Delete Variable from DAP via REST API

Sara · December 11, 2020, 8:56pm

Hi! We recently had a requirement to rename an object in DAP that had already synced from CyberArk.

Due to this I now have a few stale variables that I’d like to delete.

I’ve created a delete yml file, yet whenever I try to load it I get ‘object not found’. It appears that my endpoint is off. I’ve tried various possibilities. I’m loading this under the Delete Method.

example 1:

!delete
record: !variable test-vault/LOB_Test/SafeName/accountName/password

https://$CONJUR_APPLIANCE_URL/policies/$CONJUR_ACCOUNT/policy/

example 2:

!delete
record: !variable /SafeName/accountName/password

https://$CONJUR_APPLIANCE_URL/policies/$CONJUR_ACCOUNT/policy/test-vault/LOB_Test

Any advice would be appreciated!

dane · December 14, 2020, 11:18pm

Hi Sara,

I think you’re very close with the syntax. I can suggest a couple of tweaks to try, and if that doesn’t work, I can show you how I tried this out with a curl command.

In example 1, it looks like your endpoint is missing an actual policy. The endpoint should be:
```
https://$CONJUR_APPLIANCE_URL/policies/$CONJUR_ACCOUNT/policy/$POLICY
```
For example, if you originally loaded the policy that had variable definitions at the root
policy branch, then $POLICY would be root. Otherwise, it’s your policy path (without
root, that’s implicit in the path).
In example 2, I think the variable name in your record shouldn’t have a leading /,
but everything else looks good.

Example Variable Delete Using `curl`:

Here’s an example using curl. I’m using Conjur OSS, but the API should be the same for DAP.

Before Variable is Deleted:

Before the delete operation, I have 2 variables:

# conjur list variables | grep test-summon-init-app   
  "myConjurAccount:policy:test-summon-init-app-db",
  "myConjurAccount:variable:test-summon-init-app-db/url",
  "myConjurAccount:variable:test-summon-init-app-db/username",
#

The Delete YAML File:

- !delete
  record: !variable test-summon-init-app-db/url

The Curl Command:

curl -H "$(conjur authn authenticate -H)" \
     -X PATCH -d "$(< ./delete-sec-2.yml)" \
     -k \
     https://conjur-oss.conjur-oss.svc.cluster.local/policies/myConjurAccount/policy/root \
     | jq .

After the Delete:

After the delete operation, the URL variable is now gone:

# conjur list variables | grep test-summon-init-app
  "myConjurAccount:policy:test-summon-init-app-db",
  "myConjurAccount:variable:test-summon-init-app-db/username",
#

Let us know if the above doesn’t help you with getting the variable cleanup to work.

Dane

Sara · December 15, 2020, 9:45pm

Hi Dane

Thanks for the thoughtful reply - I was able to get this working right away.

The Delete YAML File

- !delete
   record: !variable test-summon-init-app-db/url

The API Call Using Powershell

Invoke-WebRequest -Uri “https://$CONJUR_APPLIANCE_URL/policies/$CONJUR_ACCOUNT/policy/root” -Headers $Header -Body $content -Method Patch

The method and appending root to the end of the URI were key in getting this working.
($content is the YAML file, $Header contains the token)

Thanks so much!!

system · December 22, 2020, 9:45pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Policy cleanup Secrets Management - Conjur, Secrets Hub & CP	2	1425	August 29, 2019
How to delete a user Secrets Management - Conjur, Secrets Hub & CP	3	1028	October 23, 2020
Trouble deleting a mistake host entry Conjur Enterprise	4	989	May 26, 2020
Policy Management Secrets Management - Conjur, Secrets Hub & CP	1	369	August 30, 2019
Removing a LOB access to a Vault safe (Enterprise DAP) Conjur Enterprise	5	775	June 15, 2020