cf-uaa-lib 3.6.0 → 3.7.0

data/spec/integration_spec.rb

@@ -15,135 +15,198 @@ require 'spec_helper'
 require 'uaa'
 require 'pp'
 
-# Example config for integration tests with defaults:
-#    ENV["UAA_CLIENT_ID"] = "admin"
-#    ENV["UAA_CLIENT_SECRET"] = "adminsecret"
-#    ENV["UAA_CLIENT_TARGET"] = "http://localhost:8080/uaa"
+# ENV['UAA_CLIENT_ID'] = 'admin'
+# ENV['UAA_CLIENT_SECRET'] = 'admin_secret'
+# ENV['UAA_CLIENT_TARGET'] = 'https://login.identity.cf-app.com'
+# ENV['UAA_CLIENT_TARGET'] = 'http://localhost:8080/uaa'
 
-module CF::UAA
+#Set this variable if you want to test skip_ssl_validation option.
+#Make sure that  UAA_CLIENT_TARGET points to https endpoint with self-signed certificate.
+#It will run  all the tests with ssl validation set to false
+# ENV['SKIP_SSL_VALIDATION'] = 'yes'
 
-if ENV["UAA_CLIENT_TARGET"]
-
-describe "UAA Integration:" do
-
-  def create_test_client
-    toki = TokenIssuer.new(@target, @admin_client, @admin_secret)
-    cr = Scim.new(@target, toki.client_credentials_grant.auth_header, :symbolize_keys => true)
-    @test_client = "test_client_#{Time.now.to_i}"
-    @test_secret = "+=tEsTsEcRet~!@"
-    gids = ["clients.read", "scim.read", "scim.write", "uaa.resource", "password.write"]
-    new_client = cr.add(:client, :client_id => @test_client, :client_secret => @test_secret,
-          :authorities => gids, :authorized_grant_types => ["client_credentials", "password"],
-          :scope => ["openid", "password.write"])
-    new_client[:client_id].should == @test_client
-    @username = "sam_#{Time.now.to_i}"
-  end
+#Set this variable to test ssl_ca_file option.
+#Make sure that  UAA_CLIENT_TARGET points to https endpoint with self-signed certificate.
+# ENV['SSL_CA_FILE'] = '~/workspace/identity-cf.cert'
 
-  before :all do
-    #Util.default_logger(:trace)
-    @admin_client = ENV["UAA_CLIENT_ID"] || "admin"
-    @admin_secret = ENV["UAA_CLIENT_SECRET"] || "adminsecret"
-    @target = ENV["UAA_CLIENT_TARGET"]
-    @username = "sam_#{Time.now.to_i}"
-  end
+#Set this variable to test cert_store option.
+#Make sure that  UAA_CLIENT_TARGET points to https endpoint with self-signed certificate.
+# ENV['CERT_STORE'] = '~/workspace/identity-cf.cert'
 
-  it "should report the uaa client version" do
-    VERSION.should =~ /\d.\d.\d/
-  end
+module CF::UAA
 
-  it "makes sure the server is there by getting the prompts for an implicit grant" do
-    prompts = TokenIssuer.new(@target, @admin_client, @admin_secret).prompts
-    prompts.should_not be_nil
-  end
+  def self.admin_scim(options)
+    admin_client = ENV['UAA_CLIENT_ID'] || 'admin'
+    admin_secret = ENV['UAA_CLIENT_SECRET'] || 'adminsecret'
+    target = ENV['UAA_CLIENT_TARGET']
 
-  it "gets a token with client credentials" do
-    tkn = TokenIssuer.new(@target, @admin_client, @admin_secret).client_credentials_grant
-    tkn.auth_header.should =~ /^bearer\s/i
-    info = TokenCoder.decode(tkn.info["access_token"], :verify => false, :symbolize_keys => true)
-    info[:exp].should be
-    info[:jti].should be
+    admin_token_issuer = TokenIssuer.new(target, admin_client, admin_secret, options)
+    Scim.new(target, admin_token_issuer.client_credentials_grant.auth_header, options.merge(:symbolize_keys => true))
   end
 
-  context "as a client," do
-
-    before :all do
-      create_test_client
-      toki = TokenIssuer.new(@target, @test_client, @test_secret)
-      @scim = Scim.new(@target, toki.client_credentials_grant.auth_header, :symbolize_keys => true)
-      @user_pwd = "sam's P@55w0rd~!`@\#\$%^&*()_/{}[]\\|:\";',.<>?/"
-      usr = @scim.add(:user, :username => @username, :password => @user_pwd,
-          :emails => [{:value => "sam@example.com"}],
-          :name => {:givenname => "none", :familyname => "none"})
-      @user_id = usr[:id]
-    end
+  if ENV['UAA_CLIENT_TARGET']
+    describe 'UAA Integration:' do
+
+      let(:options)  { @options }
+      let(:token_issuer) { TokenIssuer.new(@target, @test_client, @test_secret, options) }
+      let(:scim) { Scim.new(@target, token_issuer.client_credentials_grant.auth_header, options.merge(:symbolize_keys => true)) }
+
+      before :all do
+        @options = {}
+        if ENV['SKIP_SSL_VALIDATION']
+          @options = {:skip_ssl_validation => true}
+        end
+        @target = ENV['UAA_CLIENT_TARGET']
+        @test_client = "test_client_#{Time.now.to_i}"
+        @test_secret = '+=tEsTsEcRet~!@'
+        gids = ['clients.read', 'scim.read', 'scim.write', 'uaa.resource', 'password.write']
+        test_client = CF::UAA::admin_scim(@options).add(:client, :client_id => @test_client, :client_secret => @test_secret,
+                                     :authorities => gids, :authorized_grant_types => ['client_credentials', 'password'],
+                                     :scope => ['openid', 'password.write'])
+        expect(test_client[:client_id]).to eq(@test_client)
+      end
 
-    after :all do
-      # TODO: delete user, delete test client
-    end
+      after :all do
+        admin_scim = CF::UAA::admin_scim(@options)
+        admin_scim.delete(:client, @test_client)
+        expect { admin_scim.id(:client, @test_client) }.to raise_exception(NotFound)
+      end
 
-    it "creates a user" do
-      @user_id.should be
-    end
+      if ENV['SKIP_SSL_VALIDATION']
+        context 'when ssl certificate is self-signed' do
+          let(:options)  { {:skip_ssl_validation => false} }
 
-    it "finds the user by name" do
-      @scim.id(:user, @username).should == @user_id
-    end
+          it 'fails if skip_ssl_validation is false' do
+            expect{ scim }.to raise_exception(CF::UAA::SSLException)
+          end
+        end
+      end
 
-    it "gets the user by id" do
-      user_info = @scim.get(:user, @user_id)
-      user_info[:id].should == @user_id
-      user_info[:username].should == @username
-    end
+      if ENV['SSL_CA_FILE']
+        context 'when you do not skip SSL validation' do
+          context 'when you provide cert' do
+            let(:options)  { {:ssl_ca_file => ENV['SSL_CA_FILE']} }
 
-    it "gets a user token by an implicit grant" do
-      @toki = TokenIssuer.new(@target, "vmc")
-      token = @toki.implicit_grant_with_creds(:username => @username, :password => @user_pwd)
-      token.info["access_token"].should be
-      info = Misc.whoami(@target, token.auth_header)
-      info["user_name"].should == @username
-      contents = TokenCoder.decode(token.info["access_token"], :verify => false)
-      contents["user_name"].should == @username
-    end
+            it 'works' do
+              expect(token_issuer.prompts).to_not be_nil
+            end
+          end
 
-    it "changes the user's password by name" do
-      @scim.change_password(@scim.id(:user, @username), "newpassword")[:status].should == "ok"
-    end
+          context 'if you do not provide cert file' do
+            let(:options)  { {} }
 
-    it "lists all users" do
-      user_info = @scim.query(:user)
-      user_info.should_not be_nil
-    end
+            it 'fails' do
+              expect{ scim }.to raise_exception(CF::UAA::SSLException)
+            end
+          end
+        end
+      end
 
-    if ENV["UAA_CLIENT_LOGIN"]
-      it "should get a uri to be sent to the user agent to initiate autologin" do
-        logn = ENV["UAA_CLIENT_LOGIN"]
-        toki = TokenIssuer.new(logn, @test_client, @test_secret)
-        redir_uri = "http://call.back/uri_path"
-        uri_parts = toki.autologin_uri(redir_uri, :username => @username,
-            :password => "newpassword").split('?')
-        uri_parts[0].should == "#{logn}/oauth/authorize"
-        params = Util.decode_form(uri_parts[1], :sym)
-        params[:response_type].should == "code"
-        params[:client_id].should == @client_id
-        params[:scope].should be_nil
-        params[:redirect_uri].should == redir_uri
-        params[:state].should_not be_nil
-        params[:code].should_not be_nil
+      if ENV['CERT_STORE']
+        context 'when you do not skip SSL validation' do
+          context 'when you provide cert store' do
+            let(:cert_store) do
+              cert_store = OpenSSL::X509::Store.new
+              cert_store.add_file File.expand_path(ENV['CERT_STORE'])
+              cert_store
+            end
+
+            let(:options)  { {:ssl_cert_store => cert_store} }
+            it 'works' do
+              expect(token_issuer.prompts).to_not be_nil
+            end
+          end
+
+          context 'when you do not provide cert store' do
+            let(:options)  { {} }
+
+            it 'fails' do
+              expect{ scim }.to raise_exception(CF::UAA::SSLException)
+            end
+          end
+        end
       end
-    end
 
-    it "deletes the user" do
-      @scim.delete(:user, @user_id)
-      expect { @scim.id(:user, @username) }.to raise_exception(NotFound)
-      expect { @scim.get(:user, @user_id) }.to raise_exception(NotFound)
-    end
+      it 'should report the uaa client version' do
+        expect(VERSION).to match(/\d.\d.\d/)
+      end
 
-    it "complains about an attempt to delete a non-existent user" do
-      expect { @scim.delete(:user, "non-existent-user") }.to raise_exception(NotFound)
-    end
+      it 'makes sure the server is there by getting the prompts for an implicit grant' do
+        expect(token_issuer.prompts).to_not be_nil
+      end
 
-  end
+      it 'gets a token with client credentials' do
+        tkn = token_issuer.client_credentials_grant
+        expect(tkn.auth_header).to match(/^bearer\s/i)
+        info = TokenCoder.decode(tkn.info['access_token'], :verify => false, :symbolize_keys => true)
+        expect(info[:exp]).to be
+        expect(info[:jti]).to be
+      end
 
-end end
+      it 'complains about an attempt to delete a non-existent user' do
+        expect { scim.delete(:user, 'non-existent-user') }.to raise_exception(NotFound)
+      end
 
-end
+      context 'as a client' do
+        before :each do
+          @username = "sam_#{Time.now.to_i}"
+          @user_pwd = "sam's P@55w0rd~!`@\#\$%^&*()_/{}[]\\|:\";',.<>?/"
+          usr = scim.add(:user, :username => @username, :password => @user_pwd,
+                         :emails => [{:value => 'sam@example.com'}],
+                         :name => {:givenname => 'none', :familyname => 'none'})
+          @user_id = usr[:id]
+        end
+
+        it 'deletes the user' do
+          scim.delete(:user, @user_id)
+          expect { scim.id(:user, @username) }.to raise_exception(NotFound)
+          expect { scim.get(:user, @user_id) }.to raise_exception(NotFound)
+        end
+
+        context 'when user exists' do
+          after :each do
+            scim.delete(:user, @user_id)
+            expect { scim.id(:user, @username) }.to raise_exception(NotFound)
+            expect { scim.get(:user, @user_id) }.to raise_exception(NotFound)
+          end
+
+          it 'creates a user' do
+            expect(@user_id).to be
+          end
+
+          it 'finds the user by name' do
+            expect(scim.id(:user, @username)).to eq(@user_id)
+          end
+
+          it 'gets the user by id' do
+            user_info = scim.get(:user, @user_id)
+            expect(user_info[:id]).to eq(@user_id)
+            expect(user_info[:username]).to eq(@username)
+          end
+
+          it 'lists all users' do
+            expect(scim.query(:user)).to be
+          end
+
+          it "changes the user's password by name" do
+            expect(scim.change_password(scim.id(:user, @username), 'newpassword')[:status]).to eq('ok')
+          end
+
+          it 'should get a uri to be sent to the user agent to initiate autologin' do
+            redir_uri = 'http://call.back/uri_path'
+            uri_parts = token_issuer.autologin_uri(redir_uri, :username => @username,
+                                                   :password =>@user_pwd ).split('?')
+            expect(uri_parts[0]).to eq("#{ENV['UAA_CLIENT_TARGET']}/oauth/authorize")
+            params = Util.decode_form(uri_parts[1], :sym)
+            expect(params[:response_type]).to eq('code')
+            expect(params[:client_id]).to eq(@test_client)
+            expect(params[:scope]).to be_nil
+            expect(params[:redirect_uri]).to eq(redir_uri)
+            expect(params[:state]).to be
+            expect(params[:code]).to be
+          end
+        end
+      end
+    end
+  end
+end

data/spec/scim_spec.rb

@@ -23,86 +23,81 @@ describe Scim do
 
   before do
     #Util.default_logger(:trace)
-    @authheader, @target = "bEareR xyz", "https://test.target"
+    @authheader, @target = 'bEareR xyz', 'https://test.target'
     @scim = Scim.new(@target, @authheader, options)
   end
 
   subject { @scim }
 
   def check_headers(headers, content, accept, zone)
-    headers["content-type"].should =~ /application\/json/ if content == :json
-    headers["content-type"].should be_nil unless content
-    headers["accept"].should =~ /application\/json/ if accept == :json
-    headers["accept"].should be_nil unless accept
-    headers["authorization"].should =~ /^(?i:bearer)\s+xyz$/
-    headers["X-Identity-Zone-Subdomain"].should eq zone
+    headers['content-type'].should =~ /application\/json/ if content == :json
+    headers['content-type'].should be_nil unless content
+    headers['accept'].should =~ /application\/json/ if accept == :json
+    headers['accept'].should be_nil unless accept
+    headers['authorization'].should =~ /^(?i:bearer)\s+xyz$/
+    headers['X-Identity-Zone-Subdomain'].should eq zone
   end
 
-  describe "initialize" do
+  describe 'initialize' do
     let(:options) { {:http_proxy => 'http-proxy.com', :https_proxy => 'https-proxy.com', :skip_ssl_validation => true} }
 
-    it "sets proxy information" do
-      subject.http_proxy.should == 'http-proxy.com'
-      subject.https_proxy.should == 'https-proxy.com'
-    end
-
-    it "sets skip_ssl_validation" do
+    it 'sets skip_ssl_validation' do
       subject.skip_ssl_validation == true
     end
   end
 
-  it "adds an object" do
+  it 'adds an object' do
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/Users"
       method.should == :post
       check_headers(headers, :json, :json, nil)
-      [200, '{"ID":"id12345"}', {"content-type" => "application/json"}]
+      [200, '{"ID":"id12345"}', {'content-type' => 'application/json'}]
     end
-    result = subject.add(:user, :hair => "brown", :shoe_size => "large",
-        :eye_color => ["blue", "green"], :name => "fred")
-    result["id"].should == "id12345"
+    result = subject.add(:user, :hair => 'brown', :shoe_size => 'large',
+        :eye_color => ['blue', 'green'], :name => 'fred')
+    result['id'].should == 'id12345'
   end
 
-  it "replaces an object" do
-    obj = {:hair => "black", :shoe_size => "medium", :eye_color => ["hazel", "brown"],
-          :name => "fredrick", :meta => {:version => 'v567'}, :id => "id12345"}
+  it 'replaces an object' do
+    obj = {:hair => 'black', :shoe_size => 'medium', :eye_color => ['hazel', 'brown'],
+          :name => 'fredrick', :meta => {:version => 'v567'}, :id => 'id12345'}
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/Users/id12345"
       method.should == :put
       check_headers(headers, :json, :json, nil)
-      headers["if-match"].should == "v567"
-      [200, '{"ID":"id12345"}', {"content-type" => "application/json"}]
+      headers['if-match'].should == 'v567'
+      [200, '{"ID":"id12345"}', {'content-type' => 'application/json'}]
     end
     result = subject.put(:user, obj)
-    result["id"].should == "id12345"
+    result['id'].should == 'id12345'
   end
 
-  it "modifies an object" do
-    obj = {:hair => "black", :shoe_size => "medium", :eye_color => ["hazel", "brown"],
-          :name => "fredrick", :meta => {:version => 'v567'}, :id => "id12345"}
+  it 'modifies an object' do
+    obj = {:hair => 'black', :shoe_size => 'medium', :eye_color => ['hazel', 'brown'],
+          :name => 'fredrick', :meta => {:version => 'v567'}, :id => 'id12345'}
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/Users/id12345"
       method.should == :patch
       check_headers(headers, :json, :json, nil)
-      headers["if-match"].should == "v567"
-      [200, '{"ID":"id12345"}', {"content-type" => "application/json"}]
+      headers['if-match'].should == 'v567'
+      [200, '{"ID":"id12345"}', {'content-type' => 'application/json'}]
     end
     result = subject.patch(:user, obj)
-    result["id"].should == "id12345"
+    result['id'].should == 'id12345'
   end
 
-  it "gets an object" do
+  it 'gets an object' do
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/Users/id12345"
       method.should == :get
       check_headers(headers, nil, :json, nil)
-      [200, '{"id":"id12345"}', {"content-type" => "application/json"}]
+      [200, '{"id":"id12345"}', {'content-type' => 'application/json'}]
     end
-    result = subject.get(:user, "id12345")
-    result['id'].should == "id12345"
+    result = subject.get(:user, 'id12345')
+    result['id'].should == 'id12345'
   end
 
-  it "pages through all objects" do
+  it 'pages through all objects' do
     subject.set_request_handler do |url, method, body, headers|
       url.should =~ %r{^#{@target}/Users\?}
       url.should =~ %r{[\?&]attributes=id(&|$)}
@@ -112,10 +107,10 @@ describe Scim do
       reply = url =~ /startIndex=1/ ?
         '{"TotalResults":2,"ItemsPerPage":1,"StartIndex":1,"RESOURCES":[{"id":"id12345"}]}' :
         '{"TotalResults":2,"ItemsPerPage":1,"StartIndex":2,"RESOURCES":[{"id":"id67890"}]}'
-      [200, reply, {"content-type" => "application/json"}]
+      [200, reply, {'content-type' => 'application/json'}]
     end
     result = subject.all_pages(:user, :attributes => 'id')
-    [result[0]['id'], result[1]['id']].to_set.should == ["id12345", "id67890"].to_set
+    [result[0]['id'], result[1]['id']].to_set.should == ['id12345', 'id67890'].to_set
   end
 
   it "changes a user's password" do
@@ -124,10 +119,10 @@ describe Scim do
       method.should == :put
       check_headers(headers, :json, :json, nil)
       body.should include('"password":"newpwd"', '"oldPassword":"oldpwd"')
-      [200, '{"id":"id12345"}', {"content-type" => "application/json"}]
+      [200, '{"id":"id12345"}', {'content-type' => 'application/json'}]
     end
-    result = subject.change_password("id12345", "newpwd", "oldpwd")
-    result['id'].should == "id12345"
+    result = subject.change_password('id12345', 'newpwd', 'oldpwd')
+    result['id'].should == 'id12345'
   end
 
   it "tries to change the user's password to be the same as the old one" do
@@ -135,9 +130,9 @@ describe Scim do
       url.should == "#{@target}/Users/id12345/password"
       method.should == :put
       check_headers(headers, :json, :json, nil)
-      [400, '{"error":"invalid_password","message":"Your new password cannot be the same as the old password."}', {"content-type" => "application/json"}]
+      [400, '{"error":"invalid_password","message":"Your new password cannot be the same as the old password."}', {'content-type' => 'application/json'}]
     end
-    expect {subject.change_password("id12345", "oldpwd", "oldpwd")}.to raise_error(error=TargetError)
+    expect {subject.change_password('id12345', 'oldpwd', 'oldpwd')}.to raise_error(error=TargetError)
   end
 
   it "changes a client's secret" do
@@ -146,90 +141,90 @@ describe Scim do
       method.should == :put
       check_headers(headers, :json, :json, nil)
       body.should include('"secret":"newpwd"', '"oldSecret":"oldpwd"')
-      [200, '{"id":"id12345"}', {"content-type" => "application/json"}]
+      [200, '{"id":"id12345"}', {'content-type' => 'application/json'}]
     end
-    result = subject.change_secret("id12345", "newpwd", "oldpwd")
-    result['id'].should == "id12345"
+    result = subject.change_secret('id12345', 'newpwd', 'oldpwd')
+    result['id'].should == 'id12345'
   end
 
-  it "unlocks a user" do
+  it 'unlocks a user' do
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/Users/id12345/status"
       method.should == :patch
       check_headers(headers, :json, :json, nil)
       body.should include('"locked":false')
-      [200, '{"locked":false}', {"content-type" => "application/json"}]
+      [200, '{"locked":false}', {'content-type' => 'application/json'}]
     end
-    result = subject.unlock_user("id12345")
+    result = subject.unlock_user('id12345')
     result['locked'].should == false
   end
 
-  it "adds a mapping from uaa groups to external group" do
+  it 'adds a mapping from uaa groups to external group' do
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/Groups/External"
       method.should == :post
       check_headers(headers, :json, :json, nil)
       body.should include('"displayName":"uaa-scope-name"', '"externalGroup":"external-group-name"', '"schemas":["urn:scim:schemas:core:1.0"]', '"origin":"test-origin"')
-      [201, '{"displayName":"uaa-scope-name", "externalGroup": "external-group-name"}', {"content-type" => "application/json"}]
+      [201, '{"displayName":"uaa-scope-name", "externalGroup": "external-group-name"}', {'content-type' => 'application/json'}]
     end
-    result = subject.map_group("uaa-scope-name", false, "external-group-name", "test-origin")
-    result['displayname'].should == "uaa-scope-name"
-    result['externalgroup'].should == "external-group-name"
+    result = subject.map_group('uaa-scope-name', false, 'external-group-name', 'test-origin')
+    result['displayname'].should == 'uaa-scope-name'
+    result['externalgroup'].should == 'external-group-name'
   end
 
-  it "defaults to ldap origin when mapping a uaa group from an external group" do
+  it 'defaults to ldap origin when mapping a uaa group from an external group' do
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/Groups/External"
       method.should == :post
       check_headers(headers, :json, :json, nil)
       body.should include('"displayName":"uaa-scope-name"', '"externalGroup":"external-group-name"', '"schemas":["urn:scim:schemas:core:1.0"]', '"origin":"ldap"')
-      [201, '{"displayName":"uaa-scope-name", "externalGroup": "external-group-name"}', {"content-type" => "application/json"}]
+      [201, '{"displayName":"uaa-scope-name", "externalGroup": "external-group-name"}', {'content-type' => 'application/json'}]
     end
-    result = subject.map_group("uaa-scope-name", false, "external-group-name")
-    result['displayname'].should == "uaa-scope-name"
-    result['externalgroup'].should == "external-group-name"
+    result = subject.map_group('uaa-scope-name', false, 'external-group-name')
+    result['displayname'].should == 'uaa-scope-name'
+    result['externalgroup'].should == 'external-group-name'
   end
 
-  it "unmaps a uaa group from an external group" do
+  it 'unmaps a uaa group from an external group' do
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/Groups/External/groupId/uaa-group-id/externalGroup/external%20group%20name/origin/test-origin"
       method.should == :delete
       check_headers(headers, nil, nil, nil)
 
-      [200, '{"displayName":"uaa-scope-name", "groupId": "uaa-group-id", "externalGroup": "external-group-name"}', {"content-type" => "application/json"}]
+      [200, '{"displayName":"uaa-scope-name", "groupId": "uaa-group-id", "externalGroup": "external-group-name"}', {'content-type' => 'application/json'}]
     end
-    subject.unmap_group("uaa-group-id", "external group name", "test-origin")
+    subject.unmap_group('uaa-group-id', 'external group name', 'test-origin')
   end
 
-  it "defaults to ldap origin when unmapping a uaa group from an external group" do
+  it 'defaults to ldap origin when unmapping a uaa group from an external group' do
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/Groups/External/groupId/uaa-group-id/externalGroup/external%20group%20name/origin/ldap"
       method.should == :delete
       check_headers(headers, nil, nil, nil)
 
-      [200, '{"displayName":"uaa-scope-name", "groupId": "uaa-group-id", "externalGroup": "external-group-name"}', {"content-type" => "application/json"}]
+      [200, '{"displayName":"uaa-scope-name", "groupId": "uaa-group-id", "externalGroup": "external-group-name"}', {'content-type' => 'application/json'}]
     end
-    subject.unmap_group("uaa-group-id", "external group name")
+    subject.unmap_group('uaa-group-id', 'external group name')
   end
 
-  describe "users in a zone" do
+  describe 'users in a zone' do
     let(:options) { {:http_proxy => 'http-proxy.com', :https_proxy => 'https-proxy.com', :skip_ssl_validation => true, :zone => 'derpzone'} }
 
-    it "sends zone header" do
+    it 'sends zone header' do
         subject.set_request_handler do |url, method, body, headers|
           url.should == "#{@target}/Users"
           method.should == :post
           check_headers(headers, :json, :json, 'derpzone')
-          [200, '{"ID":"id12345"}', {"content-type" => "application/json"}]
+          [200, '{"ID":"id12345"}', {'content-type' => 'application/json'}]
         end
-        result = subject.add(:user, :hair => "brown", :shoe_size => "large",
-                             :eye_color => ["blue", "green"], :name => "fred")
-        result["id"].should == "id12345"
+        result = subject.add(:user, :hair => 'brown', :shoe_size => 'large',
+                             :eye_color => ['blue', 'green'], :name => 'fred')
+        result['id'].should == 'id12345'
       end
   end
 
-  describe "#list_group_mappings" do
-    it "lists all the external group mappings with default pagination" do
+  describe '#list_group_mappings' do
+    it 'lists all the external group mappings with default pagination' do
       subject.set_request_handler do |url, method, body, headers|
         url.should start_with("#{@target}/Groups/External/list")
         method.should == :get
@@ -238,7 +233,7 @@ describe Scim do
         [
             200,
             '{"resources": [{"groupId": "group-id", "displayName": "group-name", "externalGroup": "external-group-name"}], "totalResults": 1 }',
-            {"content-type" => "application/json"}
+            {'content-type' => 'application/json'}
         ]
       end
 
@@ -247,23 +242,23 @@ describe Scim do
       result['totalresults'].should == 1
     end
 
-    it "lists a page of external group mappings starting from an index" do
+    it 'lists a page of external group mappings starting from an index' do
       subject.set_request_handler do |url, method, body, headers|
         url.should start_with("#{@target}/Groups/External/list")
         method.should == :get
         check_headers(headers, nil, :json, nil)
 
         query_params = CGI::parse(URI.parse(url).query)
-        start_index = query_params["startIndex"].first
-        count = query_params["count"].first
+        start_index = query_params['startIndex'].first
+        count = query_params['count'].first
 
-        start_index.should == "3"
-        count.should == "10"
+        start_index.should == '3'
+        count.should == '10'
 
         [
             200,
             '{"resources": [{"groupId": "group-id", "displayName": "group-name", "externalGroup": "external-group-name"}], "totalResults": 1 }',
-            {"content-type" => "application/json"}
+            {'content-type' => 'application/json'}
         ]
       end