conjur-api 5.4.2.pre.638 → 6.0.0.pre.94
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/CODEOWNERS +4 -4
- data/.rubocop_todo.yml +3 -5
- data/CHANGELOG.md +6 -3
- data/CONTRIBUTING.md +27 -71
- data/Jenkinsfile +69 -30
- data/README.md +1 -21
- data/Rakefile +2 -7
- data/VERSION +1 -1
- data/ci/{configure_v5.sh → configure.sh} +1 -1
- data/ci/oauth/keycloak/keycloak_functions.sh +7 -7
- data/conjur-api.gemspec +1 -0
- data/dev/docker-compose.yml +12 -21
- data/dev/start +9 -9
- data/dev/stop +1 -1
- data/docker-compose.yml +13 -38
- data/example/{demo_v5.rb → demo.rb} +3 -8
- data/features/step_definitions/policy_steps.rb +1 -1
- data/features/support/env.rb +5 -1
- data/lib/conjur/api/router.rb +267 -0
- data/lib/conjur/base.rb +2 -2
- data/lib/conjur/configuration.rb +0 -20
- data/lib/conjur/routing.rb +2 -12
- data/lib/conjur/variable.rb +7 -15
- data/spec/spec_helper.rb +4 -0
- data/spec/uri_escape_spec.rb +3 -3
- data/test.sh +16 -29
- metadata +21 -24
- data/ci/configure_v4.sh +0 -12
- data/example/demo_v4.rb +0 -49
- data/features_v4/authn_local.feature +0 -27
- data/features_v4/exists.feature +0 -29
- data/features_v4/host.feature +0 -18
- data/features_v4/host_factory_token.feature +0 -49
- data/features_v4/members.feature +0 -39
- data/features_v4/permitted.feature +0 -15
- data/features_v4/permitted_roles.feature +0 -8
- data/features_v4/resource_fields.feature +0 -47
- data/features_v4/rotate_api_key.feature +0 -13
- data/features_v4/step_definitions/api_steps.rb +0 -17
- data/features_v4/step_definitions/result_steps.rb +0 -3
- data/features_v4/support/env.rb +0 -23
- data/features_v4/support/world.rb +0 -12
- data/features_v4/variable_fields.feature +0 -11
- data/features_v4/variable_value.feature +0 -54
- data/lib/conjur/api/router/v4.rb +0 -206
- data/lib/conjur/api/router/v5.rb +0 -269
- /data/{features_v4 → features}/support/policy.yml +0 -0
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-api
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 6.0.0.pre.94
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- CyberArk Maintainers
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-02-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rest-client
|
@@ -156,6 +156,20 @@ dependencies:
|
|
156
156
|
- - "<"
|
157
157
|
- !ruby/object:Gem::Version
|
158
158
|
version: '0.18'
|
159
|
+
- !ruby/object:Gem::Dependency
|
160
|
+
name: simplecov-cobertura
|
161
|
+
requirement: !ruby/object:Gem::Requirement
|
162
|
+
requirements:
|
163
|
+
- - ">="
|
164
|
+
- !ruby/object:Gem::Version
|
165
|
+
version: '0'
|
166
|
+
type: :development
|
167
|
+
prerelease: false
|
168
|
+
version_requirements: !ruby/object:Gem::Requirement
|
169
|
+
requirements:
|
170
|
+
- - ">="
|
171
|
+
- !ruby/object:Gem::Version
|
172
|
+
version: '0'
|
159
173
|
- !ruby/object:Gem::Dependency
|
160
174
|
name: io-grab
|
161
175
|
requirement: !ruby/object:Gem::Requirement
|
@@ -282,8 +296,7 @@ files:
|
|
282
296
|
- Rakefile
|
283
297
|
- SECURITY.md
|
284
298
|
- VERSION
|
285
|
-
- ci/
|
286
|
-
- ci/configure_v5.sh
|
299
|
+
- ci/configure.sh
|
287
300
|
- ci/oauth/keycloak/create_client
|
288
301
|
- ci/oauth/keycloak/create_user
|
289
302
|
- ci/oauth/keycloak/fetch_certificate
|
@@ -297,8 +310,7 @@ files:
|
|
297
310
|
- dev/start
|
298
311
|
- dev/stop
|
299
312
|
- docker-compose.yml
|
300
|
-
- example/
|
301
|
-
- example/demo_v5.rb
|
313
|
+
- example/demo.rb
|
302
314
|
- features/authenticators.feature
|
303
315
|
- features/authn.feature
|
304
316
|
- features/authn_local.feature
|
@@ -321,27 +333,12 @@ files:
|
|
321
333
|
- features/step_definitions/result_steps.rb
|
322
334
|
- features/support/env.rb
|
323
335
|
- features/support/hooks.rb
|
336
|
+
- features/support/policy.yml
|
324
337
|
- features/support/world.rb
|
325
338
|
- features/update_password.feature
|
326
339
|
- features/user.feature
|
327
340
|
- features/variable_fields.feature
|
328
341
|
- features/variable_value.feature
|
329
|
-
- features_v4/authn_local.feature
|
330
|
-
- features_v4/exists.feature
|
331
|
-
- features_v4/host.feature
|
332
|
-
- features_v4/host_factory_token.feature
|
333
|
-
- features_v4/members.feature
|
334
|
-
- features_v4/permitted.feature
|
335
|
-
- features_v4/permitted_roles.feature
|
336
|
-
- features_v4/resource_fields.feature
|
337
|
-
- features_v4/rotate_api_key.feature
|
338
|
-
- features_v4/step_definitions/api_steps.rb
|
339
|
-
- features_v4/step_definitions/result_steps.rb
|
340
|
-
- features_v4/support/env.rb
|
341
|
-
- features_v4/support/policy.yml
|
342
|
-
- features_v4/support/world.rb
|
343
|
-
- features_v4/variable_fields.feature
|
344
|
-
- features_v4/variable_value.feature
|
345
342
|
- lib/conjur-api.rb
|
346
343
|
- lib/conjur-api/version.rb
|
347
344
|
- lib/conjur/acts_as_resource.rb
|
@@ -357,8 +354,7 @@ files:
|
|
357
354
|
- lib/conjur/api/pubkeys.rb
|
358
355
|
- lib/conjur/api/resources.rb
|
359
356
|
- lib/conjur/api/roles.rb
|
360
|
-
- lib/conjur/api/router
|
361
|
-
- lib/conjur/api/router/v5.rb
|
357
|
+
- lib/conjur/api/router.rb
|
362
358
|
- lib/conjur/api/variables.rb
|
363
359
|
- lib/conjur/base.rb
|
364
360
|
- lib/conjur/base_object.rb
|
@@ -454,6 +450,7 @@ test_files:
|
|
454
450
|
- features/step_definitions/result_steps.rb
|
455
451
|
- features/support/env.rb
|
456
452
|
- features/support/hooks.rb
|
453
|
+
- features/support/policy.yml
|
457
454
|
- features/support/world.rb
|
458
455
|
- features/update_password.feature
|
459
456
|
- features/user.feature
|
data/ci/configure_v4.sh
DELETED
@@ -1,12 +0,0 @@
|
|
1
|
-
#!/bin/bash -e
|
2
|
-
|
3
|
-
cat << "CONFIGURE" | docker exec -i $(docker-compose ps -q conjur_4) bash
|
4
|
-
set -e
|
5
|
-
|
6
|
-
/opt/conjur/evoke/bin/wait_for_conjur
|
7
|
-
evoke ca regenerate conjur_4
|
8
|
-
/opt/conjur/evoke/bin/wait_for_conjur
|
9
|
-
env CONJUR_AUTHN_LOGIN=admin CONJUR_AUTHN_API_KEY=secret conjur policy load --as-group security_admin /etc/policy.yml
|
10
|
-
CONFIGURE
|
11
|
-
|
12
|
-
docker cp $(docker-compose ps -q conjur_4):/opt/conjur/etc/ssl/ca.pem ./tmp/conjur.pem
|
data/example/demo_v4.rb
DELETED
@@ -1,49 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
|
3
|
-
require 'conjur-api'
|
4
|
-
require 'securerandom'
|
5
|
-
|
6
|
-
username = "admin"
|
7
|
-
password = "secret"
|
8
|
-
|
9
|
-
Conjur.configuration.appliance_url = "https://conjur_4/api"
|
10
|
-
Conjur.configuration.account = "cucumber"
|
11
|
-
Conjur.configuration.cert_file = "./tmp/conjur.pem"
|
12
|
-
Conjur.configuration.version = 4
|
13
|
-
Conjur.configuration.apply_cert_config!
|
14
|
-
|
15
|
-
puts "Configured with Conjur version: #{Conjur.configuration.version}"
|
16
|
-
puts
|
17
|
-
|
18
|
-
api_key = Conjur::API.login username, password
|
19
|
-
api = Conjur::API.new_from_key username, api_key
|
20
|
-
|
21
|
-
db_password = SecureRandom.hex(12)
|
22
|
-
puts "Populating variable 'db-password' = #{db_password.inspect}"
|
23
|
-
api.resource("cucumber:variable:db-password").add_value db_password
|
24
|
-
puts "Value added"
|
25
|
-
puts
|
26
|
-
|
27
|
-
puts "Creating host factory token for 'myapp'"
|
28
|
-
expiration = Time.now + 1.day
|
29
|
-
hf_token = api.resource("cucumber:host_factory:myapp").create_token expiration
|
30
|
-
puts "Created: #{hf_token.token}"
|
31
|
-
puts
|
32
|
-
|
33
|
-
puts "Creating new host 'host-01' with host factory"
|
34
|
-
host = Conjur::API.host_factory_create_host(hf_token, "host-01")
|
35
|
-
puts "Created: #{host}"
|
36
|
-
puts
|
37
|
-
|
38
|
-
puts "Logging in as #{host.id}"
|
39
|
-
host_api = Conjur::API.new_from_key "host/host-01", host.api_key
|
40
|
-
puts "Logged in"
|
41
|
-
puts
|
42
|
-
|
43
|
-
|
44
|
-
puts "Fetching db-password as #{host.id}"
|
45
|
-
value = host_api.resource("cucumber:variable:db-password").value
|
46
|
-
puts value
|
47
|
-
puts
|
48
|
-
|
49
|
-
puts "Done!"
|
@@ -1,27 +0,0 @@
|
|
1
|
-
Feature: When co-located with the Conjur server, the API can use the authn-local service to authenticate.
|
2
|
-
|
3
|
-
Scenario: authn-local can be used to obtain an access token.
|
4
|
-
When I run the code:
|
5
|
-
"""
|
6
|
-
Conjur::API.authenticate_local "alice"
|
7
|
-
"""
|
8
|
-
Then the JSON should have "data"
|
9
|
-
|
10
|
-
Scenario: Conjur API supports construction from authn-local.
|
11
|
-
When I run the code:
|
12
|
-
"""
|
13
|
-
@api = Conjur::API.new_from_authn_local "alice"
|
14
|
-
@api.token
|
15
|
-
"""
|
16
|
-
Then the JSON should have "data"
|
17
|
-
|
18
|
-
Scenario: Conjur API will automatically refresh the token.
|
19
|
-
When I run the code:
|
20
|
-
"""
|
21
|
-
@api = Conjur::API.new_from_authn_local "alice"
|
22
|
-
@api.token
|
23
|
-
@api.force_token_refresh
|
24
|
-
@api.token
|
25
|
-
"""
|
26
|
-
Then the JSON should have "data"
|
27
|
-
And the JSON at "data" should be "alice"
|
data/features_v4/exists.feature
DELETED
@@ -1,29 +0,0 @@
|
|
1
|
-
Feature: Check if an object exists.
|
2
|
-
|
3
|
-
Scenario: A created group resource exists
|
4
|
-
When I run the code:
|
5
|
-
"""
|
6
|
-
$conjur.resource('cucumber:group:developers').exists?
|
7
|
-
"""
|
8
|
-
Then the result should be "true"
|
9
|
-
|
10
|
-
Scenario: An un-created resource doesn't exist
|
11
|
-
When I run the code:
|
12
|
-
"""
|
13
|
-
$conjur.resource('cucumber:food:bacon').exists?
|
14
|
-
"""
|
15
|
-
Then the result should be "false"
|
16
|
-
|
17
|
-
Scenario: A created group role exists
|
18
|
-
When I run the code:
|
19
|
-
"""
|
20
|
-
$conjur.role('cucumber:group:developers').exists?
|
21
|
-
"""
|
22
|
-
Then the result should be "true"
|
23
|
-
|
24
|
-
Scenario: An un-created role doesn't exist
|
25
|
-
When I run the code:
|
26
|
-
"""
|
27
|
-
$conjur.role('cucumber:food:bacon').exists?
|
28
|
-
"""
|
29
|
-
Then the result should be "false"
|
data/features_v4/host.feature
DELETED
@@ -1,18 +0,0 @@
|
|
1
|
-
Feature: Display Host object fields.
|
2
|
-
|
3
|
-
Background:
|
4
|
-
Given a new host
|
5
|
-
|
6
|
-
Scenario: API key of a newly created host is available and valid.
|
7
|
-
Then I run the code:
|
8
|
-
"""
|
9
|
-
expect(@host.exists?).to be(true)
|
10
|
-
expect(@host.api_key).to be
|
11
|
-
"""
|
12
|
-
|
13
|
-
Scenario: API key of a a host can be rotated.
|
14
|
-
Then I run the code:
|
15
|
-
"""
|
16
|
-
api_key = @host.rotate_api_key
|
17
|
-
Conjur::API.new_from_key("host/#{@host.id.identifier}", api_key).token
|
18
|
-
"""
|
@@ -1,49 +0,0 @@
|
|
1
|
-
Feature: Working with host factory tokens.
|
2
|
-
|
3
|
-
Background:
|
4
|
-
Given I run the code:
|
5
|
-
"""
|
6
|
-
@expiration = (DateTime.now + 1.hour).change(sec: 0)
|
7
|
-
"""
|
8
|
-
|
9
|
-
|
10
|
-
Scenario: Create a new host factory token.
|
11
|
-
When I run the code:
|
12
|
-
"""
|
13
|
-
@token = $host_factory.create_token(@expiration)
|
14
|
-
"""
|
15
|
-
Then I can run the code:
|
16
|
-
"""
|
17
|
-
expect(@token).to be_instance_of(Conjur::HostFactoryToken)
|
18
|
-
expect(@token.token).to be_instance_of(String)
|
19
|
-
expiration = @token.expiration
|
20
|
-
expiration = expiration.change(sec: 0)
|
21
|
-
expect(expiration).to eq(@expiration)
|
22
|
-
"""
|
23
|
-
|
24
|
-
Scenario: Create multiple new host factory tokens.
|
25
|
-
When I run the code:
|
26
|
-
"""
|
27
|
-
$host_factory.create_tokens @expiration, count: 2
|
28
|
-
"""
|
29
|
-
Then the JSON should have 2 items
|
30
|
-
|
31
|
-
Scenario: Revoke a host factory token using the token object.
|
32
|
-
When I run the code:
|
33
|
-
"""
|
34
|
-
@token = $host_factory.create_token @expiration
|
35
|
-
"""
|
36
|
-
Then I can run the code:
|
37
|
-
"""
|
38
|
-
@token.revoke
|
39
|
-
"""
|
40
|
-
|
41
|
-
Scenario: Revoke a host factory token using the API.
|
42
|
-
When I run the code:
|
43
|
-
"""
|
44
|
-
@token = $host_factory.create_token @expiration
|
45
|
-
"""
|
46
|
-
Then I can run the code:
|
47
|
-
"""
|
48
|
-
$conjur.revoke_host_factory_token @token.token
|
49
|
-
"""
|
data/features_v4/members.feature
DELETED
@@ -1,39 +0,0 @@
|
|
1
|
-
Feature: Display role members and memberships.
|
2
|
-
|
3
|
-
Scenario: Show a role's members.
|
4
|
-
When I run the code:
|
5
|
-
"""
|
6
|
-
$conjur.role('cucumber:group:everyone').members.map(&:as_json)
|
7
|
-
"""
|
8
|
-
Then the JSON should be:
|
9
|
-
"""
|
10
|
-
[
|
11
|
-
{
|
12
|
-
"admin_option": false,
|
13
|
-
"member": "cucumber:group:developers",
|
14
|
-
"role": "cucumber:group:everyone"
|
15
|
-
},
|
16
|
-
{
|
17
|
-
"admin_option": true,
|
18
|
-
"member": "cucumber:group:security_admin",
|
19
|
-
"role": "cucumber:group:everyone"
|
20
|
-
}
|
21
|
-
]
|
22
|
-
"""
|
23
|
-
|
24
|
-
Scenario: Show a role's memberships.
|
25
|
-
When I run the code:
|
26
|
-
"""
|
27
|
-
$conjur.role('cucumber:group:developers').memberships.map(&:as_json)
|
28
|
-
"""
|
29
|
-
Then the JSON should be:
|
30
|
-
"""
|
31
|
-
[
|
32
|
-
{
|
33
|
-
"id": "cucumber:group:developers"
|
34
|
-
},
|
35
|
-
{
|
36
|
-
"id": "cucumber:group:everyone"
|
37
|
-
}
|
38
|
-
]
|
39
|
-
"""
|
@@ -1,15 +0,0 @@
|
|
1
|
-
Feature: Check if a role has permission on a resource.
|
2
|
-
|
3
|
-
Scenario: Check if the current user has the privilege.
|
4
|
-
When I run the code:
|
5
|
-
"""
|
6
|
-
$conjur.resource('cucumber:variable:db-password').permitted? 'execute'
|
7
|
-
"""
|
8
|
-
Then the result should be "true"
|
9
|
-
|
10
|
-
Scenario: Check if a different user has the privilege.
|
11
|
-
When I run the code:
|
12
|
-
"""
|
13
|
-
$conjur.resource('cucumber:variable:db-password').permitted? 'execute', role: "cucumber:user:bob"
|
14
|
-
"""
|
15
|
-
Then the result should be "false"
|
@@ -1,8 +0,0 @@
|
|
1
|
-
Feature: Enumerate roles which have a permission on a resource.
|
2
|
-
|
3
|
-
Scenario: Permitted roles can be enumerated.
|
4
|
-
When I run the code:
|
5
|
-
"""
|
6
|
-
$conjur.resource('cucumber:variable:db-password').permitted_roles 'execute'
|
7
|
-
"""
|
8
|
-
Then the JSON should include "cucumber:layer:myapp"
|
@@ -1,47 +0,0 @@
|
|
1
|
-
Feature: Display basic resource fields.
|
2
|
-
|
3
|
-
Scenario: Group exposes id, kind, identifier, and gidnumber.
|
4
|
-
When I run the code:
|
5
|
-
"""
|
6
|
-
resource = $conjur.resource('cucumber:group:developers')
|
7
|
-
[ resource.id, resource.account, resource.kind, resource.identifier, resource.gidnumber ]
|
8
|
-
"""
|
9
|
-
Then the JSON should be:
|
10
|
-
"""
|
11
|
-
[
|
12
|
-
"cucumber:group:developers",
|
13
|
-
"cucumber",
|
14
|
-
"group",
|
15
|
-
"developers",
|
16
|
-
2000
|
17
|
-
]
|
18
|
-
"""
|
19
|
-
|
20
|
-
Scenario: User exposes id, kind, identifier, and uidnumber.
|
21
|
-
When I run the code:
|
22
|
-
"""
|
23
|
-
resource = $conjur.resource('cucumber:user:alice')
|
24
|
-
[ resource.id, resource.account, resource.kind, resource.identifier, resource.uidnumber ]
|
25
|
-
"""
|
26
|
-
Then the JSON should be:
|
27
|
-
"""
|
28
|
-
[
|
29
|
-
"cucumber:user:alice",
|
30
|
-
"cucumber",
|
31
|
-
"user",
|
32
|
-
"alice",
|
33
|
-
2000
|
34
|
-
]
|
35
|
-
"""
|
36
|
-
|
37
|
-
Scenario: Resource#owner is the owner object
|
38
|
-
When I run the code:
|
39
|
-
"""
|
40
|
-
$conjur.resource('cucumber:group:developers').owner.id
|
41
|
-
"""
|
42
|
-
Then the result should be "cucumber:group:security_admin"
|
43
|
-
And I run the code:
|
44
|
-
"""
|
45
|
-
$conjur.resource('cucumber:group:developers').class
|
46
|
-
"""
|
47
|
-
Then the result should be "Conjur::Group"
|
@@ -1,13 +0,0 @@
|
|
1
|
-
Feature: Rotate the API key.
|
2
|
-
|
3
|
-
Scenario: Logged-in user can rotate the API key.
|
4
|
-
When I run the code:
|
5
|
-
"""
|
6
|
-
$conjur.role('cucumber:user:alice').rotate_api_key
|
7
|
-
"""
|
8
|
-
Then I can run the code:
|
9
|
-
"""
|
10
|
-
@api_key = @result.strip
|
11
|
-
@conjur = Conjur::API.new_from_key 'alice', @api_key
|
12
|
-
@conjur.token
|
13
|
-
"""
|
@@ -1,17 +0,0 @@
|
|
1
|
-
Given(/^a new host$/) do
|
2
|
-
@host_id = "app-#{random_hex}"
|
3
|
-
host = Conjur::API.host_factory_create_host($token, @host_id)
|
4
|
-
@host_api_key = host.api_key
|
5
|
-
expect(@host_api_key).to be
|
6
|
-
|
7
|
-
@host = $conjur.resource("cucumber:host:#{@host_id}")
|
8
|
-
@host.attributes['api_key'] = @host_api_key
|
9
|
-
end
|
10
|
-
|
11
|
-
When(/^I(?: can)? run the code:$/) do |code|
|
12
|
-
@result = eval(code).tap do |result|
|
13
|
-
if ENV['DEBUG']
|
14
|
-
puts result
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
data/features_v4/support/env.rb
DELETED
@@ -1,23 +0,0 @@
|
|
1
|
-
require 'simplecov'
|
2
|
-
|
3
|
-
SimpleCov.start
|
4
|
-
|
5
|
-
require 'json_spec/cucumber'
|
6
|
-
require 'conjur/api'
|
7
|
-
|
8
|
-
Conjur.configuration.appliance_url = ENV['CONJUR_APPLIANCE_URL'] || 'https://conjur_4/api'
|
9
|
-
Conjur.configuration.account = ENV['CONJUR_ACCOUNT'] || 'cucumber'
|
10
|
-
Conjur.configuration.cert_file = "./tmp/conjur.pem"
|
11
|
-
Conjur.configuration.authn_local_socket = "/run/authn-local-4/.socket"
|
12
|
-
Conjur.configuration.version = 4
|
13
|
-
|
14
|
-
Conjur.configuration.apply_cert_config!
|
15
|
-
|
16
|
-
$username = ENV['CONJUR_AUTHN_LOGIN'] || 'admin'
|
17
|
-
$password = ENV['CONJUR_AUTHN_API_KEY'] || 'secret'
|
18
|
-
|
19
|
-
$api_key = Conjur::API.login $username, $password
|
20
|
-
$conjur = Conjur::API.new_from_key $username, $api_key
|
21
|
-
|
22
|
-
$host_factory = $conjur.resource('cucumber:host_factory:myapp')
|
23
|
-
$token = $host_factory.create_token(Time.now + 1.hour)
|
@@ -1,11 +0,0 @@
|
|
1
|
-
Feature: Display Variable fields.
|
2
|
-
|
3
|
-
Background:
|
4
|
-
When I run the code:
|
5
|
-
"""
|
6
|
-
$conjur.resource('cucumber:variable:ssl-certificate')
|
7
|
-
"""
|
8
|
-
|
9
|
-
Scenario: Display MIME type and kind
|
10
|
-
Then the JSON at "mime_type" should be "application/x-pem-file"
|
11
|
-
And the JSON at "kind" should be "SSL certificate"
|
@@ -1,54 +0,0 @@
|
|
1
|
-
Feature: Work with Variable values.
|
2
|
-
Background:
|
3
|
-
Given I run the code:
|
4
|
-
"""
|
5
|
-
@variable = $conjur.resource("cucumber:variable:db-password")
|
6
|
-
@variable_2 = $conjur.resource("cucumber:variable:ssh-key")
|
7
|
-
"""
|
8
|
-
|
9
|
-
Scenario: Add a value, retrieve the variable metadata and the value.
|
10
|
-
Given I run the code:
|
11
|
-
"""
|
12
|
-
@initial_count = @variable.version_count
|
13
|
-
@variable.add_value 'value-0'
|
14
|
-
"""
|
15
|
-
When I run the code:
|
16
|
-
"""
|
17
|
-
expect(@variable.version_count).to eq(@initial_count + 1)
|
18
|
-
"""
|
19
|
-
And I run the code:
|
20
|
-
"""
|
21
|
-
@variable.value
|
22
|
-
"""
|
23
|
-
Then the result should be "value-0"
|
24
|
-
|
25
|
-
Scenario: Retrieve a historical value.
|
26
|
-
Given I run the code:
|
27
|
-
"""
|
28
|
-
@variable.add_value 'value-0'
|
29
|
-
@variable.add_value 'value-1'
|
30
|
-
@variable.add_value 'value-2'
|
31
|
-
"""
|
32
|
-
When I run the code:
|
33
|
-
"""
|
34
|
-
@variable.value(@variable.version_count - 2)
|
35
|
-
"""
|
36
|
-
Then the result should be "value-0"
|
37
|
-
|
38
|
-
Scenario: Retrieve multiple values in a batch
|
39
|
-
Given I run the code:
|
40
|
-
"""
|
41
|
-
@variable.add_value 'value-0'
|
42
|
-
@variable_2.add_value 'value-2'
|
43
|
-
"""
|
44
|
-
When I run the code:
|
45
|
-
"""
|
46
|
-
$conjur.variable_values([ @variable, @variable_2 ].map(&:id))
|
47
|
-
"""
|
48
|
-
Then the JSON should be:
|
49
|
-
"""
|
50
|
-
{
|
51
|
-
"db-password": "value-0",
|
52
|
-
"ssh-key": "value-2"
|
53
|
-
}
|
54
|
-
"""
|