conjur-api 2.4.0 → 2.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +2 -0
- data/LICENSE +1 -1
- data/Rakefile +3 -1
- data/conjur-api.gemspec +3 -1
- data/lib/conjur-api/version.rb +1 -1
- data/lib/conjur/has_id.rb +1 -1
- data/lib/conjur/log.rb +6 -26
- data/lib/conjur/resource.rb +10 -1
- data/manual/asset/about.markdown +12 -0
- data/manual/asset/members.add.markdown +52 -0
- data/manual/asset/show.markdown +50 -0
- data/manual/group/about.markdown +6 -0
- data/manual/group/create.markdown +20 -0
- data/manual/host/about.markdown +23 -0
- data/manual/host/create.markdown +34 -0
- data/manual/host/enroll.markdown +21 -0
- data/manual/resource/about.markdown +11 -0
- data/manual/resource/create.markdown +29 -0
- data/manual/resource/deny.markdown +23 -0
- data/manual/resource/permit.markdown +35 -0
- data/manual/role/about.markdown +10 -0
- data/manual/role/members.markdown +40 -0
- data/manual/role/memberships.markdown +26 -0
- data/spec/api/authn_spec.rb +49 -0
- data/spec/api/groups_spec.rb +24 -0
- data/spec/api/hosts_spec.rb +29 -0
- data/spec/api/resources_spec.rb +19 -0
- data/spec/api/secrets_spec.rb +16 -0
- data/spec/api/users_spec.rb +16 -0
- data/spec/api/variables_spec.rb +14 -0
- data/spec/cas_rest_client.rb +17 -0
- data/spec/io_helper.rb +18 -0
- data/spec/lib/build_from_response_spec.rb +49 -0
- data/spec/lib/host_spec.rb +12 -8
- data/spec/lib/log_source_spec.rb +13 -0
- data/spec/lib/log_spec.rb +42 -0
- data/spec/lib/resource_spec.rb +98 -5
- data/spec/lib/role_grant_spec.rb +12 -0
- data/spec/lib/role_spec.rb +83 -3
- data/spec/lib/standard_methods_spec.rb +66 -0
- data/spec/lib/user_spec.rb +2 -1
- data/spec/spec_helper.rb +27 -0
- data/spec/standard_methods_helper.rb +30 -0
- data/spec/variable_spec.rb +41 -0
- metadata +71 -8
- data/.rvmrc +0 -1
@@ -0,0 +1,12 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Conjur::RoleGrant, api: :dummy do
|
4
|
+
describe '::parse_from_json' do
|
5
|
+
it "creates member and grantor roles" do
|
6
|
+
rg = Conjur::RoleGrant::parse_from_json({member: 'acc:k:r', grantor: 'acc:k:g', admin_option: true}.stringify_keys, {})
|
7
|
+
rg.member.url.should == "#{authz_host}/acc/roles/k/r"
|
8
|
+
rg.grantor.url.should == "#{authz_host}/acc/roles/k/g"
|
9
|
+
rg.admin_option.should == true
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
data/spec/lib/role_spec.rb
CHANGED
@@ -1,15 +1,16 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
describe Conjur::Role do
|
3
|
+
describe Conjur::Role, api: :dummy do
|
4
4
|
let(:account) { "the-account" }
|
5
5
|
let(:kind) { "test" }
|
6
|
-
let(:
|
6
|
+
let(:url) { "#{authz_host}/#{account}/roles/#{kind}/#{id}" }
|
7
|
+
let(:role) { Conjur::Role.new url }
|
7
8
|
subject { role }
|
8
9
|
|
9
10
|
describe ".new" do
|
10
11
|
context "with plain id" do
|
11
12
|
let(:id) { "foo" }
|
12
|
-
its(:options) {
|
13
|
+
its(:options) {}
|
13
14
|
its(:kind) { should == kind }
|
14
15
|
its(:id) { should == id }
|
15
16
|
end
|
@@ -54,4 +55,83 @@ describe Conjur::Role do
|
|
54
55
|
end
|
55
56
|
end
|
56
57
|
end
|
58
|
+
|
59
|
+
describe '#create' do
|
60
|
+
it 'simply puts' do
|
61
|
+
RestClient::Request.should_receive(:execute).with(
|
62
|
+
method: :put,
|
63
|
+
url: url,
|
64
|
+
payload: {},
|
65
|
+
headers: {}
|
66
|
+
)
|
67
|
+
role.create
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
describe '#all' do
|
72
|
+
it 'returns roles for ids got from ?all' do
|
73
|
+
roles = [{'account' => 'foo', 'id' => 'k:bar'}, {'account' => 'baz', 'id' => 'k:xyzzy'}]
|
74
|
+
RestClient::Request.should_receive(:execute).with(
|
75
|
+
method: :get,
|
76
|
+
url: role.url + "/?all",
|
77
|
+
headers: {}
|
78
|
+
).and_return roles.to_json
|
79
|
+
all = role.all
|
80
|
+
all[0].account.should == 'foo'
|
81
|
+
all[0].id.should == 'bar'
|
82
|
+
all[1].account.should == 'baz'
|
83
|
+
all[1].id.should == 'xyzzy'
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
describe '#revoke_from' do
|
88
|
+
it 'deletes member' do
|
89
|
+
RestClient::Request.should_receive(:execute).with(
|
90
|
+
method: :delete,
|
91
|
+
url: role.url + "/?members&member=the-member",
|
92
|
+
headers: {}
|
93
|
+
)
|
94
|
+
role.revoke_from 'the-member'
|
95
|
+
end
|
96
|
+
end
|
97
|
+
|
98
|
+
describe '#permitted?' do
|
99
|
+
before do
|
100
|
+
RestClient::Request.stub(:execute).with(
|
101
|
+
method: :get,
|
102
|
+
url: role.url + "/?check&resource_kind=chunky&resource_id=bacon&privilege=fry",
|
103
|
+
headers: {}
|
104
|
+
) { result }
|
105
|
+
end
|
106
|
+
|
107
|
+
context "when get ?check is successful" do
|
108
|
+
let(:result) { :ok }
|
109
|
+
it "returns true" do
|
110
|
+
role.permitted?('chunky', 'bacon', 'fry').should be_true
|
111
|
+
end
|
112
|
+
end
|
113
|
+
|
114
|
+
context "when get ?check not found" do
|
115
|
+
let(:result) { raise RestClient::ResourceNotFound, 'foo' }
|
116
|
+
it "returns false" do
|
117
|
+
role.permitted?('chunky', 'bacon', 'fry').should be_false
|
118
|
+
end
|
119
|
+
end
|
120
|
+
end
|
121
|
+
|
122
|
+
describe '#members' do
|
123
|
+
it "gets ?members and turns each into RoleGrant" do
|
124
|
+
grants = %w(foo bar)
|
125
|
+
RestClient::Request.should_receive(:execute).with(
|
126
|
+
method: :get,
|
127
|
+
url: role.url + "/?members",
|
128
|
+
headers: {}
|
129
|
+
).and_return grants.to_json
|
130
|
+
grants.each do |g|
|
131
|
+
Conjur::RoleGrant.should_receive(:parse_from_json).with(g, {}).and_return g
|
132
|
+
end
|
133
|
+
|
134
|
+
subject.members.should == grants
|
135
|
+
end
|
136
|
+
end
|
57
137
|
end
|
@@ -0,0 +1,66 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Conjur::StandardMethods do
|
4
|
+
let(:credentials) { "whatever" }
|
5
|
+
subject { double("class", credentials: credentials, log: nil) }
|
6
|
+
let(:host) { 'http://example.com' }
|
7
|
+
let(:type) { :widget }
|
8
|
+
|
9
|
+
let(:rest_resource) { double "rest base resource" }
|
10
|
+
let(:subresource) { double "rest subresource" }
|
11
|
+
|
12
|
+
let(:widget_class) { double "widget class" }
|
13
|
+
|
14
|
+
before do
|
15
|
+
subject.extend Conjur::StandardMethods
|
16
|
+
subject.stub(:fully_escape){|x|x}
|
17
|
+
RestClient::Resource.stub(:new).with(host, credentials).and_return rest_resource
|
18
|
+
rest_resource.stub(:[]).with('widgets').and_return subresource
|
19
|
+
stub_const 'Conjur::Widget', widget_class
|
20
|
+
end
|
21
|
+
|
22
|
+
describe '#standard_create' do
|
23
|
+
let(:id) { "some-id" }
|
24
|
+
let(:options) {{ foo: 'bar', baz: 'xyzzy' }}
|
25
|
+
|
26
|
+
let(:response) { double "response" }
|
27
|
+
let(:widget) { double "widget" }
|
28
|
+
|
29
|
+
before do
|
30
|
+
subresource.stub(:post).with(options.merge(id: id)).and_return response
|
31
|
+
widget_class.stub(:build_from_response).with(response, credentials).and_return widget
|
32
|
+
end
|
33
|
+
|
34
|
+
it "uses restclient to post data and creates an object of the response" do
|
35
|
+
subject.send(:standard_create, host, type, id, options).should == widget
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
describe '#standard_list' do
|
40
|
+
let(:attrs) {[{id: 'one', foo: 'bar'}, {id: 'two', foo: 'pub'}]}
|
41
|
+
let(:options) {{ foo: 'bar', baz: 'xyzzy' }}
|
42
|
+
let(:json) { attrs.to_json }
|
43
|
+
|
44
|
+
before do
|
45
|
+
subresource.stub(:get).with(options).and_return json
|
46
|
+
end
|
47
|
+
|
48
|
+
it "gets the list, then builds objects from json response" do
|
49
|
+
subject.should_receive(:widget).with('one').and_return(one = double)
|
50
|
+
one.should_receive(:attributes=).with(attrs[0].stringify_keys)
|
51
|
+
subject.should_receive(:widget).with('two').and_return(two = double)
|
52
|
+
two.should_receive(:attributes=).with(attrs[1].stringify_keys)
|
53
|
+
|
54
|
+
subject.send(:standard_list, host, type, options).should == [one, two]
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
describe "#standard_show" do
|
59
|
+
let(:id) { "some-id" }
|
60
|
+
it "builds a path and returns indexed object" do
|
61
|
+
widget_class.stub(:new).with(host, credentials).and_return(bound = double)
|
62
|
+
bound.stub(:[]) { |x| "path: #{x}" }
|
63
|
+
subject.send(:standard_show, host, type, id).should == "path: widgets/some-id"
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
data/spec/lib/user_spec.rb
CHANGED
@@ -3,9 +3,10 @@ require 'spec_helper'
|
|
3
3
|
describe Conjur::User do
|
4
4
|
context "#new" do
|
5
5
|
let(:login) { 'the-login' }
|
6
|
+
let(:url) { "https://example.com/users/#{login}" }
|
6
7
|
let(:api_key) { 'the-api-key' }
|
7
8
|
let(:credentials) { { user: login, password: api_key } }
|
8
|
-
let(:user) { Conjur::User.new(
|
9
|
+
let(:user) { Conjur::User.new(url, credentials)}
|
9
10
|
describe "attributes" do
|
10
11
|
subject { user }
|
11
12
|
its(:id) { should == login }
|
data/spec/spec_helper.rb
CHANGED
@@ -1,3 +1,8 @@
|
|
1
|
+
require 'simplecov'
|
2
|
+
SimpleCov.start do
|
3
|
+
add_filter "/spec/"
|
4
|
+
end
|
5
|
+
|
1
6
|
require 'rubygems'
|
2
7
|
$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
|
3
8
|
$:.unshift File.join(File.dirname(__FILE__), "lib")
|
@@ -76,3 +81,25 @@ shared_examples_for "http response" do
|
|
76
81
|
end
|
77
82
|
|
78
83
|
require 'conjur/api'
|
84
|
+
|
85
|
+
shared_context api: :dummy do
|
86
|
+
let(:username) { "user" }
|
87
|
+
let(:api){ Conjur::API.new_from_key username, 'key' }
|
88
|
+
let(:authz_host) { 'http://authz.example.com' }
|
89
|
+
let(:credentials) { double "fake credentials" }
|
90
|
+
let(:core_host) { 'http://core.example.com' }
|
91
|
+
let(:account) { 'the-account' }
|
92
|
+
|
93
|
+
before do
|
94
|
+
Conjur::Authz::API.stub host: authz_host
|
95
|
+
Conjur::Core::API.stub host: core_host
|
96
|
+
Conjur::Core::API.stub conjur_account: account
|
97
|
+
api.stub credentials: credentials
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
shared_context logging: :temp do
|
102
|
+
let(:logfile) { Tempfile.new("log") }
|
103
|
+
before { Conjur.log = logfile.path }
|
104
|
+
let(:log) { logfile.read }
|
105
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
shared_context api: :dummy do
|
2
|
+
subject { api }
|
3
|
+
end
|
4
|
+
|
5
|
+
shared_examples_for 'standard_create with' do |type, id, options|
|
6
|
+
it "calls through to standard_create" do
|
7
|
+
subject.should_receive(:standard_create).with(
|
8
|
+
core_host, type, id, options
|
9
|
+
).and_return :response
|
10
|
+
invoke.should == :response
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
shared_examples_for 'standard_list with' do |type, options|
|
15
|
+
it "calls through to standard_list" do
|
16
|
+
subject.should_receive(:standard_list).with(
|
17
|
+
core_host, type, options
|
18
|
+
).and_return :response
|
19
|
+
invoke.should == :response
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
shared_examples_for 'standard_show with' do |type, id|
|
24
|
+
it "calls through to standard_show" do
|
25
|
+
subject.should_receive(:standard_show).with(
|
26
|
+
core_host, type, id
|
27
|
+
).and_return :response
|
28
|
+
invoke.should == :response
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Conjur::Variable do
|
4
|
+
let(:url) { "http://example.com/variable" }
|
5
|
+
subject { Conjur::Variable.new url }
|
6
|
+
|
7
|
+
before { subject.attributes = {'versions' => 42} }
|
8
|
+
its(:version_count) { should == 42}
|
9
|
+
|
10
|
+
describe '#add_value' do
|
11
|
+
it "posts the new value" do
|
12
|
+
RestClient::Request.should_receive(:execute).with(
|
13
|
+
method: :post,
|
14
|
+
url: "#{url}/values",
|
15
|
+
payload: { value: 'new-value' },
|
16
|
+
headers: {}
|
17
|
+
)
|
18
|
+
subject.add_value 'new-value'
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
describe '#value' do
|
23
|
+
it "gets the value" do
|
24
|
+
RestClient::Request.stub(:execute).with(
|
25
|
+
method: :get,
|
26
|
+
url: "#{url}/value",
|
27
|
+
headers: {}
|
28
|
+
).and_return(double "response", body: "the-value")
|
29
|
+
subject.value.should == "the-value"
|
30
|
+
end
|
31
|
+
|
32
|
+
it "parametrizes the request with a version" do
|
33
|
+
RestClient::Request.stub(:execute).with(
|
34
|
+
method: :get,
|
35
|
+
url: "#{url}/value?version=42",
|
36
|
+
headers: {}
|
37
|
+
).and_return(double "response", body: "the-value")
|
38
|
+
subject.value(42).should == "the-value"
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-api
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.5.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2013-
|
13
|
+
date: 2013-07-26 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: rest-client
|
@@ -124,10 +124,26 @@ dependencies:
|
|
124
124
|
- - ! '>='
|
125
125
|
- !ruby/object:Gem::Version
|
126
126
|
version: '0'
|
127
|
+
- !ruby/object:Gem::Dependency
|
128
|
+
name: simplecov
|
129
|
+
requirement: !ruby/object:Gem::Requirement
|
130
|
+
none: false
|
131
|
+
requirements:
|
132
|
+
- - ! '>='
|
133
|
+
- !ruby/object:Gem::Version
|
134
|
+
version: '0'
|
135
|
+
type: :development
|
136
|
+
prerelease: false
|
137
|
+
version_requirements: !ruby/object:Gem::Requirement
|
138
|
+
none: false
|
139
|
+
requirements:
|
140
|
+
- - ! '>='
|
141
|
+
- !ruby/object:Gem::Version
|
142
|
+
version: '0'
|
127
143
|
description: Conjur API
|
128
144
|
email:
|
129
145
|
- divided.mind@gmail.com
|
130
|
-
-
|
146
|
+
- kgilpin@conjur.net
|
131
147
|
executables: []
|
132
148
|
extensions: []
|
133
149
|
extra_rdoc_files: []
|
@@ -136,7 +152,6 @@ files:
|
|
136
152
|
- .kateproject
|
137
153
|
- .project
|
138
154
|
- .rspec
|
139
|
-
- .rvmrc
|
140
155
|
- Gemfile
|
141
156
|
- LICENSE
|
142
157
|
- README.md
|
@@ -184,18 +199,50 @@ files:
|
|
184
199
|
- lib/conjur/standard_methods.rb
|
185
200
|
- lib/conjur/user.rb
|
186
201
|
- lib/conjur/variable.rb
|
202
|
+
- manual/asset/about.markdown
|
203
|
+
- manual/asset/members.add.markdown
|
204
|
+
- manual/asset/show.markdown
|
205
|
+
- manual/group/about.markdown
|
206
|
+
- manual/group/create.markdown
|
207
|
+
- manual/host/about.markdown
|
208
|
+
- manual/host/create.markdown
|
209
|
+
- manual/host/enroll.markdown
|
210
|
+
- manual/resource/about.markdown
|
211
|
+
- manual/resource/create.markdown
|
212
|
+
- manual/resource/deny.markdown
|
213
|
+
- manual/resource/permit.markdown
|
214
|
+
- manual/role/about.markdown
|
215
|
+
- manual/role/members.markdown
|
216
|
+
- manual/role/memberships.markdown
|
217
|
+
- spec/api/authn_spec.rb
|
218
|
+
- spec/api/groups_spec.rb
|
219
|
+
- spec/api/hosts_spec.rb
|
220
|
+
- spec/api/resources_spec.rb
|
221
|
+
- spec/api/secrets_spec.rb
|
222
|
+
- spec/api/users_spec.rb
|
223
|
+
- spec/api/variables_spec.rb
|
224
|
+
- spec/cas_rest_client.rb
|
225
|
+
- spec/io_helper.rb
|
187
226
|
- spec/lib/api_spec.rb
|
227
|
+
- spec/lib/build_from_response_spec.rb
|
188
228
|
- spec/lib/exists_spec.rb
|
189
229
|
- spec/lib/host_spec.rb
|
230
|
+
- spec/lib/log_source_spec.rb
|
231
|
+
- spec/lib/log_spec.rb
|
190
232
|
- spec/lib/resource_spec.rb
|
233
|
+
- spec/lib/role_grant_spec.rb
|
191
234
|
- spec/lib/role_spec.rb
|
235
|
+
- spec/lib/standard_methods_spec.rb
|
192
236
|
- spec/lib/user_spec.rb
|
193
237
|
- spec/spec_helper.rb
|
238
|
+
- spec/standard_methods_helper.rb
|
239
|
+
- spec/variable_spec.rb
|
194
240
|
- spec/vcr_cassettes/Conjur_Resource/_create/with_path-like_identifier.yml
|
195
241
|
- spec/vcr_cassettes/Conjur_Resource/_create/with_un-encoded_path-like_identifier.yml
|
196
242
|
- spec/vcr_cassettes/Conjur_Resource/_create/with_uuid_identifier.yml
|
197
243
|
homepage: ''
|
198
|
-
licenses:
|
244
|
+
licenses:
|
245
|
+
- MIT
|
199
246
|
post_install_message:
|
200
247
|
rdoc_options: []
|
201
248
|
require_paths:
|
@@ -208,7 +255,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
208
255
|
version: '0'
|
209
256
|
segments:
|
210
257
|
- 0
|
211
|
-
hash:
|
258
|
+
hash: -863653852387038484
|
212
259
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
213
260
|
none: false
|
214
261
|
requirements:
|
@@ -217,10 +264,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
217
264
|
version: '0'
|
218
265
|
segments:
|
219
266
|
- 0
|
220
|
-
hash:
|
267
|
+
hash: -863653852387038484
|
221
268
|
requirements: []
|
222
269
|
rubyforge_project:
|
223
|
-
rubygems_version: 1.8.
|
270
|
+
rubygems_version: 1.8.25
|
224
271
|
signing_key:
|
225
272
|
specification_version: 3
|
226
273
|
summary: Conjur API
|
@@ -229,13 +276,29 @@ test_files:
|
|
229
276
|
- features/login.feature
|
230
277
|
- features/ping_as_server.feature
|
231
278
|
- features/ping_as_user.feature
|
279
|
+
- spec/api/authn_spec.rb
|
280
|
+
- spec/api/groups_spec.rb
|
281
|
+
- spec/api/hosts_spec.rb
|
282
|
+
- spec/api/resources_spec.rb
|
283
|
+
- spec/api/secrets_spec.rb
|
284
|
+
- spec/api/users_spec.rb
|
285
|
+
- spec/api/variables_spec.rb
|
286
|
+
- spec/cas_rest_client.rb
|
287
|
+
- spec/io_helper.rb
|
232
288
|
- spec/lib/api_spec.rb
|
289
|
+
- spec/lib/build_from_response_spec.rb
|
233
290
|
- spec/lib/exists_spec.rb
|
234
291
|
- spec/lib/host_spec.rb
|
292
|
+
- spec/lib/log_source_spec.rb
|
293
|
+
- spec/lib/log_spec.rb
|
235
294
|
- spec/lib/resource_spec.rb
|
295
|
+
- spec/lib/role_grant_spec.rb
|
236
296
|
- spec/lib/role_spec.rb
|
297
|
+
- spec/lib/standard_methods_spec.rb
|
237
298
|
- spec/lib/user_spec.rb
|
238
299
|
- spec/spec_helper.rb
|
300
|
+
- spec/standard_methods_helper.rb
|
301
|
+
- spec/variable_spec.rb
|
239
302
|
- spec/vcr_cassettes/Conjur_Resource/_create/with_path-like_identifier.yml
|
240
303
|
- spec/vcr_cassettes/Conjur_Resource/_create/with_un-encoded_path-like_identifier.yml
|
241
304
|
- spec/vcr_cassettes/Conjur_Resource/_create/with_uuid_identifier.yml
|