Module: Conjur::Authn

Defined in:

lib/conjur/authn.rb

Class Method Summary

• .ask_for_credentials(options = {}) ⇒ Object
• .authenticate(options = {}) ⇒ Object
• .connect(cls = nil, options = {}) ⇒ Object
• .delete_credentials ⇒ Object
• .env_credentials ⇒ Object
• .fetch_credentials(options = {}) ⇒ Object
• .get_credentials(options = {}) ⇒ Object
• .host ⇒ Object
• .login(options = {}) ⇒ Object
• .netrc ⇒ Object
• .read_credentials ⇒ Object
• .write_credentials ⇒ Object

Class Method Details

.ask_for_credentials(options = {}) ⇒ Object

# File 'lib/conjur/authn.rb', line 83

def ask_for_credentials(options = {})
  raise "No Conjur credentials provided or found" if options[:noask]

  # also use stderr here, because we might be prompting for a password as part
  # of a command like user:create that we'd want to send to a file.
  require 'highline'
  require 'conjur/api'

  hl = HighLine.new $stdin, $stderr

  user = options[:username] || hl.ask("Enter your username to log into Conjur: ")
  pass = options[:password] || hl.ask("Please enter your password (it will not be echoed): "){ |q| q.echo = false }

  api_key = if cas_server = options[:"cas-server"]
    Conjur::API.login_cas(user, pass, cas_server)
  else
    Conjur::API.login(user, pass)
  end
  @credentials = [user, api_key]
end

.authenticate(options = {}) ⇒ Object

# File 'lib/conjur/authn.rb', line 34

def authenticate(options = {})
  require 'conjur/api'
  Conjur::API.authenticate(*get_credentials(options))
end

.connect(cls = nil, options = {}) ⇒ Object

# File 'lib/conjur/authn.rb', line 104

def connect(cls = nil, options = {})
  if cls.nil?
    require 'conjur/api'
    require 'conjur/base'
    cls = Conjur::API
  end
  cls.new_from_key(*get_credentials(options))
end

.delete_credentials ⇒ Object

# File 'lib/conjur/authn.rb', line 39

def delete_credentials
  netrc.delete host
  netrc.save
end

.env_credentials ⇒ Object

# File 'lib/conjur/authn.rb', line 60

def env_credentials
  if (login = ENV['CONJUR_AUTHN_LOGIN']) && (api_key = ENV['CONJUR_AUTHN_API_KEY'])
    [ login, api_key ]
  else
    nil
  end
end

.fetch_credentials(options = {}) ⇒ Object

# File 'lib/conjur/authn.rb', line 72

def fetch_credentials(options = {})
  ask_for_credentials(options)
  write_credentials
end

.get_credentials(options = {}) ⇒ Object

# File 'lib/conjur/authn.rb', line 56

def get_credentials(options = {})
  @credentials ||= (env_credentials || read_credentials || fetch_credentials(options))
end

.host ⇒ Object

# File 'lib/conjur/authn.rb', line 44

def host
  Conjur::Authn::API.host
end

.login(options = {}) ⇒ Object

# File 'lib/conjur/authn.rb', line 29

def login(options = {})
  delete_credentials
  get_credentials(options)
end

.netrc ⇒ Object

# File 'lib/conjur/authn.rb', line 48

def netrc
  args = []
  if path = Conjur::Config[:netrc_path]
    args.unshift(path)
  end
  @netrc ||= Netrc.read(*args)
end

.read_credentials ⇒ Object

# File 'lib/conjur/authn.rb', line 68

def read_credentials
  netrc[host]
end

.write_credentials ⇒ Object

# File 'lib/conjur/authn.rb', line 77

def write_credentials
  netrc[host] = @credentials
  netrc.save
  @credentials
end