Class: Conjur::API
- Inherits:
-
Object
show all
- Includes:
- Escape, LogSource, StandardMethods
- Defined in:
- lib/conjur/base.rb,
lib/conjur/core-api.rb,
lib/conjur/api/authn.rb,
lib/conjur/api/hosts.rb,
lib/conjur/api/roles.rb,
lib/conjur/api/users.rb,
lib/conjur/api/groups.rb,
lib/conjur-api/version.rb,
lib/conjur/api/secrets.rb,
lib/conjur/api/resources.rb,
lib/conjur/api/variables.rb
Constant Summary
collapse
- VERSION =
"2.7.1"
Instance Attribute Summary collapse
Class Method Summary
collapse
-
.authenticate(username, password) ⇒ Object
-
.core_asset_host ⇒ Object
-
.enroll_host(url) ⇒ Object
-
.login(username, password) ⇒ Object
Perform login by Basic authentication.
-
.login_cas(username, password, cas_api_url) ⇒ Object
Perform login by CAS authentication.
-
.new_from_key(username, api_key) ⇒ Object
-
.new_from_token(token) ⇒ Object
-
.parse_id(id, kind) ⇒ Object
-
.parse_resource_id(id) ⇒ Object
Parse a resource id into [ account, ‘resources’, kind, id ].
-
.parse_role_id(id) ⇒ Object
Parse a role id into [ account, ‘roles’, kind, id ].
-
.update_password(username, password, new_password) ⇒ Object
Instance Method Summary
collapse
-
#create_authn_user(login, options = {}) ⇒ Object
-
#create_group(id, options = {}) ⇒ Object
-
#create_host(options) ⇒ Object
-
#create_resource(identifier, options = {}) ⇒ Object
-
#create_role(role, options = {}) ⇒ Object
-
#create_secret(value, options = {}) ⇒ Object
-
#create_user(login, options = {}) ⇒ Object
-
#create_variable(mime_type, kind, options = {}) ⇒ Object
-
#credentials ⇒ Object
Authenticate the username and api_key to obtain a request token.
-
#current_role ⇒ Object
-
#group(id) ⇒ Object
-
#groups(options = {}) ⇒ Object
-
#host(id) ⇒ Object
-
#initialize(username, api_key, token) ⇒ API
constructor
-
#resource(identifier) ⇒ Object
-
#role(role) ⇒ Object
-
#role_from_username(username) ⇒ Object
-
#role_name_from_username(username = self.username) ⇒ Object
-
#secret(id) ⇒ Object
-
#token ⇒ Object
-
#user(login) ⇒ Object
-
#variable(id) ⇒ Object
Methods included from LogSource
#log
Methods included from Escape
#fully_escape, included, #path_escape, #query_escape
Constructor Details
#initialize(username, api_key, token) ⇒ API
Returns a new instance of API.
57
58
59
60
61
62
63
|
# File 'lib/conjur/base.rb', line 57
def initialize username, api_key, token
@username = username
@api_key = api_key
@token = token
raise "Expecting ( username and api_key ) or token" unless ( username && api_key ) || token
end
|
Instance Attribute Details
#api_key ⇒ Object
Returns the value of attribute api_key.
65
66
67
|
# File 'lib/conjur/base.rb', line 65
def api_key
@api_key
end
|
#username ⇒ Object
Returns the value of attribute username.
65
66
67
|
# File 'lib/conjur/base.rb', line 65
def username
@username
end
|
Class Method Details
.authenticate(username, password) ⇒ Object
24
25
26
27
28
29
|
# File 'lib/conjur/api/authn.rb', line 24
def authenticate username, password
if Conjur.log
Conjur.log << "Authenticating #{username}\n"
end
JSON::parse(RestClient::Resource.new(Conjur::Authn::API.host)["users/#{fully_escape username}/authenticate"].post password, content_type: 'text/plain')
end
|
.core_asset_host ⇒ Object
4
5
6
|
# File 'lib/conjur/core-api.rb', line 4
def core_asset_host
::Conjur::Core::API.host
end
|
.enroll_host(url) ⇒ Object
6
7
8
9
10
11
12
13
14
15
16
17
|
# File 'lib/conjur/api/hosts.rb', line 6
def enroll_host(url)
if Conjur.log
Conjur.log << "Enrolling host with URL #{url}\n"
end
require 'uri'
url = URI.parse(url) if url.is_a?(String)
response = Net::HTTP.get_response url
raise "Host enrollment failed with status #{response.code} : #{response.body}" unless response.code.to_i == 200
mime_type = response['Content-Type']
body = response.body
[ mime_type, body ]
end
|
.login(username, password) ⇒ Object
Perform login by Basic authentication.
7
8
9
10
11
12
|
# File 'lib/conjur/api/authn.rb', line 7
def login username, password
if Conjur.log
Conjur.log << "Logging in #{username} via Basic authentication\n"
end
RestClient::Resource.new(Conjur::Authn::API.host, user: username, password: password)['users/login'].get
end
|
.login_cas(username, password, cas_api_url) ⇒ Object
Perform login by CAS authentication.
15
16
17
18
19
20
21
22
|
# File 'lib/conjur/api/authn.rb', line 15
def login_cas username, password, cas_api_url
if Conjur.log
Conjur.log << "Logging in #{username} via CAS authentication\n"
end
require 'cas_rest_client'
client = CasRestClient.new(:username => username, :password => password, :uri => [ cas_api_url, 'v1', 'tickets' ].join('/'), :use_cookies => false)
client.get("#{Conjur::Authn::API.host}/users/login").body
end
|
.new_from_key(username, api_key) ⇒ Object
48
49
50
|
# File 'lib/conjur/base.rb', line 48
def new_from_key(username, api_key)
self.new username, api_key, nil
end
|
.new_from_token(token) ⇒ Object
52
53
54
|
# File 'lib/conjur/base.rb', line 52
def new_from_token(token)
self.new nil, nil, token
end
|
.parse_id(id, kind) ⇒ Object
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
# File 'lib/conjur/base.rb', line 31
def parse_id(id, kind)
if id.is_a?(Hash)
tokens = id['id'].split(':')
[ id['account'], kind, tokens[0], tokens[1..-1].join(':') ]
elsif id.is_a?(String)
paths = path_escape(id).split(':')
if paths.size < 2
raise "Expecting at least two tokens in #{id}"
elsif paths.size == 2
paths.unshift Conjur::Core::API.conjur_account
end
[ paths[0], kind, paths[1], paths[2..-1].join(':') ]
else
raise "Unexpected class #{id.class} for #{id}"
end
end
|
.parse_resource_id(id) ⇒ Object
Parse a resource id into [ account, ‘resources’, kind, id ]
27
28
29
|
# File 'lib/conjur/base.rb', line 27
def parse_resource_id(id)
parse_id id, 'resources'
end
|
.parse_role_id(id) ⇒ Object
Parse a role id into [ account, ‘roles’, kind, id ]
22
23
24
|
# File 'lib/conjur/base.rb', line 22
def parse_role_id(id)
parse_id id, 'roles'
end
|
.update_password(username, password, new_password) ⇒ Object
31
32
33
34
35
36
|
# File 'lib/conjur/api/authn.rb', line 31
def update_password username, password, new_password
if Conjur.log
Conjur.log << "Updating password for #{username}\n"
end
RestClient::Resource.new(Conjur::Authn::API.host, user: username, password: password)['users/password'].put new_password
end
|
Instance Method Details
#create_authn_user(login, options = {}) ⇒ Object
Options: password
Response: login
api_key
45
46
47
48
49
50
|
# File 'lib/conjur/api/authn.rb', line 45
def create_authn_user login, options = {}
log do |logger|
logger << "Creating authn user #{login}"
end
JSON.parse RestClient::Resource.new(Conjur::Authn::API.host, credentials)['users'].post(options.merge(login: login))
end
|
#create_group(id, options = {}) ⇒ Object
9
10
11
|
# File 'lib/conjur/api/groups.rb', line 9
def create_group(id, options = {})
standard_create Conjur::Core::API.host, :group, id, options
end
|
#create_host(options) ⇒ Object
20
21
22
|
# File 'lib/conjur/api/hosts.rb', line 20
def create_host options
standard_create Conjur::Core::API.host, :host, nil, options
end
|
#create_resource(identifier, options = {}) ⇒ Object
5
6
7
8
9
|
# File 'lib/conjur/api/resources.rb', line 5
def create_resource(identifier, options = {})
resource(identifier).tap do |r|
r.create(options)
end
end
|
#create_role(role, options = {}) ⇒ Object
5
6
7
8
9
|
# File 'lib/conjur/api/roles.rb', line 5
def create_role(role, options = {})
role(role).tap do |r|
r.create(options)
end
end
|
#create_secret(value, options = {}) ⇒ Object
5
6
7
|
# File 'lib/conjur/api/secrets.rb', line 5
def create_secret(value, options = {})
standard_create Conjur::Core::API.host, :secret, nil, options.merge(value: value)
end
|
#create_user(login, options = {}) ⇒ Object
5
6
7
|
# File 'lib/conjur/api/users.rb', line 5
def create_user(login, options = {})
standard_create Conjur::Core::API.host, :user, nil, options.merge(login: login)
end
|
#create_variable(mime_type, kind, options = {}) ⇒ Object
5
6
7
|
# File 'lib/conjur/api/variables.rb', line 5
def create_variable(mime_type, kind, options = {})
standard_create Conjur::Core::API.host, :variable, nil, options.merge(mime_type: mime_type, kind: kind)
end
|
#credentials ⇒ Object
Authenticate the username and api_key to obtain a request token. Tokens are cached by username for a short period of time.
81
82
83
|
# File 'lib/conjur/base.rb', line 81
def credentials
{ headers: { authorization: "Token token=\"#{Base64.strict_encode64 token.to_json}\"" }, username: username }
end
|
#current_role ⇒ Object
15
16
17
|
# File 'lib/conjur/api/roles.rb', line 15
def current_role
role_from_username username
end
|
#group(id) ⇒ Object
13
14
15
|
# File 'lib/conjur/api/groups.rb', line 13
def group id
standard_show Conjur::Core::API.host, :group, id
end
|
#groups(options = {}) ⇒ Object
5
6
7
|
# File 'lib/conjur/api/groups.rb', line 5
def groups(options={})
standard_list Conjur::Core::API.host, :group, options
end
|
#host(id) ⇒ Object
71
72
73
|
# File 'lib/conjur/base.rb', line 71
def host
self.class.host
end
|
#resource(identifier) ⇒ Object
11
12
13
14
15
|
# File 'lib/conjur/api/resources.rb', line 11
def resource identifier
paths = path_escape(identifier).split(':')
path = [ paths[0], 'resources', paths[1], paths[2..-1].join(':') ].flatten.join('/')
Resource.new(Conjur::Authz::API.host, credentials)[path]
end
|
#role(role) ⇒ Object
11
12
13
|
# File 'lib/conjur/api/roles.rb', line 11
def role role
Role.new(Conjur::Authz::API.host, credentials)[self.class.parse_role_id(role).join('/')]
end
|
#role_from_username(username) ⇒ Object
19
20
21
|
# File 'lib/conjur/api/roles.rb', line 19
def role_from_username username
role(role_name_from_username username)
end
|
#role_name_from_username(username = self.username) ⇒ Object
23
24
25
26
27
28
29
30
|
# File 'lib/conjur/api/roles.rb', line 23
def role_name_from_username username = self.username
tokens = username.split('/')
if tokens.size == 1
[ 'user', username ].join(':')
else
[ tokens[0], tokens[1..-1].join('/') ].join(':')
end
end
|
#secret(id) ⇒ Object
9
10
11
|
# File 'lib/conjur/api/secrets.rb', line 9
def secret id
standard_show Conjur::Core::API.host, :secret, id
end
|
#token ⇒ Object
75
76
77
|
# File 'lib/conjur/base.rb', line 75
def token
@token ||= Conjur::API.authenticate(@username, @api_key)
end
|
#user(login) ⇒ Object
9
10
11
|
# File 'lib/conjur/api/users.rb', line 9
def user login
standard_show Conjur::Core::API.host, :user, login
end
|
#variable(id) ⇒ Object
9
10
11
|
# File 'lib/conjur/api/variables.rb', line 9
def variable id
standard_show Conjur::Core::API.host, :variable, id
end
|