Module: Conjur::Authn

Defined in:

lib/conjur/authn.rb

Defined Under Namespace

Classes: NoCredentialsError

Class Method Summary

• .ask_for_credentials(options = {}) ⇒ Object
• .authenticate(options = {}) ⇒ Object
• .connect(cls = nil, options = {}) ⇒ Object
• .delete_credentials ⇒ Object
• .env_credentials ⇒ Object
• .fetch_credentials(options = {}) ⇒ Object (also: save_credentials)
• .get_credentials(options = {}) ⇒ Object
• .host ⇒ Object
• .login(options = {}) ⇒ Object
• .netrc ⇒ Object
• .read_credentials ⇒ Object
• .read_netrc ⇒ Object
• .write_credentials ⇒ Object

Class Method Details

.ask_for_credentials(options = {}) ⇒ Object

Raises:

• (NoCredentialsError)

# File 'lib/conjur/authn.rb', line 102

def ask_for_credentials(options = {})
  raise NoCredentialsError if options[:noask]

  # also use stderr here, because we might be prompting for a password as part
  # of a command like user:create that we'd want to send to a file.
  require 'highline'
  require 'conjur/api'

  hl = HighLine.new $stdin, $stderr
  
  user = options[:username] || hl.ask("Enter your username to log into Conjur: ")
  pass = options[:password] || hl.ask("Please enter #{options[:username] ? [ options[:username] , "'s" ].join : "your"} password (it will not be echoed): "){ |q| q.echo = false }
    
  api_key = if cas_server = options[:"cas-server"]
    Conjur::API.login_cas(user, pass, cas_server)
  else
    Conjur::API.login(user, pass)
  end
  @credentials = [user, api_key]
end

.authenticate(options = {}) ⇒ Object

# File 'lib/conjur/authn.rb', line 44

def authenticate(options = {})
  require 'conjur/api'
  Conjur::API.authenticate(*get_credentials(options))
end

.connect(cls = nil, options = {}) ⇒ Object

# File 'lib/conjur/authn.rb', line 123

def connect(cls = nil, options = {})
  if cls.nil?
    require 'conjur/api'
    require 'conjur/base'
    cls = Conjur::API
  end
  if token = token_from_environment
    cls.new_from_token token
  else
    cls.new_from_key(*get_credentials(options))
  end
end

.delete_credentials ⇒ Object

# File 'lib/conjur/authn.rb', line 49

def delete_credentials
  netrc.delete host
  netrc.save
end

.env_credentials ⇒ Object

# File 'lib/conjur/authn.rb', line 77

def env_credentials
  if (login = ENV['CONJUR_AUTHN_LOGIN']) && (api_key = ENV['CONJUR_AUTHN_API_KEY'])
    [ login, api_key ]
  else
    nil
  end
end

.fetch_credentials(options = {}) ⇒ Object Also known as: save_credentials

# File 'lib/conjur/authn.rb', line 89

def fetch_credentials(options = {})
  ask_for_credentials(options)
  write_credentials
end

.get_credentials(options = {}) ⇒ Object

# File 'lib/conjur/authn.rb', line 73

def get_credentials(options = {})
  @credentials ||= (env_credentials || read_credentials || fetch_credentials(options))
end

.host ⇒ Object

# File 'lib/conjur/authn.rb', line 54

def host
  Conjur::Authn::API.host
end

.login(options = {}) ⇒ Object

# File 'lib/conjur/authn.rb', line 39

def login(options = {})
  delete_credentials
  get_credentials(options)
end

.netrc ⇒ Object

# File 'lib/conjur/authn.rb', line 58

def netrc
  @netrc ||= read_netrc
end

.read_credentials ⇒ Object

# File 'lib/conjur/authn.rb', line 85

def read_credentials
  netrc[host]
end

.read_netrc ⇒ Object

# File 'lib/conjur/authn.rb', line 62

def read_netrc
  args = []
  if path = Conjur::Config[:netrc_path]
    args.unshift(path)
  else
    path = Netrc.default_path
  end
  fail_if_world_readable path
  Netrc.read(*args)
end

.write_credentials ⇒ Object

# File 'lib/conjur/authn.rb', line 96

def write_credentials
  netrc[host] = @credentials
  netrc.save
  @credentials
end