conjur-api 5.4.1 → 6.0.0.pre.94

data/test.sh

@@ -5,18 +5,19 @@
 RUBY_VERSION="$(cut -d '-' -f 2 <<< "$RUBY_VERSION")"
 
 source ./ci/oauth/keycloak/keycloak_functions.sh
+TOP_LEVEL=$(git rev-parse --show-toplevel)
 
 function finish {
   echo 'Removing test environment'
   echo '---'
-  docker-compose down --rmi 'local' --volumes
+  docker compose down --rmi 'local' --volumes
 }
 
 trap finish EXIT
 
 # Set up VERSION file for local development
-if [ ! -f "../VERSION" ]; then
-  echo -n "0.0.dev" > ../VERSION
+if [ ! -f "${TOP_LEVEL}/VERSION" ]; then
+  echo -n "0.0.dev" > "${TOP_LEVEL}/VERSION"
 fi
 
 function main() {
@@ -25,11 +26,10 @@ function main() {
     exit 1
   fi
   # Generate reports folders locally
-  mkdir -p spec/reports features/reports features_v4/reports
+  mkdir -p spec/reports features/reports
 
   startConjur
-  runTests_5
-  runTests_4
+  runTests
 }
 
 function startConjur() {
@@ -40,37 +40,24 @@ function startConjur() {
   # failing to ensure that has caused many mysterious failures in CI.
   # However, unconditionally pulling prevents working offline even
   # with a warm cache. So try to pull, but ignore failures.
-  docker-compose pull --ignore-pull-failures
-  docker-compose build --build-arg RUBY_VERSION="$RUBY_VERSION"
-  docker-compose up -d pg conjur_4 conjur_5
+  docker compose pull --ignore-pull-failures
+  docker compose build --build-arg RUBY_VERSION="$RUBY_VERSION"
+  docker compose up -d pg conjur
 }
 
-function runTests_5() {
-  echo 'Waiting for Conjur v5 to come up, and configuring it...'
-  ./ci/configure_v5.sh
+function runTests() {
+  echo 'Waiting for Conjur to come up, and configuring it...'
+  ./ci/configure.sh
 
-  local api_key=$(docker-compose exec -T conjur_5 rake 'role:retrieve-key[cucumber:user:admin]')
+  local api_key=$(docker compose exec -T conjur rake 'role:retrieve-key[cucumber:user:admin]')
 
   echo 'Running tests'
   echo '-----'
-  docker-compose run --rm \
+  docker compose run --rm \
     -e CONJUR_AUTHN_API_KEY="$api_key" \
     -e SSL_CERT_FILE=/etc/ssl/certs/keycloak.pem \
-    tester_5 \
-    "/scripts/fetch_certificate && rake jenkins_init jenkins_spec jenkins_cucumber_v5"
-}
-
-function runTests_4() {
-  echo 'Waiting for Conjur v4 to come up, and configuring it...'
-  ./ci/configure_v4.sh
-
-  local api_key=$(docker-compose exec -T conjur_4 su conjur -c "conjur-plugin-service authn env RAILS_ENV=appliance rails r \"puts User['admin'].api_key\" 2>/dev/null")
-
-  echo 'Running tests'
-  echo '-----'
-  docker-compose run --rm \
-    -e CONJUR_AUTHN_API_KEY="$api_key" \
-    tester_4 rake jenkins_cucumber_v4
+    tester \
+    "/scripts/fetch_certificate && rake jenkins_init jenkins_spec jenkins_cucumber"
 }
 
 main

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: conjur-api
 version: !ruby/object:Gem::Version
-  version: 5.4.1
+  version: 6.0.0.pre.94
 platform: ruby
 authors:
 - CyberArk Maintainers
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-06-14 00:00:00.000000000 Z
+date: 2024-02-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -156,6 +156,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '0.18'
+- !ruby/object:Gem::Dependency
+  name: simplecov-cobertura
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: io-grab
   requirement: !ruby/object:Gem::Requirement
@@ -282,8 +296,7 @@ files:
 - Rakefile
 - SECURITY.md
 - VERSION
-- ci/configure_v4.sh
-- ci/configure_v5.sh
+- ci/configure.sh
 - ci/oauth/keycloak/create_client
 - ci/oauth/keycloak/create_user
 - ci/oauth/keycloak/fetch_certificate
@@ -297,8 +310,7 @@ files:
 - dev/start
 - dev/stop
 - docker-compose.yml
-- example/demo_v4.rb
-- example/demo_v5.rb
+- example/demo.rb
 - features/authenticators.feature
 - features/authn.feature
 - features/authn_local.feature
@@ -321,27 +333,12 @@ files:
 - features/step_definitions/result_steps.rb
 - features/support/env.rb
 - features/support/hooks.rb
+- features/support/policy.yml
 - features/support/world.rb
 - features/update_password.feature
 - features/user.feature
 - features/variable_fields.feature
 - features/variable_value.feature
-- features_v4/authn_local.feature
-- features_v4/exists.feature
-- features_v4/host.feature
-- features_v4/host_factory_token.feature
-- features_v4/members.feature
-- features_v4/permitted.feature
-- features_v4/permitted_roles.feature
-- features_v4/resource_fields.feature
-- features_v4/rotate_api_key.feature
-- features_v4/step_definitions/api_steps.rb
-- features_v4/step_definitions/result_steps.rb
-- features_v4/support/env.rb
-- features_v4/support/policy.yml
-- features_v4/support/world.rb
-- features_v4/variable_fields.feature
-- features_v4/variable_value.feature
 - lib/conjur-api.rb
 - lib/conjur-api/version.rb
 - lib/conjur/acts_as_resource.rb
@@ -357,8 +354,7 @@ files:
 - lib/conjur/api/pubkeys.rb
 - lib/conjur/api/resources.rb
 - lib/conjur/api/roles.rb
-- lib/conjur/api/router/v4.rb
-- lib/conjur/api/router/v5.rb
+- lib/conjur/api/router.rb
 - lib/conjur/api/variables.rb
 - lib/conjur/base.rb
 - lib/conjur/base_object.rb
@@ -412,7 +408,7 @@ homepage: https://github.com/cyberark/conjur-api-ruby/
 licenses:
 - Apache-2.0
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -423,12 +419,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '1.9'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubygems_version: 3.2.33
-signing_key:
+rubygems_version: 3.4.10
+signing_key: 
 specification_version: 4
 summary: Conjur API
 test_files:
@@ -454,6 +450,7 @@ test_files:
 - features/step_definitions/result_steps.rb
 - features/support/env.rb
 - features/support/hooks.rb
+- features/support/policy.yml
 - features/support/world.rb
 - features/update_password.feature
 - features/user.feature

data/ci/configure_v4.sh

@@ -1,12 +0,0 @@
-#!/bin/bash -e
-
-cat << "CONFIGURE" | docker exec -i $(docker-compose ps -q conjur_4) bash
-set -e
-
-/opt/conjur/evoke/bin/wait_for_conjur
-evoke ca regenerate conjur_4
-/opt/conjur/evoke/bin/wait_for_conjur
-env CONJUR_AUTHN_LOGIN=admin CONJUR_AUTHN_API_KEY=secret conjur policy load --as-group security_admin /etc/policy.yml
-CONFIGURE
-
-docker cp $(docker-compose ps -q conjur_4):/opt/conjur/etc/ssl/ca.pem ./tmp/conjur.pem

data/example/demo_v4.rb

@@ -1,49 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'conjur-api'
-require 'securerandom'
-
-username = "admin"
-password = "secret"
-
-Conjur.configuration.appliance_url = "https://conjur_4/api"
-Conjur.configuration.account = "cucumber"
-Conjur.configuration.cert_file = "./tmp/conjur.pem"
-Conjur.configuration.version = 4
-Conjur.configuration.apply_cert_config!
-
-puts "Configured with Conjur version: #{Conjur.configuration.version}"
-puts
-
-api_key = Conjur::API.login username, password
-api = Conjur::API.new_from_key username, api_key
-
-db_password = SecureRandom.hex(12)
-puts "Populating variable 'db-password' = #{db_password.inspect}"
-api.resource("cucumber:variable:db-password").add_value db_password
-puts "Value added"
-puts
-
-puts "Creating host factory token for 'myapp'"
-expiration = Time.now + 1.day
-hf_token = api.resource("cucumber:host_factory:myapp").create_token expiration
-puts "Created: #{hf_token.token}"
-puts
-
-puts "Creating new host 'host-01' with host factory"
-host = Conjur::API.host_factory_create_host(hf_token, "host-01")
-puts "Created: #{host}"
-puts
-
-puts "Logging in as #{host.id}"
-host_api = Conjur::API.new_from_key "host/host-01", host.api_key
-puts "Logged in"
-puts
-
-
-puts "Fetching db-password as #{host.id}"
-value = host_api.resource("cucumber:variable:db-password").value
-puts value
-puts
-
-puts "Done!"

data/features_v4/authn_local.feature

@@ -1,27 +0,0 @@
-Feature: When co-located with the Conjur server, the API can use the authn-local service to authenticate.
-
-  Scenario: authn-local can be used to obtain an access token.
-    When I run the code:
-    """
-    Conjur::API.authenticate_local "alice"
-    """
-    Then the JSON should have "data"
-
-  Scenario: Conjur API supports construction from authn-local.
-    When I run the code:
-    """
-    @api = Conjur::API.new_from_authn_local "alice"
-    @api.token
-    """
-    Then the JSON should have "data"
-
-  Scenario: Conjur API will automatically refresh the token.
-    When I run the code:
-    """
-    @api = Conjur::API.new_from_authn_local "alice"
-    @api.token
-    @api.force_token_refresh
-    @api.token
-    """
-    Then the JSON should have "data"
-    And the JSON at "data" should be "alice"

data/features_v4/exists.feature

@@ -1,29 +0,0 @@
-Feature: Check if an object exists.
-
-  Scenario: A created group resource exists
-    When I run the code:
-    """
-    $conjur.resource('cucumber:group:developers').exists?
-    """
-    Then the result should be "true"
-
-  Scenario: An un-created resource doesn't exist
-    When I run the code:
-    """
-    $conjur.resource('cucumber:food:bacon').exists?
-    """
-    Then the result should be "false"
-
-  Scenario: A created group role exists
-    When I run the code:
-    """
-    $conjur.role('cucumber:group:developers').exists?
-    """
-    Then the result should be "true"
-
-  Scenario: An un-created role doesn't exist
-    When I run the code:
-    """
-    $conjur.role('cucumber:food:bacon').exists?
-    """
-    Then the result should be "false"

data/features_v4/host.feature

@@ -1,18 +0,0 @@
-Feature: Display Host object fields.
-
-  Background:
-    Given a new host
-
-  Scenario: API key of a newly created host is available and valid.
-    Then I run the code:
-    """
-    expect(@host.exists?).to be(true)
-    expect(@host.api_key).to be
-    """
-
-  Scenario: API key of a a host can be rotated.
-    Then I run the code:
-    """
-    api_key = @host.rotate_api_key
-    Conjur::API.new_from_key("host/#{@host.id.identifier}", api_key).token
-    """

data/features_v4/host_factory_token.feature

@@ -1,49 +0,0 @@
-Feature: Working with host factory tokens.
-
-  Background:
-    Given I run the code:
-    """
-    @expiration = (DateTime.now + 1.hour).change(sec: 0)
-    """
-
-
-  Scenario: Create a new host factory token.
-    When I run the code:
-    """
-    @token = $host_factory.create_token(@expiration)
-    """
-    Then I can run the code:
-    """
-    expect(@token).to be_instance_of(Conjur::HostFactoryToken)
-    expect(@token.token).to be_instance_of(String)
-    expiration = @token.expiration
-    expiration = expiration.change(sec: 0)
-    expect(expiration).to eq(@expiration)
-    """
-
-  Scenario: Create multiple new host factory tokens.
-    When I run the code:
-    """
-    $host_factory.create_tokens @expiration, count: 2
-    """
-    Then the JSON should have 2 items
-
-  Scenario: Revoke a host factory token using the token object.
-    When I run the code:
-    """
-    @token = $host_factory.create_token @expiration
-    """
-    Then I can run the code:
-    """
-    @token.revoke
-    """
-
-  Scenario: Revoke a host factory token using the API.
-    When I run the code:
-    """
-    @token = $host_factory.create_token @expiration
-    """
-    Then I can run the code:
-    """
-    $conjur.revoke_host_factory_token @token.token
-    """

data/features_v4/members.feature

@@ -1,39 +0,0 @@
-Feature: Display role members and memberships.
-
-  Scenario: Show a role's members.
-    When I run the code:
-    """
-    $conjur.role('cucumber:group:everyone').members.map(&:as_json)
-    """
-    Then the JSON should be:
-    """
-    [
-      {
-        "admin_option": false,
-        "member": "cucumber:group:developers",
-        "role": "cucumber:group:everyone"
-      },
-      {
-        "admin_option": true,
-        "member": "cucumber:group:security_admin",
-        "role": "cucumber:group:everyone"
-      }
-    ]
-    """
-
-  Scenario: Show a role's memberships.
-    When I run the code:
-    """
-    $conjur.role('cucumber:group:developers').memberships.map(&:as_json)
-    """
-    Then the JSON should be:
-    """
-    [
-      {
-        "id": "cucumber:group:developers"
-      },
-      {
-        "id": "cucumber:group:everyone"
-      }
-    ]
-    """

data/features_v4/permitted.feature

@@ -1,15 +0,0 @@
-Feature: Check if a role has permission on a resource.
-
-  Scenario: Check if the current user has the privilege.
-    When I run the code:
-    """
-    $conjur.resource('cucumber:variable:db-password').permitted? 'execute'
-    """
-    Then the result should be "true"
-
-  Scenario: Check if a different user has the privilege.
-    When I run the code:
-    """
-    $conjur.resource('cucumber:variable:db-password').permitted? 'execute', role: "cucumber:user:bob"
-    """
-    Then the result should be "false"

data/features_v4/permitted_roles.feature

@@ -1,8 +0,0 @@
-Feature: Enumerate roles which have a permission on a resource.
-
-  Scenario: Permitted roles can be enumerated.
-    When I run the code:
-    """
-    $conjur.resource('cucumber:variable:db-password').permitted_roles 'execute'
-    """
-    Then the JSON should include "cucumber:layer:myapp"

data/features_v4/resource_fields.feature

@@ -1,47 +0,0 @@
-Feature: Display basic resource fields.
-
-  Scenario: Group exposes id, kind, identifier, and gidnumber.
-    When I run the code:
-    """
-    resource = $conjur.resource('cucumber:group:developers')
-    [ resource.id, resource.account, resource.kind, resource.identifier, resource.gidnumber ]
-    """
-    Then the JSON should be:
-    """
-    [
-      "cucumber:group:developers",
-      "cucumber",
-      "group",
-      "developers",
-      2000
-    ]
-    """
-
-  Scenario: User exposes id, kind, identifier, and uidnumber.
-    When I run the code:
-    """
-    resource = $conjur.resource('cucumber:user:alice')
-    [ resource.id, resource.account, resource.kind, resource.identifier, resource.uidnumber ]
-    """
-    Then the JSON should be:
-    """
-    [
-      "cucumber:user:alice",
-      "cucumber",
-      "user",
-      "alice",
-      2000
-    ]
-    """
-
-  Scenario: Resource#owner is the owner object
-    When I run the code:
-    """
-    $conjur.resource('cucumber:group:developers').owner.id
-    """
-    Then the result should be "cucumber:group:security_admin"
-    And I run the code:
-    """
-    $conjur.resource('cucumber:group:developers').class
-    """
-    Then the result should be "Conjur::Group"

data/features_v4/rotate_api_key.feature

@@ -1,13 +0,0 @@
-Feature: Rotate the API key.
-
-  Scenario: Logged-in user can rotate the API key.
-    When I run the code:
-    """
-    $conjur.role('cucumber:user:alice').rotate_api_key
-    """
-    Then I can run the code:
-    """
-    @api_key = @result.strip
-    @conjur = Conjur::API.new_from_key 'alice', @api_key
-    @conjur.token
-    """

data/features_v4/step_definitions/api_steps.rb

@@ -1,17 +0,0 @@
-Given(/^a new host$/) do
-  @host_id = "app-#{random_hex}"
-  host = Conjur::API.host_factory_create_host($token, @host_id)
-  @host_api_key = host.api_key
-  expect(@host_api_key).to be
-
-  @host = $conjur.resource("cucumber:host:#{@host_id}")
-  @host.attributes['api_key'] = @host_api_key
-end
-
-When(/^I(?: can)? run the code:$/) do |code|
-  @result = eval(code).tap do |result|
-    if ENV['DEBUG']
-      puts result
-    end
-  end
-end

data/features_v4/step_definitions/result_steps.rb

@@ -1,3 +0,0 @@
-Then(/^the result should be "([^"]+)"$/) do |expected|
-  expect(@result.to_s).to eq(expected.to_s)
-end

data/features_v4/support/env.rb

@@ -1,23 +0,0 @@
-require 'simplecov'
-
-SimpleCov.start
-
-require 'json_spec/cucumber'
-require 'conjur/api'
-
-Conjur.configuration.appliance_url = ENV['CONJUR_APPLIANCE_URL'] || 'https://conjur_4/api'
-Conjur.configuration.account = ENV['CONJUR_ACCOUNT'] || 'cucumber'
-Conjur.configuration.cert_file = "./tmp/conjur.pem"
-Conjur.configuration.authn_local_socket = "/run/authn-local-4/.socket"
-Conjur.configuration.version = 4
-
-Conjur.configuration.apply_cert_config!
-
-$username = ENV['CONJUR_AUTHN_LOGIN'] || 'admin'
-$password = ENV['CONJUR_AUTHN_API_KEY'] || 'secret'
-
-$api_key = Conjur::API.login $username, $password
-$conjur = Conjur::API.new_from_key $username, $api_key
-
-$host_factory = $conjur.resource('cucumber:host_factory:myapp')
-$token = $host_factory.create_token(Time.now + 1.hour)

data/features_v4/support/world.rb

@@ -1,12 +0,0 @@
-module ApiWorld
-  def last_json
-    @result.to_json
-  end
-
-  def random_hex nbytes = 12
-    @random ||= Random.new
-    @random.bytes(nbytes).unpack('h*').first
-  end
-end
-
-World ApiWorld

data/features_v4/variable_fields.feature

@@ -1,11 +0,0 @@
-Feature: Display Variable fields.
-
-  Background:
-    When I run the code:
-    """
-    $conjur.resource('cucumber:variable:ssl-certificate')
-    """
-
-  Scenario: Display MIME type and kind
-    Then the JSON at "mime_type" should be "application/x-pem-file"
-    And the JSON at "kind" should be "SSL certificate"

data/features_v4/variable_value.feature

@@ -1,54 +0,0 @@
-Feature: Work with Variable values.
-  Background:
-    Given I run the code:
-    """
-    @variable = $conjur.resource("cucumber:variable:db-password")
-    @variable_2 = $conjur.resource("cucumber:variable:ssh-key")
-    """
-
-  Scenario: Add a value, retrieve the variable metadata and the value.
-    Given I run the code:
-    """
-    @initial_count = @variable.version_count
-    @variable.add_value 'value-0'
-    """
-    When I run the code:
-    """
-    expect(@variable.version_count).to eq(@initial_count + 1)
-    """
-    And I run the code:
-    """
-    @variable.value
-    """
-    Then the result should be "value-0"
-
-  Scenario: Retrieve a historical value.
-    Given I run the code:
-    """
-    @variable.add_value 'value-0'
-    @variable.add_value 'value-1'
-    @variable.add_value 'value-2'
-    """
-    When I run the code:
-    """
-    @variable.value(@variable.version_count - 2)
-    """
-    Then the result should be "value-0"
-
-  Scenario: Retrieve multiple values in a batch
-    Given I run the code:
-    """
-    @variable.add_value 'value-0'
-    @variable_2.add_value 'value-2'
-    """
-    When I run the code:
-    """
-    $conjur.variable_values([ @variable, @variable_2 ].map(&:id))
-    """
-    Then the JSON should be:
-    """
-    {
-      "db-password": "value-0",
-      "ssh-key": "value-2"
-    }
-    """