conjur-api 5.3.8.pre.3 → 5.3.8.pre.8

data/features/variable_value.feature

@@ -1,60 +0,0 @@
-Feature: Work with Variable values.
-
-  Background:
-    Given I run the code:
-    """
-    @variable_id = "password"
-    $conjur.load_policy 'root', <<-POLICY
-    - !variable #{@variable_id}
-    - !variable #{@variable_id}-2
-    POLICY
-    @variable = $conjur.resource("cucumber:variable:#{@variable_id}")
-    @variable_2 = $conjur.resource("cucumber:variable:#{@variable_id}-2")
-    """
-
-  Scenario: Add a value, retrieve the variable metadata and the value.
-    When I run the code:
-    """
-    @initial_count = @variable.version_count
-    @variable.add_value 'value-0'
-    """
-    And I run the code:
-    """
-    expect(@variable.version_count).to eq(@initial_count + 1)
-    """
-    And I run the code:
-    """
-    @variable.value(@variable.version_count)
-    """
-    Then the result should be "value-0"
-
-  Scenario: Retrieve a historical value.
-    Given I run the code:
-    """
-    @variable.add_value 'value-0'
-    @variable.add_value 'value-1'
-    @variable.add_value 'value-2'
-    """
-    When I run the code:
-    """
-    @variable.value(@variable.version_count - 2)
-    """
-    Then the result should be "value-0"
-
-  Scenario: Retrieve multiple values in a batch
-    Given I run the code:
-    """
-    @variable.add_value 'value-0'
-    @variable_2.add_value 'value-2'
-    """
-    When I run the code:
-    """
-    $conjur.variable_values([ @variable, @variable_2 ].map(&:id))
-    """
-    Then the JSON should be:
-    """
-    {
-      "cucumber:variable:password": "value-0",
-      "cucumber:variable:password-2": "value-2"
-    }
-    """

data/features_v4/authn_local.feature

@@ -1,27 +0,0 @@
-Feature: When co-located with the Conjur server, the API can use the authn-local service to authenticate.
-
-  Scenario: authn-local can be used to obtain an access token.
-    When I run the code:
-    """
-    Conjur::API.authenticate_local "alice"
-    """
-    Then the JSON should have "data"
-
-  Scenario: Conjur API supports construction from authn-local.
-    When I run the code:
-    """
-    @api = Conjur::API.new_from_authn_local "alice"
-    @api.token
-    """
-    Then the JSON should have "data"
-
-  Scenario: Conjur API will automatically refresh the token.
-    When I run the code:
-    """
-    @api = Conjur::API.new_from_authn_local "alice"
-    @api.token
-    @api.force_token_refresh
-    @api.token
-    """
-    Then the JSON should have "data"
-    And the JSON at "data" should be "alice"

data/features_v4/exists.feature

@@ -1,29 +0,0 @@
-Feature: Check if an object exists.
-
-  Scenario: A created group resource exists
-    When I run the code:
-    """
-    $conjur.resource('cucumber:group:developers').exists?
-    """
-    Then the result should be "true"
-
-  Scenario: An un-created resource doesn't exist
-    When I run the code:
-    """
-    $conjur.resource('cucumber:food:bacon').exists?
-    """
-    Then the result should be "false"
-
-  Scenario: A created group role exists
-    When I run the code:
-    """
-    $conjur.role('cucumber:group:developers').exists?
-    """
-    Then the result should be "true"
-
-  Scenario: An un-created role doesn't exist
-    When I run the code:
-    """
-    $conjur.role('cucumber:food:bacon').exists?
-    """
-    Then the result should be "false"

data/features_v4/host.feature

@@ -1,18 +0,0 @@
-Feature: Display Host object fields.
-
-  Background:
-    Given a new host
-
-  Scenario: API key of a newly created host is available and valid.
-    Then I run the code:
-    """
-    expect(@host.exists?).to be(true)
-    expect(@host.api_key).to be
-    """
-
-  Scenario: API key of a a host can be rotated.
-    Then I run the code:
-    """
-    api_key = @host.rotate_api_key
-    Conjur::API.new_from_key("host/#{@host.id.identifier}", api_key).token
-    """

data/features_v4/host_factory_token.feature

@@ -1,49 +0,0 @@
-Feature: Working with host factory tokens.
-
-  Background:
-    Given I run the code:
-    """
-    @expiration = (DateTime.now + 1.hour).change(sec: 0)
-    """
-
-
-  Scenario: Create a new host factory token.
-    When I run the code:
-    """
-    @token = $host_factory.create_token(@expiration)
-    """
-    Then I can run the code:
-    """
-    expect(@token).to be_instance_of(Conjur::HostFactoryToken)
-    expect(@token.token).to be_instance_of(String)
-    expiration = @token.expiration
-    expiration = expiration.change(sec: 0)
-    expect(expiration).to eq(@expiration)
-    """
-
-  Scenario: Create multiple new host factory tokens.
-    When I run the code:
-    """
-    $host_factory.create_tokens @expiration, count: 2
-    """
-    Then the JSON should have 2 items
-
-  Scenario: Revoke a host factory token using the token object.
-    When I run the code:
-    """
-    @token = $host_factory.create_token @expiration
-    """
-    Then I can run the code:
-    """
-    @token.revoke
-    """
-
-  Scenario: Revoke a host factory token using the API.
-    When I run the code:
-    """
-    @token = $host_factory.create_token @expiration
-    """
-    Then I can run the code:
-    """
-    $conjur.revoke_host_factory_token @token.token
-    """

data/features_v4/members.feature

@@ -1,39 +0,0 @@
-Feature: Display role members and memberships.
-
-  Scenario: Show a role's members.
-    When I run the code:
-    """
-    $conjur.role('cucumber:group:everyone').members.map(&:as_json)
-    """
-    Then the JSON should be:
-    """
-    [
-      {
-        "admin_option": false,
-        "member": "cucumber:group:developers",
-        "role": "cucumber:group:everyone"
-      },
-      {
-        "admin_option": true,
-        "member": "cucumber:group:security_admin",
-        "role": "cucumber:group:everyone"
-      }
-    ]
-    """
-
-  Scenario: Show a role's memberships.
-    When I run the code:
-    """
-    $conjur.role('cucumber:group:developers').memberships.map(&:as_json)
-    """
-    Then the JSON should be:
-    """
-    [
-      {
-        "id": "cucumber:group:developers"
-      },
-      {
-        "id": "cucumber:group:everyone"
-      }
-    ]
-    """

data/features_v4/permitted.feature

@@ -1,15 +0,0 @@
-Feature: Check if a role has permission on a resource.
-
-  Scenario: Check if the current user has the privilege.
-    When I run the code:
-    """
-    $conjur.resource('cucumber:variable:db-password').permitted? 'execute'
-    """
-    Then the result should be "true"
-
-  Scenario: Check if a different user has the privilege.
-    When I run the code:
-    """
-    $conjur.resource('cucumber:variable:db-password').permitted? 'execute', role: "cucumber:user:bob"
-    """
-    Then the result should be "false"

data/features_v4/permitted_roles.feature

@@ -1,8 +0,0 @@
-Feature: Enumerate roles which have a permission on a resource.
-
-  Scenario: Permitted roles can be enumerated.
-    When I run the code:
-    """
-    $conjur.resource('cucumber:variable:db-password').permitted_roles 'execute'
-    """
-    Then the JSON should include "cucumber:layer:myapp"

data/features_v4/resource_fields.feature

@@ -1,47 +0,0 @@
-Feature: Display basic resource fields.
-
-  Scenario: Group exposes id, kind, identifier, and gidnumber.
-    When I run the code:
-    """
-    resource = $conjur.resource('cucumber:group:developers')
-    [ resource.id, resource.account, resource.kind, resource.identifier, resource.gidnumber ]
-    """
-    Then the JSON should be:
-    """
-    [
-      "cucumber:group:developers",
-      "cucumber",
-      "group",
-      "developers",
-      2000
-    ]
-    """
-
-  Scenario: User exposes id, kind, identifier, and uidnumber.
-    When I run the code:
-    """
-    resource = $conjur.resource('cucumber:user:alice')
-    [ resource.id, resource.account, resource.kind, resource.identifier, resource.uidnumber ]
-    """
-    Then the JSON should be:
-    """
-    [
-      "cucumber:user:alice",
-      "cucumber",
-      "user",
-      "alice",
-      2000
-    ]
-    """
-
-  Scenario: Resource#owner is the owner object
-    When I run the code:
-    """
-    $conjur.resource('cucumber:group:developers').owner.id
-    """
-    Then the result should be "cucumber:group:security_admin"
-    And I run the code:
-    """
-    $conjur.resource('cucumber:group:developers').class
-    """
-    Then the result should be "Conjur::Group"

data/features_v4/rotate_api_key.feature

@@ -1,13 +0,0 @@
-Feature: Rotate the API key.
-
-  Scenario: Logged-in user can rotate the API key.
-    When I run the code:
-    """
-    $conjur.role('cucumber:user:alice').rotate_api_key
-    """
-    Then I can run the code:
-    """
-    @api_key = @result.strip
-    @conjur = Conjur::API.new_from_key 'alice', @api_key
-    @conjur.token
-    """

data/features_v4/step_definitions/api_steps.rb

@@ -1,17 +0,0 @@
-Given(/^a new host$/) do
-  @host_id = "app-#{random_hex}"
-  host = Conjur::API.host_factory_create_host($token, @host_id)
-  @host_api_key = host.api_key
-  expect(@host_api_key).to be
-
-  @host = $conjur.resource("cucumber:host:#{@host_id}")
-  @host.attributes['api_key'] = @host_api_key
-end
-
-When(/^I(?: can)? run the code:$/) do |code|
-  @result = eval(code).tap do |result|
-    if ENV['DEBUG']
-      puts result
-    end
-  end
-end

data/features_v4/step_definitions/result_steps.rb

@@ -1,3 +0,0 @@
-Then(/^the result should be "([^"]+)"$/) do |expected|
-  expect(@result.to_s).to eq(expected.to_s)
-end

data/features_v4/support/env.rb

@@ -1,23 +0,0 @@
-require 'simplecov'
-
-SimpleCov.start
-
-require 'json_spec/cucumber'
-require 'conjur/api'
-
-Conjur.configuration.appliance_url = ENV['CONJUR_APPLIANCE_URL'] || 'https://conjur_4/api'
-Conjur.configuration.account = ENV['CONJUR_ACCOUNT'] || 'cucumber'
-Conjur.configuration.cert_file = "./tmp/conjur.pem"
-Conjur.configuration.authn_local_socket = "/run/authn-local-4/.socket"
-Conjur.configuration.version = 4
-
-Conjur.configuration.apply_cert_config!
-
-$username = ENV['CONJUR_AUTHN_LOGIN'] || 'admin'
-$password = ENV['CONJUR_AUTHN_API_KEY'] || 'secret'
-
-$api_key = Conjur::API.login $username, $password
-$conjur = Conjur::API.new_from_key $username, $api_key
-
-$host_factory = $conjur.resource('cucumber:host_factory:myapp')
-$token = $host_factory.create_token(Time.now + 1.hour)

data/features_v4/support/policy.yml

@@ -1,34 +0,0 @@
-- !user
-  id: alice
-  uidnumber: 2000
-  
-- !group
-  id: developers
-  gidnumber: 2000
-
-- !group everyone
-
-- !grant
-  role: !group everyone
-  member: !group developers
-
-- !variable db-password
-
-- !variable ssh-key
-
-- !variable
-  id: ssl-certificate
-  kind: SSL certificate
-  mime_type: application/x-pem-file
-
-- !layer myapp
-
-- !host-factory
-  id: myapp
-  layers: [ !layer myapp ]
-
-- !permit
-  role: !layer myapp
-  privileges: [ read, execute ]
-  resources:
-    - !variable db-password

data/features_v4/support/world.rb

@@ -1,12 +0,0 @@
-module ApiWorld
-  def last_json
-    @result.to_json
-  end
-
-  def random_hex nbytes = 12
-    @random ||= Random.new
-    @random.bytes(nbytes).unpack('h*').first
-  end
-end
-
-World ApiWorld

data/features_v4/variable_fields.feature

@@ -1,11 +0,0 @@
-Feature: Display Variable fields.
-
-  Background:
-    When I run the code:
-    """
-    $conjur.resource('cucumber:variable:ssl-certificate')
-    """
-
-  Scenario: Display MIME type and kind
-    Then the JSON at "mime_type" should be "application/x-pem-file"
-    And the JSON at "kind" should be "SSL certificate"

data/features_v4/variable_value.feature

@@ -1,54 +0,0 @@
-Feature: Work with Variable values.
-  Background:
-    Given I run the code:
-    """
-    @variable = $conjur.resource("cucumber:variable:db-password")
-    @variable_2 = $conjur.resource("cucumber:variable:ssh-key")
-    """
-
-  Scenario: Add a value, retrieve the variable metadata and the value.
-    Given I run the code:
-    """
-    @initial_count = @variable.version_count
-    @variable.add_value 'value-0'
-    """
-    When I run the code:
-    """
-    expect(@variable.version_count).to eq(@initial_count + 1)
-    """
-    And I run the code:
-    """
-    @variable.value
-    """
-    Then the result should be "value-0"
-
-  Scenario: Retrieve a historical value.
-    Given I run the code:
-    """
-    @variable.add_value 'value-0'
-    @variable.add_value 'value-1'
-    @variable.add_value 'value-2'
-    """
-    When I run the code:
-    """
-    @variable.value(@variable.version_count - 2)
-    """
-    Then the result should be "value-0"
-
-  Scenario: Retrieve multiple values in a batch
-    Given I run the code:
-    """
-    @variable.add_value 'value-0'
-    @variable_2.add_value 'value-2'
-    """
-    When I run the code:
-    """
-    $conjur.variable_values([ @variable, @variable_2 ].map(&:id))
-    """
-    Then the JSON should be:
-    """
-    {
-      "db-password": "value-0",
-      "ssh-key": "value-2"
-    }
-    """

data/lib/conjur/acts_as_resource.rb

@@ -1,123 +0,0 @@
-#
-# Copyright 2013-2017 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-
-module Conjur
-  # This module is included in object classes that have resource behavior.
-  module ActsAsResource
-    # @api private
-    def self.included(base)
-      base.include HasAttributes
-      base.include Escape
-      base.extend QueryString
-    end
-
-    # The full role id of the role that owns this resource.
-    #
-    # @example
-    #   api.current_role # => 'conjur:user:jon'
-    #   resource = api.create_resource 'conjur:example:resource-owner'
-    #   resource.owner # => 'conjur:user:jon'
-    #
-    # @return [String] the full role id of this resource's owner.
-    def owner
-      build_object attributes['owner'], default_class: Role
-    end
-
-    # Check whether this object exists by performing a HEAD request to its URL.
-    #
-    # This method will return false if the object doesn't exist.
-    #
-    # @example
-    #   does_not_exist = api.user 'does-not-exist' # This returns without error.
-    #
-    #   # this is wrong!
-    #   owner = does_not_exist.owner # raises RestClient::ResourceNotFound
-    #
-    #   # this is right!
-    #   owner = if does_not_exist.exists?
-    #     does_not_exist.owner
-    #   else
-    #     nil # or some sensible default
-    #   end
-    #
-    # @return [Boolean] does it exist?
-    def exists?
-      begin
-        url_for(:resources_resource, credentials, id).head
-        true
-      rescue RestClient::Forbidden
-        true
-      rescue RestClient::ResourceNotFound
-        false
-      end
-    end
-
-    # Lists roles that have a specified privilege on the resource. 
-    #
-    # This will return only roles of which api.current_user is a member.
-    #
-    # Options:
-    #
-    # * **offset** Zero-based offset into the result set.
-    # * **limit**  Total number of records returned.
-    #
-    # @example
-    #   resource = api.resource 'conjur:variable:example'
-    #   resource.permitted_roles 'execute' # => ['conjur:user:admin']
-    #   # After permitting 'execute' to user 'jon'
-    #   resource.permitted_roles 'execute' # => ['conjur:user:admin', 'conjur:user:jon']
-    #
-    # @param privilege [String] the privilege
-    # @return [Array<String>] the ids of roles that have `privilege` on this resource.
-    def permitted_roles privilege
-      result = JSON.parse url_for(:resources_permitted_roles, credentials, id, privilege).get
-      if result.is_a?(Hash) && ( count = result['count'] )
-        count
-      else
-        result
-      end
-    end
-
-    # True if the logged-in role, or a role specified using the :role option, has the
-    # specified +privilege+ on this resource.
-    #
-    # @example
-    #   api.current_role # => 'conjur:cat:mouse'
-    #   resource.permitted_roles 'execute' # => ['conjur:user:admin', 'conjur:cat:mouse']
-    #   resource.permitted_roles 'update', # => ['conjur:user:admin', 'conjur:cat:gino']
-    #
-    #   resource.permitted? 'update' # => false, `mouse` can't update this resource
-    #   resource.permitted? 'execute' # => true, `mouse` can execute it.
-    #   resource.permitted? 'update', role: 'conjur:cat:gino' # => true, `gino` can update it.
-    # @param privilege [String] the privilege to check
-    # @param role [String,nil] :role check whether the role given by this full role id is permitted
-    #   instead of checking +api.current_role+.
-    # @return [Boolean]
-    def permitted? privilege, role: nil
-      url_for(:resources_check, credentials, id, privilege, role)
-      true
-    rescue RestClient::Forbidden
-      false
-    rescue RestClient::ResourceNotFound
-      false
-    end
-  end
-end