conjur-api 5.3.7 → 5.3.8.pre.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- metadata +23 -193
- data/.codeclimate.yml +0 -10
- data/.dockerignore +0 -1
- data/.github/CODEOWNERS +0 -10
- data/.gitignore +0 -32
- data/.gitleaks.toml +0 -219
- data/.overcommit.yml +0 -16
- data/.project +0 -18
- data/.rubocop.yml +0 -3
- data/.rubocop_settings.yml +0 -86
- data/.rubocop_todo.yml +0 -709
- data/.yardopts +0 -1
- data/CHANGELOG.md +0 -433
- data/CONTRIBUTING.md +0 -141
- data/Dockerfile +0 -16
- data/Gemfile +0 -7
- data/Jenkinsfile +0 -168
- data/LICENSE +0 -202
- data/README.md +0 -162
- data/Rakefile +0 -47
- data/SECURITY.md +0 -42
- data/bin/parse-changelog.sh +0 -12
- data/ci/configure_v4.sh +0 -12
- data/ci/configure_v5.sh +0 -14
- data/ci/submit-coverage +0 -36
- data/conjur-api.gemspec +0 -40
- data/dev/Dockerfile.dev +0 -12
- data/dev/docker-compose.yml +0 -56
- data/dev/start +0 -22
- data/dev/stop +0 -5
- data/docker-compose.yml +0 -76
- data/example/demo_v4.rb +0 -49
- data/example/demo_v5.rb +0 -57
- data/features/authenticators.feature +0 -33
- data/features/authn_local.feature +0 -32
- data/features/exists.feature +0 -37
- data/features/group.feature +0 -11
- data/features/host.feature +0 -50
- data/features/host_factory_create_host.feature +0 -28
- data/features/host_factory_token.feature +0 -63
- data/features/load_policy.feature +0 -61
- data/features/members.feature +0 -51
- data/features/new_api.feature +0 -36
- data/features/permitted.feature +0 -70
- data/features/permitted_roles.feature +0 -30
- data/features/public_keys.feature +0 -11
- data/features/resource_fields.feature +0 -53
- data/features/role_fields.feature +0 -15
- data/features/rotate_api_key.feature +0 -13
- data/features/step_definitions/api_steps.rb +0 -18
- data/features/step_definitions/policy_steps.rb +0 -75
- data/features/step_definitions/result_steps.rb +0 -7
- data/features/support/env.rb +0 -18
- data/features/support/hooks.rb +0 -3
- data/features/support/world.rb +0 -12
- data/features/update_password.feature +0 -14
- data/features/user.feature +0 -58
- data/features/variable_fields.feature +0 -20
- data/features/variable_value.feature +0 -60
- data/features_v4/authn_local.feature +0 -27
- data/features_v4/exists.feature +0 -29
- data/features_v4/host.feature +0 -18
- data/features_v4/host_factory_token.feature +0 -49
- data/features_v4/members.feature +0 -39
- data/features_v4/permitted.feature +0 -15
- data/features_v4/permitted_roles.feature +0 -8
- data/features_v4/resource_fields.feature +0 -47
- data/features_v4/rotate_api_key.feature +0 -13
- data/features_v4/step_definitions/api_steps.rb +0 -17
- data/features_v4/step_definitions/result_steps.rb +0 -3
- data/features_v4/support/env.rb +0 -23
- data/features_v4/support/policy.yml +0 -34
- data/features_v4/support/world.rb +0 -12
- data/features_v4/variable_fields.feature +0 -11
- data/features_v4/variable_value.feature +0 -54
- data/lib/conjur/acts_as_resource.rb +0 -123
- data/lib/conjur/acts_as_role.rb +0 -142
- data/lib/conjur/acts_as_rolsource.rb +0 -32
- data/lib/conjur/acts_as_user.rb +0 -68
- data/lib/conjur/api/authenticators.rb +0 -35
- data/lib/conjur/api/authn.rb +0 -125
- data/lib/conjur/api/host_factories.rb +0 -71
- data/lib/conjur/api/ldap_sync.rb +0 -38
- data/lib/conjur/api/policies.rb +0 -56
- data/lib/conjur/api/pubkeys.rb +0 -53
- data/lib/conjur/api/resources.rb +0 -109
- data/lib/conjur/api/roles.rb +0 -98
- data/lib/conjur/api/router/v4.rb +0 -206
- data/lib/conjur/api/router/v5.rb +0 -248
- data/lib/conjur/api/variables.rb +0 -59
- data/lib/conjur/api.rb +0 -105
- data/lib/conjur/base.rb +0 -355
- data/lib/conjur/base_object.rb +0 -57
- data/lib/conjur/build_object.rb +0 -47
- data/lib/conjur/cache.rb +0 -26
- data/lib/conjur/cert_utils.rb +0 -63
- data/lib/conjur/cidr.rb +0 -71
- data/lib/conjur/configuration.rb +0 -460
- data/lib/conjur/escape.rb +0 -129
- data/lib/conjur/exceptions.rb +0 -4
- data/lib/conjur/group.rb +0 -41
- data/lib/conjur/has_attributes.rb +0 -98
- data/lib/conjur/host.rb +0 -27
- data/lib/conjur/host_factory.rb +0 -75
- data/lib/conjur/host_factory_token.rb +0 -78
- data/lib/conjur/id.rb +0 -71
- data/lib/conjur/layer.rb +0 -9
- data/lib/conjur/log.rb +0 -72
- data/lib/conjur/log_source.rb +0 -60
- data/lib/conjur/policy.rb +0 -34
- data/lib/conjur/policy_load_result.rb +0 -61
- data/lib/conjur/query_string.rb +0 -12
- data/lib/conjur/resource.rb +0 -29
- data/lib/conjur/role.rb +0 -29
- data/lib/conjur/role_grant.rb +0 -85
- data/lib/conjur/routing.rb +0 -29
- data/lib/conjur/user.rb +0 -40
- data/lib/conjur/variable.rb +0 -208
- data/lib/conjur/webservice.rb +0 -30
- data/lib/conjur-api/version.rb +0 -24
- data/lib/conjur-api.rb +0 -2
- data/publish.sh +0 -5
- data/spec/api/host_factories_spec.rb +0 -34
- data/spec/api_spec.rb +0 -254
- data/spec/base_object_spec.rb +0 -13
- data/spec/cert_utils_spec.rb +0 -173
- data/spec/cidr_spec.rb +0 -34
- data/spec/configuration_spec.rb +0 -330
- data/spec/has_attributes_spec.rb +0 -63
- data/spec/helpers/errors_matcher.rb +0 -34
- data/spec/helpers/request_helpers.rb +0 -10
- data/spec/id_spec.rb +0 -29
- data/spec/ldap_sync_spec.rb +0 -21
- data/spec/log_source_spec.rb +0 -13
- data/spec/log_spec.rb +0 -42
- data/spec/roles_spec.rb +0 -24
- data/spec/spec_helper.rb +0 -113
- data/spec/ssl_spec.rb +0 -109
- data/spec/uri_escape_spec.rb +0 -21
- data/test.sh +0 -73
- data/tmp/.keep +0 -0
data/features/members.feature
DELETED
@@ -1,51 +0,0 @@
|
|
1
|
-
Feature: Display role members and memberships.
|
2
|
-
|
3
|
-
Background:
|
4
|
-
Given I run the code:
|
5
|
-
"""
|
6
|
-
$conjur.load_policy 'root', <<-POLICY
|
7
|
-
- !group everyone
|
8
|
-
- !group developers
|
9
|
-
- !grant
|
10
|
-
role: !group everyone
|
11
|
-
member: !group developers
|
12
|
-
POLICY
|
13
|
-
"""
|
14
|
-
|
15
|
-
Scenario: Show a role's members.
|
16
|
-
When I run the code:
|
17
|
-
"""
|
18
|
-
$conjur.role('cucumber:group:everyone').members.map(&:as_json)
|
19
|
-
"""
|
20
|
-
Then the JSON should be:
|
21
|
-
"""
|
22
|
-
[
|
23
|
-
{
|
24
|
-
"admin_option": false,
|
25
|
-
"member": "cucumber:group:developers",
|
26
|
-
"role": "cucumber:group:everyone"
|
27
|
-
},
|
28
|
-
{
|
29
|
-
"admin_option": true,
|
30
|
-
"member": "cucumber:user:admin",
|
31
|
-
"role": "cucumber:group:everyone"
|
32
|
-
}
|
33
|
-
]
|
34
|
-
"""
|
35
|
-
|
36
|
-
Scenario: Show a role's memberships.
|
37
|
-
When I run the code:
|
38
|
-
"""
|
39
|
-
$conjur.role('cucumber:group:developers').memberships.map(&:as_json)
|
40
|
-
"""
|
41
|
-
Then the JSON should be:
|
42
|
-
"""
|
43
|
-
[
|
44
|
-
{
|
45
|
-
"id": "cucumber:group:developers"
|
46
|
-
},
|
47
|
-
{
|
48
|
-
"id": "cucumber:group:everyone"
|
49
|
-
}
|
50
|
-
]
|
51
|
-
"""
|
data/features/new_api.feature
DELETED
@@ -1,36 +0,0 @@
|
|
1
|
-
Feature: Constructing a new API object.
|
2
|
-
Background:
|
3
|
-
Given a new host
|
4
|
-
|
5
|
-
Scenario: From API key.
|
6
|
-
Then I run the code:
|
7
|
-
"""
|
8
|
-
api = Conjur::API.new_from_key "host/#{@host_id}", @host_api_key
|
9
|
-
expect(api.token).to be_instance_of(Hash)
|
10
|
-
expect($conjur.resource("cucumber:host:#{@host_id}")).to exist
|
11
|
-
"""
|
12
|
-
|
13
|
-
Scenario: From access token.
|
14
|
-
Given I run the code:
|
15
|
-
"""
|
16
|
-
@token = Conjur::API.new_from_key("host/#{@host_id}", @host_api_key).token
|
17
|
-
"""
|
18
|
-
Then I run the code:
|
19
|
-
"""
|
20
|
-
api = Conjur::API.new_from_token @token
|
21
|
-
expect($conjur.resource("cucumber:host:#{@host_id}")).to exist
|
22
|
-
"""
|
23
|
-
|
24
|
-
Scenario: From access token file.
|
25
|
-
Given I run the code:
|
26
|
-
"""
|
27
|
-
token = Conjur::API.new_from_key("host/#{@host_id}", @host_api_key).token
|
28
|
-
@temp_file = Tempfile.new("token.json")
|
29
|
-
@temp_file.write(token.to_json)
|
30
|
-
@temp_file.flush
|
31
|
-
"""
|
32
|
-
Then I run the code:
|
33
|
-
"""
|
34
|
-
api = Conjur::API.new_from_token_file @temp_file.path
|
35
|
-
expect($conjur.resource("cucumber:host:#{@host_id}")).to exist
|
36
|
-
"""
|
data/features/permitted.feature
DELETED
@@ -1,70 +0,0 @@
|
|
1
|
-
Feature: Check if a role has permission on a resource.
|
2
|
-
|
3
|
-
Background:
|
4
|
-
Given I run the code:
|
5
|
-
"""
|
6
|
-
@host_id = "app-#{random_hex}"
|
7
|
-
@test_user = "user$#{random_hex}"
|
8
|
-
@test_host = "host?#{random_hex}"
|
9
|
-
response = $conjur.load_policy 'root', <<-POLICY
|
10
|
-
- !variable db-password
|
11
|
-
|
12
|
-
- !layer myapp
|
13
|
-
|
14
|
-
- !host #{@host_id}
|
15
|
-
|
16
|
-
- !permit
|
17
|
-
role: !layer myapp
|
18
|
-
privilege: execute
|
19
|
-
resource: !variable db-password
|
20
|
-
|
21
|
-
- !policy
|
22
|
-
id: test
|
23
|
-
body:
|
24
|
-
- !user #{@test_user}
|
25
|
-
- !host #{@test_host}
|
26
|
-
|
27
|
-
- !permit
|
28
|
-
role: !user #{@test_user}@test
|
29
|
-
privilege: execute
|
30
|
-
resource: !variable db-password
|
31
|
-
POLICY
|
32
|
-
@host_api_key = response.created_roles["cucumber:host:#{@host_id}"]['api_key']
|
33
|
-
expect(@host_api_key).to be
|
34
|
-
"""
|
35
|
-
|
36
|
-
Scenario: Check if the current user has the privilege.
|
37
|
-
When I run the code:
|
38
|
-
"""
|
39
|
-
$conjur.resource('cucumber:variable:db-password').permitted? 'execute'
|
40
|
-
"""
|
41
|
-
Then the result should be "true"
|
42
|
-
|
43
|
-
Scenario: Check if a different user has the privilege.
|
44
|
-
When I run the code:
|
45
|
-
"""
|
46
|
-
$conjur.resource('cucumber:variable:db-password').permitted? 'execute', role: "cucumber:host:#{@host_id}"
|
47
|
-
"""
|
48
|
-
Then the result should be "false"
|
49
|
-
|
50
|
-
Scenario: Check if a different user from subpolicy has the privilege.
|
51
|
-
When I run the code:
|
52
|
-
"""
|
53
|
-
$conjur.resource('cucumber:variable:db-password').permitted? 'execute', role: "cucumber:user:#{@test_user}@test"
|
54
|
-
"""
|
55
|
-
Then the result should be "true"
|
56
|
-
|
57
|
-
Scenario: Check if a different host from subpolicy has the privilege.
|
58
|
-
When I run the code:
|
59
|
-
"""
|
60
|
-
$conjur.resource('cucumber:variable:db-password').permitted? 'execute', role: "cucumber:host:test/#{@test_host}"
|
61
|
-
"""
|
62
|
-
Then the result should be "false"
|
63
|
-
|
64
|
-
Scenario: Check if a different user has the privilege, while logged in as that user.
|
65
|
-
When I run the code:
|
66
|
-
"""
|
67
|
-
host_api = Conjur::API.new_from_key "host/#{@host_id}", @host_api_key
|
68
|
-
host_api.resource('cucumber:variable:db-password').permitted? 'execute'
|
69
|
-
"""
|
70
|
-
Then the result should be "false"
|
@@ -1,30 +0,0 @@
|
|
1
|
-
Feature: Enumerate roles which have a permission on a resource.
|
2
|
-
|
3
|
-
Background:
|
4
|
-
Given I run the code:
|
5
|
-
"""
|
6
|
-
$conjur.load_policy 'root', <<-POLICY
|
7
|
-
- !variable db-password
|
8
|
-
|
9
|
-
- !layer myapp
|
10
|
-
|
11
|
-
- !permit
|
12
|
-
role: !layer myapp
|
13
|
-
privilege: execute
|
14
|
-
resource: !variable db-password
|
15
|
-
POLICY
|
16
|
-
"""
|
17
|
-
|
18
|
-
@wip
|
19
|
-
Scenario: Permitted roles can be enumerated.
|
20
|
-
When I run the code:
|
21
|
-
"""
|
22
|
-
$conjur.resource('cucumber:variable:db-password').permitted_roles 'execute'
|
23
|
-
"""
|
24
|
-
Then the JSON should be:
|
25
|
-
"""
|
26
|
-
[
|
27
|
-
"cucumber:layer:myapp",
|
28
|
-
"cucumber:user:admin"
|
29
|
-
]
|
30
|
-
"""
|
@@ -1,53 +0,0 @@
|
|
1
|
-
Feature: Display basic resource fields.
|
2
|
-
|
3
|
-
Background:
|
4
|
-
Given I run the code:
|
5
|
-
"""
|
6
|
-
$conjur.load_policy 'root', <<-POLICY
|
7
|
-
- !group
|
8
|
-
id: developers
|
9
|
-
annotations:
|
10
|
-
gidnumber: 2000
|
11
|
-
POLICY
|
12
|
-
"""
|
13
|
-
|
14
|
-
Scenario: Resource exposes id, kind, identifier, and attributes.
|
15
|
-
When I run the code:
|
16
|
-
"""
|
17
|
-
resource = $conjur.resource('cucumber:group:developers')
|
18
|
-
[ resource.id, resource.account, resource.kind, resource.identifier, resource.attributes ]
|
19
|
-
"""
|
20
|
-
Then the JSON should be:
|
21
|
-
"""
|
22
|
-
[
|
23
|
-
"cucumber:group:developers",
|
24
|
-
"cucumber",
|
25
|
-
"group",
|
26
|
-
"developers",
|
27
|
-
{
|
28
|
-
"annotations": [
|
29
|
-
{
|
30
|
-
"name": "gidnumber",
|
31
|
-
"policy": "cucumber:policy:root",
|
32
|
-
"value": "2000"
|
33
|
-
}
|
34
|
-
],
|
35
|
-
"owner": "cucumber:user:admin",
|
36
|
-
"permissions": [
|
37
|
-
],
|
38
|
-
"policy": "cucumber:policy:root"
|
39
|
-
}
|
40
|
-
]
|
41
|
-
"""
|
42
|
-
|
43
|
-
Scenario: Resource#owner is the owner object
|
44
|
-
When I run the code:
|
45
|
-
"""
|
46
|
-
$conjur.resource('cucumber:group:developers').owner.id
|
47
|
-
"""
|
48
|
-
Then the result should be "cucumber:user:admin"
|
49
|
-
And I run the code:
|
50
|
-
"""
|
51
|
-
$conjur.resource('cucumber:group:developers').class
|
52
|
-
"""
|
53
|
-
Then the result should be "Conjur::Group"
|
@@ -1,15 +0,0 @@
|
|
1
|
-
Feature: Display basic role fields.
|
2
|
-
|
3
|
-
Scenario: Login of a user is the login name.
|
4
|
-
When I run the code:
|
5
|
-
"""
|
6
|
-
$conjur.role('cucumber:user:alice').login
|
7
|
-
"""
|
8
|
-
Then the result should be "alice"
|
9
|
-
|
10
|
-
Scenario: Login of a non-user is prefixed with the role kind.
|
11
|
-
When I run the code:
|
12
|
-
"""
|
13
|
-
$conjur.role('cucumber:host:myapp').login
|
14
|
-
"""
|
15
|
-
Then the result should be "host/myapp"
|
@@ -1,13 +0,0 @@
|
|
1
|
-
Feature: Rotate the API key.
|
2
|
-
|
3
|
-
Scenario: Logged-in user can rotate the API key.
|
4
|
-
When I run the code:
|
5
|
-
"""
|
6
|
-
Conjur::API.rotate_api_key 'admin', $api_key
|
7
|
-
"""
|
8
|
-
Then I can run the code:
|
9
|
-
"""
|
10
|
-
$api_key = @result.strip
|
11
|
-
$conjur = Conjur::API.new_from_key $username, @result
|
12
|
-
$conjur.token
|
13
|
-
"""
|
@@ -1,18 +0,0 @@
|
|
1
|
-
Then(/^I(?: can)? run the code:$/) do |code|
|
2
|
-
@result = eval(code).tap do |result|
|
3
|
-
puts result if ENV['DEBUG']
|
4
|
-
end
|
5
|
-
end
|
6
|
-
|
7
|
-
Then(/^this code should fail with "([^"]*)"$/) do |error_msg, code|
|
8
|
-
begin
|
9
|
-
@result = eval(code)
|
10
|
-
rescue Exception => exc
|
11
|
-
if not exc.message =~ %r{#{error_msg}}
|
12
|
-
fail "'#{error_msg}' was not found in '#{exc.message}'"
|
13
|
-
end
|
14
|
-
else
|
15
|
-
puts @result if ENV['DEBUG']
|
16
|
-
fail "The provided block did not raise an error"
|
17
|
-
end
|
18
|
-
end
|
@@ -1,75 +0,0 @@
|
|
1
|
-
Given(/^a new user$/) do
|
2
|
-
@user_id = "user-#{random_hex}"
|
3
|
-
@public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd/PAcCL9rW/zAS7DRns/KYiAvRAEKxBu/0IF32z7x6YiMFcA2hmH4DMYaIY45Xlj7L9uTZamUlRZNjSS9Xm6Lhh7XGceIX2067/MDnH+or9xh5LZs6gb3x7QVtNz26Au5h5kP0xoJ+wpVxvY707BeSax/WQZI8akqd0fD1IqOoafWkcX0ucu5iIgDh08R7zq3vrDHEK7+SoYo9ncHfmOUJ5lmImGiU/WMqM0OzN3RsgxJi/aaHjW1IASTY8TmAtTtjEsxbQXxRVUCAP9vWUZg7p3aqIB6sEP8skgncCUtHBQxUtE1XN8Q8NeFOzau6+9sQTXlPl8c/L4Jc4K96C75 #{@user_id}@example.com"
|
4
|
-
response = $conjur.load_policy 'root', <<-POLICY
|
5
|
-
- !user
|
6
|
-
id: #{@user_id}
|
7
|
-
uidnumber: 1000
|
8
|
-
public_keys:
|
9
|
-
- #{@public_key}
|
10
|
-
POLICY
|
11
|
-
@user = $conjur.resource("cucumber:user:#{@user_id}")
|
12
|
-
@user_api_key = response.created_roles["cucumber:user:#{@user_id}"]['api_key']
|
13
|
-
expect(@user_api_key).to be
|
14
|
-
end
|
15
|
-
|
16
|
-
Given(/^a new delegated user$/) do
|
17
|
-
# Create a new host that is owned by that user
|
18
|
-
step 'a new user'
|
19
|
-
@user_owner = @user
|
20
|
-
@user_owner_id = @user_id
|
21
|
-
@user_owner_api_key = @user_api_key
|
22
|
-
|
23
|
-
# Create a new user that is owned by the user created earlier
|
24
|
-
@user_id = "user-#{random_hex}"
|
25
|
-
response = $conjur.load_policy 'root', <<-POLICY
|
26
|
-
- !user
|
27
|
-
id: #{@user_id}
|
28
|
-
owner: !user #{@user_owner_id}
|
29
|
-
POLICY
|
30
|
-
@user = $conjur.resource("cucumber:user:#{@user_id}")
|
31
|
-
@user_api_key = response.created_roles["cucumber:user:#{@user_id}"]['api_key']
|
32
|
-
expect(@user_api_key).to be
|
33
|
-
end
|
34
|
-
|
35
|
-
Given(/^a new group$/) do
|
36
|
-
@group_id = "group-#{random_hex}"
|
37
|
-
response = $conjur.load_policy 'root', <<-POLICY
|
38
|
-
- !group
|
39
|
-
id: #{@group_id}
|
40
|
-
gidnumber: 1000
|
41
|
-
POLICY
|
42
|
-
@group = $conjur.resource("cucumber:group:#{@group_id}")
|
43
|
-
end
|
44
|
-
|
45
|
-
Given(/^a new host$/) do
|
46
|
-
@host_id = "app-#{random_hex}"
|
47
|
-
response = $conjur.load_policy 'root', <<-POLICY
|
48
|
-
- !host #{@host_id}
|
49
|
-
POLICY
|
50
|
-
@host_api_key = response.created_roles["cucumber:host:#{@host_id}"]['api_key']
|
51
|
-
expect(@host_api_key).to be
|
52
|
-
@host = $conjur.resource("cucumber:host:#{@host_id}")
|
53
|
-
@host.attributes['api_key'] = @host_api_key
|
54
|
-
end
|
55
|
-
|
56
|
-
Given(/^a new delegated host$/) do
|
57
|
-
# Create an owner user
|
58
|
-
step 'a new user'
|
59
|
-
@host_owner = @user
|
60
|
-
@host_owner_id = @user_id
|
61
|
-
@host_owner_api_key = @user_api_key
|
62
|
-
|
63
|
-
# Create a new host that is owned by that user
|
64
|
-
@host_id = "app-#{random_hex}"
|
65
|
-
response = $conjur.load_policy 'root', <<-POLICY
|
66
|
-
- !host
|
67
|
-
id: #{@host_id}
|
68
|
-
owner: !user #{@host_owner_id}
|
69
|
-
POLICY
|
70
|
-
|
71
|
-
@host_api_key = response.created_roles["cucumber:host:#{@host_id}"]['api_key']
|
72
|
-
expect(@host_api_key).to be
|
73
|
-
@host = $conjur.resource("cucumber:host:#{@host_id}")
|
74
|
-
@host.attributes['api_key'] = @host_api_key
|
75
|
-
end
|
data/features/support/env.rb
DELETED
@@ -1,18 +0,0 @@
|
|
1
|
-
require 'simplecov'
|
2
|
-
|
3
|
-
SimpleCov.start do
|
4
|
-
command_name "#{ENV['RUBY_VERSION']}"
|
5
|
-
end
|
6
|
-
|
7
|
-
require 'json_spec/cucumber'
|
8
|
-
require 'conjur/api'
|
9
|
-
|
10
|
-
Conjur.configuration.appliance_url = ENV['CONJUR_APPLIANCE_URL'] || 'http://localhost/api/v6'
|
11
|
-
Conjur.configuration.account = ENV['CONJUR_ACCOUNT'] || 'cucumber'
|
12
|
-
Conjur.configuration.authn_local_socket = "/run/authn-local-5/.socket"
|
13
|
-
|
14
|
-
$username = ENV['CONJUR_AUTHN_LOGIN'] || 'admin'
|
15
|
-
$password = ENV['CONJUR_AUTHN_API_KEY'] || 'secret'
|
16
|
-
|
17
|
-
$api_key = Conjur::API.login $username, $password
|
18
|
-
$conjur = Conjur::API.new_from_key $username, $api_key
|
data/features/support/hooks.rb
DELETED
data/features/support/world.rb
DELETED
@@ -1,14 +0,0 @@
|
|
1
|
-
Feature: Change a user's password.
|
2
|
-
Background:
|
3
|
-
Given a new user
|
4
|
-
|
5
|
-
Scenario: A user can set/change her password using the current API key.
|
6
|
-
When I run the code:
|
7
|
-
"""
|
8
|
-
Conjur::API.update_password @user_id, @user_api_key, 'SEcret12!!!!'
|
9
|
-
@new_api_key = Conjur::API.login @user_id, 'SEcret12!!!!'
|
10
|
-
"""
|
11
|
-
Then I can run the code:
|
12
|
-
"""
|
13
|
-
Conjur::API.new_from_key(@user_id, @new_api_key).token
|
14
|
-
"""
|
data/features/user.feature
DELETED
@@ -1,58 +0,0 @@
|
|
1
|
-
Feature: User object
|
2
|
-
|
3
|
-
Background:
|
4
|
-
|
5
|
-
Scenario: User has a uidnumber
|
6
|
-
Given a new user
|
7
|
-
Then I can run the code:
|
8
|
-
"""
|
9
|
-
@user.uidnumber
|
10
|
-
"""
|
11
|
-
Then the result should be "1000"
|
12
|
-
|
13
|
-
Scenario: Logged-in user is the current_role
|
14
|
-
Given a new user
|
15
|
-
Then I can run the code:
|
16
|
-
"""
|
17
|
-
expect($conjur.current_role(Conjur.configuration.account).id.to_s).to eq("cucumber:user:admin")
|
18
|
-
"""
|
19
|
-
|
20
|
-
# Rotation of own API key should be done via `Conjur::API.rotate_api_key()`
|
21
|
-
Scenario: User's own API key cannot be rotated with an API key
|
22
|
-
Given a new user
|
23
|
-
Then this code should fail with "You cannot rotate your own API key via this method"
|
24
|
-
"""
|
25
|
-
user = Conjur::API.new_from_key(@user.login, @user_api_key).resource(@user.id)
|
26
|
-
user.rotate_api_key
|
27
|
-
"""
|
28
|
-
|
29
|
-
# Rotation of own API key should be done via `Conjur::API.rotate_api_key()`
|
30
|
-
Scenario: User's own API key cannot be rotated with a token
|
31
|
-
Given a new user
|
32
|
-
Then this code should fail with "You cannot rotate your own API key via this method"
|
33
|
-
"""
|
34
|
-
token = Conjur::API.new_from_key(@user.login, @user_api_key).token
|
35
|
-
|
36
|
-
user = Conjur::API.new_from_token(token).resource(@user.id)
|
37
|
-
user.rotate_api_key
|
38
|
-
"""
|
39
|
-
|
40
|
-
Scenario: Delegated user's API key can be rotated with an API key
|
41
|
-
Given a new delegated user
|
42
|
-
Then I can run the code:
|
43
|
-
"""
|
44
|
-
delegated_user_resource = Conjur::API.new_from_key(@user_owner.login, @user_owner_api_key).resource(@user.id)
|
45
|
-
api_key = delegated_user_resource.rotate_api_key
|
46
|
-
Conjur::API.new_from_key(delegated_user_resource.login, api_key).token
|
47
|
-
"""
|
48
|
-
|
49
|
-
Scenario: Delegated user's API key can be rotated with a token
|
50
|
-
Given a new delegated user
|
51
|
-
Then I can run the code:
|
52
|
-
"""
|
53
|
-
token = Conjur::API.new_from_key(@user_owner.login, @user_owner_api_key).token
|
54
|
-
|
55
|
-
delegated_user_resource = Conjur::API.new_from_token(token).resource(@user.id)
|
56
|
-
api_key = delegated_user_resource.rotate_api_key
|
57
|
-
Conjur::API.new_from_key(delegated_user_resource.login, api_key).token
|
58
|
-
"""
|
@@ -1,20 +0,0 @@
|
|
1
|
-
Feature: Display Variable fields.
|
2
|
-
|
3
|
-
Background:
|
4
|
-
Given I run the code:
|
5
|
-
"""
|
6
|
-
$conjur.load_policy 'root', <<-POLICY
|
7
|
-
- !variable
|
8
|
-
id: ssl-certificate
|
9
|
-
kind: SSL certificate
|
10
|
-
mime_type: application/x-pem-file
|
11
|
-
POLICY
|
12
|
-
"""
|
13
|
-
And I run the code:
|
14
|
-
"""
|
15
|
-
$conjur.resource('cucumber:variable:ssl-certificate')
|
16
|
-
"""
|
17
|
-
|
18
|
-
Scenario: Display MIME type and kind
|
19
|
-
Then the JSON at "mime_type" should be "application/x-pem-file"
|
20
|
-
And the JSON at "kind" should be "SSL certificate"
|
@@ -1,60 +0,0 @@
|
|
1
|
-
Feature: Work with Variable values.
|
2
|
-
|
3
|
-
Background:
|
4
|
-
Given I run the code:
|
5
|
-
"""
|
6
|
-
@variable_id = "password"
|
7
|
-
$conjur.load_policy 'root', <<-POLICY
|
8
|
-
- !variable #{@variable_id}
|
9
|
-
- !variable #{@variable_id}-2
|
10
|
-
POLICY
|
11
|
-
@variable = $conjur.resource("cucumber:variable:#{@variable_id}")
|
12
|
-
@variable_2 = $conjur.resource("cucumber:variable:#{@variable_id}-2")
|
13
|
-
"""
|
14
|
-
|
15
|
-
Scenario: Add a value, retrieve the variable metadata and the value.
|
16
|
-
When I run the code:
|
17
|
-
"""
|
18
|
-
@initial_count = @variable.version_count
|
19
|
-
@variable.add_value 'value-0'
|
20
|
-
"""
|
21
|
-
And I run the code:
|
22
|
-
"""
|
23
|
-
expect(@variable.version_count).to eq(@initial_count + 1)
|
24
|
-
"""
|
25
|
-
And I run the code:
|
26
|
-
"""
|
27
|
-
@variable.value(@variable.version_count)
|
28
|
-
"""
|
29
|
-
Then the result should be "value-0"
|
30
|
-
|
31
|
-
Scenario: Retrieve a historical value.
|
32
|
-
Given I run the code:
|
33
|
-
"""
|
34
|
-
@variable.add_value 'value-0'
|
35
|
-
@variable.add_value 'value-1'
|
36
|
-
@variable.add_value 'value-2'
|
37
|
-
"""
|
38
|
-
When I run the code:
|
39
|
-
"""
|
40
|
-
@variable.value(@variable.version_count - 2)
|
41
|
-
"""
|
42
|
-
Then the result should be "value-0"
|
43
|
-
|
44
|
-
Scenario: Retrieve multiple values in a batch
|
45
|
-
Given I run the code:
|
46
|
-
"""
|
47
|
-
@variable.add_value 'value-0'
|
48
|
-
@variable_2.add_value 'value-2'
|
49
|
-
"""
|
50
|
-
When I run the code:
|
51
|
-
"""
|
52
|
-
$conjur.variable_values([ @variable, @variable_2 ].map(&:id))
|
53
|
-
"""
|
54
|
-
Then the JSON should be:
|
55
|
-
"""
|
56
|
-
{
|
57
|
-
"cucumber:variable:password": "value-0",
|
58
|
-
"cucumber:variable:password-2": "value-2"
|
59
|
-
}
|
60
|
-
"""
|
@@ -1,27 +0,0 @@
|
|
1
|
-
Feature: When co-located with the Conjur server, the API can use the authn-local service to authenticate.
|
2
|
-
|
3
|
-
Scenario: authn-local can be used to obtain an access token.
|
4
|
-
When I run the code:
|
5
|
-
"""
|
6
|
-
Conjur::API.authenticate_local "alice"
|
7
|
-
"""
|
8
|
-
Then the JSON should have "data"
|
9
|
-
|
10
|
-
Scenario: Conjur API supports construction from authn-local.
|
11
|
-
When I run the code:
|
12
|
-
"""
|
13
|
-
@api = Conjur::API.new_from_authn_local "alice"
|
14
|
-
@api.token
|
15
|
-
"""
|
16
|
-
Then the JSON should have "data"
|
17
|
-
|
18
|
-
Scenario: Conjur API will automatically refresh the token.
|
19
|
-
When I run the code:
|
20
|
-
"""
|
21
|
-
@api = Conjur::API.new_from_authn_local "alice"
|
22
|
-
@api.token
|
23
|
-
@api.force_token_refresh
|
24
|
-
@api.token
|
25
|
-
"""
|
26
|
-
Then the JSON should have "data"
|
27
|
-
And the JSON at "data" should be "alice"
|
data/features_v4/exists.feature
DELETED
@@ -1,29 +0,0 @@
|
|
1
|
-
Feature: Check if an object exists.
|
2
|
-
|
3
|
-
Scenario: A created group resource exists
|
4
|
-
When I run the code:
|
5
|
-
"""
|
6
|
-
$conjur.resource('cucumber:group:developers').exists?
|
7
|
-
"""
|
8
|
-
Then the result should be "true"
|
9
|
-
|
10
|
-
Scenario: An un-created resource doesn't exist
|
11
|
-
When I run the code:
|
12
|
-
"""
|
13
|
-
$conjur.resource('cucumber:food:bacon').exists?
|
14
|
-
"""
|
15
|
-
Then the result should be "false"
|
16
|
-
|
17
|
-
Scenario: A created group role exists
|
18
|
-
When I run the code:
|
19
|
-
"""
|
20
|
-
$conjur.role('cucumber:group:developers').exists?
|
21
|
-
"""
|
22
|
-
Then the result should be "true"
|
23
|
-
|
24
|
-
Scenario: An un-created role doesn't exist
|
25
|
-
When I run the code:
|
26
|
-
"""
|
27
|
-
$conjur.role('cucumber:food:bacon').exists?
|
28
|
-
"""
|
29
|
-
Then the result should be "false"
|
data/features_v4/host.feature
DELETED
@@ -1,18 +0,0 @@
|
|
1
|
-
Feature: Display Host object fields.
|
2
|
-
|
3
|
-
Background:
|
4
|
-
Given a new host
|
5
|
-
|
6
|
-
Scenario: API key of a newly created host is available and valid.
|
7
|
-
Then I run the code:
|
8
|
-
"""
|
9
|
-
expect(@host.exists?).to be(true)
|
10
|
-
expect(@host.api_key).to be
|
11
|
-
"""
|
12
|
-
|
13
|
-
Scenario: API key of a a host can be rotated.
|
14
|
-
Then I run the code:
|
15
|
-
"""
|
16
|
-
api_key = @host.rotate_api_key
|
17
|
-
Conjur::API.new_from_key("host/#{@host.id.identifier}", api_key).token
|
18
|
-
"""
|