conjur-api 4.13.0 → 4.14.0

data/spec/lib/annotations_spec.rb

@@ -1,6 +1,9 @@
 require 'spec_helper'
+require 'helpers/request_helpers'
 
 describe Conjur::Annotations do
+  include RequestHelpers
+
   let(:identifier){ 'the-resource-id' }
   let(:kind){ 'some-kind' }
   let(:account){ 'the-account' }
@@ -23,7 +26,7 @@ describe Conjur::Annotations do
   let(:url){ "#{Conjur::Authz::API.host}/#{account}/annotations/#{kind}/#{identifier}" }
 
   def expect_put_request url, payload
-    expect(RestClient::Request).to receive(:execute).with(
+    expect_request(
       method: :put,
       headers: {},
       url: url,
@@ -102,4 +105,4 @@ describe Conjur::Annotations do
     end
   end
   
-end
+end

data/spec/lib/audit_spec.rb

@@ -11,8 +11,8 @@ describe Conjur::API, api: :dummy do
     let(:expected_path){ nil }
     let(:expected_url){ "#{Conjur::Audit::API.host}/#{expected_path}#{query}" }
     
-    def expect_request
-      expect(RestClient::Request).to receive(:execute).with(
+    def expect_json_request
+      expect_request(
         headers: credentials[:headers],
         url: expected_url,
         method: :get
@@ -27,7 +27,7 @@ describe Conjur::API, api: :dummy do
       
       shared_examples_for "gets all visible events" do
         it "GETs /" do
-          expect_request
+          expect_json_request
           expect(api.audit(*full_args)).to eq(response)
         end
       end
@@ -51,7 +51,7 @@ describe Conjur::API, api: :dummy do
       let(:full_args){ include_options ? args + [options] : args }
       shared_examples_for "gets roles feed" do
         it "GETs roles/:role_id" do
-          expect_request
+          expect_json_request
           expect(api.audit_role(*full_args)).to eq(response)
         end
       end
@@ -82,7 +82,7 @@ describe Conjur::API, api: :dummy do
       let(:full_args){ include_options ? args + [options] : args }
       shared_examples_for "gets the resource feed" do
         it "GETS resources/:resource_id" do
-          expect_request
+          expect_json_request
           expect(api.audit_resource(*full_args)).to eq(response)
         end
       end

data/spec/lib/group_spec.rb

@@ -6,7 +6,7 @@ describe Conjur::Group, api: :dummy do
 
   describe '#update' do
     it "PUTs to /groups/:id" do
-      expect(RestClient::Request).to receive(:execute).with(
+      expect_request(
         method: :put,
         url: "#{core_host}/groups/#{api.fully_escape(id)}",
         headers: credentials[:headers],

data/spec/lib/resource_spec.rb

@@ -39,7 +39,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
 
   describe '#create' do
     it "simply puts" do
-      expect(RestClient::Request).to receive(:execute).with(
+      expect_request(
         method: :put,
         url: uri,
         payload: {},
@@ -51,7 +51,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
 
   describe '#permitted_roles' do
     it 'gets the list from /roles/allowed_to' do
-      expect(RestClient::Request).to receive(:execute).with(
+      expect_request(
         method: :get,
         url: "http://authz.example.com/some-account/roles/allowed_to/nuke/the-kind/resource-id",
         headers: {}
@@ -63,7 +63,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
 
   describe '#give_to' do
     it "puts the owner field" do
-      expect(RestClient::Request).to receive(:execute).with(
+      expect_request(
         method: :put,
         url: uri,
         payload: {owner: 'new-owner' },
@@ -76,7 +76,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
 
   describe '#delete' do
     it 'simply deletes' do
-      expect(RestClient::Request).to receive(:execute).with(
+      expect_request(
         method: :delete,
         url: uri,
         headers: {}
@@ -90,7 +90,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
     it 'posts permit for every privilege' do
       privileges = [:nuke, :fry]
       privileges.each do |p|
-        expect(RestClient::Request).to receive(:execute).with(
+        expect_request(
           method: :post,
           url: uri + "/?permit&privilege=#{p}&role=dr-strangelove",
           headers: {},
@@ -105,7 +105,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
     it 'posts deny for every privilege' do
       privileges = [:nuke, :fry]
       privileges.each do |p|
-        expect(RestClient::Request).to receive(:execute).with(
+        expect_request(
           method: :post,
           url: uri + "/?deny&privilege=#{p}&role=james-bond",
           headers: {},
@@ -118,7 +118,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
 
   describe '#permitted?' do
     it 'gets the ?permitted? action' do
-      expect(RestClient::Request).to receive(:execute).with(
+      expect_request(
         method: :get,
         url: uri + "/?check=true&privilege=fry",
         headers: {}
@@ -153,7 +153,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
 
   describe '.all' do
     it "calls /account/resources" do
-      expect(RestClient::Request).to receive(:execute).with(
+      expect_request(
         method: :get,
         url: "http://authz.example.com/the-account/resources",
         headers: {}
@@ -163,7 +163,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
     end
 
     it "can filter by kind" do
-      expect(RestClient::Request).to receive(:execute).with(
+      expect_request(
         method: :get,
         url: "http://authz.example.com/the-account/resources/chunky",
         headers: {}
@@ -174,7 +174,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
     end
     
     it "passes search, limit, and offset params" do
-      expect(RestClient::Request).to receive(:execute).with(
+      expect_request(
         method: :get,
         # Note that to_query sorts the keys
         url: "http://authz.example.com/the-account/resources?limit=5&offset=6&search=something",
@@ -184,7 +184,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
     end
 
     it "uses the given authz url" do
-      expect(RestClient::Request).to receive(:execute).with(
+      expect_request(
         method: :get,
         url: "http://otherhost.example.com/the-account/resources",
         headers: {}

data/spec/lib/role_spec.rb

@@ -1,4 +1,5 @@
 require 'spec_helper'
+require 'standard_methods_helper'
 
 describe Conjur::Role, api: :dummy do
   let(:account) { "the-account" }
@@ -77,7 +78,7 @@ describe Conjur::Role, api: :dummy do
 
   describe '#create' do
     it 'simply puts' do
-      expect(RestClient::Request).to receive(:execute).with(
+      expect_request(
         method: :put,
         url: url,
         payload: {},
@@ -90,7 +91,7 @@ describe Conjur::Role, api: :dummy do
   describe '#all' do
     it 'returns roles for ids got from ?all' do
       roles = ['foo:k:bar', 'baz:k:xyzzy'] 
-      expect(RestClient::Request).to receive(:execute).with(
+      expect_request(
         method: :get,
         url: role.url + "/?all",
         headers: {}
@@ -112,7 +113,7 @@ describe Conjur::Role, api: :dummy do
       
       def self.it_passes_the_filter_as(query_string)
         it "calls ?all&#{query_string}" do
-          expect(RestClient::Request).to receive(:execute).with(
+          expect_request(
             method: :get,
             url: role.url + "/?all&#{query_string}",
             headers:{}
@@ -151,7 +152,7 @@ describe Conjur::Role, api: :dummy do
 
   describe '#revoke_from' do
     it 'deletes member' do
-      expect(RestClient::Request).to receive(:execute).with(
+      expect_request(
         method: :delete,
         url: role.url + "/?members&member=the-member",
         headers: {}
@@ -162,7 +163,7 @@ describe Conjur::Role, api: :dummy do
 
   describe '#permitted?' do
     before do
-      allow(RestClient::Request).to receive(:execute).with(
+      allow_request(
         method: :get,
         url: role.url + "/?check&resource_id=chunky:bacon&privilege=fry",
         headers: {}
@@ -187,13 +188,13 @@ describe Conjur::Role, api: :dummy do
   describe '#members' do
     it "gets ?members and turns each into RoleGrant" do
       grants = %w(foo bar)
-      expect(RestClient::Request).to receive(:execute).with(
+      expect_request(
         method: :get,
         url: role.url + "/?members",
         headers: {}
       ).and_return grants.to_json
       grants.each do |g|
-        expect(Conjur::RoleGrant).to receive(:parse_from_json).with(g, {}).and_return g
+        expect(Conjur::RoleGrant).to receive(:parse_from_json).with(g, anything).and_return g
       end
 
       expect(subject.members).to eq(grants)

data/spec/lib/user_spec.rb

@@ -32,7 +32,7 @@ describe Conjur::User do
 
       describe '#options' do
         subject { super().options }
-        it { is_expected.to eq(credentials) }
+        it { is_expected.to match(hash_including credentials) }
       end
       specify {
         expect { user.roleid }.to raise_error
@@ -41,7 +41,9 @@ describe Conjur::User do
     it "connects to a Resource" do
       require 'conjur/resource'
       expect(Conjur::Core::API).to receive(:conjur_account).and_return 'ci'
-      expect(Conjur::Resource).to receive(:new).with(Conjur::Authz::API.host, credentials).and_return resource = double(:resource)
+      expect(Conjur::Resource).to receive(:new).with(
+        Conjur::Authz::API.host, hash_including(credentials)
+      ).and_return resource = double(:resource)
       expect(resource).to receive(:[]).with("ci/resources/user/the-login")
       
       user.resource
@@ -49,7 +51,9 @@ describe Conjur::User do
     it "connects to a Role" do
       require 'conjur/role'
       expect(Conjur::Core::API).to receive(:conjur_account).and_return 'ci'
-      expect(Conjur::Role).to receive(:new).with(Conjur::Authz::API.host, credentials).and_return role = double(:role)
+      expect(Conjur::Role).to receive(:new).with(
+        Conjur::Authz::API.host, hash_including(credentials)
+      ).and_return role = double(:role)
       expect(role).to receive(:[]).with("ci/roles/user/the-login")
       
       user.role

data/spec/ssl_spec.rb

@@ -0,0 +1,85 @@
+require 'active_support'
+require 'spec_helper'
+
+require 'helpers/errors_matcher'
+
+require 'webrick'
+require 'webrick/https'
+
+describe 'SSL connection' do
+  context 'with an untrusted certificate' do
+    it 'fails' do
+      expect { Conjur::API.login 'foo', 'bar' }.to \
+          raise_one_of(RestClient::SSLCertificateNotVerified, OpenSSL::SSL::SSLError)
+    end
+  end
+
+  context 'with certificate added to the default OpenSSL cert store' do
+    before do
+      store = OpenSSL::X509::Store.new
+      store.add_cert cert
+      stub_const 'OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE', store
+    end
+
+    it 'works' do
+      expect { Conjur::API.login 'foo', 'bar' }.to raise_error RestClient::ResourceNotFound
+    end
+  end
+
+  let(:port) { 54_128 }
+
+  before do
+    allow(Conjur::Authn::API).to receive(:host).and_return "https://localhost:#{port}"
+  end
+
+  around do |example|
+    server = WEBrick::HTTPServer.new \
+        Port: port, SSLEnable: true,
+        AccessLog: [], Logger: Logger.new('/dev/null'), # shut up, WEBrick
+        SSLCertificate: cert, SSLPrivateKey: key
+    server_thread = Thread.new do
+      server.start
+    end
+    WebMock.disable!
+    example.run
+    WebMock.enable!
+    server.shutdown
+    server_thread.join
+  end
+
+  let(:cert) do
+    OpenSSL::X509::Certificate.new """
+      -----BEGIN CERTIFICATE-----
+      MIIBpDCCAQ2gAwIBAgIJALVPXQuF0w39MA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
+      BAMMCWxvY2FsaG9zdDAeFw0xNTAyMTQxNTE0MDFaFw0yNTAyMTExNTE0MDFaMBQx
+      EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+      n+IqEsmbuZk7E2GdPZpBxETjXC+dGze5XlZHPyKviekQ9sachAsBWApVrjM2QDtf
+      KOwa6GuBqGQ0bdl4Ui7I0CIGB4a0UJHU/EvuDhI1cTzAVVWemW1QaqKxI/2xDgs9
+      bqY471iVirRiSYD+6lm2pFYqOnnR/d+QKIMXhPOi0DMCAwEAATANBgkqhkiG9w0B
+      AQsFAAOBgQCSPchDKAiVPNJlRkaY9KPIXfPbFX6h/+ilJRl1xtHqY+y4SxURbnU0
+      fbYVnapKiuMnrnxTWXwl1z1iMbuuzjUC0RDz8F9pZkQ9IJpBSOaSfyUmk1JrrBRU
+      INyaxnJjtc7YIzW1Yz7+aKtzZAQuFXNhiQa+CIIGeWrpzbExo2ce3Q==
+      -----END CERTIFICATE-----
+    """.lines.map(&:strip).join("\n")
+  end
+
+  let(:key) do
+    OpenSSL::PKey.read """
+      -----BEGIN RSA PRIVATE KEY-----
+      MIICXAIBAAKBgQCf4ioSyZu5mTsTYZ09mkHERONcL50bN7leVkc/Iq+J6RD2xpyE
+      CwFYClWuMzZAO18o7Broa4GoZDRt2XhSLsjQIgYHhrRQkdT8S+4OEjVxPMBVVZ6Z
+      bVBqorEj/bEOCz1upjjvWJWKtGJJgP7qWbakVio6edH935AogxeE86LQMwIDAQAB
+      AoGAUCDb7zCFUB4gglUgpfgCT+gqflAKj9J8n2/kIxsyGI7rBpKBbJfLY6FCUZyu
+      6sAWr/6seaEviQI3WHpuF9oEn6gzb1XWpKH7h9ZAu5O2sscdrc5MrpFmBvGjMBnd
+      80u/TcsDHX453QbPgqOJTi+Qt15Y+Ot/iE8ccQjW6pMPiCECQQDLQvNekVF7YJ9e
+      iJNZSJMcx2c9hjAuywm/jPX+57k0xRlxGKCQxyujmxDfztDYU9kHMRHknbxz0sFr
+      0Vkaxo1DAkEAyV3z6vvTtUx7R5IYOUkZqIfeQ6k6ZItQoZdZPKoBW0s7QhqvJyZN
+      qeYJMaFR87A6273LwhpXZTvQwSYUUw6KUQJAQAIfXaJphG7TARQFQtKF8UQiEM/X
+      EIVD1pxvQwx52FJRRro4ph7ycRz93Vzli5or+AXN2q6Jj/fIjUlpw/LOvQJAfyPO
+      FUjpM+hVUiwhFVJdW/ZlVK0tzDvWLiDkXBQvBRhsEuHMQ1jA4ov2tBpaJxXXI9Uj
+      KKv/EFEDDmDfpk1g8QJBAIJhDsxKWgUy1lk+lGYdWRQi/D/BnkNbySklCypmZghu
+      Q6oXJNYB9NWLRWDJaGHlHrAn40Wq6MUx95Aomvj+uHA=
+      -----END RSA PRIVATE KEY-----
+    """.lines.map(&:strip).join("\n")
+  end
+end

data/spec/standard_methods_helper.rb

@@ -1,4 +1,6 @@
+require 'helpers/request_helpers'
 shared_context api: :dummy do
+  include RequestHelpers
   subject { api }
 end
 

data/spec/variable_spec.rb

@@ -1,6 +1,8 @@
 require 'spec_helper'
+require 'helpers/request_helpers'
 
 describe Conjur::Variable do
+  include RequestHelpers
   let(:url) { "http://example.com/variable" }
   subject(:variable) { Conjur::Variable.new url }
 
@@ -14,7 +16,7 @@ describe Conjur::Variable do
 
   describe '#add_value' do
     it "posts the new value" do
-      expect(RestClient::Request).to receive(:execute).with(
+      expect_request(
         method: :post,
         url: "#{url}/values",
         payload: { value: 'new-value' },
@@ -26,7 +28,7 @@ describe Conjur::Variable do
 
   describe '#value' do
     it "gets the value" do
-      allow(RestClient::Request).to receive(:execute).with(
+      allow_request(
         method: :get,
         url: "#{url}/value",
         headers: {}
@@ -35,7 +37,7 @@ describe Conjur::Variable do
     end
 
     it "parametrizes the request with a version" do
-      allow(RestClient::Request).to receive(:execute).with(
+      allow_request(
         method: :get,
         url: "#{url}/value?version=42",
         headers: {}

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-api
 version: !ruby/object:Gem::Version
-  version: 4.13.0
+  version: 4.14.0
 platform: ruby
 authors:
 - Rafal Rzepecki
@@ -9,22 +9,28 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-11 00:00:00.000000000 Z
+date: 2015-03-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.7'
+    - - '>='
       - !ruby/object:Gem::Version
-        version: 1.6.7
+        version: 1.7.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.7'
+    - - '>='
       - !ruby/object:Gem::Version
-        version: 1.6.7
+        version: 1.7.3
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -193,6 +199,20 @@ dependencies:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: inch
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Conjur API
 email:
 - rafal@conjur.net
@@ -204,6 +224,7 @@ files:
 - .gitignore
 - .kateproject
 - .project
+- .yardopts
 - CHANGELOG.md
 - Gemfile
 - LICENSE
@@ -214,6 +235,7 @@ files:
 - features/login.feature
 - features/ping_as_server.feature
 - features/ping_as_user.feature
+- lib/conjur-api.rb
 - lib/conjur-api/version.rb
 - lib/conjur/acts_as_asset.rb
 - lib/conjur/acts_as_resource.rb
@@ -257,7 +279,6 @@ files:
 - lib/conjur/layer.rb
 - lib/conjur/log.rb
 - lib/conjur/log_source.rb
-- lib/conjur/patches/rest-client.rb
 - lib/conjur/path_based.rb
 - lib/conjur/pubkeys-api.rb
 - lib/conjur/resource.rb
@@ -280,6 +301,8 @@ files:
 - spec/api/users_spec.rb
 - spec/api/variables_spec.rb
 - spec/cas_rest_client.rb
+- spec/helpers/errors_matcher.rb
+- spec/helpers/request_helpers.rb
 - spec/lib/annotations_spec.rb
 - spec/lib/api_spec.rb
 - spec/lib/asset_spec.rb
@@ -298,6 +321,7 @@ files:
 - spec/lib/standard_methods_spec.rb
 - spec/lib/user_spec.rb
 - spec/spec_helper.rb
+- spec/ssl_spec.rb
 - spec/standard_methods_helper.rb
 - spec/variable_spec.rb
 - spec/vcr_cassettes/Conjur_Resource/_create/with_path-like_identifier.yml
@@ -345,6 +369,8 @@ test_files:
 - spec/api/users_spec.rb
 - spec/api/variables_spec.rb
 - spec/cas_rest_client.rb
+- spec/helpers/errors_matcher.rb
+- spec/helpers/request_helpers.rb
 - spec/lib/annotations_spec.rb
 - spec/lib/api_spec.rb
 - spec/lib/asset_spec.rb
@@ -363,6 +389,7 @@ test_files:
 - spec/lib/standard_methods_spec.rb
 - spec/lib/user_spec.rb
 - spec/spec_helper.rb
+- spec/ssl_spec.rb
 - spec/standard_methods_helper.rb
 - spec/variable_spec.rb
 - spec/vcr_cassettes/Conjur_Resource/_create/with_path-like_identifier.yml

data/lib/conjur/patches/rest-client.rb

@@ -1,32 +0,0 @@
-#
-# Copyright (C) 2014 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-# RestClient monkey patches MIME::Types, breaking it in certain situations.
-# Let's make check if it did and fix it if so.
-# Cf. https://github.com/rest-client/rest-client/pull/346
-
-if MIME::Types.respond_to? :type_for_extension
-  class MIME::Types
-    def self.type_for_extension ext
-      candidates = of ext
-      candidates.empty? ? ext : candidates[0].content_type
-    end
-  end
-end