+    def check_file lsfile
+      compiled = compiled_path lsfile
+
+      return "#{relative compiled}: older than #{relative lsfile}.
+          $ ./compile_ls &" if File.stat(lsfile) > File.stat(compiled)
+
+      return "#{relative lsfile}: compiled file not added.
+          $ git add #{relative compiled}" unless modified_files.include? compiled
+    end
+
+    def run
+      errs = applicable_files.map(&method(:check_file)).compact
+      return :bad, errs.join('\n') unless errs.empty?
+      :good
+    end
+  end
+end

data/.git-hooks/pre_commit/trailing_whitespace.rb

@@ -0,0 +1,26 @@
+module Overcommit::Hook::PreCommit
+  # Checks for trailing whitespace in files.
+  class TrailingWhitespace < Base
+    def message
+      "Trailing whitespace detected"
+    end
+
+    def lint_split output, message = message
+      # Keep lines from the output for files that we actually modified
+      error_lines, warning_lines = output.split("\n").partition do |output_line|
+        _, file, line = output_line.match(/^([^:]+):(\d+)/).to_a
+        modified_lines(file).include?(line.to_i)
+      end
+
+      return :bad, message + ":\n" + error_lines.join("\n") unless error_lines.empty?
+      return :warn, message + " (on lines you didn't modify):\n" + warning_lines.join("\n")\
+          unless warning_lines.empty?
+
+      :good
+    end
+
+    def run
+      lint_split execute(%w[grep -IHn \s$] + applicable_files).stdout
+    end
+  end
+end

data/.gitignore

@@ -0,0 +1,20 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.idea
+.DS_Store
+

data/.overcommit.yml

@@ -0,0 +1,5 @@
+PreCommit:
+  EnsureLivescriptCompiled:
+    description: 'Checking if LiveScript files are compiled'
+    include: 'livescript/*.ls'
+    requires_files: true

data/.project

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>conjur-asset-ui</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>com.aptana.ide.core.unifiedBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>com.aptana.ruby.core.rubynature</nature>
+		<nature>com.aptana.projects.webnature</nature>
+	</natures>
+</projectDescription>

data/Gemfile

@@ -0,0 +1,8 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in conjur-asset-pubkeys.gemspec
+gemspec
+
+group :development do
+  gem 'pry'
+end

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Kevin Gilpin
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,41 @@
+conjur-asset-ui
+===============
+
+This Gem is a Conjur plugin providing UI features.
+
+Usage
+-----
+
+First install the gem, with the rather clumsy name `conjur-asset-ui-api`.
+
+```
+gem install conjur-asset-ui-api
+```
+
+Or add the following line to your `Gemfile`:
+
+```
+gem 'conjur-asset-ruby-api'
+```
+
+Next, edit your `.conjurrc` file to add the `"ui"` plugin, for example:
+
+```
+stack: v4
+account: sandbox
+plugins:
+  - ui
+  - layer
+```
+
+Make sure you are logged into conjur: 
+
+```
+conjur authn:login
+```
+
+And run the UI:
+
+```
+conjur ui
+```

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/compile_ls

@@ -0,0 +1,2 @@
+#!/bin/bash
+lsc -w -c -o public/js livescript

data/conjur-asset-ui.gemspec

@@ -0,0 +1,36 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'conjur-asset-ui-version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "conjur-asset-ui-api"
+  spec.version       = Conjur::Asset::UI::VERSION
+  spec.authors       = ["Jon Mason", "Kevin Gilpin", "Rafa\305\202 Rzepecki"]
+  spec.email         = ["jon@conjur.net", "kgilpin@conjur.net", "rafal@conjur.net"]
+  spec.homepage      = "http://conjur.net"
+  spec.summary       = "Conjur User Interface Plugin"
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "puma"
+  spec.add_dependency "conjur-api", "~> 4.6"
+  spec.add_dependency "launchy"
+  spec.add_dependency "rack"
+
+  # we're monkey patching hackily, so fix the version
+  spec.add_dependency "rack-streaming-proxy", "= 2.0.1"
+
+  spec.add_development_dependency "conjur-cli"
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec"
+  spec.add_development_dependency "simplecov"
+  spec.add_development_dependency "spork"
+  spec.add_development_dependency "ci_reporter"
+end

data/lib/conjur-asset-ui-version.rb

@@ -0,0 +1,7 @@
+module Conjur
+  module Asset
+    module UI
+      VERSION="1.1.0"
+    end
+  end
+end

data/lib/conjur-asset-ui.rb

@@ -0,0 +1,7 @@
+require 'conjur-asset-ui-version'
+require 'conjur/webserver/api_proxy'
+require 'conjur/webserver/authorize'
+require 'conjur/webserver/conjur_info'
+require 'conjur/webserver/home'
+require 'conjur/webserver/login'
+require 'conjur/webserver/server'

data/lib/conjur/audit/follower.rb

@@ -0,0 +1,63 @@
+module Conjur
+  module Audit
+    class Follower
+      # Initialize a follower that will fetch more records by 
+      # calling :block: with options to merge into the options passed
+      # to the audit method (eg, limit, offset)
+      def initialize &block
+        @fetch = block
+      end
+      
+      # Filter events received so that only events for which
+      # :block: returns truthy are passed to the block given to 
+      # :#follow:.
+      def filter &filter
+        @filter = filter
+      end
+      
+      # Follow audit events, yielding non-empty 
+      # arrays of new events to :block: as they 
+      # are fetched.
+      def follow &block
+        @last_event_id = nil
+        
+        loop do
+          new_events = fetch_new_events
+          new_events.select!(&@filter) if @filter
+          if new_events.empty?
+            sleep 1
+          else
+            block.call new_events
+          end
+        end
+      end
+      
+      protected
+      
+      # Fetch all events after @last_event_id, updating it 
+      # to point to the last event returned by this method. 
+      # May return an empty array if no new events are available.
+      def fetch_new_events
+        # If @last_event_id is nil just fetch and return the 
+        # most recent events, updating @last_event_id
+        if @last_event_id.nil?
+          events = @fetch.call(offset: 0)
+          @last_event_id = events.last['event_id'] unless events.empty?
+          return events
+        end
+        
+        # We have a @last_event_id, fetch batches of events until we 
+        # find it.
+        events = []
+        while (index = events.find_index{|e| e['event_id'] == @last_event_id}).nil?
+          events = @fetch.call(offset: events.length, limit: 10).reverse.concat events
+        end
+        
+        # Update @last_event_id and return the sliced events, reversing it one
+        # last time (because the block given to follow expects events to be reversed)
+        @last_event_id = events.last['event_id'] unless events.empty?
+        events[index + 1..-1].reverse
+      end
+    end
+  end
+end

data/lib/conjur/audit/humanizer.rb

@@ -0,0 +1,53 @@
+module Conjur
+  module Audit
+    module Humanizer
+      class << self
+      # Add a "human" field to the event, describing what happened.
+        def humanize event
+          e = event.symbolize_keys
+          # hack: sometimes resource is a hash.  We don't want that!
+          if e[:resource] && e[:resource].kind_of?(Hash)
+            e[:resource] = e[:resource]['id']
+          end
+          s = " #{e[:conjur_user]}"
+          s << " (as #{e[:conjur_role]})" if e[:conjur_role] != e[:conjur_user]
+          formatter = SHORT_FORMATS["#{e[:asset]}:#{e[:action]}"]
+          if formatter
+            s << " " << formatter.call(e)
+          else
+            s << " unknown event: #{e[:asset]}:#{e[:action]}!"
+          end
+          s << " (failed with #{e[:error]})" if e[:error]
+          event['human'] = s
+        end
+        
+        def append_features base
+          base.class_eval do
+            def humanize e
+              Conjur::Audit::Humanizer.humanize e
+            end
+            def self.humanize e
+              Conjur::Audit::Humanizer.humanize e
+            end
+          end
+        end
+        
+        private
+        SHORT_FORMATS = {
+          'resource:check' => lambda{|e| "checked that they can #{e[:privilege]} #{e[:resource]} (#{e[:allowed]})" },
+          'resource:create' => lambda{|e| "created resource #{e[:resource_id]} owned by #{e[:owner]}" },
+          'resource:update' => lambda{|e| "gave #{e[:resource]} to #{e[:owner]}" },
+          'resource:destroy' => lambda{|e| "destroyed resource #{e[:resource]}" },
+          'resource:permit' => lambda{|e| "permitted #{e[:grantee]} to #{e[:privilege]} #{e[:resource]} (grant option: #{!!e[:grant_option]})" },
+          'resource:deny' => lambda{|e| "denied #{e[:privilege]} from #{e[:grantee]} on #{e[:resource]}" },
+          'resource:permitted_roles' => lambda{|e| "listed roles permitted to #{e[:permission]} on #{e[:resource]}" },
+          'role:check' => lambda{|e| "checked that #{e[:role] == e[:conjur_user] ? 'they' : e[:role]} can #{e[:privilege]} #{e[:resource]} (#{e[:allowed]})" },
+          'role:grant' => lambda{|e| "granted role #{e[:role]} to #{e[:member]} #{e[:admin_option] ? ' with ' : ' without '}admin" },
+          'role:revoke' => lambda{|e| "revoked role #{e[:role]} from #{e[:member]}" },
+          'role:create' => lambda{|e| "created role #{e[:role_id]}" }
+        }
+
+      end
+    end
+  end
+end

data/lib/conjur/audit/tableizer.rb

@@ -0,0 +1,55 @@
+module Conjur
+  module Audit
+    module Tableizer
+      class << self
+      # Output a standardized event suitable for table display.
+        def tableize event
+          e = event.symbolize_keys
+          # hack: sometimes resource is a hash.  We don't want that!
+          if e[:resource] && e[:resource].kind_of?(Hash)
+            e[:resource] = e[:resource]['id']
+          end
+          
+          formatter = INFO_FORMATS["#{e[:asset]}:#{e[:action]}"]
+          info = if formatter
+            formatter.call(e)
+          else
+            { }
+          end
+ 
+          result = {}
+          result[:actor] = e[:conjur_role] || e[:conjur_user]
+          result.merge! info
+          event['table'] = result
+        end
+        
+        def append_features base
+          base.class_eval do
+            def tableize e
+              Conjur::Audit::Tableizer.tableize e
+            end
+            def self.humanize e
+              Conjur::Audit::Tableizer.tableize e
+            end
+          end
+        end
+        
+        private
+        
+        INFO_FORMATS = {
+          'resource:check'           => lambda{|e| { action: :check,      object_kind: :resource, object: e[:resource], privilege: e[:privilege], result: e[:allowed] } },
+          'resource:create'          => lambda{|e| { action: :create,     object_kind: :resource, object: e[:resource_id] } },
+          'resource:update'          => lambda{|e| { action: :update,     object_kind: :resource, object: e[:resource]  } },
+          'resource:destroy'         => lambda{|e| { action: :destroy,    object_kind: :resource, object: e[:resource]  } },
+          'resource:permit'          => lambda{|e| { action: :permit,     object_kind: :resource, object: e[:resource], privilege: e[:privilege], grantee: e[:grantee], grant_option: e[:grant_option] } },
+          'resource:deny'            => lambda{|e| { action: :deny,       object_kind: :resource, object: e[:resource], privilege: e[:privilege], grantee: e[:grantee] } },
+          'resource:permitted_roles' => lambda{|e| { action: :list_roles, object_kind: :resource, object: e[:resource]  } },
+          'role:check'               => lambda{|e| { action: :check,      object_kind: :resource, object: e[:resource], privilege: e[:privilege], detail: e[:allowed] } },
+          'role:grant'               => lambda{|e| { action: :grant,      object_kind: :role,     object: e[:role],     member: e[:member], admin: e[:admin_option] } },
+          'role:revoke'              => lambda{|e| { action: :revoke,     object_kind: :role,     object: e[:role],     member: e[:member] } },
+          'role:create'              => lambda{|e| { action: :create,     object_kind: :role,     object: e[:role_id]     } }
+        }
+      end
+    end
+  end
+end

data/lib/conjur/command/ui.rb

@@ -0,0 +1,38 @@
+#
+# Copyright (C) 2013 Conjur Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+class Conjur::Command::UI < Conjur::Command
+  desc "Launch a UI"
+  arg_name "root-path"
+  Conjur::CLI.command :ui do |c|
+    c.action do |global_options,options,args|
+      root = args.pop || File.expand_path('../../../public', File.dirname(__FILE__))
+
+      require 'conjur/webserver/server'
+      server = Conjur::WebServer::Server.new
+      thread = Thread.new do
+        server.start(root)
+      end
+      sleep 0.5
+      server.open
+      thread.join
+    end
+  end
+end