conjur-api 6.2.0.pre.810 → 6.3.0.pre.811
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/Jenkinsfile +12 -12
- data/VERSION +1 -1
- data/conjur-api.gemspec +1 -1
- data/features/load_policy.feature +32 -0
- data/features/step_definitions/result_steps.rb +4 -0
- data/lib/conjur/api/policies.rb +17 -0
- data/lib/conjur/api/router.rb +7 -0
- data/spec/api/policies_spec.rb +40 -0
- data/test.sh +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 03b217e867501dae07020520da8771c1567eb9e68535ac091d246682b03a5f1e
|
|
4
|
+
data.tar.gz: 33a22ce177a5bf8565ad0c95402f8370fb3126187e84d338a64a765bde0d03e2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a95db33a615a15082b9895757dbb3f8efb924fe220c574b6283c4c8d7c48ffb2f12c0fc974de0af512566510a857af05dd433cbb6f95180eea6eb810c5e8597b
|
|
7
|
+
data.tar.gz: 97fffe87e74bafba8be80fb93308a9cc3f1638bad1e1ca8555a9e245694de02f51627b933e8ae3248a1306fb3a1e336ca255dc93566aa3d9e5297a2dcd042b09
|
data/CHANGELOG.md
CHANGED
|
@@ -5,12 +5,21 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
|
|
|
5
5
|
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
|
|
6
6
|
|
|
7
7
|
## Unreleased
|
|
8
|
+
|
|
9
|
+
## [6.3.0] - 2026-07-15
|
|
10
|
+
|
|
11
|
+
### Added
|
|
12
|
+
- Added `Conjur::API#fetch_policy` for retrieving policy data from the server,
|
|
13
|
+
as YAML or JSON, with optional tree depth and size limits.
|
|
14
|
+
|
|
8
15
|
### Changed
|
|
9
16
|
- CI uses Conjur Enterprise 1.27.0+, which removed the `GET /public_keys` endpoint
|
|
10
17
|
(CNJR-11339). Dropped the Cucumber scenario that exercised that API; the client
|
|
11
18
|
method remains for open-source Conjur.
|
|
12
19
|
- Retrieve the Cucumber admin API key via `conjurctl` in `test.sh` instead of rake,
|
|
13
20
|
avoiding Rails boot output corrupting the key on current Conjur images.
|
|
21
|
+
- CI now tests against Ruby 3.3, 3.4, and 4.0. Dropped Ruby 3.2 (end of life)
|
|
22
|
+
and raised the minimum supported Ruby version accordingly.
|
|
14
23
|
|
|
15
24
|
## [6.2.0] - 2026-06-05
|
|
16
25
|
|
data/Jenkinsfile
CHANGED
|
@@ -80,56 +80,56 @@ pipeline {
|
|
|
80
80
|
}
|
|
81
81
|
}
|
|
82
82
|
|
|
83
|
-
stage('Test Ruby 3.
|
|
83
|
+
stage('Test Ruby 3.3') {
|
|
84
84
|
environment {
|
|
85
|
-
INFRAPOOL_RUBY_VERSION = '3.
|
|
85
|
+
INFRAPOOL_RUBY_VERSION = '3.3'
|
|
86
86
|
INFRAPOOL_REGISTRY_URL = "registry.tld"
|
|
87
87
|
}
|
|
88
88
|
steps {
|
|
89
89
|
script {
|
|
90
90
|
infrapool.agentSh "./test.sh"
|
|
91
|
-
infrapool.agentStash name: 'reports3.
|
|
91
|
+
infrapool.agentStash name: 'reports3.3', includes: '**/reports/*.xml'
|
|
92
92
|
}
|
|
93
93
|
}
|
|
94
94
|
post {
|
|
95
95
|
always {
|
|
96
|
-
unstash 'reports3.
|
|
96
|
+
unstash 'reports3.3'
|
|
97
97
|
}
|
|
98
98
|
}
|
|
99
99
|
}
|
|
100
100
|
|
|
101
|
-
stage('Test Ruby 3.
|
|
101
|
+
stage('Test Ruby 3.4') {
|
|
102
102
|
environment {
|
|
103
|
-
INFRAPOOL_RUBY_VERSION = '3.
|
|
103
|
+
INFRAPOOL_RUBY_VERSION = '3.4'
|
|
104
104
|
INFRAPOOL_REGISTRY_URL = "registry.tld"
|
|
105
105
|
}
|
|
106
106
|
steps {
|
|
107
107
|
script {
|
|
108
108
|
infrapool.agentSh "./test.sh"
|
|
109
|
-
infrapool.agentStash name: 'reports3.
|
|
109
|
+
infrapool.agentStash name: 'reports3.4', includes: '**/reports/*.xml'
|
|
110
110
|
}
|
|
111
111
|
}
|
|
112
112
|
post {
|
|
113
113
|
always {
|
|
114
|
-
unstash 'reports3.
|
|
114
|
+
unstash 'reports3.4'
|
|
115
115
|
}
|
|
116
116
|
}
|
|
117
117
|
}
|
|
118
118
|
|
|
119
|
-
stage('Test Ruby
|
|
119
|
+
stage('Test Ruby 4.0') {
|
|
120
120
|
environment {
|
|
121
|
-
INFRAPOOL_RUBY_VERSION = '
|
|
121
|
+
INFRAPOOL_RUBY_VERSION = '4.0'
|
|
122
122
|
INFRAPOOL_REGISTRY_URL = "registry.tld"
|
|
123
123
|
}
|
|
124
124
|
steps {
|
|
125
125
|
script {
|
|
126
126
|
infrapool.agentSh "./test.sh"
|
|
127
|
-
infrapool.agentStash name: '
|
|
127
|
+
infrapool.agentStash name: 'reports4.0', includes: '**/reports/*.xml'
|
|
128
128
|
}
|
|
129
129
|
}
|
|
130
130
|
post {
|
|
131
131
|
always {
|
|
132
|
-
unstash '
|
|
132
|
+
unstash 'reports4.0'
|
|
133
133
|
}
|
|
134
134
|
}
|
|
135
135
|
}
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
6.
|
|
1
|
+
6.3.0-811
|
data/conjur-api.gemspec
CHANGED
|
@@ -16,7 +16,7 @@ Gem::Specification.new do |gem|
|
|
|
16
16
|
gem.require_paths = ["lib"]
|
|
17
17
|
gem.version = Conjur::API::VERSION
|
|
18
18
|
|
|
19
|
-
gem.required_ruby_version = '>=
|
|
19
|
+
gem.required_ruby_version = '>= 3.3'
|
|
20
20
|
|
|
21
21
|
# Filter out development only executables
|
|
22
22
|
gem.executables -= %w{parse-changelog.sh}
|
|
@@ -60,3 +60,35 @@ Feature: Load a policy.
|
|
|
60
60
|
"cucumber:user:admin"
|
|
61
61
|
]
|
|
62
62
|
"""
|
|
63
|
+
|
|
64
|
+
Scenario: A loaded subpolicy can be fetched back as YAML.
|
|
65
|
+
Given I run the code:
|
|
66
|
+
"""
|
|
67
|
+
$conjur.load_policy 'root', <<-POLICY
|
|
68
|
+
- !policy
|
|
69
|
+
id: fetch-policy-yaml
|
|
70
|
+
body:
|
|
71
|
+
- !group fetch-policy-group
|
|
72
|
+
POLICY
|
|
73
|
+
"""
|
|
74
|
+
Then I can run the code:
|
|
75
|
+
"""
|
|
76
|
+
$conjur.fetch_policy 'fetch-policy-yaml'
|
|
77
|
+
"""
|
|
78
|
+
Then the result should contain "fetch-policy-group"
|
|
79
|
+
|
|
80
|
+
Scenario: A loaded subpolicy can be fetched back as JSON.
|
|
81
|
+
Given I run the code:
|
|
82
|
+
"""
|
|
83
|
+
$conjur.load_policy 'root', <<-POLICY
|
|
84
|
+
- !policy
|
|
85
|
+
id: fetch-policy-json
|
|
86
|
+
body:
|
|
87
|
+
- !group fetch-policy-json-group
|
|
88
|
+
POLICY
|
|
89
|
+
"""
|
|
90
|
+
Then I can run the code:
|
|
91
|
+
"""
|
|
92
|
+
$conjur.fetch_policy 'fetch-policy-json', return_json: true
|
|
93
|
+
"""
|
|
94
|
+
Then the result should contain "fetch-policy-json-group"
|
|
@@ -2,6 +2,10 @@ Then(/^the result should be "([^"]+)"$/) do |expected|
|
|
|
2
2
|
expect(@result.to_s).to eq(expected.to_s)
|
|
3
3
|
end
|
|
4
4
|
|
|
5
|
+
Then(/^the result should contain "([^"]+)"$/) do |expected|
|
|
6
|
+
expect(@result.to_s).to include(expected)
|
|
7
|
+
end
|
|
8
|
+
|
|
5
9
|
Then(/^the providers list contains service id "([^"]+)"$/) do |service_id|
|
|
6
10
|
expect(@result.map{ |x| x["service_id"]}).to include(service_id)
|
|
7
11
|
end
|
data/lib/conjur/api/policies.rb
CHANGED
|
@@ -51,6 +51,23 @@ module Conjur
|
|
|
51
51
|
PolicyLoadResult.new JSON.parse(request.send(method, policy))
|
|
52
52
|
end
|
|
53
53
|
|
|
54
|
+
# Fetch the current policy data from the server.
|
|
55
|
+
#
|
|
56
|
+
# @param id [String] id of the policy to fetch.
|
|
57
|
+
# @param account [String] Conjur organization account
|
|
58
|
+
# @param return_json [Boolean] Return the policy as JSON instead of the default YAML.
|
|
59
|
+
# @param depth [Integer, nil] Maximum depth of the returned policy tree (nil for the full tree).
|
|
60
|
+
# @param limit [Integer, nil] Maximum number of policy objects to return (nil for no limit).
|
|
61
|
+
# @return [String] the policy document, formatted as YAML or JSON.
|
|
62
|
+
def fetch_policy id, account: Conjur.configuration.account, return_json: false, depth: nil, limit: nil
|
|
63
|
+
options = {}
|
|
64
|
+
options[:depth] = depth if depth
|
|
65
|
+
options[:limit] = limit if limit
|
|
66
|
+
request = url_for(:policies_fetch_policy, credentials, account, id, options)
|
|
67
|
+
content_type = return_json ? 'application/json' : 'application/x-yaml'
|
|
68
|
+
request.get('Content-Type' => content_type).body
|
|
69
|
+
end
|
|
70
|
+
|
|
54
71
|
#@!endgroup
|
|
55
72
|
end
|
|
56
73
|
end
|
data/lib/conjur/api/router.rb
CHANGED
|
@@ -148,6 +148,13 @@ module Conjur
|
|
|
148
148
|
)['policies'][fully_escape account]['policy'][fully_escape id]
|
|
149
149
|
end
|
|
150
150
|
|
|
151
|
+
def policies_fetch_policy credentials, account, id, options = {}
|
|
152
|
+
RestClient::Resource.new(
|
|
153
|
+
Conjur.configuration.core_url,
|
|
154
|
+
Conjur.configuration.create_rest_client_options(credentials)
|
|
155
|
+
)['policies'][fully_escape account]['policy'][fully_escape id][options_querystring options]
|
|
156
|
+
end
|
|
157
|
+
|
|
151
158
|
def public_keys_for_user account, username
|
|
152
159
|
RestClient::Resource.new(
|
|
153
160
|
Conjur.configuration.core_url,
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'spec_helper'
|
|
4
|
+
require 'conjur/api/policies'
|
|
5
|
+
|
|
6
|
+
describe "Conjur::API#fetch_policy", api: :dummy do
|
|
7
|
+
let(:api) { Conjur::API.new_from_key('user', 'pass') }
|
|
8
|
+
|
|
9
|
+
before do
|
|
10
|
+
allow(api).to receive(:credentials).and_return('the-credentials')
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
it "fetches the policy as YAML by default" do
|
|
14
|
+
resource = instance_double(RestClient::Resource, "policy resource")
|
|
15
|
+
allow(api).to receive(:url_for)
|
|
16
|
+
.with(:policies_fetch_policy, 'the-credentials', 'the-account', 'root', {})
|
|
17
|
+
.and_return(resource)
|
|
18
|
+
|
|
19
|
+
allow(resource).to receive(:get).with('Content-Type' => 'application/x-yaml').and_return(
|
|
20
|
+
instance_double(RestClient::Response, "policy response", body: "- !host foo\n")
|
|
21
|
+
)
|
|
22
|
+
|
|
23
|
+
expect(api.fetch_policy('root', account: 'the-account')).to eq("- !host foo\n")
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
it "fetches the policy as JSON when requested" do
|
|
27
|
+
resource = instance_double(RestClient::Resource, "policy resource")
|
|
28
|
+
allow(api).to receive(:url_for)
|
|
29
|
+
.with(:policies_fetch_policy, 'the-credentials', 'the-account', 'root', { depth: 2, limit: 100 })
|
|
30
|
+
.and_return(resource)
|
|
31
|
+
|
|
32
|
+
allow(resource).to receive(:get).with('Content-Type' => 'application/json').and_return(
|
|
33
|
+
instance_double(RestClient::Response, "policy response", body: '[{"id":"cucumber:host:foo"}]')
|
|
34
|
+
)
|
|
35
|
+
|
|
36
|
+
expect(
|
|
37
|
+
api.fetch_policy('root', account: 'the-account', return_json: true, depth: 2, limit: 100)
|
|
38
|
+
).to eq('[{"id":"cucumber:host:foo"}]')
|
|
39
|
+
end
|
|
40
|
+
end
|
data/test.sh
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: conjur-api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.
|
|
4
|
+
version: 6.3.0.pre.811
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- CyberArk Maintainers
|
|
@@ -384,6 +384,7 @@ files:
|
|
|
384
384
|
- publish.sh
|
|
385
385
|
- spec/.conjurrc
|
|
386
386
|
- spec/api/host_factories_spec.rb
|
|
387
|
+
- spec/api/policies_spec.rb
|
|
387
388
|
- spec/api_spec.rb
|
|
388
389
|
- spec/authn_cert_spec.rb
|
|
389
390
|
- spec/base_object_spec.rb
|
|
@@ -418,7 +419,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
418
419
|
requirements:
|
|
419
420
|
- - ">="
|
|
420
421
|
- !ruby/object:Gem::Version
|
|
421
|
-
version: '
|
|
422
|
+
version: '3.3'
|
|
422
423
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
423
424
|
requirements:
|
|
424
425
|
- - ">="
|
|
@@ -458,6 +459,7 @@ test_files:
|
|
|
458
459
|
- features/variable_value.feature
|
|
459
460
|
- spec/.conjurrc
|
|
460
461
|
- spec/api/host_factories_spec.rb
|
|
462
|
+
- spec/api/policies_spec.rb
|
|
461
463
|
- spec/api_spec.rb
|
|
462
464
|
- spec/authn_cert_spec.rb
|
|
463
465
|
- spec/base_object_spec.rb
|