conjur-api 4.31.0 → 5.0.0.rc1

data/spec/{lib/configuration_spec.rb → configuration_spec.rb}

@@ -29,66 +29,51 @@ describe Conjur::Configuration do
       configuration.account = "the-account"
       configuration.appliance_url = "https://conjur/api"
     }
-    context "and core_url fetched" do
-      before { 
-        configuration.core_url 
-      }
+    it "can still be changed by changing the appliance_url" do
+      configuration.appliance_url = "https://other/api"
+      expect(configuration.core_url).to eq "https://other/api"
+    end
 
-      it "can still be changed by changing the appliance_url" do
-        configuration.appliance_url = "https://other/api"
-        expect(configuration.core_url).to eq "https://other/api"
-      end
+    it "can still be changed by changing the authn_url" do
+      configuration.authn_url = "http://authn-docker"
+      expect(configuration.core_url).to eq "https://conjur/api"
+      expect(configuration.authn_url).to eq "http://authn-docker"
+    end
 
-      context "and duplicated" do 
-        subject { configuration.clone override_options }
-        let(:override_options) { Hash.new }
+    context "and duplicated" do 
+      subject { configuration.clone override_options }
+      let(:override_options) { Hash.new }
 
-        describe '#account' do
-          subject { super().account }
-          it { is_expected.to eq(configuration.account) }
-        end
+      describe '#account' do
+        subject { super().account }
+        it { is_expected.to eq(configuration.account) }
+      end
 
-        describe '#appliance_url' do
-          subject { super().appliance_url }
-          it { is_expected.to eq(configuration.appliance_url) }
-        end
+      describe '#appliance_url' do
+        subject { super().appliance_url }
+        it { is_expected.to eq(configuration.appliance_url) }
+      end
 
-        describe '#core_url' do
-          subject { super().core_url }
-          it { is_expected.to eq(configuration.appliance_url) }
-        end
+      describe '#core_url' do
+        subject { super().core_url }
+        it { is_expected.to eq(configuration.appliance_url) }
+      end
 
-        context "appliance_url overridden" do
-          let(:override_options) {
-            { :appliance_url => "https://example/api" }
-          }
-          it "is ignored by the configuration core_url" do
-            expect(configuration.core_url).to eq("https://conjur/api")
-          end
-          it "is reflected in the copy core_url" do
-            expect(subject.core_url).to eq("https://example/api")
-          end
+      context "appliance_url overridden" do
+        let(:override_options) {
+          { :appliance_url => "https://example/api" }
+        }
+        it "is ignored by the configuration core_url" do
+          expect(configuration.core_url).to eq("https://conjur/api")
+        end
+        it "is reflected in the copy core_url" do
+          expect(subject.core_url).to eq("https://example/api")
         end
       end
     end
   end
     
-  context "CONJUR_ENV unspecified" do
-    before {
-      ENV.delete('CONJUR_ENV')
-    }
-    context "default env" do
-      describe '#env' do
-        subject { super().env }
-        it { is_expected.to eq("production") }
-      end
-    end
-    context "default stack" do
-      describe '#stack' do
-        subject { super().stack }
-        it { is_expected.to eq("v4") }
-      end
-    end
+  describe "url generation" do
     describe 'authn_url' do
       before {
         allow_any_instance_of(Conjur::Configuration).to receive(:account).and_return "the-account"
@@ -106,110 +91,25 @@ describe Conjur::Configuration do
       context "without appliance_url" do
         describe '#authn_url' do
           subject { super().authn_url }
-          it { is_expected.to eq("https://authn-the-account-conjur.herokuapp.com") }
+          it { is_expected.to eq("http://localhost:5000") }
         end
       end
     end
-    describe 'authz_url' do
+
+    describe 'core_url' do
       before {
         allow_any_instance_of(Conjur::Configuration).to receive(:account).and_return "the-account"
       }
+      subject { super().core_url }
       context "with appliance_url" do
         before {
           allow_any_instance_of(Conjur::Configuration).to receive(:appliance_url).and_return "http://example.com"
         }
 
-        describe '#authz_url' do
-          subject { super().authz_url }
-          it { is_expected.to eq("http://example.com/authz") }
-        end
-      end
-      context "without appliance_url" do
-        describe '#authz_url' do
-          subject { super().authz_url }
-          it { is_expected.to eq("https://authz-v4-conjur.herokuapp.com") }
-        end
-        context "with specific stack" do
-          before { allow_any_instance_of(Conjur::Configuration).to receive(:stack).and_return "the-stack" }
-
-          describe '#authz_url' do
-            subject { super().authz_url }
-            it { is_expected.to eq("https://authz-the-stack-conjur.herokuapp.com") }
-          end
-        end
-      end
-    end
-  end
-  context "CONJUR_ENV = 'test'" do
-    describe '#env' do
-      subject { super().env }
-      it { is_expected.to eq("test") }
-    end
-    before {
-      allow_any_instance_of(Conjur::Configuration).to receive(:account).and_return "the-account"
-    }
-    describe 'authn_url' do
-      context "with appliance_url hostname" do
-        before {
-          allow_any_instance_of(Conjur::Configuration).to receive(:appliance_url).and_return "http://example.com"
-        }
-
-        describe '#authn_url' do
-          subject { super().authn_url }
-          it { is_expected.to eq("http://example.com/authn") }
-        end
-      end
-      context "with appliance_url hostname and non-trailing-slash path" do
-        before {
-          allow_any_instance_of(Conjur::Configuration).to receive(:appliance_url).and_return "http://example.com/api"
-        }
-
-        describe '#authn_url' do
-          subject { super().authn_url }
-          it { is_expected.to eq("http://example.com/api/authn") }
-        end
+        it { is_expected.to eq("http://example.com") }
       end
       context "without appliance_url" do
-        describe '#authn_url' do
-          subject { super().authn_url }
-          it { is_expected.to eq("http://localhost:5000") }
-        end
-      end
-    end
-    describe 'authz_url' do
-      context "with appliance_url" do
-        before {
-          allow_any_instance_of(Conjur::Configuration).to receive(:appliance_url).and_return "http://example.com/api/"
-        }
-
-        describe '#authz_url' do
-          subject { super().authz_url }
-          it { is_expected.to eq("http://example.com/api/authz") }
-        end
-      end
-      context "without appliance_url" do
-        describe '#authz_url' do
-          subject { super().authz_url }
-          it { is_expected.to eq("http://localhost:5100") }
-        end
-      end
-    end
-    describe 'core_url' do
-      context "with appliance_url" do
-        before {
-          allow_any_instance_of(Conjur::Configuration).to receive(:appliance_url).and_return "http://example.com/api"
-        }
-
-        describe '#core_url' do
-          subject { super().core_url }
-          it { is_expected.to eq("http://example.com/api") }
-        end
-      end
-      context "without appliance_url" do
-        describe '#core_url' do
-          subject { super().core_url }
-          it { is_expected.to eq("http://localhost:5200") }
-        end
+        it { is_expected.to eq("http://localhost:5000") }
       end
     end
   end

data/spec/{lib/has_attributes_spec.rb → has_attributes_spec.rb}

@@ -13,10 +13,14 @@ describe Conjur::HasAttributes do
   end
 
   let(:object) { new_object }
+  let(:second_object) { new_object }
   let(:attributes) { { 'id' => 'the-id' } }
+  let(:rbac_resource_resource) { double(:rbac_resource_resource, url: object.url) }
 
   before {
-    expect(object).to receive(:get).with(no_args).and_return(double(:response, body: attributes.to_json))
+    allow(object).to receive(:rbac_resource_resource).and_return(rbac_resource_resource)
+    allow(second_object).to receive(:rbac_resource_resource).and_return(rbac_resource_resource)
+    expect(rbac_resource_resource).to receive(:get).with(no_args).and_return(double(:response, body: attributes.to_json))
   }
 
   it "should fetch attributes from the server" do
@@ -47,7 +51,7 @@ describe Conjur::HasAttributes do
     context "enabled" do
       it "caches the attributes across objects" do
         expect(object.attributes).to eq(attributes)
-        expect(new_object.attributes).to eq(attributes)
+        expect(second_object.attributes).to eq(attributes)
         expect(cache.table).to eq({
           "alice.http://example.com/the-object" => attributes
         })

data/spec/roles_spec.rb

@@ -0,0 +1,24 @@
+require 'spec_helper'
+
+describe Conjur::API do
+  describe '#role_name_from_username' do
+    let(:account) { "the-account" }
+    context "when username is" do
+      [
+        [ 'the-user', 'the-account:user:the-user' ],
+        [ 'host/the-host', 'the-account:host:the-host' ],
+        [ 'host/a/quite/long/host/name', 'the-account:host:a/quite/long/host/name' ],
+        [ 'newkind/host/name', 'the-account:newkind:host/name' ],
+      ].each do |p|
+        context "'#{p[0]}'" do
+          let(:username) { p[0] }
+
+          describe '#role_name_from_username' do
+            subject { Conjur::API.role_name_from_username username, account }
+            it { is_expected.to eq(p[1]) }
+          end
+        end
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -1,81 +1,73 @@
 require 'simplecov'
-SimpleCov.start do
-  add_filter "/spec/"
-end
+SimpleCov.start
 
 require 'rubygems'
 $:.unshift File.join(File.dirname(__FILE__), "..", "lib")
 $:.unshift File.join(File.dirname(__FILE__), "lib")
-require 'spork'
-
-Spork.prefork do
-  # This file is copied to ~/spec when you run 'ruby script/generate rspec'
-  # from the project root directory.
-  ENV["CONJUR_ENV"] ||= 'test'
-  
-  # Allows loading of an environment config based on the environment
-  require 'rspec'
-  require 'webmock/rspec'
-  require 'securerandom'
-  
-  # Uncomment the next line to use webrat's matchers
-  #require 'webrat/integrations/rspec-rails'
-
-  RSpec.configure do |config|
-    config.before do
-      # test with a clean environment
-      stub_const 'ENV', 'CONJUR_ENV' => 'test'
-    end
-
-
-    # If you're not using ActiveRecord you should remove these
-    # lines, delete config/database.yml and disable :active_record
-    # in your config/boot.rb
-    #config.use_transactional_fixtures = true
-    #config.use_instantiated_fixtures  = false
-    #config.fixture_path = File.join(redmine_root, 'test', 'fixtures')
-  
-    # == Fixtures
-    #
-    # You can declare fixtures for each example_group like this:
-    #   describe "...." do
-    #     fixtures :table_a, :table_b
-    #
-    # Alternatively, if you prefer to declare them only once, you can
-    # do so right here. Just uncomment the next line and replace the fixture
-    # names with your fixtures.
-    #
-    #
-    # If you declare global fixtures, be aware that they will be declared
-    # for all of your examples, even those that don't use them.
-    #
-    # You can also declare which fixtures to use (for example fixtures for test/fixtures):
-    #
-    # config.fixture_path = RAILS_ROOT + '/spec/fixtures/'
-    #
-    # == Mock Framework
-    #
-    # RSpec uses its own mocking framework by default. If you prefer to
-    # use mocha, flexmock or RR, uncomment the appropriate line:
-    #
-    # config.mock_with :mocha
-    # config.mock_with :flexmock
-    # config.mock_with :rr
-    #
-    # == Notes
-    #
-    # For more information take a look at Spec::Runner::Configuration and Spec::Runner
+
+# This file is copied to ~/spec when you run 'ruby script/generate rspec'
+# from the project root directory.
+ENV["CONJUR_ENV"] ||= 'test'
+
+# Allows loading of an environment config based on the environment
+require 'rspec'
+require 'securerandom'
+
+# Uncomment the next line to use webrat's matchers
+#require 'webrat/integrations/rspec-rails'
+
+RSpec.configure do |config|
+  config.before do
+    # test with a clean environment
+    stub_const 'ENV', 'CONJUR_ENV' => 'test'
   end
-end
 
-Spork.each_run do
-  # This code will be run each time you run your specs.
-  
-  # Requires supporting files with custom matchers and macros, etc,
-  # in ./support/ and its subdirectories.
-  Dir[File.expand_path(File.join(File.dirname(__FILE__),'support','**','*.rb'))].each {|f| require f}
+
+  # If you're not using ActiveRecord you should remove these
+  # lines, delete config/database.yml and disable :active_record
+  # in your config/boot.rb
+  #config.use_transactional_fixtures = true
+  #config.use_instantiated_fixtures  = false
+  #config.fixture_path = File.join(redmine_root, 'test', 'fixtures')
+
+  # == Fixtures
+  #
+  # You can declare fixtures for each example_group like this:
+  #   describe "...." do
+  #     fixtures :table_a, :table_b
+  #
+  # Alternatively, if you prefer to declare them only once, you can
+  # do so right here. Just uncomment the next line and replace the fixture
+  # names with your fixtures.
+  #
+  #
+  # If you declare global fixtures, be aware that they will be declared
+  # for all of your examples, even those that don't use them.
+  #
+  # You can also declare which fixtures to use (for example fixtures for test/fixtures):
+  #
+  # config.fixture_path = RAILS_ROOT + '/spec/fixtures/'
+  #
+  # == Mock Framework
+  #
+  # RSpec uses its own mocking framework by default. If you prefer to
+  # use mocha, flexmock or RR, uncomment the appropriate line:
+  #
+  # config.mock_with :mocha
+  # config.mock_with :flexmock
+  # config.mock_with :rr
+  #
+  # == Notes
+  #
+  # For more information take a look at Spec::Runner::Configuration and Spec::Runner
 end
 
+# This code will be run each time you run your specs.
+
+# Requires supporting files with custom matchers and macros, etc,
+# in ./support/ and its subdirectories.
+Dir[File.expand_path(File.join(File.dirname(__FILE__),'support','**','*.rb'))].each {|f| require f}
+
 shared_examples_for "http response" do
   let(:http_response) { double(:response) }
 
@@ -100,20 +92,13 @@ OPTIONS={}
 shared_context api: :dummy do
   let(:username) { "user" }
   let(:api){ Conjur::API.new_from_key username, 'key' }
-  let(:authz_host) { 'http://authz.example.com' }
-  let(:audit_host) { 'http://audit.example.com' }
   let(:authn_host) { 'http://authn.example.com' }
-  let(:credentials) { { headers: { authorization: "Token token=\"stub\"" } } } #, username: username } }
   let(:core_host) { 'http://core.example.com' }
+  let(:credentials) { { headers: { authorization: "Token token=\"stub\"" } } } #, username: username } }
   let(:account) { 'the-account' }
 
   before do
-    allow(Conjur::Authn::API).to receive_messages host: authn_host
-    allow(Conjur::Authz::API).to receive_messages host: authz_host
-    allow(Conjur::Core::API).to receive_messages host: core_host
-    allow(Conjur::Core::API).to receive_messages conjur_account: account
-    allow(Conjur::Audit::API).to receive_messages host:audit_host
-    Conjur.configuration.set :account, account
+    allow(Conjur.configuration).to receive_messages account: account, core_url: core_host, authn_url: authn_host
     allow(api).to receive_messages credentials: credentials
   end
 end

data/spec/ssl_spec.rb

@@ -9,7 +9,7 @@ require 'webrick/https'
 describe 'SSL connection' do
   context 'with an untrusted certificate' do
     it 'fails' do
-      expect { Conjur::API.login 'foo', 'bar' }.to \
+      expect { Conjur::API.login 'foo', 'bar', account: "the-account" }.to \
           raise_one_of(RestClient::SSLCertificateNotVerified, OpenSSL::SSL::SSLError)
     end
   end
@@ -22,7 +22,7 @@ describe 'SSL connection' do
     end
 
     it 'works' do
-      expect { Conjur::API.login 'foo', 'bar' }.to raise_error RestClient::ResourceNotFound
+      expect { Conjur::API.login 'foo', 'bar', account: "the-account" }.to raise_error RestClient::ResourceNotFound
     end
   end
   
@@ -35,16 +35,14 @@ describe 'SSL connection' do
   let(:port) { server.config[:Port] }
 
   before do
-    allow(Conjur::Authn::API).to receive(:host).and_return "https://localhost:#{port}"
+    allow(Conjur.configuration).to receive(:authn_url).and_return "https://localhost:#{port}"
   end
 
   around do |example|
     server_thread = Thread.new do
       server.start
     end
-    WebMock.disable!
     example.run
-    WebMock.enable!
     server.shutdown
     server_thread.join
   end

data/spec/vendor/rest_client_spec.rb

@@ -38,58 +38,4 @@ describe RestClient::Request do
       expect(request.ssl_opts[:cert_store]).to eq(OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE)
     end
   end
-  
-  def reinit_mime_types!
-    # pretend to initialize MIME::Types from scratch
-    MIME::Types.instance_variable_set :@__types__, nil
-    MIME::Types.send :remove_const, :VERSION # to suppress a warning
-    load 'mime/types.rb'
-  end
-
-  def with_env vals, &block
-    olds = Hash[vals.keys.zip ENV.values_at *vals.keys]
-    ENV.update vals
-    yield if block_given?
-    ENV.update olds
-  end
-
-  around do |ex|
-    with_env 'RUBY_MIME_TYPES_CACHE' => cache,
-        'RUBY_MIME_TYPES_LAZY_LOAD' => lazy.to_s do
-      reinit_mime_types!
-      ex.run
-    end
-  end
-
-  context "with plain MIME::Types config" do
-    let(:cache) { nil }
-    let(:lazy) { false }
-    include_examples :restclient
-  end
-
-  context "with lazy MIME::Types loading" do
-    let(:cache) { nil }
-    let(:lazy) { true }
-    include_examples :restclient
-  end
-
-  context "using MIME::Types cache" do
-    let(:cache) do
-      tf = Tempfile.new('mimecache')
-      path = tf.path
-
-      tf.unlink # delete so mimetypes doesn't try to read it
-      # create the cache
-      with_env 'RUBY_MIME_TYPES_CACHE' => path,
-          'RUBY_MIME_TYPES_LAZY_LOAD' => 'false' do
-        reinit_mime_types!
-      end
-
-      return path
-    end
-
-    after { File.unlink cache }
-    let(:lazy) { false }
-    include_examples :restclient
-  end
 end

data/test.sh

@@ -0,0 +1,40 @@
+#!/bin/bash -e
+
+function finish {
+  echo 'Removing test environment'
+  echo '---'
+  docker-compose down --rmi 'local' --volumes
+}
+trap finish EXIT
+
+function main() {
+  # Generate reports folders locally
+  mkdir -p spec/reports features/reports
+
+  startConjur
+  runTests
+}
+
+function startConjur() {
+  echo 'Starting Conjur environment'
+  echo '-----'
+  docker-compose pull conjur postgres
+  docker-compose build --pull tester
+  docker-compose up -d conjur
+}
+
+function runTests() {
+  echo 'waiting for Conjur to come up...'
+  # TODO: remove this once we have HEALTHCHECK in place
+  docker-compose run --rm tester ./ci/wait_for_server.sh
+
+  local api_key=$(docker-compose exec -T conjur rails r "print Credentials['cucumber:user:admin'].api_key")
+
+  echo 'Running tests'
+  echo '-----'
+  docker-compose run --rm \
+    -e CONJUR_AUTHN_API_KEY="$api_key" \
+    tester
+}
+
+main