conjur-api 4.10.1 → 4.10.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8082f753ddebe272f08498fb3e144dcd5477cc57
-  data.tar.gz: 1de7d39d363c091712b8d73add7cf7d87b952ce1
+  metadata.gz: 430af90880bc80ca4db9982fc99c0d670f17aa6f
+  data.tar.gz: 67be43db258ef8acfbae41801534aa615675da0a
 SHA512:
-  metadata.gz: 28727a8a68e30751fc2234329ceee61857d02fc6fbb41d8f51e1997523b66b21146d740f2af6577160a4d8aebc2f4026994a03fb20542750bb299a251deb80d1
-  data.tar.gz: 93e98f2269bd14ac60e4e3cd7ff8b6453aca5b0f7e4c2cc77da8e2e5736ed035a2712c460874f2ec72f467fd844ccbf9a41ec9b1db9d141bfda4476dd470a5a5
+  metadata.gz: 727e9688efb27f47f99c2e06ee02ef96cbfae03bda9ce177bd31200a8d52577c410166ba08de06b4cb11546c6c109fe52bd7a68804d14e34026e3700b7860e88
+  data.tar.gz: c94276c5d61ac5571f2da98b7d472cf56db274d396cffda3da34dff190f1fcd1b7804e693d472737472066263eab36ed58d7f4723b2519bc6fc7fab4dee900a0

data/CHANGELOG.md

@@ -0,0 +1,10 @@
+# v.4.10.2
+* Authn token is refetched before the expiration
+* Support for configuration `sticky` option is discarded
+* Resource#exists? refactored -- no overloading, code from exists.rb used
+* Tests use Rspec v3 and reset configuration between test cases
+
+
+# v.4.10.1 
+* Resource#exists? returns true if access to resource is forbidden
+* Thread-local configuration for working with different endpoints

data/Gemfile

@@ -4,7 +4,3 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in conjur-api.gemspec
 gemspec
-
-group :test do
-  gem 'fuubar'
-end

data/conjur-api.gemspec

@@ -21,14 +21,16 @@ Gem::Specification.new do |gem|
   
   gem.add_dependency 'rest-client', '= 1.6.7' # with newer versions adding certificates to OpenSSL does not work
   gem.add_dependency 'activesupport'
+  gem.add_dependency 'wrong'
   
   gem.add_development_dependency 'rake'
   gem.add_development_dependency 'spork'
-  gem.add_development_dependency 'rspec', '>= 2.14', '< 3.0'
+  gem.add_development_dependency 'rspec', '~> 3'
   gem.add_development_dependency 'webmock'
   gem.add_development_dependency 'ci_reporter_rspec'
   gem.add_development_dependency 'simplecov'
   gem.add_development_dependency 'io-grab'
   gem.add_development_dependency 'yard'
   gem.add_development_dependency 'redcarpet'
+  gem.add_development_dependency 'timecop'
 end

data/lib/conjur-api/version.rb

@@ -20,6 +20,6 @@
 #
 module Conjur
   class API
-    VERSION = "4.10.1"
+    VERSION = "4.10.2"
   end
 end

data/lib/conjur/base.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2013 Conjur Inc
+# Copyright (C) 2013-2014 Conjur Inc
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy of
 # this software and associated documentation files (the "Software"), to deal in
@@ -21,6 +21,7 @@
 require 'rest-client'
 require 'json'
 require 'base64'
+require 'wrong'
 
 require 'conjur/exists'
 require 'conjur/has_attributes'
@@ -38,7 +39,8 @@ module Conjur
     include LogSource
     include StandardMethods
     include Cast
-    
+    include Wrong
+
     class << self
       # Parse a role id into [ account, 'roles', kind, id ]
       def parse_role_id(id)
@@ -107,9 +109,14 @@ module Conjur
     def host
       self.class.host
     end
-    
+
     def token
+      @token = nil unless token_valid?
+
       @token ||= Conjur::API.authenticate(@username, @api_key)
+
+      assert { token_valid? }
+      return @token
     end
     
     # Authenticate the username and api_key to obtain a request token.
@@ -117,5 +124,15 @@ module Conjur
     def credentials
       { headers: { authorization: "Token token=\"#{Base64.strict_encode64 token.to_json}\"" }, username: username }
     end
+
+    private
+
+    def token_valid?
+      return false unless @token
+      
+      # Actual token expiration is 8 minutes, but why cut it so close
+      expiration = 5.minutes
+      Time.now - Time.parse(@token['timestamp']) < expiration
+    end
   end
-end
+end

data/lib/conjur/configuration.rb

@@ -68,8 +68,6 @@ module Conjur
       # @option options [Proc, *] :default Default value or proc to provide it
       # @option options [Boolean] :required (false) when true, raise an exception if the option is
       #   not set
-      # @option options [Boolean] :sticky (true) when false, default proc will be called every time, 
-      #   otherwise the proc's result will be cached
       # @option options [Proc, #to_proc] :convert proc-ish to convert environment 
       #   values to appropriate types
       # @param [Proc] def_proc block to provide default values 
@@ -77,7 +75,6 @@ module Conjur
       def add_option name, options = {}, &def_proc
         accepted_options << name
         allow_env = options[:env].nil? || options[:env]
-        sticky = options.member?(:sticky) ? options[:sticky] : true
         env_var = options[:env] || "CONJUR_#{name.to_s.upcase}"
         def_val = options[:default]
         opt_name = name
@@ -108,9 +105,7 @@ module Conjur
           elsif allow_env && ENV.member?(env_var)
             instance_exec(ENV[env_var], &convert)
           else 
-            value = instance_eval(&def_proc)
-            supplied[name] = value if sticky
-            value
+            instance_eval(&def_proc)
           end
         end
         alias_method("#{name}?", name) if options[:boolean]

data/lib/conjur/resource.rb

@@ -24,6 +24,7 @@ module Conjur
   class Resource < RestClient::Resource
     include HasAttributes
     include PathBased
+    include Exists
     
     def identifier
       match_path(3..-1)
@@ -52,17 +53,6 @@ module Conjur
       self.put(options)
     end
     
-    def exists?(options = {})
-      begin
-        self.head(options)
-        true
-      rescue RestClient::Forbidden
-        true
-      rescue RestClient::ResourceNotFound
-        false
-      end
-    end
-
     # Lists roles that have a specified permission on the resource.
     def permitted_roles(permission, options = {})
       JSON.parse RestClient::Resource.new(Conjur::Authz::API.host, self.options)["#{account}/roles/allowed_to/#{permission}/#{path_escape kind}/#{path_escape identifier}"].get(options)

data/spec/api/authn_spec.rb

@@ -7,18 +7,18 @@ describe Conjur::API do
   let(:password) { 'sikret' }
 
   before do
-    Conjur::Authn::API.stub host: host
+    allow(Conjur::Authn::API).to receive_messages host: host
   end
 
   describe "::login" do
     it "gets /users/login" do
-      RestClient::Request.should_receive(:execute).with(
+      expect(RestClient::Request).to receive(:execute).with(
         method: :get, url: "http://authn.example.com/users/login", 
         user: user,
         password: password, 
         headers: {}
       ).and_return(response = double)
-      Conjur::API::login(user, password).should == response
+      expect(Conjur::API::login(user, password)).to eq(response)
     end
   end
 
@@ -28,30 +28,30 @@ describe Conjur::API do
 
     it "uses CasRestClient to authenticate" do
       stub_const 'CasRestClient', MockCasRestClient.new(double("response", body: response))
-      Conjur::API.login_cas(user, password, cas_uri).should == response
-      CasRestClient.options.should == {
+      expect(Conjur::API.login_cas(user, password, cas_uri)).to eq(response)
+      expect(CasRestClient.options).to eq({
         username: user,
         password: password,
         uri: "http://cas.example.com/v1/tickets",
         use_cookies: false
-      }
-      CasRestClient.url.should == "http://authn.example.com/users/login"
+      })
+      expect(CasRestClient.url).to eq("http://authn.example.com/users/login")
     end
   end
 
   describe "::authenticate" do
     it "posts the password and dejsons the result" do
-      RestClient::Request.should_receive(:execute).with(
+      expect(RestClient::Request).to receive(:execute).with(
         method: :post, url: "http://authn.example.com/users/#{user}/authenticate",
         payload: password, headers: { content_type: 'text/plain' }
       ).and_return '{ "response": "foo"}'
-      Conjur::API.authenticate(user, password).should == { 'response' => 'foo' }
+      expect(Conjur::API.authenticate(user, password)).to eq({ 'response' => 'foo' })
     end
   end
   
   describe "::update_password" do
     it "logs in and puts the new password" do
-      RestClient::Request.should_receive(:execute).with(
+      expect(RestClient::Request).to receive(:execute).with(
         method: :put, 
         url: "http://authn.example.com/users/password",
         user: user,
@@ -59,7 +59,7 @@ describe Conjur::API do
         payload: 'new-password', 
         headers: {  }
       ).and_return :response
-      Conjur::API.update_password(user, password, 'new-password').should == :response
+      expect(Conjur::API.update_password(user, password, 'new-password')).to eq(:response)
     end
   end
 end

data/spec/api/hosts_spec.rb

@@ -6,12 +6,12 @@ describe Conjur::API, api: :dummy do
     it "uses Net::HTTP to get something" do
       response = double "response",
           code: '200', body: 'foobar'
-      response.stub(:[]).with('Content-Type').and_return 'text/whatever'
+      allow(response).to receive(:[]).with('Content-Type').and_return 'text/whatever'
 
       url = URI.parse "http://example.com"
-      Net::HTTP.stub(:get_response).with(url).and_return response
+      allow(Net::HTTP).to receive(:get_response).with(url).and_return response
 
-      Conjur::API.enroll_host("http://example.com").should == ['text/whatever', 'foobar']
+      expect(Conjur::API.enroll_host("http://example.com")).to eq(['text/whatever', 'foobar'])
     end
   end
 

data/spec/api/layer_spec.rb

@@ -7,7 +7,7 @@ describe Conjur::Layer do
   describe "#add_host" do
     it "casts Host to roleid" do
       host = double(:host)
-      host.should_receive(:roleid).and_return "the-hostid"
+      expect(host).to receive(:roleid).and_return "the-hostid"
       stub_request(:post, "http://example.com/layers/my%2Flayername/hosts").with(hostid: "the-hostid")
 
       subject.add_host host

data/spec/api/pubkeys_spec.rb

@@ -27,12 +27,12 @@ describe Conjur::API, api: :dummy do
   end
   
   before do
-    Conjur::API.stub(pubkeys_asset_host: pubkeys_url)
+    allow(Conjur::API).to receive_messages(pubkeys_asset_host: pubkeys_url)
   end
   
   describe "#public_keys" do
     it "GETs /:username" do
-      RestClient::Request.should_receive(:execute).with(
+      expect(RestClient::Request).to receive(:execute).with(
         url: pubkeys_url_for("bob"),
         method: :get,
         headers: credentials[:headers],
@@ -43,7 +43,7 @@ describe Conjur::API, api: :dummy do
   
   describe "#add_public_key" do
     it "POSTs /:username with the data" do
-      RestClient::Request.should_receive(:execute).with(
+      expect(RestClient::Request).to receive(:execute).with(
         url: pubkeys_url_for("bob"),
         method: :post,
         headers: credentials[:headers],
@@ -55,7 +55,7 @@ describe Conjur::API, api: :dummy do
   
   describe "#delete_public_key" do
     it "DELETEs /:username/:keyname" do
-      RestClient::Request.should_receive(:execute).with(
+      expect(RestClient::Request).to receive(:execute).with(
         url: pubkeys_url_for("bob", "bob-key"),
         method: :delete,
         headers: credentials[:headers]

data/spec/api/resources_spec.rb

@@ -3,21 +3,21 @@ require 'spec_helper'
 describe Conjur::API, api: :dummy do
   describe '#create_resource' do
     it "passes to resource#create" do
-      api.stub(:resource).with(:id).and_return(resource = double)
-      resource.should_receive :create
+      allow(api).to receive(:resource).with(:id).and_return(resource = double)
+      expect(resource).to receive :create
 
-      api.create_resource(:id).should == resource
+      expect(api.create_resource(:id)).to eq(resource)
     end
   end
 
   describe '#resource' do
     it "builds a path and creates a resource from it" do
       res = api.resource "some-account:a-kind:the-id"
-      res.url.should == "#{authz_host}/some-account/resources/a-kind/the-id"
+      expect(res.url).to eq("#{authz_host}/some-account/resources/a-kind/the-id")
     end
     it "accepts an account-less resource" do
       res = api.resource "a-kind:the-id"
-      res.url.should == "#{authz_host}/#{account}/resources/a-kind/the-id"
+      expect(res.url).to eq("#{authz_host}/#{account}/resources/a-kind/the-id")
     end
     it "rejects an underspecified resource" do
       expect { api.resource "the-id" }.to raise_error(/at least two tokens in the-id/)

data/spec/api/roles_spec.rb

@@ -4,7 +4,7 @@ describe Conjur::API, api: :dummy do
   describe '#role_name_from_username' do
     subject { api }
     before {
-      api.stub(:username) { username }
+      allow(api).to receive(:username) { username }
     }
     context "username is" do
       [ 
@@ -15,7 +15,11 @@ describe Conjur::API, api: :dummy do
       ].each do |p|
         context "'#{p[0]}'" do
           let(:username) { p[0] }
-          its("role_name_from_username") { should == p[1] }
+
+          describe '#role_name_from_username' do
+            subject { super().role_name_from_username }
+            it { is_expected.to eq(p[1]) }
+          end
         end
       end
     end

data/spec/api/users_spec.rb

@@ -11,7 +11,7 @@ describe Conjur::API, api: :dummy do
   describe 'user#update' do
     let(:userid) { "alice@wonderland" }
     it "PUTs to /users/:id?uidnumber=:uidnumber" do
-      RestClient::Request.should_receive(:execute).with(
+      expect(RestClient::Request).to receive(:execute).with(
         method: :put,
         url: "#{core_host}/users/#{api.fully_escape(userid)}",
         headers: credentials[:headers],
@@ -28,7 +28,7 @@ describe Conjur::API, api: :dummy do
     let(:search_result)     { ["someuser"].to_json }
     
     it "GETs /users/search with appropriate options, and returns parsed JSON response" do
-      RestClient::Request.should_receive(:execute).with(
+      expect(RestClient::Request).to receive(:execute).with(
         method: :get,  
         url: "#{core_host}/users/search?uidnumber=12345",
         headers: credentials[:headers]
@@ -36,9 +36,9 @@ describe Conjur::API, api: :dummy do
 
       parsed = double()
 
-      JSON.should_receive(:parse).with(search_result).and_return(parsed)
+      expect(JSON).to receive(:parse).with(search_result).and_return(parsed)
 
-      api.find_users(search_parameters).should == parsed
+      expect(api.find_users(search_parameters)).to eq(parsed)
     end
   end
 

data/spec/api/variables_spec.rb

@@ -25,11 +25,11 @@ describe Conjur::API, api: :dummy do
     shared_context "Stubbed API" do
       let (:expected_url) { "#{core_host}/variables/values?vars=#{varlist.map {|v| api.fully_escape(v) }.join(",")}"  }
       before {
-        RestClient::Request.should_receive(:execute).with(
+        expect(RestClient::Request).to receive(:execute).with(
           method: :get,
           url: expected_url,
           headers: credentials[:headers]
-          ).and_return { 
+          ) { 
             if defined? return_error 
               raise return_error
             else
@@ -46,8 +46,8 @@ describe Conjur::API, api: :dummy do
       let (:return_code) { '200' }
       let (:return_body) { '{"var/1":"val1","var/2":"val2","var/3":"val3"}' }
       it "returns Hash of values built from the response" do  
-        api.should_not_receive(:variable)
-        invoke.should == { "var/1"=>"val1", "var/2"=>"val2", "var/3"=>"val3" }
+        expect(api).not_to receive(:variable)
+        expect(invoke).to eq({ "var/1"=>"val1", "var/2"=>"val2", "var/3"=>"val3" })
       end
     end 
 
@@ -55,15 +55,15 @@ describe Conjur::API, api: :dummy do
       include_context "Stubbed API"
       let (:return_error) { RestClient::ResourceNotFound }
       before {  
-        api.should_receive(:variable).with("var/1").and_return(double(value:"val1_obtained_separately"))
-        api.should_receive(:variable).with("var/2").and_return(double(value:"val2_obtained_separately"))
-        api.should_receive(:variable).with("var/3").and_return(double(value:"val3_obtained_separately"))
+        expect(api).to receive(:variable).with("var/1").and_return(double(value:"val1_obtained_separately"))
+        expect(api).to receive(:variable).with("var/2").and_return(double(value:"val2_obtained_separately"))
+        expect(api).to receive(:variable).with("var/3").and_return(double(value:"val3_obtained_separately"))
       }
       it 'tries variables one by one and returns Hash of values' do
-        invoke.should == { "var/1"=>"val1_obtained_separately", 
+        expect(invoke).to eq({ "var/1"=>"val1_obtained_separately", 
                            "var/2"=>"val2_obtained_separately", 
                            "var/3"=>"val3_obtained_separately" 
-                          }
+                          })
       end
     end 
     
@@ -71,7 +71,7 @@ describe Conjur::API, api: :dummy do
       include_context "Stubbed API"
       let (:return_error) { RestClient::Forbidden }
       it 're-raises error without checking particular variables' do 
-        api.should_not_receive(:variable)
+        expect(api).not_to receive(:variable)
         expect { invoke }.to raise_error(return_error)
       end
     end 

data/spec/lib/annotations_spec.rb

@@ -23,7 +23,7 @@ describe Conjur::Annotations do
   let(:url){ "#{Conjur::Authz::API.host}/#{account}/annotations/#{kind}/#{identifier}" }
 
   def expect_put_request url, payload
-    RestClient::Request.should_receive(:execute).with(
+    expect(RestClient::Request).to receive(:execute).with(
       method: :put,
       headers: {},
       url: url,
@@ -33,13 +33,13 @@ describe Conjur::Annotations do
   
   describe '[]' do
     it "returns annotations" do
-      subject[:name].should == 'bar'
-      subject[:comment].should == 'some comment'
-      subject['comment'].should == subject[:comment]
+      expect(subject[:name]).to eq('bar')
+      expect(subject[:comment]).to eq('some comment')
+      expect(subject['comment']).to eq(subject[:comment])
     end
     
     it "caches the get result" do
-      resource.should_receive(:attributes).exactly(1).times.and_return(attributes)
+      expect(resource).to receive(:attributes).exactly(1).times.and_return(attributes)
       subject[:name]
       subject[:name]
     end
@@ -49,23 +49,23 @@ describe Conjur::Annotations do
     it "yields each annotation pair" do
       pairs = []
       subject.each{|k,v| pairs << [k,v]}
-      pairs.should == [[:name, 'bar'], [:comment, 'some comment']]
+      expect(pairs).to eq([[:name, 'bar'], [:comment, 'some comment']])
     end
   end
 
   it "is Enumerable" do
-    subject.should be_a(Enumerable)
+    expect(subject).to be_a(Enumerable)
   end
   
   describe '#to_h' do
     it "returns the correct hash" do
-      subject.to_h.should == {name: 'bar', comment: 'some comment'}
+      expect(subject.to_h).to eq({name: 'bar', comment: 'some comment'})
     end
     it "does not propagate modifications to the returned hash" do
-      RestClient::Request.should_not_receive(:execute)
+      expect(RestClient::Request).not_to receive(:execute)
       subject.to_h[:name] = 'new name'
-      subject[:name].should == subject.to_h[:name]
-      subject[:name].should == "bar"
+      expect(subject[:name]).to eq(subject.to_h[:name])
+      expect(subject[:name]).to eq("bar")
     end
   end
   
@@ -76,7 +76,7 @@ describe Conjur::Annotations do
       hash.each do |k,v|
         expect_put_request(url, name: k, value: v)
       end
-      resource.should_receive(:invalidate).exactly(hash.count).times.and_yield
+      expect(resource).to receive(:invalidate).exactly(hash.count).times.and_yield
       subject.merge! hash
     end
   end
@@ -85,20 +85,20 @@ describe Conjur::Annotations do
 
     it "makes a put request" do
       expect_put_request url, name: :blah, value: 'boo'
-      resource.should_receive(:invalidate).and_yield
+      expect(resource).to receive(:invalidate).and_yield
       subject[:blah] = 'boo'
     end
     
     it "forces a fresh request for the annotations" do
       expect_put_request(url, name: :foo, value: 'bar')
-      resource.should_receive(:attributes).exactly(2).times.and_return(attributes)
-      resource.should_receive(:invalidate).and_yield
+      expect(resource).to receive(:attributes).exactly(2).times.and_return(attributes)
+      expect(resource).to receive(:invalidate).and_yield
       # One get request
-      subject[:name].should == 'bar'
+      expect(subject[:name]).to eq('bar')
       # Update
       subject[:foo] = 'bar'
       # Second get request
-      subject[:name].should == 'bar'
+      expect(subject[:name]).to eq('bar')
     end
   end