conjur-api 4.31.0 → 5.0.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b84596e733b93800963e2ac84ea2fac5155a8b97
-  data.tar.gz: e16ebc289ad64de1e0b7725d1fb2707257bc17ea
+  metadata.gz: 1a5609c6a2c127ddc1329b71e59095309a270385
+  data.tar.gz: 9713764c3253c5a6a05a99633625a3d04c3068ee
 SHA512:
-  metadata.gz: bc34db065767e08c6287fb4c420e9e86c21a57201d9398e250d6dfe1bea6006c3271d6751d90ad362d9ce3d6ba2e35ceb29199a6f5b5fcaa27f4d0c6a41b490c
-  data.tar.gz: 0a33fc0d59135d23dfa9bc1d79371a403f82c5619fab374da83bc1ab00ce8ec7e0799d8bc888aba01b6d347333bd10e5a6f59f8d18ff569cf87d0f3453c81709
+  metadata.gz: 54b5a236b0182ed7ebfbbe7ef8f8fc180ad7218bea1f87c6b936cb7f34f60c7963802d4a998968dcbcb721684a78b098977afb9fcc071e83bc8a45524c2dca5a
+  data.tar.gz: c317b6dae1449391385a9167633107f40192fe53a4233c57985e2fb2226143d1bbd800147d6a8107e5e68b4e09c1667e947565f1677ff5f76af434bfe9dda5eb

data/.dockerignore

@@ -0,0 +1 @@
+Gemfile.lock

data/.gitignore

@@ -1,4 +1,5 @@
 features/reports
+dev/data_key
 .DS_Store
 build_number
 *.gem

data/CHANGELOG.md

@@ -1,3 +1,22 @@
+# Latest
+
+# v5.0.0-rc.1
+
+* Provides compatibility with [cyberark/conjur](https://github.com/cyberark/conjur), Conjur 5 CE.
+* Changed license to Apache 2.0
+
+# v5.0.0-beta.4
+
+* Support for batch secret retrieval.
+
+# v5.0.0-beta.3
+
+* Removed hard dependency on older version of `rest-client` gem.
+
+# v5.0.0-beta.1
+
+* Migrated to be compatible with Conjur 5 API.
+
 # v4.31.0
 
 * Internal refactor to improve performance and facilitate caching.
@@ -37,7 +56,7 @@ On older server versions, the new options will be ignored by the server.
 
 * Add `Conjur::API#ldap_sync_policy` to fetch the policy to use to
   bring Conjur and the LDAP server into sync.
-  
+
 * Remove `Conjur::API#ldap_sync_now` and `Conjur::API#ldap_sync_jobs`
 
 # v4.27.0
@@ -137,7 +156,7 @@ occurs before the Conjur 4.5 server that implements `elevate` is released.
 
 # v4.16.0
   * Add ssl_certificate option to allow certs to be provided as strings (helpful in heroku)
-  * Add `Conjur::Configuration#apply_cert_config!` method to add certs from `#cert_file` and `#ssl_certificate` 
+  * Add `Conjur::Configuration#apply_cert_config!` method to add certs from `#cert_file` and `#ssl_certificate`
      to the default cert store.
 # v4.15.0
  * Extensive documentation improvements
@@ -178,6 +197,6 @@ occurs before the Conjur 4.5 server that implements `elevate` is released.
 * Tests use Rspec v3 and reset configuration between test cases
 
 
-# v.4.10.1 
+# v.4.10.1
 * Resource#exists? returns true if access to resource is forbidden
 * Thread-local configuration for working with different endpoints

data/Dockerfile

@@ -1,4 +1,13 @@
-FROM ruby:1.9.3
+FROM ruby:2.3
 
-RUN mkdir /src
-WORKDIR /src
+WORKDIR /src/conjur-api
+
+COPY Gemfile conjur-api.gemspec ./
+COPY lib/conjur-api/version.rb ./lib/conjur-api/
+
+RUN bundle
+
+COPY . ./
+
+ENTRYPOINT ["/usr/local/bin/bundle", "exec"]
+CMD ["rake", "jenkins"]

data/Gemfile

@@ -1,11 +1,11 @@
 source 'https://rubygems.org'
 
-#ruby=ruby-2.2.5
+#ruby=ruby-2.3
 #ruby-gemset=conjur-api
 
 # Specify your gem's dependencies in conjur-api.gemspec
 gemspec
 
-group :development do
-  gem 'pry-byebug'
+group :test do
+  gem 'simplecov', require: false
 end

data/Jenkinsfile

@@ -0,0 +1,69 @@
+#!/usr/bin/env groovy
+
+pipeline {
+  agent { label 'executor-v2' }
+
+  options {
+    timestamps()
+    buildDiscarder(logRotator(numToKeepStr: '30'))
+  }
+
+  stages {
+    stage('Test') {
+      steps {
+        milestone(1)
+        sh './test.sh'
+
+        junit 'spec/reports/*.xml'
+        junit 'features/reports/*.xml'
+      }
+    }
+
+    // Only publish to RubyGems if branch is 'master'
+    // AND someone confirms this stage within 5 minutes
+    stage('Publish to RubyGems?') {
+      agent { label 'releaser-v2' }
+
+      when {
+        allOf {
+          branch 'master'
+          expression {
+            boolean publish = false
+
+            if (env.PUBLISH_GEM == "true") {
+                return true
+            }
+
+            try {
+              timeout(time: 5, unit: 'MINUTES') {
+                input(message: 'Publish to RubyGems?')
+                publish = true
+              }
+            } catch (final ignore) {
+              publish = false
+            }
+
+            return publish
+          }
+        }
+      }
+      steps {
+        sh './publish.sh'
+        // Clean up
+        sh 'docker run -i --rm -v $PWD:/src -w /src alpine/git clean -fxd'
+      }
+    }
+  }
+
+  post {
+    always {
+      sh 'docker run -i --rm -v $PWD:/src -w /src alpine/git clean -fxd'
+    }
+    failure {
+      slackSend(color: 'danger', message: "${env.JOB_NAME} #${env.BUILD_NUMBER} FAILURE (<${env.BUILD_URL}|Open>)")
+    }
+    unstable {
+      slackSend(color: 'warning', message: "${env.JOB_NAME} #${env.BUILD_NUMBER} UNSTABLE (<${env.BUILD_URL}|Open>)")
+    }
+  }
+}

data/LICENSE.md

@@ -0,0 +1,195 @@
+Apache License
+==============
+
+_Version 2.0, January 2004_  
+_&lt;<http://www.apache.org/licenses/>&gt;_
+
+### Terms and Conditions for use, reproduction, and distribution
+
+#### 1. Definitions
+
+“License” shall mean the terms and conditions for use, reproduction, and
+distribution as defined by Sections 1 through 9 of this document.
+
+“Licensor” shall mean the copyright owner or entity authorized by the copyright
+owner that is granting the License.
+
+“Legal Entity” shall mean the union of the acting entity and all other entities
+that control, are controlled by, or are under common control with that entity.
+For the purposes of this definition, “control” means **(i)** the power, direct or
+indirect, to cause the direction or management of such entity, whether by
+contract or otherwise, or **(ii)** ownership of fifty percent (50%) or more of the
+outstanding shares, or **(iii)** beneficial ownership of such entity.
+
+“You” (or “Your”) shall mean an individual or Legal Entity exercising
+permissions granted by this License.
+
+“Source” form shall mean the preferred form for making modifications, including
+but not limited to software source code, documentation source, and configuration
+files.
+
+“Object” form shall mean any form resulting from mechanical transformation or
+translation of a Source form, including but not limited to compiled object code,
+generated documentation, and conversions to other media types.
+
+“Work” shall mean the work of authorship, whether in Source or Object form, made
+available under the License, as indicated by a copyright notice that is included
+in or attached to the work (an example is provided in the Appendix below).
+
+“Derivative Works” shall mean any work, whether in Source or Object form, that
+is based on (or derived from) the Work and for which the editorial revisions,
+annotations, elaborations, or other modifications represent, as a whole, an
+original work of authorship. For the purposes of this License, Derivative Works
+shall not include works that remain separable from, or merely link (or bind by
+name) to the interfaces of, the Work and Derivative Works thereof.
+
+“Contribution” shall mean any work of authorship, including the original version
+of the Work and any modifications or additions to that Work or Derivative Works
+thereof, that is intentionally submitted to Licensor for inclusion in the Work
+by the copyright owner or by an individual or Legal Entity authorized to submit
+on behalf of the copyright owner. For the purposes of this definition,
+“submitted” means any form of electronic, verbal, or written communication sent
+to the Licensor or its representatives, including but not limited to
+communication on electronic mailing lists, source code control systems, and
+issue tracking systems that are managed by, or on behalf of, the Licensor for
+the purpose of discussing and improving the Work, but excluding communication
+that is conspicuously marked or otherwise designated in writing by the copyright
+owner as “Not a Contribution.”
+
+“Contributor” shall mean Licensor and any individual or Legal Entity on behalf
+of whom a Contribution has been received by Licensor and subsequently
+incorporated within the Work.
+
+#### 2. Grant of Copyright License
+
+Subject to the terms and conditions of this License, each Contributor hereby
+grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
+irrevocable copyright license to reproduce, prepare Derivative Works of,
+publicly display, publicly perform, sublicense, and distribute the Work and such
+Derivative Works in Source or Object form.
+
+#### 3. Grant of Patent License
+
+Subject to the terms and conditions of this License, each Contributor hereby
+grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
+irrevocable (except as stated in this section) patent license to make, have
+made, use, offer to sell, sell, import, and otherwise transfer the Work, where
+such license applies only to those patent claims licensable by such Contributor
+that are necessarily infringed by their Contribution(s) alone or by combination
+of their Contribution(s) with the Work to which such Contribution(s) was
+submitted. If You institute patent litigation against any entity (including a
+cross-claim or counterclaim in a lawsuit) alleging that the Work or a
+Contribution incorporated within the Work constitutes direct or contributory
+patent infringement, then any patent licenses granted to You under this License
+for that Work shall terminate as of the date such litigation is filed.
+
+#### 4. Redistribution
+
+You may reproduce and distribute copies of the Work or Derivative Works thereof
+in any medium, with or without modifications, and in Source or Object form,
+provided that You meet the following conditions:
+
+* **(a)** You must give any other recipients of the Work or Derivative Works a copy of
+this License; and
+* **(b)** You must cause any modified files to carry prominent notices stating that You
+changed the files; and
+* **(c)** You must retain, in the Source form of any Derivative Works that You distribute,
+all copyright, patent, trademark, and attribution notices from the Source form
+of the Work, excluding those notices that do not pertain to any part of the
+Derivative Works; and
+* **(d)** If the Work includes a “NOTICE” text file as part of its distribution, then any
+Derivative Works that You distribute must include a readable copy of the
+attribution notices contained within such NOTICE file, excluding those notices
+that do not pertain to any part of the Derivative Works, in at least one of the
+following places: within a NOTICE text file distributed as part of the
+Derivative Works; within the Source form or documentation, if provided along
+with the Derivative Works; or, within a display generated by the Derivative
+Works, if and wherever such third-party notices normally appear. The contents of
+the NOTICE file are for informational purposes only and do not modify the
+License. You may add Your own attribution notices within Derivative Works that
+You distribute, alongside or as an addendum to the NOTICE text from the Work,
+provided that such additional attribution notices cannot be construed as
+modifying the License.
+
+You may add Your own copyright statement to Your modifications and may provide
+additional or different license terms and conditions for use, reproduction, or
+distribution of Your modifications, or for any such Derivative Works as a whole,
+provided Your use, reproduction, and distribution of the Work otherwise complies
+with the conditions stated in this License.
+
+#### 5. Submission of Contributions
+
+Unless You explicitly state otherwise, any Contribution intentionally submitted
+for inclusion in the Work by You to the Licensor shall be under the terms and
+conditions of this License, without any additional terms or conditions.
+Notwithstanding the above, nothing herein shall supersede or modify the terms of
+any separate license agreement you may have executed with Licensor regarding
+such Contributions.
+
+#### 6. Trademarks
+
+This License does not grant permission to use the trade names, trademarks,
+service marks, or product names of the Licensor, except as required for
+reasonable and customary use in describing the origin of the Work and
+reproducing the content of the NOTICE file.
+
+#### 7. Disclaimer of Warranty
+
+Unless required by applicable law or agreed to in writing, Licensor provides the
+Work (and each Contributor provides its Contributions) on an “AS IS” BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied,
+including, without limitation, any warranties or conditions of TITLE,
+NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are
+solely responsible for determining the appropriateness of using or
+redistributing the Work and assume any risks associated with Your exercise of
+permissions under this License.
+
+#### 8. Limitation of Liability
+
+In no event and under no legal theory, whether in tort (including negligence),
+contract, or otherwise, unless required by applicable law (such as deliberate
+and grossly negligent acts) or agreed to in writing, shall any Contributor be
+liable to You for damages, including any direct, indirect, special, incidental,
+or consequential damages of any character arising as a result of this License or
+out of the use or inability to use the Work (including but not limited to
+damages for loss of goodwill, work stoppage, computer failure or malfunction, or
+any and all other commercial damages or losses), even if such Contributor has
+been advised of the possibility of such damages.
+
+#### 9. Accepting Warranty or Additional Liability
+
+While redistributing the Work or Derivative Works thereof, You may choose to
+offer, and charge a fee for, acceptance of support, warranty, indemnity, or
+other liability obligations and/or rights consistent with this License. However,
+in accepting such obligations, You may act only on Your own behalf and on Your
+sole responsibility, not on behalf of any other Contributor, and only if You
+agree to indemnify, defend, and hold each Contributor harmless for any liability
+incurred by, or claims asserted against, such Contributor by reason of your
+accepting any such warranty or additional liability.
+
+_END OF TERMS AND CONDITIONS_
+
+### APPENDIX: How to apply the Apache License to your work
+
+To apply the Apache License to your work, attach the following boilerplate
+notice, with the fields enclosed by brackets `[]` replaced with your own
+identifying information. (Don't include the brackets!) The text should be
+enclosed in the appropriate comment syntax for the file format. We also
+recommend that a file or class name and description of purpose be included on
+the same “printed page” as the copyright notice for easier identification within
+third-party archives.
+
+    Copyright [yyyy] [name of copyright owner]
+    
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+    
+      http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+

data/README.md

@@ -102,3 +102,19 @@ prefixed with `host/`. For example: `host/myhost.example.com`, not just `myhost.
 3. Commit your changes (`git commit -am 'Added some feature'`)
 4. Push to the branch (`git push origin my-new-feature`)
 5. Create new Pull Request
+
+## License
+
+Copyright 2016-2017 CyberArk
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this software except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/Rakefile

@@ -1,25 +1,41 @@
 #!/usr/bin/env rake
 require "bundler/gem_tasks"
-require "yard"
-require 'ci/reporter/rake/rspec'
-require 'cucumber'
-require 'cucumber/rake/task'
-require 'rspec/core/rake_task'
 
-RSpec::Core::RakeTask.new :spec
-Cucumber::Rake::Task.new :features
-YARD::Rake::YardocTask.new(:yard)
+begin
+  require 'rspec/core/rake_task'
+  RSpec::Core::RakeTask.new :spec
+rescue LoadError
+  warn "rspec-core not found, rspec task will be unavailable"
+end
+
+begin
+  require "yard"
+  YARD::Rake::YardocTask.new(:yard)
+rescue LoadError
+  warn "yard not found, yard task will be unavailable"
+end
+
+require 'fileutils'
+task(:init_coverage) { FileUtils.rm_rf 'coverage' }
+task(:cuke_report_cleanup) { FileUtils.rm_rf 'features/reports' }
+
+begin
+  require 'cucumber'
+  require 'cucumber/rake/task'
+
+  Cucumber::Rake::Task.new(:cucumber) do |t|
+    t.cucumber_opts = "--tags ~@wip --format pretty --format junit --out features/reports"
+  end
 
-task :jenkins => ['ci:setup:rspec', :spec] do
-  if ENV['BUILD_NUMBER']
-    File.write('build_number', ENV['BUILD_NUMBER'])
+  begin
+    require 'ci/reporter/rake/rspec'
+    desc "Run the spec and cucumber suites, compute the test results and coverage statistics, build Yard docs"
+    task :jenkins => [:init_coverage, :"ci:setup:rspec", :spec, :cuke_report_cleanup, :cucumber, :yard]
+    task default: [ :jenkins ]
+  rescue LoadError
+    warn "ci_reporter_rspec not found, jenkins task will be unavailable"
   end
-  require 'fileutils'
-  FileUtils.rm_rf 'features/reports'
-  Cucumber::Rake::Task.new do |t|
-    t.cucumber_opts = "--tags ~@real-api --format pretty --format junit --out features/reports"
-  end.runner.run
-  Rake::Task["yard"].invoke
+rescue LoadError
+  warn "cucumber not found, cucumber task will be unavailable"
 end
 
-task default: [:spec, :features]

data/ci/wait_for_server.sh

@@ -0,0 +1,10 @@
+#!/bin/bash -e
+
+for _ in $(seq 20); do
+  curl -o /dev/null -fs -X OPTIONS http://conjur > /dev/null && break
+  echo .
+  sleep 2
+done
+
+# So we fail if the server isn't up yet:
+curl -o /dev/null -fs -X OPTIONS http://conjur > /dev/null

data/conjur-api.gemspec

@@ -6,8 +6,8 @@ Gem::Specification.new do |gem|
   gem.email         = ["rafal@conjur.net","kgilpin@conjur.net"]
   gem.description   = %q{Conjur API}
   gem.summary       = %q{Conjur API}
-  gem.homepage      = "https://github.com/conjurinc/api-ruby/"
-  gem.license       = "MIT"
+  gem.homepage      = "https://github.com/cyberark/conjur-api-ruby/"
+  gem.license       = "Apache-2.0"
 
   gem.files         = `git ls-files`.split($\) + Dir['build_number']
   gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
@@ -18,27 +18,19 @@ Gem::Specification.new do |gem|
 
   gem.required_ruby_version = '>= 1.9'
 
-  
-  gem.add_dependency 'rest-client', '~> 1.7', '>= 1.7.3'
+  gem.add_dependency 'rest-client'
   gem.add_dependency 'activesupport'
-  gem.add_dependency 'semantic'
-  
+
   gem.add_development_dependency 'rake', '~> 10.0'
-  gem.add_development_dependency 'spork'
   gem.add_development_dependency 'rspec', '~> 3'
   gem.add_development_dependency 'rspec-expectations', '~> 3.4'
-  gem.add_development_dependency 'webmock'
-  gem.add_development_dependency 'aruba', '~> 0.12.0'
+  gem.add_development_dependency 'json_spec'
   gem.add_development_dependency 'cucumber'
-  gem.add_development_dependency 'conjur-cli'
-  gem.add_development_dependency 'conjur-debify'
   gem.add_development_dependency 'ci_reporter_rspec'
   gem.add_development_dependency 'simplecov'
   gem.add_development_dependency 'io-grab'
   gem.add_development_dependency 'rdoc'
   gem.add_development_dependency 'yard'
-  gem.add_development_dependency 'redcarpet'
-  gem.add_development_dependency 'tins', '~> 1.6', '< 1.7.0'
-  gem.add_development_dependency 'inch'
   gem.add_development_dependency 'fakefs'
+  gem.add_development_dependency 'pry-byebug'
 end

data/dev/docker-compose.yml

@@ -0,0 +1,23 @@
+version: '2'
+services:
+  postgres:
+    image: postgres:9.3
+
+  conjur:
+    command: server -a cucumber -f /run/empty.yml
+    environment:
+      DATABASE_URL: postgres://postgres@pg/postgres
+      CONJUR_ADMIN_PASSWORD: admin
+      CONJUR_DATA_KEY:
+    volumes:
+    - ./empty.yml:/run/empty.yml:ro
+
+  conjur-cli:
+    build: ..
+    entrypoint: sleep
+    command: infinity
+    environment:
+      CONJUR_APPLIANCE_URL: http://conjur
+      CONJUR_ACCOUNT: cucumber
+    volumes:
+      - ..:/src/conjur-api-ruby

data/dev/empty.yml

@@ -0,0 +1,2 @@
+---
+[]

data/dev/start.sh

@@ -0,0 +1,15 @@
+#!/bin/bash -ex
+
+export COMPOSE_PROJECT_NAME=apirubydev
+
+docker-compose build
+
+if [ ! -f data_key ]; then
+	echo "Generating data key"
+	docker-compose run --no-deps --rm --entrypoint conjur conjurctl data-key generate > data_key
+fi
+
+export CONJUR_DATA_KEY="$(cat data_key)"
+
+docker-compose up -d
+docker-compose exec cli bash

data/dev/stop.sh

@@ -0,0 +1,6 @@
+#!/bin/bash -ex
+
+export COMPOSE_PROJECT_NAME=apirubydev
+
+docker-compose stop
+docker-compose rm -f

data/docker-compose.yml

@@ -0,0 +1,27 @@
+version: '2.1'
+services:
+  postgres:
+    image: postgres:9.3
+
+  conjur:
+    image: registry.tld/cyberark/conjur:0.1.0-stable
+    command: server -a cucumber
+    environment:
+      DATABASE_URL: postgres://postgres@postgres/postgres
+      CONJUR_DATA_KEY: 'WMfApcDBtocRWV+ZSUP3Tjr5XNU+Z2FdBb6BEezejIs='
+    depends_on:
+      - postgres
+    # healthcheck:
+    #   test: ['CMD', 'curl', '-f', '-X OPTIONS', 'http://localhost']
+    #   interval: 2s
+    #   timeout: 1s
+    #   retries: 5
+
+  tester:
+    build: .
+    volumes:
+      - ./spec/reports:/src/conjur-api/spec/reports
+      - ./features/reports:/src/conjur-api/features/reports
+    environment:
+      CONJUR_APPLIANCE_URL: http://conjur
+      CONJUR_ACCOUNT: cucumber

data/features/exists.feature

@@ -0,0 +1,37 @@
+Feature: Check if an object exists.
+
+  Background:
+    Given I run the code:
+    """
+    $conjur.load_policy 'root', <<-POLICY
+    - !group developers
+    POLICY
+    """
+
+  Scenario: A created group resource exists
+    When I run the code:
+    """
+    $conjur.resource('cucumber:group:developers').exists?
+    """
+    Then the result should be "true"
+
+  Scenario: An un-created resource doesn't exist
+    When I run the code:
+    """
+    $conjur.resource('cucumber:food:bacon').exists?
+    """
+    Then the result should be "false"
+
+  Scenario: A created group role exists
+    When I run the code:
+    """
+    $conjur.role('cucumber:group:developers').exists?
+    """
+    Then the result should be "true"
+
+  Scenario: An un-created role doesn't exist
+    When I run the code:
+    """
+    $conjur.role('cucumber:food:bacon').exists?
+    """
+    Then the result should be "false"

data/features/group.feature

@@ -0,0 +1,11 @@
+Feature: Display Group object fields.
+
+  Background:
+    Given a new group
+
+  Scenario: Group has a gidnumber.
+    Then I run the code:
+    """
+    @group.gidnumber
+    """
+    Then the result should be "1000"

data/features/host.feature

@@ -0,0 +1,20 @@
+Feature: Display Host object fields.
+
+  Background:
+    Given a new host
+
+  Scenario: API key of a newly created host is available and valid.
+    Then I run the code:
+    """
+    expect(@host.exists?).to be(true)
+    expect(@host.api_key).to be
+    Conjur::API.new_from_key(@host.login, @host.api_key).token
+    """
+
+  Scenario: API key of a a host can be rotated.
+    Then I run the code:
+    """
+    host = Conjur::API.new_from_key(@host.login, @host.api_key).resource(@host.id)
+    api_key = host.rotate_api_key
+    Conjur::API.new_from_key(@host.login, api_key).token
+    """