Hi Sara,
I think you’re very close with the syntax. I can suggest a couple of tweaks to try, and if that doesn’t work, I can show you how I tried this out with a curl command.
-
In example 1
, it looks like your endpoint is missing an actual policy. The endpoint should be:
https://$CONJUR_APPLIANCE_URL/policies/$CONJUR_ACCOUNT/policy/$POLICY
For example, if you originally loaded the policy that had variable definitions at the root
policy branch, then $POLICY would be root
. Otherwise, it’s your policy path (without
root
, that’s implicit in the path).
-
In example 2
, I think the variable name in your record shouldn’t have a leading /
,
but everything else looks good.
Example Variable Delete Using curl
:
Here’s an example using curl
. I’m using Conjur OSS, but the API should be the same for DAP.
Before Variable is Deleted:
Before the delete operation, I have 2 variables:
# conjur list variables | grep test-summon-init-app
"myConjurAccount:policy:test-summon-init-app-db",
"myConjurAccount:variable:test-summon-init-app-db/url",
"myConjurAccount:variable:test-summon-init-app-db/username",
#
The Delete YAML File:
- !delete
record: !variable test-summon-init-app-db/url
The Curl Command:
curl -H "$(conjur authn authenticate -H)" \
-X PATCH -d "$(< ./delete-sec-2.yml)" \
-k \
https://conjur-oss.conjur-oss.svc.cluster.local/policies/myConjurAccount/policy/root \
| jq .
After the Delete:
After the delete operation, the URL variable is now gone:
# conjur list variables | grep test-summon-init-app
"myConjurAccount:policy:test-summon-init-app-db",
"myConjurAccount:variable:test-summon-init-app-db/username",
#
Let us know if the above doesn’t help you with getting the variable cleanup to work.