conjur-api 2.4.0 → 2.5.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +2 -0
- data/LICENSE +1 -1
- data/Rakefile +3 -1
- data/conjur-api.gemspec +3 -1
- data/lib/conjur-api/version.rb +1 -1
- data/lib/conjur/has_id.rb +1 -1
- data/lib/conjur/log.rb +6 -26
- data/lib/conjur/resource.rb +10 -1
- data/manual/asset/about.markdown +12 -0
- data/manual/asset/members.add.markdown +52 -0
- data/manual/asset/show.markdown +50 -0
- data/manual/group/about.markdown +6 -0
- data/manual/group/create.markdown +20 -0
- data/manual/host/about.markdown +23 -0
- data/manual/host/create.markdown +34 -0
- data/manual/host/enroll.markdown +21 -0
- data/manual/resource/about.markdown +11 -0
- data/manual/resource/create.markdown +29 -0
- data/manual/resource/deny.markdown +23 -0
- data/manual/resource/permit.markdown +35 -0
- data/manual/role/about.markdown +10 -0
- data/manual/role/members.markdown +40 -0
- data/manual/role/memberships.markdown +26 -0
- data/spec/api/authn_spec.rb +49 -0
- data/spec/api/groups_spec.rb +24 -0
- data/spec/api/hosts_spec.rb +29 -0
- data/spec/api/resources_spec.rb +19 -0
- data/spec/api/secrets_spec.rb +16 -0
- data/spec/api/users_spec.rb +16 -0
- data/spec/api/variables_spec.rb +14 -0
- data/spec/cas_rest_client.rb +17 -0
- data/spec/io_helper.rb +18 -0
- data/spec/lib/build_from_response_spec.rb +49 -0
- data/spec/lib/host_spec.rb +12 -8
- data/spec/lib/log_source_spec.rb +13 -0
- data/spec/lib/log_spec.rb +42 -0
- data/spec/lib/resource_spec.rb +98 -5
- data/spec/lib/role_grant_spec.rb +12 -0
- data/spec/lib/role_spec.rb +83 -3
- data/spec/lib/standard_methods_spec.rb +66 -0
- data/spec/lib/user_spec.rb +2 -1
- data/spec/spec_helper.rb +27 -0
- data/spec/standard_methods_helper.rb +30 -0
- data/spec/variable_spec.rb +41 -0
- metadata +71 -8
- data/.rvmrc +0 -1
@@ -0,0 +1,12 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Conjur::RoleGrant, api: :dummy do
|
4
|
+
describe '::parse_from_json' do
|
5
|
+
it "creates member and grantor roles" do
|
6
|
+
rg = Conjur::RoleGrant::parse_from_json({member: 'acc:k:r', grantor: 'acc:k:g', admin_option: true}.stringify_keys, {})
|
7
|
+
rg.member.url.should == "#{authz_host}/acc/roles/k/r"
|
8
|
+
rg.grantor.url.should == "#{authz_host}/acc/roles/k/g"
|
9
|
+
rg.admin_option.should == true
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
data/spec/lib/role_spec.rb
CHANGED
@@ -1,15 +1,16 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
describe Conjur::Role do
|
3
|
+
describe Conjur::Role, api: :dummy do
|
4
4
|
let(:account) { "the-account" }
|
5
5
|
let(:kind) { "test" }
|
6
|
-
let(:
|
6
|
+
let(:url) { "#{authz_host}/#{account}/roles/#{kind}/#{id}" }
|
7
|
+
let(:role) { Conjur::Role.new url }
|
7
8
|
subject { role }
|
8
9
|
|
9
10
|
describe ".new" do
|
10
11
|
context "with plain id" do
|
11
12
|
let(:id) { "foo" }
|
12
|
-
its(:options) {
|
13
|
+
its(:options) {}
|
13
14
|
its(:kind) { should == kind }
|
14
15
|
its(:id) { should == id }
|
15
16
|
end
|
@@ -54,4 +55,83 @@ describe Conjur::Role do
|
|
54
55
|
end
|
55
56
|
end
|
56
57
|
end
|
58
|
+
|
59
|
+
describe '#create' do
|
60
|
+
it 'simply puts' do
|
61
|
+
RestClient::Request.should_receive(:execute).with(
|
62
|
+
method: :put,
|
63
|
+
url: url,
|
64
|
+
payload: {},
|
65
|
+
headers: {}
|
66
|
+
)
|
67
|
+
role.create
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
describe '#all' do
|
72
|
+
it 'returns roles for ids got from ?all' do
|
73
|
+
roles = [{'account' => 'foo', 'id' => 'k:bar'}, {'account' => 'baz', 'id' => 'k:xyzzy'}]
|
74
|
+
RestClient::Request.should_receive(:execute).with(
|
75
|
+
method: :get,
|
76
|
+
url: role.url + "/?all",
|
77
|
+
headers: {}
|
78
|
+
).and_return roles.to_json
|
79
|
+
all = role.all
|
80
|
+
all[0].account.should == 'foo'
|
81
|
+
all[0].id.should == 'bar'
|
82
|
+
all[1].account.should == 'baz'
|
83
|
+
all[1].id.should == 'xyzzy'
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
describe '#revoke_from' do
|
88
|
+
it 'deletes member' do
|
89
|
+
RestClient::Request.should_receive(:execute).with(
|
90
|
+
method: :delete,
|
91
|
+
url: role.url + "/?members&member=the-member",
|
92
|
+
headers: {}
|
93
|
+
)
|
94
|
+
role.revoke_from 'the-member'
|
95
|
+
end
|
96
|
+
end
|
97
|
+
|
98
|
+
describe '#permitted?' do
|
99
|
+
before do
|
100
|
+
RestClient::Request.stub(:execute).with(
|
101
|
+
method: :get,
|
102
|
+
url: role.url + "/?check&resource_kind=chunky&resource_id=bacon&privilege=fry",
|
103
|
+
headers: {}
|
104
|
+
) { result }
|
105
|
+
end
|
106
|
+
|
107
|
+
context "when get ?check is successful" do
|
108
|
+
let(:result) { :ok }
|
109
|
+
it "returns true" do
|
110
|
+
role.permitted?('chunky', 'bacon', 'fry').should be_true
|
111
|
+
end
|
112
|
+
end
|
113
|
+
|
114
|
+
context "when get ?check not found" do
|
115
|
+
let(:result) { raise RestClient::ResourceNotFound, 'foo' }
|
116
|
+
it "returns false" do
|
117
|
+
role.permitted?('chunky', 'bacon', 'fry').should be_false
|
118
|
+
end
|
119
|
+
end
|
120
|
+
end
|
121
|
+
|
122
|
+
describe '#members' do
|
123
|
+
it "gets ?members and turns each into RoleGrant" do
|
124
|
+
grants = %w(foo bar)
|
125
|
+
RestClient::Request.should_receive(:execute).with(
|
126
|
+
method: :get,
|
127
|
+
url: role.url + "/?members",
|
128
|
+
headers: {}
|
129
|
+
).and_return grants.to_json
|
130
|
+
grants.each do |g|
|
131
|
+
Conjur::RoleGrant.should_receive(:parse_from_json).with(g, {}).and_return g
|
132
|
+
end
|
133
|
+
|
134
|
+
subject.members.should == grants
|
135
|
+
end
|
136
|
+
end
|
57
137
|
end
|
@@ -0,0 +1,66 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Conjur::StandardMethods do
|
4
|
+
let(:credentials) { "whatever" }
|
5
|
+
subject { double("class", credentials: credentials, log: nil) }
|
6
|
+
let(:host) { 'http://example.com' }
|
7
|
+
let(:type) { :widget }
|
8
|
+
|
9
|
+
let(:rest_resource) { double "rest base resource" }
|
10
|
+
let(:subresource) { double "rest subresource" }
|
11
|
+
|
12
|
+
let(:widget_class) { double "widget class" }
|
13
|
+
|
14
|
+
before do
|
15
|
+
subject.extend Conjur::StandardMethods
|
16
|
+
subject.stub(:fully_escape){|x|x}
|
17
|
+
RestClient::Resource.stub(:new).with(host, credentials).and_return rest_resource
|
18
|
+
rest_resource.stub(:[]).with('widgets').and_return subresource
|
19
|
+
stub_const 'Conjur::Widget', widget_class
|
20
|
+
end
|
21
|
+
|
22
|
+
describe '#standard_create' do
|
23
|
+
let(:id) { "some-id" }
|
24
|
+
let(:options) {{ foo: 'bar', baz: 'xyzzy' }}
|
25
|
+
|
26
|
+
let(:response) { double "response" }
|
27
|
+
let(:widget) { double "widget" }
|
28
|
+
|
29
|
+
before do
|
30
|
+
subresource.stub(:post).with(options.merge(id: id)).and_return response
|
31
|
+
widget_class.stub(:build_from_response).with(response, credentials).and_return widget
|
32
|
+
end
|
33
|
+
|
34
|
+
it "uses restclient to post data and creates an object of the response" do
|
35
|
+
subject.send(:standard_create, host, type, id, options).should == widget
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
describe '#standard_list' do
|
40
|
+
let(:attrs) {[{id: 'one', foo: 'bar'}, {id: 'two', foo: 'pub'}]}
|
41
|
+
let(:options) {{ foo: 'bar', baz: 'xyzzy' }}
|
42
|
+
let(:json) { attrs.to_json }
|
43
|
+
|
44
|
+
before do
|
45
|
+
subresource.stub(:get).with(options).and_return json
|
46
|
+
end
|
47
|
+
|
48
|
+
it "gets the list, then builds objects from json response" do
|
49
|
+
subject.should_receive(:widget).with('one').and_return(one = double)
|
50
|
+
one.should_receive(:attributes=).with(attrs[0].stringify_keys)
|
51
|
+
subject.should_receive(:widget).with('two').and_return(two = double)
|
52
|
+
two.should_receive(:attributes=).with(attrs[1].stringify_keys)
|
53
|
+
|
54
|
+
subject.send(:standard_list, host, type, options).should == [one, two]
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
describe "#standard_show" do
|
59
|
+
let(:id) { "some-id" }
|
60
|
+
it "builds a path and returns indexed object" do
|
61
|
+
widget_class.stub(:new).with(host, credentials).and_return(bound = double)
|
62
|
+
bound.stub(:[]) { |x| "path: #{x}" }
|
63
|
+
subject.send(:standard_show, host, type, id).should == "path: widgets/some-id"
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
data/spec/lib/user_spec.rb
CHANGED
@@ -3,9 +3,10 @@ require 'spec_helper'
|
|
3
3
|
describe Conjur::User do
|
4
4
|
context "#new" do
|
5
5
|
let(:login) { 'the-login' }
|
6
|
+
let(:url) { "https://example.com/users/#{login}" }
|
6
7
|
let(:api_key) { 'the-api-key' }
|
7
8
|
let(:credentials) { { user: login, password: api_key } }
|
8
|
-
let(:user) { Conjur::User.new(
|
9
|
+
let(:user) { Conjur::User.new(url, credentials)}
|
9
10
|
describe "attributes" do
|
10
11
|
subject { user }
|
11
12
|
its(:id) { should == login }
|
data/spec/spec_helper.rb
CHANGED
@@ -1,3 +1,8 @@
|
|
1
|
+
require 'simplecov'
|
2
|
+
SimpleCov.start do
|
3
|
+
add_filter "/spec/"
|
4
|
+
end
|
5
|
+
|
1
6
|
require 'rubygems'
|
2
7
|
$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
|
3
8
|
$:.unshift File.join(File.dirname(__FILE__), "lib")
|
@@ -76,3 +81,25 @@ shared_examples_for "http response" do
|
|
76
81
|
end
|
77
82
|
|
78
83
|
require 'conjur/api'
|
84
|
+
|
85
|
+
shared_context api: :dummy do
|
86
|
+
let(:username) { "user" }
|
87
|
+
let(:api){ Conjur::API.new_from_key username, 'key' }
|
88
|
+
let(:authz_host) { 'http://authz.example.com' }
|
89
|
+
let(:credentials) { double "fake credentials" }
|
90
|
+
let(:core_host) { 'http://core.example.com' }
|
91
|
+
let(:account) { 'the-account' }
|
92
|
+
|
93
|
+
before do
|
94
|
+
Conjur::Authz::API.stub host: authz_host
|
95
|
+
Conjur::Core::API.stub host: core_host
|
96
|
+
Conjur::Core::API.stub conjur_account: account
|
97
|
+
api.stub credentials: credentials
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
shared_context logging: :temp do
|
102
|
+
let(:logfile) { Tempfile.new("log") }
|
103
|
+
before { Conjur.log = logfile.path }
|
104
|
+
let(:log) { logfile.read }
|
105
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
shared_context api: :dummy do
|
2
|
+
subject { api }
|
3
|
+
end
|
4
|
+
|
5
|
+
shared_examples_for 'standard_create with' do |type, id, options|
|
6
|
+
it "calls through to standard_create" do
|
7
|
+
subject.should_receive(:standard_create).with(
|
8
|
+
core_host, type, id, options
|
9
|
+
).and_return :response
|
10
|
+
invoke.should == :response
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
shared_examples_for 'standard_list with' do |type, options|
|
15
|
+
it "calls through to standard_list" do
|
16
|
+
subject.should_receive(:standard_list).with(
|
17
|
+
core_host, type, options
|
18
|
+
).and_return :response
|
19
|
+
invoke.should == :response
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
shared_examples_for 'standard_show with' do |type, id|
|
24
|
+
it "calls through to standard_show" do
|
25
|
+
subject.should_receive(:standard_show).with(
|
26
|
+
core_host, type, id
|
27
|
+
).and_return :response
|
28
|
+
invoke.should == :response
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Conjur::Variable do
|
4
|
+
let(:url) { "http://example.com/variable" }
|
5
|
+
subject { Conjur::Variable.new url }
|
6
|
+
|
7
|
+
before { subject.attributes = {'versions' => 42} }
|
8
|
+
its(:version_count) { should == 42}
|
9
|
+
|
10
|
+
describe '#add_value' do
|
11
|
+
it "posts the new value" do
|
12
|
+
RestClient::Request.should_receive(:execute).with(
|
13
|
+
method: :post,
|
14
|
+
url: "#{url}/values",
|
15
|
+
payload: { value: 'new-value' },
|
16
|
+
headers: {}
|
17
|
+
)
|
18
|
+
subject.add_value 'new-value'
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
describe '#value' do
|
23
|
+
it "gets the value" do
|
24
|
+
RestClient::Request.stub(:execute).with(
|
25
|
+
method: :get,
|
26
|
+
url: "#{url}/value",
|
27
|
+
headers: {}
|
28
|
+
).and_return(double "response", body: "the-value")
|
29
|
+
subject.value.should == "the-value"
|
30
|
+
end
|
31
|
+
|
32
|
+
it "parametrizes the request with a version" do
|
33
|
+
RestClient::Request.stub(:execute).with(
|
34
|
+
method: :get,
|
35
|
+
url: "#{url}/value?version=42",
|
36
|
+
headers: {}
|
37
|
+
).and_return(double "response", body: "the-value")
|
38
|
+
subject.value(42).should == "the-value"
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-api
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.5.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2013-
|
13
|
+
date: 2013-07-26 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: rest-client
|
@@ -124,10 +124,26 @@ dependencies:
|
|
124
124
|
- - ! '>='
|
125
125
|
- !ruby/object:Gem::Version
|
126
126
|
version: '0'
|
127
|
+
- !ruby/object:Gem::Dependency
|
128
|
+
name: simplecov
|
129
|
+
requirement: !ruby/object:Gem::Requirement
|
130
|
+
none: false
|
131
|
+
requirements:
|
132
|
+
- - ! '>='
|
133
|
+
- !ruby/object:Gem::Version
|
134
|
+
version: '0'
|
135
|
+
type: :development
|
136
|
+
prerelease: false
|
137
|
+
version_requirements: !ruby/object:Gem::Requirement
|
138
|
+
none: false
|
139
|
+
requirements:
|
140
|
+
- - ! '>='
|
141
|
+
- !ruby/object:Gem::Version
|
142
|
+
version: '0'
|
127
143
|
description: Conjur API
|
128
144
|
email:
|
129
145
|
- divided.mind@gmail.com
|
130
|
-
-
|
146
|
+
- kgilpin@conjur.net
|
131
147
|
executables: []
|
132
148
|
extensions: []
|
133
149
|
extra_rdoc_files: []
|
@@ -136,7 +152,6 @@ files:
|
|
136
152
|
- .kateproject
|
137
153
|
- .project
|
138
154
|
- .rspec
|
139
|
-
- .rvmrc
|
140
155
|
- Gemfile
|
141
156
|
- LICENSE
|
142
157
|
- README.md
|
@@ -184,18 +199,50 @@ files:
|
|
184
199
|
- lib/conjur/standard_methods.rb
|
185
200
|
- lib/conjur/user.rb
|
186
201
|
- lib/conjur/variable.rb
|
202
|
+
- manual/asset/about.markdown
|
203
|
+
- manual/asset/members.add.markdown
|
204
|
+
- manual/asset/show.markdown
|
205
|
+
- manual/group/about.markdown
|
206
|
+
- manual/group/create.markdown
|
207
|
+
- manual/host/about.markdown
|
208
|
+
- manual/host/create.markdown
|
209
|
+
- manual/host/enroll.markdown
|
210
|
+
- manual/resource/about.markdown
|
211
|
+
- manual/resource/create.markdown
|
212
|
+
- manual/resource/deny.markdown
|
213
|
+
- manual/resource/permit.markdown
|
214
|
+
- manual/role/about.markdown
|
215
|
+
- manual/role/members.markdown
|
216
|
+
- manual/role/memberships.markdown
|
217
|
+
- spec/api/authn_spec.rb
|
218
|
+
- spec/api/groups_spec.rb
|
219
|
+
- spec/api/hosts_spec.rb
|
220
|
+
- spec/api/resources_spec.rb
|
221
|
+
- spec/api/secrets_spec.rb
|
222
|
+
- spec/api/users_spec.rb
|
223
|
+
- spec/api/variables_spec.rb
|
224
|
+
- spec/cas_rest_client.rb
|
225
|
+
- spec/io_helper.rb
|
187
226
|
- spec/lib/api_spec.rb
|
227
|
+
- spec/lib/build_from_response_spec.rb
|
188
228
|
- spec/lib/exists_spec.rb
|
189
229
|
- spec/lib/host_spec.rb
|
230
|
+
- spec/lib/log_source_spec.rb
|
231
|
+
- spec/lib/log_spec.rb
|
190
232
|
- spec/lib/resource_spec.rb
|
233
|
+
- spec/lib/role_grant_spec.rb
|
191
234
|
- spec/lib/role_spec.rb
|
235
|
+
- spec/lib/standard_methods_spec.rb
|
192
236
|
- spec/lib/user_spec.rb
|
193
237
|
- spec/spec_helper.rb
|
238
|
+
- spec/standard_methods_helper.rb
|
239
|
+
- spec/variable_spec.rb
|
194
240
|
- spec/vcr_cassettes/Conjur_Resource/_create/with_path-like_identifier.yml
|
195
241
|
- spec/vcr_cassettes/Conjur_Resource/_create/with_un-encoded_path-like_identifier.yml
|
196
242
|
- spec/vcr_cassettes/Conjur_Resource/_create/with_uuid_identifier.yml
|
197
243
|
homepage: ''
|
198
|
-
licenses:
|
244
|
+
licenses:
|
245
|
+
- MIT
|
199
246
|
post_install_message:
|
200
247
|
rdoc_options: []
|
201
248
|
require_paths:
|
@@ -208,7 +255,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
208
255
|
version: '0'
|
209
256
|
segments:
|
210
257
|
- 0
|
211
|
-
hash:
|
258
|
+
hash: -863653852387038484
|
212
259
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
213
260
|
none: false
|
214
261
|
requirements:
|
@@ -217,10 +264,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
217
264
|
version: '0'
|
218
265
|
segments:
|
219
266
|
- 0
|
220
|
-
hash:
|
267
|
+
hash: -863653852387038484
|
221
268
|
requirements: []
|
222
269
|
rubyforge_project:
|
223
|
-
rubygems_version: 1.8.
|
270
|
+
rubygems_version: 1.8.25
|
224
271
|
signing_key:
|
225
272
|
specification_version: 3
|
226
273
|
summary: Conjur API
|
@@ -229,13 +276,29 @@ test_files:
|
|
229
276
|
- features/login.feature
|
230
277
|
- features/ping_as_server.feature
|
231
278
|
- features/ping_as_user.feature
|
279
|
+
- spec/api/authn_spec.rb
|
280
|
+
- spec/api/groups_spec.rb
|
281
|
+
- spec/api/hosts_spec.rb
|
282
|
+
- spec/api/resources_spec.rb
|
283
|
+
- spec/api/secrets_spec.rb
|
284
|
+
- spec/api/users_spec.rb
|
285
|
+
- spec/api/variables_spec.rb
|
286
|
+
- spec/cas_rest_client.rb
|
287
|
+
- spec/io_helper.rb
|
232
288
|
- spec/lib/api_spec.rb
|
289
|
+
- spec/lib/build_from_response_spec.rb
|
233
290
|
- spec/lib/exists_spec.rb
|
234
291
|
- spec/lib/host_spec.rb
|
292
|
+
- spec/lib/log_source_spec.rb
|
293
|
+
- spec/lib/log_spec.rb
|
235
294
|
- spec/lib/resource_spec.rb
|
295
|
+
- spec/lib/role_grant_spec.rb
|
236
296
|
- spec/lib/role_spec.rb
|
297
|
+
- spec/lib/standard_methods_spec.rb
|
237
298
|
- spec/lib/user_spec.rb
|
238
299
|
- spec/spec_helper.rb
|
300
|
+
- spec/standard_methods_helper.rb
|
301
|
+
- spec/variable_spec.rb
|
239
302
|
- spec/vcr_cassettes/Conjur_Resource/_create/with_path-like_identifier.yml
|
240
303
|
- spec/vcr_cassettes/Conjur_Resource/_create/with_un-encoded_path-like_identifier.yml
|
241
304
|
- spec/vcr_cassettes/Conjur_Resource/_create/with_uuid_identifier.yml
|