Class: Conjur::API

Inherits:
Object
  • Object
show all
Includes:
Escape, LogSource, StandardMethods
Defined in:
lib/conjur/base.rb,
lib/conjur/core-api.rb,
lib/conjur/api/audit.rb,
lib/conjur/api/authn.rb,
lib/conjur/api/hosts.rb,
lib/conjur/api/roles.rb,
lib/conjur/api/users.rb,
lib/conjur/api/groups.rb,
lib/conjur-api/version.rb,
lib/conjur/api/secrets.rb,
lib/conjur/api/deputies.rb,
lib/conjur/api/resources.rb,
lib/conjur/api/variables.rb

Constant Summary collapse

VERSION = 
"4.6.1"

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from LogSource

#log

Methods included from Escape

#fully_escape, included, #path_escape, #query_escape

Constructor Details

#initialize(username, api_key, token) ⇒ API

Returns a new instance of API.



91
92
93
94
95
96
97
 
# File 'lib/conjur/base.rb', line 91

def initialize username, api_key, token
  @username = username
  @api_key = api_key
  @token = token

  raise "Expecting ( username and api_key ) or token" unless ( username && api_key ) || token
end

Instance Attribute Details

#api_keyObject (readonly)

Returns the value of attribute api_key.



99
100
101
 
# File 'lib/conjur/base.rb', line 99

def api_key
  @api_key
end

#usernameObject (readonly)

Returns the value of attribute username.



99
100
101
 
# File 'lib/conjur/base.rb', line 99

def username
  @username
end

Class Method Details

.authenticate(username, password) ⇒ Object 



44
45
46
47
48
49
 
# File 'lib/conjur/api/authn.rb', line 44

def authenticate username, password
  if Conjur.log
    Conjur.log << "Authenticating #{username}\n"
  end
  JSON::parse(RestClient::Resource.new(Conjur::Authn::API.host)["users/#{fully_escape username}/authenticate"].post password, content_type: 'text/plain')
end

.core_asset_hostObject 



24
25
26
 
# File 'lib/conjur/core-api.rb', line 24

def core_asset_host
  ::Conjur::Core::API.host
end

.enroll_host(url) ⇒ Object 



26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/conjur/api/hosts.rb', line 26

def enroll_host(url)
  if Conjur.log
    Conjur.log << "Enrolling host with URL #{url}\n"
  end
  require 'uri'
  url = URI.parse(url) if url.is_a?(String)
  response = Net::HTTP.get_response url
  raise "Host enrollment failed with status #{response.code} : #{response.body}" unless response.code.to_i == 200
  mime_type = response['Content-Type']
  body = response.body
  [ mime_type, body ]
end

.login(username, password) ⇒ Object

Perform login by Basic authentication.



27
28
29
30
31
32
 
# File 'lib/conjur/api/authn.rb', line 27

def  username, password
  if Conjur.log
    Conjur.log << "Logging in #{username} via Basic authentication\n"
  end
  RestClient::Resource.new(Conjur::Authn::API.host, user: username, password: password)['users/login'].get
end

.login_cas(username, password, cas_api_url) ⇒ Object

Perform login by CAS authentication.



35
36
37
38
39
40
41
42
 
# File 'lib/conjur/api/authn.rb', line 35

def  username, password, cas_api_url
  if Conjur.log
    Conjur.log << "Logging in #{username} via CAS authentication\n"
  end
  require 'cas_rest_client'
  client = CasRestClient.new(:username => username, :password => password, :uri => [ cas_api_url, 'v1', 'tickets' ].join('/'), :use_cookies => false)
  client.get("#{Conjur::Authn::API.host}/users/login").body
end

.new_from_key(username, api_key) ⇒ Object 



82
83
84
 
# File 'lib/conjur/base.rb', line 82

def new_from_key(username, api_key)
  self.new username, api_key, nil
end

.new_from_token(token) ⇒ Object 



86
87
88
 
# File 'lib/conjur/base.rb', line 86

def new_from_token(token)
  self.new nil, nil, token
end

.parse_id(id, kind) ⇒ Object

Converts flat id into path components, with mixed-in “super-kind” 

(not that kind which is part of id)

NOTE: name is a bit confusing, as result of ‘parse’ is just recombined

representation of parts, not an object of higher abstraction level



69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/conjur/base.rb', line 69

def parse_id(id, kind)
  # Structured IDs (hashes) are no more supported
  raise "Unexpected class #{id.class} for #{id}" unless id.is_a?(String)
  paths = path_escape(id).split(':')
  if paths.size < 2
    raise "Expecting at least two tokens in #{id}"
  elsif paths.size == 2
    paths.unshift Conjur::Core::API.
  end
  # I would strongly recommend to encapsulate this into object 
  [ paths[0], kind, paths[1], paths[2..-1].join(':') ]
end

.parse_resource_id(id) ⇒ Object

Parse a resource id into [ account, ‘resources’, kind, id ]



54
55
56
57
58
59
60
61
62
63
 
# File 'lib/conjur/base.rb', line 54

def parse_resource_id(id)
  id = id.resource if id.respond_to?(:resource)
  if id.is_a?(Resource)
    [ id., 'resources', id.kind, id.identifier ]
  elsif id.respond_to?(:resource_kind)
    [ Conjur::Core::API., 'resources', id.resource_kind, id.resource_id ]
  else
    parse_id id, 'resources'
  end
end

.parse_role_id(id) ⇒ Object

Parse a role id into [ account, ‘roles’, kind, id ]



42
43
44
45
46
47
48
49
50
51
 
# File 'lib/conjur/base.rb', line 42

def parse_role_id(id)
  id = id.role if id.respond_to?(:role)
  if id.is_a?(Role)
    [ id., 'roles', id.kind, id.identifier ]
  elsif id.respond_to?(:role_kind)
    [ Conjur::Core::API., 'roles', id.role_kind, id.identifier ]
  else
    parse_id id, 'roles'
  end
end

.update_password(username, password, new_password) ⇒ Object 



51
52
53
54
55
56
 
# File 'lib/conjur/api/authn.rb', line 51

def update_password username, password, new_password
  if Conjur.log
    Conjur.log << "Updating password for #{username}\n"
  end
  RestClient::Resource.new(Conjur::Authn::API.host, user: username, password: password)['users/password'].put new_password
end

Instance Method Details

#audit_current_role(options = {}) ⇒ Object

Return audit events related to the current authenticated role.



31
32
33
 
# File 'lib/conjur/api/audit.rb', line 31

def audit_current_role options={}
  audit_event_feed 'role', nil, options
end

#audit_resource(resource, options = {}) ⇒ Object

Return audit events related to the given resource



36
37
38
 
# File 'lib/conjur/api/audit.rb', line 36

def audit_resource resource, options={}
  audit_event_feed 'resource', (resource.resourceid rescue resource), options
end

#audit_role(role, options = {}) ⇒ Object

Return audit events related to the given role_id. Identitical to audit_events except that a String may be given instead of a Role object.

Parameters:

  • role (String)

    the role for which events should be returned.



25
26
27
 
# File 'lib/conjur/api/audit.rb', line 25

def audit_role role, options={}
  audit_event_feed 'role', (role.roleid rescue role), options
end

#create_authn_user(login, options = {}) ⇒ Object

Options: password

Response: login api_key



65
66
67
68
69
70
 
# File 'lib/conjur/api/authn.rb', line 65

def create_authn_user , options = {}
  log do |logger|
    logger << "Creating authn user #{}"
  end
  JSON.parse RestClient::Resource.new(Conjur::Authn::API.host, credentials)['users'].post(options.merge(login: ))
end

#create_deputy(options = {}) ⇒ Object 



25
26
27
 
# File 'lib/conjur/api/deputies.rb', line 25

def create_deputy options = {}
  standard_create Conjur::Core::API.host, :deputy, nil, options
end

#create_group(id, options = {}) ⇒ Object 



29
30
31
 
# File 'lib/conjur/api/groups.rb', line 29

def create_group(id, options = {})
  standard_create Conjur::Core::API.host, :group, id, options
end

#create_host(options = {}) ⇒ Object 



40
41
42
 
# File 'lib/conjur/api/hosts.rb', line 40

def create_host options = {}
  standard_create Conjur::Core::API.host, :host, nil, options
end

#create_resource(identifier, options = {}) ⇒ Object 



25
26
27
28
29
 
# File 'lib/conjur/api/resources.rb', line 25

def create_resource(identifier, options = {})
  resource(identifier).tap do |r|
    r.create(options)
  end
end

#create_role(role, options = {}) ⇒ Object 



25
26
27
28
29
 
# File 'lib/conjur/api/roles.rb', line 25

def create_role(role, options = {})
  role(role).tap do |r|
    r.create(options)
  end
end

#create_secret(value, options = {}) ⇒ Object 



25
26
27
 
# File 'lib/conjur/api/secrets.rb', line 25

def create_secret(value, options = {})
  standard_create Conjur::Core::API.host, :secret, nil, options.merge(value: value)
end

#create_user(login, options = {}) ⇒ Object 



25
26
27
 
# File 'lib/conjur/api/users.rb', line 25

def create_user(, options = {})
  standard_create Conjur::Core::API.host, :user, nil, options.merge(login: )
end

#create_variable(mime_type, kind, options = {}) ⇒ Object 



25
26
27
 
# File 'lib/conjur/api/variables.rb', line 25

def create_variable(mime_type, kind, options = {})
  standard_create Conjur::Core::API.host, :variable, nil, options.merge(mime_type: mime_type, kind: kind)
end

#credentialsObject

Authenticate the username and api_key to obtain a request token. Tokens are cached by username for a short period of time.



115
116
117
 
# File 'lib/conjur/base.rb', line 115

def credentials
  { headers: { authorization: "Token token=\"#{Base64.strict_encode64 token.to_json}\"" }, username: username }
end

#current_roleObject 



35
36
37
 
# File 'lib/conjur/api/roles.rb', line 35

def current_role
  role_from_username username
end

#deputy(id) ⇒ Object 



29
30
31
 
# File 'lib/conjur/api/deputies.rb', line 29

def deputy id
  standard_show Conjur::Core::API.host, :deputy, id
end

#group(id) ⇒ Object 



33
34
35
 
# File 'lib/conjur/api/groups.rb', line 33

def group id
  standard_show Conjur::Core::API.host, :group, id
end

#groups(options = {}) ⇒ Object 



25
26
27
 
# File 'lib/conjur/api/groups.rb', line 25

def groups(options={})
  standard_list Conjur::Core::API.host, :group, options
end

#host(id) ⇒ Object 



105
106
107
 
# File 'lib/conjur/base.rb', line 105

def host
  self.class.host
end

#resource(resource) ⇒ Object 



31
32
33
 
# File 'lib/conjur/api/resources.rb', line 31

def resource resource
  Resource.new(Conjur::Authz::API.host, credentials)[self.class.parse_resource_id(resource).join('/')]
end

#resources(opts = {}) ⇒ Object

Return all visible resources. In opts you should pass an account to filter by, and optionally a kind.



37
38
39
40
41
42
43
 
# File 'lib/conjur/api/resources.rb', line 37

def resources opts = {}
  Resource.all({ host: Conjur::Authz::API.host, credentials: credentials }.merge opts).map do |result|
    resource(result['id']).tap do |r|
      r.attributes = result
    end
  end
end

#role(role) ⇒ Object 



31
32
33
 
# File 'lib/conjur/api/roles.rb', line 31

def role role
  Role.new(Conjur::Authz::API.host, credentials)[self.class.parse_role_id(role).join('/')]
end

#role_from_username(username) ⇒ Object 



39
40
41
 
# File 'lib/conjur/api/roles.rb', line 39

def role_from_username username
  role(role_name_from_username username)
end

#role_name_from_username(username = self.username) ⇒ Object 



43
44
45
46
47
48
49
50
 
# File 'lib/conjur/api/roles.rb', line 43

def role_name_from_username username = self.username
  tokens = username.split('/')
  if tokens.size == 1
    [ 'user', username ].join(':')
  else
    [ tokens[0], tokens[1..-1].join('/') ].join(':')
  end
end

#secret(id) ⇒ Object 



29
30
31
 
# File 'lib/conjur/api/secrets.rb', line 29

def secret id
  standard_show Conjur::Core::API.host, :secret, id
end

#tokenObject 



109
110
111
 
# File 'lib/conjur/base.rb', line 109

def token
  @token ||= Conjur::API.authenticate(@username, @api_key)
end

#user(login) ⇒ Object 



29
30
31
 
# File 'lib/conjur/api/users.rb', line 29

def user 
  standard_show Conjur::Core::API.host, :user, 
end

#variable(id) ⇒ Object 



29
30
31
 
# File 'lib/conjur/api/variables.rb', line 29

def variable id
  standard_show Conjur::Core::API.host, :variable, id
end