conjur-api 4.10.1 → 4.10.2

data/spec/lib/api_spec.rb

@@ -1,4 +1,5 @@
 require 'spec_helper'
+require 'timecop'
 
 shared_examples_for "API endpoint" do
   before { Conjur.configuration = Conjur::Configuration.new }
@@ -6,30 +7,42 @@ shared_examples_for "API endpoint" do
   let(:service_name) { api.name.split('::')[-2].downcase }
   context "in development" do
     before(:each) do
-      Conjur::Configuration.any_instance.stub(:env).and_return "development"
+      allow_any_instance_of(Conjur::Configuration).to receive(:env).and_return "development"
+    end
+
+    describe '#host' do
+      subject { super().host }
+      it do
+      is_expected.to eq("http://localhost:#{Conjur.configuration.service_base_port + port_offset}")
     end
-    its "host" do
-      should == "http://localhost:#{Conjur.configuration.service_base_port + port_offset}"
     end
   end
   context "'ci' account" do
     before {
-      Conjur::Configuration.any_instance.stub(:account).and_return 'ci'
+      allow_any_instance_of(Conjur::Configuration).to receive(:account).and_return 'ci'
     }
     context "in stage" do
       before(:each) do
-        Conjur::Configuration.any_instance.stub(:env).and_return "stage"
+        allow_any_instance_of(Conjur::Configuration).to receive(:env).and_return "stage"
+      end
+
+      describe '#host' do
+        subject { super().host }
+        it do
+        is_expected.to eq("https://#{service_name}-ci-conjur.herokuapp.com")
       end
-      its "host" do
-        should == "https://#{service_name}-ci-conjur.herokuapp.com"
       end
     end
     context "in ci" do
       before(:each) do
-        Conjur::Configuration.any_instance.stub(:env).and_return "ci"
+        allow_any_instance_of(Conjur::Configuration).to receive(:env).and_return "ci"
+      end
+
+      describe '#host' do
+        subject { super().host }
+        it do
+        is_expected.to eq("https://#{service_name}-ci-conjur.herokuapp.com")
       end
-      its "host" do
-        should == "https://#{service_name}-ci-conjur.herokuapp.com"
       end
     end
   end
@@ -58,39 +71,39 @@ describe Conjur::API do
         context "for short id (2 tokens)" do
           let(:id) { "token#1:token#2" }
           let(:current_account) { "current_account" }
-          before(:each) { Conjur::Core::API.stub(:conjur_account).and_return current_account }
+          before(:each) { allow(Conjur::Core::API).to receive(:conjur_account).and_return current_account }
 
           it "account: current account" do
-            subject[0].should == current_account
+            expect(subject[0]).to eq(current_account)
           end
 
           it "kind: passed kind" do
-            subject[1].should == kind
+            expect(subject[1]).to eq(kind)
           end
 
           it "subkind: token #1 (escaped)" do
-            subject[2].should == escaped("token#1")
+            expect(subject[2]).to eq(escaped("token#1"))
           end
 
           it "id: token #2 (escaped)" do
-            subject[3].should == escaped("token#2")
+            expect(subject[3]).to eq(escaped("token#2"))
           end
         end
 
         context "for long ids (3+ tokens)" do
           let(:id) { "token#1:token#2:token#3:token#4" }
           it "account: token #1 (escaped)" do
-            subject[0].should == escaped("token#1")
+            expect(subject[0]).to eq(escaped("token#1"))
           end
 
           it "kind: passed kind" do
-            subject[1].should  == kind
+            expect(subject[1]).to  eq(kind)
           end
           it "subkind: token #2 (escaped)" do
-            subject[2].should == escaped("token#2")
+            expect(subject[2]).to eq(escaped("token#2"))
           end
           it "id: tail of id starting from token#3" do
-            subject[3].should == escaped("token#3:token#4")
+            expect(subject[3]).to eq(escaped("token#3:token#4"))
           end
         end
 
@@ -101,12 +114,12 @@ describe Conjur::API do
       let(:id)     { :input_id }
 
       it "#parse_role_id(id): calls parse_id(id, 'roles') and returns result" do
-        Conjur::API.should_receive(:parse_id).with(id, 'roles').and_return(result)
-        Conjur::API.parse_role_id(id).should == result
+        expect(Conjur::API).to receive(:parse_id).with(id, 'roles').and_return(result)
+        expect(Conjur::API.parse_role_id(id)).to eq(result)
       end
       it "#parse_resource_id(id): calls parse_id(id, 'resources') and returns result" do
-        Conjur::API.should_receive(:parse_id).with(id, 'resources').and_return(result)
-        Conjur::API.parse_resource_id(id).should == result
+        expect(Conjur::API).to receive(:parse_id).with(id, 'resources').and_return(result)
+        expect(Conjur::API.parse_resource_id(id)).to eq(result)
       end
     end
   end
@@ -124,57 +137,81 @@ describe Conjur::API do
       subject { api }
       context "'ci' account" do
         before {
-          Conjur::Configuration.any_instance.stub(:account).and_return 'ci'
+          allow_any_instance_of(Conjur::Configuration).to receive(:account).and_return 'ci'
         }
         context "in stage" do
           before(:each) do
-            Conjur::Configuration.any_instance.stub(:env).and_return "stage"
+            allow_any_instance_of(Conjur::Configuration).to receive(:env).and_return "stage"
+          end
+
+          describe '#host' do
+            subject { super().host }
+            it do
+            is_expected.to eq("https://authz-stage-conjur.herokuapp.com")
           end
-          its "host" do
-            should == "https://authz-stage-conjur.herokuapp.com"
           end
         end
         context "in ci" do
           before(:each) do
             # Looks at "ENV['CONJUR_STACK']" first, stub this out
-            ENV.stub(:[]).with('CONJUR_STACK').and_return nil
-            Conjur::Configuration.any_instance.stub(:env).and_return "ci"
+            allow(ENV).to receive(:[]).with('CONJUR_STACK').and_return nil
+            allow_any_instance_of(Conjur::Configuration).to receive(:env).and_return "ci"
+          end
+
+          describe '#host' do
+            subject { super().host }
+            it do
+            is_expected.to eq("https://authz-ci-conjur.herokuapp.com")
           end
-          its "host" do
-            should == "https://authz-ci-conjur.herokuapp.com"
           end
         end
         context "when ENV['CONJUR_STACK'] is set to 'v12'" do
           before do
-            Conjur::Configuration.any_instance.stub(:stack).and_return "v12"
-            Conjur::Configuration.any_instance.stub(:env).and_return "ci"
+            allow_any_instance_of(Conjur::Configuration).to receive(:stack).and_return "v12"
+            allow_any_instance_of(Conjur::Configuration).to receive(:env).and_return "ci"
+          end
+
+          describe '#host' do
+            subject { super().host }
+            it { is_expected.to eq("https://authz-v12-conjur.herokuapp.com")}
           end
-          its(:host){ should == "https://authz-v12-conjur.herokuapp.com"}
         end
       end
       context "in production" do
         before(:each) do
-          Conjur::Configuration.any_instance.stub(:env).and_return "production"
+          allow_any_instance_of(Conjur::Configuration).to receive(:env).and_return "production"
+        end
+
+        describe '#host' do
+          subject { super().host }
+          it do
+          is_expected.to eq("https://authz-v4-conjur.herokuapp.com")
         end
-        its "host" do
-          should == "https://authz-v4-conjur.herokuapp.com"
         end
       end
       context "in appliance" do
         before(:each) do
-          Conjur::Configuration.any_instance.stub(:env).and_return "appliance"
+          allow_any_instance_of(Conjur::Configuration).to receive(:env).and_return "appliance"
+        end
+
+        describe '#host' do
+          subject { super().host }
+          it do
+          is_expected.to eq("http://localhost:5100")
         end
-        its "host" do
-          should == "http://localhost:5100"
         end
       end
       context "in named production version" do
         before(:each) do
-          Conjur::Configuration.any_instance.stub(:env).and_return "production"
-          Conjur::Configuration.any_instance.stub(:stack).and_return "waffle"
+          allow_any_instance_of(Conjur::Configuration).to receive(:env).and_return "production"
+          allow_any_instance_of(Conjur::Configuration).to receive(:stack).and_return "waffle"
+        end
+
+        describe '#host' do
+          subject { super().host }
+          it do
+          is_expected.to eq("https://authz-waffle-conjur.herokuapp.com")
         end
-        its "host" do
-          should == "https://authz-waffle-conjur.herokuapp.com"
         end
       end
     end
@@ -187,49 +224,71 @@ describe Conjur::API do
 
   shared_context logged_in: true do
     let(:login) { "bob" }
-    let(:token) { { 'data' => login, 'timestamp' => (Time.now + elapsed ).to_s } }
-    let(:elapsed) { 0 }
+    let(:token) { { 'data' => login, 'timestamp' => Time.now.to_s } }
     subject { api }
     let(:api) { Conjur::API.new_from_token(token) }
     let(:account) { 'some-account' }
-    before { Conjur::Core::API.stub conjur_account: account }
+    before { allow(Conjur::Core::API).to receive_messages conjur_account: account }
   end
 
   context "credential handling", logged_in: true do
     context "from token" do
-      its(:token) { should == token }
-      its(:credentials) { should == { headers: { authorization: "Token token=\"#{Base64.strict_encode64(token.to_json)}\"" }, username: login } }
+      describe '#token' do
+        subject { super().token }
+        it { is_expected.to eq(token) }
+      end
+
+      describe '#credentials' do
+        subject { super().credentials }
+        it { is_expected.to eq({ headers: { authorization: "Token token=\"#{Base64.strict_encode64(token.to_json)}\"" }, username: login }) }
+      end
     end
+
     context "from api key", logged_in: true do
       let(:api_key) { "theapikey" }
       let(:api) { Conjur::API.new_from_key(login, api_key) }
       subject { api }
+
       it("should authenticate to get a token") do
-        Conjur::API.should_receive(:authenticate).with(login, api_key).and_return token
+        expect(Conjur::API).to receive(:authenticate).with(login, api_key).and_return token
         
-        api.instance_variable_get("@token").should == nil
-        api.token.should == token
-        api.credentials.should == { headers: { authorization: "Token token=\"#{Base64.strict_encode64(token.to_json)}\"" }, username: login }
+        expect(api.instance_variable_get("@token")).to eq(nil)
+        expect(api.token).to eq(token)
+        expect(api.credentials).to eq({ headers: { authorization: "Token token=\"#{Base64.strict_encode64(token.to_json)}\"" }, username: login })
+      end
+
+      context "with an expired token" do
+        it "fetches a new one" do
+          allow(Conjur::API).to receive(:authenticate).with(login, api_key).and_return token
+          expect(Time.parse(api.token['timestamp'])).to be_within(5.seconds).of(Time.now)
+
+          Timecop.travel Time.now + 6.minutes
+          new_token = token.merge "timestamp" => Time.now.to_s
+
+          expect(Conjur::API).to receive(:authenticate).with(login, api_key).and_return new_token
+          expect(api.token).to eq(new_token)
+        end
       end
     end
+
     context "from logged-in RestClient::Resource" do
       let(:token_encoded) { Base64.strict_encode64(token.to_json) }
       let(:resource) { RestClient::Resource.new("http://example.com", { headers: { authorization: "Token token=\"#{token_encoded}\"" } })}
       it "can construct a new API instance" do
         api = resource.conjur_api
-        api.credentials[:headers][:authorization].should == "Token token=\"#{token_encoded}\""
-        api.credentials[:username].should == "bob"
+        expect(api.credentials[:headers][:authorization]).to eq("Token token=\"#{token_encoded}\"")
+        expect(api.credentials[:username]).to eq("bob")
       end
     end
   end
 
   describe "#role_from_username", logged_in: true do
     it "returns a user role when username is plain" do
-      api.role_from_username("plain-username").roleid.should == "#{account}:user:plain-username"
+      expect(api.role_from_username("plain-username").roleid).to eq("#{account}:user:plain-username")
     end
 
     it "returns an appropriate role kind when username is qualified" do
-      api.role_from_username("host/foo/bar").roleid.should == "#{account}:host:foo/bar"
+      expect(api.role_from_username("host/foo/bar").roleid).to eq("#{account}:host:foo/bar")
     end
   end
 
@@ -237,7 +296,7 @@ describe Conjur::API do
     context "when logged in as user" do
       let(:login) { 'joerandom' }
       it "returns a user role" do
-        api.current_role.roleid.should == "#{account}:user:joerandom"
+        expect(api.current_role.roleid).to eq("#{account}:user:joerandom")
       end
     end
 
@@ -245,7 +304,7 @@ describe Conjur::API do
       let(:host) { "somehost" }
       let(:login) { "host/#{host}" }
       it "returns a host role" do
-        api.current_role.roleid.should == "#{account}:host:somehost"
+        expect(api.current_role.roleid).to eq("#{account}:host:somehost")
       end
     end
   end

data/spec/lib/asset_spec.rb

@@ -23,10 +23,10 @@ describe Conjur::ActsAsAsset do
 
   shared_context "asset with role" do
     before(:each) {
-      asset.stub(:core_conjur_account).and_return(ACCOUNT)
-      asset.stub(:resource_kind).and_return(KIND)
-      asset.stub(:resource_id).and_return(ID)
-      Conjur::Role.stub(:new).and_return(role_base)
+      allow(asset).to receive(:core_conjur_account).and_return(ACCOUNT)
+      allow(asset).to receive(:resource_kind).and_return(KIND)
+      allow(asset).to receive(:resource_id).and_return(ID)
+      allow(Conjur::Role).to receive(:new).and_return(role_base)
     }
     let(:role_base) {
       double(:"[]" => role_instance)
@@ -38,21 +38,21 @@ describe Conjur::ActsAsAsset do
   
   shared_examples_for "it obtains role via asset" do
     it "account=asset.core_conjur_account" do
-      asset.should_receive(:core_conjur_account)
+      expect(asset).to receive(:core_conjur_account)
       invoke
     end
     it "kind=asset.resource_kind" do
-      asset.should_receive(:resource_kind)
+      expect(asset).to receive(:resource_kind)
       invoke
     end
     it "id=asset.resource_id" do
-      asset.should_receive(:resource_id)
+      expect(asset).to receive(:resource_id)
       invoke
     end
     
     it "obtains role as #{ACCOUNT}:@:#{KIND}/#{ID}/#{ROLE}" do
-      Conjur::Role.should_receive(:new).with("http://localhost:5100", {}).and_return role_base
-      role_base.should_receive(:[]).with("#{CGI.escape ACCOUNT}/roles/@/#{KIND}/#{ID}/#{CGI.escape ROLE}").and_return role_instance
+      expect(Conjur::Role).to receive(:new).with("http://localhost:5100", {}).and_return role_base
+      expect(role_base).to receive(:[]).with("#{CGI.escape ACCOUNT}/roles/@/#{KIND}/#{ID}/#{CGI.escape ROLE}").and_return role_instance
       
       invoke
     end   
@@ -63,7 +63,7 @@ describe Conjur::ActsAsAsset do
     include_context "asset with role"
     it_behaves_like "it obtains role via asset"
     it 'calls role.grant_to(member,...)' do
-      role_instance.should_receive(:grant_to).with(MEMBER, anything)
+      expect(role_instance).to receive(:grant_to).with(MEMBER, anything)
       invoke
     end
   end
@@ -73,7 +73,7 @@ describe Conjur::ActsAsAsset do
     include_context "asset with role"
     it_behaves_like "it obtains role via asset"
     it 'calls role.revoke_from(member)' do
-      role_instance.should_receive(:revoke_from).with(MEMBER)
+      expect(role_instance).to receive(:revoke_from).with(MEMBER)
       invoke
     end
   end

data/spec/lib/audit_spec.rb

@@ -12,7 +12,7 @@ describe Conjur::API, api: :dummy do
     let(:expected_url){ "#{Conjur::Audit::API.host}/#{expected_path}#{query}" }
     
     def expect_request
-      RestClient::Request.should_receive(:execute).with(
+      expect(RestClient::Request).to receive(:execute).with(
         headers: credentials[:headers],
         url: expected_url,
         method: :get
@@ -28,7 +28,7 @@ describe Conjur::API, api: :dummy do
       shared_examples_for "gets all visible events" do
         it "GETs /" do
           expect_request
-          api.audit(*full_args).should == response
+          expect(api.audit(*full_args)).to eq(response)
         end
       end
       
@@ -52,7 +52,7 @@ describe Conjur::API, api: :dummy do
       shared_examples_for "gets roles feed" do
         it "GETs roles/:role_id" do
           expect_request
-          api.audit_role(*full_args).should == response
+          expect(api.audit_role(*full_args)).to eq(response)
         end
       end
       
@@ -83,7 +83,7 @@ describe Conjur::API, api: :dummy do
       shared_examples_for "gets the resource feed" do
         it "GETS resources/:resource_id" do
           expect_request
-          api.audit_resource(*full_args).should == response
+          expect(api.audit_resource(*full_args)).to eq(response)
         end
       end
       

data/spec/lib/build_from_response_spec.rb

@@ -13,11 +13,11 @@ describe Conjur::BuildFromResponse do
 
     before do
       subject.extend Conjur::BuildFromResponse
-      subject.should_receive(:new).with(location, credentials).and_return constructed
-      constructed.should_receive(:attributes=).with attrs
+      expect(subject).to receive(:new).with(location, credentials).and_return constructed
+      expect(constructed).to receive(:attributes=).with attrs
 
       constructed.extend Conjur::LogSource
-      constructed.stub username: 'whatever'
+      allow(constructed).to receive_messages username: 'whatever'
     end
 
     it "passes the location credentials and attributes" do
@@ -26,23 +26,23 @@ describe Conjur::BuildFromResponse do
 
     context "with a resource(-ish) class" do
       before do
-        constructed.stub resource_kind: 'chunky', resource_id: 'bacon'
+        allow(constructed).to receive_messages resource_kind: 'chunky', resource_id: 'bacon'
       end
 
       it "logs creation correctly" do
         subject.build_from_response response, credentials
-        log.should =~ /Created chunky bacon/
+        expect(log).to match(/Created chunky bacon/)
       end
     end
 
     context "with a id(-ish) class" do
       before do
-        constructed.stub id: 'bacon'
+        allow(constructed).to receive_messages id: 'bacon'
       end
 
       it "logs creation correctly" do
         subject.build_from_response response, credentials
-        log.should =~ /Created some bacon/
+        expect(log).to match(/Created some bacon/)
       end
     end
   end