├── test ├── files │ ├── fake.pem │ └── real.pem ├── authn_aws_integration_test.go ├── authn_gcp_integration_test.go ├── authn_azure_integration_test.go ├── helpers.go └── package_oss_test.go ├── .dockerignore ├── .gitleaksignore ├── secrets.yml ├── .gitignore ├── bin ├── wait_for_server.sh ├── test-entrypoint.sh ├── functions.sh ├── get_gcp_token.sh └── test.sh ├── SECURITY.md ├── Dockerfile.test ├── pkg └── summon_conjur │ └── version.go ├── .github ├── CODEOWNERS └── workflows │ └── close-stale.yml ├── dev.sh ├── LICENSE ├── docker-compose.yml ├── install.sh ├── go.mod ├── cmd └── main.go ├── .goreleaser.yml ├── CONTRIBUTING.md ├── go.sum ├── README.md ├── CHANGELOG.md ├── Jenkinsfile ├── notices.tpl └── NOTICES.txt /test/files/fake.pem: -------------------------------------------------------------------------------- 1 | cert for testing -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | .git 2 | summon-conjur 3 | junit.xml 4 | output/ 5 | -------------------------------------------------------------------------------- /.gitleaksignore: -------------------------------------------------------------------------------- 1 | 57a92693645f49ccc8b2330e75c662af4193ba9d:docker-compose.yml:generic-api-key:8 2 | -------------------------------------------------------------------------------- /secrets.yml: -------------------------------------------------------------------------------- 1 | AZURE_SUBSCRIPTION_ID: !var ci/azure/subscription-id 2 | AZURE_RESOURCE_GROUP: !var ci/azure/authn-test/resource-group 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | output/ 2 | dist/ 3 | webapp1.json 4 | junit.xml 5 | summon-conjur 6 | *.sublime-project 7 | 8 | *.exe 9 | *.prof 10 | .DS_Store 11 | 12 | # VIM swapfiles 13 | *.sw[po] 14 | 15 | VERSION 16 | -------------------------------------------------------------------------------- /bin/wait_for_server.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | for i in $(seq 20); do 4 | curl -o /dev/null -fs -X OPTIONS $CONJUR_APPLIANCE_URL > /dev/null \ 5 | && break 6 | echo . 7 | sleep 2 8 | done 9 | 10 | # So we fail if the server isn't up yet: 11 | curl -o /dev/null -fs -X OPTIONS $CONJUR_APPLIANCE_URL > /dev/null 12 | -------------------------------------------------------------------------------- /bin/test-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eox pipefail 3 | 4 | export PATH="$(pwd):$PATH" 5 | 6 | echo "Running Go tests..." 7 | 8 | echo "Current dir: $(pwd)" 9 | go test --coverprofile=output/c.out -v ./test/... | tee output/junit.output 10 | 11 | go-junit-report < output/junit.output > output/junit.xml 12 | 13 | gocov convert output/c.out | gocov-xml > output/coverage.xml 14 | 15 | rm output/junit.output 16 | -------------------------------------------------------------------------------- /bin/functions.sh: -------------------------------------------------------------------------------- 1 | function startConjur() { 2 | local services='conjur' 3 | 4 | docker compose pull $services 5 | docker compose up -d $services 6 | } 7 | 8 | exec_on() { 9 | local container=$1; shift 10 | docker exec $(docker compose ps -q $container) "$@" 11 | } 12 | 13 | function initEnvironment() { 14 | exec_on conjur conjurctl wait 15 | } 16 | 17 | getKeys() { 18 | exec_on conjur conjurctl role retrieve-key cucumber:user:${CONJUR_AUTHN_LOGIN:-admin} 19 | } 20 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policies and Procedures 2 | 3 | ## Reporting a Bug 4 | CyberArk takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you follow responsible disclosure guidelines and contact product_security@cyberark.com and work with us toward a quick resolution to protect our customers. 5 | 6 | Refer to [CyberArk's Security Vulnerability Policy](https://www.cyberark.com/cyberark-security-vulinerability-policy.pdf) for more details. -------------------------------------------------------------------------------- /Dockerfile.test: -------------------------------------------------------------------------------- 1 | FROM golang:1.25-alpine 2 | 3 | LABEL maintainer="CyberArk Software Ltd." 4 | 5 | RUN apk add --no-cache bash \ 6 | build-base \ 7 | curl \ 8 | git \ 9 | jq \ 10 | less && \ 11 | go install github.com/jstemmer/go-junit-report@latest && \ 12 | go install github.com/afunix/gocov/gocov@latest && \ 13 | go install github.com/AlekSi/gocov-xml@latest && \ 14 | mkdir -p /summon-conjur/output 15 | 16 | WORKDIR /summon-conjur 17 | 18 | COPY go.mod go.sum ./ 19 | 20 | COPY . . 21 | RUN go build -o summon-conjur cmd/main.go 22 | 23 | EXPOSE 8080 24 | -------------------------------------------------------------------------------- /pkg/summon_conjur/version.go: -------------------------------------------------------------------------------- 1 | package summon_conjur 2 | 3 | import "fmt" 4 | 5 | // Version field is a SemVer that should indicate the baked-in version 6 | // of the CLI 7 | var Version = "unset" 8 | 9 | // Tag field denotes the specific build type for the CLI. It may 10 | // be replaced by compile-time variables if needed to provide the git 11 | // commit information in the final binary. See `Static long version tags` 12 | // in the `Building` section of `CONTRIBUTING.md` for more information on 13 | // this variable. 14 | var Tag = "unset" 15 | 16 | // FullVersionName is the user-visible aggregation of version and tag 17 | // of this codebase 18 | var FullVersionName = fmt.Sprintf("%s-%s", Version, Tag) 19 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @cyberark/community-and-integrations-team @conjurinc/community-and-integrations-team @conjurdemos/community-and-integrations-team @conjur-enterprise/community-and-integrations 2 | 3 | # Changes to .trivyignore require Security Architect approval 4 | .trivyignore @cyberark/security-architects @conjurinc/security-architects @conjurdemos/security-architects @conjur-enterprise/conjur-security 5 | 6 | # Changes to .codeclimate.yml require Quality Architect approval 7 | .codeclimate.yml @cyberark/quality-architects @conjurinc/quality-architects @conjurdemos/quality-architects @conjur-enterprise/conjur-quality 8 | # Changes to SECURITY.md require Security Architect approval 9 | SECURITY.md @cyberark/security-architects @conjurinc/security-architects @conjurdemos/security-architects @conjur-enterprise/conjur-security 10 | -------------------------------------------------------------------------------- /dev.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash -x 2 | 3 | # function finish { 4 | # echo 'Removing environment' 5 | # echo '-----' 6 | # docker compose down -v 7 | # } 8 | # trap finish EXIT 9 | # 10 | 11 | export CONJUR_ACCOUNT=cucumber 12 | export CONJUR_AUTHN_LOGIN=admin 13 | 14 | source $(dirname $0)/bin/functions.sh 15 | 16 | function main() { 17 | startConjur 'all' 18 | initEnvironment 'all' 19 | runDevelopment 20 | } 21 | 22 | function runDevelopment() { 23 | local keys=( $(getKeys) ) 24 | local api_key=${keys[0]} 25 | 26 | export CONJUR_AUTHN_API_KEY="$api_key" 27 | docker compose up -d cli 28 | docker-compose exec cli conjur login -i $CONJUR_AUTHN_LOGIN -p $CONJUR_AUTHN_API_KEY 29 | 30 | docker compose build --pull dev 31 | 32 | docker compose run -d \ 33 | --service-ports \ 34 | dev 35 | } 36 | 37 | main 38 | -------------------------------------------------------------------------------- /.github/workflows/close-stale.yml: -------------------------------------------------------------------------------- 1 | name: Close inactive issues 2 | on: 3 | schedule: 4 | - cron: "30 1 * * *" 5 | 6 | jobs: 7 | close-issues: 8 | runs-on: ubuntu-latest 9 | permissions: 10 | actions: write # For the Actions cache 11 | issues: write 12 | pull-requests: write 13 | steps: 14 | - uses: actions/stale@v9 15 | with: 16 | days-before-issue-stale: 30 17 | days-before-issue-close: 14 18 | stale-issue-label: "stale" 19 | stale-issue-message: "This issue is stale because it has been inactive for 30 days. Please comment to keep it open. Otherwise, it will be automatically closed in 14 days." 20 | close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale. Please feel free to reopen it or create a new issue if you think it should still be addressed." 21 | days-before-pr-stale: -1 22 | days-before-pr-close: -1 23 | repo-token: ${{ secrets.GITHUB_TOKEN }} -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2020 CyberArk Software Ltd. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /bin/get_gcp_token.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -xeo pipefail 3 | 4 | HOST_ID="$1" 5 | ACCOUNT="$2" 6 | OUTPUT_DIR="$3" 7 | 8 | BASE_URL="http://metadata.google.internal/computeMetadata/v1" 9 | IDENTITY_URL="$BASE_URL/instance/service-accounts/default/identity" 10 | PROJECT_ID_URL="$BASE_URL/project/project-id" 11 | METADATA_FLAVOR_HEADER="Metadata-Flavor: Google" 12 | 13 | # Check if account, hostId, and output file are provided 14 | if [[ -z "$ACCOUNT" || -z "$HOST_ID" || -z "$OUTPUT_DIR" ]]; then 15 | echo "Usage: $0 " 16 | exit 1 17 | fi 18 | 19 | rm -rf "$OUTPUT_DIR" 2>/dev/null 20 | mkdir -p "$OUTPUT_DIR" 21 | 22 | # Build audience parameter 23 | AUDIENCE="conjur/$ACCOUNT/$HOST_ID" 24 | 25 | # Make the request to the metadata server 26 | TOKEN=$(curl -s "$IDENTITY_URL?audience=$AUDIENCE&format=full" -H "$METADATA_FLAVOR_HEADER") 27 | 28 | # Check if the request was successful 29 | if [[ $? -ne 0 || -z "$TOKEN" ]]; then 30 | echo "Failed to fetch the token." 31 | exit 1 32 | fi 33 | 34 | # Store the token in a file 35 | echo "$TOKEN" > "$OUTPUT_DIR/token" 36 | echo "Token saved to $OUTPUT_DIR/token" 37 | 38 | # Store the project ID in a file 39 | GCP_PROJECT=$(curl -s "$PROJECT_ID_URL" -H "$METADATA_FLAVOR_HEADER") 40 | echo "$GCP_PROJECT" > "$OUTPUT_DIR/project-id" 41 | echo "Project ID saved to $OUTPUT_DIR/project-id" -------------------------------------------------------------------------------- /bin/test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | export CONJUR_ACCOUNT=cucumber 4 | export CONJUR_AUTHN_LOGIN=admin 5 | 6 | export REGISTRY_URL=${INFRAPOOL_REGISTRY_URL:-"docker.io"} 7 | 8 | source ./bin/functions.sh 9 | 10 | function finish { 11 | echo 'Removing environment' 12 | echo '-----' 13 | docker compose down -v 14 | } 15 | trap finish EXIT 16 | 17 | function failed { 18 | echo 'TESTS FAILED' 19 | echo '-----' 20 | echo 'Conjur logs:' 21 | docker compose logs conjur || true 22 | echo '-----' 23 | exit 1 24 | } 25 | 26 | function main() { 27 | startConjur 28 | initEnvironment 29 | prepareGCP 30 | runTests 31 | } 32 | 33 | function prepareGCP() { 34 | if [[ "$INFRAPOOL_TEST_GCP" == "true" ]]; then 35 | GCP_PROJECT_ID="" 36 | GCP_ID_TOKEN="" 37 | if [[ -f "gcp/project-id" ]]; then 38 | read -r GCP_PROJECT_ID < "gcp/project-id" 39 | fi 40 | if [[ -f "gcp/token" ]]; then 41 | read -r GCP_ID_TOKEN < "gcp/token" 42 | fi 43 | if [[ -z "$GCP_PROJECT_ID" || -z "$GCP_ID_TOKEN" ]]; then 44 | echo "GCP_PROJECT_ID and GCP_ID_TOKEN must be set to run GCP tests" 45 | failed 46 | fi 47 | export GCP_PROJECT_ID 48 | export GCP_ID_TOKEN 49 | fi 50 | } 51 | 52 | function runTests() { 53 | local api_key="$(getKeys)" 54 | 55 | local service=test 56 | 57 | docker compose build --pull $service 58 | 59 | docker compose run --rm \ 60 | -e GO_TEST_ARGS="$GO_TEST_ARGS" \ 61 | -e CONJUR_AUTHN_API_KEY="$api_key" \ 62 | -e TEST_AWS="$INFRAPOOL_TEST_AWS" \ 63 | -e TEST_GCP="$INFRAPOOL_TEST_GCP" \ 64 | -e GCP_PROJECT_ID \ 65 | -e GCP_ID_TOKEN \ 66 | -e TEST_AZURE="$INFRAPOOL_TEST_AZURE" \ 67 | -e AZURE_SUBSCRIPTION_ID \ 68 | -e AZURE_RESOURCE_GROUP \ 69 | $service || failed 70 | } 71 | 72 | main 73 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | conjur: 3 | image: ${REGISTRY_URL:-docker.io}/cyberark/conjur:edge 4 | command: server -a cucumber 5 | environment: 6 | DATABASE_URL: postgres://postgres:pa55w0rd@postgres/postgres 7 | CONJUR_DATA_KEY: 'WMfApcDBtocRWV+ZSUP3Tjr5XNU+Z2FdBb6BEezejIs=' 8 | depends_on: 9 | - postgres 10 | 11 | postgres: 12 | image: postgres:15 13 | environment: 14 | POSTGRES_PASSWORD: pa55w0rd 15 | 16 | test: 17 | build: 18 | context: . 19 | dockerfile: Dockerfile.test 20 | image: summon-conjur-tester 21 | ports: 22 | - "8080" 23 | entrypoint: /bin/bash 24 | command: './bin/test-entrypoint.sh' 25 | volumes: 26 | - ./output:/summon-conjur/output 27 | environment: 28 | CONJUR_APPLIANCE_URL: http://conjur 29 | CONJUR_ACCOUNT: 30 | CONJUR_AUTHN_LOGIN: 31 | CONJUR_AUTHN_API_KEY: 32 | 33 | dev: 34 | build: 35 | context: . 36 | dockerfile: Dockerfile.test 37 | image: summon-conjur-dev 38 | ports: 39 | - "8080" 40 | depends_on: 41 | - conjur 42 | entrypoint: /bin/bash 43 | command: './bin/test-entrypoint.sh' 44 | volumes: 45 | - .:/summon-conjur 46 | - ../conjur-api-go:/cconjur-api-go:ro 47 | 48 | environment: 49 | CONJUR_APPLIANCE_URL: http://conjur 50 | CONJUR_ACCOUNT: 51 | CONJUR_AUTHN_LOGIN: 52 | CONJUR_AUTHN_API_KEY: 53 | 54 | cli: 55 | image: cyberark/conjur-cli:latest 56 | entrypoint: /bin/bash -c "sleep infinity" 57 | depends_on: 58 | - conjur 59 | volumes: 60 | - .:/summon-conjur 61 | environment: 62 | CONJUR_APPLIANCE_URL: http://conjur 63 | CONJUR_ACCOUNT: cucumber 64 | CONJUR_AUTHN_LOGIN: 65 | CONJUR_AUTHN_API_KEY: 66 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | set -e 4 | 5 | ARCH=`uname -m` 6 | 7 | if [ "${ARCH}" != "x86_64" ]; then 8 | echo "summon-conjur only works on 64-bit systems" 9 | echo "exiting installer" 10 | exit 1 11 | fi 12 | 13 | DISTRO=`uname | tr "[:upper:]" "[:lower:]"` 14 | 15 | if [ "${DISTRO}" != "linux" ] && [ "${DISTRO}" != "darwin" ]; then 16 | echo "This installer only supports Linux and OSX" 17 | echo "exiting installer" 18 | exit 1 19 | fi 20 | 21 | if test "x$TMPDIR" = "x"; then 22 | tmp="/tmp" 23 | else 24 | tmp=$TMPDIR 25 | fi 26 | # secure-ish temp dir creation without having mktemp available (DDoS-able but not expliotable) 27 | tmp_dir="$tmp/install.sh.$$" 28 | (umask 077 && mkdir $tmp_dir) || exit 1 29 | 30 | # do_download URL DIR 31 | function do_download(){ 32 | echo "Downloading $1" 33 | if [[ $(type -t wget) ]]; then wget -q -c -O "$2" "$1" >/dev/null 34 | elif [[ $(type -t curl) ]]; then curl -sSL -o "$2" "$1" 35 | else 36 | error "Could not find wget or curl" 37 | return 1 38 | fi 39 | } 40 | 41 | LATEST_VERSION=$(curl -s https://api.github.com/repos/cyberark/summon-conjur/releases/latest | grep -o '"tag_name": "[^"]*' | grep -o '[^"]*$') 42 | BASEURL="https://github.com/cyberark/summon-conjur/releases/download/" 43 | URL=${BASEURL}"${LATEST_VERSION}/summon-conjur-${DISTRO}-amd64.tar.gz" 44 | 45 | ZIP_PATH="${tmp_dir}/summon-conjur.tar.gz" 46 | do_download ${URL} ${ZIP_PATH} 47 | 48 | echo "Installing summon-conjur ${LATEST_VERSION} into /usr/local/lib/summon" 49 | 50 | if sudo -h >/dev/null 2>&1; then 51 | sudo mkdir -p /usr/local/lib/summon 52 | sudo tar -C /usr/local/lib/summon -zxvf ${ZIP_PATH} 53 | else 54 | mkdir -p /usr/local/lib/summon 55 | tar -C /usr/local/lib/summon -zxvf ${ZIP_PATH} 56 | fi 57 | 58 | echo "Success!" 59 | echo "Run /usr/local/lib/summon/summon-conjur for usage" 60 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/cyberark/summon-conjur 2 | 3 | go 1.25.3 4 | 5 | require ( 6 | github.com/cyberark/conjur-api-go v0.13.9 7 | github.com/karrick/golf v1.7.0 8 | github.com/sirupsen/logrus v1.9.3 9 | github.com/stretchr/testify v1.11.1 10 | ) 11 | 12 | require ( 13 | al.essio.dev/pkg/shellescape v1.6.0 // indirect 14 | github.com/Masterminds/semver/v3 v3.4.0 // indirect 15 | github.com/aws/aws-sdk-go-v2 v1.39.5 // indirect 16 | github.com/aws/aws-sdk-go-v2/config v1.31.16 // indirect 17 | github.com/aws/aws-sdk-go-v2/credentials v1.18.20 // indirect 18 | github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.12 // indirect 19 | github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.12 // indirect 20 | github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.12 // indirect 21 | github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect 22 | github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.2 // indirect 23 | github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.12 // indirect 24 | github.com/aws/aws-sdk-go-v2/service/sso v1.30.0 // indirect 25 | github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.4 // indirect 26 | github.com/aws/aws-sdk-go-v2/service/sts v1.39.0 // indirect 27 | github.com/aws/smithy-go v1.23.1 // indirect 28 | github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect 29 | github.com/danieljoos/wincred v1.2.3 // indirect 30 | github.com/davecgh/go-spew v1.1.1 // indirect 31 | github.com/godbus/dbus/v5 v5.1.0 // indirect 32 | github.com/kr/pretty v0.3.1 // indirect 33 | github.com/pmezard/go-difflib v1.0.0 // indirect 34 | github.com/zalando/go-keyring v0.2.6 // indirect 35 | golang.org/x/sys v0.37.0 // indirect 36 | gopkg.in/yaml.v2 v2.4.0 // indirect 37 | gopkg.in/yaml.v3 v3.0.1 // indirect 38 | ) 39 | 40 | replace golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 => golang.org/x/sys v0.37.0 41 | 42 | replace gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c => gopkg.in/yaml.v3 v3.0.1 43 | -------------------------------------------------------------------------------- /test/files/real.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDNjCCAh6gAwIBAgIVAI/ExyyZjUb2gtdwzXwgj2M0Sv5TMA0GCSqGSIb3DQEB 3 | CwUAMDkxDzANBgNVBAoTBmRvY2tlcjESMBAGA1UECxMJQ29uanVyIENBMRIwEAYD 4 | VQQDEwlsb2NhbGhvc3QwHhcNMTYwNzEzMTQ0MzI4WhcNMjYwNzExMTQ0MzI4WjAU 5 | MRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK 6 | AoIBAQCr3dcS/q+pVt+EK+uoGj6f6rcrYnEJGwnlAJZZJ7CYgr5FRxQV0nMlesLI 7 | Z8baQNXEnw2fNm5el7CmD7tkbS7RT7DmpzpA5UhAlLxelvuMMYw063pT01U8up6e 8 | +WcmOapJpPYuNxKsSxoIFsaxC0fN2k5cpGqgiqOs/VIwx1KQApwSpQ+BFVAgVACL 9 | 2zTYgtqmdcOyeLf55Jq6SzKevIrRDG7EiryS1SyvGEJXwfTkRRomHxsrIef0aUha 10 | i0ExC5urtf+u6Hranh4hF8xBpYi+ShJVFXpgqHWpVuKnaOXh8nSpgreKHEpP7i+j 11 | LguPHlvprqerLKVCJIbPSEzipTaZAgMBAAGjWjBYMA4GA1UdDwEB/wQEAwIFoDAd 12 | BgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/YBwkwJwYDVR0RBCAwHoIJbG9jYWxo 13 | b3N0gglsb2NhbGhvc3SCBmNvbmp1cjANBgkqhkiG9w0BAQsFAAOCAQEArFo26MGW 14 | GRKY0FY22VNRuie4gWlem2RMGhGfK2EluEQOSij9SRj2flwCdH0FP5FSXFx+woe+ 15 | zz17z1/AcDCrIGi7HEk4ynLhAxx7Few9JBKZiIXw2KGLUPPdxqBKVLrid3G5OL58 16 | Kkegd/A75KXh5Bnt49S/cfOyb2zYG2CtJGeDXHaLUDi3raROOAf/rS52CJFyP2aC 17 | DQ7krYiOGXSu+tDPKAw+p1gEJMl9+JJ0xr2UoRdac/S/+Dp6Yzy4zDag9TZbgQPm 18 | b4BZYuXgunay7rNAYYpaWOxwRC3/k/zt6RQzOJK36mOKuMybl9C8RjIhHs8RZcWC 19 | 3UJLxw1xs8zUjw== 20 | -----END CERTIFICATE----- 21 | -----BEGIN CERTIFICATE----- 22 | MIIDfTCCAmWgAwIBAgIJAIVsv1jdujjAMA0GCSqGSIb3DQEBCwUAMDkxDzANBgNV 23 | BAoTBmRvY2tlcjESMBAGA1UECxMJQ29uanVyIENBMRIwEAYDVQQDEwlsb2NhbGhv 24 | c3QwHhcNMTYwNzEzMTQ0MzI3WhcNMjYwNzExMTQ0MzI3WjA5MQ8wDQYDVQQKEwZk 25 | b2NrZXIxEjAQBgNVBAsTCUNvbmp1ciBDQTESMBAGA1UEAxMJbG9jYWxob3N0MIIB 26 | IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9bsdThDySDczRFjXtuRTRY1k 27 | T+z+KxrBcf8ZSqC5EF8Wp9jM34gPBsconlffYTkEVnynEe8n6kTwF2935HcDWKGE 28 | KGSEs3134KG9ZsJcWfj4J3E1Gd1kSvB0mPmv1/8t5yVsTM1/qnes73w0Xd/DYGRz 29 | qxyBKdBMVZ6vnjhgUOwJBIsUiiK4ovVBJL+JLSDStB4SctHyB8iQ0mprWbeQDSXC 30 | jKgLQrP3T7vql0KEBskvWnPsT/0+eApcUXfIxz32kFNxNDBmxLnPK0Z0y/JLsIRU 31 | /9/KY9LWuYX3ZzmyDuJOSTYx+1TgHT2fTCEm7WYPbRYYpiLy31rFfcXWK5gthwID 32 | AQABo4GHMIGEMCcGA1UdEQQgMB6CCWxvY2FsaG9zdIIJbG9jYWxob3N0ggZjb25q 33 | dXIwHQYDVR0OBBYEFJAT9JBlqn72r77cF8B3Kss6bwtbMB8GA1UdIwQYMBaAFJAT 34 | 9JBlqn72r77cF8B3Kss6bwtbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgHmMA0G 35 | CSqGSIb3DQEBCwUAA4IBAQCK6IG1xqszOFN20Ktwrbo4a/Kx2zCJR9Y3fCtIXJj1 36 | 04d7KkBzN6R23LpE/0ZthOouINmkRIoXj0eWEfzUzBmXhx87h2eIlR705j3AhO+A 37 | jGcoaj0K3zrpStGXnO1KSumibK1I2r80WaGVzK8f4NBpTidGkO/sUNPYzKL2uMCT 38 | JF9KQaXVWQfz+OdGymcvNVufTo1PJshuKaKaS5ATtSrld+kzNP67jKDHQqnf6y44 39 | H6IKra0Y1ru/OzoElYg81wBH8H71vqT4XOfVr/o1+SmQSt6akJ/xf3+qn7mKXLCC 40 | 9z4z/gNh8KlqwNMa6jjTVwcLZDdRcDlaXMfi04C0c35P 41 | -----END CERTIFICATE----- -------------------------------------------------------------------------------- /cmd/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "encoding/base64" 6 | "fmt" 7 | "os" 8 | 9 | "github.com/cyberark/conjur-api-go/conjurapi" 10 | "github.com/cyberark/conjur-api-go/conjurapi/logging" 11 | "github.com/cyberark/summon-conjur/pkg/summon_conjur" 12 | "github.com/karrick/golf" 13 | log "github.com/sirupsen/logrus" 14 | ) 15 | 16 | func makeSecretRetriever() (func(variableName string) ([]byte, error), error) { 17 | config, err := conjurapi.LoadConfig() 18 | if err != nil { 19 | return nil, fmt.Errorf("Failed loading Conjur API config: %s\n", err.Error()) 20 | } 21 | 22 | conjur, err := conjurapi.NewClientFromEnvironment(config) 23 | if err != nil { 24 | return nil, fmt.Errorf("Failed creating a Conjur client: %s\n", err.Error()) 25 | } 26 | 27 | return func(variableName string) ([]byte, error) { 28 | value, err := conjur.RetrieveSecret(variableName) 29 | if err != nil { 30 | return nil, err 31 | } 32 | 33 | return value, nil 34 | }, nil 35 | } 36 | 37 | func main() { 38 | var help = golf.BoolP('h', "help", false, "show help") 39 | var version = golf.BoolP('V', "version", false, "show version") 40 | var verbose = golf.BoolP('v', "verbose", false, "be verbose") 41 | 42 | golf.Parse() 43 | args := golf.Args() 44 | 45 | if *version { 46 | fmt.Println(summon_conjur.FullVersionName) 47 | os.Exit(0) 48 | } 49 | if *help { 50 | golf.Usage() 51 | os.Exit(0) 52 | } 53 | 54 | log.SetFormatter(&log.TextFormatter{DisableTimestamp: true, DisableLevelTruncation: true}) 55 | if *verbose { 56 | log.SetLevel(log.DebugLevel) 57 | logging.ApiLog.SetLevel(log.DebugLevel) 58 | } 59 | 60 | retrieveSecrets, err := makeSecretRetriever() 61 | if err != nil { 62 | log.Errorf("%s", err.Error()) 63 | os.Exit(1) 64 | } 65 | 66 | if len(args) == 0 { 67 | scanner := bufio.NewScanner(os.Stdin) 68 | // Breaking out of this loop is controlled by a parent process by sending EOF to the stdin 69 | for scanner.Scan() { 70 | variableName := scanner.Text() 71 | if variableName == "" { 72 | log.Errorln("Failed to retrieve variable from stdin") 73 | continue 74 | } 75 | value, err := retrieveSecrets(variableName) 76 | if err != nil { 77 | log.Errorln(err.Error()) 78 | continue 79 | } 80 | base64Value := make([]byte, base64.StdEncoding.EncodedLen(len(value))) 81 | base64.StdEncoding.Encode(base64Value, value) 82 | fmt.Fprintln(os.Stdout, string(base64Value)) 83 | } 84 | if err := scanner.Err(); err != nil { 85 | log.Errorln(err.Error()) 86 | os.Exit(1) 87 | } 88 | } else { 89 | value, err := retrieveSecrets(args[0]) 90 | if err != nil { 91 | log.Errorln(err.Error()) 92 | os.Exit(1) 93 | } 94 | os.Stdout.Write(value) 95 | } 96 | } 97 | -------------------------------------------------------------------------------- /test/authn_aws_integration_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "os" 5 | "strings" 6 | "testing" 7 | 8 | "github.com/stretchr/testify/assert" 9 | "github.com/stretchr/testify/require" 10 | ) 11 | 12 | var awsRolePolicy = ` 13 | # The host ID needs to match the AWS ARN of the role we wish to authenticate 14 | - !host 601277729239/InstanceReadJenkinsExecutorHostFactoryToken 15 | 16 | - !variable db/password 17 | - !permit 18 | role: !host 601277729239/InstanceReadJenkinsExecutorHostFactoryToken 19 | privilege: [ read, execute ] 20 | resource: !variable db/password 21 | ` 22 | 23 | var awsAuthnPolicy = ` 24 | - !policy 25 | id: conjur/authn-iam/test 26 | body: 27 | - !webservice 28 | 29 | - !group clients 30 | 31 | - !permit 32 | role: !group clients 33 | privilege: [ read, authenticate ] 34 | resource: !webservice 35 | 36 | # Give the host permission to authenticate using the IAM Authenticator 37 | - !grant 38 | role: !group clients 39 | member: !host /601277729239/InstanceReadJenkinsExecutorHostFactoryToken 40 | ` 41 | 42 | func TestAuthnAWSIntegration(t *testing.T) { 43 | if strings.ToLower(os.Getenv("TEST_AWS")) != "true" { 44 | t.Skip("Skipping AWS IAM authn test") 45 | } 46 | 47 | ApplianceURL := os.Getenv("CONJUR_APPLIANCE_URL") 48 | Account := os.Getenv("CONJUR_ACCOUNT") 49 | Login := os.Getenv("CONJUR_AUTHN_LOGIN") 50 | APIKey := os.Getenv("CONJUR_AUTHN_API_KEY") 51 | Path := os.Getenv("PATH") 52 | 53 | t.Run("Given a Conjur instance with an authn-iam authenticator", func(t *testing.T) { 54 | // Load AWS IAM authn policy 55 | 56 | conjur, _ := createConjurClient(ApplianceURL, Account, Login, APIKey) 57 | 58 | rootCleanup, err := loadPolicy(conjur, "root", awsRolePolicy) 59 | require.NoError(t, err) 60 | defer rootCleanup() 61 | 62 | _, err = loadPolicy(conjur, "root", awsAuthnPolicy) 63 | require.NoError(t, err) 64 | 65 | conjur.EnableAuthenticator("iam", "test", true) 66 | 67 | variableIdentifier := "db/password" 68 | secretValue := addSecretWithRandomValue(conjur, variableIdentifier) 69 | 70 | t.Run("Given invalid authn-iam configuration", func(t *testing.T) { 71 | e := setupTestEnvironment(Path, ApplianceURL, Account, "", "") 72 | os.Setenv("CONJUR_AUTHN_TYPE", "iam") 73 | os.Setenv("CONJUR_SERVICE_ID", "nonexistent-service") 74 | os.Setenv("CONJUR_AUTHN_JWT_HOST_ID", "invalid/host-id") 75 | defer e.RestoreEnv() 76 | 77 | t.Run("Fails to authenticate and returns an error", func(t *testing.T) { 78 | assertCommandError(t, variableIdentifier, "401 Unauthorized") 79 | }) 80 | }) 81 | 82 | t.Run("Given valid authn-iam configuration", func(t *testing.T) { 83 | e := setupTestEnvironment(Path, ApplianceURL, Account, "", "") 84 | os.Setenv("CONJUR_AUTHN_TYPE", "iam") 85 | os.Setenv("CONJUR_SERVICE_ID", "test") 86 | os.Setenv("CONJUR_AUTHN_JWT_HOST_ID", "601277729239/InstanceReadJenkinsExecutorHostFactoryToken") 87 | defer e.RestoreEnv() 88 | 89 | t.Run("Retrieves a variable", func(t *testing.T) { 90 | // Then attempt to authenticate and retrieve a secret using authn-iam 91 | stdout, _, err := RunCommand(PackageName, variableIdentifier) 92 | assert.NoError(t, err) 93 | assert.Equal(t, secretValue, stdout.String()) 94 | }) 95 | }) 96 | }) 97 | } 98 | -------------------------------------------------------------------------------- /test/authn_gcp_integration_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "strings" 7 | "testing" 8 | 9 | "github.com/stretchr/testify/assert" 10 | "github.com/stretchr/testify/require" 11 | ) 12 | 13 | var gcpRolesPolicy = ` 14 | - !host 15 | id: test-app 16 | annotations: 17 | authn-gcp/project-id: %q 18 | - !variable db/password 19 | 20 | - !permit 21 | role: !host test-app 22 | privilege: [ read, execute ] 23 | resource: !variable db/password 24 | ` 25 | 26 | var gcpAuthnPolicy = ` 27 | - !policy 28 | id: conjur/authn-gcp 29 | body: 30 | - !webservice 31 | 32 | - !group apps 33 | 34 | - !permit 35 | role: !group apps 36 | privilege: [ read, authenticate ] 37 | resource: !webservice 38 | 39 | # Give the host permission to authenticate using the GCP Authenticator 40 | - !grant 41 | role: !group apps 42 | member: !host /test-app 43 | ` 44 | 45 | func TestAuthnGCPIntegration(t *testing.T) { 46 | if strings.ToLower(os.Getenv("TEST_GCP")) != "true" { 47 | t.Skip("Skipping GCP authn test") 48 | } 49 | 50 | // Replace placeholder in policy with actual project ID 51 | projectID := os.Getenv("GCP_PROJECT_ID") 52 | // Fetch the GCP token from environment variable 53 | prefetchedToken := os.Getenv("GCP_ID_TOKEN") 54 | if projectID == "" || prefetchedToken == "" { 55 | t.Fatal("GCP_PROJECT_ID and GCP_ID_TOKEN must be set to run this test") 56 | } 57 | 58 | ApplianceURL := os.Getenv("CONJUR_APPLIANCE_URL") 59 | Account := os.Getenv("CONJUR_ACCOUNT") 60 | Login := os.Getenv("CONJUR_AUTHN_LOGIN") 61 | APIKey := os.Getenv("CONJUR_AUTHN_API_KEY") 62 | Path := os.Getenv("PATH") 63 | 64 | t.Run("Given a Conjur instance with an authn-gcp authenticator", func(t *testing.T) { 65 | rolesPolicy := fmt.Sprintf(gcpRolesPolicy, projectID) 66 | 67 | conjur, _ := createConjurClient(ApplianceURL, Account, Login, APIKey) 68 | 69 | rootCleanup, err := loadPolicy(conjur, "root", rolesPolicy) 70 | require.NoError(t, err) 71 | defer rootCleanup() 72 | 73 | _, err = loadPolicy(conjur, "root", gcpAuthnPolicy) 74 | require.NoError(t, err) 75 | 76 | conjur.EnableAuthenticator("gcp", "", true) 77 | 78 | variableIdentifier := "db/password" 79 | secretValue := addSecretWithRandomValue(conjur, variableIdentifier) 80 | 81 | t.Run("Given invalid authn-gcp configuration", func(t *testing.T) { 82 | e := setupTestEnvironment(Path, ApplianceURL, Account, "", "") 83 | os.Setenv("CONJUR_AUTHN_TYPE", "gcp") 84 | os.Setenv("CONJUR_AUTHN_JWT_HOST_ID", "invalid/host-id") 85 | os.Unsetenv("CONJUR_AUTHN_JWT_TOKEN") 86 | defer e.RestoreEnv() 87 | 88 | t.Run("Fails to authenticate and returns an error", func(t *testing.T) { 89 | assertCommandError(t, variableIdentifier, "Request failed for GCP Metadata token") 90 | }) 91 | }) 92 | 93 | t.Run("Given valid authn-gcp configuration", func(t *testing.T) { 94 | e := setupTestEnvironment(Path, ApplianceURL, Account, "", "") 95 | os.Setenv("CONJUR_AUTHN_TYPE", "gcp") 96 | os.Setenv("CONJUR_AUTHN_JWT_HOST_ID", "test-app") 97 | os.Setenv("CONJUR_AUTHN_JWT_TOKEN", prefetchedToken) 98 | defer e.RestoreEnv() 99 | 100 | t.Run("Retrieves a variable", func(t *testing.T) { 101 | // Then attempt to authenticate and retrieve a secret using authn-gcp 102 | stdout, _, err := RunCommand(PackageName, variableIdentifier) 103 | assert.NoError(t, err) 104 | assert.Equal(t, secretValue, stdout.String()) 105 | }) 106 | }) 107 | }) 108 | } 109 | -------------------------------------------------------------------------------- /test/authn_azure_integration_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "strings" 7 | "testing" 8 | 9 | "github.com/stretchr/testify/assert" 10 | "github.com/stretchr/testify/require" 11 | ) 12 | 13 | var azureRolesPolicyTemplate = ` 14 | # The host ID needs to match the Azure ARN of the role we wish to authenticate 15 | - !host 16 | id: azureVM 17 | annotations: 18 | authn-azure/subscription-id: %q 19 | authn-azure/resource-group: %q 20 | 21 | - !variable db/password 22 | 23 | - !permit 24 | role: !host azureVM 25 | privilege: [ read, execute ] 26 | resource: !variable db/password 27 | ` 28 | 29 | var azureAuthnPolicy = ` 30 | - !policy 31 | id: conjur/authn-azure/test 32 | body: 33 | - !webservice 34 | 35 | - !variable 36 | id: provider-uri 37 | 38 | - !group apps 39 | 40 | - !permit 41 | role: !group apps 42 | privilege: [ read, authenticate ] 43 | resource: !webservice 44 | 45 | # Give the host permission to authenticate using the Azure Authenticator 46 | - !grant 47 | role: !group apps 48 | member: !host /azureVM 49 | ` 50 | 51 | func TestAuthnAzureIntegration(t *testing.T) { 52 | if strings.ToLower(os.Getenv("TEST_AZURE")) != "true" { 53 | t.Skip("Skipping Azure authn test") 54 | } 55 | 56 | if os.Getenv("AZURE_SUBSCRIPTION_ID") == "" || 57 | os.Getenv("AZURE_RESOURCE_GROUP") == "" { 58 | t.Fatal("AZURE_SUBSCRIPTION_ID and AZURE_RESOURCE_GROUP must be set to run this test") 59 | } 60 | 61 | ApplianceURL := os.Getenv("CONJUR_APPLIANCE_URL") 62 | Account := os.Getenv("CONJUR_ACCOUNT") 63 | Login := os.Getenv("CONJUR_AUTHN_LOGIN") 64 | APIKey := os.Getenv("CONJUR_AUTHN_API_KEY") 65 | Path := os.Getenv("PATH") 66 | 67 | t.Run("Given a Conjur instance with an authn-azure authenticator", func(t *testing.T) { 68 | rolesPolicy := fmt.Sprintf(azureRolesPolicyTemplate, 69 | os.Getenv("AZURE_SUBSCRIPTION_ID"), 70 | os.Getenv("AZURE_RESOURCE_GROUP")) 71 | 72 | conjur, _ := createConjurClient(ApplianceURL, Account, Login, APIKey) 73 | 74 | rootCleanup, err := loadPolicy(conjur, "root", rolesPolicy) 75 | require.NoError(t, err) 76 | defer rootCleanup() 77 | 78 | _, err = loadPolicy(conjur, "root", azureAuthnPolicy) 79 | require.NoError(t, err) 80 | 81 | err = conjur.AddSecret("conjur/authn-azure/test/provider-uri", "https://sts.windows.net/df242c82-fe4a-47e0-b0f4-e3cb7f8104f1/") 82 | require.NoError(t, err) 83 | 84 | conjur.EnableAuthenticator("azure", "test", true) 85 | 86 | variableIdentifier := "db/password" 87 | secretValue := addSecretWithRandomValue(conjur, variableIdentifier) 88 | 89 | t.Run("Given invalid authn-azure configuration", func(t *testing.T) { 90 | e := setupTestEnvironment(Path, ApplianceURL, Account, "", "") 91 | os.Setenv("CONJUR_AUTHN_TYPE", "azure") 92 | os.Setenv("CONJUR_SERVICE_ID", "nonexistent-service") 93 | os.Setenv("CONJUR_AUTHN_JWT_HOST_ID", "invalid/host-id") 94 | defer e.RestoreEnv() 95 | 96 | t.Run("Fails to authenticate and returns an error", func(t *testing.T) { 97 | assertCommandError(t, variableIdentifier, "401 Unauthorized") 98 | }) 99 | }) 100 | 101 | t.Run("Given valid authn-azure configuration", func(t *testing.T) { 102 | e := setupTestEnvironment(Path, ApplianceURL, Account, "", "") 103 | os.Setenv("CONJUR_AUTHN_TYPE", "azure") 104 | os.Setenv("CONJUR_SERVICE_ID", "test") 105 | os.Setenv("CONJUR_AUTHN_JWT_HOST_ID", "azureVM") 106 | defer e.RestoreEnv() 107 | 108 | t.Run("Retrieves a variable", func(t *testing.T) { 109 | // Then attempt to authenticate and retrieve a secret using authn-azure 110 | stdout, _, err := RunCommand(PackageName, variableIdentifier) 111 | assert.NoError(t, err) 112 | assert.Equal(t, secretValue, stdout.String()) 113 | }) 114 | }) 115 | }) 116 | } 117 | -------------------------------------------------------------------------------- /.goreleaser.yml: -------------------------------------------------------------------------------- 1 | # All available options: https://goreleaser.com/customization/ 2 | version: 2 3 | 4 | project_name: summon-conjur 5 | 6 | builds: 7 | - binary: summon-conjur 8 | env: 9 | - CGO_ENABLED=0 10 | goos: 11 | - darwin # MacOS 12 | - linux 13 | - solaris 14 | - windows 15 | goarch: 16 | - amd64 17 | ldflags: 18 | - -w 19 | - -X "github.com/cyberark/summon-conjur/pkg/summon_conjur.Tag={{ .ShortCommit }}" 20 | - -X "github.com/cyberark/summon-conjur/pkg/summon_conjur.Version={{ .Env.VERSION }}" 21 | main: cmd/main.go 22 | hooks: 23 | post: 24 | # Copy the binary out into the path, and give the copy the name we want 25 | # in the release . 26 | # e.g. Suppose a windows amd64 build generates a binary at 27 | # path/to/binary.exe. This will be copied to 28 | # path/to/../binary-windows_amd64.exe. The copy path can then be added to 29 | # the release and will result in a release artifact with the name 30 | # binary-windows_amd64.exe. 31 | - mkdir -p "{{ dir .Path }}/../binaries" 32 | - cp "{{ .Path }}" "{{ dir .Path }}/../binaries/summon_conjur_{{ .Target }}{{ .Ext }}" 33 | 34 | # Apple silicon support 35 | - id: summon-conjur-arm 36 | binary: summon-conjur 37 | env: 38 | - CGO_ENABLED=0 39 | goos: 40 | - darwin # MacOS 41 | goarch: 42 | - arm64 43 | ldflags: 44 | - -w 45 | - -X "github.com/cyberark/summon-conjur/pkg/summon_conjur.Tag={{ .ShortCommit }}" 46 | - -X "github.com/cyberark/summon-conjur/pkg/summon_conjur.Version={{ .Env.VERSION }}" 47 | main: ./cmd/main.go 48 | hooks: 49 | post: 50 | # Copy the binary out into the path, and give the copy the name we want 51 | # in the release . 52 | # e.g. Suppose a windows amd64 build generates a binary at 53 | # path/to/binary.exe. This will be copied to 54 | # path/to/../binary-windows_amd64.exe. The copy path can then be added to 55 | # the release and will result in a release artifact with the name 56 | # binary-windows_amd64.exe. 57 | - mkdir -p "{{ dir .Path }}/../binaries" 58 | - cp "{{ .Path }}" "{{ dir .Path }}/../binaries/summon_conjur_{{ .Target }}{{ .Ext }}" 59 | 60 | archives: 61 | - id: summon-conjur-release-archive 62 | name_template: "{{.ProjectName}}-{{.Os}}-{{.Arch}}" 63 | format_overrides: 64 | - goos: windows 65 | format: zip 66 | files: 67 | - none* # only package the binary - not defaults: readme, license, changelog 68 | 69 | checksum: 70 | name_template: 'SHA256SUMS.txt' 71 | 72 | brews: 73 | - description: Conjur provider for Summon 74 | homepage: https://github.com/cyberark/summon-conjur 75 | url_template: https://github.com/cyberark/summon-conjur/releases/download/v{{.Version}}/summon-conjur-{{.Os}}-{{.Arch}}.tar.gz 76 | install: | 77 | target = lib/"summon" 78 | target.install "summon-conjur" 79 | test: | 80 | system lib/"summon"/"summon-conjur", "-V" 81 | 82 | repository: 83 | owner: cyberark 84 | name: homebrew-tools 85 | skip_upload: true 86 | 87 | nfpms: 88 | - file_name_template: "{{ .ProjectName }}" 89 | vendor: CyberArk 90 | homepage: https://github.com/cyberark/summon-conjur 91 | maintainer: Conjur Maintainers 92 | 93 | description: Conjur provider for Summon 94 | recommends: 95 | - summon 96 | license: MIT 97 | formats: 98 | - deb 99 | - rpm 100 | bindir: /usr/local/lib/summon # where the binary is placed, default summon provider dir 101 | 102 | dist: ./dist/goreleaser 103 | 104 | release: 105 | disable: true 106 | draft: true 107 | extra_files: 108 | - glob: NOTICES.txt 109 | - glob: LICENSE 110 | - glob: CHANGELOG.md 111 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | For general contribution and community guidelines, please see the [community repo](https://github.com/cyberark/community). 4 | 5 | ## Contributing 6 | 7 | 1. [Fork the project](https://help.github.com/en/github/getting-started-with-github/fork-a-repo) 8 | 2. [Clone your fork](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository) 9 | 3. Make local changes to your fork by editing files 10 | 4. [Commit your changes](https://help.github.com/en/github/managing-files-in-a-repository/adding-a-file-to-a-repository-using-the-command-line) 11 | 5. [Push your local changes to the remote server](https://help.github.com/en/github/using-git/pushing-commits-to-a-remote-repository) 12 | 6. [Create new Pull Request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork) 13 | 14 | From here your pull request will be reviewed and once you've responded to all 15 | feedback it will be merged into the project. Congratulations, you're a 16 | contributor! 17 | 18 | ## Development 19 | 20 | You can start a Docker Compose development environment by running 21 | 22 | ```sh 23 | ./dev.sh 24 | ``` 25 | 26 | ### Running tests 27 | 28 | Automated CI pipelines: 29 | 30 | - [Jenkinsfile](Jenkinsfile) 31 | 32 | Run `./bin/test.sh` 33 | 34 | ## Releasing 35 | 36 | Releases should be created by maintainers only. To create and promote a 37 | release, follow the instructions in this section. 38 | 39 | ### Verify and update dependencies 40 | 41 | 1. Review the changes to `go.mod` since the last release and make any needed 42 | updates to [NOTICES.txt](./NOTICES.txt): 43 | * Verify that dependencies fit into supported licenses types: 44 | ```shell 45 | go-licenses check ./... --allowed_licenses="MIT,ISC,Apache-2.0,BSD-3-Clause" \ 46 | --ignore github.com/cyberark/conjur-summon \ 47 | --ignore $(go list std | awk 'NR > 1 { printf(",") } { printf("%s",$0) } END { print "" }') 48 | ``` 49 | If there is new dependency having unsupported license, such license should be included to [notices.tpl](./notices.tpl) 50 | file in order to get generated in NOTICES.txt. 51 | 52 | NOTE: The second ignore flag tells the command to ignore standard library packages, which 53 | may or may not be necessary depending on your local Go installation and toolchain. 54 | 55 | * If no errors occur, proceed to generate updated NOTICES.txt: 56 | ```shell 57 | go-licenses report ./... --template notices.tpl > NOTICES.txt \ 58 | --ignore github.com/cyberark/summon-conjur \ 59 | --ignore $(go list std | awk 'NR > 1 { printf(",") } { printf("%s",$0) } END { print "" }') 60 | ``` 61 | 62 | ### Update the changelog 63 | 64 | **NOTE:** If the Changelog and NOTICES.txt are already up-to-date, skip this 65 | step and promote the desired build from the main branch. 66 | 67 | 1. Create a new branch for the version bump. 68 | 69 | 2. Based on the changelog content, determine the new version number and update. 70 | 71 | 3. Review the git log and ensure the [changelog](CHANGELOG.md) contains all 72 | relevant recent changes with references to GitHub issues or PRs, if possible. 73 | 74 | 5. Commit these changes - `Bump version to x.y.z` is an acceptable commit 75 | message - and open a PR for review. 76 | 77 | ### Release and Promote 78 | 79 | 1. Merging into the main branch will automatically trigger a release. 80 | If successful, this release can be promoted at a later time. 81 | 82 | 2. Jenkins build parameters can be utilized to promote a successful release 83 | or manually trigger aditional releases as needed. 84 | 85 | 3. Reference the 86 | [internal automated release doc](https://github.com/conjurinc/docs/blob/master/reference/infrastructure/automated_releases.md#release-and-promotion-process) 87 | for releasing and promoting. 88 | -------------------------------------------------------------------------------- /test/helpers.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "bufio" 5 | "bytes" 6 | "encoding/base64" 7 | "fmt" 8 | "io" 9 | "math/rand" 10 | "os" 11 | "os/exec" 12 | "strings" 13 | "testing" 14 | 15 | "github.com/cyberark/conjur-api-go/conjurapi" 16 | "github.com/cyberark/conjur-api-go/conjurapi/authn" 17 | "github.com/stretchr/testify/assert" 18 | ) 19 | 20 | func createConjurClient(applianceURL, account, login, apiKey string) (*conjurapi.Client, error) { 21 | config := conjurapi.Config{ 22 | ApplianceURL: applianceURL, 23 | Account: account, 24 | } 25 | return conjurapi.NewClientFromKey( 26 | config, 27 | authn.LoginPair{Login: login, APIKey: apiKey}, 28 | ) 29 | } 30 | 31 | func setupVariablePolicy(conjur *conjurapi.Client, variableIdentifiers ...string) (func(), error) { 32 | policyBuilder := strings.Builder{} 33 | for _, identifier := range variableIdentifiers { 34 | policyBuilder.WriteString(fmt.Sprintf("- !variable %s\n", identifier)) 35 | } 36 | 37 | // Load the variables in the root policy and return the cleanup function 38 | return loadPolicy(conjur, "root", policyBuilder.String()) 39 | } 40 | 41 | func loadPolicy(conjur *conjurapi.Client, branch, policy string) (func(), error) { 42 | _, err := conjur.LoadPolicy( 43 | conjurapi.PolicyModePost, 44 | branch, 45 | strings.NewReader(policy), 46 | ) 47 | 48 | if err != nil { 49 | return nil, err 50 | } 51 | 52 | // Return cleanup function that removes all content from specified policy branch 53 | return func() { 54 | conjur.LoadPolicy( 55 | conjurapi.PolicyModePut, 56 | branch, 57 | strings.NewReader(""), 58 | ) 59 | }, nil 60 | } 61 | 62 | func addSecretWithRandomValue(conjur *conjurapi.Client, variableIdentifier string) string { 63 | secretValue := fmt.Sprintf("secret-value-%v", rand.Intn(123456)) 64 | conjur.AddSecret(variableIdentifier, secretValue) 65 | // Return the generated secret value 66 | return secretValue 67 | } 68 | 69 | // assertCommandError runs the command and checks that it fails with expected error message 70 | func assertCommandError(t *testing.T, variableIdentifier, expectedError string) { 71 | _, stderr, err := RunCommand(PackageName, variableIdentifier) 72 | assert.Error(t, err) 73 | assert.Contains(t, stderr.String(), expectedError) 74 | } 75 | 76 | // setupTestEnvironment sets up common environment variables for tests 77 | func setupTestEnvironment(path, applianceURL, account, login, apiKey string) *envSnapshot { 78 | e := ClearEnv() 79 | os.Setenv("PATH", path) 80 | os.Setenv("CONJUR_APPLIANCE_URL", applianceURL) 81 | os.Setenv("CONJUR_ACCOUNT", account) 82 | if login != "" { 83 | os.Setenv("CONJUR_AUTHN_LOGIN", login) 84 | } 85 | if apiKey != "" { 86 | os.Setenv("CONJUR_AUTHN_API_KEY", apiKey) 87 | } 88 | os.Setenv("HOME", "/root") // Workaround for Conjur API sending a warning to stderr 89 | return e 90 | } 91 | 92 | func generateRandomString(n int) string { 93 | const letters = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_" 94 | ret := make([]byte, n) 95 | for i := range n { 96 | num := rand.Intn(len(letters)) 97 | ret[i] = letters[num] 98 | } 99 | 100 | return string(ret) 101 | } 102 | 103 | func splitEq(s string) (string, string) { 104 | a := strings.SplitN(s, "=", 2) 105 | return a[0], a[1] 106 | } 107 | 108 | type envSnapshot struct { 109 | env []string 110 | } 111 | 112 | func ClearEnv() *envSnapshot { 113 | e := os.Environ() 114 | 115 | for _, s := range e { 116 | k, _ := splitEq(s) 117 | os.Setenv(k, "") 118 | } 119 | return &envSnapshot{env: e} 120 | } 121 | 122 | func (e *envSnapshot) RestoreEnv() { 123 | ClearEnv() 124 | for _, s := range e.env { 125 | k, v := splitEq(s) 126 | os.Setenv(k, v) 127 | } 128 | } 129 | 130 | func RunCommand(name string, arg ...string) (bytes.Buffer, bytes.Buffer, error) { 131 | cmd := exec.Command(name, arg...) 132 | var stdout bytes.Buffer 133 | var stderr bytes.Buffer 134 | cmd.Stdout = &stdout 135 | cmd.Stderr = &stderr 136 | err := cmd.Run() 137 | return stdout, stderr, err 138 | } 139 | 140 | // RunCommandInteractively takes multiple paths to secrets and returns their values in Base64 and a last error that occurred 141 | func RunCommandInteractively(command string, values []string) ([][]byte, []byte) { 142 | errChan := make(chan []byte, 1) 143 | defer close(errChan) 144 | doneChan := make(chan bool, 1) 145 | cmd := exec.Command(command) 146 | 147 | stdinPipe, _ := cmd.StdinPipe() 148 | stdoutPipe, _ := cmd.StdoutPipe() 149 | stderrPipe, _ := cmd.StderrPipe() 150 | 151 | cmd.Start() 152 | 153 | go func() { 154 | defer stdinPipe.Close() 155 | for _, value := range values { 156 | fmt.Fprintln(stdinPipe, value) 157 | } 158 | }() 159 | 160 | var output [][]byte 161 | go func() { 162 | defer close(doneChan) 163 | defer stdoutPipe.Close() 164 | reader := bufio.NewReader(stdoutPipe) 165 | for { 166 | line, err := reader.ReadBytes('\n') 167 | if err != nil { 168 | if err == io.EOF { 169 | break 170 | } 171 | errChan <- []byte(fmt.Sprintf("Reader error: %v", err)) 172 | break 173 | } 174 | 175 | line = bytes.TrimRight(line, "\r\n") 176 | output = append(output, line) 177 | } 178 | }() 179 | 180 | go func() { 181 | defer stderrPipe.Close() 182 | scanner := bufio.NewScanner(stderrPipe) 183 | for scanner.Scan() { 184 | line := scanner.Bytes() 185 | errChan <- line 186 | } 187 | }() 188 | 189 | select { 190 | case err := <-errChan: 191 | _ = cmd.Process.Signal(os.Kill) 192 | return output, err 193 | case <-doneChan: 194 | return output, nil 195 | } 196 | } 197 | 198 | // EncodeStringToBase64 encodes a string into a Base64 byte array 199 | func EncodeStringToBase64(inputString string) []byte { 200 | data := []byte(inputString) 201 | encodedLen := base64.StdEncoding.EncodedLen(len(data)) 202 | encodedData := make([]byte, encodedLen) 203 | base64.StdEncoding.Encode(encodedData, data) 204 | return encodedData 205 | } 206 | 207 | const PackageName = "summon-conjur" 208 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | al.essio.dev/pkg/shellescape v1.6.0 h1:NxFcEqzFSEVCGN2yq7Huv/9hyCEGVa/TncnOOBBeXHA= 2 | al.essio.dev/pkg/shellescape v1.6.0/go.mod h1:6sIqp7X2P6mThCQ7twERpZTuigpr6KbZWtls1U8I890= 3 | github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= 4 | github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= 5 | github.com/aws/aws-sdk-go-v2 v1.39.5 h1:e/SXuia3rkFtapghJROrydtQpfQaaUgd1cUvyO1mp2w= 6 | github.com/aws/aws-sdk-go-v2 v1.39.5/go.mod h1:yWSxrnioGUZ4WVv9TgMrNUeLV3PFESn/v+6T/Su8gnM= 7 | github.com/aws/aws-sdk-go-v2/config v1.31.16 h1:E4Tz+tJiPc7kGnXwIfCyUj6xHJNpENlY11oKpRTgsjc= 8 | github.com/aws/aws-sdk-go-v2/config v1.31.16/go.mod h1:2S9hBElpCyGMifv14WxQ7EfPumgoeCPZUpuPX8VtW34= 9 | github.com/aws/aws-sdk-go-v2/credentials v1.18.20 h1:KFndAnHd9NUuzikHjQ8D5CfFVO+bgELkmcGY8yAw98Q= 10 | github.com/aws/aws-sdk-go-v2/credentials v1.18.20/go.mod h1:9mCi28a+fmBHSQ0UM79omkz6JtN+PEsvLrnG36uoUv0= 11 | github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.12 h1:VO3FIM2TDbm0kqp6sFNR0PbioXJb/HzCDW6NtIZpIWE= 12 | github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.12/go.mod h1:6C39gB8kg82tx3r72muZSrNhHia9rjGkX7ORaS2GKNE= 13 | github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.12 h1:p/9flfXdoAnwJnuW9xHEAFY22R3A6skYkW19JFF9F+8= 14 | github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.12/go.mod h1:ZTLHakoVCTtW8AaLGSwJ3LXqHD9uQKnOcv1TrpO6u2k= 15 | github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.12 h1:2lTWFvRcnWFFLzHWmtddu5MTchc5Oj2OOey++99tPZ0= 16 | github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.12/go.mod h1:hI92pK+ho8HVcWMHKHrK3Uml4pfG7wvL86FzO0LVtQQ= 17 | github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 h1:WKuaxf++XKWlHWu9ECbMlha8WOEGm0OUEZqm4K/Gcfk= 18 | github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc= 19 | github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.2 h1:xtuxji5CS0JknaXoACOunXOYOQzgfTvGAc9s2QdCJA4= 20 | github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.2/go.mod h1:zxwi0DIR0rcRcgdbl7E2MSOvxDyyXGBlScvBkARFaLQ= 21 | github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.12 h1:MM8imH7NZ0ovIVX7D2RxfMDv7Jt9OiUXkcQ+GqywA7M= 22 | github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.12/go.mod h1:gf4OGwdNkbEsb7elw2Sy76odfhwNktWII3WgvQgQQ6w= 23 | github.com/aws/aws-sdk-go-v2/service/sso v1.30.0 h1:xHXvxst78wBpJFgDW07xllOx0IAzbryrSdM4nMVQ4Dw= 24 | github.com/aws/aws-sdk-go-v2/service/sso v1.30.0/go.mod h1:/e8m+AO6HNPPqMyfKRtzZ9+mBF5/x1Wk8QiDva4m07I= 25 | github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.4 h1:tBw2Qhf0kj4ZwtsVpDiVRU3zKLvjvjgIjHMKirxXg8M= 26 | github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.4/go.mod h1:Deq4B7sRM6Awq/xyOBlxBdgW8/Z926KYNNaGMW2lrkA= 27 | github.com/aws/aws-sdk-go-v2/service/sts v1.39.0 h1:C+BRMnasSYFcgDw8o9H5hzehKzXyAb9GY5v/8bP9DUY= 28 | github.com/aws/aws-sdk-go-v2/service/sts v1.39.0/go.mod h1:4EjU+4mIx6+JqKQkruye+CaigV7alL3thVPfDd9VlMs= 29 | github.com/aws/smithy-go v1.23.1 h1:sLvcH6dfAFwGkHLZ7dGiYF7aK6mg4CgKA/iDKjLDt9M= 30 | github.com/aws/smithy-go v1.23.1/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0= 31 | github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= 32 | github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4= 33 | github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= 34 | github.com/cyberark/conjur-api-go v0.13.9 h1:Cd4uJmnEkZJBnU4hsIcZN1maqhqRT2fSax65SEvqvEs= 35 | github.com/cyberark/conjur-api-go v0.13.9/go.mod h1:hZ6lyBHQW5WFZNMngQb/QtHpB8l0pY8PLgcJ1Vp8H74= 36 | github.com/danieljoos/wincred v1.2.3 h1:v7dZC2x32Ut3nEfRH+vhoZGvN72+dQ/snVXo/vMFLdQ= 37 | github.com/danieljoos/wincred v1.2.3/go.mod h1:6qqX0WNrS4RzPZ1tnroDzq9kY3fu1KwE7MRLQK4X0bs= 38 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 39 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= 40 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 41 | github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= 42 | github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= 43 | github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= 44 | github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= 45 | github.com/karrick/golf v1.7.0 h1:MP80Kq55Zmz6JSSuU0f8MweJd+3+huaEraBMyDhzPXk= 46 | github.com/karrick/golf v1.7.0/go.mod h1:1FeHQQD2dYbg3cU9YIa6sQGn6oup7dZUHgd9gqukH24= 47 | github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= 48 | github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= 49 | github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= 50 | github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= 51 | github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= 52 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 53 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 54 | github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= 55 | github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= 56 | github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= 57 | github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= 58 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 59 | github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= 60 | github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= 61 | github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 62 | github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= 63 | github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= 64 | github.com/zalando/go-keyring v0.2.6 h1:r7Yc3+H+Ux0+M72zacZoItR3UDxeWfKTcabvkI8ua9s= 65 | github.com/zalando/go-keyring v0.2.6/go.mod h1:2TCrxYrbUNYfNS/Kgy/LSrkSQzZ5UPVH85RwfczwvcI= 66 | golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ= 67 | golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= 68 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 69 | gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= 70 | gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= 71 | gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= 72 | gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= 73 | gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= 74 | gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 75 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # summon-conjur 2 | 3 | CyberArk Secrets Manager provider for [Summon](https://github.com/cyberark/summon). 4 | 5 | [![GitHub release](https://img.shields.io/github/release/cyberark/summon-conjur.svg)](https://github.com/cyberark/summon-conjur/releases/latest) 6 | 7 | [![Github commits (since latest release)](https://img.shields.io/github/commits-since/cyberark/summon-conjur/latest.svg)](https://github.com/cyberark/summon-conjur/commits/main) 8 | 9 | --- 10 | 11 | ## Install 12 | 13 | Pre-built binaries and packages are available from GitHub releases 14 | [here](https://github.com/cyberark/summon-conjur/releases). 15 | 16 | ### Using summon-conjur with Conjur Open Source 17 | 18 | Are you using this project with [Conjur Open Source](https://github.com/cyberark/conjur)? Then we 19 | **strongly** recommend choosing the version of this project to use from the latest [Conjur OSS 20 | suite release](https://docs.conjur.org/Latest/en/Content/Overview/Conjur-OSS-Suite-Overview.html). 21 | Conjur maintainers perform additional testing on the suite release versions to ensure 22 | compatibility. When possible, upgrade your Conjur version to match the 23 | [latest suite release](https://docs.conjur.org/Latest/en/Content/ReleaseNotes/ConjurOSS-suite-RN.htm); 24 | when using integrations, choose the latest suite release that matches your Conjur version. For any 25 | questions, please contact us on [Discourse](https://discuss.cyberarkcommons.org/c/conjur/5). 26 | 27 | ### Homebrew 28 | 29 | ```bash 30 | brew tap cyberark/tools 31 | brew install summon-conjur 32 | ``` 33 | 34 | ### Linux (Debian and Red Hat flavors) 35 | 36 | `deb` and `rpm` files are attached to new releases. 37 | These can be installed with `dpkg -i summon-conjur_*.deb` and 38 | `rpm -ivh summon-conjur_*.rpm`, respectively. 39 | 40 | ### Auto Install 41 | 42 | **Note** Check the release notes and select an appropriate release to ensure support for your version of CyberArk Secrets Manager. 43 | 44 | Use the auto-install script. This will install the latest version of summon-conjur. 45 | The script requires sudo to place summon-conjur in dir `/usr/local/lib/summon`. 46 | 47 | ```bash 48 | curl -sSL https://raw.githubusercontent.com/cyberark/summon-conjur/main/install.sh | bash 49 | ``` 50 | 51 | ### Manual Install 52 | 53 | Otherwise, download the [latest release](https://github.com/cyberark/summon-conjur/releases) and extract it to the directory `/usr/local/lib/summon`. 54 | 55 | ## Usage in isolation 56 | 57 | Give summon-conjur a variable name and it will fetch it for you and print the value to stdout. 58 | 59 | ```shell 60 | $ summon-conjur prod/aws/iam/user/robot/access_key_id 61 | flgwkeatfghhdqkflaqiwoagsmfgxool 62 | ``` 63 | 64 | You can also use interactive mode by starting the command without any arguments 65 | and then passing paths to secrets one by one. This way you can fetch multiple values in a single command run. 66 | Keep in mind that by using interactive mode outputted values will be in BASE64 format. 67 | 68 | ```shell 69 | $ summon-conjur 70 | prod/aws/iam/user/robot/access_key_id 71 | Zmxnd2tlYXRmZ2hoZHFrZmxhcWl3b2Fnc21mZ3hvb2w= 72 | prod/aws/s3/bucket_name/access_key_id 73 | YWNudmdlb3dycmd4dW1ic2tncW51Zm50dmRvYWVic3A= 74 | ``` 75 | 76 | ### Flags 77 | 78 | ```txt 79 | Usage of summon-conjur: 80 | -h, --help 81 | show help (default: false) 82 | -V, --version 83 | show version (default: false) 84 | -v, --verbose 85 | be verbose (default: false) 86 | ``` 87 | 88 | ## Usage as a provider for Summon 89 | 90 | [Summon](https://github.com/cyberark/summon/) is a command-line tool that reads a file in secrets.yml format and injects secrets as environment variables into any process. Once the process exits, the secrets are gone. 91 | 92 | ### Example 93 | 94 | As an example let's use the `env` command: 95 | 96 | Following installation, define your keys in a `secrets.yml` file 97 | 98 | ```yml 99 | AWS_ACCESS_KEY_ID: !var aws/iam/user/robot/access_key_id 100 | AWS_SECRET_ACCESS_KEY: !var aws/iam/user/robot/secret_access_key 101 | ``` 102 | 103 | By default, summon will look for `secrets.yml` in the directory it is called from and export the secret values to the environment of the command it wraps. 104 | 105 | Wrap the `env` in summon: 106 | 107 | ```sh 108 | $ summon --provider summon-conjur env 109 | ... 110 | AWS_ACCESS_KEY_ID=AKIAJS34242K1123J3K43 111 | AWS_SECRET_ACCESS_KEY=A23MSKSKSJASHDIWM 112 | ... 113 | ``` 114 | 115 | `summon` resolves the entries in secrets.yml with the CyberArk Secrets Manager provider and makes the secret values available to the environment of the command `env`. 116 | 117 | ## Configuration 118 | 119 | This provider uses the same configuration pattern as the [CyberArk Secrets Manager CLI](https://github.com/cyberark/conjur-cli-go) 120 | to connect to Conjur. Specifically, it loads configuration from: 121 | 122 | * `.conjurrc` files, located in the home and current directories, or at the 123 | path specified by the `CONJURRC` environment variable. 124 | * Reads the `.conjurrc` file from `/etc/conjur.conf` on Linux/macOS and `C:\Windows\conjur.conf` on Windows. 125 | * Environment variables: 126 | * Appliance URLs 127 | * `CONJUR_APPLIANCE_URL` 128 | * SSL certificate 129 | * `CONJUR_CERT_FILE` 130 | * `CONJUR_SSL_CERTIFICATE` 131 | * Authentication 132 | * Account 133 | * `CONJUR_ACCOUNT` 134 | * Login 135 | * `CONJUR_AUTHN_LOGIN` 136 | * `CONJUR_AUTHN_API_KEY` 137 | * Token 138 | * `CONJUR_AUTHN_TOKEN` 139 | * `CONJUR_AUTHN_TOKEN_FILE` 140 | * JWT Token 141 | * `CONJUR_AUTHN_JWT_SERVICE_ID` (e.g. `kubernetes`) 142 | * `JWT_TOKEN_PATH` (optional) (default: `/var/run/secrets/kubernetes.io/serviceaccount/token`) 143 | * AWS/Azure/GCP 144 | * `CONJUR_AUTHN_TYPE` (set to `iam`, `azure`, or `gcp`) 145 | * `CONJUR_SERVICE_ID` (except for GCP) 146 | * `CONJUR_AUTHN_JWT_HOST_ID` 147 | * `CONJUR_AUTHN_JWT_TOKEN` (optional - if not set, token will be read from the metadata service) 148 | 149 | 150 | If `CONJUR_AUTHN_LOGIN` and `CONJUR_AUTHN_API_KEY` or `CONJUR_AUTHN_TOKEN` or `CONJUR_AUTHN_TOKEN_FILE` or `CONJUR_AUTHN_JWT_SERVICE_ID` are not provided, the username and API key are read from system keychain or `~/.netrc`, stored there by `conjur login`. 151 | 152 | On systems that support keychain storage, that will be used by default, and if that fails the `~/.netrc` file will be used, 153 | though this behavior can be modified in the `.conjurrc` file: 154 | 155 | ```yaml 156 | ... 157 | credential_storage: "netrc" 158 | netrc_path: "/etc/conjur.identity" 159 | ... 160 | ``` 161 | 162 | The provider will fail unless all of the following values are provided: 163 | 164 | * An appliance url (`CONJUR_APPLIANCE_URL`) 165 | * An organization account (`CONJUR_ACCOUNT`) 166 | * A valid authentication method (e.g., username/api key, token, or JWT or cloud auth configuration) 167 | * A path to (`CONJUR_CERT_FILE`) **or** content of (`CONJUR_SSL_CERTIFICATE`) the appliance's public SSL certificate 168 | 169 | --- 170 | 171 | ## Contributing 172 | 173 | We welcome contributions of all kinds to this repository. For instructions on how to get started and descriptions of our development workflows, please see our [contributing 174 | guide][contrib]. 175 | 176 | [contrib]: CONTRIBUTING.md 177 | -------------------------------------------------------------------------------- /test/package_oss_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "fmt" 5 | "maps" 6 | "math/rand" 7 | "os" 8 | "slices" 9 | "testing" 10 | "time" 11 | 12 | "github.com/stretchr/testify/assert" 13 | "github.com/stretchr/testify/require" 14 | ) 15 | 16 | func TestPackageOSS(t *testing.T) { 17 | ApplianceURL := os.Getenv("CONJUR_APPLIANCE_URL") 18 | Account := os.Getenv("CONJUR_ACCOUNT") 19 | Login := os.Getenv("CONJUR_AUTHN_LOGIN") 20 | APIKey := os.Getenv("CONJUR_AUTHN_API_KEY") 21 | 22 | Path := os.Getenv("PATH") 23 | 24 | t.Run("version flag", func(t *testing.T) { 25 | e := ClearEnv() 26 | defer e.RestoreEnv() 27 | os.Setenv("PATH", Path) 28 | 29 | stdout, stderr, err := RunCommand(PackageName, "--version") 30 | 31 | assert.NoError(t, err) 32 | assert.Empty(t, stderr.String()) 33 | assert.Equal(t, "unset-unset\n", stdout.String()) 34 | }) 35 | 36 | t.Run("Given no configuration and no authentication information", func(t *testing.T) { 37 | e := ClearEnv() 38 | defer e.RestoreEnv() 39 | os.Setenv("PATH", Path) 40 | 41 | // When both config and auth information is missing, then config errors take priority 42 | assertCommandError(t, "variable", "Failed creating a Conjur client: Must specify an ApplianceURL -- Must specify an Account") 43 | }) 44 | 45 | t.Run("Given valid OSS configuration", func(t *testing.T) { 46 | e := ClearEnv() 47 | defer e.RestoreEnv() 48 | os.Setenv("PATH", Path) 49 | 50 | os.Setenv("CONJUR_APPLIANCE_URL", ApplianceURL) 51 | os.Setenv("CONJUR_ACCOUNT", Account) 52 | 53 | t.Run("Given valid APIKey credentials", func(t *testing.T) { 54 | e := setupTestEnvironment(Path, ApplianceURL, Account, Login, APIKey) 55 | defer e.RestoreEnv() 56 | 57 | t.Run("Given interactive mode active", func(t *testing.T) { 58 | t.Run("Retrieves multiple existing variable's values", func(t *testing.T) { 59 | variableIdentifierUsername := "db/username" 60 | // file deepcode ignore HardcodedPassword/test: This is a test file 61 | variableIdentifierPassword := "db/password" 62 | 63 | secretValueUsername := "secret-value-username" 64 | // file deepcode ignore InsecurelyGeneratedPassword/test: This is a test file 65 | secretValuePassword := fmt.Sprintf("secret-value-%v", rand.Intn(123456)) 66 | 67 | conjur, _ := createConjurClient(ApplianceURL, Account, Login, APIKey) 68 | cleanup, err := setupVariablePolicy(conjur, variableIdentifierUsername, variableIdentifierPassword) 69 | require.NoError(t, err) 70 | defer cleanup() 71 | 72 | conjur.AddSecret(variableIdentifierUsername, secretValueUsername) 73 | conjur.AddSecret(variableIdentifierPassword, secretValuePassword) 74 | values := []string{variableIdentifierUsername, variableIdentifierPassword} 75 | output, errStr := RunCommandInteractively(PackageName, values) 76 | 77 | assert.Nil(t, errStr) 78 | assert.Equal(t, EncodeStringToBase64(secretValueUsername), output[0]) 79 | assert.Equal(t, EncodeStringToBase64(secretValuePassword), output[1]) 80 | }) 81 | t.Run("Returns error on non-existent variables", func(t *testing.T) { 82 | variableIdentifier1 := "non-existent-variable1" 83 | variableIdentifier2 := "non-existent-variable2" 84 | 85 | values := []string{variableIdentifier1, variableIdentifier2} 86 | 87 | _, err := RunCommandInteractively(PackageName, values) 88 | 89 | assert.Contains(t, string(err), "404 Not Found") 90 | }) 91 | t.Run("Retrieves large number of variables", func(t *testing.T) { 92 | numVariables := 250 93 | variableMap := make(map[string]string) 94 | 95 | for i := range numVariables { 96 | variableIdentifier := fmt.Sprintf("variable-%d", i) 97 | secretValue := generateRandomString(1024) 98 | variableMap[variableIdentifier] = secretValue 99 | } 100 | 101 | variableNames := slices.Collect(maps.Keys(variableMap)) 102 | 103 | conjur, _ := createConjurClient(ApplianceURL, Account, Login, APIKey) 104 | cleanup, err := setupVariablePolicy(conjur, variableNames...) 105 | require.NoError(t, err) 106 | defer cleanup() 107 | 108 | for key, value := range variableMap { 109 | err := conjur.AddSecret(key, value) 110 | assert.NoError(t, err, fmt.Sprintf("Failed to add secret for variable %s", key)) 111 | } 112 | 113 | output, errStr := RunCommandInteractively(PackageName, variableNames) 114 | 115 | assert.Nil(t, errStr) 116 | assert.Len(t, output, len(variableNames)) 117 | for i, value := range variableNames { 118 | assert.Equal(t, EncodeStringToBase64(variableMap[value]), output[i]) 119 | } 120 | }) 121 | }) 122 | t.Run("Retrieves existing variable's defined value", func(t *testing.T) { 123 | variableIdentifier := "db/password" 124 | 125 | conjur, _ := createConjurClient(ApplianceURL, Account, Login, APIKey) 126 | cleanup, err := setupVariablePolicy(conjur, variableIdentifier) 127 | require.NoError(t, err) 128 | defer cleanup() 129 | 130 | secretValue := addSecretWithRandomValue(conjur, variableIdentifier) 131 | stdout, _, errStr := RunCommand(PackageName, variableIdentifier) 132 | 133 | assert.NoError(t, errStr) 134 | assert.Equal(t, secretValue, stdout.String()) 135 | }) 136 | 137 | t.Run("Returns error on non-existent variable", func(t *testing.T) { 138 | assertCommandError(t, "non-existent-variable", "not found") 139 | }) 140 | 141 | t.Run("Given a non-existent Login is set", func(t *testing.T) { 142 | os.Setenv("CONJUR_AUTHN_LOGIN", "non-existent-user") 143 | 144 | t.Run("Returns 401", func(t *testing.T) { 145 | assertCommandError(t, "existent-or-non-existent-variable", "401 Unauthorized") 146 | }) 147 | }) 148 | 149 | // Cleanup 150 | os.Unsetenv("CONJUR_AUTHN_LOGIN") 151 | os.Unsetenv("CONJUR_AUTHN_API_KEY") 152 | }) 153 | 154 | t.Run("Given valid TokenFile credentials", func(t *testing.T) { 155 | e := setupTestEnvironment(Path, ApplianceURL, Account, "", "") 156 | defer e.RestoreEnv() 157 | 158 | getToken := fmt.Sprintf(` 159 | token=$(curl --data "%s" "$CONJUR_APPLIANCE_URL/authn/$CONJUR_ACCOUNT/%s/authenticate") 160 | echo $token 161 | `, APIKey, Login) 162 | stdout, _, err := RunCommand("bash", "-c", getToken) 163 | 164 | assert.NoError(t, err) 165 | assert.Contains(t, stdout.String(), "signature") 166 | 167 | tokenFile, _ := os.CreateTemp("", "existent-token-file") 168 | tokenFileName := tokenFile.Name() 169 | tokenFileContents := stdout.String() 170 | os.Remove(tokenFileName) 171 | go func() { 172 | os.WriteFile(tokenFileName, []byte(tokenFileContents), 0600) 173 | }() 174 | defer os.Remove(tokenFileName) 175 | 176 | os.Setenv("CONJUR_AUTHN_TOKEN_FILE", tokenFileName) 177 | 178 | t.Run("Retrieves existent variable's defined value", func(t *testing.T) { 179 | variableIdentifier := "db/password" 180 | 181 | conjur, err := createConjurClient(ApplianceURL, Account, Login, APIKey) 182 | require.NoError(t, err) 183 | cleanup, err := setupVariablePolicy(conjur, variableIdentifier) 184 | require.NoError(t, err) 185 | defer cleanup() 186 | 187 | secretValue := addSecretWithRandomValue(conjur, variableIdentifier) 188 | stdout, _, err := RunCommand(PackageName, variableIdentifier) 189 | 190 | require.NoError(t, err) 191 | assert.Equal(t, secretValue, stdout.String()) 192 | }) 193 | 194 | t.Run("Returns error on non-existent variable", func(t *testing.T) { 195 | assertCommandError(t, "non-existent-variable", "CONJ00076E Variable cucumber:variable:non-existent-variable is empty or not found") 196 | }) 197 | 198 | t.Run("Given a non-existent TokenFile is set", func(t *testing.T) { 199 | os.Setenv("CONJUR_AUTHN_TOKEN_FILE", "non-existent-token-file") 200 | 201 | t.Run("Waits for longer than a second", func(t *testing.T) { 202 | timeout := time.After(1 * time.Second) 203 | unexpectedResponse := make(chan struct{}) 204 | 205 | go func() { 206 | variableIdentifier := "existent-or-non-existent-variable" 207 | RunCommand(PackageName, variableIdentifier) 208 | unexpectedResponse <- struct{}{} 209 | }() 210 | 211 | select { 212 | case <-unexpectedResponse: 213 | assert.Fail(t, "unexpected response") 214 | case <-timeout: 215 | assert.True(t, true) 216 | } 217 | }) 218 | 219 | // Cleanup 220 | os.Unsetenv("CONJUR_AUTHN_TOKEN_FILE") 221 | }) 222 | }) 223 | 224 | t.Run("Given no authentication credentials", func(t *testing.T) { 225 | 226 | t.Run("Returns with error on non-existent variable", func(t *testing.T) { 227 | assertCommandError(t, "existent-or-non-existent-variable", "Failed creating a Conjur client") 228 | }) 229 | }) 230 | }) 231 | } 232 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | All notable changes to this project will be documented in this file. 3 | 4 | The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) 5 | and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). 6 | 7 | ## [Unreleased] 8 | 9 | ## [0.9.2] - 2025-11-10 10 | 11 | ### Changed 12 | - Upgrade Go to 1.25 (CONJSE-2067) 13 | 14 | ## [0.9.1] - 2025-10-28 15 | 16 | ### Added 17 | - Added `close-stale.yml` GitHub workflow 18 | 19 | ## [0.9.0] - 2025-10-27 20 | 21 | ### Added 22 | - Added support for authn-iam, authn-gcp, and authn-azure authenticators. (CNJR-11056) 23 | 24 | ## [0.8.2] - 2025-09-15 25 | 26 | ### Changed 27 | - Updated documentation to align with Conjur Enterprise name change to Secrets Manager. (CNJR-10977) 28 | 29 | ## [0.8.1] - 2025-07-23 30 | 31 | ### Changed 32 | - Upgrade Go to 1.24.x 33 | - Update Go dependencies to reflect conjur-api-go v0.13.2 34 | - Improve error handling for missing .netrc file. ([cyberark/summon-conjur#83](https://github.com/cyberark/summon-conjur/issues/83), CNJR-10190) 35 | 36 | ### Fixed 37 | - Fix inconsistent behavior when fetching large numbers of variables 38 | ([cyberark/summon#258](https://github.com/cyberark/summon/issues/258), CNJR-10325) 39 | 40 | ## [0.8.0] - 2024-06-06 41 | 42 | ### Changed 43 | - Updated provider to stream secrets instead and leverage new Summon API (CNJR-4814) 44 | - Upgraded Go to 1.22.4 45 | 46 | ## [0.7.2] - 2024-03-21 47 | 48 | ### Security 49 | - Upgrade Go to 1.22 (CONJSE-1842) 50 | 51 | ## [0.7.1] - 2023-06-14 52 | 53 | ### Security 54 | - Update golang.org/x/sys to v0.8.0, gopkg.in/yaml.v3 to v3.0.1, and Go to 1.20 55 | in Dockerfile.text 56 | [cyberark/summon-conjur#112](https://github.com/cyberark/summon-conjur/pull/112) 57 | 58 | ## [0.7.0] - 2023-03-10 59 | ### Added 60 | - Added support for Conjur's OIDC and LDAP authenticators 61 | [cyberark/summon-conjur#108](https://github.com/cyberark/summon-conjur/pull/108) 62 | 63 | ### Changed 64 | - Updated Golang to 1.19 65 | [cyberark/summon-conjur#108](https://github.com/cyberark/summon-conjur/pull/108) 66 | 67 | ### Security 68 | - Update golang.org/x/sys to v0.1.0 for CVE-2022-29526 (not vulnerable) 69 | [cyberark/summon-conjur#110](https://github.com/cyberark/summon-conjur/pull/110) 70 | 71 | ### Removed 72 | - Removed support for Conjur v4 73 | [cyberark/summon-conjur#108](https://github.com/cyberark/summon-conjur/pull/108) 74 | 75 | ## [0.6.4] - 2022-07-06 76 | ### Changed 77 | - Updated direct dependencies (github.com/cyberark/conjur-api-go -> v0.10.1, 78 | github.com/stretchr/testify -> 1.7.2) 79 | [cyberark/summon-conjur#106](https://github.com/cyberark/summon-conjur/pull/106) 80 | 81 | ## [0.6.3] - 2022-05-19 82 | ### Changed 83 | - Updated the Conjur API to 0.10.0 to support the new `CONJUR_AUTHN_JWT_HOST_ID` environment variable 84 | [cyberark/summon-conjur#103](https://github.com/cyberark/summon-conjur/pull/103/) 85 | 86 | ### Security 87 | - Update test env Golang to 1.17 to fix CVE-2022-0778 and CVE-2022-1292. 88 | [cyberark/summon-conjur#102](https://github.com/cyberark/summon-conjur/pull/102/) 89 | 90 | ## [0.6.2] - 2022-02-25 91 | ### Changed 92 | - Updated Conjur API to 0.9.0 to support authn-JWT 93 | [cyberark/summon-conjur#99](https://github.com/cyberark/summon-conjur/pull/99/) 94 | 95 | ## [0.6.1] - 2021-12-31 96 | ### Changed 97 | - Updated Golang to 1.17 and the Conjur API to 0.8.1 98 | [cyberark/summon-conjur#96](https://github.com/cyberark/summon-conjur/pull/96/) 99 | 100 | ## [0.6.0] - 2021-08-11 101 | ### Added 102 | - Build for Apple M1 silicon. 103 | [cyberark/summon-conjur#88](https://github.com/cyberark/summon-conjur/issues/88) 104 | 105 | ## [0.5.5] - 2021-06-01 106 | ### Security 107 | - Update golang.org/x/crypto to address CVE-2020-29652. 108 | [PR cyberark/summon-conjur#84](https://github.com/cyberark/summon-conjur/pull/84) 109 | 110 | ## [0.5.4] - 2021-03-16 111 | ### Added 112 | - Update conjur-api-go dependency to v0.7.1. 113 | - Preliminary support for building Solaris binaries. 114 | [cyberark/summon-conjur#67](https://github.com/cyberark/summon-conjur/issues/67) 115 | 116 | ### Fixed 117 | - Verbose debug output with the -v flag, silently lost in v0.5.3 due to changes 118 | to the logging interface in 119 | [conjur-api-go](https://github.com/cyberark/conjur-api-go), is reintroduced. 120 | [cyberark/summon-conjur#77](https://github.com/cyberark/summon-conjur/issues/77) 121 | 122 | ## [0.5.3] - 2019-02-06 123 | ### Changed 124 | - Go modules are now used for dependency management 125 | - Newer goreleaser syntax is used to build artifacts 126 | - Fixed issues with spaces in variable IDs (via conjur-api-go version increase) 127 | - Fixed issues with homedir pathing (via conjur-api-go version increase) 128 | 129 | ## [0.5.2] - 2018-08-06 130 | ### Added 131 | - deb and rpm packages 132 | - homebrew formula 133 | 134 | ### Changed 135 | - Update build/package process to use [goreleaser](https://github.com/goreleaser/goreleaser). 136 | 137 | ## [0.5.1] - 2018-07-19 138 | ### Added 139 | - Add some logging to help debug configuration [PR #31](https://github.com/cyberark/summon-conjur/pull/31). 140 | 141 | ### Changed 142 | - Update to the latest version of conjur-api-go. 143 | 144 | ## [0.5.0] - 2017-11-20 145 | ### Added 146 | - Support new v5 token format and summon-conjur version flag [PR #23](https://github.com/cyberark/summon-conjur/pull/23). 147 | 148 | ## [0.4.0] - 2017-09-19 149 | ### Changed 150 | - Support v4, https and configuration from machine identity files, [PR #20](https://github.com/cyberark/summon-conjur/pull/20). 151 | 152 | ## [0.3.0] - 2017-08-16 153 | ### Changed 154 | - Provider updated to use [cyberark/conjur-api-go](https://github.com/cyberark/conjur-api-go). This provides compatibility with [cyberark/conjur](https://github.com/cyberark/conjur), Conjur 5 CE. PR [#13](https://github.com/cyberark/summon-conjur/pull/13). 155 | 156 | ## [0.2.0] - 2016-07-20 157 | ### Added 158 | - `CONJUR_SSL_CERTIFICATE` can now be passed (content of cert file) [#3](https://github.com/conjurinc/summon-conjur/issues/3) 159 | - netrc file is now only read if required [#4](https://github.com/conjurinc/summon-conjur/issues/4) 160 | - `CONJUR_AUTHN_TOKEN` can now be used for identity [#5](https://github.com/conjurinc/summon-conjur/issues/5) 161 | 162 | ## [0.1.4] - 2016-02-29 163 | ### Fixed 164 | - A friendly error is now returned when no argument is given [GH-2](https://github.com/conjurinc/summon-conjur/issues/2) 165 | 166 | ## [0.1.3] - 2016-02-24 167 | ### Changed 168 | - Config now looks at `netrc_path` in conjurrc to find identity.file 169 | 170 | ## [0.1.2] - 2015-12-09 171 | ### Changed 172 | - Config now uses env var `CONJUR_AUTHN_API_KEY` instead of `CONJUR_API_KEY`. 173 | 174 | ## [0.1.1] - 2015-10-08 175 | ### Fixed 176 | - Fixed an issue authenticating hosts - `/` is now properly escaped. 177 | 178 | ## 0.1.0 - 2015-06-04 179 | ### Added 180 | - Initial release 181 | 182 | [Unreleased]: https://github.com/cyberark/summon-conjur/compare/v0.9.2...HEAD 183 | [0.9.2]: https://github.com/cyberark/summon-conjur/compare/v0.9.1...v0.9.2 184 | [0.9.1]: https://github.com/cyberark/summon-conjur/compare/v0.9.0...v0.9.1 185 | [0.9.0]: https://github.com/cyberark/summon-conjur/compare/v0.8.1...v0.9.0 186 | [0.8.1]: https://github.com/cyberark/summon-conjur/compare/v0.8.0...v0.8.1 187 | [0.8.0]: https://github.com/cyberark/summon-conjur/compare/v0.7.2...v0.8.0 188 | [0.7.2]: https://github.com/cyberark/summon-conjur/compare/v0.7.1...v0.7.2 189 | [0.7.1]: https://github.com/cyberark/summon-conjur/compare/v0.7.0...v0.7.1 190 | [0.7.0]: https://github.com/cyberark/summon-conjur/compare/v0.6.4...v0.7.0 191 | [0.6.4]: https://github.com/cyberark/summon-conjur/compare/v0.6.3...v0.6.4 192 | [0.6.3]: https://github.com/cyberark/summon-conjur/compare/v0.6.2...v0.6.3 193 | [0.6.2]: https://github.com/cyberark/summon-conjur/compare/v0.6.1...v0.6.2 194 | [0.6.1]: https://github.com/cyberark/summon-conjur/compare/v0.6.0...v0.6.1 195 | [0.6.0]: https://github.com/cyberark/summon-conjur/compare/v0.5.5...v0.6.0 196 | [0.5.5]: https://github.com/cyberark/summon-conjur/compare/v0.5.4...v0.5.5 197 | [0.5.4]: https://github.com/cyberark/summon-conjur/compare/v0.5.3...v0.5.4 198 | [0.5.3]: https://github.com/cyberark/summon-conjur/compare/v0.5.2...v0.5.3 199 | [0.5.2]: https://github.com/cyberark/summon-conjur/compare/v0.5.1...v0.5.2 200 | [0.5.1]: https://github.com/cyberark/summon-conjur/compare/v0.5.0...v0.5.1 201 | [0.5.0]: https://github.com/cyberark/summon-conjur/compare/v0.4.0...v0.5.0 202 | [0.4.0]: https://github.com/cyberark/summon-conjur/compare/v0.3.0...v0.4.0 203 | [0.3.0]: https://github.com/cyberark/summon-conjur/compare/v0.2.0...v0.3.0 204 | [0.2.0]: https://github.com/cyberark/summon-conjur/compare/v0.1.4...v0.2.0 205 | [0.1.4]: https://github.com/cyberark/summon-conjur/compare/v0.1.3...v0.1.4 206 | [0.1.3]: https://github.com/cyberark/summon-conjur/compare/v0.1.2...v0.1.3 207 | [0.1.2]: https://github.com/cyberark/summon-conjur/compare/v0.1.1...v0.1.2 208 | [0.1.1]: https://github.com/cyberark/summon-conjur/compare/v0.1.0...v0.1.1 209 | [0.1.0]: https://github.com/cyberark/summon-conjur/releases/tag/v0.1.0 210 | -------------------------------------------------------------------------------- /Jenkinsfile: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env groovy 2 | // 'product-pipelines-shared-library' draws from DevOps/product-pipelines-shared-library repository. 3 | // 'conjur-enterprise-sharedlib' draws from Conjur-Enterprise/jenkins-pipeline-library repository. 4 | // Point to a branch of a shared library by appending @my-branch-name to the library name 5 | @Library(['product-pipelines-shared-library', 'conjur-enterprise-sharedlib']) _ 6 | 7 | // Automated release, promotion and dependencies 8 | properties([ 9 | // Include the automated release parameters for the build 10 | release.addParams(), 11 | // Dependencies of the project that should trigger builds 12 | dependencies([]) 13 | ]) 14 | 15 | // Performs release promotion. No other stages will be run 16 | if (params.MODE == "PROMOTE") { 17 | release.promote(params.VERSION_TO_PROMOTE) { infrapool, sourceVersion, targetVersion, assetDirectory -> 18 | // Any assets from sourceVersion Github release are available in assetDirectory 19 | // Any version number updates from sourceVersion to targetVersion occur here 20 | // Any publishing of targetVersion artifacts occur here 21 | // Anything added to assetDirectory will be attached to the Github Release 22 | } 23 | 24 | release.copyEnterpriseRelease(params.VERSION_TO_PROMOTE) 25 | return 26 | } 27 | 28 | pipeline { 29 | agent { label 'conjur-enterprise-common-agent' } 30 | 31 | options { 32 | timestamps() 33 | buildDiscarder(logRotator(numToKeepStr: '30')) 34 | } 35 | 36 | environment { 37 | // Sets the MODE to the specified or autocalculated value as appropriate 38 | MODE = release.canonicalizeMode() 39 | } 40 | 41 | triggers { 42 | cron(getDailyCronString()) 43 | parameterizedCron(""" 44 | ${getDailyCronString("%TEST_AZURE=true;TEST_GCP=true")} 45 | ${getWeeklyCronString("H(1-5)", "%MODE=RELEASE")} 46 | """) 47 | } 48 | 49 | parameters { 50 | booleanParam(name: 'TEST_AZURE', defaultValue: false, description: 'Run integration tests against Azure') 51 | booleanParam(name: 'TEST_GCP', defaultValue: false, description: 'Run integration tests against GCP') 52 | } 53 | 54 | stages { 55 | // Aborts any builds triggered by another project that wouldn't include any changes 56 | stage ("Skip build if triggering job didn't create a release") { 57 | when { 58 | expression { 59 | MODE == "SKIP" 60 | } 61 | } 62 | steps { 63 | script { 64 | currentBuild.result = 'ABORTED' 65 | error("Aborting build because this build was triggered from upstream, but no release was built") 66 | } 67 | } 68 | } 69 | 70 | stage('Scan for internal URLs') { 71 | steps { 72 | script { 73 | detectInternalUrls() 74 | } 75 | } 76 | } 77 | 78 | stage('Get InfraPool ExecutorV2 Agent') { 79 | steps { 80 | script { 81 | // Request ExecutorV2 agents for 1 hour(s) 82 | infrapool = getInfraPoolAgent.connected(type: "ExecutorV2", quantity: 1, duration: 1)[0] 83 | 84 | // Request additional executors for cloud specific tests 85 | if (params.TEST_AZURE) { 86 | INFRAPOOL_AZURE_EXECUTORV2_AGENT_0 = getInfraPoolAgent.connected(type: "AzureExecutorV2", quantity: 1, duration: 1)[0] 87 | } 88 | if (params.TEST_GCP){ 89 | INFRAPOOL_GCP_EXECUTORV2_AGENT_0 = getInfraPoolAgent.connected(type: "GcpExecutorV2", quantity: 1, duration: 1)[0] 90 | } 91 | } 92 | } 93 | } 94 | 95 | stage('Get latest upstream dependencies') { 96 | steps { 97 | script { 98 | updatePrivateGoDependencies("${WORKSPACE}/go.mod") 99 | // Copy the vendor directory onto infrapool 100 | infrapool.agentPut from: "vendor", to: "${WORKSPACE}" 101 | infrapool.agentPut from: "go.*", to: "${WORKSPACE}" 102 | } 103 | } 104 | } 105 | 106 | // Generates a VERSION file based on the current build number and latest version in CHANGELOG.md 107 | stage('Validate changelog and set version') { 108 | steps { 109 | script { 110 | updateVersion(infrapool, "CHANGELOG.md", "${BUILD_NUMBER}") 111 | 112 | if (params.TEST_AZURE) { 113 | updateVersion(INFRAPOOL_AZURE_EXECUTORV2_AGENT_0, "CHANGELOG.md", "${BUILD_NUMBER}") 114 | } 115 | if (params.TEST_GCP) { 116 | updateVersion(INFRAPOOL_GCP_EXECUTORV2_AGENT_0, "CHANGELOG.md", "${BUILD_NUMBER}") 117 | } 118 | } 119 | } 120 | } 121 | 122 | stage('Run tests') { 123 | environment { 124 | INFRAPOOL_REGISTRY_URL = "registry.tld" 125 | INFRAPOOL_TEST_AWS=true 126 | } 127 | steps { 128 | script { 129 | infrapool.agentSh './bin/test.sh' 130 | infrapool.agentStash name: 'output-xml', includes: 'output/*.xml' 131 | unstash 'output-xml' 132 | junit 'output/junit.xml' 133 | cobertura autoUpdateHealth: false, autoUpdateStability: false, coberturaReportFile: 'output/coverage.xml', conditionalCoverageTargets: '70, 0, 70', failUnhealthy: true, failUnstable: false, lineCoverageTargets: '70, 0, 70', maxNumberOfBuilds: 0, methodCoverageTargets: '70, 0, 70', onlyStable: false, sourceEncoding: 'ASCII', zoomCoverageChart: false 134 | infrapool.agentSh 'cp output/c.out .' 135 | codacy action: 'reportCoverage', filePath: "output/coverage.xml" 136 | } 137 | } 138 | } 139 | 140 | stage('Run Azure tests') { 141 | when { 142 | expression { params.TEST_AZURE } 143 | } 144 | environment { 145 | REGISTRY_URL = "registry.tld" 146 | INFRAPOOL_TEST_AZURE=true 147 | } 148 | steps { 149 | script { 150 | INFRAPOOL_AZURE_EXECUTORV2_AGENT_0.agentSh 'summon ./bin/test.sh' 151 | } 152 | } 153 | } 154 | 155 | stage('Run GCP tests') { 156 | when { 157 | expression { params.TEST_GCP } 158 | } 159 | environment { 160 | REGISTRY_URL = "registry.tld" 161 | INFRAPOOL_TEST_GCP=true 162 | INFRAPOOL_CONJUR_AUTHN_LOGIN="test-app" 163 | } 164 | steps { 165 | script { 166 | INFRAPOOL_GCP_EXECUTORV2_AGENT_0.agentSh "./bin/get_gcp_token.sh host/test-app cucumber gcp" 167 | INFRAPOOL_GCP_EXECUTORV2_AGENT_0.agentStash name: 'token-out', includes: "gcp/*" 168 | GCP_TOKEN_STASHED = true 169 | infrapool.agentUnstash name: 'token-out' 170 | infrapool.agentSh "./bin/test.sh" 171 | } 172 | } 173 | } 174 | 175 | stage('Build Release Artifacts') { 176 | steps { 177 | script { 178 | infrapool.agentDir('./pristine-checkout') { 179 | // Go releaser requires a pristine checkout 180 | checkout scm 181 | 182 | // Copy the checkout content onto infrapool 183 | infrapool.agentPut from: "./", to: "." 184 | 185 | // Copy VERSION info into prisitine folder 186 | infrapool.agentSh "cp ../VERSION ./VERSION" 187 | 188 | infrapool.agentSh './build.sh --snapshot' 189 | infrapool.agentArchiveArtifacts artifacts: 'dist/goreleaser/' 190 | } 191 | } 192 | } 193 | } 194 | 195 | stage('Release') { 196 | when { 197 | expression { 198 | MODE == "RELEASE" 199 | } 200 | } 201 | steps { 202 | script { 203 | release(infrapool) { billOfMaterialsDirectory, assetDirectory, toolsDirectory -> 204 | // Publish release artifacts to all the appropriate locations 205 | // Copy any artifacts to assetDirectory to attach them to the Github release 206 | 207 | // Copy assets to be published in Github release. 208 | // Next step: https://teams.microsoft.com/l/message/19:6f977a4fd8824acbbd91603a796bc0cf@thread.skype/1720802784680?tenantId=dc5c35ed-5102-4908-9a31-244d3e0134c6&groupId=4ef75e39-cd4a-4b26-a225-b3833f31f1b2&parentMessageId=1720011926933&teamName=Secrets%20Manager%20HQ&channelName=Infrastructure&createdTime=1720802784680 209 | infrapool.agentSh "${toolsDirectory}/bin/copy_goreleaser_artifacts ${assetDirectory}" 210 | 211 | // Create Go application SBOM using the go.mod version for the golang container image 212 | infrapool.agentSh """export PATH="${toolsDirectory}/bin:${PATH}" && go-bom --tools "${toolsDirectory}" --go-mod ./go.mod --image "golang" --main "cmd/" --output "${billOfMaterialsDirectory}/go-app-bom.json" """ 213 | // Create Go module SBOM 214 | infrapool.agentSh """export PATH="${toolsDirectory}/bin:${PATH}" && go-bom --tools "${toolsDirectory}" --go-mod ./go.mod --image "golang" --output "${billOfMaterialsDirectory}/go-mod-bom.json" """ 215 | } 216 | } 217 | } 218 | } 219 | } 220 | 221 | post { 222 | always { 223 | script { 224 | releaseInfraPoolAgent(".infrapool/release_agents") 225 | // Resolve ownership issue before running infra post hook 226 | sh 'git config --global --add safe.directory ${PWD}' 227 | infraPostHook() 228 | } 229 | } 230 | } 231 | } 232 | -------------------------------------------------------------------------------- /notices.tpl: -------------------------------------------------------------------------------- 1 | =============== TABLE OF CONTENTS ============================= 2 | 3 | 4 | The following is a listing of the open source components detailed in 5 | this document. This list is provided for your convenience; please read 6 | further if you wish to review the copyright notice(s) and the full text 7 | of the license associated with each component. 8 | 9 | SECTION 1: Apache License 2.0 10 | {{ range . }} 11 | {{- if eq .LicenseName "Apache-2.0" }} 12 | >>> {{ .Name }}-{{ slice .Version 1 }} 13 | {{- end -}} 14 | {{end}} 15 | 16 | SECTION 2: BSD 3-clause "New" or "Revised" License 17 | {{ range . }} 18 | {{- if eq .LicenseName "BSD-3-Clause" }} 19 | >>> {{ .Name }}-{{ slice .Version 1 }} 20 | {{- end -}} 21 | {{end}} 22 | 23 | SECTION 3: MIT License 24 | {{ range . }} 25 | {{- if eq .LicenseName "MIT" }} 26 | >>> {{ .Name }}-{{ slice .Version 1 }} 27 | {{- end -}} 28 | {{end}} 29 | 30 | SECTION 4: ISC License 31 | {{ range . }} 32 | {{- if eq .LicenseName "ISC" }} 33 | >>> {{ .Name }}-{{ slice .Version 1 }} 34 | {{- end -}} 35 | {{end}} 36 | 37 | 38 | --------------- SECTION 1: Apache License 2.0 ---------- 39 | 40 | Apache License 2.0 is applicable to the following component(s). 41 | {{ range . }} 42 | {{- if eq .LicenseName "Apache-2.0" }} 43 | >>> {{ .Name }}-{{ slice .Version 1 }} 44 | 45 | {{ .LicenseText }} 46 | {{ end -}} 47 | {{end}} 48 | --------------- SECTION 2: BSD 3-clause "New" or "Revised" License ---------- 49 | 50 | BSD 3-clause "New" or "Revised" License is applicable to the following component(s). 51 | {{ range . }} 52 | {{- if eq .LicenseName "BSD-3-Clause" }} 53 | >>> {{ .Name }}-{{ slice .Version 1 }} 54 | 55 | {{ .LicenseText }} 56 | {{ end -}} 57 | {{end}} 58 | --------------- SECTION 3: MIT License ---------- 59 | 60 | MIT License is applicable to the following component(s). 61 | {{ range . }} 62 | {{- if eq .LicenseName "MIT" }} 63 | >>> {{ .Name }}-{{ slice .Version 1 }} 64 | 65 | {{ .LicenseText }} 66 | {{ end -}} 67 | {{end}} 68 | --------------- SECTION 4: ISC License ---------- 69 | 70 | ISC License is applicable to the following component(s). 71 | {{ range . }} 72 | {{- if eq .LicenseName "ISC" }} 73 | >>> {{ .Name }}-{{ slice .Version 1 }} 74 | 75 | {{ .LicenseText }} 76 | {{ end -}} 77 | {{end}} 78 | =============== APPENDIX: License Files and Templates ============== 79 | 80 | 81 | 82 | --------------- APPENDIX 1: Apache License 2.0 (Template) ----------- 83 | 84 | Apache License 85 | Version 2.0, January 2004 86 | http://www.apache.org/licenses/ 87 | 88 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 89 | 90 | 1. Definitions. 91 | 92 | "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. 93 | 94 | "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. 95 | 96 | "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. 97 | 98 | "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. 99 | 100 | "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. 101 | 102 | "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. 103 | 104 | "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). 105 | 106 | "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. 107 | 108 | "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." 109 | 110 | "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 111 | 112 | 2. Grant of Copyright License. 113 | 114 | Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 115 | 116 | 3. Grant of Patent License. 117 | 118 | Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 119 | 120 | 4. Redistribution. 121 | 122 | You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: 123 | 124 | You must give any other recipients of the Work or Derivative Works a copy of this License; and 125 | You must cause any modified files to carry prominent notices stating that You changed the files; and 126 | You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and 127 | If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. 128 | 129 | You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. 132 | 133 | Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 134 | 135 | 6. Trademarks. 136 | 137 | This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 138 | 139 | 7. Disclaimer of Warranty. 140 | 141 | Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 142 | 143 | 8. Limitation of Liability. 144 | 145 | In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 146 | 147 | 9. Accepting Warranty or Additional Liability. 148 | 149 | While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. 150 | 151 | END OF TERMS AND CONDITIONS 152 | 153 | APPENDIX: How to apply the Apache License to your work 154 | 155 | To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. 156 | 157 | Copyright [yyyy] [name of copyright owner] 158 | 159 | Licensed under the Apache License, Version 2.0 (the "License"); 160 | you may not use this file except in compliance with the License. 161 | You may obtain a copy of the License at 162 | 163 | http://www.apache.org/licenses/LICENSE-2.0 164 | 165 | Unless required by applicable law or agreed to in writing, software 166 | distributed under the License is distributed on an "AS IS" BASIS, 167 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 168 | See the License for the specific language governing permissions and 169 | limitations under the License. 170 | 171 | 172 | --------------- APPENDIX 2: BSD 3-clause "New" or "Revised" License (Template) ----------- 173 | 174 | Copyright 175 | 176 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 177 | 178 | 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 179 | 180 | 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 181 | 182 | 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. 183 | 184 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 185 | 186 | 187 | --------------- APPENDIX 3: MIT License (Template) ----------- 188 | 189 | Copyright 190 | 191 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 192 | 193 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 194 | 195 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 196 | 197 | 198 | --------------- APPENDIX 4: ISC License (Template) ----------- 199 | 200 | Copyright (c) 201 | 202 | Permission to use, copy, modify, and/or distribute this software for any 203 | purpose with or without fee is hereby granted, provided that the above 204 | copyright notice and this permission notice appear in all copies. 205 | 206 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 207 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 208 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 209 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 210 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 211 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 212 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 213 | -------------------------------------------------------------------------------- /NOTICES.txt: -------------------------------------------------------------------------------- 1 | =============== TABLE OF CONTENTS ============================= 2 | 3 | 4 | The following is a listing of the open source components detailed in 5 | this document. This list is provided for your convenience; please read 6 | further if you wish to review the copyright notice(s) and the full text 7 | of the license associated with each component. 8 | 9 | SECTION 1: Apache License 2.0 10 | 11 | >>> github.com/cyberark/conjur-api-go/conjurapi-0.12.13 12 | >>> gopkg.in/yaml.v2-2.4.0 13 | 14 | SECTION 2: BSD 3-clause "New" or "Revised" License 15 | 16 | >>> github.com/karrick/golf-1.7.0 17 | >>> golang.org/x/sys/unix-0.31.0 18 | 19 | SECTION 3: MIT License 20 | 21 | >>> al.essio.dev/pkg/shellescape-1.6.0 22 | >>> github.com/Masterminds/semver/v3-3.3.1 23 | >>> github.com/bgentry/go-netrc/netrc-0.0.0-20140422174119-9fd32a8b3d3d 24 | >>> github.com/sirupsen/logrus-1.9.3 25 | >>> github.com/zalando/go-keyring-0.2.6 26 | 27 | SECTION 4: ISC License 28 | 29 | 30 | 31 | --------------- SECTION 1: Apache License 2.0 ---------- 32 | 33 | Apache License 2.0 is applicable to the following component(s). 34 | 35 | >>> github.com/cyberark/conjur-api-go/conjurapi-0.12.13 36 | 37 | 38 | Apache License 39 | Version 2.0, January 2004 40 | http://www.apache.org/licenses/ 41 | 42 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 43 | 44 | 1. Definitions. 45 | 46 | "License" shall mean the terms and conditions for use, reproduction, 47 | and distribution as defined by Sections 1 through 9 of this document. 48 | 49 | "Licensor" shall mean the copyright owner or entity authorized by 50 | the copyright owner that is granting the License. 51 | 52 | "Legal Entity" shall mean the union of the acting entity and all 53 | other entities that control, are controlled by, or are under common 54 | control with that entity. For the purposes of this definition, 55 | "control" means (i) the power, direct or indirect, to cause the 56 | direction or management of such entity, whether by contract or 57 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 58 | outstanding shares, or (iii) beneficial ownership of such entity. 59 | 60 | "You" (or "Your") shall mean an individual or Legal Entity 61 | exercising permissions granted by this License. 62 | 63 | "Source" form shall mean the preferred form for making modifications, 64 | including but not limited to software source code, documentation 65 | source, and configuration files. 66 | 67 | "Object" form shall mean any form resulting from mechanical 68 | transformation or translation of a Source form, including but 69 | not limited to compiled object code, generated documentation, 70 | and conversions to other media types. 71 | 72 | "Work" shall mean the work of authorship, whether in Source or 73 | Object form, made available under the License, as indicated by a 74 | copyright notice that is included in or attached to the work 75 | (an example is provided in the Appendix below). 76 | 77 | "Derivative Works" shall mean any work, whether in Source or Object 78 | form, that is based on (or derived from) the Work and for which the 79 | editorial revisions, annotations, elaborations, or other modifications 80 | represent, as a whole, an original work of authorship. For the purposes 81 | of this License, Derivative Works shall not include works that remain 82 | separable from, or merely link (or bind by name) to the interfaces of, 83 | the Work and Derivative Works thereof. 84 | 85 | "Contribution" shall mean any work of authorship, including 86 | the original version of the Work and any modifications or additions 87 | to that Work or Derivative Works thereof, that is intentionally 88 | submitted to Licensor for inclusion in the Work by the copyright owner 89 | or by an individual or Legal Entity authorized to submit on behalf of 90 | the copyright owner. For the purposes of this definition, "submitted" 91 | means any form of electronic, verbal, or written communication sent 92 | to the Licensor or its representatives, including but not limited to 93 | communication on electronic mailing lists, source code control systems, 94 | and issue tracking systems that are managed by, or on behalf of, the 95 | Licensor for the purpose of discussing and improving the Work, but 96 | excluding communication that is conspicuously marked or otherwise 97 | designated in writing by the copyright owner as "Not a Contribution." 98 | 99 | "Contributor" shall mean Licensor and any individual or Legal Entity 100 | on behalf of whom a Contribution has been received by Licensor and 101 | subsequently incorporated within the Work. 102 | 103 | 2. Grant of Copyright License. Subject to the terms and conditions of 104 | this License, each Contributor hereby grants to You a perpetual, 105 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 106 | copyright license to reproduce, prepare Derivative Works of, 107 | publicly display, publicly perform, sublicense, and distribute the 108 | Work and such Derivative Works in Source or Object form. 109 | 110 | 3. Grant of Patent License. Subject to the terms and conditions of 111 | this License, each Contributor hereby grants to You a perpetual, 112 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 113 | (except as stated in this section) patent license to make, have made, 114 | use, offer to sell, sell, import, and otherwise transfer the Work, 115 | where such license applies only to those patent claims licensable 116 | by such Contributor that are necessarily infringed by their 117 | Contribution(s) alone or by combination of their Contribution(s) 118 | with the Work to which such Contribution(s) was submitted. If You 119 | institute patent litigation against any entity (including a 120 | cross-claim or counterclaim in a lawsuit) alleging that the Work 121 | or a Contribution incorporated within the Work constitutes direct 122 | or contributory patent infringement, then any patent licenses 123 | granted to You under this License for that Work shall terminate 124 | as of the date such litigation is filed. 125 | 126 | 4. Redistribution. You may reproduce and distribute copies of the 127 | Work or Derivative Works thereof in any medium, with or without 128 | modifications, and in Source or Object form, provided that You 129 | meet the following conditions: 130 | 131 | (a) You must give any other recipients of the Work or 132 | Derivative Works a copy of this License; and 133 | 134 | (b) You must cause any modified files to carry prominent notices 135 | stating that You changed the files; and 136 | 137 | (c) You must retain, in the Source form of any Derivative Works 138 | that You distribute, all copyright, patent, trademark, and 139 | attribution notices from the Source form of the Work, 140 | excluding those notices that do not pertain to any part of 141 | the Derivative Works; and 142 | 143 | (d) If the Work includes a "NOTICE" text file as part of its 144 | distribution, then any Derivative Works that You distribute must 145 | include a readable copy of the attribution notices contained 146 | within such NOTICE file, excluding those notices that do not 147 | pertain to any part of the Derivative Works, in at least one 148 | of the following places: within a NOTICE text file distributed 149 | as part of the Derivative Works; within the Source form or 150 | documentation, if provided along with the Derivative Works; or, 151 | within a display generated by the Derivative Works, if and 152 | wherever such third-party notices normally appear. The contents 153 | of the NOTICE file are for informational purposes only and 154 | do not modify the License. You may add Your own attribution 155 | notices within Derivative Works that You distribute, alongside 156 | or as an addendum to the NOTICE text from the Work, provided 157 | that such additional attribution notices cannot be construed 158 | as modifying the License. 159 | 160 | You may add Your own copyright statement to Your modifications and 161 | may provide additional or different license terms and conditions 162 | for use, reproduction, or distribution of Your modifications, or 163 | for any such Derivative Works as a whole, provided Your use, 164 | reproduction, and distribution of the Work otherwise complies with 165 | the conditions stated in this License. 166 | 167 | 5. Submission of Contributions. Unless You explicitly state otherwise, 168 | any Contribution intentionally submitted for inclusion in the Work 169 | by You to the Licensor shall be under the terms and conditions of 170 | this License, without any additional terms or conditions. 171 | Notwithstanding the above, nothing herein shall supersede or modify 172 | the terms of any separate license agreement you may have executed 173 | with Licensor regarding such Contributions. 174 | 175 | 6. Trademarks. This License does not grant permission to use the trade 176 | names, trademarks, service marks, or product names of the Licensor, 177 | except as required for reasonable and customary use in describing the 178 | origin of the Work and reproducing the content of the NOTICE file. 179 | 180 | 7. Disclaimer of Warranty. Unless required by applicable law or 181 | agreed to in writing, Licensor provides the Work (and each 182 | Contributor provides its Contributions) on an "AS IS" BASIS, 183 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 184 | implied, including, without limitation, any warranties or conditions 185 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 186 | PARTICULAR PURPOSE. You are solely responsible for determining the 187 | appropriateness of using or redistributing the Work and assume any 188 | risks associated with Your exercise of permissions under this License. 189 | 190 | 8. Limitation of Liability. In no event and under no legal theory, 191 | whether in tort (including negligence), contract, or otherwise, 192 | unless required by applicable law (such as deliberate and grossly 193 | negligent acts) or agreed to in writing, shall any Contributor be 194 | liable to You for damages, including any direct, indirect, special, 195 | incidental, or consequential damages of any character arising as a 196 | result of this License or out of the use or inability to use the 197 | Work (including but not limited to damages for loss of goodwill, 198 | work stoppage, computer failure or malfunction, or any and all 199 | other commercial damages or losses), even if such Contributor 200 | has been advised of the possibility of such damages. 201 | 202 | 9. Accepting Warranty or Additional Liability. While redistributing 203 | the Work or Derivative Works thereof, You may choose to offer, 204 | and charge a fee for, acceptance of support, warranty, indemnity, 205 | or other liability obligations and/or rights consistent with this 206 | License. However, in accepting such obligations, You may act only 207 | on Your own behalf and on Your sole responsibility, not on behalf 208 | of any other Contributor, and only if You agree to indemnify, 209 | defend, and hold each Contributor harmless for any liability 210 | incurred by, or claims asserted against, such Contributor by reason 211 | of your accepting any such warranty or additional liability. 212 | 213 | END OF TERMS AND CONDITIONS 214 | 215 | APPENDIX: How to apply the Apache License to your work. 216 | 217 | To apply the Apache License to your work, attach the following 218 | boilerplate notice, with the fields enclosed by brackets "[]" 219 | replaced with your own identifying information. (Don't include 220 | the brackets!) The text should be enclosed in the appropriate 221 | comment syntax for the file format. We also recommend that a 222 | file or class name and description of purpose be included on the 223 | same "printed page" as the copyright notice for easier 224 | identification within third-party archives. 225 | 226 | Copyright (c) 2022 CyberArk Software Ltd. All rights reserved. 227 | 228 | Licensed under the Apache License, Version 2.0 (the "License"); 229 | you may not use this file except in compliance with the License. 230 | You may obtain a copy of the License at 231 | 232 | http://www.apache.org/licenses/LICENSE-2.0 233 | 234 | Unless required by applicable law or agreed to in writing, software 235 | distributed under the License is distributed on an "AS IS" BASIS, 236 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 237 | See the License for the specific language governing permissions and 238 | limitations under the License. 239 | 240 | 241 | >>> gopkg.in/yaml.v2-2.4.0 242 | 243 | Apache License 244 | Version 2.0, January 2004 245 | http://www.apache.org/licenses/ 246 | 247 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 248 | 249 | 1. Definitions. 250 | 251 | "License" shall mean the terms and conditions for use, reproduction, 252 | and distribution as defined by Sections 1 through 9 of this document. 253 | 254 | "Licensor" shall mean the copyright owner or entity authorized by 255 | the copyright owner that is granting the License. 256 | 257 | "Legal Entity" shall mean the union of the acting entity and all 258 | other entities that control, are controlled by, or are under common 259 | control with that entity. For the purposes of this definition, 260 | "control" means (i) the power, direct or indirect, to cause the 261 | direction or management of such entity, whether by contract or 262 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 263 | outstanding shares, or (iii) beneficial ownership of such entity. 264 | 265 | "You" (or "Your") shall mean an individual or Legal Entity 266 | exercising permissions granted by this License. 267 | 268 | "Source" form shall mean the preferred form for making modifications, 269 | including but not limited to software source code, documentation 270 | source, and configuration files. 271 | 272 | "Object" form shall mean any form resulting from mechanical 273 | transformation or translation of a Source form, including but 274 | not limited to compiled object code, generated documentation, 275 | and conversions to other media types. 276 | 277 | "Work" shall mean the work of authorship, whether in Source or 278 | Object form, made available under the License, as indicated by a 279 | copyright notice that is included in or attached to the work 280 | (an example is provided in the Appendix below). 281 | 282 | "Derivative Works" shall mean any work, whether in Source or Object 283 | form, that is based on (or derived from) the Work and for which the 284 | editorial revisions, annotations, elaborations, or other modifications 285 | represent, as a whole, an original work of authorship. For the purposes 286 | of this License, Derivative Works shall not include works that remain 287 | separable from, or merely link (or bind by name) to the interfaces of, 288 | the Work and Derivative Works thereof. 289 | 290 | "Contribution" shall mean any work of authorship, including 291 | the original version of the Work and any modifications or additions 292 | to that Work or Derivative Works thereof, that is intentionally 293 | submitted to Licensor for inclusion in the Work by the copyright owner 294 | or by an individual or Legal Entity authorized to submit on behalf of 295 | the copyright owner. For the purposes of this definition, "submitted" 296 | means any form of electronic, verbal, or written communication sent 297 | to the Licensor or its representatives, including but not limited to 298 | communication on electronic mailing lists, source code control systems, 299 | and issue tracking systems that are managed by, or on behalf of, the 300 | Licensor for the purpose of discussing and improving the Work, but 301 | excluding communication that is conspicuously marked or otherwise 302 | designated in writing by the copyright owner as "Not a Contribution." 303 | 304 | "Contributor" shall mean Licensor and any individual or Legal Entity 305 | on behalf of whom a Contribution has been received by Licensor and 306 | subsequently incorporated within the Work. 307 | 308 | 2. Grant of Copyright License. Subject to the terms and conditions of 309 | this License, each Contributor hereby grants to You a perpetual, 310 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 311 | copyright license to reproduce, prepare Derivative Works of, 312 | publicly display, publicly perform, sublicense, and distribute the 313 | Work and such Derivative Works in Source or Object form. 314 | 315 | 3. Grant of Patent License. Subject to the terms and conditions of 316 | this License, each Contributor hereby grants to You a perpetual, 317 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 318 | (except as stated in this section) patent license to make, have made, 319 | use, offer to sell, sell, import, and otherwise transfer the Work, 320 | where such license applies only to those patent claims licensable 321 | by such Contributor that are necessarily infringed by their 322 | Contribution(s) alone or by combination of their Contribution(s) 323 | with the Work to which such Contribution(s) was submitted. If You 324 | institute patent litigation against any entity (including a 325 | cross-claim or counterclaim in a lawsuit) alleging that the Work 326 | or a Contribution incorporated within the Work constitutes direct 327 | or contributory patent infringement, then any patent licenses 328 | granted to You under this License for that Work shall terminate 329 | as of the date such litigation is filed. 330 | 331 | 4. Redistribution. You may reproduce and distribute copies of the 332 | Work or Derivative Works thereof in any medium, with or without 333 | modifications, and in Source or Object form, provided that You 334 | meet the following conditions: 335 | 336 | (a) You must give any other recipients of the Work or 337 | Derivative Works a copy of this License; and 338 | 339 | (b) You must cause any modified files to carry prominent notices 340 | stating that You changed the files; and 341 | 342 | (c) You must retain, in the Source form of any Derivative Works 343 | that You distribute, all copyright, patent, trademark, and 344 | attribution notices from the Source form of the Work, 345 | excluding those notices that do not pertain to any part of 346 | the Derivative Works; and 347 | 348 | (d) If the Work includes a "NOTICE" text file as part of its 349 | distribution, then any Derivative Works that You distribute must 350 | include a readable copy of the attribution notices contained 351 | within such NOTICE file, excluding those notices that do not 352 | pertain to any part of the Derivative Works, in at least one 353 | of the following places: within a NOTICE text file distributed 354 | as part of the Derivative Works; within the Source form or 355 | documentation, if provided along with the Derivative Works; or, 356 | within a display generated by the Derivative Works, if and 357 | wherever such third-party notices normally appear. The contents 358 | of the NOTICE file are for informational purposes only and 359 | do not modify the License. You may add Your own attribution 360 | notices within Derivative Works that You distribute, alongside 361 | or as an addendum to the NOTICE text from the Work, provided 362 | that such additional attribution notices cannot be construed 363 | as modifying the License. 364 | 365 | You may add Your own copyright statement to Your modifications and 366 | may provide additional or different license terms and conditions 367 | for use, reproduction, or distribution of Your modifications, or 368 | for any such Derivative Works as a whole, provided Your use, 369 | reproduction, and distribution of the Work otherwise complies with 370 | the conditions stated in this License. 371 | 372 | 5. Submission of Contributions. Unless You explicitly state otherwise, 373 | any Contribution intentionally submitted for inclusion in the Work 374 | by You to the Licensor shall be under the terms and conditions of 375 | this License, without any additional terms or conditions. 376 | Notwithstanding the above, nothing herein shall supersede or modify 377 | the terms of any separate license agreement you may have executed 378 | with Licensor regarding such Contributions. 379 | 380 | 6. Trademarks. This License does not grant permission to use the trade 381 | names, trademarks, service marks, or product names of the Licensor, 382 | except as required for reasonable and customary use in describing the 383 | origin of the Work and reproducing the content of the NOTICE file. 384 | 385 | 7. Disclaimer of Warranty. Unless required by applicable law or 386 | agreed to in writing, Licensor provides the Work (and each 387 | Contributor provides its Contributions) on an "AS IS" BASIS, 388 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 389 | implied, including, without limitation, any warranties or conditions 390 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 391 | PARTICULAR PURPOSE. You are solely responsible for determining the 392 | appropriateness of using or redistributing the Work and assume any 393 | risks associated with Your exercise of permissions under this License. 394 | 395 | 8. Limitation of Liability. In no event and under no legal theory, 396 | whether in tort (including negligence), contract, or otherwise, 397 | unless required by applicable law (such as deliberate and grossly 398 | negligent acts) or agreed to in writing, shall any Contributor be 399 | liable to You for damages, including any direct, indirect, special, 400 | incidental, or consequential damages of any character arising as a 401 | result of this License or out of the use or inability to use the 402 | Work (including but not limited to damages for loss of goodwill, 403 | work stoppage, computer failure or malfunction, or any and all 404 | other commercial damages or losses), even if such Contributor 405 | has been advised of the possibility of such damages. 406 | 407 | 9. Accepting Warranty or Additional Liability. While redistributing 408 | the Work or Derivative Works thereof, You may choose to offer, 409 | and charge a fee for, acceptance of support, warranty, indemnity, 410 | or other liability obligations and/or rights consistent with this 411 | License. However, in accepting such obligations, You may act only 412 | on Your own behalf and on Your sole responsibility, not on behalf 413 | of any other Contributor, and only if You agree to indemnify, 414 | defend, and hold each Contributor harmless for any liability 415 | incurred by, or claims asserted against, such Contributor by reason 416 | of your accepting any such warranty or additional liability. 417 | 418 | END OF TERMS AND CONDITIONS 419 | 420 | APPENDIX: How to apply the Apache License to your work. 421 | 422 | To apply the Apache License to your work, attach the following 423 | boilerplate notice, with the fields enclosed by brackets "{}" 424 | replaced with your own identifying information. (Don't include 425 | the brackets!) The text should be enclosed in the appropriate 426 | comment syntax for the file format. We also recommend that a 427 | file or class name and description of purpose be included on the 428 | same "printed page" as the copyright notice for easier 429 | identification within third-party archives. 430 | 431 | Copyright {yyyy} {name of copyright owner} 432 | 433 | Licensed under the Apache License, Version 2.0 (the "License"); 434 | you may not use this file except in compliance with the License. 435 | You may obtain a copy of the License at 436 | 437 | http://www.apache.org/licenses/LICENSE-2.0 438 | 439 | Unless required by applicable law or agreed to in writing, software 440 | distributed under the License is distributed on an "AS IS" BASIS, 441 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 442 | See the License for the specific language governing permissions and 443 | limitations under the License. 444 | 445 | 446 | --------------- SECTION 2: BSD 3-clause "New" or "Revised" License ---------- 447 | 448 | BSD 3-clause "New" or "Revised" License is applicable to the following component(s). 449 | 450 | >>> github.com/karrick/golf-1.7.0 451 | 452 | BSD 3-Clause License 453 | 454 | Copyright (c) 2018, Karrick McDermott 455 | All rights reserved. 456 | 457 | Redistribution and use in source and binary forms, with or without 458 | modification, are permitted provided that the following conditions are met: 459 | 460 | * Redistributions of source code must retain the above copyright notice, this 461 | list of conditions and the following disclaimer. 462 | 463 | * Redistributions in binary form must reproduce the above copyright notice, 464 | this list of conditions and the following disclaimer in the documentation 465 | and/or other materials provided with the distribution. 466 | 467 | * Neither the name of the copyright holder nor the names of its 468 | contributors may be used to endorse or promote products derived from 469 | this software without specific prior written permission. 470 | 471 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 472 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 473 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 474 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 475 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 476 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 477 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 478 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 479 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 480 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 481 | 482 | 483 | >>> golang.org/x/sys/unix-0.31.0 484 | 485 | Copyright 2009 The Go Authors. 486 | 487 | Redistribution and use in source and binary forms, with or without 488 | modification, are permitted provided that the following conditions are 489 | met: 490 | 491 | * Redistributions of source code must retain the above copyright 492 | notice, this list of conditions and the following disclaimer. 493 | * Redistributions in binary form must reproduce the above 494 | copyright notice, this list of conditions and the following disclaimer 495 | in the documentation and/or other materials provided with the 496 | distribution. 497 | * Neither the name of Google LLC nor the names of its 498 | contributors may be used to endorse or promote products derived from 499 | this software without specific prior written permission. 500 | 501 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 502 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 503 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 504 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 505 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 506 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 507 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 508 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 509 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 510 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 511 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 512 | 513 | 514 | --------------- SECTION 3: MIT License ---------- 515 | 516 | MIT License is applicable to the following component(s). 517 | 518 | >>> al.essio.dev/pkg/shellescape-1.6.0 519 | 520 | The MIT License (MIT) 521 | 522 | Copyright (c) 2016 Alessio Treglia 523 | 524 | Permission is hereby granted, free of charge, to any person obtaining a copy 525 | of this software and associated documentation files (the "Software"), to deal 526 | in the Software without restriction, including without limitation the rights 527 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 528 | copies of the Software, and to permit persons to whom the Software is 529 | furnished to do so, subject to the following conditions: 530 | 531 | The above copyright notice and this permission notice shall be included in all 532 | copies or substantial portions of the Software. 533 | 534 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 535 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 536 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 537 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 538 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 539 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 540 | SOFTWARE. 541 | 542 | 543 | >>> github.com/Masterminds/semver/v3-3.3.1 544 | 545 | Copyright (C) 2014-2019, Matt Butcher and Matt Farina 546 | 547 | Permission is hereby granted, free of charge, to any person obtaining a copy 548 | of this software and associated documentation files (the "Software"), to deal 549 | in the Software without restriction, including without limitation the rights 550 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 551 | copies of the Software, and to permit persons to whom the Software is 552 | furnished to do so, subject to the following conditions: 553 | 554 | The above copyright notice and this permission notice shall be included in 555 | all copies or substantial portions of the Software. 556 | 557 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 558 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 559 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 560 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 561 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 562 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 563 | THE SOFTWARE. 564 | 565 | 566 | >>> github.com/bgentry/go-netrc/netrc-0.0.0-20140422174119-9fd32a8b3d3d 567 | 568 | Original version Copyright © 2010 Fazlul Shahriar . Newer 569 | portions Copyright © 2014 Blake Gentry . 570 | 571 | Permission is hereby granted, free of charge, to any person obtaining a copy 572 | of this software and associated documentation files (the "Software"), to deal 573 | in the Software without restriction, including without limitation the rights 574 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 575 | copies of the Software, and to permit persons to whom the Software is 576 | furnished to do so, subject to the following conditions: 577 | 578 | The above copyright notice and this permission notice shall be included in 579 | all copies or substantial portions of the Software. 580 | 581 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 582 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 583 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 584 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 585 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 586 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 587 | THE SOFTWARE. 588 | 589 | 590 | >>> github.com/sirupsen/logrus-1.9.3 591 | 592 | The MIT License (MIT) 593 | 594 | Copyright (c) 2014 Simon Eskildsen 595 | 596 | Permission is hereby granted, free of charge, to any person obtaining a copy 597 | of this software and associated documentation files (the "Software"), to deal 598 | in the Software without restriction, including without limitation the rights 599 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 600 | copies of the Software, and to permit persons to whom the Software is 601 | furnished to do so, subject to the following conditions: 602 | 603 | The above copyright notice and this permission notice shall be included in 604 | all copies or substantial portions of the Software. 605 | 606 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 607 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 608 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 609 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 610 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 611 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 612 | THE SOFTWARE. 613 | 614 | 615 | >>> github.com/zalando/go-keyring-0.2.6 616 | 617 | The MIT License (MIT) 618 | 619 | Copyright (c) 2016 Zalando SE 620 | 621 | Permission is hereby granted, free of charge, to any person obtaining a copy 622 | of this software and associated documentation files (the "Software"), to deal 623 | in the Software without restriction, including without limitation the rights 624 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 625 | copies of the Software, and to permit persons to whom the Software is 626 | furnished to do so, subject to the following conditions: 627 | 628 | The above copyright notice and this permission notice shall be included in all 629 | copies or substantial portions of the Software. 630 | 631 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 632 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 633 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 634 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 635 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 636 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 637 | SOFTWARE. 638 | 639 | 640 | --------------- SECTION 4: ISC License ---------- 641 | 642 | ISC License is applicable to the following component(s). 643 | 644 | =============== APPENDIX: License Files and Templates ============== 645 | 646 | 647 | 648 | --------------- APPENDIX 1: Apache License 2.0 (Template) ----------- 649 | 650 | Apache License 651 | Version 2.0, January 2004 652 | http://www.apache.org/licenses/ 653 | 654 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 655 | 656 | 1. Definitions. 657 | 658 | "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. 659 | 660 | "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. 661 | 662 | "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. 663 | 664 | "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. 665 | 666 | "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. 667 | 668 | "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. 669 | 670 | "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). 671 | 672 | "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. 673 | 674 | "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." 675 | 676 | "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 677 | 678 | 2. Grant of Copyright License. 679 | 680 | Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 681 | 682 | 3. Grant of Patent License. 683 | 684 | Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 685 | 686 | 4. Redistribution. 687 | 688 | You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: 689 | 690 | You must give any other recipients of the Work or Derivative Works a copy of this License; and 691 | You must cause any modified files to carry prominent notices stating that You changed the files; and 692 | You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and 693 | If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. 694 | 695 | You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 696 | 697 | 5. Submission of Contributions. 698 | 699 | Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 700 | 701 | 6. Trademarks. 702 | 703 | This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 704 | 705 | 7. Disclaimer of Warranty. 706 | 707 | Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 708 | 709 | 8. Limitation of Liability. 710 | 711 | In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 712 | 713 | 9. Accepting Warranty or Additional Liability. 714 | 715 | While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. 716 | 717 | END OF TERMS AND CONDITIONS 718 | 719 | APPENDIX: How to apply the Apache License to your work 720 | 721 | To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. 722 | 723 | Copyright [yyyy] [name of copyright owner] 724 | 725 | Licensed under the Apache License, Version 2.0 (the "License"); 726 | you may not use this file except in compliance with the License. 727 | You may obtain a copy of the License at 728 | 729 | http://www.apache.org/licenses/LICENSE-2.0 730 | 731 | Unless required by applicable law or agreed to in writing, software 732 | distributed under the License is distributed on an "AS IS" BASIS, 733 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 734 | See the License for the specific language governing permissions and 735 | limitations under the License. 736 | 737 | 738 | --------------- APPENDIX 2: BSD 3-clause "New" or "Revised" License (Template) ----------- 739 | 740 | Copyright 741 | 742 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 743 | 744 | 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 745 | 746 | 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 747 | 748 | 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. 749 | 750 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 751 | 752 | 753 | --------------- APPENDIX 3: MIT License (Template) ----------- 754 | 755 | Copyright 756 | 757 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 758 | 759 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 760 | 761 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 762 | 763 | 764 | --------------- APPENDIX 4: ISC License (Template) ----------- 765 | 766 | Copyright (c) 767 | 768 | Permission to use, copy, modify, and/or distribute this software for any 769 | purpose with or without fee is hereby granted, provided that the above 770 | copyright notice and this permission notice appear in all copies. 771 | 772 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 773 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 774 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 775 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 776 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 777 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 778 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 779 | --------------------------------------------------------------------------------