conjur-api 2.7.1 → 4.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,3 +1,23 @@
1
+ #
2
+ # Copyright (C) 2013 Conjur Inc
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining a copy of
5
+ # this software and associated documentation files (the "Software"), to deal in
6
+ # the Software without restriction, including without limitation the rights to
7
+ # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
8
+ # the Software, and to permit persons to whom the Software is furnished to do so,
9
+ # subject to the following conditions:
10
+ #
11
+ # The above copyright notice and this permission notice shall be included in all
12
+ # copies or substantial portions of the Software.
13
+ #
14
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
16
+ # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
17
+ # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
18
+ # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19
+ # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
+ #
1
21
  module Conjur
2
22
  class Resource < RestClient::Resource
3
23
  include Exists
data/lib/conjur/role.rb CHANGED
@@ -1,3 +1,23 @@
1
+ #
2
+ # Copyright (C) 2013 Conjur Inc
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining a copy of
5
+ # this software and associated documentation files (the "Software"), to deal in
6
+ # the Software without restriction, including without limitation the rights to
7
+ # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
8
+ # the Software, and to permit persons to whom the Software is furnished to do so,
9
+ # subject to the following conditions:
10
+ #
11
+ # The above copyright notice and this permission notice shall be included in all
12
+ # copies or substantial portions of the Software.
13
+ #
14
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
16
+ # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
17
+ # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
18
+ # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19
+ # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
+ #
1
21
  require 'conjur/role_grant'
2
22
 
3
23
  module Conjur
@@ -24,32 +44,25 @@ module Conjur
24
44
  end
25
45
  self.put(options)
26
46
  end
27
-
47
+
28
48
  def all(options = {})
29
- JSON.parse(self["?all"].get(options)).collect do |id|
30
- id = [ id['account'], id['id'] ].join(':')
49
+ query_string = "?all"
50
+
51
+ if filter = options.delete(:filter)
52
+ filter = [filter] unless filter.is_a?(Array)
53
+ (query_string << "&" << filter.to_query("filter")) unless filter.empty?
54
+ end
55
+ JSON.parse(self[query_string].get(options)).collect do |id|
31
56
  Role.new(Conjur::Authz::API.host, self.options)[Conjur::API.parse_role_id(id).join('/')]
32
57
  end
33
58
  end
34
59
 
35
- def grant_to(member, *args)
36
- if Conjur::API::VERSION < "3.0.0"
37
- options = args[-1]
38
- if args.length > 1
39
- warning = "WARNING: Deprecated arguments to grant_to. Please put admin_option in the options hash."
40
- options[:admin_option] = args[0]
41
- end
42
-
43
- unless options.nil? || options.is_a?(Hash)
44
- warning = "WARNING: Deprecated arguments to grant_to. Please put admin_option in the options hash."
45
- options = { admin_option: options }
46
- end
47
- else
48
- raise "Please remove the deprecated API in 3.0 and change the method signature to grant_to(member, options)"
49
- end
50
-
60
+ def member_of?(other_role)
61
+ not all(filter: (other_role.roleid rescue other_role)).empty?
62
+ end
63
+
64
+ def grant_to(member, options={})
51
65
  log do |logger|
52
- logger << warning if warning
53
66
  logger << "Granting role #{identifier} to #{member}"
54
67
  unless options.blank?
55
68
  logger << " with options #{options.to_json}"
@@ -68,8 +81,9 @@ module Conjur
68
81
  self["?members&member=#{query_escape member}"].delete(options)
69
82
  end
70
83
 
71
- def permitted?(resource_kind, resource_id, privilege, options = {})
72
- self["?check&resource_kind=#{query_escape resource_kind}&resource_id=#{query_escape resource_id}&privilege=#{query_escape privilege}"].get(options)
84
+ def permitted?(resource_id, privilege, options = {})
85
+ # NOTE: in previous versions there was 'kind' passed separately. Now it is part of id
86
+ self["?check&resource_id=#{query_escape resource_id}&privilege=#{query_escape privilege}"].get(options)
73
87
  true
74
88
  rescue RestClient::ResourceNotFound
75
89
  false
@@ -1,3 +1,23 @@
1
+ #
2
+ # Copyright (C) 2013 Conjur Inc
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining a copy of
5
+ # this software and associated documentation files (the "Software"), to deal in
6
+ # the Software without restriction, including without limitation the rights to
7
+ # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
8
+ # the Software, and to permit persons to whom the Software is furnished to do so,
9
+ # subject to the following conditions:
10
+ #
11
+ # The above copyright notice and this permission notice shall be included in all
12
+ # copies or substantial portions of the Software.
13
+ #
14
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
16
+ # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
17
+ # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
18
+ # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19
+ # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
+ #
1
21
  module Conjur
2
22
  RoleGrant = Struct.new(:member, :grantor, :admin_option) do
3
23
  class << self
data/lib/conjur/secret.rb CHANGED
@@ -1,3 +1,23 @@
1
+ #
2
+ # Copyright (C) 2013 Conjur Inc
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining a copy of
5
+ # this software and associated documentation files (the "Software"), to deal in
6
+ # the Software without restriction, including without limitation the rights to
7
+ # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
8
+ # the Software, and to permit persons to whom the Software is furnished to do so,
9
+ # subject to the following conditions:
10
+ #
11
+ # The above copyright notice and this permission notice shall be included in all
12
+ # copies or substantial portions of the Software.
13
+ #
14
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
16
+ # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
17
+ # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
18
+ # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19
+ # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
+ #
1
21
  module Conjur
2
22
  class Secret < RestClient::Resource
3
23
  include ActsAsAsset
@@ -1,3 +1,23 @@
1
+ #
2
+ # Copyright (C) 2013 Conjur Inc
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining a copy of
5
+ # this software and associated documentation files (the "Software"), to deal in
6
+ # the Software without restriction, including without limitation the rights to
7
+ # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
8
+ # the Software, and to permit persons to whom the Software is furnished to do so,
9
+ # subject to the following conditions:
10
+ #
11
+ # The above copyright notice and this permission notice shall be included in all
12
+ # copies or substantial portions of the Software.
13
+ #
14
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
16
+ # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
17
+ # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
18
+ # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19
+ # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
+ #
1
21
  module Conjur
2
22
  module StandardMethods
3
23
  require 'active_support/core_ext'
@@ -19,9 +39,11 @@ module Conjur
19
39
  end
20
40
 
21
41
  def standard_list(host, type, options)
22
- JSON.parse(RestClient::Resource.new(host, credentials)[type.to_s.pluralize].get(options)).collect do |json|
23
- send(type, fully_escape(json['id'])).tap do |obj|
24
- obj.attributes = json
42
+ JSON.parse(RestClient::Resource.new(host, credentials)[type.to_s.pluralize].get(options)).collect do |item|
43
+ if item.is_a? String # lists w/o details are just list of ids
44
+ send(type, fully_escape(item))
45
+ else # list w/ details consists of hashes
46
+ send(type, fully_escape(item['id'])).tap { |obj| obj.attributes=item }
25
47
  end
26
48
  end
27
49
  end
data/lib/conjur/user.rb CHANGED
@@ -1,3 +1,23 @@
1
+ #
2
+ # Copyright (C) 2013 Conjur Inc
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining a copy of
5
+ # this software and associated documentation files (the "Software"), to deal in
6
+ # the Software without restriction, including without limitation the rights to
7
+ # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
8
+ # the Software, and to permit persons to whom the Software is furnished to do so,
9
+ # subject to the following conditions:
10
+ #
11
+ # The above copyright notice and this permission notice shall be included in all
12
+ # copies or substantial portions of the Software.
13
+ #
14
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
16
+ # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
17
+ # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
18
+ # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19
+ # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
+ #
1
21
  module Conjur
2
22
  class InvalidToken < Exception
3
23
  end
@@ -8,4 +28,4 @@ module Conjur
8
28
 
9
29
  alias login id
10
30
  end
11
- end
31
+ end
@@ -1,3 +1,23 @@
1
+ #
2
+ # Copyright (C) 2013 Conjur Inc
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining a copy of
5
+ # this software and associated documentation files (the "Software"), to deal in
6
+ # the Software without restriction, including without limitation the rights to
7
+ # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
8
+ # the Software, and to permit persons to whom the Software is furnished to do so,
9
+ # subject to the following conditions:
10
+ #
11
+ # The above copyright notice and this permission notice shall be included in all
12
+ # copies or substantial portions of the Software.
13
+ #
14
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
16
+ # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
17
+ # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
18
+ # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19
+ # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
+ #
1
21
  module Conjur
2
22
  class Variable < RestClient::Resource
3
23
  include ActsAsAsset
@@ -21,4 +41,4 @@ module Conjur
21
41
  self[url].get.body
22
42
  end
23
43
  end
24
- end
44
+ end
data/spec/lib/api_spec.rb CHANGED
@@ -35,22 +35,81 @@ shared_examples_for "API endpoint" do
35
35
  end
36
36
 
37
37
  describe Conjur::API do
38
- context "parse_role_id" do
39
- subject { Conjur::API }
40
- specify {
41
- Conjur::Core::API.should_receive(:conjur_account).and_return 'ci'
42
- subject.parse_role_id('foo:bar').should == [ 'ci', 'roles', 'foo', 'bar' ]
43
- }
44
- specify {
45
- subject.parse_role_id('biz:foo:bar').should == [ 'biz', 'roles', 'foo', 'bar' ]
46
- }
47
- specify {
48
- subject.parse_role_id('biz:foo:bar/12').should == [ 'biz', 'roles', 'foo', 'bar/12' ]
49
- }
50
- specify {
51
- subject.parse_role_id('biz:foo:bar:12').should == [ 'biz', 'roles', 'foo', 'bar:12' ]
52
- }
38
+ describe "provides functions for id parsing" do
39
+ describe "#parse_id(id, kind)" do
40
+ subject { Conjur::API }
41
+ let (:kind) { "sample-kind" }
42
+
43
+ it "fails on non-string ids" do
44
+ expect { subject.parse_id({}, kind) }.to raise_error
45
+ end
46
+
47
+ it "fails on malformed ids (<2 tokens)" do
48
+ expect { subject.parse_id("foo", kind) }.to raise_error
49
+ expect { subject.parse_id("", kind) }.to raise_error
50
+ expect { subject.parse_id(nil, kind) }.to raise_error
51
+ end
52
+
53
+ describe "returns array of [account, kind, subkind, id]" do
54
+ subject { Conjur::API.parse_id(id, kind) }
55
+ def escaped smth ; Conjur::API.path_escape(smth) ; end
56
+
57
+ context "for short id (2 tokens)" do
58
+ let(:id) { "token#1:token#2" }
59
+ let(:current_account) { "current_account" }
60
+ before(:each) { Conjur::Core::API.stub(:conjur_account).and_return current_account }
61
+
62
+ it "account: current account" do
63
+ subject[0].should == current_account
64
+ end
65
+
66
+ it "kind: passed kind" do
67
+ subject[1].should == kind
68
+ end
69
+
70
+ it "subkind: token #1 (escaped)" do
71
+ subject[2].should == escaped("token#1")
72
+ end
73
+
74
+ it "id: token #2 (escaped)" do
75
+ subject[3].should == escaped("token#2")
76
+ end
77
+ end
78
+
79
+ context "for long ids (3+ tokens)" do
80
+ let(:id) { "token#1:token#2:token#3:token#4" }
81
+ it "account: token #1 (escaped)" do
82
+ subject[0].should == escaped("token#1")
83
+ end
84
+
85
+ it "kind: passed kind" do
86
+ subject[1].should == kind
87
+ end
88
+ it "subkind: token #2 (escaped)" do
89
+ subject[2].should == escaped("token#2")
90
+ end
91
+ it "id: tail of id starting from token#3" do
92
+ subject[3].should == escaped("token#3:token#4")
93
+ end
94
+ end
95
+
96
+ end
97
+ end
98
+ describe "wrapper functions" do
99
+ let(:result) { [:account,:kind,:id] }
100
+ let(:id) { :input_id }
101
+
102
+ it "#parse_role_id(id): calls parse_id(id, 'roles') and returns result" do
103
+ Conjur::API.should_receive(:parse_id).with(id, 'roles').and_return(result)
104
+ Conjur::API.parse_role_id(id).should == result
105
+ end
106
+ it "#parse_resource_id(id): calls parse_id(id, 'resources') and returns result" do
107
+ Conjur::API.should_receive(:parse_id).with(id, 'resources').and_return(result)
108
+ Conjur::API.parse_resource_id(id).should == result
109
+ end
110
+ end
53
111
  end
112
+
54
113
  context "host construction" do
55
114
  context "of authn service" do
56
115
  let(:port_offset) { 0 }
@@ -67,6 +126,8 @@ describe Conjur::API do
67
126
  }
68
127
  context "in stage" do
69
128
  before(:each) do
129
+ # Looks at "ENV['CONJUR_STACK']" first, stub this out
130
+ ENV.stub(:[]).with('CONJUR_STACK').and_return nil
70
131
  Conjur.stub(:env).and_return "stage"
71
132
  end
72
133
  its "default_host" do
@@ -75,19 +136,30 @@ describe Conjur::API do
75
136
  end
76
137
  context "in ci" do
77
138
  before(:each) do
139
+ # Looks at "ENV['CONJUR_STACK']" first, stub this out
140
+ ENV.stub(:[]).with('CONJUR_STACK').and_return nil
78
141
  Conjur.stub(:env).and_return "ci"
79
142
  end
80
143
  its "default_host" do
81
144
  should == "https://authz-ci-conjur.herokuapp.com"
82
145
  end
83
146
  end
147
+ context "when ENV['CONJUR_STACK'] is set to 'v12'" do
148
+ before do
149
+ ENV.stub(:[]).and_call_original
150
+ ENV.stub(:[]).with('CONJUR_STACK').and_return 'v12'
151
+ # If the "real" env is used ('test') then the URL is always localhost:<someport>
152
+ Conjur.stub(:env).and_return "ci"
153
+ end
154
+ its(:default_host){ should == "https://authz-v12-conjur.herokuapp.com"}
155
+ end
84
156
  end
85
157
  context "in production" do
86
158
  before(:each) do
87
159
  Conjur.stub(:env).and_return "production"
88
160
  end
89
161
  its "default_host" do
90
- should == "https://authz-v3-conjur.herokuapp.com"
162
+ should == "https://authz-v4-conjur.herokuapp.com"
91
163
  end
92
164
  end
93
165
  context "in named production version" do
@@ -142,7 +214,7 @@ describe Conjur::API do
142
214
  end
143
215
 
144
216
  it "returns an appropriate role kind when username is qualified" do
145
- api.role_from_username("host/foobar").roleid.should == "#{account}:host:foobar"
217
+ api.role_from_username("host/foo/bar").roleid.should == "#{account}:host:foo/bar"
146
218
  end
147
219
  end
148
220
 
@@ -35,25 +35,10 @@ describe Conjur::Role, api: :dummy do
35
35
  it "works without arguments" do
36
36
  members = double "members request"
37
37
  subject.should_receive(:[]).with('?members&member=other').and_return(members)
38
- members.should_receive(:put).with nil
38
+ members.should_receive(:put).with({})
39
39
  subject.grant_to "other"
40
40
  end
41
41
 
42
- context deprecated: 'v3' do # remove in 3.0
43
- it "should also accept the deprecated argument format with extra options" do
44
- members = double "members request"
45
- subject.should_receive(:[]).with('?members&member=other').and_return(members)
46
- members.should_receive(:put).with admin_option: true, foo: 'bar'
47
- subject.grant_to "other", true, foo: 'bar'
48
- end
49
-
50
- it "should also accept the deprecated argument format without extra options" do
51
- members = double "members request"
52
- subject.should_receive(:[]).with('?members&member=other').and_return(members)
53
- members.should_receive(:put).with admin_option: true, foo: 'bar'
54
- subject.grant_to "other", true, foo: 'bar'
55
- end
56
- end
57
42
  end
58
43
 
59
44
  describe '#create' do
@@ -70,7 +55,7 @@ describe Conjur::Role, api: :dummy do
70
55
 
71
56
  describe '#all' do
72
57
  it 'returns roles for ids got from ?all' do
73
- roles = [{'account' => 'foo', 'id' => 'k:bar'}, {'account' => 'baz', 'id' => 'k:xyzzy'}]
58
+ roles = ['foo:k:bar', 'baz:k:xyzzy']
74
59
  RestClient::Request.should_receive(:execute).with(
75
60
  method: :get,
76
61
  url: role.url + "/?all",
@@ -82,6 +67,45 @@ describe Conjur::Role, api: :dummy do
82
67
  all[1].account.should == 'baz'
83
68
  all[1].id.should == 'xyzzy'
84
69
  end
70
+
71
+
72
+ describe "filter param" do
73
+ def self.it_passes_the_filter_as(query_string)
74
+ it "calls ?all&#{query_string}" do
75
+ RestClient::Request.should_receive(:execute).with(
76
+ method: :get,
77
+ url: role.url + "/?all&#{query_string}",
78
+ headers:{}
79
+ ).and_return([].to_json)
80
+ role.all filter: filter
81
+ end
82
+ end
83
+ context "when a string" do
84
+ let(:filter){ 'string' }
85
+ it_passes_the_filter_as ['string'].to_query('filter')
86
+ end
87
+
88
+ context "when an array" do
89
+ let(:filter){ ['foo', 'bar'] }
90
+ it_passes_the_filter_as ['foo', 'bar'].to_query('filter')
91
+ end
92
+ end
93
+
94
+ end
95
+
96
+ describe '#member_of?' do
97
+ it 'calls #all with :filter=>id and returns true if the result is non-empty' do
98
+ role.should_receive(:all).with(filter: 'the filter').and_return ['an id']
99
+ role.member_of?('the filter').should be_true
100
+ role.should_receive(:all).with(filter: 'the filter').and_return []
101
+ role.member_of?('the filter').should be_false
102
+ end
103
+
104
+ it "accepts a Role" do
105
+ other = double('Role', roleid: 'foo')
106
+ role.should_receive(:all).with(filter: other.roleid).and_return []
107
+ role.member_of?(other)
108
+ end
85
109
  end
86
110
 
87
111
  describe '#revoke_from' do
@@ -99,7 +123,7 @@ describe Conjur::Role, api: :dummy do
99
123
  before do
100
124
  RestClient::Request.stub(:execute).with(
101
125
  method: :get,
102
- url: role.url + "/?check&resource_kind=chunky&resource_id=bacon&privilege=fry",
126
+ url: role.url + "/?check&resource_id=chunky:bacon&privilege=fry",
103
127
  headers: {}
104
128
  ) { result }
105
129
  end
@@ -107,14 +131,14 @@ describe Conjur::Role, api: :dummy do
107
131
  context "when get ?check is successful" do
108
132
  let(:result) { :ok }
109
133
  it "returns true" do
110
- role.permitted?('chunky', 'bacon', 'fry').should be_true
134
+ role.permitted?('chunky:bacon', 'fry').should be_true
111
135
  end
112
136
  end
113
137
 
114
138
  context "when get ?check not found" do
115
139
  let(:result) { raise RestClient::ResourceNotFound, 'foo' }
116
140
  it "returns false" do
117
- role.permitted?('chunky', 'bacon', 'fry').should be_false
141
+ role.permitted?('chunky:bacon', 'fry').should be_false
118
142
  end
119
143
  end
120
144
  end