conjur-api 5.3.7 → 5.3.8.pre.8

data/ci/submit-coverage

@@ -1,36 +0,0 @@
-#!/bin/bash
-
-set -eux
-
-DIR="coverage"
-BIN="cc-test-reporter"
-REPORT="${DIR}/.resultset.json"
-
-if [[ ! -e ${REPORT} ]]; then
-    echo "SimpleCov report (${REPORT}) not found"
-    ls -laR ${DIR}
-    exit 1
-fi
-
-if [[ ! -x ${BIN} ]]; then
-    echo "cc-test-reporter binary not found, not reporting coverage data to code climate"
-    ls -laR ${DIR}
-    # report is present but reporter binary is not, definitely a bug, exit error.
-    exit 1
-fi
-
-# Simplecov excludes files not within the current repo, it also needs to
-# be able to read all the files referenced within the report. As the reports
-# are generated in containers, the absolute paths contained in the report
-# are not valid outside that container. This sed fixes the paths
-# So they are correct relative to the Jenkins workspace.
-sed -i -E "s+/src/conjur-api+${WORKSPACE}+g" "${REPORT}"
-
-echo "Coverage reports prepared, submitting to CodeClimate."
-# vars GIT_COMMIT, GIT_BRANCH & TRID are set by ccCoverage.dockerPrep
-
-./${BIN} after-build \
-    --coverage-input-type "simplecov"\
-    --id "${TRID}"
-
-echo "Successfully Reported Coverage Data"

data/conjur-api.gemspec

@@ -1,40 +0,0 @@
-# -*- encoding: utf-8 -*-
-require File.expand_path('../lib/conjur-api/version', __FILE__)
-
-Gem::Specification.new do |gem|
-  gem.authors       = ["CyberArk Maintainers"]
-  gem.email         = ["conj_maintainers@cyberark.com"]
-  gem.description   = %q{Conjur API}
-  gem.summary       = %q{Conjur API}
-  gem.homepage      = "https://github.com/cyberark/conjur-api-ruby/"
-  gem.license       = "Apache-2.0"
-
-  gem.files         = `git ls-files`.split($\).append("VERSION") + Dir['build_number']
-  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
-  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
-  gem.name          = "conjur-api"
-  gem.require_paths = ["lib"]
-  gem.version       = Conjur::API::VERSION
-
-  gem.required_ruby_version = '>= 1.9'
-
-  # Filter out development only executables
-  gem.executables -= %w{parse-changelog.sh}
-
-  gem.add_dependency 'rest-client'
-  gem.add_dependency 'activesupport', '>= 4.2'
-  gem.add_dependency 'addressable', '~> 2.0'
-
-  gem.add_development_dependency 'rake', '>= 12.3.3'
-  gem.add_development_dependency 'rspec', '~> 3'
-  gem.add_development_dependency 'rspec-expectations', '~> 3.4'
-  gem.add_development_dependency 'json_spec'
-  gem.add_development_dependency 'cucumber', '~> 2.99'
-  gem.add_development_dependency 'ci_reporter_rspec'
-  gem.add_development_dependency 'simplecov', '~> 0.17', '< 0.18'
-  gem.add_development_dependency 'io-grab'
-  gem.add_development_dependency 'rdoc'
-  gem.add_development_dependency 'yard'
-  gem.add_development_dependency 'fakefs'
-  gem.add_development_dependency 'pry-byebug'
-end

data/dev/Dockerfile.dev

@@ -1,12 +0,0 @@
-FROM ruby:2.5
-
-RUN apt-get update && apt-get install -y vim curl
-
-WORKDIR /src/conjur-api
-
-COPY Gemfile conjur-api.gemspec ./
-COPY lib/conjur-api/version.rb ./lib/conjur-api/
-
-RUN bundle
-
-COPY . ./

data/dev/docker-compose.yml

@@ -1,56 +0,0 @@
-version: '3'
-services:
-  pg:
-    image: postgres:9.3
-
-  conjur_5:
-    image: cyberark/conjur
-    command: server -a cucumber
-    environment:
-      DATABASE_URL: postgres://postgres@pg/postgres
-      CONJUR_DATA_KEY: 'WMfApcDBtocRWV+ZSUP3Tjr5XNU+Z2FdBb6BEezejIs='
-    volumes:
-      - authn_local_5:/run/authn-local
-    depends_on:
-      - pg
-
-  conjur_4:
-    image: registry2.itci.conjur.net/conjur-appliance-cuke-master:4.9-stable
-    security_opt:
-      - seccomp:unconfined
-    volumes:
-      - ../features_v4/support/policy.yml:/etc/policy.yml
-      - authn_local_4:/run/authn-local
-
-  gem:
-    build:
-      context: ../
-      dockerfile: dev/Dockerfile.dev
-    entrypoint: sleep
-    command: infinity
-    environment:
-      CONJUR_APPLIANCE_URL: http://conjur_5
-      CONJUR_VERSION: 5
-      CONJUR_ACCOUNT: cucumber
-    links:
-      - conjur_5:conjur_5
-      - conjur_4:conjur_4
-    volumes:
-      - ..:/src/conjur-api
-      - authn_local_4:/run/authn-local-4
-      - authn_local_5:/run/authn-local-5
-
-  client:
-    image: conjurinc/cli5
-    entrypoint: sleep
-    command: infinity
-    environment:
-      CONJUR_APPLIANCE_URL: http://conjur_5
-      CONJUR_ACCOUNT: cucumber
-      CONJUR_AUTHN_LOGIN: admin
-    links:
-    - conjur_5:conjur_5
-
-volumes:
-  authn_local_5:
-  authn_local_4:

data/dev/start

@@ -1,22 +0,0 @@
-#!/bin/bash -ex
-
-function v5_development() {
-  docker-compose up -d --no-deps conjur_5 pg gem client
-
-  docker-compose exec -T conjur_5 conjurctl wait
-
-  local api_key=$(docker-compose exec -T conjur_5 rake 'role:retrieve-key[cucumber:user:admin]')
-  api_key=$(docker-compose exec -T conjur_5 conjurctl role retrieve-key cucumber:user:admin | tr -d '\r')
-
-  docker exec -e CONJUR_AUTHN_API_KEY="$api_key" -it --detach-keys 'ctrl-\' $(docker-compose ps -q gem) bash
-}
-
-# Set up VERSION file for local development
-if [ ! -f "../VERSION" ]; then
-  echo -n "0.0.dev" > ../VERSION
-fi
-
-docker-compose pull
-docker-compose build
-
-v5_development

data/dev/stop

@@ -1,5 +0,0 @@
-#!/bin/bash -ex
-
-echo 'Removing test environment'
-echo '---'
-docker-compose down --rmi 'local' --volumes

data/docker-compose.yml

@@ -1,76 +0,0 @@
-version: '2.1'
-services:
-  pg:
-    image: postgres:9.3
-
-  conjur_5:
-    image: cyberark/conjur
-    command: server -a cucumber
-    environment:
-      DATABASE_URL: postgres://postgres@pg/postgres
-      CONJUR_DATA_KEY: 'WMfApcDBtocRWV+ZSUP3Tjr5XNU+Z2FdBb6BEezejIs='
-    volumes:
-      - authn_local_5:/run/authn-local
-    depends_on:
-      - pg
-
-  conjur_4:
-    image: registry2.itci.conjur.net/conjur-appliance-cuke-master:4.9-stable
-    security_opt:
-      - seccomp:unconfined
-    volumes:
-      - ./features_v4/support/policy.yml:/etc/policy.yml
-      - authn_local_4:/run/authn-local
-
-  tester_5:
-    build:
-        context: .
-        dockerfile: Dockerfile
-        args:
-          RUBY_VERSION: ${RUBY_VERSION}
-    volumes:
-      - ./spec/reports:/src/conjur-api/spec/reports
-      - ./features/reports:/src/conjur-api/features/reports
-      - ./coverage:/src/conjur-api/coverage
-      - authn_local_5:/run/authn-local-5
-    environment:
-      CONJUR_APPLIANCE_URL: http://conjur_5
-      CONJUR_VERSION: 5
-      CONJUR_ACCOUNT: cucumber
-
-  tester_4:
-    build:
-      context: .
-      dockerfile: Dockerfile
-      args:
-        RUBY_VERSION: ${RUBY_VERSION}
-    volumes:
-      - ./features_v4/reports:/src/conjur-api/features_v4/reports
-      - ./tmp/conjur.pem:/src/conjur-api/tmp/conjur.pem
-      - ./coverage_v4:/src/conjur-api/coverage
-      - authn_local_4:/run/authn-local-4
-    environment:
-      CONJUR_APPLIANCE_URL: https://conjur_4/api
-      CONJUR_VERSION: 4
-      CONJUR_ACCOUNT: cucumber
-
-  dev:
-    build:
-      context: .
-      dockerfile: Dockerfile
-      args:
-        RUBY_VERSION: ${RUBY_VERSION}
-    entrypoint: bash
-    volumes:
-      - .:/src/conjur-api
-      - authn_local_4:/run/authn-local-4
-      - authn_local_5:/run/authn-local-5
-    environment:
-      CONJUR_ACCOUNT: cucumber
-    depends_on:
-      - conjur_4
-      - conjur_5
-
-volumes:
-  authn_local_4:
-  authn_local_5:

data/example/demo_v4.rb

@@ -1,49 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'conjur-api'
-require 'securerandom'
-
-username = "admin"
-password = "secret"
-
-Conjur.configuration.appliance_url = "https://conjur_4/api"
-Conjur.configuration.account = "cucumber"
-Conjur.configuration.cert_file = "./tmp/conjur.pem"
-Conjur.configuration.version = 4
-Conjur.configuration.apply_cert_config!
-
-puts "Configured with Conjur version: #{Conjur.configuration.version}"
-puts
-
-api_key = Conjur::API.login username, password
-api = Conjur::API.new_from_key username, api_key
-
-db_password = SecureRandom.hex(12)
-puts "Populating variable 'db-password' = #{db_password.inspect}"
-api.resource("cucumber:variable:db-password").add_value db_password
-puts "Value added"
-puts
-
-puts "Creating host factory token for 'myapp'"
-expiration = Time.now + 1.day
-hf_token = api.resource("cucumber:host_factory:myapp").create_token expiration
-puts "Created: #{hf_token.token}"
-puts
-
-puts "Creating new host 'host-01' with host factory"
-host = Conjur::API.host_factory_create_host(hf_token, "host-01")
-puts "Created: #{host}"
-puts
-
-puts "Logging in as #{host.id}"
-host_api = Conjur::API.new_from_key "host/host-01", host.api_key
-puts "Logged in"
-puts
-
-
-puts "Fetching db-password as #{host.id}"
-value = host_api.resource("cucumber:variable:db-password").value
-puts value
-puts
-
-puts "Done!"

data/example/demo_v5.rb

@@ -1,57 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'conjur-api'
-require 'securerandom'
-
-username = "admin"
-
-arguments = ARGV.dup
-
-api_key = arguments.shift or raise "Usage: ./demo_v5 <admin-api-key>"
-
-Conjur.configuration.appliance_url = "http://conjur_5"
-Conjur.configuration.account = "cucumber"
-# This is the default
-# Conjur.configuration.version = 5
-
-puts "Configured with Conjur version: #{Conjur.configuration.version}"
-puts
-
-api = Conjur::API.new_from_key username, api_key
-
-policy = File.read("features_v4/support/policy.yml")
-
-puts "Loading policy 'root'"
-policy_result = api.load_policy "root", policy
-puts "Loaded: #{policy_result}"
-puts
-
-db_password = SecureRandom.hex(12)
-puts "Populating variable 'db-password' = #{db_password.inspect}"
-api.resource("cucumber:variable:db-password").add_value db_password
-puts "Value added"
-puts
-
-puts "Creating host factory token for 'myapp'"
-expiration = Time.now + 1.day
-hf_token = api.resource("cucumber:host_factory:myapp").create_token expiration
-puts "Created: #{hf_token.token}"
-puts
-
-puts "Creating new host 'host-01' with host factory"
-host = Conjur::API.host_factory_create_host(hf_token, "host-01")
-puts "Created: #{host}"
-puts
-
-puts "Logging in as #{host.id}"
-host_api = Conjur::API.new_from_key "host/host-01", host.api_key
-puts "Logged in"
-puts
-
-
-puts "Fetching db-password as #{host.id}"
-value = host_api.resource("cucumber:variable:db-password").value
-puts value
-puts
-
-puts "Done!"

data/features/authenticators.feature

@@ -1,33 +0,0 @@
-Feature: List and manage authenticators
-
-  Background:
-    Given I run the code:
-    """
-    $conjur.load_policy 'root', <<-POLICY
-    - !webservice conjur/authn-k8s/my-auth
-    POLICY
-    """
-
-  Scenario: Authenticator list includes the authenticator status
-    When I run the code:
-    """
-    $conjur.authenticator_list
-    """
-    Then the JSON should have "installed"
-    And the JSON should have "configured"
-    And the JSON should have "enabled"
-    And the JSON at "enabled" should be ["authn"]
-
-  Scenario: Enable and disable authenticator
-    When I run the code:
-    """
-    $conjur.authenticator_enable("authn-k8s", "my-auth")
-    $conjur.authenticator_list
-    """
-    Then the JSON at "enabled" should be ["authn", "authn-k8s/my-auth"]
-    When I run the code:
-    """
-    $conjur.authenticator_disable("authn-k8s", "my-auth")
-    $conjur.authenticator_list
-    """
-    Then the JSON at "enabled" should be ["authn"]

data/features/authn_local.feature

@@ -1,32 +0,0 @@
-Feature: When co-located with the Conjur server, the API can use the authn-local service to authenticate.
-
-  Scenario: authn-local can be used to obtain an access token.
-    When I run the code:
-    """
-    Conjur::API.authenticate_local "alice"
-    """
-    Then the JSON should have "payload"
-    And I run the code:
-    """
-    JSON.parse(Base64.decode64(@result['payload']))
-    """
-    Then the JSON should have "sub"
-    And the JSON should have "iat"
-
-  Scenario: Conjur API supports construction from authn-local.
-    When I run the code:
-    """
-    @api = Conjur::API.new_from_authn_local "alice"
-    @api.token
-    """
-    Then the JSON should have "payload"
-
-  Scenario: Conjur API will automatically refresh the token.
-    When I run the code:
-    """
-    @api = Conjur::API.new_from_authn_local "alice"
-    @api.token
-    @api.force_token_refresh
-    @api.token
-    """
-    Then the JSON should have "payload"

data/features/exists.feature

@@ -1,37 +0,0 @@
-Feature: Check if an object exists.
-
-  Background:
-    Given I run the code:
-    """
-    $conjur.load_policy 'root', <<-POLICY
-    - !group developers
-    POLICY
-    """
-
-  Scenario: A created group resource exists
-    When I run the code:
-    """
-    $conjur.resource('cucumber:group:developers').exists?
-    """
-    Then the result should be "true"
-
-  Scenario: An un-created resource doesn't exist
-    When I run the code:
-    """
-    $conjur.resource('cucumber:food:bacon').exists?
-    """
-    Then the result should be "false"
-
-  Scenario: A created group role exists
-    When I run the code:
-    """
-    $conjur.role('cucumber:group:developers').exists?
-    """
-    Then the result should be "true"
-
-  Scenario: An un-created role doesn't exist
-    When I run the code:
-    """
-    $conjur.role('cucumber:food:bacon').exists?
-    """
-    Then the result should be "false"

data/features/group.feature

@@ -1,11 +0,0 @@
-Feature: Display Group object fields.
-
-  Background:
-    Given a new group
-
-  Scenario: Group has a gidnumber.
-    Then I run the code:
-    """
-    @group.gidnumber
-    """
-    Then the result should be "1000"

data/features/host.feature

@@ -1,50 +0,0 @@
-Feature: Host object
-
-  Scenario: API key of a newly created host is available and valid
-    Given a new host
-    Then I can run the code:
-    """
-    expect(@host.exists?).to be(true)
-    expect(@host.api_key).to be
-    Conjur::API.new_from_key(@host.login, @host.api_key).token
-    """
-
-  # Rotation of own API key should be done via `Conjur::API.rotate_api_key()`
-  Scenario: Host's own API key cannot be rotated with an API key
-    Given a new host
-    Then this code should fail with "You cannot rotate your own API key via this method"
-    """
-    host = Conjur::API.new_from_key(@host.login, @host.api_key).resource(@host.id)
-    host.rotate_api_key
-    """
-
-  # Rotation of own API key should be done via `Conjur::API.rotate_api_key()`
-  Scenario: Host's own API key cannot be rotated with a token
-    Given a new host
-    Then this code should fail with "You cannot rotate your own API key via this method"
-    """
-    token = Conjur::API.new_from_key(@host.login, @host.api_key).token
-
-    host = Conjur::API.new_from_token(token).resource(@host.id)
-    host.rotate_api_key
-    """
-
-  Scenario: Delegated host's API key can be rotated with an API key
-    Given a new delegated host
-    Then I can run the code:
-    """
-    delegated_host_resource = Conjur::API.new_from_key(@host_owner.login, @host_owner_api_key).resource(@host.id)
-    api_key = delegated_host_resource.rotate_api_key
-    Conjur::API.new_from_key(delegated_host_resource.login, api_key).token
-    """
-
-  Scenario: Delegated host's API key can be rotated with a token
-    Given a new delegated host
-    Then I can run the code:
-    """
-    token = Conjur::API.new_from_key(@host_owner.login, @host_owner_api_key).token
-
-    delegated_host_resource = Conjur::API.new_from_token(token).resource(@host.id)
-    api_key = delegated_host_resource.rotate_api_key
-    Conjur::API.new_from_key(delegated_host_resource.login, api_key).token
-    """

data/features/host_factory_create_host.feature

@@ -1,28 +0,0 @@
-Feature: Create a host using a host factory token.
-
-  Background:
-    Given I run the code:
-    """
-    $conjur.load_policy 'root', <<-POLICY
-    - !policy
-      id: myapp
-      body:
-      - !layer
-
-      - !host-factory
-        layers: [ !layer ]
-    POLICY
-    @expiration = (DateTime.now + 1.hour).change(sec: 0)
-    @host_factory = $conjur.resource('cucumber:host_factory:myapp')
-    @token = @host_factory.create_token @expiration
-    """
-
-  Scenario: I can create a host from the token
-    When I run the code:
-    """
-    Conjur::API.host_factory_create_host(@token.token, "app-01")
-    """
-    Then the JSON should have "id"
-    And the JSON should have "permissions"
-    And the JSON should have "owner"
-    And the JSON should have "api_key"

data/features/host_factory_token.feature

@@ -1,63 +0,0 @@
-Feature: Working with host factory tokens.
-
-  Background:
-    Given I run the code:
-    """
-    $conjur.load_policy 'root', <<-POLICY
-    - !policy
-      id: myapp
-      body:
-      - !layer
-
-      - !host-factory
-        layers: [ !layer ]
-    POLICY
-    @expiration = (DateTime.now + 1.hour).change(sec: 0)
-    @host_factory = $conjur.resource('cucumber:host_factory:myapp')
-    """
-
-  @wip
-  Scenario: Create a new host factory token.
-    When I run the code:
-    """
-    @token = @host_factory.create_token @expiration
-    """
-    Then I can run the code:
-    """
-    expect(@token).to be_instance_of(Conjur::HostFactoryToken)
-    expect(@token.token).to be_instance_of(String)
-    expiration = @token.expiration
-    expiration = expiration.change(sec: 0)
-    expect(expiration).to eq(@expiration)
-    """
-    And I can run the code:
-    """
-    expect(@host_factory.tokens).to eq([@token])
-    """
-
-  Scenario: Create multiple new host factory tokens.
-    When I run the code:
-    """
-    @host_factory.create_tokens @expiration, count: 2
-    """
-    Then the JSON should have 2 items
-
-  Scenario: Revoke a host factory token using the token object.
-    When I run the code:
-    """
-    @token = @host_factory.create_token @expiration
-    """
-    Then I can run the code:
-    """
-    @token.revoke
-    """
-
-  Scenario: Revoke a host factory token using the API.
-    When I run the code:
-    """
-    @token = @host_factory.create_token @expiration
-    """
-    Then I can run the code:
-    """
-    $conjur.revoke_host_factory_token @token.token
-    """

data/features/load_policy.feature

@@ -1,61 +0,0 @@
-Feature: Load a policy.
-
-  Scenario: Policy can be loaded into a policy id.
-    Then I can run the code:
-    """
-    policy = <<-POLICY
-    - !group security_admin
-
-    - !policy
-      id: myapp
-      body:
-      - !layer
-
-      - !host-factory
-        layers: [ !layer ]
-
-    - !host app-01
-
-    - !grant
-      role: !layer myapp
-      member: !host app-01
-    POLICY
-
-    $conjur.load_policy 'root', policy
-    """
-
-  Scenario: The policy load reports the API keys of created roles.
-    Then I can run the code:
-    """
-    $conjur.load_policy 'root', <<-POLICY
-    - !host app-#{random_hex}
-    POLICY
-    """
-    Then the JSON should have "version"
-    And the JSON should have "created_roles"
-    And the JSON at "created_roles" should have 1 item
-
-  Scenario: Policy contents can be replaced using POLICY_METHOD_PUT.
-    Given I run the code:
-    """
-    $conjur.load_policy 'root', <<-POLICY
-    - !group developers
-    - !group operations
-    POLICY
-    """
-    And I run the code:
-    """
-    $conjur.load_policy 'root', <<-POLICY, method: Conjur::API::POLICY_METHOD_PUT
-    --- []
-    POLICY
-    """
-    And I run the code:
-    """
-    $conjur.resources.map(&:id)
-    """
-    Then the JSON should be:
-    """
-    [
-      "cucumber:policy:root"
-    ]
-    """