conjur-api 4.31.0 → 5.0.0.rc1

data/spec/api/resources_spec.rb

@@ -1,92 +0,0 @@
-require 'spec_helper'
-require 'helpers/request_helpers'
-
-describe Conjur::API, api: :dummy do
-  include RequestHelpers
-
-  describe '#create_resource' do
-    it "passes to resource#create" do
-      allow(api).to receive(:resource).with(:id).and_return(resource = double)
-      expect(resource).to receive :create
-
-      expect(api.create_resource(:id)).to eq(resource)
-    end
-  end
-
-  describe '#resource' do
-    it "builds a path and creates a resource from it" do
-      res = api.resource "some-account:a-kind:the-id"
-      expect(res.url).to eq("#{authz_host}/some-account/resources/a-kind/the-id")
-    end
-    it "accepts an account-less resource" do
-      res = api.resource "a-kind:the-id"
-      expect(res.url).to eq("#{authz_host}/#{account}/resources/a-kind/the-id")
-    end
-    it "rejects an underspecified resource" do
-      expect { api.resource "the-id" }.to raise_error(/at least two tokens in the-id/)
-    end
-  end
-
-  describe '.resources' do
-    let(:ids) { %w(acc:kind:foo acc:chunky:bar) }
-    let(:resources) {
-      ids.map do |id|
-        { 'id' => id }
-      end
-    }
-    it "counts resources" do
-      expect(Conjur::Resource).to receive(:all)
-        .with(host: authz_host, account: account, credentials: api.credentials, count: true).and_return(100)
-
-      expect(api.resources(count: true)).to eq(100)
-    end
-    it "lists all resources" do
-      expect(Conjur::Resource).to receive(:all)
-        .with(host: authz_host, account: account, credentials: api.credentials).and_return(resources)
-
-      expect(api.resources.map(&:url)).to eql(ids.map { |id| api.resource(id).url })
-    end
-    it "can filter by kind" do
-      expect(Conjur::Resource).to receive(:all)
-        .with(host: authz_host, account: account, credentials: api.credentials, kind: :chunky).and_return(resources)
-
-      expect(api.resources(kind: :chunky).map(&:url)).to eql(ids.map { |id| api.resource(id).url })
-    end
-  end
-
-  describe '#resources_permitted' do
-    let(:ids) { %w(foo bar baz) }
-    let(:kind) { 'variable' }
-    let(:priv) { 'execute' }
-
-    it 'creates the request correctly' do
-      expect_request(
-        method: :post,
-        url: "#{authz_host}/the-account/resources/#{kind}?check=true",
-        payload: {
-          :privilege => priv,
-          :identifiers => ids
-        }
-      ).and_return(double("response", :code => 204))
-      
-      res = api.resources_permitted?(kind, ids, priv)
-      expect(res[0]).to be(true)
-    end
-
-    it 'signals failure' do
-      expect_request(
-        method: :post,
-        url: "#{authz_host}/the-account/resources/#{kind}?check=true",
-        payload: {
-          :privilege => priv,
-          :identifiers => ids
-        }
-      ).and_return(double("response", :code => 403, :body => '[]'))
-      
-      res = api.resources_permitted?(kind, ids, priv)
-      expect(res[0]).to be(false)
-    end
-
-  end
-  
-end

data/spec/api/roles_spec.rb

@@ -1,100 +0,0 @@
-require 'spec_helper'
-require 'helpers/request_helpers'
-
-describe Conjur::API, api: :dummy do
-  include RequestHelpers
-  subject { api }
-
-  describe 'role_graph' do
-    let(:roles){ [ 'acct:user:alice', 'acct:user:bob', 'acct:user:eve' ] }
-    let(:options){ {} }
-    let(:current_role){ 'some-role' }
-    let(:graph){
-      [
-          [ 'acct:user:alice', 'acct:user:eve' ],
-          [ 'acct:user:bob',   'acct:user:eve']
-      ]
-    }
-    let(:response){ {
-        graph: graph
-    }.to_json }
-
-    let(:graph_edges){
-      graph.map{|e| Conjur::Graph::Edge.new *e}
-    }
-
-    before do
-      allow(api).to receive(:current_role).and_return current_role
-    end
-
-    subject{ api.role_graph roles, options }
-
-    def role_graph_url_for roles, options, current_role
-      qs = options.reverse_merge(ancestors: true, descendants: true)
-             .merge(from_role: current_role, roles: roles).slice(:from_role, :ancestors, :descendants, :roles).to_query
-      "http://authz.example.com/#{account}/roles?#{qs}"
-    end
-
-    def expect_request_with_params params={}
-      expect_request(headers: credentials[:headers], method: :get,
-                     url: role_graph_url_for(roles, options, current_role))
-        .and_return(response)
-    end
-
-    it "gets /roles with the correct params" do
-      expect_request_with_params ancestors: true, descendants: true, from_role: current_role
-      subject
-    end
-
-    context "when options[:ancestors] and options[:descendants] are false" do
-      let(:options){ { ancestors: false, descendants: false } }
-      it "gets /roles with the correct params" do
-        expect_request_with_params ancestors: false, descendants: false, from_role: current_role
-        subject
-      end
-    end
-
-    context "when given options[:as_role] = 'foo'" do
-      it "sets the from_role param to 'foo'" do
-        expect_request_with_params from_role: 'foo'
-        subject
-      end
-    end
-
-    describe "the result" do
-      it "is a Conjur::Graph" do
-        expect_request_with_params
-        expect(subject).to be_kind_of(Conjur::Graph)
-      end
-      it "has the right edges" do
-        expect_request_with_params
-        expect(subject.edges.to_set).to eq(graph_edges.to_set)
-      end
-    end
-
-  end
-
-  describe '#role_name_from_username' do
-
-    before {
-      allow(api).to receive(:username) { username }
-    }
-    context "username is" do
-      [
-        [ 'the-user', 'user:the-user' ],
-        [ 'host/the-host', 'host:the-host' ],
-        [ 'host/a/quite/long/host/name', 'host:a/quite/long/host/name' ],
-        [ 'newkind/host/name', 'newkind:host/name' ],
-      ].each do |p|
-        context "'#{p[0]}'" do
-          let(:username) { p[0] }
-
-          describe '#role_name_from_username' do
-            subject { super().role_name_from_username }
-            it { is_expected.to eq(p[1]) }
-          end
-        end
-      end
-    end
-  end
-end

data/spec/api/secrets_spec.rb

@@ -1,16 +0,0 @@
-require 'spec_helper'
-require 'standard_methods_helper'
-
-describe Conjur::API, api: :dummy do
-  describe '#create_secret' do
-    it_should_behave_like 'standard_create with', :secret, nil, value: 'val' do
-      let(:invoke) { api.create_secret 'val' }
-    end
-  end
-
-  describe '#secret' do
-    it_should_behave_like 'standard_show with', :secret, :id do
-      let(:invoke) { api.secret :id }
-    end
-  end
-end

data/spec/api/users_spec.rb

@@ -1,71 +0,0 @@
-require 'spec_helper'
-require 'standard_methods_helper'
-require 'cidr_helper'
-
-describe Conjur::API, api: :dummy do
-  describe '#create_user' do
-    it_should_behave_like 'standard_create with', :user, nil, login: 'login', other: true do
-      let(:invoke) { api.create_user 'login', other: true }
-    end
-
-    include_examples 'CIDR create' do
-      def create opts
-        api.create_user 'login', opts
-      end
-    end
-  end
-
-  describe 'user#rotate_api_key' do
-    let(:userid){ 'alice@wonderland' }
-    let(:new_api_key){ 'new api key' }
-    it 'PUTS to /authn/users/api_key?id=:userid' do
-      expect_request(
-          method: :put,
-          url: "#{authn_host}/users/api_key?id=#{api.fully_escape userid}",
-          headers: credentials[:headers],
-          payload: ''
-      ).and_return double('response', body: new_api_key)
-      expect(api.user(userid).rotate_api_key).to eq(new_api_key)
-    end
-  end
-
-  describe 'user#update' do
-    let(:userid) { "alice@wonderland" }
-    it "PUTs to /users/:id?uidnumber=:uidnumber" do
-      expect_request(
-        method: :put,
-        url: "#{core_host}/users/#{api.fully_escape(userid)}",
-        headers: credentials[:headers],
-        payload: { uidnumber: 12345 }
-       )
-      api.user(userid).update(uidnumber: 12345)
-    end
-    
-  end
-
-  describe "find_users" do
-
-    let(:search_parameters) { {uidnumber: 12345} }
-    let(:search_result)     { ["someuser"].to_json }
-    
-    it "GETs /users/search with appropriate options, and returns parsed JSON response" do
-      expect_request(
-        method: :get,  
-        url: "#{core_host}/users/search?uidnumber=12345",
-        headers: credentials[:headers]
-      ).and_return search_result
-
-      parsed = double()
-
-      expect(JSON).to receive(:parse).with(search_result).and_return(parsed)
-
-      expect(api.find_users(search_parameters)).to eq(parsed)
-    end
-  end
-
-  describe '#user' do
-    it_should_behave_like 'standard_show with', :user, :login do
-      let(:invoke) { api.user :login }
-    end
-  end
-end

data/spec/api/variables_spec.rb

@@ -1,112 +0,0 @@
-require 'spec_helper'
-require 'standard_methods_helper'
-
-
-describe Conjur::API, api: :dummy do
-  describe '#create_variable' do
-    let(:invoke) { api.create_variable :type, :kind, other: true }
-    it_should_behave_like 'standard_create with', :variable, nil, mime_type: :type, kind: :kind, other: true
-  end
-
-  describe '#variable' do
-    let(:invoke) { api.variable :id }
-    it_should_behave_like 'standard_show with', :variable, :id
-  end
-
-
-  let (:expected_url) { nil }
-  let (:expected_headers) { {} }
-  shared_context "Stubbed API" do
-    before {
-      expect_request(
-        method: :get,
-        url: expected_url,
-        headers: credentials[:headers].merge(expected_headers)
-        ) { 
-        if defined? return_error 
-          raise return_error
-        else
-          double( code: return_code, body: return_body ) 
-        end
-      }
-    }
-  end
-
-  describe "#variable_values" do
-
-    let (:varlist) { ["var/1","var/2","var/3" ] }
-
-    it 'requires non-empty array of variables' do
-      expect { api.variable_values("something") }.to raise_exception(ArgumentError)
-      expect { api.variable_values([]) }.to raise_exception(ArgumentError)
-    end 
-
-    let (:expected_url) { "#{core_host}/variables/values?vars=#{varlist.map {|v| api.fully_escape(v) }.join(",")}"  }
-
-    let (:invoke) { api.variable_values(varlist) }
-
-    describe "if '/variables/values' method is responding with JSON" do
-      include_context "Stubbed API"
-      let (:return_code) { '200' }
-      let (:return_body) { '{"var/1":"val1","var/2":"val2","var/3":"val3"}' }
-      it "returns Hash of values built from the response" do  
-        expect(api).not_to receive(:variable)
-        expect(invoke).to eq({ "var/1"=>"val1", "var/2"=>"val2", "var/3"=>"val3" })
-      end
-    end 
-
-    describe "if '/variables/values' method is returning 404 error" do
-      include_context "Stubbed API"
-      let (:return_error) { RestClient::ResourceNotFound }
-      before {  
-        expect(api).to receive(:variable).with("var/1").and_return(double(value:"val1_obtained_separately"))
-        expect(api).to receive(:variable).with("var/2").and_return(double(value:"val2_obtained_separately"))
-        expect(api).to receive(:variable).with("var/3").and_return(double(value:"val3_obtained_separately"))
-      }
-      it 'tries variables one by one and returns Hash of values' do
-        expect(invoke).to eq({ "var/1"=>"val1_obtained_separately", 
-                           "var/2"=>"val2_obtained_separately", 
-                           "var/3"=>"val3_obtained_separately" 
-                          })
-      end
-    end 
-    
-    describe "if '/variables/values' method is returning any other error" do
-      include_context "Stubbed API"
-      let (:return_error) { RestClient::Forbidden }
-      it 're-raises error without checking particular variables' do 
-        expect(api).not_to receive(:variable)
-        expect { invoke }.to raise_error(return_error)
-      end
-    end 
-
-  end
-
-  describe '#variable_expirations' do
-    include_context "Stubbed API"
-    let (:expected_url) { "#{core_host}/variables/expirations" }
-    let (:return_code) { '200' }
-    let (:return_body) { '[]' }
-
-    context "with no interval" do
-      subject {api.variable_expirations}
-      it { is_expected.to eq([]) }
-    end
-
-    context "with Fixnum interval" do
-      let (:interval) { 2.weeks }
-      let (:expected_headers) { {:params => { :duration => "PT#{interval.to_i}S" } } }
-      subject { api.variable_expirations(2.weeks) }
-      it { is_expected.to eq([]) }
-    end
-
-    context "with String interval" do
-      let (:interval) { 'P2W' }
-      let (:expected_headers) { {:params => { :duration => 'P2W' } } }
-      subject { api.variable_expirations('P2W') }
-      it { is_expected.to eq([]) }
-    end
-
-  end
-
-end

data/spec/cas_rest_client.rb

@@ -1,17 +0,0 @@
-class MockCasRestClient
-  def initialize response
-    @response = response
-  end
-
-  def new options
-    @options = options
-    self
-  end
-
-  def get url
-    @url = url
-    @response
-  end
-
-  attr_reader :options, :url
-end

data/spec/cidr_helper.rb

@@ -1,24 +0,0 @@
-shared_examples_for "CIDR create" do
-  it "formats the CIDRs correctly" do
-    cidrs = %w(192.0.2.0/24 198.51.100.0/24)
-    expect do
-      create cidr: cidrs.map(&IPAddr.method(:new))
-    end.to call_standard_create_with anything, anything, hash_including(cidr: cidrs)
-  end
-
-  it "parses addresses given as strings" do
-    expect do
-      create cidr: %w(192.0.2.0/255.255.255.128)
-    end.to call_standard_create_with anything, anything, hash_including(cidr: %w(192.0.2.0/25))
-  end
-
-  it "raises ArgumentError on invalid CIDR" do
-    expect do
-      create cidr: %w(192.0.2.0/255.255.0.255)
-    end.to raise_error ArgumentError
-
-    expect do
-      create cidr: %w(192.0.2.256/1)
-    end.to raise_error ArgumentError
-  end
-end

data/spec/lib/acts_as_user_spec.rb

@@ -1,27 +0,0 @@
-describe Conjur::ActsAsUser, api: :dummy do
-  subject do
-    api.user 'kmitnick'
-  end
-
-  describe '#set_cidr_restrictions' do
-    it "sends the new restrictions to the authn server" do
-      expect_request(
-        headers: hash_including(content_type: :json),
-        url: "http://authn.example.com/users?id=kmitnick",
-        method: :put,
-        payload: { cidr: ['192.0.2.1/32'] }.to_json
-      )
-      subject.set_cidr_restrictions %w(192.0.2.1)
-    end
-
-    it "resets the restrictions on the authn server if given empty cidr string" do
-      expect_request(
-        headers: hash_including(content_type: :json),
-        url: "http://authn.example.com/users?id=kmitnick",
-        method: :put,
-        payload: { cidr: [] }.to_json
-      )
-      subject.set_cidr_restrictions []
-    end
-  end
-end

data/spec/lib/annotations_spec.rb

@@ -1,109 +0,0 @@
-require 'spec_helper'
-require 'helpers/request_helpers'
-
-describe Conjur::Annotations do
-  include RequestHelpers
-  include Conjur::Escape
-
-  let(:identifier){ 'the-r{source}&^-id' }
-  let(:kind){ 'some-kind' }
-  let(:account){ 'the-account' }
-  let(:resourceid){ [account, kind, identifier].join ':'}
-  let(:options){ { } }
-  let(:raw_annotations){ [{'name' => 'name', 'value' => 'bar'}, 
-                      {'name' => 'comment', 'value' => 'some comment'}] }
-  let(:attributes){ { 'annotations' => raw_annotations } }
-
-  let(:resource){
-    double('resource', attributes: attributes, account: account,
-           kind: kind, identifier: identifier, resourceid: resourceid,
-           options: options
-      ) }
-
-  let(:annotations){ Conjur::Annotations.new(resource) }
-  
-  subject { annotations }
-
-  let(:url){ "#{Conjur::Authz::API.host}/#{account}/annotations/#{kind}/#{fully_escape identifier}" }
-
-  def expect_put_request url, payload
-    expect_request(
-      method: :put,
-      headers: {},
-      url: url,
-      payload: payload
-    )
-  end
-  
-  describe '[]' do
-    it "returns annotations" do
-      expect(subject[:name]).to eq('bar')
-      expect(subject[:comment]).to eq('some comment')
-      expect(subject['comment']).to eq(subject[:comment])
-    end
-    
-    it "caches the get result" do
-      expect(resource).to receive(:attributes).exactly(1).times.and_return(attributes)
-      subject[:name]
-      subject[:name]
-    end
-  end
-  
-  describe '#each' do
-    it "yields each annotation pair" do
-      pairs = []
-      subject.each{|k,v| pairs << [k,v]}
-      expect(pairs).to eq([[:name, 'bar'], [:comment, 'some comment']])
-    end
-  end
-
-  it "is Enumerable" do
-    expect(subject).to be_a(Enumerable)
-  end
-  
-  describe '#to_h' do
-    it "returns the correct hash" do
-      expect(subject.to_h).to eq({name: 'bar', comment: 'some comment'})
-    end
-    it "does not propagate modifications to the returned hash" do
-      expect(RestClient::Request).not_to receive(:execute)
-      subject.to_h[:name] = 'new name'
-      expect(subject[:name]).to eq(subject.to_h[:name])
-      expect(subject[:name]).to eq("bar")
-    end
-  end
-  
-  describe "#merge!" do
-    let(:hash){ {blah: 'blahbah', zelda: 'link'} }
-    
-    it "makes a put request for each pair" do
-      hash.each do |k,v|
-        expect_put_request(url, name: k, value: v)
-      end
-      expect(resource).to receive(:invalidate).exactly(hash.count).times.and_yield
-      subject.merge! hash
-    end
-  end
-  
-  describe '[]=' do
-
-    it "makes a put request" do
-      expect_put_request url, name: :blah, value: 'boo'
-      expect(resource).to receive(:invalidate).and_yield
-      subject[:blah] = 'boo'
-    end
-    
-    it "forces a fresh request for the annotations" do
-      expect_put_request(url, name: :foo, value: 'bar')
-      expect(resource).to receive(:attributes).exactly(2).times.and_return(attributes)
-      expect(resource).to receive(:invalidate).and_yield
-      # One get request
-      expect(subject[:name]).to eq('bar')
-      # Update
-      subject[:foo] = 'bar'
-      # Second get request
-      expect(subject[:name]).to eq('bar')
-    end
-  end
-  
-end