diff --git a/conjurapi/authn.go b/conjurapi/authn.go index d32aed5..67f2471 100644 --- a/conjurapi/authn.go +++ b/conjurapi/authn.go @@ -314,3 +314,17 @@ func (c *Client) rotateAPIKey(roleID string) (*http.Response, error) { return c.SubmitRequest(req) } + +func (c *Client) PublicKeys(kind string, identifier string) ([]byte, error) { + req, err := c.PublicKeysRequest(kind, identifier) + if err != nil { + return nil, err + } + + res, err := c.SubmitRequest(req) + if err != nil { + return nil, err + } + + return response.DataResponse(res) +} diff --git a/conjurapi/authn_test.go b/conjurapi/authn_test.go index 704ab88..04cea22 100644 --- a/conjurapi/authn_test.go +++ b/conjurapi/authn_test.go @@ -594,3 +594,56 @@ func runChangeUserPasswordAssertions(t *testing.T, tc changeUserPasswordTestCase _, err = conjur.Authenticate(authn.LoginPair{Login: tc.login, APIKey: string(userAPIKey)}) assert.NoError(t, err) } + +var publicKeysTestPolicy = ` +- !user + id: alice + public_keys: + - ssh-rsa test-key-1 laptop + - ssh-rsa test-key-2 workstation +` + +type publicKeysTestCase struct { + name string + kind string + identifier string +} + +func TestClient_PublicKeys(t *testing.T) { + testCases := []publicKeysTestCase{ + { + name: "Display public keys", + kind: "user", + identifier: "alice", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + // SETUP + config := &Config{ + CredentialStorage: "none", + } + conjur, err := conjurSetup(config, publicKeysTestPolicy) + assert.NoError(t, err) + + // EXERCISE + runPublicKeysAssertions(t, tc, conjur) + }) + } +} + +func runPublicKeysAssertions(t *testing.T, tc publicKeysTestCase, conjur *Client) { + var publicKeys []byte + var err error + + publicKeys, err = conjur.PublicKeys(tc.kind, tc.identifier) + + assert.NoError(t, err) + + expectedOutput := `ssh-rsa test-key-1 laptop +ssh-rsa test-key-2 workstation +` + + assert.Equal(t, expectedOutput, string(publicKeys)) +} diff --git a/conjurapi/client.go b/conjurapi/client.go index 436aa91..b13e0b1 100644 --- a/conjurapi/client.go +++ b/conjurapi/client.go @@ -606,6 +606,11 @@ func (c *Client) CreateHostRequest(body string, token string) (*http.Request, er return request, nil } +func (c *Client) PublicKeysRequest(kind string, identifier string) (*http.Request, error) { + publicKeysURL := makeRouterURL(c.config.ApplianceURL, "public_keys", c.config.Account, kind, identifier) + return http.NewRequest("GET", publicKeysURL.String(), nil) +} + func (c *Client) createTokenURL() string { return makeRouterURL(c.config.ApplianceURL, "host_factory_tokens").String() }