conjur-api 4.10.1 → 4.10.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/Gemfile +0 -4
- data/conjur-api.gemspec +3 -1
- data/lib/conjur-api/version.rb +1 -1
- data/lib/conjur/base.rb +21 -4
- data/lib/conjur/configuration.rb +1 -6
- data/lib/conjur/resource.rb +1 -11
- data/spec/api/authn_spec.rb +11 -11
- data/spec/api/hosts_spec.rb +3 -3
- data/spec/api/layer_spec.rb +1 -1
- data/spec/api/pubkeys_spec.rb +4 -4
- data/spec/api/resources_spec.rb +5 -5
- data/spec/api/roles_spec.rb +6 -2
- data/spec/api/users_spec.rb +4 -4
- data/spec/api/variables_spec.rb +10 -10
- data/spec/lib/annotations_spec.rb +17 -17
- data/spec/lib/api_spec.rb +118 -59
- data/spec/lib/asset_spec.rb +11 -11
- data/spec/lib/audit_spec.rb +4 -4
- data/spec/lib/build_from_response_spec.rb +7 -7
- data/spec/lib/configuration_spec.rb +109 -49
- data/spec/lib/deputy_spec.rb +19 -6
- data/spec/lib/exists_spec.rb +15 -13
- data/spec/lib/host_spec.rb +10 -3
- data/spec/lib/log_source_spec.rb +1 -1
- data/spec/lib/log_spec.rb +5 -5
- data/spec/lib/resource_spec.rb +23 -53
- data/spec/lib/role_grant_spec.rb +3 -3
- data/spec/lib/role_spec.rb +54 -34
- data/spec/lib/standard_methods_spec.rb +15 -15
- data/spec/lib/user_spec.rb +32 -12
- data/spec/spec_helper.rb +9 -10
- data/spec/standard_methods_helper.rb +6 -6
- data/spec/variable_spec.rb +12 -7
- metadata +36 -14
- data/.rspec +0 -2
@@ -4,8 +4,12 @@ describe Conjur::Configuration do
|
|
4
4
|
before {
|
5
5
|
Conjur.configuration = Conjur::Configuration.new
|
6
6
|
}
|
7
|
-
|
8
|
-
|
7
|
+
after(:all) do
|
8
|
+
# reset the configuration so it doesn't clobber other tests
|
9
|
+
Conjur.configuration = Conjur::Configuration.new
|
10
|
+
end
|
11
|
+
|
12
|
+
subject(:configuration) { Conjur.configuration }
|
9
13
|
context "thread-local behavior" do
|
10
14
|
it "can swap the Configuration in a new thread" do
|
11
15
|
original = Conjur.configuration
|
@@ -13,11 +17,11 @@ describe Conjur::Configuration do
|
|
13
17
|
Thread.new do
|
14
18
|
Thread.current[:conjur_configuration] = :foo
|
15
19
|
Conjur.with_configuration c do
|
16
|
-
Conjur.configuration.
|
20
|
+
expect(Conjur.configuration).to eq(c)
|
17
21
|
end
|
18
|
-
Thread.current[:conjur_configuration].
|
22
|
+
expect(Thread.current[:conjur_configuration]).to eq(:foo)
|
19
23
|
end.join
|
20
|
-
Conjur.configuration.
|
24
|
+
expect(Conjur.configuration).to eq(original)
|
21
25
|
end
|
22
26
|
end
|
23
27
|
context "with various options" do
|
@@ -25,40 +29,44 @@ describe Conjur::Configuration do
|
|
25
29
|
configuration.account = "the-account"
|
26
30
|
configuration.appliance_url = "https://conjur/api"
|
27
31
|
}
|
28
|
-
it "core_url is not pre-cached" do
|
29
|
-
configuration.supplied[:core_url].should_not be
|
30
|
-
end
|
31
|
-
it "core_url is cached after use" do
|
32
|
-
configuration.core_url
|
33
|
-
configuration.supplied[:core_url].should == configuration.core_url
|
34
|
-
end
|
35
32
|
context "and core_url fetched" do
|
36
33
|
before {
|
37
34
|
configuration.core_url
|
38
35
|
}
|
36
|
+
|
37
|
+
it "can still be changed by changing the appliance_url" do
|
38
|
+
configuration.appliance_url = "https://other/api"
|
39
|
+
expect(configuration.core_url).to eq "https://other/api"
|
40
|
+
end
|
41
|
+
|
39
42
|
context "and duplicated" do
|
40
43
|
subject { configuration.clone override_options }
|
41
44
|
let(:override_options) { Hash.new }
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
45
|
+
|
46
|
+
describe '#account' do
|
47
|
+
subject { super().account }
|
48
|
+
it { is_expected.to eq(configuration.account) }
|
49
|
+
end
|
50
|
+
|
51
|
+
describe '#appliance_url' do
|
52
|
+
subject { super().appliance_url }
|
53
|
+
it { is_expected.to eq(configuration.appliance_url) }
|
54
|
+
end
|
55
|
+
|
56
|
+
describe '#core_url' do
|
57
|
+
subject { super().core_url }
|
58
|
+
it { is_expected.to eq(configuration.appliance_url) }
|
52
59
|
end
|
60
|
+
|
53
61
|
context "appliance_url overridden" do
|
54
62
|
let(:override_options) {
|
55
63
|
{ :appliance_url => "https://example/api" }
|
56
64
|
}
|
57
65
|
it "is ignored by the configuration core_url" do
|
58
|
-
configuration.core_url.
|
66
|
+
expect(configuration.core_url).to eq("https://conjur/api")
|
59
67
|
end
|
60
68
|
it "is reflected in the copy core_url" do
|
61
|
-
subject.core_url.
|
69
|
+
expect(subject.core_url).to eq("https://example/api")
|
62
70
|
end
|
63
71
|
end
|
64
72
|
end
|
@@ -70,86 +78,138 @@ describe Conjur::Configuration do
|
|
70
78
|
ENV.delete('CONJUR_ENV')
|
71
79
|
}
|
72
80
|
context "default env" do
|
73
|
-
|
81
|
+
describe '#env' do
|
82
|
+
subject { super().env }
|
83
|
+
it { is_expected.to eq("production") }
|
84
|
+
end
|
74
85
|
end
|
75
86
|
context "default stack" do
|
76
|
-
|
87
|
+
describe '#stack' do
|
88
|
+
subject { super().stack }
|
89
|
+
it { is_expected.to eq("v4") }
|
90
|
+
end
|
77
91
|
end
|
78
92
|
describe 'authn_url' do
|
79
93
|
before {
|
80
|
-
Conjur::Configuration.
|
94
|
+
allow_any_instance_of(Conjur::Configuration).to receive(:account).and_return "the-account"
|
81
95
|
}
|
82
96
|
context "with appliance_url" do
|
83
97
|
before {
|
84
|
-
Conjur::Configuration.
|
98
|
+
allow_any_instance_of(Conjur::Configuration).to receive(:appliance_url).and_return "http://example.com"
|
85
99
|
}
|
86
|
-
|
100
|
+
|
101
|
+
describe '#authn_url' do
|
102
|
+
subject { super().authn_url }
|
103
|
+
it { is_expected.to eq("http://example.com/authn") }
|
104
|
+
end
|
87
105
|
end
|
88
106
|
context "without appliance_url" do
|
89
|
-
|
107
|
+
describe '#authn_url' do
|
108
|
+
subject { super().authn_url }
|
109
|
+
it { is_expected.to eq("https://authn-the-account-conjur.herokuapp.com") }
|
110
|
+
end
|
90
111
|
end
|
91
112
|
end
|
92
113
|
describe 'authz_url' do
|
93
114
|
before {
|
94
|
-
Conjur::Configuration.
|
115
|
+
allow_any_instance_of(Conjur::Configuration).to receive(:account).and_return "the-account"
|
95
116
|
}
|
96
117
|
context "with appliance_url" do
|
97
118
|
before {
|
98
|
-
Conjur::Configuration.
|
119
|
+
allow_any_instance_of(Conjur::Configuration).to receive(:appliance_url).and_return "http://example.com"
|
99
120
|
}
|
100
|
-
|
121
|
+
|
122
|
+
describe '#authz_url' do
|
123
|
+
subject { super().authz_url }
|
124
|
+
it { is_expected.to eq("http://example.com/authz") }
|
125
|
+
end
|
101
126
|
end
|
102
127
|
context "without appliance_url" do
|
103
|
-
|
128
|
+
describe '#authz_url' do
|
129
|
+
subject { super().authz_url }
|
130
|
+
it { is_expected.to eq("https://authz-v4-conjur.herokuapp.com") }
|
131
|
+
end
|
104
132
|
context "with specific stack" do
|
105
|
-
before { Conjur::Configuration.
|
106
|
-
|
133
|
+
before { allow_any_instance_of(Conjur::Configuration).to receive(:stack).and_return "the-stack" }
|
134
|
+
|
135
|
+
describe '#authz_url' do
|
136
|
+
subject { super().authz_url }
|
137
|
+
it { is_expected.to eq("https://authz-the-stack-conjur.herokuapp.com") }
|
138
|
+
end
|
107
139
|
end
|
108
140
|
end
|
109
141
|
end
|
110
142
|
end
|
111
143
|
context "CONJUR_ENV = 'test'" do
|
112
|
-
|
144
|
+
describe '#env' do
|
145
|
+
subject { super().env }
|
146
|
+
it { is_expected.to eq("test") }
|
147
|
+
end
|
113
148
|
before {
|
114
|
-
Conjur::Configuration.
|
149
|
+
allow_any_instance_of(Conjur::Configuration).to receive(:account).and_return "the-account"
|
115
150
|
}
|
116
151
|
describe 'authn_url' do
|
117
152
|
context "with appliance_url hostname" do
|
118
153
|
before {
|
119
|
-
Conjur::Configuration.
|
154
|
+
allow_any_instance_of(Conjur::Configuration).to receive(:appliance_url).and_return "http://example.com"
|
120
155
|
}
|
121
|
-
|
156
|
+
|
157
|
+
describe '#authn_url' do
|
158
|
+
subject { super().authn_url }
|
159
|
+
it { is_expected.to eq("http://example.com/authn") }
|
160
|
+
end
|
122
161
|
end
|
123
162
|
context "with appliance_url hostname and non-trailing-slash path" do
|
124
163
|
before {
|
125
|
-
Conjur::Configuration.
|
164
|
+
allow_any_instance_of(Conjur::Configuration).to receive(:appliance_url).and_return "http://example.com/api"
|
126
165
|
}
|
127
|
-
|
166
|
+
|
167
|
+
describe '#authn_url' do
|
168
|
+
subject { super().authn_url }
|
169
|
+
it { is_expected.to eq("http://example.com/api/authn") }
|
170
|
+
end
|
128
171
|
end
|
129
172
|
context "without appliance_url" do
|
130
|
-
|
173
|
+
describe '#authn_url' do
|
174
|
+
subject { super().authn_url }
|
175
|
+
it { is_expected.to eq("http://localhost:5000") }
|
176
|
+
end
|
131
177
|
end
|
132
178
|
end
|
133
179
|
describe 'authz_url' do
|
134
180
|
context "with appliance_url" do
|
135
181
|
before {
|
136
|
-
Conjur::Configuration.
|
182
|
+
allow_any_instance_of(Conjur::Configuration).to receive(:appliance_url).and_return "http://example.com/api/"
|
137
183
|
}
|
138
|
-
|
184
|
+
|
185
|
+
describe '#authz_url' do
|
186
|
+
subject { super().authz_url }
|
187
|
+
it { is_expected.to eq("http://example.com/api/authz") }
|
188
|
+
end
|
139
189
|
end
|
140
190
|
context "without appliance_url" do
|
141
|
-
|
191
|
+
describe '#authz_url' do
|
192
|
+
subject { super().authz_url }
|
193
|
+
it { is_expected.to eq("http://localhost:5100") }
|
194
|
+
end
|
142
195
|
end
|
143
196
|
end
|
144
197
|
describe 'core_url' do
|
145
198
|
context "with appliance_url" do
|
146
199
|
before {
|
147
|
-
Conjur::Configuration.
|
200
|
+
allow_any_instance_of(Conjur::Configuration).to receive(:appliance_url).and_return "http://example.com/api"
|
148
201
|
}
|
149
|
-
|
202
|
+
|
203
|
+
describe '#core_url' do
|
204
|
+
subject { super().core_url }
|
205
|
+
it { is_expected.to eq("http://example.com/api") }
|
206
|
+
end
|
150
207
|
end
|
151
208
|
context "without appliance_url" do
|
152
|
-
|
209
|
+
describe '#core_url' do
|
210
|
+
subject { super().core_url }
|
211
|
+
it { is_expected.to eq("http://localhost:5200") }
|
212
|
+
end
|
153
213
|
end
|
154
214
|
end
|
155
215
|
end
|
data/spec/lib/deputy_spec.rb
CHANGED
@@ -1,12 +1,25 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe Conjur::Deputy, api: :dummy do
|
4
|
-
|
4
|
+
let(:api_key) { 'theapikey' }
|
5
5
|
|
6
|
-
|
7
|
-
|
6
|
+
subject(:deputy) { Conjur::Deputy.new 'http://example.com/deputies/my%2Fhostname', nil }
|
7
|
+
before { deputy.attributes = { 'api_key' => api_key } }
|
8
8
|
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
describe '#resource' do
|
10
|
+
subject { deputy.resource }
|
11
|
+
it { is_expected.to be }
|
12
|
+
end
|
13
|
+
|
14
|
+
describe '#login' do
|
15
|
+
it "is extracted from the uri" do
|
16
|
+
expect(deputy.login).to eq('deputy/my/hostname')
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
describe '#api_key' do
|
21
|
+
it "is extracted from attributes" do
|
22
|
+
expect(deputy.api_key).to eq api_key
|
23
|
+
end
|
24
|
+
end
|
12
25
|
end
|
data/spec/lib/exists_spec.rb
CHANGED
@@ -1,22 +1,24 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe Conjur::Exists do
|
4
|
-
subject { Object.new.tap {|o| o.send :extend, Conjur::Exists } }
|
4
|
+
subject(:resource) { Object.new.tap {|o| o.send :extend, Conjur::Exists } }
|
5
5
|
|
6
|
-
|
7
|
-
|
8
|
-
its(:exists?) { should be_true }
|
9
|
-
end
|
6
|
+
describe '#exists?' do
|
7
|
+
subject { resource.exists? }
|
10
8
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
subject.exists?.should be_truthy
|
9
|
+
context "when head returns 200" do
|
10
|
+
before { allow(resource).to receive_messages head: "" }
|
11
|
+
it { is_expected.to be_truthy }
|
15
12
|
end
|
16
|
-
end
|
17
13
|
|
18
|
-
|
19
|
-
|
20
|
-
|
14
|
+
context "when forbidden" do
|
15
|
+
before { allow(resource).to receive(:head) { raise RestClient::Forbidden }}
|
16
|
+
it { is_expected.to be_truthy }
|
17
|
+
end
|
18
|
+
|
19
|
+
context "when not found" do
|
20
|
+
before { allow(resource).to receive(:head) { raise RestClient::ResourceNotFound }}
|
21
|
+
it { is_expected.to be_falsey }
|
22
|
+
end
|
21
23
|
end
|
22
24
|
end
|
data/spec/lib/host_spec.rb
CHANGED
@@ -3,12 +3,19 @@ require 'spec_helper'
|
|
3
3
|
describe Conjur::Host, api: :dummy do
|
4
4
|
subject { Conjur::Host.new 'http://example.com/hosts/my%2Fhostname', nil }
|
5
5
|
|
6
|
-
|
7
|
-
|
6
|
+
describe '#resource' do
|
7
|
+
subject { super().resource }
|
8
|
+
it { is_expected.to be }
|
9
|
+
end
|
10
|
+
|
11
|
+
describe '#login' do
|
12
|
+
subject { super().login }
|
13
|
+
it { is_expected.to eq('host/my/hostname') }
|
14
|
+
end
|
8
15
|
|
9
16
|
it "fetches enrollment_url" do
|
10
17
|
stub_request(:head, "http://example.com/hosts/my%2Fhostname/enrollment_url").
|
11
18
|
to_return(:status => 200, :headers => {location: 'foo'})
|
12
|
-
subject.enrollment_url.
|
19
|
+
expect(subject.enrollment_url).to eq('foo')
|
13
20
|
end
|
14
21
|
end
|
data/spec/lib/log_source_spec.rb
CHANGED
data/spec/lib/log_spec.rb
CHANGED
@@ -7,9 +7,9 @@ describe Conjur do
|
|
7
7
|
before { @old_log = Conjur.log }
|
8
8
|
let(:log) { double 'log' }
|
9
9
|
it "creates the log with given type and makes it available" do
|
10
|
-
Conjur.
|
10
|
+
allow(Conjur).to receive(:create_log).with(:param).and_return log
|
11
11
|
Conjur::log = :param
|
12
|
-
Conjur::log.
|
12
|
+
expect(Conjur::log).to eq(log)
|
13
13
|
end
|
14
14
|
after { Conjur.class_variable_set :@@log, @old_log }
|
15
15
|
end
|
@@ -19,14 +19,14 @@ describe Conjur do
|
|
19
19
|
context "with 'stdout'" do
|
20
20
|
let(:param) { 'stdout' }
|
21
21
|
it "creates something which writes to STDOUT" do
|
22
|
-
$stdout.grab { log << "foo" }.
|
22
|
+
expect($stdout.grab { log << "foo" }).to eq('foo')
|
23
23
|
end
|
24
24
|
end
|
25
25
|
|
26
26
|
context "with 'stderr'" do
|
27
27
|
let(:param) { 'stderr' }
|
28
28
|
it "creates something which writes to STDERR" do
|
29
|
-
$stderr.grab { log << "foo" }.
|
29
|
+
expect($stderr.grab { log << "foo" }).to eq('foo')
|
30
30
|
end
|
31
31
|
end
|
32
32
|
|
@@ -35,7 +35,7 @@ describe Conjur do
|
|
35
35
|
let(:param) { tempfile.path }
|
36
36
|
it "creates something which writes to the file" do
|
37
37
|
log << "foo"
|
38
|
-
tempfile.read.
|
38
|
+
expect(tempfile.read).to eq("foo")
|
39
39
|
end
|
40
40
|
end
|
41
41
|
end
|
data/spec/lib/resource_spec.rb
CHANGED
@@ -14,7 +14,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
|
|
14
14
|
"foobar"
|
15
15
|
end
|
16
16
|
it "identifier should obtained from the id" do
|
17
|
-
resource.identifier.
|
17
|
+
expect(resource.identifier).to eq("foobar")
|
18
18
|
end
|
19
19
|
end
|
20
20
|
|
@@ -24,11 +24,11 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
|
|
24
24
|
let(:identifier) { p[1] }
|
25
25
|
context "resource_kind" do
|
26
26
|
subject { resource.kind }
|
27
|
-
specify {
|
27
|
+
specify { is_expected.to eq(p[0]) }
|
28
28
|
end
|
29
29
|
context "resource_id" do
|
30
30
|
subject { resource.identifier }
|
31
|
-
specify {
|
31
|
+
specify { is_expected.to eq( p[1] ) }
|
32
32
|
end
|
33
33
|
end
|
34
34
|
end
|
@@ -39,31 +39,31 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
|
|
39
39
|
|
40
40
|
describe '#create' do
|
41
41
|
it "simply puts" do
|
42
|
-
RestClient::Request.
|
42
|
+
expect(RestClient::Request).to receive(:execute).with(
|
43
43
|
method: :put,
|
44
44
|
url: uri,
|
45
45
|
payload: {},
|
46
46
|
headers: {}
|
47
47
|
).and_return "new resource"
|
48
|
-
subject.create.
|
48
|
+
expect(subject.create).to eq("new resource")
|
49
49
|
end
|
50
50
|
end
|
51
51
|
|
52
52
|
describe '#permitted_roles' do
|
53
53
|
it 'gets the list from /roles/allowed_to' do
|
54
|
-
RestClient::Request.
|
54
|
+
expect(RestClient::Request).to receive(:execute).with(
|
55
55
|
method: :get,
|
56
56
|
url: "http://authz.example.com/some-account/roles/allowed_to/nuke/the-kind/resource-id",
|
57
57
|
headers: {}
|
58
58
|
).and_return '["foo", "bar"]'
|
59
59
|
|
60
|
-
subject.permitted_roles("nuke").
|
60
|
+
expect(subject.permitted_roles("nuke")).to eq(['foo', 'bar'])
|
61
61
|
end
|
62
62
|
end
|
63
63
|
|
64
64
|
describe '#give_to' do
|
65
65
|
it "puts the owner field" do
|
66
|
-
RestClient::Request.
|
66
|
+
expect(RestClient::Request).to receive(:execute).with(
|
67
67
|
method: :put,
|
68
68
|
url: uri,
|
69
69
|
payload: {owner: 'new-owner' },
|
@@ -74,39 +74,9 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
|
|
74
74
|
end
|
75
75
|
end
|
76
76
|
|
77
|
-
describe "#exists" do
|
78
|
-
let(:uri) { "#{authz_host}/some-account/resources/the-kind/resource-id" }
|
79
|
-
it "sends HEAD /<resource>" do
|
80
|
-
RestClient::Request.should_receive(:execute).with(
|
81
|
-
method: :head,
|
82
|
-
url: uri,
|
83
|
-
headers: {}
|
84
|
-
)
|
85
|
-
subject.exists?
|
86
|
-
end
|
87
|
-
context "with status 204" do
|
88
|
-
before {
|
89
|
-
subject.stub(:head)
|
90
|
-
}
|
91
|
-
its(:exists?) { should be_true }
|
92
|
-
end
|
93
|
-
context "with status 404" do
|
94
|
-
before {
|
95
|
-
subject.stub(:head) { raise RestClient::ResourceNotFound }
|
96
|
-
}
|
97
|
-
its(:exists?) { should be_false }
|
98
|
-
end
|
99
|
-
context "with status 403" do
|
100
|
-
before {
|
101
|
-
subject.stub(:head) { raise RestClient::Forbidden }
|
102
|
-
}
|
103
|
-
its(:exists?) { should be_true }
|
104
|
-
end
|
105
|
-
end
|
106
|
-
|
107
77
|
describe '#delete' do
|
108
78
|
it 'simply deletes' do
|
109
|
-
RestClient::Request.
|
79
|
+
expect(RestClient::Request).to receive(:execute).with(
|
110
80
|
method: :delete,
|
111
81
|
url: uri,
|
112
82
|
headers: {}
|
@@ -120,7 +90,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
|
|
120
90
|
it 'posts permit for every privilege' do
|
121
91
|
privileges = [:nuke, :fry]
|
122
92
|
privileges.each do |p|
|
123
|
-
RestClient::Request.
|
93
|
+
expect(RestClient::Request).to receive(:execute).with(
|
124
94
|
method: :post,
|
125
95
|
url: uri + "/?permit&privilege=#{p}&role=dr-strangelove",
|
126
96
|
headers: {},
|
@@ -135,7 +105,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
|
|
135
105
|
it 'posts deny for every privilege' do
|
136
106
|
privileges = [:nuke, :fry]
|
137
107
|
privileges.each do |p|
|
138
|
-
RestClient::Request.
|
108
|
+
expect(RestClient::Request).to receive(:execute).with(
|
139
109
|
method: :post,
|
140
110
|
url: uri + "/?deny&privilege=#{p}&role=james-bond",
|
141
111
|
headers: {},
|
@@ -148,7 +118,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
|
|
148
118
|
|
149
119
|
describe '#permitted?' do
|
150
120
|
it 'gets the ?permitted? action' do
|
151
|
-
RestClient::Request.
|
121
|
+
expect(RestClient::Request).to receive(:execute).with(
|
152
122
|
method: :get,
|
153
123
|
url: uri + "/?check=true&privilege=fry",
|
154
124
|
headers: {}
|
@@ -157,33 +127,33 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
|
|
157
127
|
end
|
158
128
|
context "with status 204" do
|
159
129
|
before {
|
160
|
-
subject.
|
130
|
+
allow(subject).to receive_message_chain(:[], :get)
|
161
131
|
}
|
162
132
|
specify {
|
163
|
-
subject.permitted?('fry').
|
133
|
+
expect(subject.permitted?('fry')).to be_truthy
|
164
134
|
}
|
165
135
|
end
|
166
136
|
context "with status 404" do
|
167
137
|
before {
|
168
|
-
subject.
|
138
|
+
allow(subject).to receive_message_chain(:[], :get) { raise RestClient::ResourceNotFound }
|
169
139
|
}
|
170
140
|
specify {
|
171
|
-
subject.permitted?('fry').
|
141
|
+
expect(subject.permitted?('fry')).to be_falsey
|
172
142
|
}
|
173
143
|
end
|
174
144
|
context "with status 403" do
|
175
145
|
before {
|
176
|
-
subject.
|
146
|
+
allow(subject).to receive_message_chain(:[], :get) { raise RestClient::Forbidden }
|
177
147
|
}
|
178
148
|
specify {
|
179
|
-
subject.permitted?('fry').
|
149
|
+
expect(subject.permitted?('fry')).to be_falsey
|
180
150
|
}
|
181
151
|
end
|
182
152
|
end
|
183
153
|
|
184
154
|
describe '.all' do
|
185
155
|
it "calls /account/resources" do
|
186
|
-
RestClient::Request.
|
156
|
+
expect(RestClient::Request).to receive(:execute).with(
|
187
157
|
method: :get,
|
188
158
|
url: "http://authz.example.com/the-account/resources",
|
189
159
|
headers: {}
|
@@ -193,7 +163,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
|
|
193
163
|
end
|
194
164
|
|
195
165
|
it "can filter by kind" do
|
196
|
-
RestClient::Request.
|
166
|
+
expect(RestClient::Request).to receive(:execute).with(
|
197
167
|
method: :get,
|
198
168
|
url: "http://authz.example.com/the-account/resources/chunky",
|
199
169
|
headers: {}
|
@@ -204,17 +174,17 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
|
|
204
174
|
end
|
205
175
|
|
206
176
|
it "passes search, limit, and offset params" do
|
207
|
-
RestClient::Request.
|
177
|
+
expect(RestClient::Request).to receive(:execute).with(
|
208
178
|
method: :get,
|
209
179
|
# Note that to_query sorts the keys
|
210
180
|
url: "http://authz.example.com/the-account/resources?limit=5&offset=6&search=something",
|
211
181
|
headers: {}
|
212
182
|
).and_return '["foo", "bar"]'
|
213
|
-
Conjur::Resource.all(host: authz_host, account: account, search: 'something', limit:5, offset:6).
|
183
|
+
expect(Conjur::Resource.all(host: authz_host, account: account, search: 'something', limit:5, offset:6)).to eq(%w(foo bar))
|
214
184
|
end
|
215
185
|
|
216
186
|
it "uses the given authz url" do
|
217
|
-
RestClient::Request.
|
187
|
+
expect(RestClient::Request).to receive(:execute).with(
|
218
188
|
method: :get,
|
219
189
|
url: "http://otherhost.example.com/the-account/resources",
|
220
190
|
headers: {}
|