conjur-api 5.4.2.pre.638 → 6.0.0.pre.94

Sign up to get free protection for your applications and to get access to all the features.
Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. data/.github/CODEOWNERS +4 -4
  3. data/.rubocop_todo.yml +3 -5
  4. data/CHANGELOG.md +6 -3
  5. data/CONTRIBUTING.md +27 -71
  6. data/Jenkinsfile +69 -30
  7. data/README.md +1 -21
  8. data/Rakefile +2 -7
  9. data/VERSION +1 -1
  10. data/ci/{configure_v5.sh → configure.sh} +1 -1
  11. data/ci/oauth/keycloak/keycloak_functions.sh +7 -7
  12. data/conjur-api.gemspec +1 -0
  13. data/dev/docker-compose.yml +12 -21
  14. data/dev/start +9 -9
  15. data/dev/stop +1 -1
  16. data/docker-compose.yml +13 -38
  17. data/example/{demo_v5.rb → demo.rb} +3 -8
  18. data/features/step_definitions/policy_steps.rb +1 -1
  19. data/features/support/env.rb +5 -1
  20. data/lib/conjur/api/router.rb +267 -0
  21. data/lib/conjur/base.rb +2 -2
  22. data/lib/conjur/configuration.rb +0 -20
  23. data/lib/conjur/routing.rb +2 -12
  24. data/lib/conjur/variable.rb +7 -15
  25. data/spec/spec_helper.rb +4 -0
  26. data/spec/uri_escape_spec.rb +3 -3
  27. data/test.sh +16 -29
  28. metadata +21 -24
  29. data/ci/configure_v4.sh +0 -12
  30. data/example/demo_v4.rb +0 -49
  31. data/features_v4/authn_local.feature +0 -27
  32. data/features_v4/exists.feature +0 -29
  33. data/features_v4/host.feature +0 -18
  34. data/features_v4/host_factory_token.feature +0 -49
  35. data/features_v4/members.feature +0 -39
  36. data/features_v4/permitted.feature +0 -15
  37. data/features_v4/permitted_roles.feature +0 -8
  38. data/features_v4/resource_fields.feature +0 -47
  39. data/features_v4/rotate_api_key.feature +0 -13
  40. data/features_v4/step_definitions/api_steps.rb +0 -17
  41. data/features_v4/step_definitions/result_steps.rb +0 -3
  42. data/features_v4/support/env.rb +0 -23
  43. data/features_v4/support/world.rb +0 -12
  44. data/features_v4/variable_fields.feature +0 -11
  45. data/features_v4/variable_value.feature +0 -54
  46. data/lib/conjur/api/router/v4.rb +0 -206
  47. data/lib/conjur/api/router/v5.rb +0 -269
  48. /data/{features_v4 → features}/support/policy.yml +0 -0
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: conjur-api
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.4.2.pre.638
4
+ version: 6.0.0.pre.94
5
5
  platform: ruby
6
6
  authors:
7
7
  - CyberArk Maintainers
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-09-11 00:00:00.000000000 Z
11
+ date: 2024-02-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rest-client
@@ -156,6 +156,20 @@ dependencies:
156
156
  - - "<"
157
157
  - !ruby/object:Gem::Version
158
158
  version: '0.18'
159
+ - !ruby/object:Gem::Dependency
160
+ name: simplecov-cobertura
161
+ requirement: !ruby/object:Gem::Requirement
162
+ requirements:
163
+ - - ">="
164
+ - !ruby/object:Gem::Version
165
+ version: '0'
166
+ type: :development
167
+ prerelease: false
168
+ version_requirements: !ruby/object:Gem::Requirement
169
+ requirements:
170
+ - - ">="
171
+ - !ruby/object:Gem::Version
172
+ version: '0'
159
173
  - !ruby/object:Gem::Dependency
160
174
  name: io-grab
161
175
  requirement: !ruby/object:Gem::Requirement
@@ -282,8 +296,7 @@ files:
282
296
  - Rakefile
283
297
  - SECURITY.md
284
298
  - VERSION
285
- - ci/configure_v4.sh
286
- - ci/configure_v5.sh
299
+ - ci/configure.sh
287
300
  - ci/oauth/keycloak/create_client
288
301
  - ci/oauth/keycloak/create_user
289
302
  - ci/oauth/keycloak/fetch_certificate
@@ -297,8 +310,7 @@ files:
297
310
  - dev/start
298
311
  - dev/stop
299
312
  - docker-compose.yml
300
- - example/demo_v4.rb
301
- - example/demo_v5.rb
313
+ - example/demo.rb
302
314
  - features/authenticators.feature
303
315
  - features/authn.feature
304
316
  - features/authn_local.feature
@@ -321,27 +333,12 @@ files:
321
333
  - features/step_definitions/result_steps.rb
322
334
  - features/support/env.rb
323
335
  - features/support/hooks.rb
336
+ - features/support/policy.yml
324
337
  - features/support/world.rb
325
338
  - features/update_password.feature
326
339
  - features/user.feature
327
340
  - features/variable_fields.feature
328
341
  - features/variable_value.feature
329
- - features_v4/authn_local.feature
330
- - features_v4/exists.feature
331
- - features_v4/host.feature
332
- - features_v4/host_factory_token.feature
333
- - features_v4/members.feature
334
- - features_v4/permitted.feature
335
- - features_v4/permitted_roles.feature
336
- - features_v4/resource_fields.feature
337
- - features_v4/rotate_api_key.feature
338
- - features_v4/step_definitions/api_steps.rb
339
- - features_v4/step_definitions/result_steps.rb
340
- - features_v4/support/env.rb
341
- - features_v4/support/policy.yml
342
- - features_v4/support/world.rb
343
- - features_v4/variable_fields.feature
344
- - features_v4/variable_value.feature
345
342
  - lib/conjur-api.rb
346
343
  - lib/conjur-api/version.rb
347
344
  - lib/conjur/acts_as_resource.rb
@@ -357,8 +354,7 @@ files:
357
354
  - lib/conjur/api/pubkeys.rb
358
355
  - lib/conjur/api/resources.rb
359
356
  - lib/conjur/api/roles.rb
360
- - lib/conjur/api/router/v4.rb
361
- - lib/conjur/api/router/v5.rb
357
+ - lib/conjur/api/router.rb
362
358
  - lib/conjur/api/variables.rb
363
359
  - lib/conjur/base.rb
364
360
  - lib/conjur/base_object.rb
@@ -454,6 +450,7 @@ test_files:
454
450
  - features/step_definitions/result_steps.rb
455
451
  - features/support/env.rb
456
452
  - features/support/hooks.rb
453
+ - features/support/policy.yml
457
454
  - features/support/world.rb
458
455
  - features/update_password.feature
459
456
  - features/user.feature
data/ci/configure_v4.sh DELETED
@@ -1,12 +0,0 @@
1
- #!/bin/bash -e
2
-
3
- cat << "CONFIGURE" | docker exec -i $(docker-compose ps -q conjur_4) bash
4
- set -e
5
-
6
- /opt/conjur/evoke/bin/wait_for_conjur
7
- evoke ca regenerate conjur_4
8
- /opt/conjur/evoke/bin/wait_for_conjur
9
- env CONJUR_AUTHN_LOGIN=admin CONJUR_AUTHN_API_KEY=secret conjur policy load --as-group security_admin /etc/policy.yml
10
- CONFIGURE
11
-
12
- docker cp $(docker-compose ps -q conjur_4):/opt/conjur/etc/ssl/ca.pem ./tmp/conjur.pem
data/example/demo_v4.rb DELETED
@@ -1,49 +0,0 @@
1
- #!/usr/bin/env ruby
2
-
3
- require 'conjur-api'
4
- require 'securerandom'
5
-
6
- username = "admin"
7
- password = "secret"
8
-
9
- Conjur.configuration.appliance_url = "https://conjur_4/api"
10
- Conjur.configuration.account = "cucumber"
11
- Conjur.configuration.cert_file = "./tmp/conjur.pem"
12
- Conjur.configuration.version = 4
13
- Conjur.configuration.apply_cert_config!
14
-
15
- puts "Configured with Conjur version: #{Conjur.configuration.version}"
16
- puts
17
-
18
- api_key = Conjur::API.login username, password
19
- api = Conjur::API.new_from_key username, api_key
20
-
21
- db_password = SecureRandom.hex(12)
22
- puts "Populating variable 'db-password' = #{db_password.inspect}"
23
- api.resource("cucumber:variable:db-password").add_value db_password
24
- puts "Value added"
25
- puts
26
-
27
- puts "Creating host factory token for 'myapp'"
28
- expiration = Time.now + 1.day
29
- hf_token = api.resource("cucumber:host_factory:myapp").create_token expiration
30
- puts "Created: #{hf_token.token}"
31
- puts
32
-
33
- puts "Creating new host 'host-01' with host factory"
34
- host = Conjur::API.host_factory_create_host(hf_token, "host-01")
35
- puts "Created: #{host}"
36
- puts
37
-
38
- puts "Logging in as #{host.id}"
39
- host_api = Conjur::API.new_from_key "host/host-01", host.api_key
40
- puts "Logged in"
41
- puts
42
-
43
-
44
- puts "Fetching db-password as #{host.id}"
45
- value = host_api.resource("cucumber:variable:db-password").value
46
- puts value
47
- puts
48
-
49
- puts "Done!"
@@ -1,27 +0,0 @@
1
- Feature: When co-located with the Conjur server, the API can use the authn-local service to authenticate.
2
-
3
- Scenario: authn-local can be used to obtain an access token.
4
- When I run the code:
5
- """
6
- Conjur::API.authenticate_local "alice"
7
- """
8
- Then the JSON should have "data"
9
-
10
- Scenario: Conjur API supports construction from authn-local.
11
- When I run the code:
12
- """
13
- @api = Conjur::API.new_from_authn_local "alice"
14
- @api.token
15
- """
16
- Then the JSON should have "data"
17
-
18
- Scenario: Conjur API will automatically refresh the token.
19
- When I run the code:
20
- """
21
- @api = Conjur::API.new_from_authn_local "alice"
22
- @api.token
23
- @api.force_token_refresh
24
- @api.token
25
- """
26
- Then the JSON should have "data"
27
- And the JSON at "data" should be "alice"
@@ -1,29 +0,0 @@
1
- Feature: Check if an object exists.
2
-
3
- Scenario: A created group resource exists
4
- When I run the code:
5
- """
6
- $conjur.resource('cucumber:group:developers').exists?
7
- """
8
- Then the result should be "true"
9
-
10
- Scenario: An un-created resource doesn't exist
11
- When I run the code:
12
- """
13
- $conjur.resource('cucumber:food:bacon').exists?
14
- """
15
- Then the result should be "false"
16
-
17
- Scenario: A created group role exists
18
- When I run the code:
19
- """
20
- $conjur.role('cucumber:group:developers').exists?
21
- """
22
- Then the result should be "true"
23
-
24
- Scenario: An un-created role doesn't exist
25
- When I run the code:
26
- """
27
- $conjur.role('cucumber:food:bacon').exists?
28
- """
29
- Then the result should be "false"
@@ -1,18 +0,0 @@
1
- Feature: Display Host object fields.
2
-
3
- Background:
4
- Given a new host
5
-
6
- Scenario: API key of a newly created host is available and valid.
7
- Then I run the code:
8
- """
9
- expect(@host.exists?).to be(true)
10
- expect(@host.api_key).to be
11
- """
12
-
13
- Scenario: API key of a a host can be rotated.
14
- Then I run the code:
15
- """
16
- api_key = @host.rotate_api_key
17
- Conjur::API.new_from_key("host/#{@host.id.identifier}", api_key).token
18
- """
@@ -1,49 +0,0 @@
1
- Feature: Working with host factory tokens.
2
-
3
- Background:
4
- Given I run the code:
5
- """
6
- @expiration = (DateTime.now + 1.hour).change(sec: 0)
7
- """
8
-
9
-
10
- Scenario: Create a new host factory token.
11
- When I run the code:
12
- """
13
- @token = $host_factory.create_token(@expiration)
14
- """
15
- Then I can run the code:
16
- """
17
- expect(@token).to be_instance_of(Conjur::HostFactoryToken)
18
- expect(@token.token).to be_instance_of(String)
19
- expiration = @token.expiration
20
- expiration = expiration.change(sec: 0)
21
- expect(expiration).to eq(@expiration)
22
- """
23
-
24
- Scenario: Create multiple new host factory tokens.
25
- When I run the code:
26
- """
27
- $host_factory.create_tokens @expiration, count: 2
28
- """
29
- Then the JSON should have 2 items
30
-
31
- Scenario: Revoke a host factory token using the token object.
32
- When I run the code:
33
- """
34
- @token = $host_factory.create_token @expiration
35
- """
36
- Then I can run the code:
37
- """
38
- @token.revoke
39
- """
40
-
41
- Scenario: Revoke a host factory token using the API.
42
- When I run the code:
43
- """
44
- @token = $host_factory.create_token @expiration
45
- """
46
- Then I can run the code:
47
- """
48
- $conjur.revoke_host_factory_token @token.token
49
- """
@@ -1,39 +0,0 @@
1
- Feature: Display role members and memberships.
2
-
3
- Scenario: Show a role's members.
4
- When I run the code:
5
- """
6
- $conjur.role('cucumber:group:everyone').members.map(&:as_json)
7
- """
8
- Then the JSON should be:
9
- """
10
- [
11
- {
12
- "admin_option": false,
13
- "member": "cucumber:group:developers",
14
- "role": "cucumber:group:everyone"
15
- },
16
- {
17
- "admin_option": true,
18
- "member": "cucumber:group:security_admin",
19
- "role": "cucumber:group:everyone"
20
- }
21
- ]
22
- """
23
-
24
- Scenario: Show a role's memberships.
25
- When I run the code:
26
- """
27
- $conjur.role('cucumber:group:developers').memberships.map(&:as_json)
28
- """
29
- Then the JSON should be:
30
- """
31
- [
32
- {
33
- "id": "cucumber:group:developers"
34
- },
35
- {
36
- "id": "cucumber:group:everyone"
37
- }
38
- ]
39
- """
@@ -1,15 +0,0 @@
1
- Feature: Check if a role has permission on a resource.
2
-
3
- Scenario: Check if the current user has the privilege.
4
- When I run the code:
5
- """
6
- $conjur.resource('cucumber:variable:db-password').permitted? 'execute'
7
- """
8
- Then the result should be "true"
9
-
10
- Scenario: Check if a different user has the privilege.
11
- When I run the code:
12
- """
13
- $conjur.resource('cucumber:variable:db-password').permitted? 'execute', role: "cucumber:user:bob"
14
- """
15
- Then the result should be "false"
@@ -1,8 +0,0 @@
1
- Feature: Enumerate roles which have a permission on a resource.
2
-
3
- Scenario: Permitted roles can be enumerated.
4
- When I run the code:
5
- """
6
- $conjur.resource('cucumber:variable:db-password').permitted_roles 'execute'
7
- """
8
- Then the JSON should include "cucumber:layer:myapp"
@@ -1,47 +0,0 @@
1
- Feature: Display basic resource fields.
2
-
3
- Scenario: Group exposes id, kind, identifier, and gidnumber.
4
- When I run the code:
5
- """
6
- resource = $conjur.resource('cucumber:group:developers')
7
- [ resource.id, resource.account, resource.kind, resource.identifier, resource.gidnumber ]
8
- """
9
- Then the JSON should be:
10
- """
11
- [
12
- "cucumber:group:developers",
13
- "cucumber",
14
- "group",
15
- "developers",
16
- 2000
17
- ]
18
- """
19
-
20
- Scenario: User exposes id, kind, identifier, and uidnumber.
21
- When I run the code:
22
- """
23
- resource = $conjur.resource('cucumber:user:alice')
24
- [ resource.id, resource.account, resource.kind, resource.identifier, resource.uidnumber ]
25
- """
26
- Then the JSON should be:
27
- """
28
- [
29
- "cucumber:user:alice",
30
- "cucumber",
31
- "user",
32
- "alice",
33
- 2000
34
- ]
35
- """
36
-
37
- Scenario: Resource#owner is the owner object
38
- When I run the code:
39
- """
40
- $conjur.resource('cucumber:group:developers').owner.id
41
- """
42
- Then the result should be "cucumber:group:security_admin"
43
- And I run the code:
44
- """
45
- $conjur.resource('cucumber:group:developers').class
46
- """
47
- Then the result should be "Conjur::Group"
@@ -1,13 +0,0 @@
1
- Feature: Rotate the API key.
2
-
3
- Scenario: Logged-in user can rotate the API key.
4
- When I run the code:
5
- """
6
- $conjur.role('cucumber:user:alice').rotate_api_key
7
- """
8
- Then I can run the code:
9
- """
10
- @api_key = @result.strip
11
- @conjur = Conjur::API.new_from_key 'alice', @api_key
12
- @conjur.token
13
- """
@@ -1,17 +0,0 @@
1
- Given(/^a new host$/) do
2
- @host_id = "app-#{random_hex}"
3
- host = Conjur::API.host_factory_create_host($token, @host_id)
4
- @host_api_key = host.api_key
5
- expect(@host_api_key).to be
6
-
7
- @host = $conjur.resource("cucumber:host:#{@host_id}")
8
- @host.attributes['api_key'] = @host_api_key
9
- end
10
-
11
- When(/^I(?: can)? run the code:$/) do |code|
12
- @result = eval(code).tap do |result|
13
- if ENV['DEBUG']
14
- puts result
15
- end
16
- end
17
- end
@@ -1,3 +0,0 @@
1
- Then(/^the result should be "([^"]+)"$/) do |expected|
2
- expect(@result.to_s).to eq(expected.to_s)
3
- end
@@ -1,23 +0,0 @@
1
- require 'simplecov'
2
-
3
- SimpleCov.start
4
-
5
- require 'json_spec/cucumber'
6
- require 'conjur/api'
7
-
8
- Conjur.configuration.appliance_url = ENV['CONJUR_APPLIANCE_URL'] || 'https://conjur_4/api'
9
- Conjur.configuration.account = ENV['CONJUR_ACCOUNT'] || 'cucumber'
10
- Conjur.configuration.cert_file = "./tmp/conjur.pem"
11
- Conjur.configuration.authn_local_socket = "/run/authn-local-4/.socket"
12
- Conjur.configuration.version = 4
13
-
14
- Conjur.configuration.apply_cert_config!
15
-
16
- $username = ENV['CONJUR_AUTHN_LOGIN'] || 'admin'
17
- $password = ENV['CONJUR_AUTHN_API_KEY'] || 'secret'
18
-
19
- $api_key = Conjur::API.login $username, $password
20
- $conjur = Conjur::API.new_from_key $username, $api_key
21
-
22
- $host_factory = $conjur.resource('cucumber:host_factory:myapp')
23
- $token = $host_factory.create_token(Time.now + 1.hour)
@@ -1,12 +0,0 @@
1
- module ApiWorld
2
- def last_json
3
- @result.to_json
4
- end
5
-
6
- def random_hex nbytes = 12
7
- @random ||= Random.new
8
- @random.bytes(nbytes).unpack('h*').first
9
- end
10
- end
11
-
12
- World ApiWorld
@@ -1,11 +0,0 @@
1
- Feature: Display Variable fields.
2
-
3
- Background:
4
- When I run the code:
5
- """
6
- $conjur.resource('cucumber:variable:ssl-certificate')
7
- """
8
-
9
- Scenario: Display MIME type and kind
10
- Then the JSON at "mime_type" should be "application/x-pem-file"
11
- And the JSON at "kind" should be "SSL certificate"
@@ -1,54 +0,0 @@
1
- Feature: Work with Variable values.
2
- Background:
3
- Given I run the code:
4
- """
5
- @variable = $conjur.resource("cucumber:variable:db-password")
6
- @variable_2 = $conjur.resource("cucumber:variable:ssh-key")
7
- """
8
-
9
- Scenario: Add a value, retrieve the variable metadata and the value.
10
- Given I run the code:
11
- """
12
- @initial_count = @variable.version_count
13
- @variable.add_value 'value-0'
14
- """
15
- When I run the code:
16
- """
17
- expect(@variable.version_count).to eq(@initial_count + 1)
18
- """
19
- And I run the code:
20
- """
21
- @variable.value
22
- """
23
- Then the result should be "value-0"
24
-
25
- Scenario: Retrieve a historical value.
26
- Given I run the code:
27
- """
28
- @variable.add_value 'value-0'
29
- @variable.add_value 'value-1'
30
- @variable.add_value 'value-2'
31
- """
32
- When I run the code:
33
- """
34
- @variable.value(@variable.version_count - 2)
35
- """
36
- Then the result should be "value-0"
37
-
38
- Scenario: Retrieve multiple values in a batch
39
- Given I run the code:
40
- """
41
- @variable.add_value 'value-0'
42
- @variable_2.add_value 'value-2'
43
- """
44
- When I run the code:
45
- """
46
- $conjur.variable_values([ @variable, @variable_2 ].map(&:id))
47
- """
48
- Then the JSON should be:
49
- """
50
- {
51
- "db-password": "value-0",
52
- "ssh-key": "value-2"
53
- }
54
- """