conjur-api 5.3.8.pre.194 → 5.3.8.pre.319

Sign up to get free protection for your applications and to get access to all the features.
Files changed (143) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. metadata +21 -191
  4. data/.codeclimate.yml +0 -10
  5. data/.dockerignore +0 -1
  6. data/.github/CODEOWNERS +0 -10
  7. data/.gitignore +0 -32
  8. data/.gitleaks.toml +0 -219
  9. data/.overcommit.yml +0 -16
  10. data/.project +0 -18
  11. data/.rubocop.yml +0 -3
  12. data/.rubocop_settings.yml +0 -86
  13. data/.rubocop_todo.yml +0 -709
  14. data/.yardopts +0 -1
  15. data/CHANGELOG.md +0 -435
  16. data/CONTRIBUTING.md +0 -141
  17. data/Dockerfile +0 -16
  18. data/Gemfile +0 -7
  19. data/Jenkinsfile +0 -168
  20. data/LICENSE +0 -202
  21. data/README.md +0 -162
  22. data/Rakefile +0 -47
  23. data/SECURITY.md +0 -42
  24. data/bin/parse-changelog.sh +0 -12
  25. data/ci/configure_v4.sh +0 -12
  26. data/ci/configure_v5.sh +0 -14
  27. data/ci/submit-coverage +0 -36
  28. data/conjur-api.gemspec +0 -40
  29. data/dev/Dockerfile.dev +0 -12
  30. data/dev/docker-compose.yml +0 -56
  31. data/dev/start +0 -22
  32. data/dev/stop +0 -5
  33. data/docker-compose.yml +0 -76
  34. data/example/demo_v4.rb +0 -49
  35. data/example/demo_v5.rb +0 -57
  36. data/features/authenticators.feature +0 -33
  37. data/features/authn_local.feature +0 -32
  38. data/features/exists.feature +0 -37
  39. data/features/group.feature +0 -11
  40. data/features/host.feature +0 -50
  41. data/features/host_factory_create_host.feature +0 -28
  42. data/features/host_factory_token.feature +0 -63
  43. data/features/load_policy.feature +0 -61
  44. data/features/members.feature +0 -51
  45. data/features/new_api.feature +0 -36
  46. data/features/permitted.feature +0 -70
  47. data/features/permitted_roles.feature +0 -30
  48. data/features/public_keys.feature +0 -11
  49. data/features/resource_fields.feature +0 -53
  50. data/features/role_fields.feature +0 -15
  51. data/features/rotate_api_key.feature +0 -13
  52. data/features/step_definitions/api_steps.rb +0 -18
  53. data/features/step_definitions/policy_steps.rb +0 -75
  54. data/features/step_definitions/result_steps.rb +0 -7
  55. data/features/support/env.rb +0 -18
  56. data/features/support/hooks.rb +0 -3
  57. data/features/support/world.rb +0 -12
  58. data/features/update_password.feature +0 -14
  59. data/features/user.feature +0 -58
  60. data/features/variable_fields.feature +0 -20
  61. data/features/variable_value.feature +0 -60
  62. data/features_v4/authn_local.feature +0 -27
  63. data/features_v4/exists.feature +0 -29
  64. data/features_v4/host.feature +0 -18
  65. data/features_v4/host_factory_token.feature +0 -49
  66. data/features_v4/members.feature +0 -39
  67. data/features_v4/permitted.feature +0 -15
  68. data/features_v4/permitted_roles.feature +0 -8
  69. data/features_v4/resource_fields.feature +0 -47
  70. data/features_v4/rotate_api_key.feature +0 -13
  71. data/features_v4/step_definitions/api_steps.rb +0 -17
  72. data/features_v4/step_definitions/result_steps.rb +0 -3
  73. data/features_v4/support/env.rb +0 -23
  74. data/features_v4/support/policy.yml +0 -34
  75. data/features_v4/support/world.rb +0 -12
  76. data/features_v4/variable_fields.feature +0 -11
  77. data/features_v4/variable_value.feature +0 -54
  78. data/lib/conjur/acts_as_resource.rb +0 -123
  79. data/lib/conjur/acts_as_role.rb +0 -142
  80. data/lib/conjur/acts_as_rolsource.rb +0 -32
  81. data/lib/conjur/acts_as_user.rb +0 -68
  82. data/lib/conjur/api/authenticators.rb +0 -35
  83. data/lib/conjur/api/authn.rb +0 -125
  84. data/lib/conjur/api/host_factories.rb +0 -71
  85. data/lib/conjur/api/ldap_sync.rb +0 -38
  86. data/lib/conjur/api/policies.rb +0 -56
  87. data/lib/conjur/api/pubkeys.rb +0 -53
  88. data/lib/conjur/api/resources.rb +0 -109
  89. data/lib/conjur/api/roles.rb +0 -98
  90. data/lib/conjur/api/router/v4.rb +0 -206
  91. data/lib/conjur/api/router/v5.rb +0 -248
  92. data/lib/conjur/api/variables.rb +0 -59
  93. data/lib/conjur/api.rb +0 -105
  94. data/lib/conjur/base.rb +0 -355
  95. data/lib/conjur/base_object.rb +0 -57
  96. data/lib/conjur/build_object.rb +0 -47
  97. data/lib/conjur/cache.rb +0 -26
  98. data/lib/conjur/cert_utils.rb +0 -63
  99. data/lib/conjur/cidr.rb +0 -71
  100. data/lib/conjur/configuration.rb +0 -460
  101. data/lib/conjur/escape.rb +0 -129
  102. data/lib/conjur/exceptions.rb +0 -4
  103. data/lib/conjur/group.rb +0 -41
  104. data/lib/conjur/has_attributes.rb +0 -98
  105. data/lib/conjur/host.rb +0 -27
  106. data/lib/conjur/host_factory.rb +0 -75
  107. data/lib/conjur/host_factory_token.rb +0 -78
  108. data/lib/conjur/id.rb +0 -71
  109. data/lib/conjur/layer.rb +0 -9
  110. data/lib/conjur/log.rb +0 -72
  111. data/lib/conjur/log_source.rb +0 -60
  112. data/lib/conjur/policy.rb +0 -34
  113. data/lib/conjur/policy_load_result.rb +0 -61
  114. data/lib/conjur/query_string.rb +0 -12
  115. data/lib/conjur/resource.rb +0 -29
  116. data/lib/conjur/role.rb +0 -29
  117. data/lib/conjur/role_grant.rb +0 -85
  118. data/lib/conjur/routing.rb +0 -29
  119. data/lib/conjur/user.rb +0 -40
  120. data/lib/conjur/variable.rb +0 -208
  121. data/lib/conjur/webservice.rb +0 -30
  122. data/lib/conjur-api/version.rb +0 -24
  123. data/lib/conjur-api.rb +0 -2
  124. data/publish.sh +0 -5
  125. data/spec/api/host_factories_spec.rb +0 -34
  126. data/spec/api_spec.rb +0 -254
  127. data/spec/base_object_spec.rb +0 -13
  128. data/spec/cert_utils_spec.rb +0 -173
  129. data/spec/cidr_spec.rb +0 -34
  130. data/spec/configuration_spec.rb +0 -330
  131. data/spec/has_attributes_spec.rb +0 -63
  132. data/spec/helpers/errors_matcher.rb +0 -34
  133. data/spec/helpers/request_helpers.rb +0 -10
  134. data/spec/id_spec.rb +0 -29
  135. data/spec/ldap_sync_spec.rb +0 -21
  136. data/spec/log_source_spec.rb +0 -13
  137. data/spec/log_spec.rb +0 -42
  138. data/spec/roles_spec.rb +0 -24
  139. data/spec/spec_helper.rb +0 -113
  140. data/spec/ssl_spec.rb +0 -109
  141. data/spec/uri_escape_spec.rb +0 -21
  142. data/test.sh +0 -73
  143. data/tmp/.keep +0 -0
data/ci/submit-coverage DELETED
@@ -1,36 +0,0 @@
1
- #!/bin/bash
2
-
3
- set -eux
4
-
5
- DIR="coverage"
6
- BIN="cc-test-reporter"
7
- REPORT="${DIR}/.resultset.json"
8
-
9
- if [[ ! -e ${REPORT} ]]; then
10
- echo "SimpleCov report (${REPORT}) not found"
11
- ls -laR ${DIR}
12
- exit 1
13
- fi
14
-
15
- if [[ ! -x ${BIN} ]]; then
16
- echo "cc-test-reporter binary not found, not reporting coverage data to code climate"
17
- ls -laR ${DIR}
18
- # report is present but reporter binary is not, definitely a bug, exit error.
19
- exit 1
20
- fi
21
-
22
- # Simplecov excludes files not within the current repo, it also needs to
23
- # be able to read all the files referenced within the report. As the reports
24
- # are generated in containers, the absolute paths contained in the report
25
- # are not valid outside that container. This sed fixes the paths
26
- # So they are correct relative to the Jenkins workspace.
27
- sed -i -E "s+/src/conjur-api+${WORKSPACE}+g" "${REPORT}"
28
-
29
- echo "Coverage reports prepared, submitting to CodeClimate."
30
- # vars GIT_COMMIT, GIT_BRANCH & TRID are set by ccCoverage.dockerPrep
31
-
32
- ./${BIN} after-build \
33
- --coverage-input-type "simplecov"\
34
- --id "${TRID}"
35
-
36
- echo "Successfully Reported Coverage Data"
data/conjur-api.gemspec DELETED
@@ -1,40 +0,0 @@
1
- # -*- encoding: utf-8 -*-
2
- require File.expand_path('../lib/conjur-api/version', __FILE__)
3
-
4
- Gem::Specification.new do |gem|
5
- gem.authors = ["CyberArk Maintainers"]
6
- gem.email = ["conj_maintainers@cyberark.com"]
7
- gem.description = %q{Conjur API}
8
- gem.summary = %q{Conjur API}
9
- gem.homepage = "https://github.com/cyberark/conjur-api-ruby/"
10
- gem.license = "Apache-2.0"
11
-
12
- gem.files = `git ls-files`.split($\).append("VERSION") + Dir['build_number']
13
- gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
14
- gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
15
- gem.name = "conjur-api"
16
- gem.require_paths = ["lib"]
17
- gem.version = Conjur::API::VERSION
18
-
19
- gem.required_ruby_version = '>= 1.9'
20
-
21
- # Filter out development only executables
22
- gem.executables -= %w{parse-changelog.sh}
23
-
24
- gem.add_dependency 'rest-client'
25
- gem.add_dependency 'activesupport', '>= 4.2'
26
- gem.add_dependency 'addressable', '~> 2.0'
27
-
28
- gem.add_development_dependency 'rake', '>= 12.3.3'
29
- gem.add_development_dependency 'rspec', '~> 3'
30
- gem.add_development_dependency 'rspec-expectations', '~> 3.4'
31
- gem.add_development_dependency 'json_spec'
32
- gem.add_development_dependency 'cucumber', '~> 2.99'
33
- gem.add_development_dependency 'ci_reporter_rspec'
34
- gem.add_development_dependency 'simplecov', '~> 0.17', '< 0.18'
35
- gem.add_development_dependency 'io-grab'
36
- gem.add_development_dependency 'rdoc'
37
- gem.add_development_dependency 'yard'
38
- gem.add_development_dependency 'fakefs'
39
- gem.add_development_dependency 'pry-byebug'
40
- end
data/dev/Dockerfile.dev DELETED
@@ -1,12 +0,0 @@
1
- FROM ruby:2.5
2
-
3
- RUN apt-get update && apt-get install -y vim curl
4
-
5
- WORKDIR /src/conjur-api
6
-
7
- COPY Gemfile conjur-api.gemspec ./
8
- COPY lib/conjur-api/version.rb ./lib/conjur-api/
9
-
10
- RUN bundle
11
-
12
- COPY . ./
@@ -1,56 +0,0 @@
1
- version: '3'
2
- services:
3
- pg:
4
- image: postgres:9.3
5
-
6
- conjur_5:
7
- image: cyberark/conjur
8
- command: server -a cucumber
9
- environment:
10
- DATABASE_URL: postgres://postgres@pg/postgres
11
- CONJUR_DATA_KEY: 'WMfApcDBtocRWV+ZSUP3Tjr5XNU+Z2FdBb6BEezejIs='
12
- volumes:
13
- - authn_local_5:/run/authn-local
14
- depends_on:
15
- - pg
16
-
17
- conjur_4:
18
- image: registry2.itci.conjur.net/conjur-appliance-cuke-master:4.9-stable
19
- security_opt:
20
- - seccomp:unconfined
21
- volumes:
22
- - ../features_v4/support/policy.yml:/etc/policy.yml
23
- - authn_local_4:/run/authn-local
24
-
25
- gem:
26
- build:
27
- context: ../
28
- dockerfile: dev/Dockerfile.dev
29
- entrypoint: sleep
30
- command: infinity
31
- environment:
32
- CONJUR_APPLIANCE_URL: http://conjur_5
33
- CONJUR_VERSION: 5
34
- CONJUR_ACCOUNT: cucumber
35
- links:
36
- - conjur_5:conjur_5
37
- - conjur_4:conjur_4
38
- volumes:
39
- - ..:/src/conjur-api
40
- - authn_local_4:/run/authn-local-4
41
- - authn_local_5:/run/authn-local-5
42
-
43
- client:
44
- image: conjurinc/cli5
45
- entrypoint: sleep
46
- command: infinity
47
- environment:
48
- CONJUR_APPLIANCE_URL: http://conjur_5
49
- CONJUR_ACCOUNT: cucumber
50
- CONJUR_AUTHN_LOGIN: admin
51
- links:
52
- - conjur_5:conjur_5
53
-
54
- volumes:
55
- authn_local_5:
56
- authn_local_4:
data/dev/start DELETED
@@ -1,22 +0,0 @@
1
- #!/bin/bash -ex
2
-
3
- function v5_development() {
4
- docker-compose up -d --no-deps conjur_5 pg gem client
5
-
6
- docker-compose exec -T conjur_5 conjurctl wait
7
-
8
- local api_key=$(docker-compose exec -T conjur_5 rake 'role:retrieve-key[cucumber:user:admin]')
9
- api_key=$(docker-compose exec -T conjur_5 conjurctl role retrieve-key cucumber:user:admin | tr -d '\r')
10
-
11
- docker exec -e CONJUR_AUTHN_API_KEY="$api_key" -it --detach-keys 'ctrl-\' $(docker-compose ps -q gem) bash
12
- }
13
-
14
- # Set up VERSION file for local development
15
- if [ ! -f "../VERSION" ]; then
16
- echo -n "0.0.dev" > ../VERSION
17
- fi
18
-
19
- docker-compose pull
20
- docker-compose build
21
-
22
- v5_development
data/dev/stop DELETED
@@ -1,5 +0,0 @@
1
- #!/bin/bash -ex
2
-
3
- echo 'Removing test environment'
4
- echo '---'
5
- docker-compose down --rmi 'local' --volumes
data/docker-compose.yml DELETED
@@ -1,76 +0,0 @@
1
- version: '2.1'
2
- services:
3
- pg:
4
- image: postgres:9.3
5
-
6
- conjur_5:
7
- image: cyberark/conjur
8
- command: server -a cucumber
9
- environment:
10
- DATABASE_URL: postgres://postgres@pg/postgres
11
- CONJUR_DATA_KEY: 'WMfApcDBtocRWV+ZSUP3Tjr5XNU+Z2FdBb6BEezejIs='
12
- volumes:
13
- - authn_local_5:/run/authn-local
14
- depends_on:
15
- - pg
16
-
17
- conjur_4:
18
- image: registry2.itci.conjur.net/conjur-appliance-cuke-master:4.9-stable
19
- security_opt:
20
- - seccomp:unconfined
21
- volumes:
22
- - ./features_v4/support/policy.yml:/etc/policy.yml
23
- - authn_local_4:/run/authn-local
24
-
25
- tester_5:
26
- build:
27
- context: .
28
- dockerfile: Dockerfile
29
- args:
30
- RUBY_VERSION: ${RUBY_VERSION}
31
- volumes:
32
- - ./spec/reports:/src/conjur-api/spec/reports
33
- - ./features/reports:/src/conjur-api/features/reports
34
- - ./coverage:/src/conjur-api/coverage
35
- - authn_local_5:/run/authn-local-5
36
- environment:
37
- CONJUR_APPLIANCE_URL: http://conjur_5
38
- CONJUR_VERSION: 5
39
- CONJUR_ACCOUNT: cucumber
40
-
41
- tester_4:
42
- build:
43
- context: .
44
- dockerfile: Dockerfile
45
- args:
46
- RUBY_VERSION: ${RUBY_VERSION}
47
- volumes:
48
- - ./features_v4/reports:/src/conjur-api/features_v4/reports
49
- - ./tmp/conjur.pem:/src/conjur-api/tmp/conjur.pem
50
- - ./coverage_v4:/src/conjur-api/coverage
51
- - authn_local_4:/run/authn-local-4
52
- environment:
53
- CONJUR_APPLIANCE_URL: https://conjur_4/api
54
- CONJUR_VERSION: 4
55
- CONJUR_ACCOUNT: cucumber
56
-
57
- dev:
58
- build:
59
- context: .
60
- dockerfile: Dockerfile
61
- args:
62
- RUBY_VERSION: ${RUBY_VERSION}
63
- entrypoint: bash
64
- volumes:
65
- - .:/src/conjur-api
66
- - authn_local_4:/run/authn-local-4
67
- - authn_local_5:/run/authn-local-5
68
- environment:
69
- CONJUR_ACCOUNT: cucumber
70
- depends_on:
71
- - conjur_4
72
- - conjur_5
73
-
74
- volumes:
75
- authn_local_4:
76
- authn_local_5:
data/example/demo_v4.rb DELETED
@@ -1,49 +0,0 @@
1
- #!/usr/bin/env ruby
2
-
3
- require 'conjur-api'
4
- require 'securerandom'
5
-
6
- username = "admin"
7
- password = "secret"
8
-
9
- Conjur.configuration.appliance_url = "https://conjur_4/api"
10
- Conjur.configuration.account = "cucumber"
11
- Conjur.configuration.cert_file = "./tmp/conjur.pem"
12
- Conjur.configuration.version = 4
13
- Conjur.configuration.apply_cert_config!
14
-
15
- puts "Configured with Conjur version: #{Conjur.configuration.version}"
16
- puts
17
-
18
- api_key = Conjur::API.login username, password
19
- api = Conjur::API.new_from_key username, api_key
20
-
21
- db_password = SecureRandom.hex(12)
22
- puts "Populating variable 'db-password' = #{db_password.inspect}"
23
- api.resource("cucumber:variable:db-password").add_value db_password
24
- puts "Value added"
25
- puts
26
-
27
- puts "Creating host factory token for 'myapp'"
28
- expiration = Time.now + 1.day
29
- hf_token = api.resource("cucumber:host_factory:myapp").create_token expiration
30
- puts "Created: #{hf_token.token}"
31
- puts
32
-
33
- puts "Creating new host 'host-01' with host factory"
34
- host = Conjur::API.host_factory_create_host(hf_token, "host-01")
35
- puts "Created: #{host}"
36
- puts
37
-
38
- puts "Logging in as #{host.id}"
39
- host_api = Conjur::API.new_from_key "host/host-01", host.api_key
40
- puts "Logged in"
41
- puts
42
-
43
-
44
- puts "Fetching db-password as #{host.id}"
45
- value = host_api.resource("cucumber:variable:db-password").value
46
- puts value
47
- puts
48
-
49
- puts "Done!"
data/example/demo_v5.rb DELETED
@@ -1,57 +0,0 @@
1
- #!/usr/bin/env ruby
2
-
3
- require 'conjur-api'
4
- require 'securerandom'
5
-
6
- username = "admin"
7
-
8
- arguments = ARGV.dup
9
-
10
- api_key = arguments.shift or raise "Usage: ./demo_v5 <admin-api-key>"
11
-
12
- Conjur.configuration.appliance_url = "http://conjur_5"
13
- Conjur.configuration.account = "cucumber"
14
- # This is the default
15
- # Conjur.configuration.version = 5
16
-
17
- puts "Configured with Conjur version: #{Conjur.configuration.version}"
18
- puts
19
-
20
- api = Conjur::API.new_from_key username, api_key
21
-
22
- policy = File.read("features_v4/support/policy.yml")
23
-
24
- puts "Loading policy 'root'"
25
- policy_result = api.load_policy "root", policy
26
- puts "Loaded: #{policy_result}"
27
- puts
28
-
29
- db_password = SecureRandom.hex(12)
30
- puts "Populating variable 'db-password' = #{db_password.inspect}"
31
- api.resource("cucumber:variable:db-password").add_value db_password
32
- puts "Value added"
33
- puts
34
-
35
- puts "Creating host factory token for 'myapp'"
36
- expiration = Time.now + 1.day
37
- hf_token = api.resource("cucumber:host_factory:myapp").create_token expiration
38
- puts "Created: #{hf_token.token}"
39
- puts
40
-
41
- puts "Creating new host 'host-01' with host factory"
42
- host = Conjur::API.host_factory_create_host(hf_token, "host-01")
43
- puts "Created: #{host}"
44
- puts
45
-
46
- puts "Logging in as #{host.id}"
47
- host_api = Conjur::API.new_from_key "host/host-01", host.api_key
48
- puts "Logged in"
49
- puts
50
-
51
-
52
- puts "Fetching db-password as #{host.id}"
53
- value = host_api.resource("cucumber:variable:db-password").value
54
- puts value
55
- puts
56
-
57
- puts "Done!"
@@ -1,33 +0,0 @@
1
- Feature: List and manage authenticators
2
-
3
- Background:
4
- Given I run the code:
5
- """
6
- $conjur.load_policy 'root', <<-POLICY
7
- - !webservice conjur/authn-k8s/my-auth
8
- POLICY
9
- """
10
-
11
- Scenario: Authenticator list includes the authenticator status
12
- When I run the code:
13
- """
14
- $conjur.authenticator_list
15
- """
16
- Then the JSON should have "installed"
17
- And the JSON should have "configured"
18
- And the JSON should have "enabled"
19
- And the JSON at "enabled" should be ["authn"]
20
-
21
- Scenario: Enable and disable authenticator
22
- When I run the code:
23
- """
24
- $conjur.authenticator_enable("authn-k8s", "my-auth")
25
- $conjur.authenticator_list
26
- """
27
- Then the JSON at "enabled" should be ["authn", "authn-k8s/my-auth"]
28
- When I run the code:
29
- """
30
- $conjur.authenticator_disable("authn-k8s", "my-auth")
31
- $conjur.authenticator_list
32
- """
33
- Then the JSON at "enabled" should be ["authn"]
@@ -1,32 +0,0 @@
1
- Feature: When co-located with the Conjur server, the API can use the authn-local service to authenticate.
2
-
3
- Scenario: authn-local can be used to obtain an access token.
4
- When I run the code:
5
- """
6
- Conjur::API.authenticate_local "alice"
7
- """
8
- Then the JSON should have "payload"
9
- And I run the code:
10
- """
11
- JSON.parse(Base64.decode64(@result['payload']))
12
- """
13
- Then the JSON should have "sub"
14
- And the JSON should have "iat"
15
-
16
- Scenario: Conjur API supports construction from authn-local.
17
- When I run the code:
18
- """
19
- @api = Conjur::API.new_from_authn_local "alice"
20
- @api.token
21
- """
22
- Then the JSON should have "payload"
23
-
24
- Scenario: Conjur API will automatically refresh the token.
25
- When I run the code:
26
- """
27
- @api = Conjur::API.new_from_authn_local "alice"
28
- @api.token
29
- @api.force_token_refresh
30
- @api.token
31
- """
32
- Then the JSON should have "payload"
@@ -1,37 +0,0 @@
1
- Feature: Check if an object exists.
2
-
3
- Background:
4
- Given I run the code:
5
- """
6
- $conjur.load_policy 'root', <<-POLICY
7
- - !group developers
8
- POLICY
9
- """
10
-
11
- Scenario: A created group resource exists
12
- When I run the code:
13
- """
14
- $conjur.resource('cucumber:group:developers').exists?
15
- """
16
- Then the result should be "true"
17
-
18
- Scenario: An un-created resource doesn't exist
19
- When I run the code:
20
- """
21
- $conjur.resource('cucumber:food:bacon').exists?
22
- """
23
- Then the result should be "false"
24
-
25
- Scenario: A created group role exists
26
- When I run the code:
27
- """
28
- $conjur.role('cucumber:group:developers').exists?
29
- """
30
- Then the result should be "true"
31
-
32
- Scenario: An un-created role doesn't exist
33
- When I run the code:
34
- """
35
- $conjur.role('cucumber:food:bacon').exists?
36
- """
37
- Then the result should be "false"
@@ -1,11 +0,0 @@
1
- Feature: Display Group object fields.
2
-
3
- Background:
4
- Given a new group
5
-
6
- Scenario: Group has a gidnumber.
7
- Then I run the code:
8
- """
9
- @group.gidnumber
10
- """
11
- Then the result should be "1000"
@@ -1,50 +0,0 @@
1
- Feature: Host object
2
-
3
- Scenario: API key of a newly created host is available and valid
4
- Given a new host
5
- Then I can run the code:
6
- """
7
- expect(@host.exists?).to be(true)
8
- expect(@host.api_key).to be
9
- Conjur::API.new_from_key(@host.login, @host.api_key).token
10
- """
11
-
12
- # Rotation of own API key should be done via `Conjur::API.rotate_api_key()`
13
- Scenario: Host's own API key cannot be rotated with an API key
14
- Given a new host
15
- Then this code should fail with "You cannot rotate your own API key via this method"
16
- """
17
- host = Conjur::API.new_from_key(@host.login, @host.api_key).resource(@host.id)
18
- host.rotate_api_key
19
- """
20
-
21
- # Rotation of own API key should be done via `Conjur::API.rotate_api_key()`
22
- Scenario: Host's own API key cannot be rotated with a token
23
- Given a new host
24
- Then this code should fail with "You cannot rotate your own API key via this method"
25
- """
26
- token = Conjur::API.new_from_key(@host.login, @host.api_key).token
27
-
28
- host = Conjur::API.new_from_token(token).resource(@host.id)
29
- host.rotate_api_key
30
- """
31
-
32
- Scenario: Delegated host's API key can be rotated with an API key
33
- Given a new delegated host
34
- Then I can run the code:
35
- """
36
- delegated_host_resource = Conjur::API.new_from_key(@host_owner.login, @host_owner_api_key).resource(@host.id)
37
- api_key = delegated_host_resource.rotate_api_key
38
- Conjur::API.new_from_key(delegated_host_resource.login, api_key).token
39
- """
40
-
41
- Scenario: Delegated host's API key can be rotated with a token
42
- Given a new delegated host
43
- Then I can run the code:
44
- """
45
- token = Conjur::API.new_from_key(@host_owner.login, @host_owner_api_key).token
46
-
47
- delegated_host_resource = Conjur::API.new_from_token(token).resource(@host.id)
48
- api_key = delegated_host_resource.rotate_api_key
49
- Conjur::API.new_from_key(delegated_host_resource.login, api_key).token
50
- """
@@ -1,28 +0,0 @@
1
- Feature: Create a host using a host factory token.
2
-
3
- Background:
4
- Given I run the code:
5
- """
6
- $conjur.load_policy 'root', <<-POLICY
7
- - !policy
8
- id: myapp
9
- body:
10
- - !layer
11
-
12
- - !host-factory
13
- layers: [ !layer ]
14
- POLICY
15
- @expiration = (DateTime.now + 1.hour).change(sec: 0)
16
- @host_factory = $conjur.resource('cucumber:host_factory:myapp')
17
- @token = @host_factory.create_token @expiration
18
- """
19
-
20
- Scenario: I can create a host from the token
21
- When I run the code:
22
- """
23
- Conjur::API.host_factory_create_host(@token.token, "app-01")
24
- """
25
- Then the JSON should have "id"
26
- And the JSON should have "permissions"
27
- And the JSON should have "owner"
28
- And the JSON should have "api_key"
@@ -1,63 +0,0 @@
1
- Feature: Working with host factory tokens.
2
-
3
- Background:
4
- Given I run the code:
5
- """
6
- $conjur.load_policy 'root', <<-POLICY
7
- - !policy
8
- id: myapp
9
- body:
10
- - !layer
11
-
12
- - !host-factory
13
- layers: [ !layer ]
14
- POLICY
15
- @expiration = (DateTime.now + 1.hour).change(sec: 0)
16
- @host_factory = $conjur.resource('cucumber:host_factory:myapp')
17
- """
18
-
19
- @wip
20
- Scenario: Create a new host factory token.
21
- When I run the code:
22
- """
23
- @token = @host_factory.create_token @expiration
24
- """
25
- Then I can run the code:
26
- """
27
- expect(@token).to be_instance_of(Conjur::HostFactoryToken)
28
- expect(@token.token).to be_instance_of(String)
29
- expiration = @token.expiration
30
- expiration = expiration.change(sec: 0)
31
- expect(expiration).to eq(@expiration)
32
- """
33
- And I can run the code:
34
- """
35
- expect(@host_factory.tokens).to eq([@token])
36
- """
37
-
38
- Scenario: Create multiple new host factory tokens.
39
- When I run the code:
40
- """
41
- @host_factory.create_tokens @expiration, count: 2
42
- """
43
- Then the JSON should have 2 items
44
-
45
- Scenario: Revoke a host factory token using the token object.
46
- When I run the code:
47
- """
48
- @token = @host_factory.create_token @expiration
49
- """
50
- Then I can run the code:
51
- """
52
- @token.revoke
53
- """
54
-
55
- Scenario: Revoke a host factory token using the API.
56
- When I run the code:
57
- """
58
- @token = @host_factory.create_token @expiration
59
- """
60
- Then I can run the code:
61
- """
62
- $conjur.revoke_host_factory_token @token.token
63
- """
@@ -1,61 +0,0 @@
1
- Feature: Load a policy.
2
-
3
- Scenario: Policy can be loaded into a policy id.
4
- Then I can run the code:
5
- """
6
- policy = <<-POLICY
7
- - !group security_admin
8
-
9
- - !policy
10
- id: myapp
11
- body:
12
- - !layer
13
-
14
- - !host-factory
15
- layers: [ !layer ]
16
-
17
- - !host app-01
18
-
19
- - !grant
20
- role: !layer myapp
21
- member: !host app-01
22
- POLICY
23
-
24
- $conjur.load_policy 'root', policy
25
- """
26
-
27
- Scenario: The policy load reports the API keys of created roles.
28
- Then I can run the code:
29
- """
30
- $conjur.load_policy 'root', <<-POLICY
31
- - !host app-#{random_hex}
32
- POLICY
33
- """
34
- Then the JSON should have "version"
35
- And the JSON should have "created_roles"
36
- And the JSON at "created_roles" should have 1 item
37
-
38
- Scenario: Policy contents can be replaced using POLICY_METHOD_PUT.
39
- Given I run the code:
40
- """
41
- $conjur.load_policy 'root', <<-POLICY
42
- - !group developers
43
- - !group operations
44
- POLICY
45
- """
46
- And I run the code:
47
- """
48
- $conjur.load_policy 'root', <<-POLICY, method: Conjur::API::POLICY_METHOD_PUT
49
- --- []
50
- POLICY
51
- """
52
- And I run the code:
53
- """
54
- $conjur.resources.map(&:id)
55
- """
56
- Then the JSON should be:
57
- """
58
- [
59
- "cucumber:policy:root"
60
- ]
61
- """