module Conjur::Authn

Public Class Methods

ask_for_credentials(options = {}) click to toggle source
# File lib/conjur/authn.rb, line 97
def ask_for_credentials(options = {})
  raise NoCredentialsError if options[:noask]

  # also use stderr here, because we might be prompting for a password as part
  # of a command like user:create that we'd want to send to a file.
  require 'highline'
  require 'conjur/api'

  hl = HighLine.new $stdin, $stderr
  
  user = options[:username] || hl.ask("Enter your username to log into Conjur: ")
  pass = options[:password] || hl.ask("Please enter #{options[:username] ? [ options[:username] , "'s" ].join : "your"} password (it will not be echoed): "){ |q| q.echo = false }
    
  api_key = if cas_server = options[:"cas-server"]
    Conjur::API.login_cas(user, pass, cas_server)
  else
    Conjur::API.login(user, pass)
  end
  @credentials = [user, api_key]
end
authenticate(options = {}) click to toggle source
# File lib/conjur/authn.rb, line 43
def authenticate(options = {})
  require 'conjur/api'
  Conjur::API.authenticate *get_credentials(options)
end
connect(cls = nil, options = {}) click to toggle source
# File lib/conjur/authn.rb, line 118
def connect(cls = nil, options = {})
  if cls.nil?
    require 'conjur/api'
    require 'conjur/base'
    cls = Conjur::API
  end
  if token = token_from_environment
    cls.new_from_token token
  else
    cls.new_from_key *get_credentials(options)
  end
end
delete_credentials() click to toggle source
# File lib/conjur/authn.rb, line 48
def delete_credentials
  netrc.delete Conjur.configuration.authn_url
  netrc.save
end
env_credentials() click to toggle source
# File lib/conjur/authn.rb, line 72
def env_credentials
  if (login = ENV['CONJUR_AUTHN_LOGIN']) && (api_key = ENV['CONJUR_AUTHN_API_KEY'])
    [ login, api_key ]
  else
    nil
  end
end
fetch_credentials(options = {}) click to toggle source
# File lib/conjur/authn.rb, line 84
def fetch_credentials(options = {})
  ask_for_credentials(options)
  write_credentials
end
Also aliased as: save_credentials
get_credentials(options = {}) click to toggle source
# File lib/conjur/authn.rb, line 68
def get_credentials(options = {})
  @credentials ||= (env_credentials || read_credentials || fetch_credentials(options))
end
login(options = {}) click to toggle source
# File lib/conjur/authn.rb, line 38
def login(options = {})
  delete_credentials
  get_credentials(options)
end
netrc() click to toggle source
# File lib/conjur/authn.rb, line 53
def netrc
  @netrc ||= read_netrc
end
read_credentials() click to toggle source
# File lib/conjur/authn.rb, line 80
def read_credentials
  netrc[Conjur.configuration.authn_url]
end
read_netrc() click to toggle source
# File lib/conjur/authn.rb, line 57
def read_netrc
  args = []
  if path = Conjur::Config[:netrc_path]
    args.unshift(path)
  else
    path = Netrc.default_path
  end
  fail_if_world_readable path
  Netrc.read(*args)
end
save_credentials(options = {})
Alias for: fetch_credentials
write_credentials() click to toggle source
# File lib/conjur/authn.rb, line 91
def write_credentials
  netrc[Conjur.configuration.authn_url] = @credentials
  netrc.save
  @credentials
end

Protected Class Methods

fail_if_world_readable(path) click to toggle source
# File lib/conjur/authn.rb, line 133
def fail_if_world_readable path
  if !windows? && File.world_readable?(path)
    fail "netrc (#{path}) shouldn't be world-readable" 
  end
end
token_from_environment() click to toggle source
# File lib/conjur/authn.rb, line 144
def token_from_environment
  return nil unless token = ENV['CONJUR_AUTHN_TOKEN']
  
  require 'json'
  require 'base64'
  JSON.parse(Base64.decode64(token))
end
windows?() click to toggle source

see stackoverflow.com/questions/4871309/what-is-the-correct-way-to-detect-if-ruby-is-running-on-windows

# File lib/conjur/authn.rb, line 140
def windows?
  RbConfig::CONFIG["host_os"] =~ /mswin|mingw|cygwin/
end