Logo: Relish

  1. Sign in

Project: Possum-api

Publisher: Conjur

RBAC privileges control whether a role can update and/or fetch a secret.

Background
Given
I create a new resource
And
a new user "bob"
And
I create 1 secret values
Scenarios
  1. Fetching a secret as an unauthorized user results in a 403 error.
  2. Updating a secret as an unauthorized user results in a 403 error.
  3. A foreign role can be granted permission to fetch a secret.
  4. A foreign role can be granted permission to update a secret.
Fetching a secret as an unauthorized user results in a 403 error.
Given
I login as "bob"
When
I GET "/secrets/:account/:resource_kind/:resource_id"
Then
it's forbidden
Updating a secret as an unauthorized user results in a 403 error.
Given
I login as "bob"
When
I POST "/secrets/:account/:resource_kind/:resource_id" with parameters: 
v-1
Then
it's forbidden
A foreign role can be granted permission to fetch a secret.

The execute privilege can be granted to any role to allow it to fetch a secret.

Given
I permit user "bob" to "execute" it
And
I login as "bob"
Then
I can GET "/secrets/:account/:resource_kind/:resource_id"
A foreign role can be granted permission to update a secret.

The update privilege can be granted to any role to allow it to update a secret.

Given
I permit user "bob" to "update" it
When
I login as "bob"
Then
I can POST "/secrets/:account/:resource_kind/:resource_id" with parameters: 
v-1

Last published about 4 years ago by Kevin Gilpin.