conjur-api 5.3.7 → 5.3.8.pre.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (143) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. metadata +23 -193
  4. data/.codeclimate.yml +0 -10
  5. data/.dockerignore +0 -1
  6. data/.github/CODEOWNERS +0 -10
  7. data/.gitignore +0 -32
  8. data/.gitleaks.toml +0 -219
  9. data/.overcommit.yml +0 -16
  10. data/.project +0 -18
  11. data/.rubocop.yml +0 -3
  12. data/.rubocop_settings.yml +0 -86
  13. data/.rubocop_todo.yml +0 -709
  14. data/.yardopts +0 -1
  15. data/CHANGELOG.md +0 -433
  16. data/CONTRIBUTING.md +0 -141
  17. data/Dockerfile +0 -16
  18. data/Gemfile +0 -7
  19. data/Jenkinsfile +0 -168
  20. data/LICENSE +0 -202
  21. data/README.md +0 -162
  22. data/Rakefile +0 -47
  23. data/SECURITY.md +0 -42
  24. data/bin/parse-changelog.sh +0 -12
  25. data/ci/configure_v4.sh +0 -12
  26. data/ci/configure_v5.sh +0 -14
  27. data/ci/submit-coverage +0 -36
  28. data/conjur-api.gemspec +0 -40
  29. data/dev/Dockerfile.dev +0 -12
  30. data/dev/docker-compose.yml +0 -56
  31. data/dev/start +0 -22
  32. data/dev/stop +0 -5
  33. data/docker-compose.yml +0 -76
  34. data/example/demo_v4.rb +0 -49
  35. data/example/demo_v5.rb +0 -57
  36. data/features/authenticators.feature +0 -33
  37. data/features/authn_local.feature +0 -32
  38. data/features/exists.feature +0 -37
  39. data/features/group.feature +0 -11
  40. data/features/host.feature +0 -50
  41. data/features/host_factory_create_host.feature +0 -28
  42. data/features/host_factory_token.feature +0 -63
  43. data/features/load_policy.feature +0 -61
  44. data/features/members.feature +0 -51
  45. data/features/new_api.feature +0 -36
  46. data/features/permitted.feature +0 -70
  47. data/features/permitted_roles.feature +0 -30
  48. data/features/public_keys.feature +0 -11
  49. data/features/resource_fields.feature +0 -53
  50. data/features/role_fields.feature +0 -15
  51. data/features/rotate_api_key.feature +0 -13
  52. data/features/step_definitions/api_steps.rb +0 -18
  53. data/features/step_definitions/policy_steps.rb +0 -75
  54. data/features/step_definitions/result_steps.rb +0 -7
  55. data/features/support/env.rb +0 -18
  56. data/features/support/hooks.rb +0 -3
  57. data/features/support/world.rb +0 -12
  58. data/features/update_password.feature +0 -14
  59. data/features/user.feature +0 -58
  60. data/features/variable_fields.feature +0 -20
  61. data/features/variable_value.feature +0 -60
  62. data/features_v4/authn_local.feature +0 -27
  63. data/features_v4/exists.feature +0 -29
  64. data/features_v4/host.feature +0 -18
  65. data/features_v4/host_factory_token.feature +0 -49
  66. data/features_v4/members.feature +0 -39
  67. data/features_v4/permitted.feature +0 -15
  68. data/features_v4/permitted_roles.feature +0 -8
  69. data/features_v4/resource_fields.feature +0 -47
  70. data/features_v4/rotate_api_key.feature +0 -13
  71. data/features_v4/step_definitions/api_steps.rb +0 -17
  72. data/features_v4/step_definitions/result_steps.rb +0 -3
  73. data/features_v4/support/env.rb +0 -23
  74. data/features_v4/support/policy.yml +0 -34
  75. data/features_v4/support/world.rb +0 -12
  76. data/features_v4/variable_fields.feature +0 -11
  77. data/features_v4/variable_value.feature +0 -54
  78. data/lib/conjur/acts_as_resource.rb +0 -123
  79. data/lib/conjur/acts_as_role.rb +0 -142
  80. data/lib/conjur/acts_as_rolsource.rb +0 -32
  81. data/lib/conjur/acts_as_user.rb +0 -68
  82. data/lib/conjur/api/authenticators.rb +0 -35
  83. data/lib/conjur/api/authn.rb +0 -125
  84. data/lib/conjur/api/host_factories.rb +0 -71
  85. data/lib/conjur/api/ldap_sync.rb +0 -38
  86. data/lib/conjur/api/policies.rb +0 -56
  87. data/lib/conjur/api/pubkeys.rb +0 -53
  88. data/lib/conjur/api/resources.rb +0 -109
  89. data/lib/conjur/api/roles.rb +0 -98
  90. data/lib/conjur/api/router/v4.rb +0 -206
  91. data/lib/conjur/api/router/v5.rb +0 -248
  92. data/lib/conjur/api/variables.rb +0 -59
  93. data/lib/conjur/api.rb +0 -105
  94. data/lib/conjur/base.rb +0 -355
  95. data/lib/conjur/base_object.rb +0 -57
  96. data/lib/conjur/build_object.rb +0 -47
  97. data/lib/conjur/cache.rb +0 -26
  98. data/lib/conjur/cert_utils.rb +0 -63
  99. data/lib/conjur/cidr.rb +0 -71
  100. data/lib/conjur/configuration.rb +0 -460
  101. data/lib/conjur/escape.rb +0 -129
  102. data/lib/conjur/exceptions.rb +0 -4
  103. data/lib/conjur/group.rb +0 -41
  104. data/lib/conjur/has_attributes.rb +0 -98
  105. data/lib/conjur/host.rb +0 -27
  106. data/lib/conjur/host_factory.rb +0 -75
  107. data/lib/conjur/host_factory_token.rb +0 -78
  108. data/lib/conjur/id.rb +0 -71
  109. data/lib/conjur/layer.rb +0 -9
  110. data/lib/conjur/log.rb +0 -72
  111. data/lib/conjur/log_source.rb +0 -60
  112. data/lib/conjur/policy.rb +0 -34
  113. data/lib/conjur/policy_load_result.rb +0 -61
  114. data/lib/conjur/query_string.rb +0 -12
  115. data/lib/conjur/resource.rb +0 -29
  116. data/lib/conjur/role.rb +0 -29
  117. data/lib/conjur/role_grant.rb +0 -85
  118. data/lib/conjur/routing.rb +0 -29
  119. data/lib/conjur/user.rb +0 -40
  120. data/lib/conjur/variable.rb +0 -208
  121. data/lib/conjur/webservice.rb +0 -30
  122. data/lib/conjur-api/version.rb +0 -24
  123. data/lib/conjur-api.rb +0 -2
  124. data/publish.sh +0 -5
  125. data/spec/api/host_factories_spec.rb +0 -34
  126. data/spec/api_spec.rb +0 -254
  127. data/spec/base_object_spec.rb +0 -13
  128. data/spec/cert_utils_spec.rb +0 -173
  129. data/spec/cidr_spec.rb +0 -34
  130. data/spec/configuration_spec.rb +0 -330
  131. data/spec/has_attributes_spec.rb +0 -63
  132. data/spec/helpers/errors_matcher.rb +0 -34
  133. data/spec/helpers/request_helpers.rb +0 -10
  134. data/spec/id_spec.rb +0 -29
  135. data/spec/ldap_sync_spec.rb +0 -21
  136. data/spec/log_source_spec.rb +0 -13
  137. data/spec/log_spec.rb +0 -42
  138. data/spec/roles_spec.rb +0 -24
  139. data/spec/spec_helper.rb +0 -113
  140. data/spec/ssl_spec.rb +0 -109
  141. data/spec/uri_escape_spec.rb +0 -21
  142. data/test.sh +0 -73
  143. data/tmp/.keep +0 -0
data/ci/submit-coverage DELETED
@@ -1,36 +0,0 @@
1
- #!/bin/bash
2
-
3
- set -eux
4
-
5
- DIR="coverage"
6
- BIN="cc-test-reporter"
7
- REPORT="${DIR}/.resultset.json"
8
-
9
- if [[ ! -e ${REPORT} ]]; then
10
- echo "SimpleCov report (${REPORT}) not found"
11
- ls -laR ${DIR}
12
- exit 1
13
- fi
14
-
15
- if [[ ! -x ${BIN} ]]; then
16
- echo "cc-test-reporter binary not found, not reporting coverage data to code climate"
17
- ls -laR ${DIR}
18
- # report is present but reporter binary is not, definitely a bug, exit error.
19
- exit 1
20
- fi
21
-
22
- # Simplecov excludes files not within the current repo, it also needs to
23
- # be able to read all the files referenced within the report. As the reports
24
- # are generated in containers, the absolute paths contained in the report
25
- # are not valid outside that container. This sed fixes the paths
26
- # So they are correct relative to the Jenkins workspace.
27
- sed -i -E "s+/src/conjur-api+${WORKSPACE}+g" "${REPORT}"
28
-
29
- echo "Coverage reports prepared, submitting to CodeClimate."
30
- # vars GIT_COMMIT, GIT_BRANCH & TRID are set by ccCoverage.dockerPrep
31
-
32
- ./${BIN} after-build \
33
- --coverage-input-type "simplecov"\
34
- --id "${TRID}"
35
-
36
- echo "Successfully Reported Coverage Data"
data/conjur-api.gemspec DELETED
@@ -1,40 +0,0 @@
1
- # -*- encoding: utf-8 -*-
2
- require File.expand_path('../lib/conjur-api/version', __FILE__)
3
-
4
- Gem::Specification.new do |gem|
5
- gem.authors = ["CyberArk Maintainers"]
6
- gem.email = ["conj_maintainers@cyberark.com"]
7
- gem.description = %q{Conjur API}
8
- gem.summary = %q{Conjur API}
9
- gem.homepage = "https://github.com/cyberark/conjur-api-ruby/"
10
- gem.license = "Apache-2.0"
11
-
12
- gem.files = `git ls-files`.split($\).append("VERSION") + Dir['build_number']
13
- gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
14
- gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
15
- gem.name = "conjur-api"
16
- gem.require_paths = ["lib"]
17
- gem.version = Conjur::API::VERSION
18
-
19
- gem.required_ruby_version = '>= 1.9'
20
-
21
- # Filter out development only executables
22
- gem.executables -= %w{parse-changelog.sh}
23
-
24
- gem.add_dependency 'rest-client'
25
- gem.add_dependency 'activesupport', '>= 4.2'
26
- gem.add_dependency 'addressable', '~> 2.0'
27
-
28
- gem.add_development_dependency 'rake', '>= 12.3.3'
29
- gem.add_development_dependency 'rspec', '~> 3'
30
- gem.add_development_dependency 'rspec-expectations', '~> 3.4'
31
- gem.add_development_dependency 'json_spec'
32
- gem.add_development_dependency 'cucumber', '~> 2.99'
33
- gem.add_development_dependency 'ci_reporter_rspec'
34
- gem.add_development_dependency 'simplecov', '~> 0.17', '< 0.18'
35
- gem.add_development_dependency 'io-grab'
36
- gem.add_development_dependency 'rdoc'
37
- gem.add_development_dependency 'yard'
38
- gem.add_development_dependency 'fakefs'
39
- gem.add_development_dependency 'pry-byebug'
40
- end
data/dev/Dockerfile.dev DELETED
@@ -1,12 +0,0 @@
1
- FROM ruby:2.5
2
-
3
- RUN apt-get update && apt-get install -y vim curl
4
-
5
- WORKDIR /src/conjur-api
6
-
7
- COPY Gemfile conjur-api.gemspec ./
8
- COPY lib/conjur-api/version.rb ./lib/conjur-api/
9
-
10
- RUN bundle
11
-
12
- COPY . ./
@@ -1,56 +0,0 @@
1
- version: '3'
2
- services:
3
- pg:
4
- image: postgres:9.3
5
-
6
- conjur_5:
7
- image: cyberark/conjur
8
- command: server -a cucumber
9
- environment:
10
- DATABASE_URL: postgres://postgres@pg/postgres
11
- CONJUR_DATA_KEY: 'WMfApcDBtocRWV+ZSUP3Tjr5XNU+Z2FdBb6BEezejIs='
12
- volumes:
13
- - authn_local_5:/run/authn-local
14
- depends_on:
15
- - pg
16
-
17
- conjur_4:
18
- image: registry2.itci.conjur.net/conjur-appliance-cuke-master:4.9-stable
19
- security_opt:
20
- - seccomp:unconfined
21
- volumes:
22
- - ../features_v4/support/policy.yml:/etc/policy.yml
23
- - authn_local_4:/run/authn-local
24
-
25
- gem:
26
- build:
27
- context: ../
28
- dockerfile: dev/Dockerfile.dev
29
- entrypoint: sleep
30
- command: infinity
31
- environment:
32
- CONJUR_APPLIANCE_URL: http://conjur_5
33
- CONJUR_VERSION: 5
34
- CONJUR_ACCOUNT: cucumber
35
- links:
36
- - conjur_5:conjur_5
37
- - conjur_4:conjur_4
38
- volumes:
39
- - ..:/src/conjur-api
40
- - authn_local_4:/run/authn-local-4
41
- - authn_local_5:/run/authn-local-5
42
-
43
- client:
44
- image: conjurinc/cli5
45
- entrypoint: sleep
46
- command: infinity
47
- environment:
48
- CONJUR_APPLIANCE_URL: http://conjur_5
49
- CONJUR_ACCOUNT: cucumber
50
- CONJUR_AUTHN_LOGIN: admin
51
- links:
52
- - conjur_5:conjur_5
53
-
54
- volumes:
55
- authn_local_5:
56
- authn_local_4:
data/dev/start DELETED
@@ -1,22 +0,0 @@
1
- #!/bin/bash -ex
2
-
3
- function v5_development() {
4
- docker-compose up -d --no-deps conjur_5 pg gem client
5
-
6
- docker-compose exec -T conjur_5 conjurctl wait
7
-
8
- local api_key=$(docker-compose exec -T conjur_5 rake 'role:retrieve-key[cucumber:user:admin]')
9
- api_key=$(docker-compose exec -T conjur_5 conjurctl role retrieve-key cucumber:user:admin | tr -d '\r')
10
-
11
- docker exec -e CONJUR_AUTHN_API_KEY="$api_key" -it --detach-keys 'ctrl-\' $(docker-compose ps -q gem) bash
12
- }
13
-
14
- # Set up VERSION file for local development
15
- if [ ! -f "../VERSION" ]; then
16
- echo -n "0.0.dev" > ../VERSION
17
- fi
18
-
19
- docker-compose pull
20
- docker-compose build
21
-
22
- v5_development
data/dev/stop DELETED
@@ -1,5 +0,0 @@
1
- #!/bin/bash -ex
2
-
3
- echo 'Removing test environment'
4
- echo '---'
5
- docker-compose down --rmi 'local' --volumes
data/docker-compose.yml DELETED
@@ -1,76 +0,0 @@
1
- version: '2.1'
2
- services:
3
- pg:
4
- image: postgres:9.3
5
-
6
- conjur_5:
7
- image: cyberark/conjur
8
- command: server -a cucumber
9
- environment:
10
- DATABASE_URL: postgres://postgres@pg/postgres
11
- CONJUR_DATA_KEY: 'WMfApcDBtocRWV+ZSUP3Tjr5XNU+Z2FdBb6BEezejIs='
12
- volumes:
13
- - authn_local_5:/run/authn-local
14
- depends_on:
15
- - pg
16
-
17
- conjur_4:
18
- image: registry2.itci.conjur.net/conjur-appliance-cuke-master:4.9-stable
19
- security_opt:
20
- - seccomp:unconfined
21
- volumes:
22
- - ./features_v4/support/policy.yml:/etc/policy.yml
23
- - authn_local_4:/run/authn-local
24
-
25
- tester_5:
26
- build:
27
- context: .
28
- dockerfile: Dockerfile
29
- args:
30
- RUBY_VERSION: ${RUBY_VERSION}
31
- volumes:
32
- - ./spec/reports:/src/conjur-api/spec/reports
33
- - ./features/reports:/src/conjur-api/features/reports
34
- - ./coverage:/src/conjur-api/coverage
35
- - authn_local_5:/run/authn-local-5
36
- environment:
37
- CONJUR_APPLIANCE_URL: http://conjur_5
38
- CONJUR_VERSION: 5
39
- CONJUR_ACCOUNT: cucumber
40
-
41
- tester_4:
42
- build:
43
- context: .
44
- dockerfile: Dockerfile
45
- args:
46
- RUBY_VERSION: ${RUBY_VERSION}
47
- volumes:
48
- - ./features_v4/reports:/src/conjur-api/features_v4/reports
49
- - ./tmp/conjur.pem:/src/conjur-api/tmp/conjur.pem
50
- - ./coverage_v4:/src/conjur-api/coverage
51
- - authn_local_4:/run/authn-local-4
52
- environment:
53
- CONJUR_APPLIANCE_URL: https://conjur_4/api
54
- CONJUR_VERSION: 4
55
- CONJUR_ACCOUNT: cucumber
56
-
57
- dev:
58
- build:
59
- context: .
60
- dockerfile: Dockerfile
61
- args:
62
- RUBY_VERSION: ${RUBY_VERSION}
63
- entrypoint: bash
64
- volumes:
65
- - .:/src/conjur-api
66
- - authn_local_4:/run/authn-local-4
67
- - authn_local_5:/run/authn-local-5
68
- environment:
69
- CONJUR_ACCOUNT: cucumber
70
- depends_on:
71
- - conjur_4
72
- - conjur_5
73
-
74
- volumes:
75
- authn_local_4:
76
- authn_local_5:
data/example/demo_v4.rb DELETED
@@ -1,49 +0,0 @@
1
- #!/usr/bin/env ruby
2
-
3
- require 'conjur-api'
4
- require 'securerandom'
5
-
6
- username = "admin"
7
- password = "secret"
8
-
9
- Conjur.configuration.appliance_url = "https://conjur_4/api"
10
- Conjur.configuration.account = "cucumber"
11
- Conjur.configuration.cert_file = "./tmp/conjur.pem"
12
- Conjur.configuration.version = 4
13
- Conjur.configuration.apply_cert_config!
14
-
15
- puts "Configured with Conjur version: #{Conjur.configuration.version}"
16
- puts
17
-
18
- api_key = Conjur::API.login username, password
19
- api = Conjur::API.new_from_key username, api_key
20
-
21
- db_password = SecureRandom.hex(12)
22
- puts "Populating variable 'db-password' = #{db_password.inspect}"
23
- api.resource("cucumber:variable:db-password").add_value db_password
24
- puts "Value added"
25
- puts
26
-
27
- puts "Creating host factory token for 'myapp'"
28
- expiration = Time.now + 1.day
29
- hf_token = api.resource("cucumber:host_factory:myapp").create_token expiration
30
- puts "Created: #{hf_token.token}"
31
- puts
32
-
33
- puts "Creating new host 'host-01' with host factory"
34
- host = Conjur::API.host_factory_create_host(hf_token, "host-01")
35
- puts "Created: #{host}"
36
- puts
37
-
38
- puts "Logging in as #{host.id}"
39
- host_api = Conjur::API.new_from_key "host/host-01", host.api_key
40
- puts "Logged in"
41
- puts
42
-
43
-
44
- puts "Fetching db-password as #{host.id}"
45
- value = host_api.resource("cucumber:variable:db-password").value
46
- puts value
47
- puts
48
-
49
- puts "Done!"
data/example/demo_v5.rb DELETED
@@ -1,57 +0,0 @@
1
- #!/usr/bin/env ruby
2
-
3
- require 'conjur-api'
4
- require 'securerandom'
5
-
6
- username = "admin"
7
-
8
- arguments = ARGV.dup
9
-
10
- api_key = arguments.shift or raise "Usage: ./demo_v5 <admin-api-key>"
11
-
12
- Conjur.configuration.appliance_url = "http://conjur_5"
13
- Conjur.configuration.account = "cucumber"
14
- # This is the default
15
- # Conjur.configuration.version = 5
16
-
17
- puts "Configured with Conjur version: #{Conjur.configuration.version}"
18
- puts
19
-
20
- api = Conjur::API.new_from_key username, api_key
21
-
22
- policy = File.read("features_v4/support/policy.yml")
23
-
24
- puts "Loading policy 'root'"
25
- policy_result = api.load_policy "root", policy
26
- puts "Loaded: #{policy_result}"
27
- puts
28
-
29
- db_password = SecureRandom.hex(12)
30
- puts "Populating variable 'db-password' = #{db_password.inspect}"
31
- api.resource("cucumber:variable:db-password").add_value db_password
32
- puts "Value added"
33
- puts
34
-
35
- puts "Creating host factory token for 'myapp'"
36
- expiration = Time.now + 1.day
37
- hf_token = api.resource("cucumber:host_factory:myapp").create_token expiration
38
- puts "Created: #{hf_token.token}"
39
- puts
40
-
41
- puts "Creating new host 'host-01' with host factory"
42
- host = Conjur::API.host_factory_create_host(hf_token, "host-01")
43
- puts "Created: #{host}"
44
- puts
45
-
46
- puts "Logging in as #{host.id}"
47
- host_api = Conjur::API.new_from_key "host/host-01", host.api_key
48
- puts "Logged in"
49
- puts
50
-
51
-
52
- puts "Fetching db-password as #{host.id}"
53
- value = host_api.resource("cucumber:variable:db-password").value
54
- puts value
55
- puts
56
-
57
- puts "Done!"
@@ -1,33 +0,0 @@
1
- Feature: List and manage authenticators
2
-
3
- Background:
4
- Given I run the code:
5
- """
6
- $conjur.load_policy 'root', <<-POLICY
7
- - !webservice conjur/authn-k8s/my-auth
8
- POLICY
9
- """
10
-
11
- Scenario: Authenticator list includes the authenticator status
12
- When I run the code:
13
- """
14
- $conjur.authenticator_list
15
- """
16
- Then the JSON should have "installed"
17
- And the JSON should have "configured"
18
- And the JSON should have "enabled"
19
- And the JSON at "enabled" should be ["authn"]
20
-
21
- Scenario: Enable and disable authenticator
22
- When I run the code:
23
- """
24
- $conjur.authenticator_enable("authn-k8s", "my-auth")
25
- $conjur.authenticator_list
26
- """
27
- Then the JSON at "enabled" should be ["authn", "authn-k8s/my-auth"]
28
- When I run the code:
29
- """
30
- $conjur.authenticator_disable("authn-k8s", "my-auth")
31
- $conjur.authenticator_list
32
- """
33
- Then the JSON at "enabled" should be ["authn"]
@@ -1,32 +0,0 @@
1
- Feature: When co-located with the Conjur server, the API can use the authn-local service to authenticate.
2
-
3
- Scenario: authn-local can be used to obtain an access token.
4
- When I run the code:
5
- """
6
- Conjur::API.authenticate_local "alice"
7
- """
8
- Then the JSON should have "payload"
9
- And I run the code:
10
- """
11
- JSON.parse(Base64.decode64(@result['payload']))
12
- """
13
- Then the JSON should have "sub"
14
- And the JSON should have "iat"
15
-
16
- Scenario: Conjur API supports construction from authn-local.
17
- When I run the code:
18
- """
19
- @api = Conjur::API.new_from_authn_local "alice"
20
- @api.token
21
- """
22
- Then the JSON should have "payload"
23
-
24
- Scenario: Conjur API will automatically refresh the token.
25
- When I run the code:
26
- """
27
- @api = Conjur::API.new_from_authn_local "alice"
28
- @api.token
29
- @api.force_token_refresh
30
- @api.token
31
- """
32
- Then the JSON should have "payload"
@@ -1,37 +0,0 @@
1
- Feature: Check if an object exists.
2
-
3
- Background:
4
- Given I run the code:
5
- """
6
- $conjur.load_policy 'root', <<-POLICY
7
- - !group developers
8
- POLICY
9
- """
10
-
11
- Scenario: A created group resource exists
12
- When I run the code:
13
- """
14
- $conjur.resource('cucumber:group:developers').exists?
15
- """
16
- Then the result should be "true"
17
-
18
- Scenario: An un-created resource doesn't exist
19
- When I run the code:
20
- """
21
- $conjur.resource('cucumber:food:bacon').exists?
22
- """
23
- Then the result should be "false"
24
-
25
- Scenario: A created group role exists
26
- When I run the code:
27
- """
28
- $conjur.role('cucumber:group:developers').exists?
29
- """
30
- Then the result should be "true"
31
-
32
- Scenario: An un-created role doesn't exist
33
- When I run the code:
34
- """
35
- $conjur.role('cucumber:food:bacon').exists?
36
- """
37
- Then the result should be "false"
@@ -1,11 +0,0 @@
1
- Feature: Display Group object fields.
2
-
3
- Background:
4
- Given a new group
5
-
6
- Scenario: Group has a gidnumber.
7
- Then I run the code:
8
- """
9
- @group.gidnumber
10
- """
11
- Then the result should be "1000"
@@ -1,50 +0,0 @@
1
- Feature: Host object
2
-
3
- Scenario: API key of a newly created host is available and valid
4
- Given a new host
5
- Then I can run the code:
6
- """
7
- expect(@host.exists?).to be(true)
8
- expect(@host.api_key).to be
9
- Conjur::API.new_from_key(@host.login, @host.api_key).token
10
- """
11
-
12
- # Rotation of own API key should be done via `Conjur::API.rotate_api_key()`
13
- Scenario: Host's own API key cannot be rotated with an API key
14
- Given a new host
15
- Then this code should fail with "You cannot rotate your own API key via this method"
16
- """
17
- host = Conjur::API.new_from_key(@host.login, @host.api_key).resource(@host.id)
18
- host.rotate_api_key
19
- """
20
-
21
- # Rotation of own API key should be done via `Conjur::API.rotate_api_key()`
22
- Scenario: Host's own API key cannot be rotated with a token
23
- Given a new host
24
- Then this code should fail with "You cannot rotate your own API key via this method"
25
- """
26
- token = Conjur::API.new_from_key(@host.login, @host.api_key).token
27
-
28
- host = Conjur::API.new_from_token(token).resource(@host.id)
29
- host.rotate_api_key
30
- """
31
-
32
- Scenario: Delegated host's API key can be rotated with an API key
33
- Given a new delegated host
34
- Then I can run the code:
35
- """
36
- delegated_host_resource = Conjur::API.new_from_key(@host_owner.login, @host_owner_api_key).resource(@host.id)
37
- api_key = delegated_host_resource.rotate_api_key
38
- Conjur::API.new_from_key(delegated_host_resource.login, api_key).token
39
- """
40
-
41
- Scenario: Delegated host's API key can be rotated with a token
42
- Given a new delegated host
43
- Then I can run the code:
44
- """
45
- token = Conjur::API.new_from_key(@host_owner.login, @host_owner_api_key).token
46
-
47
- delegated_host_resource = Conjur::API.new_from_token(token).resource(@host.id)
48
- api_key = delegated_host_resource.rotate_api_key
49
- Conjur::API.new_from_key(delegated_host_resource.login, api_key).token
50
- """
@@ -1,28 +0,0 @@
1
- Feature: Create a host using a host factory token.
2
-
3
- Background:
4
- Given I run the code:
5
- """
6
- $conjur.load_policy 'root', <<-POLICY
7
- - !policy
8
- id: myapp
9
- body:
10
- - !layer
11
-
12
- - !host-factory
13
- layers: [ !layer ]
14
- POLICY
15
- @expiration = (DateTime.now + 1.hour).change(sec: 0)
16
- @host_factory = $conjur.resource('cucumber:host_factory:myapp')
17
- @token = @host_factory.create_token @expiration
18
- """
19
-
20
- Scenario: I can create a host from the token
21
- When I run the code:
22
- """
23
- Conjur::API.host_factory_create_host(@token.token, "app-01")
24
- """
25
- Then the JSON should have "id"
26
- And the JSON should have "permissions"
27
- And the JSON should have "owner"
28
- And the JSON should have "api_key"
@@ -1,63 +0,0 @@
1
- Feature: Working with host factory tokens.
2
-
3
- Background:
4
- Given I run the code:
5
- """
6
- $conjur.load_policy 'root', <<-POLICY
7
- - !policy
8
- id: myapp
9
- body:
10
- - !layer
11
-
12
- - !host-factory
13
- layers: [ !layer ]
14
- POLICY
15
- @expiration = (DateTime.now + 1.hour).change(sec: 0)
16
- @host_factory = $conjur.resource('cucumber:host_factory:myapp')
17
- """
18
-
19
- @wip
20
- Scenario: Create a new host factory token.
21
- When I run the code:
22
- """
23
- @token = @host_factory.create_token @expiration
24
- """
25
- Then I can run the code:
26
- """
27
- expect(@token).to be_instance_of(Conjur::HostFactoryToken)
28
- expect(@token.token).to be_instance_of(String)
29
- expiration = @token.expiration
30
- expiration = expiration.change(sec: 0)
31
- expect(expiration).to eq(@expiration)
32
- """
33
- And I can run the code:
34
- """
35
- expect(@host_factory.tokens).to eq([@token])
36
- """
37
-
38
- Scenario: Create multiple new host factory tokens.
39
- When I run the code:
40
- """
41
- @host_factory.create_tokens @expiration, count: 2
42
- """
43
- Then the JSON should have 2 items
44
-
45
- Scenario: Revoke a host factory token using the token object.
46
- When I run the code:
47
- """
48
- @token = @host_factory.create_token @expiration
49
- """
50
- Then I can run the code:
51
- """
52
- @token.revoke
53
- """
54
-
55
- Scenario: Revoke a host factory token using the API.
56
- When I run the code:
57
- """
58
- @token = @host_factory.create_token @expiration
59
- """
60
- Then I can run the code:
61
- """
62
- $conjur.revoke_host_factory_token @token.token
63
- """
@@ -1,61 +0,0 @@
1
- Feature: Load a policy.
2
-
3
- Scenario: Policy can be loaded into a policy id.
4
- Then I can run the code:
5
- """
6
- policy = <<-POLICY
7
- - !group security_admin
8
-
9
- - !policy
10
- id: myapp
11
- body:
12
- - !layer
13
-
14
- - !host-factory
15
- layers: [ !layer ]
16
-
17
- - !host app-01
18
-
19
- - !grant
20
- role: !layer myapp
21
- member: !host app-01
22
- POLICY
23
-
24
- $conjur.load_policy 'root', policy
25
- """
26
-
27
- Scenario: The policy load reports the API keys of created roles.
28
- Then I can run the code:
29
- """
30
- $conjur.load_policy 'root', <<-POLICY
31
- - !host app-#{random_hex}
32
- POLICY
33
- """
34
- Then the JSON should have "version"
35
- And the JSON should have "created_roles"
36
- And the JSON at "created_roles" should have 1 item
37
-
38
- Scenario: Policy contents can be replaced using POLICY_METHOD_PUT.
39
- Given I run the code:
40
- """
41
- $conjur.load_policy 'root', <<-POLICY
42
- - !group developers
43
- - !group operations
44
- POLICY
45
- """
46
- And I run the code:
47
- """
48
- $conjur.load_policy 'root', <<-POLICY, method: Conjur::API::POLICY_METHOD_PUT
49
- --- []
50
- POLICY
51
- """
52
- And I run the code:
53
- """
54
- $conjur.resources.map(&:id)
55
- """
56
- Then the JSON should be:
57
- """
58
- [
59
- "cucumber:policy:root"
60
- ]
61
- """