Class: Conjur::API

Inherits:
Object
  • Object
show all
Includes:
Escape, LogSource, StandardMethods
Defined in:
lib/conjur/base.rb,
lib/conjur/core-api.rb,
lib/conjur/api/authn.rb,
lib/conjur/api/hosts.rb,
lib/conjur/api/roles.rb,
lib/conjur/api/users.rb,
lib/conjur/api/groups.rb,
lib/conjur-api/version.rb,
lib/conjur/api/secrets.rb,
lib/conjur/api/resources.rb,
lib/conjur/api/variables.rb

Direct Known Subclasses

Conjur::Authn::API, Conjur::Authz::API, Core::API

Constant Summary collapse

VERSION = 
"2.7.1"

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from LogSource

#log

Methods included from Escape

#fully_escape, included, #path_escape, #query_escape

Constructor Details

#initialize(username, api_key, token) ⇒ API

Returns a new instance of API.



57
58
59
60
61
62
63
 
# File 'lib/conjur/base.rb', line 57

def initialize username, api_key, token
  @username = username
  @api_key = api_key
  @token = token

  raise "Expecting ( username and api_key ) or token" unless ( username && api_key ) || token
end

Instance Attribute Details

#api_keyObject (readonly)

Returns the value of attribute api_key.



65
66
67
 
# File 'lib/conjur/base.rb', line 65

def api_key
  @api_key
end

#usernameObject (readonly)

Returns the value of attribute username.



65
66
67
 
# File 'lib/conjur/base.rb', line 65

def username
  @username
end

Class Method Details

.authenticate(username, password) ⇒ Object 



24
25
26
27
28
29
 
# File 'lib/conjur/api/authn.rb', line 24

def authenticate username, password
  if Conjur.log
    Conjur.log << "Authenticating #{username}\n"
  end
  JSON::parse(RestClient::Resource.new(Conjur::Authn::API.host)["users/#{fully_escape username}/authenticate"].post password, content_type: 'text/plain')
end

.core_asset_hostObject 



4
5
6
 
# File 'lib/conjur/core-api.rb', line 4

def core_asset_host
  ::Conjur::Core::API.host
end

.enroll_host(url) ⇒ Object 



6
7
8
9
10
11
12
13
14
15
16
17
 
# File 'lib/conjur/api/hosts.rb', line 6

def enroll_host(url)
  if Conjur.log
    Conjur.log << "Enrolling host with URL #{url}\n"
  end
  require 'uri'
  url = URI.parse(url) if url.is_a?(String)
  response = Net::HTTP.get_response url
  raise "Host enrollment failed with status #{response.code} : #{response.body}" unless response.code.to_i == 200
  mime_type = response['Content-Type']
  body = response.body
  [ mime_type, body ]
end

.login(username, password) ⇒ Object

Perform login by Basic authentication.



7
8
9
10
11
12
 
# File 'lib/conjur/api/authn.rb', line 7

def  username, password
  if Conjur.log
    Conjur.log << "Logging in #{username} via Basic authentication\n"
  end
  RestClient::Resource.new(Conjur::Authn::API.host, user: username, password: password)['users/login'].get
end

.login_cas(username, password, cas_api_url) ⇒ Object

Perform login by CAS authentication.



15
16
17
18
19
20
21
22
 
# File 'lib/conjur/api/authn.rb', line 15

def  username, password, cas_api_url
  if Conjur.log
    Conjur.log << "Logging in #{username} via CAS authentication\n"
  end
  require 'cas_rest_client'
  client = CasRestClient.new(:username => username, :password => password, :uri => [ cas_api_url, 'v1', 'tickets' ].join('/'), :use_cookies => false)
  client.get("#{Conjur::Authn::API.host}/users/login").body
end

.new_from_key(username, api_key) ⇒ Object 



48
49
50
 
# File 'lib/conjur/base.rb', line 48

def new_from_key(username, api_key)
  self.new username, api_key, nil
end

.new_from_token(token) ⇒ Object 



52
53
54
 
# File 'lib/conjur/base.rb', line 52

def new_from_token(token)
  self.new nil, nil, token
end

.parse_id(id, kind) ⇒ Object 



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/conjur/base.rb', line 31

def parse_id(id, kind)
  if id.is_a?(Hash)
    tokens = id['id'].split(':')
    [ id['account'], kind, tokens[0], tokens[1..-1].join(':') ]
  elsif id.is_a?(String)
    paths = path_escape(id).split(':')
    if paths.size < 2
      raise "Expecting at least two tokens in #{id}"
    elsif paths.size == 2
      paths.unshift Conjur::Core::API.
    end
    [ paths[0], kind, paths[1], paths[2..-1].join(':') ]
  else
    raise "Unexpected class #{id.class} for #{id}"
  end
end

.parse_resource_id(id) ⇒ Object

Parse a resource id into [ account, ‘resources’, kind, id ]



27
28
29
 
# File 'lib/conjur/base.rb', line 27

def parse_resource_id(id)
  parse_id id, 'resources'
end

.parse_role_id(id) ⇒ Object

Parse a role id into [ account, ‘roles’, kind, id ]



22
23
24
 
# File 'lib/conjur/base.rb', line 22

def parse_role_id(id)
  parse_id id, 'roles'
end

.update_password(username, password, new_password) ⇒ Object 



31
32
33
34
35
36
 
# File 'lib/conjur/api/authn.rb', line 31

def update_password username, password, new_password
  if Conjur.log
    Conjur.log << "Updating password for #{username}\n"
  end
  RestClient::Resource.new(Conjur::Authn::API.host, user: username, password: password)['users/password'].put new_password
end

Instance Method Details

#create_authn_user(login, options = {}) ⇒ Object

Options: password

Response: login api_key



45
46
47
48
49
50
 
# File 'lib/conjur/api/authn.rb', line 45

def create_authn_user , options = {}
  log do |logger|
    logger << "Creating authn user #{}"
  end
  JSON.parse RestClient::Resource.new(Conjur::Authn::API.host, credentials)['users'].post(options.merge(login: ))
end

#create_group(id, options = {}) ⇒ Object 



9
10
11
 
# File 'lib/conjur/api/groups.rb', line 9

def create_group(id, options = {})
  standard_create Conjur::Core::API.host, :group, id, options
end

#create_host(options) ⇒ Object 



20
21
22
 
# File 'lib/conjur/api/hosts.rb', line 20

def create_host options
  standard_create Conjur::Core::API.host, :host, nil, options
end

#create_resource(identifier, options = {}) ⇒ Object 



5
6
7
8
9
 
# File 'lib/conjur/api/resources.rb', line 5

def create_resource(identifier, options = {})
  resource(identifier).tap do |r|
    r.create(options)
  end
end

#create_role(role, options = {}) ⇒ Object 



5
6
7
8
9
 
# File 'lib/conjur/api/roles.rb', line 5

def create_role(role, options = {})
  role(role).tap do |r|
    r.create(options)
  end
end

#create_secret(value, options = {}) ⇒ Object 



5
6
7
 
# File 'lib/conjur/api/secrets.rb', line 5

def create_secret(value, options = {})
  standard_create Conjur::Core::API.host, :secret, nil, options.merge(value: value)
end

#create_user(login, options = {}) ⇒ Object 



5
6
7
 
# File 'lib/conjur/api/users.rb', line 5

def create_user(, options = {})
  standard_create Conjur::Core::API.host, :user, nil, options.merge(login: )
end

#create_variable(mime_type, kind, options = {}) ⇒ Object 



5
6
7
 
# File 'lib/conjur/api/variables.rb', line 5

def create_variable(mime_type, kind, options = {})
  standard_create Conjur::Core::API.host, :variable, nil, options.merge(mime_type: mime_type, kind: kind)
end

#credentialsObject

Authenticate the username and api_key to obtain a request token. Tokens are cached by username for a short period of time.



81
82
83
 
# File 'lib/conjur/base.rb', line 81

def credentials
  { headers: { authorization: "Token token=\"#{Base64.strict_encode64 token.to_json}\"" }, username: username }
end

#current_roleObject 



15
16
17
 
# File 'lib/conjur/api/roles.rb', line 15

def current_role
  role_from_username username
end

#group(id) ⇒ Object 



13
14
15
 
# File 'lib/conjur/api/groups.rb', line 13

def group id
  standard_show Conjur::Core::API.host, :group, id
end

#groups(options = {}) ⇒ Object 



5
6
7
 
# File 'lib/conjur/api/groups.rb', line 5

def groups(options={})
  standard_list Conjur::Core::API.host, :group, options
end

#host(id) ⇒ Object 



71
72
73
 
# File 'lib/conjur/base.rb', line 71

def host
  self.class.host
end

#resource(identifier) ⇒ Object 



11
12
13
14
15
 
# File 'lib/conjur/api/resources.rb', line 11

def resource identifier
  paths = path_escape(identifier).split(':')
  path = [ paths[0], 'resources', paths[1], paths[2..-1].join(':') ].flatten.join('/')
  Resource.new(Conjur::Authz::API.host, credentials)[path]
end

#role(role) ⇒ Object 



11
12
13
 
# File 'lib/conjur/api/roles.rb', line 11

def role role
  Role.new(Conjur::Authz::API.host, credentials)[self.class.parse_role_id(role).join('/')]
end

#role_from_username(username) ⇒ Object 



19
20
21
 
# File 'lib/conjur/api/roles.rb', line 19

def role_from_username username
  role(role_name_from_username username)
end

#role_name_from_username(username = self.username) ⇒ Object 



23
24
25
26
27
28
29
30
 
# File 'lib/conjur/api/roles.rb', line 23

def role_name_from_username username = self.username
  tokens = username.split('/')
  if tokens.size == 1
    [ 'user', username ].join(':')
  else
    [ tokens[0], tokens[1..-1].join('/') ].join(':')
  end
end

#secret(id) ⇒ Object 



9
10
11
 
# File 'lib/conjur/api/secrets.rb', line 9

def secret id
  standard_show Conjur::Core::API.host, :secret, id
end

#tokenObject 



75
76
77
 
# File 'lib/conjur/base.rb', line 75

def token
  @token ||= Conjur::API.authenticate(@username, @api_key)
end

#user(login) ⇒ Object 



9
10
11
 
# File 'lib/conjur/api/users.rb', line 9

def user 
  standard_show Conjur::Core::API.host, :user, 
end

#variable(id) ⇒ Object 



9
10
11
 
# File 'lib/conjur/api/variables.rb', line 9

def variable id
  standard_show Conjur::Core::API.host, :variable, id
end