conjur-api 4.21.0 → 4.22.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d71200c2e70d47ac438ff0c37aefb9eb3336291a
-  data.tar.gz: 81b7029927b6227918d9449e5e279280194a56a1
+  metadata.gz: 959c37a66821bda1666f469337a9a20e361a284f
+  data.tar.gz: 5e577965d78ad5de62857e0e111eefe7e5a22e4f
 SHA512:
-  metadata.gz: 6f2dc2ffd7e4a1fe1b183e25c907dbb3e442e68e324993405913256ad2b1a6d44465485d30a686aa94db161ea302d0e15da84500c669b1824ad6623a04f7225b
-  data.tar.gz: c991fdd8ff7d36c2dbc3d74e03f469d9d235ced8b30735b3454991aa9ea53c3f56140b0981022823f2c092c72b2ec1336140956f2745ec5237ee9de0ac996dee
+  metadata.gz: d4ff60ab26a55265fff5644641beb2823a540e7ce9fec41beaf34f77a97d58921479818ae5f6c40c6988eb8827578adef20c6988b6c09b1d1ea7e8e2268a2b74
+  data.tar.gz: ece7ea1af8e3e6be329fcb7a368610def126ed34fb386999357b3e10154cf59029b9407cd85fb5e7a73dec5ba39390bae2d927acbdd125b97a4b39f79ce961a8

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+# v4.22.0
+
+* Add `show_expired` argument to `Conjur::Variable#value` to allow
+  retrieval of values of expired variables.
+* Properly assign ownership of bootstrap-created webservice resources to the `security_admin` group.
+
 # v4.21.0
 
 * Add extensible Bootstrap commands as API methods.

data/features/bootstrap.feature

@@ -9,6 +9,7 @@ Feature: conjur bootstrap
 		Then expressions "$conjur.group('pubkeys-1.0/key-managers').exists?" and "true" are equal
 		Then expressions "$conjur.resource('webservice:conjur/authn-tv').exists?" and "true" are equal
 		Then expressions "$conjur.resource('webservice:conjur/policy-loader').exists?" and "true" are equal
+		Then expressions "$conjur.resource('webservice:conjur/policy-loader').ownerid" and "'cucumber:group:security_admin'" are equal
 		Then expressions "$conjur.host('conjur/policy-loader').exists?" and "true" are equal
 		Then expressions "$conjur.host('conjur/secrets-rotator').exists?" and "true" are equal
 		Then expressions "$conjur.host('conjur/ldap-sync').exists?" and "true" are equal

data/lib/conjur-api/version.rb

@@ -19,6 +19,6 @@
 
 module Conjur
   class API
-    VERSION = "4.21.0"
+    VERSION = "4.22.0"
   end
 end

data/lib/conjur/bootstrap.rb

@@ -35,10 +35,15 @@ module Conjur
         def find_or_create_resource resource, owner = nil
           if resource.exists?
             echo "#{resource.resource_kind.capitalize} '#{resource.identifier}' already exists"
+            # v4.21.0 incorrectly assigned these resources to the admin user
+            if resource.ownerid == "#{Conjur.configuration.account}:user:admin"
+              echo "Giving '#{resource.identifier}' to the security_admin group"
+              resource.give_to 'group:security_admin'
+            end
           else
             echo "Creating #{resource.resource_kind} '#{resource.identifier}'"
             options = {}
-            options[:ownerid] = owner.roleid if owner
+            options[:acting_as] = owner.roleid if owner
             api.create_resource resource.resourceid, options
           end
         end

data/lib/conjur/variable.rb

@@ -198,11 +198,17 @@ module Conjur
     #   var.value 0
     #   var.value var.version_count
     #
+    # @example Get the value of an expired variable
+    #   var.value nil, show_expired: true
+    #
     # @param [Integer] version the **1 based** version.
+    # @param options [Hash]
+    # @option options [Boolean, false] :show_expired show value even if variable has expired
     # @return [String] the value of the variable
-    def value(version = nil)
+    def value(version = nil, options = {})
       url = 'value'
-      url << "?version=#{version}" if version
+      options['version'] = version if version
+      url << '?' + options.to_query unless options.empty?
       self[url].get.body
     end
 

data/spec/variable_spec.rb

@@ -36,7 +36,7 @@ describe Conjur::Variable do
       expect(subject.value).to eq("the-value")
     end
 
-    it "parametrizes the request with a version" do
+    it "parameterizes the request with a version" do
       allow_request(
         method: :get,
         url: "#{url}/value?version=42",
@@ -44,6 +44,27 @@ describe Conjur::Variable do
       ).and_return(double "response", body: "the-value")
       expect(subject.value(42)).to eq("the-value")
     end
+
+    it 'will show the latest expired version' do
+      allow_request(
+        :method => :get,
+        :url => "#{url}/value?show_expired=true",
+        :headers => {}
+        ).and_return(double('response', :body => 'the-value'))
+      expect(subject.value(nil, :show_expired => true)).to eq('the-value')
+    end
+    
+    it 'will show some other version, even if expired' do
+      allow_request(
+        :method => :get,
+        # Hash.to_query (used to build the query string for this
+        # request) sorts the params into lexicographic order
+        :url => "#{url}/value?show_expired=true&version=42",
+        :headers => {}
+        ).and_return(double('response', :body => 'the-value'))
+      expect(subject.value(42, :show_expired => true)).to eq('the-value')
+    end
+
   end
 
   describe '#expire' do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-api
 version: !ruby/object:Gem::Version
-  version: 4.21.0
+  version: 4.22.0
 platform: ruby
 authors:
 - Rafal Rzepecki
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-03-02 00:00:00.000000000 Z
+date: 2016-03-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client