conjur-api 5.3.7 → 5.3.8.pre.319

data/features/members.feature

@@ -1,51 +0,0 @@
-Feature: Display role members and memberships.
-
-  Background:
-    Given I run the code:
-    """
-    $conjur.load_policy 'root', <<-POLICY
-    - !group everyone
-    - !group developers
-    - !grant
-      role: !group everyone
-      member: !group developers
-    POLICY
-    """
-
-  Scenario: Show a role's members.
-    When I run the code:
-    """
-    $conjur.role('cucumber:group:everyone').members.map(&:as_json)
-    """
-    Then the JSON should be:
-    """
-    [
-      {
-        "admin_option": false,
-        "member": "cucumber:group:developers",
-        "role": "cucumber:group:everyone"
-      },
-      {
-        "admin_option": true,
-        "member": "cucumber:user:admin",
-        "role": "cucumber:group:everyone"
-      }
-    ]
-    """
-
-  Scenario: Show a role's memberships.
-    When I run the code:
-    """
-    $conjur.role('cucumber:group:developers').memberships.map(&:as_json)
-    """
-    Then the JSON should be:
-    """
-    [
-      {
-        "id": "cucumber:group:developers"
-      },
-      {
-        "id": "cucumber:group:everyone"
-      }
-    ]
-    """

data/features/new_api.feature

@@ -1,36 +0,0 @@
-Feature: Constructing a new API object.
-  Background:
-    Given a new host
-
-  Scenario: From API key.
-    Then I run the code:
-    """
-    api = Conjur::API.new_from_key "host/#{@host_id}", @host_api_key
-    expect(api.token).to be_instance_of(Hash)
-    expect($conjur.resource("cucumber:host:#{@host_id}")).to exist
-    """
-
-  Scenario: From access token.
-    Given I run the code:
-    """
-    @token = Conjur::API.new_from_key("host/#{@host_id}", @host_api_key).token
-    """
-    Then I run the code:
-    """
-    api = Conjur::API.new_from_token @token
-    expect($conjur.resource("cucumber:host:#{@host_id}")).to exist
-    """
-
-  Scenario: From access token file.
-    Given I run the code:
-    """
-    token = Conjur::API.new_from_key("host/#{@host_id}", @host_api_key).token
-    @temp_file = Tempfile.new("token.json")
-    @temp_file.write(token.to_json)
-    @temp_file.flush
-    """
-    Then I run the code:
-    """
-    api = Conjur::API.new_from_token_file @temp_file.path
-    expect($conjur.resource("cucumber:host:#{@host_id}")).to exist
-    """

data/features/permitted.feature

@@ -1,70 +0,0 @@
-Feature: Check if a role has permission on a resource.
-
-  Background:
-    Given I run the code:
-    """
-    @host_id = "app-#{random_hex}"
-    @test_user = "user$#{random_hex}"
-    @test_host = "host?#{random_hex}"
-    response = $conjur.load_policy 'root', <<-POLICY
-    - !variable db-password
-
-    - !layer myapp
-
-    - !host #{@host_id}
-
-    - !permit
-      role: !layer myapp
-      privilege: execute
-      resource: !variable db-password
-
-    - !policy
-      id: test
-      body:
-        - !user #{@test_user}
-        - !host #{@test_host}
-
-    - !permit
-      role: !user #{@test_user}@test
-      privilege: execute
-      resource: !variable db-password
-    POLICY
-    @host_api_key = response.created_roles["cucumber:host:#{@host_id}"]['api_key']
-    expect(@host_api_key).to be
-    """
-
-  Scenario: Check if the current user has the privilege.
-    When I run the code:
-    """
-    $conjur.resource('cucumber:variable:db-password').permitted? 'execute'
-    """
-    Then the result should be "true"
-
-  Scenario: Check if a different user has the privilege.
-    When I run the code:
-    """
-    $conjur.resource('cucumber:variable:db-password').permitted? 'execute', role: "cucumber:host:#{@host_id}"
-    """
-    Then the result should be "false"
-
-  Scenario: Check if a different user from subpolicy has the privilege.
-    When I run the code:
-    """
-    $conjur.resource('cucumber:variable:db-password').permitted? 'execute', role: "cucumber:user:#{@test_user}@test"
-    """
-    Then the result should be "true"
-
-  Scenario: Check if a different host from subpolicy has the privilege.
-    When I run the code:
-    """
-    $conjur.resource('cucumber:variable:db-password').permitted? 'execute', role: "cucumber:host:test/#{@test_host}"
-    """
-    Then the result should be "false"
-
-  Scenario: Check if a different user has the privilege, while logged in as that user.
-    When I run the code:
-    """
-    host_api = Conjur::API.new_from_key "host/#{@host_id}", @host_api_key
-    host_api.resource('cucumber:variable:db-password').permitted? 'execute'
-    """
-    Then the result should be "false"

data/features/permitted_roles.feature

@@ -1,30 +0,0 @@
-Feature: Enumerate roles which have a permission on a resource.
-
-  Background:
-    Given I run the code:
-    """
-    $conjur.load_policy 'root', <<-POLICY
-    - !variable db-password
-
-    - !layer myapp
-
-    - !permit
-      role: !layer myapp
-      privilege: execute
-      resource: !variable db-password
-    POLICY
-    """
-
-  @wip
-  Scenario: Permitted roles can be enumerated.
-    When I run the code:
-    """
-    $conjur.resource('cucumber:variable:db-password').permitted_roles 'execute'
-    """
-    Then the JSON should be:
-    """
-    [
-      "cucumber:layer:myapp",
-      "cucumber:user:admin"
-    ]
-    """

data/features/public_keys.feature

@@ -1,11 +0,0 @@
-Feature: Fetch public keys for a user.
-
-  Background:
-    Given a new user
-
-  Scenario: User has a uidnumber.
-    When I run the code:
-    """
-    Conjur::API.public_keys @user.login
-    """
-    Then the result should be the public key

data/features/resource_fields.feature

@@ -1,53 +0,0 @@
-Feature: Display basic resource fields.
-
-  Background:
-    Given I run the code:
-    """
-    $conjur.load_policy 'root', <<-POLICY
-    - !group
-      id: developers
-      annotations:
-        gidnumber: 2000
-    POLICY
-    """
-
-  Scenario: Resource exposes id, kind, identifier, and attributes.
-    When I run the code:
-    """
-    resource = $conjur.resource('cucumber:group:developers')
-    [ resource.id, resource.account, resource.kind, resource.identifier, resource.attributes ]
-    """
-    Then the JSON should be:
-    """
-    [
-      "cucumber:group:developers",
-      "cucumber",
-      "group",
-      "developers",
-      {
-        "annotations": [
-          {
-            "name": "gidnumber",
-            "policy": "cucumber:policy:root",
-            "value": "2000"
-          }
-        ],
-        "owner": "cucumber:user:admin",
-        "permissions": [
-        ],
-        "policy": "cucumber:policy:root"
-      }
-    ]
-    """
-
-  Scenario: Resource#owner is the owner object
-    When I run the code:
-    """
-    $conjur.resource('cucumber:group:developers').owner.id
-    """
-    Then the result should be "cucumber:user:admin"
-    And I run the code:
-    """
-    $conjur.resource('cucumber:group:developers').class
-    """
-    Then the result should be "Conjur::Group"

data/features/role_fields.feature

@@ -1,15 +0,0 @@
-Feature: Display basic role fields.
-
-  Scenario: Login of a user is the login name.
-    When I run the code:
-    """
-    $conjur.role('cucumber:user:alice').login
-    """
-    Then the result should be "alice"
-
-  Scenario: Login of a non-user is prefixed with the role kind.
-    When I run the code:
-    """
-    $conjur.role('cucumber:host:myapp').login
-    """
-    Then the result should be "host/myapp"

data/features/rotate_api_key.feature

@@ -1,13 +0,0 @@
-Feature: Rotate the API key.
-
-  Scenario: Logged-in user can rotate the API key.
-    When I run the code:
-    """
-    Conjur::API.rotate_api_key 'admin', $api_key
-    """
-    Then I can run the code:
-    """
-    $api_key = @result.strip
-    $conjur = Conjur::API.new_from_key $username, @result
-    $conjur.token
-    """

data/features/step_definitions/api_steps.rb

@@ -1,18 +0,0 @@
-Then(/^I(?: can)? run the code:$/) do |code|
-  @result = eval(code).tap do |result|
-    puts result if ENV['DEBUG']
-  end
-end
-
-Then(/^this code should fail with "([^"]*)"$/) do |error_msg, code|
-  begin
-    @result = eval(code)
-  rescue Exception => exc
-    if not exc.message =~ %r{#{error_msg}}
-      fail "'#{error_msg}' was not found in '#{exc.message}'"
-    end
-  else
-    puts @result if ENV['DEBUG']
-    fail "The provided block did not raise an error"
-  end
-end

data/features/step_definitions/policy_steps.rb

@@ -1,75 +0,0 @@
-Given(/^a new user$/) do
-  @user_id = "user-#{random_hex}"
-  @public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd/PAcCL9rW/zAS7DRns/KYiAvRAEKxBu/0IF32z7x6YiMFcA2hmH4DMYaIY45Xlj7L9uTZamUlRZNjSS9Xm6Lhh7XGceIX2067/MDnH+or9xh5LZs6gb3x7QVtNz26Au5h5kP0xoJ+wpVxvY707BeSax/WQZI8akqd0fD1IqOoafWkcX0ucu5iIgDh08R7zq3vrDHEK7+SoYo9ncHfmOUJ5lmImGiU/WMqM0OzN3RsgxJi/aaHjW1IASTY8TmAtTtjEsxbQXxRVUCAP9vWUZg7p3aqIB6sEP8skgncCUtHBQxUtE1XN8Q8NeFOzau6+9sQTXlPl8c/L4Jc4K96C75 #{@user_id}@example.com"
-  response = $conjur.load_policy 'root', <<-POLICY
-  - !user
-    id: #{@user_id}
-    uidnumber: 1000
-    public_keys:
-    - #{@public_key}
-  POLICY
-  @user = $conjur.resource("cucumber:user:#{@user_id}")
-  @user_api_key = response.created_roles["cucumber:user:#{@user_id}"]['api_key']
-  expect(@user_api_key).to be
-end
-
-Given(/^a new delegated user$/) do
-  # Create a new host that is owned by that user
-  step 'a new user'
-  @user_owner = @user
-  @user_owner_id = @user_id
-  @user_owner_api_key = @user_api_key
-
-  # Create a new user that is owned by the user created earlier
-  @user_id = "user-#{random_hex}"
-  response = $conjur.load_policy 'root', <<-POLICY
-  - !user
-    id: #{@user_id}
-    owner: !user #{@user_owner_id}
-  POLICY
-  @user = $conjur.resource("cucumber:user:#{@user_id}")
-  @user_api_key = response.created_roles["cucumber:user:#{@user_id}"]['api_key']
-  expect(@user_api_key).to be
-end
-
-Given(/^a new group$/) do
-  @group_id = "group-#{random_hex}"
-  response = $conjur.load_policy 'root', <<-POLICY
-  - !group
-    id: #{@group_id}
-    gidnumber: 1000
-  POLICY
-  @group = $conjur.resource("cucumber:group:#{@group_id}")
-end
-
-Given(/^a new host$/) do
-  @host_id = "app-#{random_hex}"
-  response = $conjur.load_policy 'root', <<-POLICY
-  - !host #{@host_id}
-  POLICY
-  @host_api_key = response.created_roles["cucumber:host:#{@host_id}"]['api_key']
-  expect(@host_api_key).to be
-  @host = $conjur.resource("cucumber:host:#{@host_id}")
-  @host.attributes['api_key'] = @host_api_key
-end
-
-Given(/^a new delegated host$/) do
-  # Create an owner user
-  step 'a new user'
-  @host_owner = @user
-  @host_owner_id = @user_id
-  @host_owner_api_key = @user_api_key
-
-  # Create a new host that is owned by that user
-  @host_id = "app-#{random_hex}"
-  response = $conjur.load_policy 'root', <<-POLICY
-  - !host
-    id: #{@host_id}
-    owner: !user #{@host_owner_id}
-  POLICY
-
-  @host_api_key = response.created_roles["cucumber:host:#{@host_id}"]['api_key']
-  expect(@host_api_key).to be
-  @host = $conjur.resource("cucumber:host:#{@host_id}")
-  @host.attributes['api_key'] = @host_api_key
-end

data/features/step_definitions/result_steps.rb

@@ -1,7 +0,0 @@
-Then(/^the result should be "([^"]+)"$/) do |expected|
-  expect(@result.to_s).to eq(expected.to_s)
-end
-
-Then(/^the result should be the public key$/) do
-  expect(@result).to eq(@public_key + "\n")
-end

data/features/support/env.rb

@@ -1,18 +0,0 @@
-require 'simplecov'
-
-SimpleCov.start do
-  command_name "#{ENV['RUBY_VERSION']}"
-end
-
-require 'json_spec/cucumber'
-require 'conjur/api'
-
-Conjur.configuration.appliance_url = ENV['CONJUR_APPLIANCE_URL'] || 'http://localhost/api/v6'
-Conjur.configuration.account = ENV['CONJUR_ACCOUNT'] || 'cucumber'
-Conjur.configuration.authn_local_socket = "/run/authn-local-5/.socket"
-
-$username = ENV['CONJUR_AUTHN_LOGIN'] || 'admin'
-$password = ENV['CONJUR_AUTHN_API_KEY'] || 'secret'
-
-$api_key = Conjur::API.login $username, $password
-$conjur = Conjur::API.new_from_key $username, $api_key

data/features/support/hooks.rb

@@ -1,3 +0,0 @@
-Before do
-  $conjur.load_policy 'root', "--- []"
-end

data/features/support/world.rb

@@ -1,12 +0,0 @@
-module ApiWorld
-  def last_json
-    @result.to_json
-  end
-
-  def random_hex nbytes = 12
-    @random ||= Random.new
-    @random.bytes(nbytes).unpack('h*').first
-  end
-end
-
-World ApiWorld

data/features/update_password.feature

@@ -1,14 +0,0 @@
-Feature: Change a user's password.
-  Background:
-    Given a new user
-
-  Scenario: A user can set/change her password using the current API key.
-    When I run the code:
-    """
-    Conjur::API.update_password @user_id, @user_api_key, 'SEcret12!!!!'
-    @new_api_key = Conjur::API.login @user_id, 'SEcret12!!!!'
-    """
-    Then I can run the code:
-    """
-    Conjur::API.new_from_key(@user_id, @new_api_key).token
-    """

data/features/user.feature

@@ -1,58 +0,0 @@
-Feature: User object
-
-  Background:
-
-  Scenario: User has a uidnumber
-    Given a new user
-    Then I can run the code:
-    """
-    @user.uidnumber
-    """
-    Then the result should be "1000"
-
-  Scenario: Logged-in user is the current_role
-    Given a new user
-    Then I can run the code:
-    """
-    expect($conjur.current_role(Conjur.configuration.account).id.to_s).to eq("cucumber:user:admin")
-    """
-
-  # Rotation of own API key should be done via `Conjur::API.rotate_api_key()`
-  Scenario: User's own API key cannot be rotated with an API key
-    Given a new user
-    Then this code should fail with "You cannot rotate your own API key via this method"
-    """
-    user = Conjur::API.new_from_key(@user.login, @user_api_key).resource(@user.id)
-    user.rotate_api_key
-    """
-
-  # Rotation of own API key should be done via `Conjur::API.rotate_api_key()`
-  Scenario: User's own API key cannot be rotated with a token
-    Given a new user
-    Then this code should fail with "You cannot rotate your own API key via this method"
-    """
-    token = Conjur::API.new_from_key(@user.login, @user_api_key).token
-
-    user = Conjur::API.new_from_token(token).resource(@user.id)
-    user.rotate_api_key
-    """
-
-  Scenario: Delegated user's API key can be rotated with an API key
-    Given a new delegated user
-    Then I can run the code:
-    """
-    delegated_user_resource = Conjur::API.new_from_key(@user_owner.login, @user_owner_api_key).resource(@user.id)
-    api_key = delegated_user_resource.rotate_api_key
-    Conjur::API.new_from_key(delegated_user_resource.login, api_key).token
-    """
-
-  Scenario: Delegated user's API key can be rotated with a token
-    Given a new delegated user
-    Then I can run the code:
-    """
-    token = Conjur::API.new_from_key(@user_owner.login, @user_owner_api_key).token
-
-    delegated_user_resource = Conjur::API.new_from_token(token).resource(@user.id)
-    api_key = delegated_user_resource.rotate_api_key
-    Conjur::API.new_from_key(delegated_user_resource.login, api_key).token
-    """

data/features/variable_fields.feature

@@ -1,20 +0,0 @@
-Feature: Display Variable fields.
-
-  Background:
-    Given I run the code:
-    """
-    $conjur.load_policy 'root', <<-POLICY
-    - !variable
-      id: ssl-certificate
-      kind: SSL certificate
-      mime_type: application/x-pem-file
-    POLICY
-    """
-    And I run the code:
-    """
-    $conjur.resource('cucumber:variable:ssl-certificate')
-    """
-
-  Scenario: Display MIME type and kind
-    Then the JSON at "mime_type" should be "application/x-pem-file"
-    And the JSON at "kind" should be "SSL certificate"

data/features/variable_value.feature

@@ -1,60 +0,0 @@
-Feature: Work with Variable values.
-
-  Background:
-    Given I run the code:
-    """
-    @variable_id = "password"
-    $conjur.load_policy 'root', <<-POLICY
-    - !variable #{@variable_id}
-    - !variable #{@variable_id}-2
-    POLICY
-    @variable = $conjur.resource("cucumber:variable:#{@variable_id}")
-    @variable_2 = $conjur.resource("cucumber:variable:#{@variable_id}-2")
-    """
-
-  Scenario: Add a value, retrieve the variable metadata and the value.
-    When I run the code:
-    """
-    @initial_count = @variable.version_count
-    @variable.add_value 'value-0'
-    """
-    And I run the code:
-    """
-    expect(@variable.version_count).to eq(@initial_count + 1)
-    """
-    And I run the code:
-    """
-    @variable.value(@variable.version_count)
-    """
-    Then the result should be "value-0"
-
-  Scenario: Retrieve a historical value.
-    Given I run the code:
-    """
-    @variable.add_value 'value-0'
-    @variable.add_value 'value-1'
-    @variable.add_value 'value-2'
-    """
-    When I run the code:
-    """
-    @variable.value(@variable.version_count - 2)
-    """
-    Then the result should be "value-0"
-
-  Scenario: Retrieve multiple values in a batch
-    Given I run the code:
-    """
-    @variable.add_value 'value-0'
-    @variable_2.add_value 'value-2'
-    """
-    When I run the code:
-    """
-    $conjur.variable_values([ @variable, @variable_2 ].map(&:id))
-    """
-    Then the JSON should be:
-    """
-    {
-      "cucumber:variable:password": "value-0",
-      "cucumber:variable:password-2": "value-2"
-    }
-    """

data/features_v4/authn_local.feature

@@ -1,27 +0,0 @@
-Feature: When co-located with the Conjur server, the API can use the authn-local service to authenticate.
-
-  Scenario: authn-local can be used to obtain an access token.
-    When I run the code:
-    """
-    Conjur::API.authenticate_local "alice"
-    """
-    Then the JSON should have "data"
-
-  Scenario: Conjur API supports construction from authn-local.
-    When I run the code:
-    """
-    @api = Conjur::API.new_from_authn_local "alice"
-    @api.token
-    """
-    Then the JSON should have "data"
-
-  Scenario: Conjur API will automatically refresh the token.
-    When I run the code:
-    """
-    @api = Conjur::API.new_from_authn_local "alice"
-    @api.token
-    @api.force_token_refresh
-    @api.token
-    """
-    Then the JSON should have "data"
-    And the JSON at "data" should be "alice"

data/features_v4/exists.feature

@@ -1,29 +0,0 @@
-Feature: Check if an object exists.
-
-  Scenario: A created group resource exists
-    When I run the code:
-    """
-    $conjur.resource('cucumber:group:developers').exists?
-    """
-    Then the result should be "true"
-
-  Scenario: An un-created resource doesn't exist
-    When I run the code:
-    """
-    $conjur.resource('cucumber:food:bacon').exists?
-    """
-    Then the result should be "false"
-
-  Scenario: A created group role exists
-    When I run the code:
-    """
-    $conjur.role('cucumber:group:developers').exists?
-    """
-    Then the result should be "true"
-
-  Scenario: An un-created role doesn't exist
-    When I run the code:
-    """
-    $conjur.role('cucumber:food:bacon').exists?
-    """
-    Then the result should be "false"

data/features_v4/host.feature

@@ -1,18 +0,0 @@
-Feature: Display Host object fields.
-
-  Background:
-    Given a new host
-
-  Scenario: API key of a newly created host is available and valid.
-    Then I run the code:
-    """
-    expect(@host.exists?).to be(true)
-    expect(@host.api_key).to be
-    """
-
-  Scenario: API key of a a host can be rotated.
-    Then I run the code:
-    """
-    api_key = @host.rotate_api_key
-    Conjur::API.new_from_key("host/#{@host.id.identifier}", api_key).token
-    """