conjur-api 5.3.7 → 5.3.8.pre.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- metadata +23 -193
- data/.codeclimate.yml +0 -10
- data/.dockerignore +0 -1
- data/.github/CODEOWNERS +0 -10
- data/.gitignore +0 -32
- data/.gitleaks.toml +0 -219
- data/.overcommit.yml +0 -16
- data/.project +0 -18
- data/.rubocop.yml +0 -3
- data/.rubocop_settings.yml +0 -86
- data/.rubocop_todo.yml +0 -709
- data/.yardopts +0 -1
- data/CHANGELOG.md +0 -433
- data/CONTRIBUTING.md +0 -141
- data/Dockerfile +0 -16
- data/Gemfile +0 -7
- data/Jenkinsfile +0 -168
- data/LICENSE +0 -202
- data/README.md +0 -162
- data/Rakefile +0 -47
- data/SECURITY.md +0 -42
- data/bin/parse-changelog.sh +0 -12
- data/ci/configure_v4.sh +0 -12
- data/ci/configure_v5.sh +0 -14
- data/ci/submit-coverage +0 -36
- data/conjur-api.gemspec +0 -40
- data/dev/Dockerfile.dev +0 -12
- data/dev/docker-compose.yml +0 -56
- data/dev/start +0 -22
- data/dev/stop +0 -5
- data/docker-compose.yml +0 -76
- data/example/demo_v4.rb +0 -49
- data/example/demo_v5.rb +0 -57
- data/features/authenticators.feature +0 -33
- data/features/authn_local.feature +0 -32
- data/features/exists.feature +0 -37
- data/features/group.feature +0 -11
- data/features/host.feature +0 -50
- data/features/host_factory_create_host.feature +0 -28
- data/features/host_factory_token.feature +0 -63
- data/features/load_policy.feature +0 -61
- data/features/members.feature +0 -51
- data/features/new_api.feature +0 -36
- data/features/permitted.feature +0 -70
- data/features/permitted_roles.feature +0 -30
- data/features/public_keys.feature +0 -11
- data/features/resource_fields.feature +0 -53
- data/features/role_fields.feature +0 -15
- data/features/rotate_api_key.feature +0 -13
- data/features/step_definitions/api_steps.rb +0 -18
- data/features/step_definitions/policy_steps.rb +0 -75
- data/features/step_definitions/result_steps.rb +0 -7
- data/features/support/env.rb +0 -18
- data/features/support/hooks.rb +0 -3
- data/features/support/world.rb +0 -12
- data/features/update_password.feature +0 -14
- data/features/user.feature +0 -58
- data/features/variable_fields.feature +0 -20
- data/features/variable_value.feature +0 -60
- data/features_v4/authn_local.feature +0 -27
- data/features_v4/exists.feature +0 -29
- data/features_v4/host.feature +0 -18
- data/features_v4/host_factory_token.feature +0 -49
- data/features_v4/members.feature +0 -39
- data/features_v4/permitted.feature +0 -15
- data/features_v4/permitted_roles.feature +0 -8
- data/features_v4/resource_fields.feature +0 -47
- data/features_v4/rotate_api_key.feature +0 -13
- data/features_v4/step_definitions/api_steps.rb +0 -17
- data/features_v4/step_definitions/result_steps.rb +0 -3
- data/features_v4/support/env.rb +0 -23
- data/features_v4/support/policy.yml +0 -34
- data/features_v4/support/world.rb +0 -12
- data/features_v4/variable_fields.feature +0 -11
- data/features_v4/variable_value.feature +0 -54
- data/lib/conjur/acts_as_resource.rb +0 -123
- data/lib/conjur/acts_as_role.rb +0 -142
- data/lib/conjur/acts_as_rolsource.rb +0 -32
- data/lib/conjur/acts_as_user.rb +0 -68
- data/lib/conjur/api/authenticators.rb +0 -35
- data/lib/conjur/api/authn.rb +0 -125
- data/lib/conjur/api/host_factories.rb +0 -71
- data/lib/conjur/api/ldap_sync.rb +0 -38
- data/lib/conjur/api/policies.rb +0 -56
- data/lib/conjur/api/pubkeys.rb +0 -53
- data/lib/conjur/api/resources.rb +0 -109
- data/lib/conjur/api/roles.rb +0 -98
- data/lib/conjur/api/router/v4.rb +0 -206
- data/lib/conjur/api/router/v5.rb +0 -248
- data/lib/conjur/api/variables.rb +0 -59
- data/lib/conjur/api.rb +0 -105
- data/lib/conjur/base.rb +0 -355
- data/lib/conjur/base_object.rb +0 -57
- data/lib/conjur/build_object.rb +0 -47
- data/lib/conjur/cache.rb +0 -26
- data/lib/conjur/cert_utils.rb +0 -63
- data/lib/conjur/cidr.rb +0 -71
- data/lib/conjur/configuration.rb +0 -460
- data/lib/conjur/escape.rb +0 -129
- data/lib/conjur/exceptions.rb +0 -4
- data/lib/conjur/group.rb +0 -41
- data/lib/conjur/has_attributes.rb +0 -98
- data/lib/conjur/host.rb +0 -27
- data/lib/conjur/host_factory.rb +0 -75
- data/lib/conjur/host_factory_token.rb +0 -78
- data/lib/conjur/id.rb +0 -71
- data/lib/conjur/layer.rb +0 -9
- data/lib/conjur/log.rb +0 -72
- data/lib/conjur/log_source.rb +0 -60
- data/lib/conjur/policy.rb +0 -34
- data/lib/conjur/policy_load_result.rb +0 -61
- data/lib/conjur/query_string.rb +0 -12
- data/lib/conjur/resource.rb +0 -29
- data/lib/conjur/role.rb +0 -29
- data/lib/conjur/role_grant.rb +0 -85
- data/lib/conjur/routing.rb +0 -29
- data/lib/conjur/user.rb +0 -40
- data/lib/conjur/variable.rb +0 -208
- data/lib/conjur/webservice.rb +0 -30
- data/lib/conjur-api/version.rb +0 -24
- data/lib/conjur-api.rb +0 -2
- data/publish.sh +0 -5
- data/spec/api/host_factories_spec.rb +0 -34
- data/spec/api_spec.rb +0 -254
- data/spec/base_object_spec.rb +0 -13
- data/spec/cert_utils_spec.rb +0 -173
- data/spec/cidr_spec.rb +0 -34
- data/spec/configuration_spec.rb +0 -330
- data/spec/has_attributes_spec.rb +0 -63
- data/spec/helpers/errors_matcher.rb +0 -34
- data/spec/helpers/request_helpers.rb +0 -10
- data/spec/id_spec.rb +0 -29
- data/spec/ldap_sync_spec.rb +0 -21
- data/spec/log_source_spec.rb +0 -13
- data/spec/log_spec.rb +0 -42
- data/spec/roles_spec.rb +0 -24
- data/spec/spec_helper.rb +0 -113
- data/spec/ssl_spec.rb +0 -109
- data/spec/uri_escape_spec.rb +0 -21
- data/test.sh +0 -73
- data/tmp/.keep +0 -0
data/ci/submit-coverage
DELETED
@@ -1,36 +0,0 @@
|
|
1
|
-
#!/bin/bash
|
2
|
-
|
3
|
-
set -eux
|
4
|
-
|
5
|
-
DIR="coverage"
|
6
|
-
BIN="cc-test-reporter"
|
7
|
-
REPORT="${DIR}/.resultset.json"
|
8
|
-
|
9
|
-
if [[ ! -e ${REPORT} ]]; then
|
10
|
-
echo "SimpleCov report (${REPORT}) not found"
|
11
|
-
ls -laR ${DIR}
|
12
|
-
exit 1
|
13
|
-
fi
|
14
|
-
|
15
|
-
if [[ ! -x ${BIN} ]]; then
|
16
|
-
echo "cc-test-reporter binary not found, not reporting coverage data to code climate"
|
17
|
-
ls -laR ${DIR}
|
18
|
-
# report is present but reporter binary is not, definitely a bug, exit error.
|
19
|
-
exit 1
|
20
|
-
fi
|
21
|
-
|
22
|
-
# Simplecov excludes files not within the current repo, it also needs to
|
23
|
-
# be able to read all the files referenced within the report. As the reports
|
24
|
-
# are generated in containers, the absolute paths contained in the report
|
25
|
-
# are not valid outside that container. This sed fixes the paths
|
26
|
-
# So they are correct relative to the Jenkins workspace.
|
27
|
-
sed -i -E "s+/src/conjur-api+${WORKSPACE}+g" "${REPORT}"
|
28
|
-
|
29
|
-
echo "Coverage reports prepared, submitting to CodeClimate."
|
30
|
-
# vars GIT_COMMIT, GIT_BRANCH & TRID are set by ccCoverage.dockerPrep
|
31
|
-
|
32
|
-
./${BIN} after-build \
|
33
|
-
--coverage-input-type "simplecov"\
|
34
|
-
--id "${TRID}"
|
35
|
-
|
36
|
-
echo "Successfully Reported Coverage Data"
|
data/conjur-api.gemspec
DELETED
@@ -1,40 +0,0 @@
|
|
1
|
-
# -*- encoding: utf-8 -*-
|
2
|
-
require File.expand_path('../lib/conjur-api/version', __FILE__)
|
3
|
-
|
4
|
-
Gem::Specification.new do |gem|
|
5
|
-
gem.authors = ["CyberArk Maintainers"]
|
6
|
-
gem.email = ["conj_maintainers@cyberark.com"]
|
7
|
-
gem.description = %q{Conjur API}
|
8
|
-
gem.summary = %q{Conjur API}
|
9
|
-
gem.homepage = "https://github.com/cyberark/conjur-api-ruby/"
|
10
|
-
gem.license = "Apache-2.0"
|
11
|
-
|
12
|
-
gem.files = `git ls-files`.split($\).append("VERSION") + Dir['build_number']
|
13
|
-
gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
|
14
|
-
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
15
|
-
gem.name = "conjur-api"
|
16
|
-
gem.require_paths = ["lib"]
|
17
|
-
gem.version = Conjur::API::VERSION
|
18
|
-
|
19
|
-
gem.required_ruby_version = '>= 1.9'
|
20
|
-
|
21
|
-
# Filter out development only executables
|
22
|
-
gem.executables -= %w{parse-changelog.sh}
|
23
|
-
|
24
|
-
gem.add_dependency 'rest-client'
|
25
|
-
gem.add_dependency 'activesupport', '>= 4.2'
|
26
|
-
gem.add_dependency 'addressable', '~> 2.0'
|
27
|
-
|
28
|
-
gem.add_development_dependency 'rake', '>= 12.3.3'
|
29
|
-
gem.add_development_dependency 'rspec', '~> 3'
|
30
|
-
gem.add_development_dependency 'rspec-expectations', '~> 3.4'
|
31
|
-
gem.add_development_dependency 'json_spec'
|
32
|
-
gem.add_development_dependency 'cucumber', '~> 2.99'
|
33
|
-
gem.add_development_dependency 'ci_reporter_rspec'
|
34
|
-
gem.add_development_dependency 'simplecov', '~> 0.17', '< 0.18'
|
35
|
-
gem.add_development_dependency 'io-grab'
|
36
|
-
gem.add_development_dependency 'rdoc'
|
37
|
-
gem.add_development_dependency 'yard'
|
38
|
-
gem.add_development_dependency 'fakefs'
|
39
|
-
gem.add_development_dependency 'pry-byebug'
|
40
|
-
end
|
data/dev/Dockerfile.dev
DELETED
data/dev/docker-compose.yml
DELETED
@@ -1,56 +0,0 @@
|
|
1
|
-
version: '3'
|
2
|
-
services:
|
3
|
-
pg:
|
4
|
-
image: postgres:9.3
|
5
|
-
|
6
|
-
conjur_5:
|
7
|
-
image: cyberark/conjur
|
8
|
-
command: server -a cucumber
|
9
|
-
environment:
|
10
|
-
DATABASE_URL: postgres://postgres@pg/postgres
|
11
|
-
CONJUR_DATA_KEY: 'WMfApcDBtocRWV+ZSUP3Tjr5XNU+Z2FdBb6BEezejIs='
|
12
|
-
volumes:
|
13
|
-
- authn_local_5:/run/authn-local
|
14
|
-
depends_on:
|
15
|
-
- pg
|
16
|
-
|
17
|
-
conjur_4:
|
18
|
-
image: registry2.itci.conjur.net/conjur-appliance-cuke-master:4.9-stable
|
19
|
-
security_opt:
|
20
|
-
- seccomp:unconfined
|
21
|
-
volumes:
|
22
|
-
- ../features_v4/support/policy.yml:/etc/policy.yml
|
23
|
-
- authn_local_4:/run/authn-local
|
24
|
-
|
25
|
-
gem:
|
26
|
-
build:
|
27
|
-
context: ../
|
28
|
-
dockerfile: dev/Dockerfile.dev
|
29
|
-
entrypoint: sleep
|
30
|
-
command: infinity
|
31
|
-
environment:
|
32
|
-
CONJUR_APPLIANCE_URL: http://conjur_5
|
33
|
-
CONJUR_VERSION: 5
|
34
|
-
CONJUR_ACCOUNT: cucumber
|
35
|
-
links:
|
36
|
-
- conjur_5:conjur_5
|
37
|
-
- conjur_4:conjur_4
|
38
|
-
volumes:
|
39
|
-
- ..:/src/conjur-api
|
40
|
-
- authn_local_4:/run/authn-local-4
|
41
|
-
- authn_local_5:/run/authn-local-5
|
42
|
-
|
43
|
-
client:
|
44
|
-
image: conjurinc/cli5
|
45
|
-
entrypoint: sleep
|
46
|
-
command: infinity
|
47
|
-
environment:
|
48
|
-
CONJUR_APPLIANCE_URL: http://conjur_5
|
49
|
-
CONJUR_ACCOUNT: cucumber
|
50
|
-
CONJUR_AUTHN_LOGIN: admin
|
51
|
-
links:
|
52
|
-
- conjur_5:conjur_5
|
53
|
-
|
54
|
-
volumes:
|
55
|
-
authn_local_5:
|
56
|
-
authn_local_4:
|
data/dev/start
DELETED
@@ -1,22 +0,0 @@
|
|
1
|
-
#!/bin/bash -ex
|
2
|
-
|
3
|
-
function v5_development() {
|
4
|
-
docker-compose up -d --no-deps conjur_5 pg gem client
|
5
|
-
|
6
|
-
docker-compose exec -T conjur_5 conjurctl wait
|
7
|
-
|
8
|
-
local api_key=$(docker-compose exec -T conjur_5 rake 'role:retrieve-key[cucumber:user:admin]')
|
9
|
-
api_key=$(docker-compose exec -T conjur_5 conjurctl role retrieve-key cucumber:user:admin | tr -d '\r')
|
10
|
-
|
11
|
-
docker exec -e CONJUR_AUTHN_API_KEY="$api_key" -it --detach-keys 'ctrl-\' $(docker-compose ps -q gem) bash
|
12
|
-
}
|
13
|
-
|
14
|
-
# Set up VERSION file for local development
|
15
|
-
if [ ! -f "../VERSION" ]; then
|
16
|
-
echo -n "0.0.dev" > ../VERSION
|
17
|
-
fi
|
18
|
-
|
19
|
-
docker-compose pull
|
20
|
-
docker-compose build
|
21
|
-
|
22
|
-
v5_development
|
data/dev/stop
DELETED
data/docker-compose.yml
DELETED
@@ -1,76 +0,0 @@
|
|
1
|
-
version: '2.1'
|
2
|
-
services:
|
3
|
-
pg:
|
4
|
-
image: postgres:9.3
|
5
|
-
|
6
|
-
conjur_5:
|
7
|
-
image: cyberark/conjur
|
8
|
-
command: server -a cucumber
|
9
|
-
environment:
|
10
|
-
DATABASE_URL: postgres://postgres@pg/postgres
|
11
|
-
CONJUR_DATA_KEY: 'WMfApcDBtocRWV+ZSUP3Tjr5XNU+Z2FdBb6BEezejIs='
|
12
|
-
volumes:
|
13
|
-
- authn_local_5:/run/authn-local
|
14
|
-
depends_on:
|
15
|
-
- pg
|
16
|
-
|
17
|
-
conjur_4:
|
18
|
-
image: registry2.itci.conjur.net/conjur-appliance-cuke-master:4.9-stable
|
19
|
-
security_opt:
|
20
|
-
- seccomp:unconfined
|
21
|
-
volumes:
|
22
|
-
- ./features_v4/support/policy.yml:/etc/policy.yml
|
23
|
-
- authn_local_4:/run/authn-local
|
24
|
-
|
25
|
-
tester_5:
|
26
|
-
build:
|
27
|
-
context: .
|
28
|
-
dockerfile: Dockerfile
|
29
|
-
args:
|
30
|
-
RUBY_VERSION: ${RUBY_VERSION}
|
31
|
-
volumes:
|
32
|
-
- ./spec/reports:/src/conjur-api/spec/reports
|
33
|
-
- ./features/reports:/src/conjur-api/features/reports
|
34
|
-
- ./coverage:/src/conjur-api/coverage
|
35
|
-
- authn_local_5:/run/authn-local-5
|
36
|
-
environment:
|
37
|
-
CONJUR_APPLIANCE_URL: http://conjur_5
|
38
|
-
CONJUR_VERSION: 5
|
39
|
-
CONJUR_ACCOUNT: cucumber
|
40
|
-
|
41
|
-
tester_4:
|
42
|
-
build:
|
43
|
-
context: .
|
44
|
-
dockerfile: Dockerfile
|
45
|
-
args:
|
46
|
-
RUBY_VERSION: ${RUBY_VERSION}
|
47
|
-
volumes:
|
48
|
-
- ./features_v4/reports:/src/conjur-api/features_v4/reports
|
49
|
-
- ./tmp/conjur.pem:/src/conjur-api/tmp/conjur.pem
|
50
|
-
- ./coverage_v4:/src/conjur-api/coverage
|
51
|
-
- authn_local_4:/run/authn-local-4
|
52
|
-
environment:
|
53
|
-
CONJUR_APPLIANCE_URL: https://conjur_4/api
|
54
|
-
CONJUR_VERSION: 4
|
55
|
-
CONJUR_ACCOUNT: cucumber
|
56
|
-
|
57
|
-
dev:
|
58
|
-
build:
|
59
|
-
context: .
|
60
|
-
dockerfile: Dockerfile
|
61
|
-
args:
|
62
|
-
RUBY_VERSION: ${RUBY_VERSION}
|
63
|
-
entrypoint: bash
|
64
|
-
volumes:
|
65
|
-
- .:/src/conjur-api
|
66
|
-
- authn_local_4:/run/authn-local-4
|
67
|
-
- authn_local_5:/run/authn-local-5
|
68
|
-
environment:
|
69
|
-
CONJUR_ACCOUNT: cucumber
|
70
|
-
depends_on:
|
71
|
-
- conjur_4
|
72
|
-
- conjur_5
|
73
|
-
|
74
|
-
volumes:
|
75
|
-
authn_local_4:
|
76
|
-
authn_local_5:
|
data/example/demo_v4.rb
DELETED
@@ -1,49 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
|
3
|
-
require 'conjur-api'
|
4
|
-
require 'securerandom'
|
5
|
-
|
6
|
-
username = "admin"
|
7
|
-
password = "secret"
|
8
|
-
|
9
|
-
Conjur.configuration.appliance_url = "https://conjur_4/api"
|
10
|
-
Conjur.configuration.account = "cucumber"
|
11
|
-
Conjur.configuration.cert_file = "./tmp/conjur.pem"
|
12
|
-
Conjur.configuration.version = 4
|
13
|
-
Conjur.configuration.apply_cert_config!
|
14
|
-
|
15
|
-
puts "Configured with Conjur version: #{Conjur.configuration.version}"
|
16
|
-
puts
|
17
|
-
|
18
|
-
api_key = Conjur::API.login username, password
|
19
|
-
api = Conjur::API.new_from_key username, api_key
|
20
|
-
|
21
|
-
db_password = SecureRandom.hex(12)
|
22
|
-
puts "Populating variable 'db-password' = #{db_password.inspect}"
|
23
|
-
api.resource("cucumber:variable:db-password").add_value db_password
|
24
|
-
puts "Value added"
|
25
|
-
puts
|
26
|
-
|
27
|
-
puts "Creating host factory token for 'myapp'"
|
28
|
-
expiration = Time.now + 1.day
|
29
|
-
hf_token = api.resource("cucumber:host_factory:myapp").create_token expiration
|
30
|
-
puts "Created: #{hf_token.token}"
|
31
|
-
puts
|
32
|
-
|
33
|
-
puts "Creating new host 'host-01' with host factory"
|
34
|
-
host = Conjur::API.host_factory_create_host(hf_token, "host-01")
|
35
|
-
puts "Created: #{host}"
|
36
|
-
puts
|
37
|
-
|
38
|
-
puts "Logging in as #{host.id}"
|
39
|
-
host_api = Conjur::API.new_from_key "host/host-01", host.api_key
|
40
|
-
puts "Logged in"
|
41
|
-
puts
|
42
|
-
|
43
|
-
|
44
|
-
puts "Fetching db-password as #{host.id}"
|
45
|
-
value = host_api.resource("cucumber:variable:db-password").value
|
46
|
-
puts value
|
47
|
-
puts
|
48
|
-
|
49
|
-
puts "Done!"
|
data/example/demo_v5.rb
DELETED
@@ -1,57 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
|
3
|
-
require 'conjur-api'
|
4
|
-
require 'securerandom'
|
5
|
-
|
6
|
-
username = "admin"
|
7
|
-
|
8
|
-
arguments = ARGV.dup
|
9
|
-
|
10
|
-
api_key = arguments.shift or raise "Usage: ./demo_v5 <admin-api-key>"
|
11
|
-
|
12
|
-
Conjur.configuration.appliance_url = "http://conjur_5"
|
13
|
-
Conjur.configuration.account = "cucumber"
|
14
|
-
# This is the default
|
15
|
-
# Conjur.configuration.version = 5
|
16
|
-
|
17
|
-
puts "Configured with Conjur version: #{Conjur.configuration.version}"
|
18
|
-
puts
|
19
|
-
|
20
|
-
api = Conjur::API.new_from_key username, api_key
|
21
|
-
|
22
|
-
policy = File.read("features_v4/support/policy.yml")
|
23
|
-
|
24
|
-
puts "Loading policy 'root'"
|
25
|
-
policy_result = api.load_policy "root", policy
|
26
|
-
puts "Loaded: #{policy_result}"
|
27
|
-
puts
|
28
|
-
|
29
|
-
db_password = SecureRandom.hex(12)
|
30
|
-
puts "Populating variable 'db-password' = #{db_password.inspect}"
|
31
|
-
api.resource("cucumber:variable:db-password").add_value db_password
|
32
|
-
puts "Value added"
|
33
|
-
puts
|
34
|
-
|
35
|
-
puts "Creating host factory token for 'myapp'"
|
36
|
-
expiration = Time.now + 1.day
|
37
|
-
hf_token = api.resource("cucumber:host_factory:myapp").create_token expiration
|
38
|
-
puts "Created: #{hf_token.token}"
|
39
|
-
puts
|
40
|
-
|
41
|
-
puts "Creating new host 'host-01' with host factory"
|
42
|
-
host = Conjur::API.host_factory_create_host(hf_token, "host-01")
|
43
|
-
puts "Created: #{host}"
|
44
|
-
puts
|
45
|
-
|
46
|
-
puts "Logging in as #{host.id}"
|
47
|
-
host_api = Conjur::API.new_from_key "host/host-01", host.api_key
|
48
|
-
puts "Logged in"
|
49
|
-
puts
|
50
|
-
|
51
|
-
|
52
|
-
puts "Fetching db-password as #{host.id}"
|
53
|
-
value = host_api.resource("cucumber:variable:db-password").value
|
54
|
-
puts value
|
55
|
-
puts
|
56
|
-
|
57
|
-
puts "Done!"
|
@@ -1,33 +0,0 @@
|
|
1
|
-
Feature: List and manage authenticators
|
2
|
-
|
3
|
-
Background:
|
4
|
-
Given I run the code:
|
5
|
-
"""
|
6
|
-
$conjur.load_policy 'root', <<-POLICY
|
7
|
-
- !webservice conjur/authn-k8s/my-auth
|
8
|
-
POLICY
|
9
|
-
"""
|
10
|
-
|
11
|
-
Scenario: Authenticator list includes the authenticator status
|
12
|
-
When I run the code:
|
13
|
-
"""
|
14
|
-
$conjur.authenticator_list
|
15
|
-
"""
|
16
|
-
Then the JSON should have "installed"
|
17
|
-
And the JSON should have "configured"
|
18
|
-
And the JSON should have "enabled"
|
19
|
-
And the JSON at "enabled" should be ["authn"]
|
20
|
-
|
21
|
-
Scenario: Enable and disable authenticator
|
22
|
-
When I run the code:
|
23
|
-
"""
|
24
|
-
$conjur.authenticator_enable("authn-k8s", "my-auth")
|
25
|
-
$conjur.authenticator_list
|
26
|
-
"""
|
27
|
-
Then the JSON at "enabled" should be ["authn", "authn-k8s/my-auth"]
|
28
|
-
When I run the code:
|
29
|
-
"""
|
30
|
-
$conjur.authenticator_disable("authn-k8s", "my-auth")
|
31
|
-
$conjur.authenticator_list
|
32
|
-
"""
|
33
|
-
Then the JSON at "enabled" should be ["authn"]
|
@@ -1,32 +0,0 @@
|
|
1
|
-
Feature: When co-located with the Conjur server, the API can use the authn-local service to authenticate.
|
2
|
-
|
3
|
-
Scenario: authn-local can be used to obtain an access token.
|
4
|
-
When I run the code:
|
5
|
-
"""
|
6
|
-
Conjur::API.authenticate_local "alice"
|
7
|
-
"""
|
8
|
-
Then the JSON should have "payload"
|
9
|
-
And I run the code:
|
10
|
-
"""
|
11
|
-
JSON.parse(Base64.decode64(@result['payload']))
|
12
|
-
"""
|
13
|
-
Then the JSON should have "sub"
|
14
|
-
And the JSON should have "iat"
|
15
|
-
|
16
|
-
Scenario: Conjur API supports construction from authn-local.
|
17
|
-
When I run the code:
|
18
|
-
"""
|
19
|
-
@api = Conjur::API.new_from_authn_local "alice"
|
20
|
-
@api.token
|
21
|
-
"""
|
22
|
-
Then the JSON should have "payload"
|
23
|
-
|
24
|
-
Scenario: Conjur API will automatically refresh the token.
|
25
|
-
When I run the code:
|
26
|
-
"""
|
27
|
-
@api = Conjur::API.new_from_authn_local "alice"
|
28
|
-
@api.token
|
29
|
-
@api.force_token_refresh
|
30
|
-
@api.token
|
31
|
-
"""
|
32
|
-
Then the JSON should have "payload"
|
data/features/exists.feature
DELETED
@@ -1,37 +0,0 @@
|
|
1
|
-
Feature: Check if an object exists.
|
2
|
-
|
3
|
-
Background:
|
4
|
-
Given I run the code:
|
5
|
-
"""
|
6
|
-
$conjur.load_policy 'root', <<-POLICY
|
7
|
-
- !group developers
|
8
|
-
POLICY
|
9
|
-
"""
|
10
|
-
|
11
|
-
Scenario: A created group resource exists
|
12
|
-
When I run the code:
|
13
|
-
"""
|
14
|
-
$conjur.resource('cucumber:group:developers').exists?
|
15
|
-
"""
|
16
|
-
Then the result should be "true"
|
17
|
-
|
18
|
-
Scenario: An un-created resource doesn't exist
|
19
|
-
When I run the code:
|
20
|
-
"""
|
21
|
-
$conjur.resource('cucumber:food:bacon').exists?
|
22
|
-
"""
|
23
|
-
Then the result should be "false"
|
24
|
-
|
25
|
-
Scenario: A created group role exists
|
26
|
-
When I run the code:
|
27
|
-
"""
|
28
|
-
$conjur.role('cucumber:group:developers').exists?
|
29
|
-
"""
|
30
|
-
Then the result should be "true"
|
31
|
-
|
32
|
-
Scenario: An un-created role doesn't exist
|
33
|
-
When I run the code:
|
34
|
-
"""
|
35
|
-
$conjur.role('cucumber:food:bacon').exists?
|
36
|
-
"""
|
37
|
-
Then the result should be "false"
|
data/features/group.feature
DELETED
data/features/host.feature
DELETED
@@ -1,50 +0,0 @@
|
|
1
|
-
Feature: Host object
|
2
|
-
|
3
|
-
Scenario: API key of a newly created host is available and valid
|
4
|
-
Given a new host
|
5
|
-
Then I can run the code:
|
6
|
-
"""
|
7
|
-
expect(@host.exists?).to be(true)
|
8
|
-
expect(@host.api_key).to be
|
9
|
-
Conjur::API.new_from_key(@host.login, @host.api_key).token
|
10
|
-
"""
|
11
|
-
|
12
|
-
# Rotation of own API key should be done via `Conjur::API.rotate_api_key()`
|
13
|
-
Scenario: Host's own API key cannot be rotated with an API key
|
14
|
-
Given a new host
|
15
|
-
Then this code should fail with "You cannot rotate your own API key via this method"
|
16
|
-
"""
|
17
|
-
host = Conjur::API.new_from_key(@host.login, @host.api_key).resource(@host.id)
|
18
|
-
host.rotate_api_key
|
19
|
-
"""
|
20
|
-
|
21
|
-
# Rotation of own API key should be done via `Conjur::API.rotate_api_key()`
|
22
|
-
Scenario: Host's own API key cannot be rotated with a token
|
23
|
-
Given a new host
|
24
|
-
Then this code should fail with "You cannot rotate your own API key via this method"
|
25
|
-
"""
|
26
|
-
token = Conjur::API.new_from_key(@host.login, @host.api_key).token
|
27
|
-
|
28
|
-
host = Conjur::API.new_from_token(token).resource(@host.id)
|
29
|
-
host.rotate_api_key
|
30
|
-
"""
|
31
|
-
|
32
|
-
Scenario: Delegated host's API key can be rotated with an API key
|
33
|
-
Given a new delegated host
|
34
|
-
Then I can run the code:
|
35
|
-
"""
|
36
|
-
delegated_host_resource = Conjur::API.new_from_key(@host_owner.login, @host_owner_api_key).resource(@host.id)
|
37
|
-
api_key = delegated_host_resource.rotate_api_key
|
38
|
-
Conjur::API.new_from_key(delegated_host_resource.login, api_key).token
|
39
|
-
"""
|
40
|
-
|
41
|
-
Scenario: Delegated host's API key can be rotated with a token
|
42
|
-
Given a new delegated host
|
43
|
-
Then I can run the code:
|
44
|
-
"""
|
45
|
-
token = Conjur::API.new_from_key(@host_owner.login, @host_owner_api_key).token
|
46
|
-
|
47
|
-
delegated_host_resource = Conjur::API.new_from_token(token).resource(@host.id)
|
48
|
-
api_key = delegated_host_resource.rotate_api_key
|
49
|
-
Conjur::API.new_from_key(delegated_host_resource.login, api_key).token
|
50
|
-
"""
|
@@ -1,28 +0,0 @@
|
|
1
|
-
Feature: Create a host using a host factory token.
|
2
|
-
|
3
|
-
Background:
|
4
|
-
Given I run the code:
|
5
|
-
"""
|
6
|
-
$conjur.load_policy 'root', <<-POLICY
|
7
|
-
- !policy
|
8
|
-
id: myapp
|
9
|
-
body:
|
10
|
-
- !layer
|
11
|
-
|
12
|
-
- !host-factory
|
13
|
-
layers: [ !layer ]
|
14
|
-
POLICY
|
15
|
-
@expiration = (DateTime.now + 1.hour).change(sec: 0)
|
16
|
-
@host_factory = $conjur.resource('cucumber:host_factory:myapp')
|
17
|
-
@token = @host_factory.create_token @expiration
|
18
|
-
"""
|
19
|
-
|
20
|
-
Scenario: I can create a host from the token
|
21
|
-
When I run the code:
|
22
|
-
"""
|
23
|
-
Conjur::API.host_factory_create_host(@token.token, "app-01")
|
24
|
-
"""
|
25
|
-
Then the JSON should have "id"
|
26
|
-
And the JSON should have "permissions"
|
27
|
-
And the JSON should have "owner"
|
28
|
-
And the JSON should have "api_key"
|
@@ -1,63 +0,0 @@
|
|
1
|
-
Feature: Working with host factory tokens.
|
2
|
-
|
3
|
-
Background:
|
4
|
-
Given I run the code:
|
5
|
-
"""
|
6
|
-
$conjur.load_policy 'root', <<-POLICY
|
7
|
-
- !policy
|
8
|
-
id: myapp
|
9
|
-
body:
|
10
|
-
- !layer
|
11
|
-
|
12
|
-
- !host-factory
|
13
|
-
layers: [ !layer ]
|
14
|
-
POLICY
|
15
|
-
@expiration = (DateTime.now + 1.hour).change(sec: 0)
|
16
|
-
@host_factory = $conjur.resource('cucumber:host_factory:myapp')
|
17
|
-
"""
|
18
|
-
|
19
|
-
@wip
|
20
|
-
Scenario: Create a new host factory token.
|
21
|
-
When I run the code:
|
22
|
-
"""
|
23
|
-
@token = @host_factory.create_token @expiration
|
24
|
-
"""
|
25
|
-
Then I can run the code:
|
26
|
-
"""
|
27
|
-
expect(@token).to be_instance_of(Conjur::HostFactoryToken)
|
28
|
-
expect(@token.token).to be_instance_of(String)
|
29
|
-
expiration = @token.expiration
|
30
|
-
expiration = expiration.change(sec: 0)
|
31
|
-
expect(expiration).to eq(@expiration)
|
32
|
-
"""
|
33
|
-
And I can run the code:
|
34
|
-
"""
|
35
|
-
expect(@host_factory.tokens).to eq([@token])
|
36
|
-
"""
|
37
|
-
|
38
|
-
Scenario: Create multiple new host factory tokens.
|
39
|
-
When I run the code:
|
40
|
-
"""
|
41
|
-
@host_factory.create_tokens @expiration, count: 2
|
42
|
-
"""
|
43
|
-
Then the JSON should have 2 items
|
44
|
-
|
45
|
-
Scenario: Revoke a host factory token using the token object.
|
46
|
-
When I run the code:
|
47
|
-
"""
|
48
|
-
@token = @host_factory.create_token @expiration
|
49
|
-
"""
|
50
|
-
Then I can run the code:
|
51
|
-
"""
|
52
|
-
@token.revoke
|
53
|
-
"""
|
54
|
-
|
55
|
-
Scenario: Revoke a host factory token using the API.
|
56
|
-
When I run the code:
|
57
|
-
"""
|
58
|
-
@token = @host_factory.create_token @expiration
|
59
|
-
"""
|
60
|
-
Then I can run the code:
|
61
|
-
"""
|
62
|
-
$conjur.revoke_host_factory_token @token.token
|
63
|
-
"""
|
@@ -1,61 +0,0 @@
|
|
1
|
-
Feature: Load a policy.
|
2
|
-
|
3
|
-
Scenario: Policy can be loaded into a policy id.
|
4
|
-
Then I can run the code:
|
5
|
-
"""
|
6
|
-
policy = <<-POLICY
|
7
|
-
- !group security_admin
|
8
|
-
|
9
|
-
- !policy
|
10
|
-
id: myapp
|
11
|
-
body:
|
12
|
-
- !layer
|
13
|
-
|
14
|
-
- !host-factory
|
15
|
-
layers: [ !layer ]
|
16
|
-
|
17
|
-
- !host app-01
|
18
|
-
|
19
|
-
- !grant
|
20
|
-
role: !layer myapp
|
21
|
-
member: !host app-01
|
22
|
-
POLICY
|
23
|
-
|
24
|
-
$conjur.load_policy 'root', policy
|
25
|
-
"""
|
26
|
-
|
27
|
-
Scenario: The policy load reports the API keys of created roles.
|
28
|
-
Then I can run the code:
|
29
|
-
"""
|
30
|
-
$conjur.load_policy 'root', <<-POLICY
|
31
|
-
- !host app-#{random_hex}
|
32
|
-
POLICY
|
33
|
-
"""
|
34
|
-
Then the JSON should have "version"
|
35
|
-
And the JSON should have "created_roles"
|
36
|
-
And the JSON at "created_roles" should have 1 item
|
37
|
-
|
38
|
-
Scenario: Policy contents can be replaced using POLICY_METHOD_PUT.
|
39
|
-
Given I run the code:
|
40
|
-
"""
|
41
|
-
$conjur.load_policy 'root', <<-POLICY
|
42
|
-
- !group developers
|
43
|
-
- !group operations
|
44
|
-
POLICY
|
45
|
-
"""
|
46
|
-
And I run the code:
|
47
|
-
"""
|
48
|
-
$conjur.load_policy 'root', <<-POLICY, method: Conjur::API::POLICY_METHOD_PUT
|
49
|
-
--- []
|
50
|
-
POLICY
|
51
|
-
"""
|
52
|
-
And I run the code:
|
53
|
-
"""
|
54
|
-
$conjur.resources.map(&:id)
|
55
|
-
"""
|
56
|
-
Then the JSON should be:
|
57
|
-
"""
|
58
|
-
[
|
59
|
-
"cucumber:policy:root"
|
60
|
-
]
|
61
|
-
"""
|