conjur-api 4.31.0 → 5.0.0.rc1

data/spec/lib/audit_spec.rb

@@ -1,155 +0,0 @@
-require 'spec_helper'
-
-describe Conjur::API, api: :dummy do 
-  describe "audit API methods" do
-    
-    let(:options){ {since:Time.at(0).to_s, till: Time.now.to_s, :has_annotation => 'puppet', some_unwanted_option: 'heloo!'} }
-    let(:expected_options){ options.slice(:since, :till, :has_annotation) }
-    let(:response){ ['some event'] }
-    let(:include_options){ false }
-    let(:query){ include_options ? '?' + expected_options.to_query : '' }
-    let(:expected_path){ nil }
-    let(:expected_url){ "#{Conjur::Audit::API.host}/#{expected_path}#{query}" }
-    
-    def expect_json_request
-      expect_request(
-        headers: credentials[:headers],
-        url: expected_url,
-        method: :get
-      ).and_return response.to_json
-    end
-    
-    
-    describe "#audit" do
-      let(:expected_path){ '' }
-      let(:args){ [] }
-      let(:full_args){ include_options ? args + [options] : args }
-      
-      shared_examples_for "gets all visible events" do
-        it "GETs /" do
-          expect_json_request
-          expect(api.audit(*full_args)).to eq(response)
-        end
-      end
-      
-      context "when called without options" do
-        let(:include_options){ false }
-        it_behaves_like "gets all visible events"
-      end
-      
-      context "when called with all options" do
-        let(:include_options){ true }
-        it_behaves_like "gets all visible events"
-      end
-    end
-    
-    describe "#audit_role" do
-      let(:role_id){ 'acct:user:foobar' }
-      let(:role){ double('role', roleid: role_id) }
-      let(:expected_path){ "roles/#{CGI.escape role_id}" }
-      let(:args){ [role_id] }
-      let(:full_args){ include_options ? args + [options] : args }
-      shared_examples_for "gets roles feed" do
-        it "GETs roles/:role_id" do
-          expect_json_request
-          expect(api.audit_role(*full_args)).to eq(response)
-        end
-      end
-      
-      context "when called with a role id" do
-        let(:args){ [role_id] }
-        it_behaves_like "gets roles feed"
-      end
-      
-      context "when called with a role instance" do
-        let(:audit_role_args){ [role] }
-        it_behaves_like "gets roles feed"
-      end
-      
-      context "when called with all options" do
-        let(:include_options){ true }
-        let(:args){ [ role_id ] }
-        it_behaves_like  "gets roles feed"
-      end
-    end
-    
-    
-    describe "#audit_resource" do
-      let(:resource_id){ 'acct:food:bacon' }
-      let(:resource){ double('resource', resourceid: resource_id) }
-      let(:expected_path){ "resources/#{CGI.escape resource_id}" }
-      let(:args){[resource_id]}
-      let(:full_args){ include_options ? args + [options] : args }
-      shared_examples_for "gets the resource feed" do
-        it "GETS resources/:resource_id" do
-          expect_json_request
-          expect(api.audit_resource(*full_args)).to eq(response)
-        end
-      end
-      
-      context "when called with resource id" do
-        let(:args){ [resource_id] }
-        it_behaves_like "gets the resource feed"
-      end
-      
-      context "when called with resource instance" do
-        let(:args){ [resource] }
-        it_behaves_like "gets the resource feed"
-      end
-      
-      context "when called with all options" do
-        let(:include_options) { true }
-        it_behaves_like "gets the resource feed"
-      end
-    end
-
-    describe "#audit_send" do
-      let(:username) { "user" }
-      let(:api){ Conjur::API.new_from_key username, 'key' }
-      let(:credentials) { { headers: { authorization: "Token token=\"stub\"" } } } #, username: username } }
-      
-      before do
-        allow(api).to receive_messages credentials: credentials
-      end
-
-      context "valid input" do
-        let(:http_parameters)  {
-          {
-            headers: credentials[:headers].merge(content_type: "text/plain"),
-            method: :post ,
-            url: "#{Conjur::Authz::API.host}/audit"
-          } 
-        }
-        
-        it "sends Hash as JSON" do
-          event = { action: "login", user: "alice" }
-          expect(RestClient::Request).to receive(:execute).with(
-            http_parameters.merge( payload: event.to_json )
-            )
-          api.audit_send event
-        end
-        it "sends array as JSON" do
-          events = [ { action: "login", user: "alice" }, { action: "sudo", user: "alice" } ]
-          expect(RestClient::Request).to receive(:execute).with(
-            http_parameters.merge( payload: events.to_json )
-            )
-          api.audit_send events
-        end
-        
-        it "sends string as is (consider it preformatted JSON)" do
-          events_serialized = "this is supposed to be JSON" 
-          expect(RestClient::Request).to receive(:execute).with(
-            http_parameters.merge( payload: events_serialized )
-            )
-          api.audit_send events_serialized
-        end
-      end
-      
-      it "rejects any other types of arguments" do
-        expect { api.audit_send( api ) }.to raise_error(ArgumentError)
-      end
-      
-    end
-  end
-end
-

data/spec/lib/build_from_response_spec.rb

@@ -1,49 +0,0 @@
-require 'spec_helper'
-
-describe Conjur::BuildFromResponse do
-  describe "::build_from_response", logging: :temp do
-    let(:location) { "http://example.com" }
-    let(:attrs) {{ 'some' => 'foo', 'other' => 'bar' }}
-    let(:response) do
-      double "response", headers: { location: location }, body: attrs.to_json
-    end
-    subject { double "class", name: 'some' }
-    let(:constructed) { double "object" }
-    let(:credentials) { "whatever" }
-
-    before do
-      subject.extend Conjur::BuildFromResponse
-      expect(subject).to receive(:new).with(location, credentials).and_return constructed
-      expect(constructed).to receive(:attributes=).with attrs
-
-      constructed.extend Conjur::LogSource
-      allow(constructed).to receive_messages username: 'whatever'
-    end
-
-    it "passes the location credentials and attributes" do
-      subject.build_from_response response, credentials
-    end
-
-    context "with a resource(-ish) class" do
-      before do
-        allow(constructed).to receive_messages resource_kind: 'chunky', resource_id: 'bacon'
-      end
-
-      it "logs creation correctly" do
-        subject.build_from_response response, credentials
-        expect(log).to match(/Created chunky bacon/)
-      end
-    end
-
-    context "with a id(-ish) class" do
-      before do
-        allow(constructed).to receive_messages id: 'bacon'
-      end
-
-      it "logs creation correctly" do
-        subject.build_from_response response, credentials
-        expect(log).to match(/Created some bacon/)
-      end
-    end
-  end
-end

data/spec/lib/deputy_spec.rb

@@ -1,25 +0,0 @@
-require 'spec_helper'
-
-describe Conjur::Deputy, api: :dummy do
-  let(:api_key) { 'theapikey' }
-
-  subject(:deputy) { Conjur::Deputy.new 'http://example.com/deputies/my%2Fhostname', nil }
-  before { deputy.attributes = { 'api_key' => api_key } }
-
-  describe '#resource' do
-    subject { deputy.resource }
-    it { is_expected.to be }
-  end
-
-  describe '#login' do
-    it "is extracted from the uri" do
-      expect(deputy.login).to eq('deputy/my/hostname')
-    end
-  end
-
-  describe '#api_key' do
-    it "is extracted from attributes" do
-      expect(deputy.api_key).to eq api_key
-    end
-  end
-end

data/spec/lib/exists_spec.rb

@@ -1,24 +0,0 @@
-require 'spec_helper'
-
-describe Conjur::Exists do
-  subject(:resource) { Object.new.tap {|o| o.send :extend, Conjur::Exists } }
-
-  describe '#exists?' do
-    subject { resource.exists? }
-
-    context "when head returns 200" do
-      before { allow(resource).to receive_messages head: "" }
-      it { is_expected.to be_truthy }
-    end
-
-    context "when forbidden" do
-      before { allow(resource).to receive(:head) { raise RestClient::Forbidden }}
-      it { is_expected.to be_truthy }
-    end
-
-    context "when not found" do
-      before { allow(resource).to receive(:head) { raise RestClient::ResourceNotFound }}
-      it { is_expected.to be_falsey }
-    end
-  end
-end

data/spec/lib/group_spec.rb

@@ -1,18 +0,0 @@
-require 'spec_helper'
-
-describe Conjur::Group, api: :dummy do
-  let(:id) { 'the-anonymous' }
-  subject { api.group id }
-
-  describe '#update' do
-    it "PUTs to /groups/:id" do
-      expect_request(
-        method: :put,
-        url: "#{core_host}/groups/#{api.fully_escape(id)}",
-        headers: credentials[:headers],
-        payload: { gidnumber: 12345 }
-       )
-      api.group(id).update(gidnumber: 12345)
-    end
-  end
-end

data/spec/lib/host_spec.rb

@@ -1,31 +0,0 @@
-require 'spec_helper'
-
-describe Conjur::Host, api: :dummy do
-  subject(:host) { Conjur::Host.new 'http://example.com/hosts/my%2Fhostname', nil }
-
-  describe '#resource' do
-    subject { super().resource }
-    it { is_expected.to be }
-  end
-
-  describe '#login' do
-    subject { super().login }
-    it { is_expected.to eq('host/my/hostname') }
-  end
-
-  it "fetches enrollment_url" do
-    stub_request(:head, "http://example.com/hosts/my%2Fhostname/enrollment_url").
-         to_return(:status => 200, :headers => {location: 'foo'})
-    expect(subject.enrollment_url).to eq('foo')
-  end
-
-  describe '#update' do
-    it "calls set_cidr_restrictions if given CIDR" do
-      expect(host).to receive(:set_cidr_restrictions).with(['192.0.2.0/24'])
-      host.update cidr: ['192.0.2.0/24']
-
-      expect(host).to_not receive(:set_cidr_restrictions)
-      host.update foo: 42
-    end
-  end
-end

data/spec/lib/resource_spec.rb

@@ -1,240 +0,0 @@
-require 'spec_helper'
-require 'helpers/request_helpers'
-
-describe Conjur::Resource, api: :dummy, logging: :temp do
-  include RequestHelpers
-
-  let(:account) { "the-account" }
-  let(:uuid) { "ddd1f59a-494d-48fb-b045-0374c4a6eef9" }
-
-  context "identifier" do
-    include Conjur::Escape
-    let(:resource) { Conjur::Resource.new("#{Conjur::Authz::API.host}/#{account}/resources/#{kind}/#{path_escape identifier}") }
-
-    context "Object with an #id" do
-      let(:kind) { "host" }
-      let(:identifier) do
-        "foobar"
-      end
-      it "identifier should obtained from the id" do
-        expect(resource.identifier).to eq("foobar")
-      end
-    end
-
-    [ [ "foo", "bar/baz" ], [ "f:o", "bar" ], [ "@f", "bar.baz" ], [ "@f", "bar baz" ], [ "@f", "@:bar/baz" ] ].each do |p|
-      context "of /#{p[0]}/#{p[1]}" do
-        let(:kind) { p[0] }
-        let(:identifier) { p[1] }
-        context "resource_kind" do
-          subject { resource.kind }
-          specify { is_expected.to eq(p[0]) }
-        end
-        context "resource_id" do
-          subject { resource.identifier }
-          specify { is_expected.to eq( p[1] ) }
-        end
-      end
-    end
-  end
-
-  let(:uri) { "#{authz_host}/some-account/resources/the-kind/resource-id" }
-  subject { Conjur::Resource.new uri }
-
-  describe '#create' do
-    it "simply puts" do
-      expect_request(
-        method: :put,
-        url: uri,
-        payload: {},
-        headers: {}
-      ).and_return "new resource"
-      expect(subject.create).to eq("new resource")
-    end
-  end
-
-  describe '#permitted_roles' do
-    it 'gets the list from /roles/allowed_to' do
-      expect_request(
-        method: :get,
-        url: "http://authz.example.com/some-account/roles/allowed_to/nuke/the-kind/resource-id",
-        headers: {}
-      ).and_return '["foo", "bar"]'
-
-      expect(subject.permitted_roles("nuke")).to eq(['foo', 'bar'])
-    end
-
-    it 'supports counting' do
-      expect_request(
-        method: :get,
-        url: "http://authz.example.com/some-account/roles/allowed_to/nuke/the-kind/resource-id?count=true",
-        headers: {}
-      ).and_return({count: 12}.to_json)
-
-      expect(subject.permitted_roles("nuke", count: true)).to eq(12)
-    end
-
-    it 'supports filtering' do
-      expect_request(
-        method: :get,
-        url: "http://authz.example.com/some-account/roles/allowed_to/nuke/the-kind/resource-id?search=hamsters",
-        headers: {}
-      ).and_return '["foo", "bar"]'
-
-      expect(subject.permitted_roles("nuke", search: 'hamsters')).to eq(['foo', 'bar'])
-    end
-  end
-
-  describe '#give_to' do
-    it "puts the owner field" do
-      expect_request(
-        method: :put,
-        url: uri,
-        payload: {owner: 'new-owner' },
-        headers: {}
-      )
-
-      subject.give_to 'new-owner'
-    end
-  end
-
-  describe '#delete' do
-    it 'simply deletes' do
-      expect_request(
-        method: :delete,
-        url: uri,
-        headers: {}
-      )
-
-      subject.delete
-    end
-  end
-
-  describe '#permit' do
-    it 'posts permit for every privilege' do
-      privileges = [:nuke, :fry]
-      privileges.each do |p|
-        expect_request(
-          method: :post,
-          url: uri + "/?permit&privilege=#{p}&role=dr-strangelove",
-          headers: {},
-          payload: {}
-        )
-      end
-      subject.permit privileges, "dr-strangelove"
-    end
-  end
-
-  describe '#deny' do
-    it 'posts deny for every privilege' do
-      privileges = [:nuke, :fry]
-      privileges.each do |p|
-        expect_request(
-          method: :post,
-          url: uri + "/?deny&privilege=#{p}&role=james-bond",
-          headers: {},
-          payload: {}
-        )
-      end
-      subject.deny privileges, "james-bond"
-    end
-  end
-
-  describe '#permitted?' do
-    it 'gets the ?permitted? action' do
-      expect_request(
-        method: :get,
-        url: uri + "/?check=true&privilege=fry",
-        headers: {}
-      )
-      subject.permitted? 'fry'
-    end
-    context "with status 204" do
-      before {
-        allow(subject).to receive_message_chain(:[], :get)
-      }
-      specify {
-        expect(subject.permitted?('fry')).to be_truthy
-      }
-    end
-    context "with status 404" do
-      before {
-        allow(subject).to receive_message_chain(:[], :get) { raise RestClient::ResourceNotFound }
-      }
-      specify {
-        expect(subject.permitted?('fry')).to be_falsey
-      }
-    end
-    context "with status 403" do
-      before {
-        allow(subject).to receive_message_chain(:[], :get) { raise RestClient::Forbidden }
-      }
-      specify {
-        expect(subject.permitted?('fry')).to be_falsey
-      }
-    end
-  end
-
-  describe '.all' do
-    it "calls /account/resources" do
-      expect_request(
-        method: :get,
-        url: "http://authz.example.com/the-account/resources/",
-        headers: {}
-      ).and_return '["foo", "bar"]'
-
-      expect(Conjur::Resource.all host: authz_host, account: account).to eql(%w(foo bar))
-    end
-
-    it "can filter by owner" do
-      expect_request(
-        method: :get,
-        url: "http://authz.example.com/the-account/resources/chunky/?owner=alice",
-        headers: {}
-      ).and_return '["foo", "bar"]'
-
-      expect(Conjur::Resource.all host: authz_host, account: account, kind: :chunky, owner: 'alice')
-        .to eql(%w(foo bar))
-    end
-
-    it "can filter by kind" do
-      expect_request(
-        method: :get,
-        url: "http://authz.example.com/the-account/resources/chunky/",
-        headers: {}
-      ).and_return '["foo", "bar"]'
-
-      expect(Conjur::Resource.all host: authz_host, account: account, kind: :chunky)
-        .to eql(%w(foo bar))
-    end
-    
-    it "can count" do
-      expect_request(
-        method: :get,
-        url: "http://authz.example.com/the-account/resources/?count=true",
-        headers: {}
-      ).and_return({count: 12}.to_json)
-
-      expect(Conjur::Resource.all host: authz_host, account: account, count: true).to eq(12)
-    end
-
-    it "passes search, limit, and offset params" do
-      expect_request(
-        method: :get,
-        # Note that to_query sorts the keys
-        url: "http://authz.example.com/the-account/resources/?limit=5&offset=6&search=something",
-        headers: {}
-      ).and_return '["foo", "bar"]'
-      expect(Conjur::Resource.all(host: authz_host, account: account, search: 'something', limit:5, offset:6)).to eq(%w(foo bar))
-    end
-
-    it "uses the given authz url" do
-      expect_request(
-        method: :get,
-        url: "http://otherhost.example.com/the-account/resources/",
-        headers: {}
-      ).and_return '["foo", "bar"]'
-
-      Conjur::Resource.all host: 'http://otherhost.example.com', account: account
-    end
-  end
-end

data/spec/lib/role_grant_spec.rb

@@ -1,13 +0,0 @@
-require 'spec_helper'
-
-describe Conjur::RoleGrant, api: :dummy do
-  describe '::parse_from_json' do
-    it "creates role, member and grantor roles" do
-      rg = Conjur::RoleGrant::parse_from_json({role: 'acc:k:r', member: 'acc:k:m', grantor: 'acc:k:g', admin_option: true}.stringify_keys, {})
-      expect(rg.role.url).to eq("#{authz_host}/acc/roles/k/r")
-      expect(rg.member.url).to eq("#{authz_host}/acc/roles/k/m")
-      expect(rg.grantor.url).to eq("#{authz_host}/acc/roles/k/g")
-      expect(rg.admin_option).to eq(true)
-    end
-  end
-end