conjur-api 4.10.1 → 4.10.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/Gemfile +0 -4
- data/conjur-api.gemspec +3 -1
- data/lib/conjur-api/version.rb +1 -1
- data/lib/conjur/base.rb +21 -4
- data/lib/conjur/configuration.rb +1 -6
- data/lib/conjur/resource.rb +1 -11
- data/spec/api/authn_spec.rb +11 -11
- data/spec/api/hosts_spec.rb +3 -3
- data/spec/api/layer_spec.rb +1 -1
- data/spec/api/pubkeys_spec.rb +4 -4
- data/spec/api/resources_spec.rb +5 -5
- data/spec/api/roles_spec.rb +6 -2
- data/spec/api/users_spec.rb +4 -4
- data/spec/api/variables_spec.rb +10 -10
- data/spec/lib/annotations_spec.rb +17 -17
- data/spec/lib/api_spec.rb +118 -59
- data/spec/lib/asset_spec.rb +11 -11
- data/spec/lib/audit_spec.rb +4 -4
- data/spec/lib/build_from_response_spec.rb +7 -7
- data/spec/lib/configuration_spec.rb +109 -49
- data/spec/lib/deputy_spec.rb +19 -6
- data/spec/lib/exists_spec.rb +15 -13
- data/spec/lib/host_spec.rb +10 -3
- data/spec/lib/log_source_spec.rb +1 -1
- data/spec/lib/log_spec.rb +5 -5
- data/spec/lib/resource_spec.rb +23 -53
- data/spec/lib/role_grant_spec.rb +3 -3
- data/spec/lib/role_spec.rb +54 -34
- data/spec/lib/standard_methods_spec.rb +15 -15
- data/spec/lib/user_spec.rb +32 -12
- data/spec/spec_helper.rb +9 -10
- data/spec/standard_methods_helper.rb +6 -6
- data/spec/variable_spec.rb +12 -7
- metadata +36 -14
- data/.rspec +0 -2
data/spec/lib/role_grant_spec.rb
CHANGED
@@ -4,9 +4,9 @@ describe Conjur::RoleGrant, api: :dummy do
|
|
4
4
|
describe '::parse_from_json' do
|
5
5
|
it "creates member and grantor roles" do
|
6
6
|
rg = Conjur::RoleGrant::parse_from_json({member: 'acc:k:r', grantor: 'acc:k:g', admin_option: true}.stringify_keys, {})
|
7
|
-
rg.member.url.
|
8
|
-
rg.grantor.url.
|
9
|
-
rg.admin_option.
|
7
|
+
expect(rg.member.url).to eq("#{authz_host}/acc/roles/k/r")
|
8
|
+
expect(rg.grantor.url).to eq("#{authz_host}/acc/roles/k/g")
|
9
|
+
expect(rg.admin_option).to eq(true)
|
10
10
|
end
|
11
11
|
end
|
12
12
|
end
|
data/spec/lib/role_spec.rb
CHANGED
@@ -10,15 +10,35 @@ describe Conjur::Role, api: :dummy do
|
|
10
10
|
describe ".new" do
|
11
11
|
context "with plain id" do
|
12
12
|
let(:id) { "foo" }
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
|
14
|
+
describe '#options' do
|
15
|
+
subject { super().options }
|
16
|
+
it {}
|
17
|
+
end
|
18
|
+
|
19
|
+
describe '#kind' do
|
20
|
+
subject { super().kind }
|
21
|
+
it { is_expected.to eq(kind) }
|
22
|
+
end
|
23
|
+
|
24
|
+
describe '#id' do
|
25
|
+
subject { super().id }
|
26
|
+
it { is_expected.to eq(id) }
|
27
|
+
end
|
16
28
|
end
|
17
29
|
|
18
30
|
context "with more complex id" do
|
19
31
|
let(:id) { "foo/bar" }
|
20
|
-
|
21
|
-
|
32
|
+
|
33
|
+
describe '#kind' do
|
34
|
+
subject { super().kind }
|
35
|
+
it { is_expected.to eq(kind) }
|
36
|
+
end
|
37
|
+
|
38
|
+
describe '#id' do
|
39
|
+
subject { super().id }
|
40
|
+
it { is_expected.to eq(id) }
|
41
|
+
end
|
22
42
|
end
|
23
43
|
end
|
24
44
|
|
@@ -27,37 +47,37 @@ describe Conjur::Role, api: :dummy do
|
|
27
47
|
describe "#grant_to" do
|
28
48
|
it "should take hash as the second argument and put it" do
|
29
49
|
members = double "members request"
|
30
|
-
subject.
|
31
|
-
members.
|
50
|
+
expect(subject).to receive(:[]).with('?members&member=other').and_return(members)
|
51
|
+
expect(members).to receive(:put).with admin_option: true
|
32
52
|
subject.grant_to "other", admin_option: true
|
33
53
|
end
|
34
54
|
|
35
55
|
it "works without arguments" do
|
36
56
|
members = double "members request"
|
37
|
-
subject.
|
38
|
-
members.
|
57
|
+
expect(subject).to receive(:[]).with('?members&member=other').and_return(members)
|
58
|
+
expect(members).to receive(:put).with({})
|
39
59
|
subject.grant_to "other"
|
40
60
|
end
|
41
61
|
|
42
62
|
it "converts an object to roleid" do
|
43
63
|
members = double "members request"
|
44
|
-
subject.
|
45
|
-
members.
|
64
|
+
expect(subject).to receive(:[]).with('?members&member=other').and_return(members)
|
65
|
+
expect(members).to receive(:put).with({})
|
46
66
|
require 'ostruct'
|
47
67
|
subject.grant_to OpenStruct.new(roleid: "other")
|
48
68
|
end
|
49
69
|
|
50
70
|
it "converts an Array to roleid" do
|
51
71
|
members = double "members request"
|
52
|
-
subject.
|
53
|
-
members.
|
72
|
+
expect(subject).to receive(:[]).with('?members&member=other').and_return(members)
|
73
|
+
expect(members).to receive(:put).with({})
|
54
74
|
subject.grant_to %w(other)
|
55
75
|
end
|
56
76
|
end
|
57
77
|
|
58
78
|
describe '#create' do
|
59
79
|
it 'simply puts' do
|
60
|
-
RestClient::Request.
|
80
|
+
expect(RestClient::Request).to receive(:execute).with(
|
61
81
|
method: :put,
|
62
82
|
url: url,
|
63
83
|
payload: {},
|
@@ -70,29 +90,29 @@ describe Conjur::Role, api: :dummy do
|
|
70
90
|
describe '#all' do
|
71
91
|
it 'returns roles for ids got from ?all' do
|
72
92
|
roles = ['foo:k:bar', 'baz:k:xyzzy']
|
73
|
-
RestClient::Request.
|
93
|
+
expect(RestClient::Request).to receive(:execute).with(
|
74
94
|
method: :get,
|
75
95
|
url: role.url + "/?all",
|
76
96
|
headers: {}
|
77
97
|
).and_return roles.to_json
|
78
98
|
all = role.all
|
79
|
-
all[0].account.
|
80
|
-
all[0].id.
|
81
|
-
all[1].account.
|
82
|
-
all[1].id.
|
99
|
+
expect(all[0].account).to eq('foo')
|
100
|
+
expect(all[0].id).to eq('bar')
|
101
|
+
expect(all[1].account).to eq('baz')
|
102
|
+
expect(all[1].id).to eq('xyzzy')
|
83
103
|
end
|
84
104
|
|
85
105
|
describe "filter param" do
|
86
106
|
it "applies #cast to the filter" do
|
87
107
|
filter = %w(foo bar)
|
88
|
-
filter.each{ |e| subject.
|
89
|
-
RestClient::Request.
|
108
|
+
filter.each{ |e| expect(subject).to receive(:cast).with(e, :roleid).and_return e }
|
109
|
+
allow(RestClient::Request).to receive_messages execute: [].to_json
|
90
110
|
role.all filter: filter
|
91
111
|
end
|
92
112
|
|
93
113
|
def self.it_passes_the_filter_as(query_string)
|
94
114
|
it "calls ?all&#{query_string}" do
|
95
|
-
RestClient::Request.
|
115
|
+
expect(RestClient::Request).to receive(:execute).with(
|
96
116
|
method: :get,
|
97
117
|
url: role.url + "/?all&#{query_string}",
|
98
118
|
headers:{}
|
@@ -116,22 +136,22 @@ describe Conjur::Role, api: :dummy do
|
|
116
136
|
|
117
137
|
describe '#member_of?' do
|
118
138
|
it 'calls #all with :filter=>id and returns true if the result is non-empty' do
|
119
|
-
role.
|
120
|
-
role.member_of?('the filter').
|
121
|
-
role.
|
122
|
-
role.member_of?('the filter').
|
139
|
+
expect(role).to receive(:all).with(filter: 'the filter').and_return ['an id']
|
140
|
+
expect(role.member_of?('the filter')).to be_truthy
|
141
|
+
expect(role).to receive(:all).with(filter: 'the filter').and_return []
|
142
|
+
expect(role.member_of?('the filter')).to be_falsey
|
123
143
|
end
|
124
144
|
|
125
145
|
it "accepts a Role" do
|
126
146
|
other = double('Role', roleid: 'foo')
|
127
|
-
role.
|
147
|
+
expect(role).to receive(:all).with(filter: other.roleid).and_return []
|
128
148
|
role.member_of?(other)
|
129
149
|
end
|
130
150
|
end
|
131
151
|
|
132
152
|
describe '#revoke_from' do
|
133
153
|
it 'deletes member' do
|
134
|
-
RestClient::Request.
|
154
|
+
expect(RestClient::Request).to receive(:execute).with(
|
135
155
|
method: :delete,
|
136
156
|
url: role.url + "/?members&member=the-member",
|
137
157
|
headers: {}
|
@@ -142,7 +162,7 @@ describe Conjur::Role, api: :dummy do
|
|
142
162
|
|
143
163
|
describe '#permitted?' do
|
144
164
|
before do
|
145
|
-
RestClient::Request.
|
165
|
+
allow(RestClient::Request).to receive(:execute).with(
|
146
166
|
method: :get,
|
147
167
|
url: role.url + "/?check&resource_id=chunky:bacon&privilege=fry",
|
148
168
|
headers: {}
|
@@ -152,14 +172,14 @@ describe Conjur::Role, api: :dummy do
|
|
152
172
|
context "when get ?check is successful" do
|
153
173
|
let(:result) { :ok }
|
154
174
|
it "returns true" do
|
155
|
-
role.permitted?('chunky:bacon', 'fry').
|
175
|
+
expect(role.permitted?('chunky:bacon', 'fry')).to be_truthy
|
156
176
|
end
|
157
177
|
end
|
158
178
|
|
159
179
|
context "when get ?check not found" do
|
160
180
|
let(:result) { raise RestClient::ResourceNotFound, 'foo' }
|
161
181
|
it "returns false" do
|
162
|
-
role.permitted?('chunky:bacon', 'fry').
|
182
|
+
expect(role.permitted?('chunky:bacon', 'fry')).to be_falsey
|
163
183
|
end
|
164
184
|
end
|
165
185
|
end
|
@@ -167,16 +187,16 @@ describe Conjur::Role, api: :dummy do
|
|
167
187
|
describe '#members' do
|
168
188
|
it "gets ?members and turns each into RoleGrant" do
|
169
189
|
grants = %w(foo bar)
|
170
|
-
RestClient::Request.
|
190
|
+
expect(RestClient::Request).to receive(:execute).with(
|
171
191
|
method: :get,
|
172
192
|
url: role.url + "/?members",
|
173
193
|
headers: {}
|
174
194
|
).and_return grants.to_json
|
175
195
|
grants.each do |g|
|
176
|
-
Conjur::RoleGrant.
|
196
|
+
expect(Conjur::RoleGrant).to receive(:parse_from_json).with(g, {}).and_return g
|
177
197
|
end
|
178
198
|
|
179
|
-
subject.members.
|
199
|
+
expect(subject.members).to eq(grants)
|
180
200
|
end
|
181
201
|
end
|
182
202
|
end
|
@@ -13,9 +13,9 @@ describe Conjur::StandardMethods do
|
|
13
13
|
|
14
14
|
before do
|
15
15
|
subject.extend Conjur::StandardMethods
|
16
|
-
subject.
|
17
|
-
RestClient::Resource.
|
18
|
-
rest_resource.
|
16
|
+
allow(subject).to receive(:fully_escape){|x|x}
|
17
|
+
allow(RestClient::Resource).to receive(:new).with(host, credentials).and_return rest_resource
|
18
|
+
allow(rest_resource).to receive(:[]).with('widgets').and_return subresource
|
19
19
|
stub_const 'Conjur::Widget', widget_class
|
20
20
|
end
|
21
21
|
|
@@ -27,12 +27,12 @@ describe Conjur::StandardMethods do
|
|
27
27
|
let(:widget) { double "widget" }
|
28
28
|
|
29
29
|
before do
|
30
|
-
subresource.
|
31
|
-
widget_class.
|
30
|
+
allow(subresource).to receive(:post).with(options.merge(id: id)).and_return response
|
31
|
+
allow(widget_class).to receive(:build_from_response).with(response, credentials).and_return widget
|
32
32
|
end
|
33
33
|
|
34
34
|
it "uses restclient to post data and creates an object of the response" do
|
35
|
-
subject.send(:standard_create, host, type, id, options).
|
35
|
+
expect(subject.send(:standard_create, host, type, id, options)).to eq(widget)
|
36
36
|
end
|
37
37
|
end
|
38
38
|
|
@@ -42,25 +42,25 @@ describe Conjur::StandardMethods do
|
|
42
42
|
let(:json) { attrs.to_json }
|
43
43
|
|
44
44
|
before do
|
45
|
-
subresource.
|
45
|
+
allow(subresource).to receive(:get).with(options).and_return json
|
46
46
|
end
|
47
47
|
|
48
48
|
it "gets the list, then builds objects from json response" do
|
49
|
-
subject.
|
50
|
-
one.
|
51
|
-
subject.
|
52
|
-
two.
|
49
|
+
expect(subject).to receive(:widget).with('one').and_return(one = double)
|
50
|
+
expect(one).to receive(:attributes=).with(attrs[0].stringify_keys)
|
51
|
+
expect(subject).to receive(:widget).with('two').and_return(two = double)
|
52
|
+
expect(two).to receive(:attributes=).with(attrs[1].stringify_keys)
|
53
53
|
|
54
|
-
subject.send(:standard_list, host, type, options).
|
54
|
+
expect(subject.send(:standard_list, host, type, options)).to eq([one, two])
|
55
55
|
end
|
56
56
|
end
|
57
57
|
|
58
58
|
describe "#standard_show" do
|
59
59
|
let(:id) { "some-id" }
|
60
60
|
it "builds a path and returns indexed object" do
|
61
|
-
widget_class.
|
62
|
-
bound.
|
63
|
-
subject.send(:standard_show, host, type, id).
|
61
|
+
allow(widget_class).to receive(:new).with(host, credentials).and_return(bound = double)
|
62
|
+
allow(bound).to receive(:[]) { |x| "path: #{x}" }
|
63
|
+
expect(subject.send(:standard_show, host, type, id)).to eq("path: widgets/some-id")
|
64
64
|
end
|
65
65
|
end
|
66
66
|
end
|
data/spec/lib/user_spec.rb
CHANGED
@@ -9,28 +9,48 @@ describe Conjur::User do
|
|
9
9
|
let(:user) { Conjur::User.new(url, credentials)}
|
10
10
|
describe "attributes" do
|
11
11
|
subject { user }
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
12
|
+
|
13
|
+
describe '#id' do
|
14
|
+
subject { super().id }
|
15
|
+
it { is_expected.to eq(login) }
|
16
|
+
end
|
17
|
+
|
18
|
+
describe '#login' do
|
19
|
+
subject { super().login }
|
20
|
+
it { is_expected.to eq(login) }
|
21
|
+
end
|
22
|
+
|
23
|
+
describe '#resource_id' do
|
24
|
+
subject { super().resource_id }
|
25
|
+
it { is_expected.to eq(login) }
|
26
|
+
end
|
27
|
+
|
28
|
+
describe '#resource_kind' do
|
29
|
+
subject { super().resource_kind }
|
30
|
+
it { is_expected.to eq("user") }
|
31
|
+
end
|
32
|
+
|
33
|
+
describe '#options' do
|
34
|
+
subject { super().options }
|
35
|
+
it { is_expected.to eq(credentials) }
|
36
|
+
end
|
17
37
|
specify {
|
18
|
-
|
38
|
+
expect { user.roleid }.to raise_error
|
19
39
|
}
|
20
40
|
end
|
21
41
|
it "connects to a Resource" do
|
22
42
|
require 'conjur/resource'
|
23
|
-
Conjur::Core::API.
|
24
|
-
Conjur::Resource.
|
25
|
-
resource.
|
43
|
+
expect(Conjur::Core::API).to receive(:conjur_account).and_return 'ci'
|
44
|
+
expect(Conjur::Resource).to receive(:new).with(Conjur::Authz::API.host, credentials).and_return resource = double(:resource)
|
45
|
+
expect(resource).to receive(:[]).with("ci/resources/user/the-login")
|
26
46
|
|
27
47
|
user.resource
|
28
48
|
end
|
29
49
|
it "connects to a Role" do
|
30
50
|
require 'conjur/role'
|
31
|
-
Conjur::Core::API.
|
32
|
-
Conjur::Role.
|
33
|
-
role.
|
51
|
+
expect(Conjur::Core::API).to receive(:conjur_account).and_return 'ci'
|
52
|
+
expect(Conjur::Role).to receive(:new).with(Conjur::Authz::API.host, credentials).and_return role = double(:role)
|
53
|
+
expect(role).to receive(:[]).with("ci/roles/user/the-login")
|
34
54
|
|
35
55
|
user.role
|
36
56
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -22,7 +22,6 @@ Spork.prefork do
|
|
22
22
|
#require 'webrat/integrations/rspec-rails'
|
23
23
|
|
24
24
|
RSpec.configure do |config|
|
25
|
-
config.treat_symbols_as_metadata_keys_with_true_values = true
|
26
25
|
config.before do
|
27
26
|
# test with a clean environment
|
28
27
|
stub_const 'ENV', 'CONJUR_ENV' => 'test'
|
@@ -78,12 +77,12 @@ Spork.each_run do
|
|
78
77
|
end
|
79
78
|
|
80
79
|
shared_examples_for "http response" do
|
81
|
-
let(:http_response) {
|
80
|
+
let(:http_response) { double(:response) }
|
82
81
|
|
83
82
|
before(:each) do
|
84
|
-
http_response.
|
85
|
-
http_response.
|
86
|
-
http_response.
|
83
|
+
allow(http_response).to receive(:code).and_return 200
|
84
|
+
allow(http_response).to receive(:message).and_return nil
|
85
|
+
allow(http_response).to receive(:body).and_return http_json.to_json
|
87
86
|
end
|
88
87
|
end
|
89
88
|
|
@@ -108,12 +107,12 @@ shared_context api: :dummy do
|
|
108
107
|
let(:account) { 'the-account' }
|
109
108
|
|
110
109
|
before do
|
111
|
-
Conjur::Authz::API.
|
112
|
-
Conjur::Core::API.
|
113
|
-
Conjur::Core::API.
|
114
|
-
Conjur::Audit::API.
|
110
|
+
allow(Conjur::Authz::API).to receive_messages host: authz_host
|
111
|
+
allow(Conjur::Core::API).to receive_messages host: core_host
|
112
|
+
allow(Conjur::Core::API).to receive_messages conjur_account: account
|
113
|
+
allow(Conjur::Audit::API).to receive_messages host:audit_host
|
115
114
|
Conjur.configuration.set :account, account
|
116
|
-
api.
|
115
|
+
allow(api).to receive_messages credentials: credentials
|
117
116
|
end
|
118
117
|
end
|
119
118
|
|
@@ -4,27 +4,27 @@ end
|
|
4
4
|
|
5
5
|
shared_examples_for 'standard_create with' do |type, id, options|
|
6
6
|
it "calls through to standard_create" do
|
7
|
-
subject.
|
7
|
+
expect(subject).to receive(:standard_create).with(
|
8
8
|
core_host, type, id, options
|
9
9
|
).and_return :response
|
10
|
-
invoke.
|
10
|
+
expect(invoke).to eq(:response)
|
11
11
|
end
|
12
12
|
end
|
13
13
|
|
14
14
|
shared_examples_for 'standard_list with' do |type, options|
|
15
15
|
it "calls through to standard_list" do
|
16
|
-
subject.
|
16
|
+
expect(subject).to receive(:standard_list).with(
|
17
17
|
core_host, type, options
|
18
18
|
).and_return :response
|
19
|
-
invoke.
|
19
|
+
expect(invoke).to eq(:response)
|
20
20
|
end
|
21
21
|
end
|
22
22
|
|
23
23
|
shared_examples_for 'standard_show with' do |type, id|
|
24
24
|
it "calls through to standard_show" do
|
25
|
-
subject.
|
25
|
+
expect(subject).to receive(:standard_show).with(
|
26
26
|
core_host, type, id
|
27
27
|
).and_return :response
|
28
|
-
invoke.
|
28
|
+
expect(invoke).to eq(:response)
|
29
29
|
end
|
30
30
|
end
|
data/spec/variable_spec.rb
CHANGED
@@ -2,14 +2,19 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
describe Conjur::Variable do
|
4
4
|
let(:url) { "http://example.com/variable" }
|
5
|
-
subject { Conjur::Variable.new url }
|
5
|
+
subject(:variable) { Conjur::Variable.new url }
|
6
6
|
|
7
7
|
before { subject.attributes = {'versions' => 42} }
|
8
|
-
|
8
|
+
|
9
|
+
describe '#version_count' do
|
10
|
+
it "is read from the attributes" do
|
11
|
+
expect(variable.version_count).to eq(42)
|
12
|
+
end
|
13
|
+
end
|
9
14
|
|
10
15
|
describe '#add_value' do
|
11
16
|
it "posts the new value" do
|
12
|
-
RestClient::Request.
|
17
|
+
expect(RestClient::Request).to receive(:execute).with(
|
13
18
|
method: :post,
|
14
19
|
url: "#{url}/values",
|
15
20
|
payload: { value: 'new-value' },
|
@@ -21,21 +26,21 @@ describe Conjur::Variable do
|
|
21
26
|
|
22
27
|
describe '#value' do
|
23
28
|
it "gets the value" do
|
24
|
-
RestClient::Request.
|
29
|
+
allow(RestClient::Request).to receive(:execute).with(
|
25
30
|
method: :get,
|
26
31
|
url: "#{url}/value",
|
27
32
|
headers: {}
|
28
33
|
).and_return(double "response", body: "the-value")
|
29
|
-
subject.value.
|
34
|
+
expect(subject.value).to eq("the-value")
|
30
35
|
end
|
31
36
|
|
32
37
|
it "parametrizes the request with a version" do
|
33
|
-
RestClient::Request.
|
38
|
+
allow(RestClient::Request).to receive(:execute).with(
|
34
39
|
method: :get,
|
35
40
|
url: "#{url}/value?version=42",
|
36
41
|
headers: {}
|
37
42
|
).and_return(double "response", body: "the-value")
|
38
|
-
subject.value(42).
|
43
|
+
expect(subject.value(42)).to eq("the-value")
|
39
44
|
end
|
40
45
|
end
|
41
46
|
end
|