conjur-api 2.7.1 → 4.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/conjur-api/version.rb +21 -2
- data/lib/conjur/acts_as_asset.rb +20 -0
- data/lib/conjur/acts_as_resource.rb +21 -0
- data/lib/conjur/acts_as_role.rb +23 -1
- data/lib/conjur/acts_as_user.rb +21 -1
- data/lib/conjur/api.rb +20 -0
- data/lib/conjur/api/authn.rb +20 -0
- data/lib/conjur/api/groups.rb +20 -0
- data/lib/conjur/api/hosts.rb +21 -1
- data/lib/conjur/api/resources.rb +21 -0
- data/lib/conjur/api/roles.rb +20 -0
- data/lib/conjur/api/secrets.rb +21 -1
- data/lib/conjur/api/users.rb +20 -0
- data/lib/conjur/api/variables.rb +21 -1
- data/lib/conjur/authn-api.rb +21 -1
- data/lib/conjur/authz-api.rb +21 -1
- data/lib/conjur/base.rb +35 -15
- data/lib/conjur/build_from_response.rb +20 -0
- data/lib/conjur/core-api.rb +21 -1
- data/lib/conjur/env.rb +21 -1
- data/lib/conjur/escape.rb +20 -0
- data/lib/conjur/exists.rb +20 -0
- data/lib/conjur/group.rb +20 -0
- data/lib/conjur/has_attributes.rb +21 -1
- data/lib/conjur/has_id.rb +20 -0
- data/lib/conjur/has_identifier.rb +20 -0
- data/lib/conjur/has_owner.rb +20 -0
- data/lib/conjur/host.rb +21 -1
- data/lib/conjur/log.rb +21 -1
- data/lib/conjur/log_source.rb +20 -0
- data/lib/conjur/path_based.rb +20 -0
- data/lib/conjur/resource.rb +20 -0
- data/lib/conjur/role.rb +36 -22
- data/lib/conjur/role_grant.rb +20 -0
- data/lib/conjur/secret.rb +20 -0
- data/lib/conjur/standard_methods.rb +25 -3
- data/lib/conjur/user.rb +21 -1
- data/lib/conjur/variable.rb +21 -1
- data/spec/lib/api_spec.rb +89 -17
- data/spec/lib/role_spec.rb +44 -20
- metadata +3 -3
data/lib/conjur/resource.rb
CHANGED
@@ -1,3 +1,23 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (C) 2013 Conjur Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
+
# this software and associated documentation files (the "Software"), to deal in
|
6
|
+
# the Software without restriction, including without limitation the rights to
|
7
|
+
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
+
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
+
# subject to the following conditions:
|
10
|
+
#
|
11
|
+
# The above copyright notice and this permission notice shall be included in all
|
12
|
+
# copies or substantial portions of the Software.
|
13
|
+
#
|
14
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
+
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
+
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
+
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
+
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
+
#
|
1
21
|
module Conjur
|
2
22
|
class Resource < RestClient::Resource
|
3
23
|
include Exists
|
data/lib/conjur/role.rb
CHANGED
@@ -1,3 +1,23 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (C) 2013 Conjur Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
+
# this software and associated documentation files (the "Software"), to deal in
|
6
|
+
# the Software without restriction, including without limitation the rights to
|
7
|
+
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
+
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
+
# subject to the following conditions:
|
10
|
+
#
|
11
|
+
# The above copyright notice and this permission notice shall be included in all
|
12
|
+
# copies or substantial portions of the Software.
|
13
|
+
#
|
14
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
+
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
+
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
+
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
+
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
+
#
|
1
21
|
require 'conjur/role_grant'
|
2
22
|
|
3
23
|
module Conjur
|
@@ -24,32 +44,25 @@ module Conjur
|
|
24
44
|
end
|
25
45
|
self.put(options)
|
26
46
|
end
|
27
|
-
|
47
|
+
|
28
48
|
def all(options = {})
|
29
|
-
|
30
|
-
|
49
|
+
query_string = "?all"
|
50
|
+
|
51
|
+
if filter = options.delete(:filter)
|
52
|
+
filter = [filter] unless filter.is_a?(Array)
|
53
|
+
(query_string << "&" << filter.to_query("filter")) unless filter.empty?
|
54
|
+
end
|
55
|
+
JSON.parse(self[query_string].get(options)).collect do |id|
|
31
56
|
Role.new(Conjur::Authz::API.host, self.options)[Conjur::API.parse_role_id(id).join('/')]
|
32
57
|
end
|
33
58
|
end
|
34
59
|
|
35
|
-
def
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
options[:admin_option] = args[0]
|
41
|
-
end
|
42
|
-
|
43
|
-
unless options.nil? || options.is_a?(Hash)
|
44
|
-
warning = "WARNING: Deprecated arguments to grant_to. Please put admin_option in the options hash."
|
45
|
-
options = { admin_option: options }
|
46
|
-
end
|
47
|
-
else
|
48
|
-
raise "Please remove the deprecated API in 3.0 and change the method signature to grant_to(member, options)"
|
49
|
-
end
|
50
|
-
|
60
|
+
def member_of?(other_role)
|
61
|
+
not all(filter: (other_role.roleid rescue other_role)).empty?
|
62
|
+
end
|
63
|
+
|
64
|
+
def grant_to(member, options={})
|
51
65
|
log do |logger|
|
52
|
-
logger << warning if warning
|
53
66
|
logger << "Granting role #{identifier} to #{member}"
|
54
67
|
unless options.blank?
|
55
68
|
logger << " with options #{options.to_json}"
|
@@ -68,8 +81,9 @@ module Conjur
|
|
68
81
|
self["?members&member=#{query_escape member}"].delete(options)
|
69
82
|
end
|
70
83
|
|
71
|
-
def permitted?(
|
72
|
-
|
84
|
+
def permitted?(resource_id, privilege, options = {})
|
85
|
+
# NOTE: in previous versions there was 'kind' passed separately. Now it is part of id
|
86
|
+
self["?check&resource_id=#{query_escape resource_id}&privilege=#{query_escape privilege}"].get(options)
|
73
87
|
true
|
74
88
|
rescue RestClient::ResourceNotFound
|
75
89
|
false
|
data/lib/conjur/role_grant.rb
CHANGED
@@ -1,3 +1,23 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (C) 2013 Conjur Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
+
# this software and associated documentation files (the "Software"), to deal in
|
6
|
+
# the Software without restriction, including without limitation the rights to
|
7
|
+
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
+
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
+
# subject to the following conditions:
|
10
|
+
#
|
11
|
+
# The above copyright notice and this permission notice shall be included in all
|
12
|
+
# copies or substantial portions of the Software.
|
13
|
+
#
|
14
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
+
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
+
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
+
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
+
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
+
#
|
1
21
|
module Conjur
|
2
22
|
RoleGrant = Struct.new(:member, :grantor, :admin_option) do
|
3
23
|
class << self
|
data/lib/conjur/secret.rb
CHANGED
@@ -1,3 +1,23 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (C) 2013 Conjur Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
+
# this software and associated documentation files (the "Software"), to deal in
|
6
|
+
# the Software without restriction, including without limitation the rights to
|
7
|
+
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
+
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
+
# subject to the following conditions:
|
10
|
+
#
|
11
|
+
# The above copyright notice and this permission notice shall be included in all
|
12
|
+
# copies or substantial portions of the Software.
|
13
|
+
#
|
14
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
+
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
+
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
+
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
+
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
+
#
|
1
21
|
module Conjur
|
2
22
|
class Secret < RestClient::Resource
|
3
23
|
include ActsAsAsset
|
@@ -1,3 +1,23 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (C) 2013 Conjur Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
+
# this software and associated documentation files (the "Software"), to deal in
|
6
|
+
# the Software without restriction, including without limitation the rights to
|
7
|
+
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
+
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
+
# subject to the following conditions:
|
10
|
+
#
|
11
|
+
# The above copyright notice and this permission notice shall be included in all
|
12
|
+
# copies or substantial portions of the Software.
|
13
|
+
#
|
14
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
+
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
+
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
+
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
+
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
+
#
|
1
21
|
module Conjur
|
2
22
|
module StandardMethods
|
3
23
|
require 'active_support/core_ext'
|
@@ -19,9 +39,11 @@ module Conjur
|
|
19
39
|
end
|
20
40
|
|
21
41
|
def standard_list(host, type, options)
|
22
|
-
JSON.parse(RestClient::Resource.new(host, credentials)[type.to_s.pluralize].get(options)).collect do |
|
23
|
-
|
24
|
-
|
42
|
+
JSON.parse(RestClient::Resource.new(host, credentials)[type.to_s.pluralize].get(options)).collect do |item|
|
43
|
+
if item.is_a? String # lists w/o details are just list of ids
|
44
|
+
send(type, fully_escape(item))
|
45
|
+
else # list w/ details consists of hashes
|
46
|
+
send(type, fully_escape(item['id'])).tap { |obj| obj.attributes=item }
|
25
47
|
end
|
26
48
|
end
|
27
49
|
end
|
data/lib/conjur/user.rb
CHANGED
@@ -1,3 +1,23 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (C) 2013 Conjur Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
+
# this software and associated documentation files (the "Software"), to deal in
|
6
|
+
# the Software without restriction, including without limitation the rights to
|
7
|
+
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
+
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
+
# subject to the following conditions:
|
10
|
+
#
|
11
|
+
# The above copyright notice and this permission notice shall be included in all
|
12
|
+
# copies or substantial portions of the Software.
|
13
|
+
#
|
14
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
+
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
+
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
+
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
+
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
+
#
|
1
21
|
module Conjur
|
2
22
|
class InvalidToken < Exception
|
3
23
|
end
|
@@ -8,4 +28,4 @@ module Conjur
|
|
8
28
|
|
9
29
|
alias login id
|
10
30
|
end
|
11
|
-
end
|
31
|
+
end
|
data/lib/conjur/variable.rb
CHANGED
@@ -1,3 +1,23 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (C) 2013 Conjur Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
+
# this software and associated documentation files (the "Software"), to deal in
|
6
|
+
# the Software without restriction, including without limitation the rights to
|
7
|
+
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
+
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
+
# subject to the following conditions:
|
10
|
+
#
|
11
|
+
# The above copyright notice and this permission notice shall be included in all
|
12
|
+
# copies or substantial portions of the Software.
|
13
|
+
#
|
14
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
+
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
+
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
+
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
+
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
+
#
|
1
21
|
module Conjur
|
2
22
|
class Variable < RestClient::Resource
|
3
23
|
include ActsAsAsset
|
@@ -21,4 +41,4 @@ module Conjur
|
|
21
41
|
self[url].get.body
|
22
42
|
end
|
23
43
|
end
|
24
|
-
end
|
44
|
+
end
|
data/spec/lib/api_spec.rb
CHANGED
@@ -35,22 +35,81 @@ shared_examples_for "API endpoint" do
|
|
35
35
|
end
|
36
36
|
|
37
37
|
describe Conjur::API do
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
38
|
+
describe "provides functions for id parsing" do
|
39
|
+
describe "#parse_id(id, kind)" do
|
40
|
+
subject { Conjur::API }
|
41
|
+
let (:kind) { "sample-kind" }
|
42
|
+
|
43
|
+
it "fails on non-string ids" do
|
44
|
+
expect { subject.parse_id({}, kind) }.to raise_error
|
45
|
+
end
|
46
|
+
|
47
|
+
it "fails on malformed ids (<2 tokens)" do
|
48
|
+
expect { subject.parse_id("foo", kind) }.to raise_error
|
49
|
+
expect { subject.parse_id("", kind) }.to raise_error
|
50
|
+
expect { subject.parse_id(nil, kind) }.to raise_error
|
51
|
+
end
|
52
|
+
|
53
|
+
describe "returns array of [account, kind, subkind, id]" do
|
54
|
+
subject { Conjur::API.parse_id(id, kind) }
|
55
|
+
def escaped smth ; Conjur::API.path_escape(smth) ; end
|
56
|
+
|
57
|
+
context "for short id (2 tokens)" do
|
58
|
+
let(:id) { "token#1:token#2" }
|
59
|
+
let(:current_account) { "current_account" }
|
60
|
+
before(:each) { Conjur::Core::API.stub(:conjur_account).and_return current_account }
|
61
|
+
|
62
|
+
it "account: current account" do
|
63
|
+
subject[0].should == current_account
|
64
|
+
end
|
65
|
+
|
66
|
+
it "kind: passed kind" do
|
67
|
+
subject[1].should == kind
|
68
|
+
end
|
69
|
+
|
70
|
+
it "subkind: token #1 (escaped)" do
|
71
|
+
subject[2].should == escaped("token#1")
|
72
|
+
end
|
73
|
+
|
74
|
+
it "id: token #2 (escaped)" do
|
75
|
+
subject[3].should == escaped("token#2")
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
context "for long ids (3+ tokens)" do
|
80
|
+
let(:id) { "token#1:token#2:token#3:token#4" }
|
81
|
+
it "account: token #1 (escaped)" do
|
82
|
+
subject[0].should == escaped("token#1")
|
83
|
+
end
|
84
|
+
|
85
|
+
it "kind: passed kind" do
|
86
|
+
subject[1].should == kind
|
87
|
+
end
|
88
|
+
it "subkind: token #2 (escaped)" do
|
89
|
+
subject[2].should == escaped("token#2")
|
90
|
+
end
|
91
|
+
it "id: tail of id starting from token#3" do
|
92
|
+
subject[3].should == escaped("token#3:token#4")
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
end
|
97
|
+
end
|
98
|
+
describe "wrapper functions" do
|
99
|
+
let(:result) { [:account,:kind,:id] }
|
100
|
+
let(:id) { :input_id }
|
101
|
+
|
102
|
+
it "#parse_role_id(id): calls parse_id(id, 'roles') and returns result" do
|
103
|
+
Conjur::API.should_receive(:parse_id).with(id, 'roles').and_return(result)
|
104
|
+
Conjur::API.parse_role_id(id).should == result
|
105
|
+
end
|
106
|
+
it "#parse_resource_id(id): calls parse_id(id, 'resources') and returns result" do
|
107
|
+
Conjur::API.should_receive(:parse_id).with(id, 'resources').and_return(result)
|
108
|
+
Conjur::API.parse_resource_id(id).should == result
|
109
|
+
end
|
110
|
+
end
|
53
111
|
end
|
112
|
+
|
54
113
|
context "host construction" do
|
55
114
|
context "of authn service" do
|
56
115
|
let(:port_offset) { 0 }
|
@@ -67,6 +126,8 @@ describe Conjur::API do
|
|
67
126
|
}
|
68
127
|
context "in stage" do
|
69
128
|
before(:each) do
|
129
|
+
# Looks at "ENV['CONJUR_STACK']" first, stub this out
|
130
|
+
ENV.stub(:[]).with('CONJUR_STACK').and_return nil
|
70
131
|
Conjur.stub(:env).and_return "stage"
|
71
132
|
end
|
72
133
|
its "default_host" do
|
@@ -75,19 +136,30 @@ describe Conjur::API do
|
|
75
136
|
end
|
76
137
|
context "in ci" do
|
77
138
|
before(:each) do
|
139
|
+
# Looks at "ENV['CONJUR_STACK']" first, stub this out
|
140
|
+
ENV.stub(:[]).with('CONJUR_STACK').and_return nil
|
78
141
|
Conjur.stub(:env).and_return "ci"
|
79
142
|
end
|
80
143
|
its "default_host" do
|
81
144
|
should == "https://authz-ci-conjur.herokuapp.com"
|
82
145
|
end
|
83
146
|
end
|
147
|
+
context "when ENV['CONJUR_STACK'] is set to 'v12'" do
|
148
|
+
before do
|
149
|
+
ENV.stub(:[]).and_call_original
|
150
|
+
ENV.stub(:[]).with('CONJUR_STACK').and_return 'v12'
|
151
|
+
# If the "real" env is used ('test') then the URL is always localhost:<someport>
|
152
|
+
Conjur.stub(:env).and_return "ci"
|
153
|
+
end
|
154
|
+
its(:default_host){ should == "https://authz-v12-conjur.herokuapp.com"}
|
155
|
+
end
|
84
156
|
end
|
85
157
|
context "in production" do
|
86
158
|
before(:each) do
|
87
159
|
Conjur.stub(:env).and_return "production"
|
88
160
|
end
|
89
161
|
its "default_host" do
|
90
|
-
should == "https://authz-
|
162
|
+
should == "https://authz-v4-conjur.herokuapp.com"
|
91
163
|
end
|
92
164
|
end
|
93
165
|
context "in named production version" do
|
@@ -142,7 +214,7 @@ describe Conjur::API do
|
|
142
214
|
end
|
143
215
|
|
144
216
|
it "returns an appropriate role kind when username is qualified" do
|
145
|
-
api.role_from_username("host/
|
217
|
+
api.role_from_username("host/foo/bar").roleid.should == "#{account}:host:foo/bar"
|
146
218
|
end
|
147
219
|
end
|
148
220
|
|
data/spec/lib/role_spec.rb
CHANGED
@@ -35,25 +35,10 @@ describe Conjur::Role, api: :dummy do
|
|
35
35
|
it "works without arguments" do
|
36
36
|
members = double "members request"
|
37
37
|
subject.should_receive(:[]).with('?members&member=other').and_return(members)
|
38
|
-
members.should_receive(:put).with
|
38
|
+
members.should_receive(:put).with({})
|
39
39
|
subject.grant_to "other"
|
40
40
|
end
|
41
41
|
|
42
|
-
context deprecated: 'v3' do # remove in 3.0
|
43
|
-
it "should also accept the deprecated argument format with extra options" do
|
44
|
-
members = double "members request"
|
45
|
-
subject.should_receive(:[]).with('?members&member=other').and_return(members)
|
46
|
-
members.should_receive(:put).with admin_option: true, foo: 'bar'
|
47
|
-
subject.grant_to "other", true, foo: 'bar'
|
48
|
-
end
|
49
|
-
|
50
|
-
it "should also accept the deprecated argument format without extra options" do
|
51
|
-
members = double "members request"
|
52
|
-
subject.should_receive(:[]).with('?members&member=other').and_return(members)
|
53
|
-
members.should_receive(:put).with admin_option: true, foo: 'bar'
|
54
|
-
subject.grant_to "other", true, foo: 'bar'
|
55
|
-
end
|
56
|
-
end
|
57
42
|
end
|
58
43
|
|
59
44
|
describe '#create' do
|
@@ -70,7 +55,7 @@ describe Conjur::Role, api: :dummy do
|
|
70
55
|
|
71
56
|
describe '#all' do
|
72
57
|
it 'returns roles for ids got from ?all' do
|
73
|
-
roles = [
|
58
|
+
roles = ['foo:k:bar', 'baz:k:xyzzy']
|
74
59
|
RestClient::Request.should_receive(:execute).with(
|
75
60
|
method: :get,
|
76
61
|
url: role.url + "/?all",
|
@@ -82,6 +67,45 @@ describe Conjur::Role, api: :dummy do
|
|
82
67
|
all[1].account.should == 'baz'
|
83
68
|
all[1].id.should == 'xyzzy'
|
84
69
|
end
|
70
|
+
|
71
|
+
|
72
|
+
describe "filter param" do
|
73
|
+
def self.it_passes_the_filter_as(query_string)
|
74
|
+
it "calls ?all&#{query_string}" do
|
75
|
+
RestClient::Request.should_receive(:execute).with(
|
76
|
+
method: :get,
|
77
|
+
url: role.url + "/?all&#{query_string}",
|
78
|
+
headers:{}
|
79
|
+
).and_return([].to_json)
|
80
|
+
role.all filter: filter
|
81
|
+
end
|
82
|
+
end
|
83
|
+
context "when a string" do
|
84
|
+
let(:filter){ 'string' }
|
85
|
+
it_passes_the_filter_as ['string'].to_query('filter')
|
86
|
+
end
|
87
|
+
|
88
|
+
context "when an array" do
|
89
|
+
let(:filter){ ['foo', 'bar'] }
|
90
|
+
it_passes_the_filter_as ['foo', 'bar'].to_query('filter')
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
94
|
+
end
|
95
|
+
|
96
|
+
describe '#member_of?' do
|
97
|
+
it 'calls #all with :filter=>id and returns true if the result is non-empty' do
|
98
|
+
role.should_receive(:all).with(filter: 'the filter').and_return ['an id']
|
99
|
+
role.member_of?('the filter').should be_true
|
100
|
+
role.should_receive(:all).with(filter: 'the filter').and_return []
|
101
|
+
role.member_of?('the filter').should be_false
|
102
|
+
end
|
103
|
+
|
104
|
+
it "accepts a Role" do
|
105
|
+
other = double('Role', roleid: 'foo')
|
106
|
+
role.should_receive(:all).with(filter: other.roleid).and_return []
|
107
|
+
role.member_of?(other)
|
108
|
+
end
|
85
109
|
end
|
86
110
|
|
87
111
|
describe '#revoke_from' do
|
@@ -99,7 +123,7 @@ describe Conjur::Role, api: :dummy do
|
|
99
123
|
before do
|
100
124
|
RestClient::Request.stub(:execute).with(
|
101
125
|
method: :get,
|
102
|
-
url: role.url + "/?check&
|
126
|
+
url: role.url + "/?check&resource_id=chunky:bacon&privilege=fry",
|
103
127
|
headers: {}
|
104
128
|
) { result }
|
105
129
|
end
|
@@ -107,14 +131,14 @@ describe Conjur::Role, api: :dummy do
|
|
107
131
|
context "when get ?check is successful" do
|
108
132
|
let(:result) { :ok }
|
109
133
|
it "returns true" do
|
110
|
-
role.permitted?('chunky
|
134
|
+
role.permitted?('chunky:bacon', 'fry').should be_true
|
111
135
|
end
|
112
136
|
end
|
113
137
|
|
114
138
|
context "when get ?check not found" do
|
115
139
|
let(:result) { raise RestClient::ResourceNotFound, 'foo' }
|
116
140
|
it "returns false" do
|
117
|
-
role.permitted?('chunky
|
141
|
+
role.permitted?('chunky:bacon', 'fry').should be_false
|
118
142
|
end
|
119
143
|
end
|
120
144
|
end
|