conjur-api 5.3.7.pre.168 → 5.3.8.pre.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (143) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. metadata +21 -190
  4. data/.codeclimate.yml +0 -10
  5. data/.dockerignore +0 -1
  6. data/.github/CODEOWNERS +0 -10
  7. data/.gitignore +0 -32
  8. data/.gitleaks.toml +0 -219
  9. data/.overcommit.yml +0 -16
  10. data/.project +0 -18
  11. data/.rubocop.yml +0 -3
  12. data/.rubocop_settings.yml +0 -86
  13. data/.rubocop_todo.yml +0 -709
  14. data/.yardopts +0 -1
  15. data/CHANGELOG.md +0 -433
  16. data/CONTRIBUTING.md +0 -141
  17. data/Dockerfile +0 -16
  18. data/Gemfile +0 -7
  19. data/Jenkinsfile +0 -167
  20. data/LICENSE +0 -202
  21. data/README.md +0 -162
  22. data/Rakefile +0 -47
  23. data/SECURITY.md +0 -42
  24. data/bin/parse-changelog.sh +0 -12
  25. data/ci/configure_v4.sh +0 -12
  26. data/ci/configure_v5.sh +0 -14
  27. data/ci/submit-coverage +0 -36
  28. data/conjur-api.gemspec +0 -40
  29. data/dev/Dockerfile.dev +0 -12
  30. data/dev/docker-compose.yml +0 -56
  31. data/dev/start +0 -17
  32. data/dev/stop +0 -5
  33. data/docker-compose.yml +0 -76
  34. data/example/demo_v4.rb +0 -49
  35. data/example/demo_v5.rb +0 -57
  36. data/features/authenticators.feature +0 -33
  37. data/features/authn_local.feature +0 -32
  38. data/features/exists.feature +0 -37
  39. data/features/group.feature +0 -11
  40. data/features/host.feature +0 -50
  41. data/features/host_factory_create_host.feature +0 -28
  42. data/features/host_factory_token.feature +0 -63
  43. data/features/load_policy.feature +0 -61
  44. data/features/members.feature +0 -51
  45. data/features/new_api.feature +0 -36
  46. data/features/permitted.feature +0 -70
  47. data/features/permitted_roles.feature +0 -30
  48. data/features/public_keys.feature +0 -11
  49. data/features/resource_fields.feature +0 -53
  50. data/features/role_fields.feature +0 -15
  51. data/features/rotate_api_key.feature +0 -13
  52. data/features/step_definitions/api_steps.rb +0 -18
  53. data/features/step_definitions/policy_steps.rb +0 -75
  54. data/features/step_definitions/result_steps.rb +0 -7
  55. data/features/support/env.rb +0 -18
  56. data/features/support/hooks.rb +0 -3
  57. data/features/support/world.rb +0 -12
  58. data/features/update_password.feature +0 -14
  59. data/features/user.feature +0 -58
  60. data/features/variable_fields.feature +0 -20
  61. data/features/variable_value.feature +0 -60
  62. data/features_v4/authn_local.feature +0 -27
  63. data/features_v4/exists.feature +0 -29
  64. data/features_v4/host.feature +0 -18
  65. data/features_v4/host_factory_token.feature +0 -49
  66. data/features_v4/members.feature +0 -39
  67. data/features_v4/permitted.feature +0 -15
  68. data/features_v4/permitted_roles.feature +0 -8
  69. data/features_v4/resource_fields.feature +0 -47
  70. data/features_v4/rotate_api_key.feature +0 -13
  71. data/features_v4/step_definitions/api_steps.rb +0 -17
  72. data/features_v4/step_definitions/result_steps.rb +0 -3
  73. data/features_v4/support/env.rb +0 -23
  74. data/features_v4/support/policy.yml +0 -34
  75. data/features_v4/support/world.rb +0 -12
  76. data/features_v4/variable_fields.feature +0 -11
  77. data/features_v4/variable_value.feature +0 -54
  78. data/lib/conjur/acts_as_resource.rb +0 -123
  79. data/lib/conjur/acts_as_role.rb +0 -142
  80. data/lib/conjur/acts_as_rolsource.rb +0 -32
  81. data/lib/conjur/acts_as_user.rb +0 -68
  82. data/lib/conjur/api/authenticators.rb +0 -35
  83. data/lib/conjur/api/authn.rb +0 -125
  84. data/lib/conjur/api/host_factories.rb +0 -71
  85. data/lib/conjur/api/ldap_sync.rb +0 -38
  86. data/lib/conjur/api/policies.rb +0 -56
  87. data/lib/conjur/api/pubkeys.rb +0 -53
  88. data/lib/conjur/api/resources.rb +0 -109
  89. data/lib/conjur/api/roles.rb +0 -98
  90. data/lib/conjur/api/router/v4.rb +0 -206
  91. data/lib/conjur/api/router/v5.rb +0 -248
  92. data/lib/conjur/api/variables.rb +0 -59
  93. data/lib/conjur/api.rb +0 -105
  94. data/lib/conjur/base.rb +0 -355
  95. data/lib/conjur/base_object.rb +0 -57
  96. data/lib/conjur/build_object.rb +0 -47
  97. data/lib/conjur/cache.rb +0 -26
  98. data/lib/conjur/cert_utils.rb +0 -63
  99. data/lib/conjur/cidr.rb +0 -71
  100. data/lib/conjur/configuration.rb +0 -460
  101. data/lib/conjur/escape.rb +0 -129
  102. data/lib/conjur/exceptions.rb +0 -4
  103. data/lib/conjur/group.rb +0 -41
  104. data/lib/conjur/has_attributes.rb +0 -98
  105. data/lib/conjur/host.rb +0 -27
  106. data/lib/conjur/host_factory.rb +0 -75
  107. data/lib/conjur/host_factory_token.rb +0 -78
  108. data/lib/conjur/id.rb +0 -71
  109. data/lib/conjur/layer.rb +0 -9
  110. data/lib/conjur/log.rb +0 -72
  111. data/lib/conjur/log_source.rb +0 -60
  112. data/lib/conjur/policy.rb +0 -34
  113. data/lib/conjur/policy_load_result.rb +0 -61
  114. data/lib/conjur/query_string.rb +0 -12
  115. data/lib/conjur/resource.rb +0 -29
  116. data/lib/conjur/role.rb +0 -29
  117. data/lib/conjur/role_grant.rb +0 -85
  118. data/lib/conjur/routing.rb +0 -29
  119. data/lib/conjur/user.rb +0 -40
  120. data/lib/conjur/variable.rb +0 -208
  121. data/lib/conjur/webservice.rb +0 -30
  122. data/lib/conjur-api/version.rb +0 -24
  123. data/lib/conjur-api.rb +0 -2
  124. data/publish.sh +0 -7
  125. data/spec/api/host_factories_spec.rb +0 -34
  126. data/spec/api_spec.rb +0 -254
  127. data/spec/base_object_spec.rb +0 -13
  128. data/spec/cert_utils_spec.rb +0 -173
  129. data/spec/cidr_spec.rb +0 -34
  130. data/spec/configuration_spec.rb +0 -330
  131. data/spec/has_attributes_spec.rb +0 -63
  132. data/spec/helpers/errors_matcher.rb +0 -34
  133. data/spec/helpers/request_helpers.rb +0 -10
  134. data/spec/id_spec.rb +0 -29
  135. data/spec/ldap_sync_spec.rb +0 -21
  136. data/spec/log_source_spec.rb +0 -13
  137. data/spec/log_spec.rb +0 -42
  138. data/spec/roles_spec.rb +0 -24
  139. data/spec/spec_helper.rb +0 -113
  140. data/spec/ssl_spec.rb +0 -109
  141. data/spec/uri_escape_spec.rb +0 -21
  142. data/test.sh +0 -69
  143. data/tmp/.keep +0 -0
@@ -1,51 +0,0 @@
1
- Feature: Display role members and memberships.
2
-
3
- Background:
4
- Given I run the code:
5
- """
6
- $conjur.load_policy 'root', <<-POLICY
7
- - !group everyone
8
- - !group developers
9
- - !grant
10
- role: !group everyone
11
- member: !group developers
12
- POLICY
13
- """
14
-
15
- Scenario: Show a role's members.
16
- When I run the code:
17
- """
18
- $conjur.role('cucumber:group:everyone').members.map(&:as_json)
19
- """
20
- Then the JSON should be:
21
- """
22
- [
23
- {
24
- "admin_option": false,
25
- "member": "cucumber:group:developers",
26
- "role": "cucumber:group:everyone"
27
- },
28
- {
29
- "admin_option": true,
30
- "member": "cucumber:user:admin",
31
- "role": "cucumber:group:everyone"
32
- }
33
- ]
34
- """
35
-
36
- Scenario: Show a role's memberships.
37
- When I run the code:
38
- """
39
- $conjur.role('cucumber:group:developers').memberships.map(&:as_json)
40
- """
41
- Then the JSON should be:
42
- """
43
- [
44
- {
45
- "id": "cucumber:group:developers"
46
- },
47
- {
48
- "id": "cucumber:group:everyone"
49
- }
50
- ]
51
- """
@@ -1,36 +0,0 @@
1
- Feature: Constructing a new API object.
2
- Background:
3
- Given a new host
4
-
5
- Scenario: From API key.
6
- Then I run the code:
7
- """
8
- api = Conjur::API.new_from_key "host/#{@host_id}", @host_api_key
9
- expect(api.token).to be_instance_of(Hash)
10
- expect($conjur.resource("cucumber:host:#{@host_id}")).to exist
11
- """
12
-
13
- Scenario: From access token.
14
- Given I run the code:
15
- """
16
- @token = Conjur::API.new_from_key("host/#{@host_id}", @host_api_key).token
17
- """
18
- Then I run the code:
19
- """
20
- api = Conjur::API.new_from_token @token
21
- expect($conjur.resource("cucumber:host:#{@host_id}")).to exist
22
- """
23
-
24
- Scenario: From access token file.
25
- Given I run the code:
26
- """
27
- token = Conjur::API.new_from_key("host/#{@host_id}", @host_api_key).token
28
- @temp_file = Tempfile.new("token.json")
29
- @temp_file.write(token.to_json)
30
- @temp_file.flush
31
- """
32
- Then I run the code:
33
- """
34
- api = Conjur::API.new_from_token_file @temp_file.path
35
- expect($conjur.resource("cucumber:host:#{@host_id}")).to exist
36
- """
@@ -1,70 +0,0 @@
1
- Feature: Check if a role has permission on a resource.
2
-
3
- Background:
4
- Given I run the code:
5
- """
6
- @host_id = "app-#{random_hex}"
7
- @test_user = "user$#{random_hex}"
8
- @test_host = "host?#{random_hex}"
9
- response = $conjur.load_policy 'root', <<-POLICY
10
- - !variable db-password
11
-
12
- - !layer myapp
13
-
14
- - !host #{@host_id}
15
-
16
- - !permit
17
- role: !layer myapp
18
- privilege: execute
19
- resource: !variable db-password
20
-
21
- - !policy
22
- id: test
23
- body:
24
- - !user #{@test_user}
25
- - !host #{@test_host}
26
-
27
- - !permit
28
- role: !user #{@test_user}@test
29
- privilege: execute
30
- resource: !variable db-password
31
- POLICY
32
- @host_api_key = response.created_roles["cucumber:host:#{@host_id}"]['api_key']
33
- expect(@host_api_key).to be
34
- """
35
-
36
- Scenario: Check if the current user has the privilege.
37
- When I run the code:
38
- """
39
- $conjur.resource('cucumber:variable:db-password').permitted? 'execute'
40
- """
41
- Then the result should be "true"
42
-
43
- Scenario: Check if a different user has the privilege.
44
- When I run the code:
45
- """
46
- $conjur.resource('cucumber:variable:db-password').permitted? 'execute', role: "cucumber:host:#{@host_id}"
47
- """
48
- Then the result should be "false"
49
-
50
- Scenario: Check if a different user from subpolicy has the privilege.
51
- When I run the code:
52
- """
53
- $conjur.resource('cucumber:variable:db-password').permitted? 'execute', role: "cucumber:user:#{@test_user}@test"
54
- """
55
- Then the result should be "true"
56
-
57
- Scenario: Check if a different host from subpolicy has the privilege.
58
- When I run the code:
59
- """
60
- $conjur.resource('cucumber:variable:db-password').permitted? 'execute', role: "cucumber:host:test/#{@test_host}"
61
- """
62
- Then the result should be "false"
63
-
64
- Scenario: Check if a different user has the privilege, while logged in as that user.
65
- When I run the code:
66
- """
67
- host_api = Conjur::API.new_from_key "host/#{@host_id}", @host_api_key
68
- host_api.resource('cucumber:variable:db-password').permitted? 'execute'
69
- """
70
- Then the result should be "false"
@@ -1,30 +0,0 @@
1
- Feature: Enumerate roles which have a permission on a resource.
2
-
3
- Background:
4
- Given I run the code:
5
- """
6
- $conjur.load_policy 'root', <<-POLICY
7
- - !variable db-password
8
-
9
- - !layer myapp
10
-
11
- - !permit
12
- role: !layer myapp
13
- privilege: execute
14
- resource: !variable db-password
15
- POLICY
16
- """
17
-
18
- @wip
19
- Scenario: Permitted roles can be enumerated.
20
- When I run the code:
21
- """
22
- $conjur.resource('cucumber:variable:db-password').permitted_roles 'execute'
23
- """
24
- Then the JSON should be:
25
- """
26
- [
27
- "cucumber:layer:myapp",
28
- "cucumber:user:admin"
29
- ]
30
- """
@@ -1,11 +0,0 @@
1
- Feature: Fetch public keys for a user.
2
-
3
- Background:
4
- Given a new user
5
-
6
- Scenario: User has a uidnumber.
7
- When I run the code:
8
- """
9
- Conjur::API.public_keys @user.login
10
- """
11
- Then the result should be the public key
@@ -1,53 +0,0 @@
1
- Feature: Display basic resource fields.
2
-
3
- Background:
4
- Given I run the code:
5
- """
6
- $conjur.load_policy 'root', <<-POLICY
7
- - !group
8
- id: developers
9
- annotations:
10
- gidnumber: 2000
11
- POLICY
12
- """
13
-
14
- Scenario: Resource exposes id, kind, identifier, and attributes.
15
- When I run the code:
16
- """
17
- resource = $conjur.resource('cucumber:group:developers')
18
- [ resource.id, resource.account, resource.kind, resource.identifier, resource.attributes ]
19
- """
20
- Then the JSON should be:
21
- """
22
- [
23
- "cucumber:group:developers",
24
- "cucumber",
25
- "group",
26
- "developers",
27
- {
28
- "annotations": [
29
- {
30
- "name": "gidnumber",
31
- "policy": "cucumber:policy:root",
32
- "value": "2000"
33
- }
34
- ],
35
- "owner": "cucumber:user:admin",
36
- "permissions": [
37
- ],
38
- "policy": "cucumber:policy:root"
39
- }
40
- ]
41
- """
42
-
43
- Scenario: Resource#owner is the owner object
44
- When I run the code:
45
- """
46
- $conjur.resource('cucumber:group:developers').owner.id
47
- """
48
- Then the result should be "cucumber:user:admin"
49
- And I run the code:
50
- """
51
- $conjur.resource('cucumber:group:developers').class
52
- """
53
- Then the result should be "Conjur::Group"
@@ -1,15 +0,0 @@
1
- Feature: Display basic role fields.
2
-
3
- Scenario: Login of a user is the login name.
4
- When I run the code:
5
- """
6
- $conjur.role('cucumber:user:alice').login
7
- """
8
- Then the result should be "alice"
9
-
10
- Scenario: Login of a non-user is prefixed with the role kind.
11
- When I run the code:
12
- """
13
- $conjur.role('cucumber:host:myapp').login
14
- """
15
- Then the result should be "host/myapp"
@@ -1,13 +0,0 @@
1
- Feature: Rotate the API key.
2
-
3
- Scenario: Logged-in user can rotate the API key.
4
- When I run the code:
5
- """
6
- Conjur::API.rotate_api_key 'admin', $api_key
7
- """
8
- Then I can run the code:
9
- """
10
- $api_key = @result.strip
11
- $conjur = Conjur::API.new_from_key $username, @result
12
- $conjur.token
13
- """
@@ -1,18 +0,0 @@
1
- Then(/^I(?: can)? run the code:$/) do |code|
2
- @result = eval(code).tap do |result|
3
- puts result if ENV['DEBUG']
4
- end
5
- end
6
-
7
- Then(/^this code should fail with "([^"]*)"$/) do |error_msg, code|
8
- begin
9
- @result = eval(code)
10
- rescue Exception => exc
11
- if not exc.message =~ %r{#{error_msg}}
12
- fail "'#{error_msg}' was not found in '#{exc.message}'"
13
- end
14
- else
15
- puts @result if ENV['DEBUG']
16
- fail "The provided block did not raise an error"
17
- end
18
- end
@@ -1,75 +0,0 @@
1
- Given(/^a new user$/) do
2
- @user_id = "user-#{random_hex}"
3
- @public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd/PAcCL9rW/zAS7DRns/KYiAvRAEKxBu/0IF32z7x6YiMFcA2hmH4DMYaIY45Xlj7L9uTZamUlRZNjSS9Xm6Lhh7XGceIX2067/MDnH+or9xh5LZs6gb3x7QVtNz26Au5h5kP0xoJ+wpVxvY707BeSax/WQZI8akqd0fD1IqOoafWkcX0ucu5iIgDh08R7zq3vrDHEK7+SoYo9ncHfmOUJ5lmImGiU/WMqM0OzN3RsgxJi/aaHjW1IASTY8TmAtTtjEsxbQXxRVUCAP9vWUZg7p3aqIB6sEP8skgncCUtHBQxUtE1XN8Q8NeFOzau6+9sQTXlPl8c/L4Jc4K96C75 #{@user_id}@example.com"
4
- response = $conjur.load_policy 'root', <<-POLICY
5
- - !user
6
- id: #{@user_id}
7
- uidnumber: 1000
8
- public_keys:
9
- - #{@public_key}
10
- POLICY
11
- @user = $conjur.resource("cucumber:user:#{@user_id}")
12
- @user_api_key = response.created_roles["cucumber:user:#{@user_id}"]['api_key']
13
- expect(@user_api_key).to be
14
- end
15
-
16
- Given(/^a new delegated user$/) do
17
- # Create a new host that is owned by that user
18
- step 'a new user'
19
- @user_owner = @user
20
- @user_owner_id = @user_id
21
- @user_owner_api_key = @user_api_key
22
-
23
- # Create a new user that is owned by the user created earlier
24
- @user_id = "user-#{random_hex}"
25
- response = $conjur.load_policy 'root', <<-POLICY
26
- - !user
27
- id: #{@user_id}
28
- owner: !user #{@user_owner_id}
29
- POLICY
30
- @user = $conjur.resource("cucumber:user:#{@user_id}")
31
- @user_api_key = response.created_roles["cucumber:user:#{@user_id}"]['api_key']
32
- expect(@user_api_key).to be
33
- end
34
-
35
- Given(/^a new group$/) do
36
- @group_id = "group-#{random_hex}"
37
- response = $conjur.load_policy 'root', <<-POLICY
38
- - !group
39
- id: #{@group_id}
40
- gidnumber: 1000
41
- POLICY
42
- @group = $conjur.resource("cucumber:group:#{@group_id}")
43
- end
44
-
45
- Given(/^a new host$/) do
46
- @host_id = "app-#{random_hex}"
47
- response = $conjur.load_policy 'root', <<-POLICY
48
- - !host #{@host_id}
49
- POLICY
50
- @host_api_key = response.created_roles["cucumber:host:#{@host_id}"]['api_key']
51
- expect(@host_api_key).to be
52
- @host = $conjur.resource("cucumber:host:#{@host_id}")
53
- @host.attributes['api_key'] = @host_api_key
54
- end
55
-
56
- Given(/^a new delegated host$/) do
57
- # Create an owner user
58
- step 'a new user'
59
- @host_owner = @user
60
- @host_owner_id = @user_id
61
- @host_owner_api_key = @user_api_key
62
-
63
- # Create a new host that is owned by that user
64
- @host_id = "app-#{random_hex}"
65
- response = $conjur.load_policy 'root', <<-POLICY
66
- - !host
67
- id: #{@host_id}
68
- owner: !user #{@host_owner_id}
69
- POLICY
70
-
71
- @host_api_key = response.created_roles["cucumber:host:#{@host_id}"]['api_key']
72
- expect(@host_api_key).to be
73
- @host = $conjur.resource("cucumber:host:#{@host_id}")
74
- @host.attributes['api_key'] = @host_api_key
75
- end
@@ -1,7 +0,0 @@
1
- Then(/^the result should be "([^"]+)"$/) do |expected|
2
- expect(@result.to_s).to eq(expected.to_s)
3
- end
4
-
5
- Then(/^the result should be the public key$/) do
6
- expect(@result).to eq(@public_key + "\n")
7
- end
@@ -1,18 +0,0 @@
1
- require 'simplecov'
2
-
3
- SimpleCov.start do
4
- command_name "#{ENV['RUBY_VERSION']}"
5
- end
6
-
7
- require 'json_spec/cucumber'
8
- require 'conjur/api'
9
-
10
- Conjur.configuration.appliance_url = ENV['CONJUR_APPLIANCE_URL'] || 'http://localhost/api/v6'
11
- Conjur.configuration.account = ENV['CONJUR_ACCOUNT'] || 'cucumber'
12
- Conjur.configuration.authn_local_socket = "/run/authn-local-5/.socket"
13
-
14
- $username = ENV['CONJUR_AUTHN_LOGIN'] || 'admin'
15
- $password = ENV['CONJUR_AUTHN_API_KEY'] || 'secret'
16
-
17
- $api_key = Conjur::API.login $username, $password
18
- $conjur = Conjur::API.new_from_key $username, $api_key
@@ -1,3 +0,0 @@
1
- Before do
2
- $conjur.load_policy 'root', "--- []"
3
- end
@@ -1,12 +0,0 @@
1
- module ApiWorld
2
- def last_json
3
- @result.to_json
4
- end
5
-
6
- def random_hex nbytes = 12
7
- @random ||= Random.new
8
- @random.bytes(nbytes).unpack('h*').first
9
- end
10
- end
11
-
12
- World ApiWorld
@@ -1,14 +0,0 @@
1
- Feature: Change a user's password.
2
- Background:
3
- Given a new user
4
-
5
- Scenario: A user can set/change her password using the current API key.
6
- When I run the code:
7
- """
8
- Conjur::API.update_password @user_id, @user_api_key, 'SEcret12!!!!'
9
- @new_api_key = Conjur::API.login @user_id, 'SEcret12!!!!'
10
- """
11
- Then I can run the code:
12
- """
13
- Conjur::API.new_from_key(@user_id, @new_api_key).token
14
- """
@@ -1,58 +0,0 @@
1
- Feature: User object
2
-
3
- Background:
4
-
5
- Scenario: User has a uidnumber
6
- Given a new user
7
- Then I can run the code:
8
- """
9
- @user.uidnumber
10
- """
11
- Then the result should be "1000"
12
-
13
- Scenario: Logged-in user is the current_role
14
- Given a new user
15
- Then I can run the code:
16
- """
17
- expect($conjur.current_role(Conjur.configuration.account).id.to_s).to eq("cucumber:user:admin")
18
- """
19
-
20
- # Rotation of own API key should be done via `Conjur::API.rotate_api_key()`
21
- Scenario: User's own API key cannot be rotated with an API key
22
- Given a new user
23
- Then this code should fail with "You cannot rotate your own API key via this method"
24
- """
25
- user = Conjur::API.new_from_key(@user.login, @user_api_key).resource(@user.id)
26
- user.rotate_api_key
27
- """
28
-
29
- # Rotation of own API key should be done via `Conjur::API.rotate_api_key()`
30
- Scenario: User's own API key cannot be rotated with a token
31
- Given a new user
32
- Then this code should fail with "You cannot rotate your own API key via this method"
33
- """
34
- token = Conjur::API.new_from_key(@user.login, @user_api_key).token
35
-
36
- user = Conjur::API.new_from_token(token).resource(@user.id)
37
- user.rotate_api_key
38
- """
39
-
40
- Scenario: Delegated user's API key can be rotated with an API key
41
- Given a new delegated user
42
- Then I can run the code:
43
- """
44
- delegated_user_resource = Conjur::API.new_from_key(@user_owner.login, @user_owner_api_key).resource(@user.id)
45
- api_key = delegated_user_resource.rotate_api_key
46
- Conjur::API.new_from_key(delegated_user_resource.login, api_key).token
47
- """
48
-
49
- Scenario: Delegated user's API key can be rotated with a token
50
- Given a new delegated user
51
- Then I can run the code:
52
- """
53
- token = Conjur::API.new_from_key(@user_owner.login, @user_owner_api_key).token
54
-
55
- delegated_user_resource = Conjur::API.new_from_token(token).resource(@user.id)
56
- api_key = delegated_user_resource.rotate_api_key
57
- Conjur::API.new_from_key(delegated_user_resource.login, api_key).token
58
- """
@@ -1,20 +0,0 @@
1
- Feature: Display Variable fields.
2
-
3
- Background:
4
- Given I run the code:
5
- """
6
- $conjur.load_policy 'root', <<-POLICY
7
- - !variable
8
- id: ssl-certificate
9
- kind: SSL certificate
10
- mime_type: application/x-pem-file
11
- POLICY
12
- """
13
- And I run the code:
14
- """
15
- $conjur.resource('cucumber:variable:ssl-certificate')
16
- """
17
-
18
- Scenario: Display MIME type and kind
19
- Then the JSON at "mime_type" should be "application/x-pem-file"
20
- And the JSON at "kind" should be "SSL certificate"
@@ -1,60 +0,0 @@
1
- Feature: Work with Variable values.
2
-
3
- Background:
4
- Given I run the code:
5
- """
6
- @variable_id = "password"
7
- $conjur.load_policy 'root', <<-POLICY
8
- - !variable #{@variable_id}
9
- - !variable #{@variable_id}-2
10
- POLICY
11
- @variable = $conjur.resource("cucumber:variable:#{@variable_id}")
12
- @variable_2 = $conjur.resource("cucumber:variable:#{@variable_id}-2")
13
- """
14
-
15
- Scenario: Add a value, retrieve the variable metadata and the value.
16
- When I run the code:
17
- """
18
- @initial_count = @variable.version_count
19
- @variable.add_value 'value-0'
20
- """
21
- And I run the code:
22
- """
23
- expect(@variable.version_count).to eq(@initial_count + 1)
24
- """
25
- And I run the code:
26
- """
27
- @variable.value(@variable.version_count)
28
- """
29
- Then the result should be "value-0"
30
-
31
- Scenario: Retrieve a historical value.
32
- Given I run the code:
33
- """
34
- @variable.add_value 'value-0'
35
- @variable.add_value 'value-1'
36
- @variable.add_value 'value-2'
37
- """
38
- When I run the code:
39
- """
40
- @variable.value(@variable.version_count - 2)
41
- """
42
- Then the result should be "value-0"
43
-
44
- Scenario: Retrieve multiple values in a batch
45
- Given I run the code:
46
- """
47
- @variable.add_value 'value-0'
48
- @variable_2.add_value 'value-2'
49
- """
50
- When I run the code:
51
- """
52
- $conjur.variable_values([ @variable, @variable_2 ].map(&:id))
53
- """
54
- Then the JSON should be:
55
- """
56
- {
57
- "cucumber:variable:password": "value-0",
58
- "cucumber:variable:password-2": "value-2"
59
- }
60
- """
@@ -1,27 +0,0 @@
1
- Feature: When co-located with the Conjur server, the API can use the authn-local service to authenticate.
2
-
3
- Scenario: authn-local can be used to obtain an access token.
4
- When I run the code:
5
- """
6
- Conjur::API.authenticate_local "alice"
7
- """
8
- Then the JSON should have "data"
9
-
10
- Scenario: Conjur API supports construction from authn-local.
11
- When I run the code:
12
- """
13
- @api = Conjur::API.new_from_authn_local "alice"
14
- @api.token
15
- """
16
- Then the JSON should have "data"
17
-
18
- Scenario: Conjur API will automatically refresh the token.
19
- When I run the code:
20
- """
21
- @api = Conjur::API.new_from_authn_local "alice"
22
- @api.token
23
- @api.force_token_refresh
24
- @api.token
25
- """
26
- Then the JSON should have "data"
27
- And the JSON at "data" should be "alice"
@@ -1,29 +0,0 @@
1
- Feature: Check if an object exists.
2
-
3
- Scenario: A created group resource exists
4
- When I run the code:
5
- """
6
- $conjur.resource('cucumber:group:developers').exists?
7
- """
8
- Then the result should be "true"
9
-
10
- Scenario: An un-created resource doesn't exist
11
- When I run the code:
12
- """
13
- $conjur.resource('cucumber:food:bacon').exists?
14
- """
15
- Then the result should be "false"
16
-
17
- Scenario: A created group role exists
18
- When I run the code:
19
- """
20
- $conjur.role('cucumber:group:developers').exists?
21
- """
22
- Then the result should be "true"
23
-
24
- Scenario: An un-created role doesn't exist
25
- When I run the code:
26
- """
27
- $conjur.role('cucumber:food:bacon').exists?
28
- """
29
- Then the result should be "false"
@@ -1,18 +0,0 @@
1
- Feature: Display Host object fields.
2
-
3
- Background:
4
- Given a new host
5
-
6
- Scenario: API key of a newly created host is available and valid.
7
- Then I run the code:
8
- """
9
- expect(@host.exists?).to be(true)
10
- expect(@host.api_key).to be
11
- """
12
-
13
- Scenario: API key of a a host can be rotated.
14
- Then I run the code:
15
- """
16
- api_key = @host.rotate_api_key
17
- Conjur::API.new_from_key("host/#{@host.id.identifier}", api_key).token
18
- """