module Conjur::Authn
Public Class Methods
ask_for_credentials(options = {})
click to toggle source
# File lib/conjur/authn.rb, line 97 def ask_for_credentials(options = {}) raise NoCredentialsError if options[:noask] # also use stderr here, because we might be prompting for a password as part # of a command like user:create that we'd want to send to a file. require 'highline' require 'conjur/api' hl = HighLine.new $stdin, $stderr user = options[:username] || hl.ask("Enter your username to log into Conjur: ") pass = options[:password] || hl.ask("Please enter #{options[:username] ? [ options[:username] , "'s" ].join : "your"} password (it will not be echoed): "){ |q| q.echo = false } api_key = if cas_server = options[:"cas-server"] Conjur::API.login_cas(user, pass, cas_server) else Conjur::API.login(user, pass) end @credentials = [user, api_key] end
authenticate(options = {})
click to toggle source
# File lib/conjur/authn.rb, line 43 def authenticate(options = {}) require 'conjur/api' Conjur::API.authenticate *get_credentials(options) end
connect(cls = nil, options = {})
click to toggle source
# File lib/conjur/authn.rb, line 118 def connect(cls = nil, options = {}) if cls.nil? require 'conjur/api' require 'conjur/base' cls = Conjur::API end if token = token_from_environment cls.new_from_token token else cls.new_from_key *get_credentials(options) end end
delete_credentials()
click to toggle source
# File lib/conjur/authn.rb, line 48 def delete_credentials netrc.delete Conjur.configuration.authn_url netrc.save end
env_credentials()
click to toggle source
# File lib/conjur/authn.rb, line 72 def env_credentials if (login = ENV['CONJUR_AUTHN_LOGIN']) && (api_key = ENV['CONJUR_AUTHN_API_KEY']) [ login, api_key ] else nil end end
fetch_credentials(options = {})
click to toggle source
# File lib/conjur/authn.rb, line 84 def fetch_credentials(options = {}) ask_for_credentials(options) write_credentials end
Also aliased as: save_credentials
get_credentials(options = {})
click to toggle source
# File lib/conjur/authn.rb, line 68 def get_credentials(options = {}) @credentials ||= (env_credentials || read_credentials || fetch_credentials(options)) end
login(options = {})
click to toggle source
# File lib/conjur/authn.rb, line 38 def login(options = {}) delete_credentials get_credentials(options) end
netrc()
click to toggle source
# File lib/conjur/authn.rb, line 53 def netrc @netrc ||= read_netrc end
read_credentials()
click to toggle source
# File lib/conjur/authn.rb, line 80 def read_credentials netrc[Conjur.configuration.authn_url] end
read_netrc()
click to toggle source
# File lib/conjur/authn.rb, line 57 def read_netrc args = [] if path = Conjur::Config[:netrc_path] args.unshift(path) else path = Netrc.default_path end fail_if_world_readable path Netrc.read(*args) end
write_credentials()
click to toggle source
# File lib/conjur/authn.rb, line 91 def write_credentials netrc[Conjur.configuration.authn_url] = @credentials netrc.save @credentials end
Protected Class Methods
fail_if_world_readable(path)
click to toggle source
# File lib/conjur/authn.rb, line 133 def fail_if_world_readable path if !windows? && File.world_readable?(path) fail "netrc (#{path}) shouldn't be world-readable" end end
token_from_environment()
click to toggle source
# File lib/conjur/authn.rb, line 144 def token_from_environment return nil unless token = ENV['CONJUR_AUTHN_TOKEN'] require 'json' require 'base64' JSON.parse(Base64.decode64(token)) end
windows?()
click to toggle source
see stackoverflow.com/questions/4871309/what-is-the-correct-way-to-detect-if-ruby-is-running-on-windows
# File lib/conjur/authn.rb, line 140 def windows? RbConfig::CONFIG["host_os"] =~ /mswin|mingw|cygwin/ end