Class: Conjur::Configuration
- Inherits:
-
Object
- Object
- Conjur::Configuration
- Defined in:
- lib/conjur/configuration.rb,
lib/conjur/pubkeys-api.rb,
lib/conjur/host-factory-api.rb
Overview
Stores a configuration for the Conjur API client. This class provides global and thread local storage for common options used by the Conjur API. Most importantly, it specifies the
- REST endpoints, derived from the #appliance_url and #account options
- The certificate used for secure connections to the Conjur appliance (#cert_file)
Environment Variables
Option values used by Conjur can be given by environment variables, using a standard naming scheme. Specifically,
an environment variable named CONJUR_ACCOUNT
will be used to provide a default value for the #account
option.
Required Options
The #account and #appliance_url are always required. Except in special cases, the #cert_file is also required, but you may omit it if your Conjur root certificate is in the OpenSSl default certificate store.
Thread Local Configuration
While using a globally available configuration is convenient for most applications, sometimes you will need to use different configurations in different threads. This is supported by returning a thread local version from configuration if one has been set by with_configuration.
Instance Attribute Summary collapse
-
#account ⇒ String
The organizational account used by Conjur.
-
#appliance_url ⇒ String
The url for your Conjur appliance.
-
#audit_url ⇒ String
The url for the Conjur audit service.
-
#authn_url ⇒ String
The url for the Conjur authentication service.
-
#authz_url ⇒ String
The url for the Conjur authorization service.
-
#cert_file ⇒ String?
Path to the certificate file to use when making secure connections to your Conjur appliance.
-
#core_url ⇒ String
The url for the Conjur core/directory service.
- #env ⇒ String deprecated Deprecated.
-
#pubkeys_url ⇒ String
The url for the Conjur public keys service.
-
#ssl_certificate ⇒ Object
Contents of a certificate file.
Instance Method Summary collapse
-
#apply_cert_config!(store = OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE) ⇒ Boolean
Add the certificate configured by the #ssl_certificate and #cert_file options to the certificate store used by Conjur clients.
-
#clone(override_options = {}) ⇒ Conjur::Configuration
Return a copy of this Configuration instance, optionally updating the copy with options from the
override_options
hash. -
#initialize(options = {}) ⇒ Configuration
constructor
Create a new Configuration, setting initial values from
options
.
Constructor Details
#initialize(options = {}) ⇒ Configuration
options
must use symbols for keys.
Create a new Conjur::Configuration, setting initial values from
options
.
187 188 189 190 |
# File 'lib/conjur/configuration.rb', line 187 def initialize = {} @explicit = .dup @supplied = .dup end |
Instance Attribute Details
#account ⇒ String
this option is required, and attempting to make any api calls prior to setting it (either
explicitly or with the "CONJUR_ACCOUNT"
environment variable) will raise an exception.
The organizational account used by Conjur.
On Conjur appliances, this option will be set once when the appliance is first configured. You can get the value for the acccount option from your conjur administrator, or if you have installed the Conjur command line tools by running conjur authn whoami, or examining your .conjurrc file.
359 |
# File 'lib/conjur/configuration.rb', line 359 add_option :account, required: true |
#appliance_url ⇒ String
If you are using an appliance (if you're not sure, you probably are), this option is required.
The url for your Conjur appliance.
If your appliance's hostname is 'conjur.companyname.com'
, then your appliance_url
will
be 'https://conjur.companyname.com/api'
.
336 |
# File 'lib/conjur/configuration.rb', line 336 add_option :appliance_url |
#audit_url ⇒ String
You should not generally set this value. Instead, Conjur will derive it from the #account and #appliance_url properties.
The url for the Conjur audit service.
323 324 325 |
# File 'lib/conjur/configuration.rb', line 323 add_option :audit_url do global_service_url 'audit', 300 end |
#authn_url ⇒ String
You should not generally set this value. Instead, Conjur will derive it from the #account and #appliance_url properties.
The url for the Conjur authentication service.
287 288 289 |
# File 'lib/conjur/configuration.rb', line 287 add_option :authn_url do account_service_url 'authn', 0 end |
#authz_url ⇒ String
You should not generally set this value. Instead, Conjur will derive it from the #account and #appliance_url properties.
The url for the Conjur authorization service.
299 300 301 |
# File 'lib/conjur/configuration.rb', line 299 add_option :authz_url do global_service_url 'authz', 100 end |
#cert_file ⇒ String?
Path to the certificate file to use when making secure connections to your Conjur appliance.
This should be the path to the root Conjur SSL certificate in PEM format. You will normally get the certificate file using the conjur init command. This option is not required if the certificate or its root is in the OpenSSL default cert store. If your program throws an error indicating that SSL verification has failed, you probably need to set or fix this option.
394 |
# File 'lib/conjur/configuration.rb', line 394 add_option :cert_file |
#core_url ⇒ String
You should not generally set this value. Instead, Conjur will derive it from the #account and #appliance_url properties.
The url for the Conjur core/directory service.
311 312 313 |
# File 'lib/conjur/configuration.rb', line 311 add_option :core_url do default_service_url 'core', 200 end |
#env ⇒ String
The type of environment your program is running in (e.g., development
, production
, test
).
369 370 371 |
# File 'lib/conjur/configuration.rb', line 369 add_option :env do ENV['CONJUR_ENV'] || ENV['RAILS_ENV'] || ENV['RACK_ENV'] || "production" end |
#pubkeys_url ⇒ String
You should not generally set this value. Instead, Conjur will derive it from the #account and #appliance_url properties.
The url for the Conjur public keys service.
33 34 35 |
# File 'lib/conjur/pubkeys-api.rb', line 33 add_option :pubkeys_url do account_service_url 'pubkeys', 400 end |
#ssl_certificate ⇒ Object
Contents of a certificate file. This can be used instead of :cert_file in environments like Heroku where you can't use a certificate file.
This option overrides the value of #cert_file if both are given, and issues a warning.
404 |
# File 'lib/conjur/configuration.rb', line 404 add_option :ssl_certificate |
Instance Method Details
#apply_cert_config!(store = OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE) ⇒ Boolean
Add the certificate configured by the #ssl_certificate and #cert_file options to the certificate store used by Conjur clients.
413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 |
# File 'lib/conjur/configuration.rb', line 413 def apply_cert_config! store=OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE if ssl_certificate CertUtils.parse_certs(ssl_certificate).each do |cert| begin store.add_cert cert rescue OpenSSL::X509::StoreError => ex raise unless ex. == 'cert already in hash table' end end elsif cert_file ensure_cert_readable!(cert_file) store.add_file cert_file else return false end true end |
#clone(override_options = {}) ⇒ Conjur::Configuration
Return a copy of this Conjur::Configuration instance, optionally
updating the copy with options from the override_options
hash.
263 264 265 |
# File 'lib/conjur/configuration.rb', line 263 def clone = {} self.class.new self.explicit.dup.merge() end |