conjur-api 4.31.0 → 5.0.0.rc1

data/spec/lib/role_spec.rb

@@ -1,231 +0,0 @@
-require 'spec_helper'
-require 'standard_methods_helper'
-
-describe Conjur::Role, api: :dummy do
-  let(:account) { "the-account" }
-  let(:kind) { "test" }
-  let(:url) { "#{authz_host}/#{account}/roles/#{kind}/#{id}" }
-  let(:role) { Conjur::Role.new url }
-  subject { role }
-
-  describe ".new" do
-    context "with plain id" do
-      let(:id) { "foo" }
-
-      describe '#options' do
-        subject { super().options }
-        it {}
-      end
-
-      describe '#kind' do
-        subject { super().kind }
-        it { is_expected.to eq(kind) }
-      end
-
-      describe '#id' do
-        subject { super().id }
-        it { is_expected.to eq(id) }
-      end
-    end
-
-    context "with more complex id" do
-      let(:id) { "foo/bar" }
-
-      describe '#kind' do
-        subject { super().kind }
-        it { is_expected.to eq(kind) }
-      end
-
-      describe '#id' do
-        subject { super().id }
-        it { is_expected.to eq(id) }
-      end
-    end
-  end
-
-  let(:id) { "role/id" }
-
-  describe "#grant_to" do
-    it "should take hash as the second argument and put it" do
-      members = double "members request"
-      expect(subject).to receive(:[]).with('?members&member=other').and_return(members)
-      expect(members).to receive(:put).with admin_option: true
-      subject.grant_to "other", admin_option: true
-    end
-
-    it "works without arguments" do
-      members = double "members request"
-      expect(subject).to receive(:[]).with('?members&member=other').and_return(members)
-      expect(members).to receive(:put).with({})
-      subject.grant_to "other"
-    end
-
-    it "converts an object to roleid" do
-      members = double "members request"
-      expect(subject).to receive(:[]).with('?members&member=other').and_return(members)
-      expect(members).to receive(:put).with({})
-      require 'ostruct'
-      subject.grant_to OpenStruct.new(roleid: "other")
-    end
-
-    it "converts an Array to roleid" do
-      members = double "members request"
-      expect(subject).to receive(:[]).with('?members&member=other').and_return(members)
-      expect(members).to receive(:put).with({})
-      subject.grant_to %w(other)
-    end
-  end
-
-  describe '#create' do
-    it 'simply puts' do
-      expect_request(
-        method: :put,
-        url: url,
-        payload: {},
-        headers: {}
-      )
-      role.create
-    end
-  end
-
-  describe '#all' do
-    it 'returns roles for ids got from ?all' do
-      roles = ['foo:k:bar', 'baz:k:xyzzy'] 
-      expect_request(
-        method: :get,
-        url: role.url + "/?all=true",
-        headers: {}
-      ).and_return roles.to_json
-      all = role.all
-      expect(all[0].account).to eq('foo')
-      expect(all[0].id).to eq('bar')
-      expect(all[1].account).to eq('baz')
-      expect(all[1].id).to eq('xyzzy')
-    end
-
-    it "handles 'count' parameter" do
-      expect_request(
-        method: :get,
-        url: role.url + "/?all=true&count=true",
-        headers: {}
-      ).and_return({count: 12}.to_json)
-      expect(role.all(count: true)).to eq(12)
-    end
-
-    describe "direct memberships" do
-      it 'routes to ?memberships' do
-        expect_request(
-          method: :get,
-          url: role.url + "/?memberships=true",
-          headers: {}
-        ).and_return("[]")
-        role.all(recursive: false)
-      end
-    end
-    
-    describe "filter param" do
-      it "applies #cast to the filter" do
-        filter = %w(foo bar)
-        filter.each{ |e| expect(subject).to receive(:cast).with(e, :roleid).and_return e }
-        allow(RestClient::Request).to receive_messages execute: [].to_json
-        role.all filter: filter
-      end
-      
-      def self.it_passes_the_filter_as(query_string)
-        it "calls ?all&#{query_string}" do
-          expect_request(
-            method: :get,
-            url: role.url + "/?all=true&#{query_string}",
-            headers:{}
-          ).and_return([].to_json)
-          role.all filter: filter
-        end
-      end
-      
-      context "when a string" do
-        let(:filter){ 'string' }
-        it_passes_the_filter_as ['string'].to_query('filter')
-      end
-
-      context "when an array" do
-        let(:filter){ ['foo', 'bar'] }
-        it_passes_the_filter_as ['foo', 'bar'].to_query('filter')
-      end
-    end
-
-  end
-  
-  describe '#member_of?' do
-    it 'calls #all with :filter=>id and returns true if the result is non-empty' do
-      expect(role).to receive(:all).with(filter: 'the filter').and_return ['an id']
-      expect(role.member_of?('the filter')).to be_truthy
-      expect(role).to receive(:all).with(filter: 'the filter').and_return []
-      expect(role.member_of?('the filter')).to be_falsey
-    end
-    
-    it "accepts a Role" do
-      other = double('Role', roleid: 'foo')
-      expect(role).to receive(:all).with(filter: other.roleid).and_return []
-      role.member_of?(other)
-    end
-  end
-
-  describe '#revoke_from' do
-    it 'deletes member' do
-      expect_request(
-        method: :delete,
-        url: role.url + "/?members&member=the-member",
-        headers: {}
-      )
-      role.revoke_from 'the-member'
-    end
-  end
-
-  describe '#permitted?' do
-    before do
-      allow_request(
-        method: :get,
-        url: role.url + "/?check&resource_id=chunky:bacon&privilege=fry",
-        headers: {}
-      ) { result }
-    end
-
-    context "when get ?check is successful" do
-      let(:result) { :ok }
-      it "returns true" do
-        expect(role.permitted?('chunky:bacon', 'fry')).to be_truthy
-      end
-    end
-
-    context "when get ?check not found" do
-      let(:result) { raise RestClient::ResourceNotFound, 'foo' }
-      it "returns false" do
-        expect(role.permitted?('chunky:bacon', 'fry')).to be_falsey
-      end
-    end
-  end
-
-  describe '#members' do
-    it "can count the grants" do
-      expect_request(
-        method: :get,
-        url: role.url + "/?count=true&members=true"
-      ).and_return({count: 12}.to_json)
-
-      expect(subject.members(count: true)).to eq(12)
-    end
-
-    it "gets ?members and turns each into RoleGrant" do
-      grants = %w(foo bar)
-      expect_request(
-        method: :get,
-        url: role.url + "/?members=true"
-      ).and_return grants.to_json
-      grants.each do |g|
-        expect(Conjur::RoleGrant).to receive(:parse_from_json).with(g, anything).and_return g
-      end
-
-      expect(subject.members).to eq(grants)
-    end
-  end
-end

data/spec/lib/standard_methods_spec.rb

@@ -1,66 +0,0 @@
-require 'spec_helper'
-
-describe Conjur::StandardMethods do
-  let(:credentials) { "whatever" }
-  subject { double("class", credentials: credentials, log: nil) }
-  let(:host) { 'http://example.com' }
-  let(:type) { :widget }
-
-  let(:rest_resource) { double "rest base resource" }
-  let(:subresource) { double "rest subresource" }
-
-  let(:widget_class) { double "widget class" }
-
-  before do
-    subject.extend Conjur::StandardMethods
-    allow(subject).to receive(:fully_escape){|x|x}
-    allow(RestClient::Resource).to receive(:new).with(host, credentials).and_return rest_resource
-    allow(rest_resource).to receive(:[]).with('widgets').and_return subresource
-    stub_const 'Conjur::Widget', widget_class
-  end
-
-  describe '#standard_create' do
-    let(:id) { "some-id" }
-    let(:options) {{ foo: 'bar', baz: 'xyzzy' }}
-
-    let(:response) { double "response" }
-    let(:widget) { double "widget" }
-
-    before do
-      allow(subresource).to receive(:post).with(options.merge(id: id)).and_return response
-      allow(widget_class).to receive(:build_from_response).with(response, credentials).and_return widget
-    end
-
-    it "uses restclient to post data and creates an object of the response" do
-      expect(subject.send(:standard_create, host, type, id, options)).to eq(widget)
-    end
-  end
-
-  describe '#standard_list' do
-    let(:attrs) {[{id: 'one', foo: 'bar'}, {id: 'two', foo: 'pub'}]}
-    let(:options) {{ foo: 'bar', baz: 'xyzzy' }}
-    let(:json) { attrs.to_json }
-
-    before do
-      allow(subresource).to receive(:get).with(options).and_return json
-    end
-
-    it "gets the list, then builds objects from json response" do
-      expect(subject).to receive(:widget).with('one').and_return(one = double)
-      expect(one).to receive(:attributes=).with(attrs[0].stringify_keys)
-      expect(subject).to receive(:widget).with('two').and_return(two = double)
-      expect(two).to receive(:attributes=).with(attrs[1].stringify_keys)
-
-      expect(subject.send(:standard_list, host, type, options)).to eq([one, two])
-    end
-  end
-
-  describe "#standard_show" do
-    let(:id) { "some-id" }
-    it "builds a path and returns indexed object" do
-      allow(widget_class).to receive(:new).with(host, credentials).and_return(bound = double)
-      allow(bound).to receive(:[]) { |x| "path: #{x}" }
-      expect(subject.send(:standard_show, host, type, id)).to eq("path: widgets/some-id")
-    end
-  end
-end

data/spec/lib/user_spec.rb

@@ -1,77 +0,0 @@
-require 'spec_helper'
-
-describe Conjur::User do
-  context "#new" do
-    let(:login) { 'the-login' }
-    let(:url) { "https://example.com/users/#{login}" }
-    let(:api_key) { 'the-api-key' }
-    let(:credentials) { { user: login, password: api_key } }
-    let(:user) { Conjur::User.new(url, credentials)}
-    describe "attributes" do
-      subject { user }
-
-      describe '#id' do
-        subject { super().id }
-        it { is_expected.to eq(login) }
-      end
-
-      describe '#login' do
-        subject { super().login }
-        it { is_expected.to eq(login) }
-      end
-
-      describe '#resource_id' do
-        subject { super().resource_id }
-        it { is_expected.to eq(login) }
-      end
-
-      describe '#resource_kind' do
-        subject { super().resource_kind }
-        it { is_expected.to eq("user") }
-      end
-
-      describe '#options' do
-        subject { super().options }
-        it { is_expected.to match(hash_including credentials) }
-      end
-
-      describe '#roleid' do
-        it "gets account name from server info" do
-          allow(Conjur::Core::API).to receive_messages conjur_account: 'test-account'
-          expect(subject.roleid).to eq "test-account:user:#{login}"
-        end
-      end
-    end
-    it "connects to a Resource" do
-      require 'conjur/resource'
-      expect(Conjur::Core::API).to receive(:conjur_account).and_return 'ci'
-      expect(Conjur::Resource).to receive(:new).with(
-        Conjur::Authz::API.host, hash_including(credentials)
-      ).and_return resource = double(:resource)
-      expect(resource).to receive(:[]).with("ci/resources/user/the-login")
-      
-      user.resource
-    end
-    it "connects to a Role" do
-      require 'conjur/role'
-      expect(Conjur::Core::API).to receive(:conjur_account).and_return 'ci'
-      expect(Conjur::Role).to receive(:new).with(
-        Conjur::Authz::API.host, hash_including(credentials)
-      ).and_return role = double(:role)
-      expect(role).to receive(:[]).with("ci/roles/user/the-login")
-      
-      user.role
-    end
-  end
-
-  describe '#update', api: :dummy do
-    subject(:user) { api.user username }
-    it "calls set_cidr_restrictions if given CIDR" do
-      expect(user).to receive(:set_cidr_restrictions).with(['192.0.2.0/24'])
-      user.update cidr: ['192.0.2.0/24']
-
-      expect(user).to_not receive(:set_cidr_restrictions)
-      user.update foo: 42
-    end
-  end
-end

data/spec/standard_methods_helper.rb

@@ -1,41 +0,0 @@
-require 'helpers/request_helpers'
-shared_context api: :dummy do
-  include RequestHelpers
-
-  RSpec::Matchers.define :call_standard_create_with do |type, id, options|
-    match do |block|
-      expect(subject).to receive(:standard_create).with(
-        core_host, type, id, options
-      ).and_return :response
-      expect(block[]).to eq(:response)
-    end
-
-    supports_block_expectations
-  end
-
-  subject { api }
-end
-
-shared_examples_for 'standard_create with' do |type, id, options|
-  it "calls through to standard_create" do
-    expect { invoke }.to call_standard_create_with type, id, options
-  end
-end
-
-shared_examples_for 'standard_list with' do |type, options|
-  it "calls through to standard_list" do
-    expect(subject).to receive(:standard_list).with(
-      core_host, type, options
-    ).and_return :response
-    expect(invoke).to eq(:response)
-  end
-end
-
-shared_examples_for 'standard_show with' do |type, id|
-  it "calls through to standard_show" do
-    expect(subject).to receive(:standard_show).with(
-      core_host, type, id
-    ).and_return :response
-    expect(invoke).to eq(:response)
-  end
-end

data/spec/variable_spec.rb

@@ -1,101 +0,0 @@
-require 'spec_helper'
-require 'helpers/request_helpers'
-
-describe Conjur::Variable do
-  include RequestHelpers
-  let(:url) { "http://example.com/variable" }
-  subject(:variable) { Conjur::Variable.new url }
-
-  before { subject.attributes = {'version_count' => 42} }
-
-  describe '#version_count' do
-    it "is read from the attributes" do
-      expect(variable.version_count).to eq(42)
-    end
-  end
-
-  describe '#add_value' do
-    it "posts the new value" do
-      expect_request(
-        method: :post,
-        url: "#{url}/values",
-        payload: { value: 'new-value' },
-        headers: {}
-      )
-      subject.add_value 'new-value'
-    end
-  end
-
-  describe '#value' do
-    it "gets the value" do
-      allow_request(
-        method: :get,
-        url: "#{url}/value",
-        headers: {}
-      ).and_return(double "response", body: "the-value")
-      expect(subject.value).to eq("the-value")
-    end
-
-    it "parameterizes the request with a version" do
-      allow_request(
-        method: :get,
-        url: "#{url}/value?version=42",
-        headers: {}
-      ).and_return(double "response", body: "the-value")
-      expect(subject.value(42)).to eq("the-value")
-    end
-
-    it 'will show the latest expired version' do
-      allow_request(
-        :method => :get,
-        :url => "#{url}/value?show_expired=true",
-        :headers => {}
-        ).and_return(double('response', :body => 'the-value'))
-      expect(subject.value(nil, :show_expired => true)).to eq('the-value')
-    end
-    
-    it 'will show some other version, even if expired' do
-      allow_request(
-        :method => :get,
-        # Hash.to_query (used to build the query string for this
-        # request) sorts the params into lexicographic order
-        :url => "#{url}/value?show_expired=true&version=42",
-        :headers => {}
-        ).and_return(double('response', :body => 'the-value'))
-      expect(subject.value(42, :show_expired => true)).to eq('the-value')
-    end
-
-  end
-
-  describe '#expire' do
-    context 'when duration is a number of seconds' do
-      let (:expiration) { 2.weeks }
-      it 'posts the expiration' do
-        expect_request(
-          :method => :post,
-          :url => "#{url}/expiration",
-          :payload => { :duration => "PT#{expiration.to_i}S" },
-          :headers => {}
-          ).and_return(double('response', :body => '{}'))
-        
-        subject.expires_in expiration
-      end
-    end
-
-    context 'when duration is an ISO8601 duration' do
-      let (:expiration) { "P2W" }
-      it 'posts the expiration' do
-        expect_request(
-          :method => :post,
-          :url => "#{url}/expiration",
-          :payload => { :duration => "P2W" },
-          :headers => {}
-          ).and_return(double('response', :body => '{}'))
-        
-        subject.expires_in expiration
-      end
-    end
-
-  end
-
-end

data/spec/vcr_cassettes/Conjur_Resource/_create/with_path-like_identifier.yml

@@ -1,87 +0,0 @@
----
-http_interactions:
-- request:
-    method: put
-    uri: http://admin:%5E6feWZpr@localhost:5100/spec/ddd1f59a-494d-48fb-b045-0374c4a6eef9%2Fxxx
-    body:
-      encoding: ASCII-8BIT
-      string: !binary ""
-    headers:
-      Accept:
-      - ! '*/*; q=0.5, application/xml'
-      Accept-Encoding:
-      - gzip, deflate
-      Content-Type:
-      - application/x-www-form-urlencoded
-      Content-Length:
-      - '0'
-      User-Agent:
-      - Ruby
-  response:
-    status:
-      code: 200
-      message: ! 'OK '
-    headers:
-      Content-Type:
-      - text/html; charset=utf-8
-      Cache-Control:
-      - no-cache
-      X-Request-Id:
-      - 98704b39989fbbf3466b5be63ab9149b
-      X-Runtime:
-      - '0.089084'
-      Server:
-      - WEBrick/1.3.1 (Ruby/1.9.3/2012-11-10)
-      Date:
-      - Wed, 30 Jan 2013 18:17:15 GMT
-      Content-Length:
-      - '0'
-      Connection:
-      - Keep-Alive
-    body:
-      encoding: US-ASCII
-      string: ''
-    http_version: 
-  recorded_at: Wed, 30 Jan 2013 18:17:15 GMT
-- request:
-    method: head
-    uri: http://admin:%5E6feWZpr@localhost:5100/spec/ddd1f59a-494d-48fb-b045-0374c4a6eef9%2Fxxx
-    body:
-      encoding: US-ASCII
-      string: ''
-    headers:
-      Accept:
-      - ! '*/*; q=0.5, application/xml'
-      Accept-Encoding:
-      - gzip, deflate
-      User-Agent:
-      - Ruby
-  response:
-    status:
-      code: 200
-      message: ! 'OK '
-    headers:
-      Content-Type:
-      - application/json; charset=utf-8
-      Etag:
-      - ! '"6b15850e72c52c9bc10b0f67349774c9"'
-      Cache-Control:
-      - max-age=0, private, must-revalidate
-      X-Request-Id:
-      - 28a81334baa7bf4aedf12a56a0e294c7
-      X-Runtime:
-      - '0.088457'
-      Server:
-      - WEBrick/1.3.1 (Ruby/1.9.3/2012-11-10)
-      Date:
-      - Wed, 30 Jan 2013 18:17:15 GMT
-      Content-Length:
-      - '0'
-      Connection:
-      - Keep-Alive
-    body:
-      encoding: US-ASCII
-      string: ''
-    http_version: 
-  recorded_at: Wed, 30 Jan 2013 18:17:15 GMT
-recorded_with: VCR 2.3.0

data/spec/vcr_cassettes/Conjur_Resource/_create/with_un-encoded_path-like_identifier.yml

@@ -1,87 +0,0 @@
----
-http_interactions:
-- request:
-    method: put
-    uri: http://admin:%5E6feWZpr@localhost:5100/spec/ddd1f59a-494d-48fb-b045-0374c4a6eef9%2F+%3F!!%3F+%2Fxxx
-    body:
-      encoding: ASCII-8BIT
-      string: !binary ""
-    headers:
-      Accept:
-      - ! '*/*; q=0.5, application/xml'
-      Accept-Encoding:
-      - gzip, deflate
-      Content-Type:
-      - application/x-www-form-urlencoded
-      Content-Length:
-      - '0'
-      User-Agent:
-      - Ruby
-  response:
-    status:
-      code: 200
-      message: ! 'OK '
-    headers:
-      Content-Type:
-      - text/html; charset=utf-8
-      Cache-Control:
-      - no-cache
-      X-Request-Id:
-      - 9b6cc33f59907307da678452e0e3faa4
-      X-Runtime:
-      - '0.086922'
-      Server:
-      - WEBrick/1.3.1 (Ruby/1.9.3/2012-11-10)
-      Date:
-      - Wed, 30 Jan 2013 18:17:15 GMT
-      Content-Length:
-      - '0'
-      Connection:
-      - Keep-Alive
-    body:
-      encoding: US-ASCII
-      string: ''
-    http_version: 
-  recorded_at: Wed, 30 Jan 2013 18:17:15 GMT
-- request:
-    method: head
-    uri: http://admin:%5E6feWZpr@localhost:5100/spec/ddd1f59a-494d-48fb-b045-0374c4a6eef9%2F+%3F!!%3F+%2Fxxx
-    body:
-      encoding: US-ASCII
-      string: ''
-    headers:
-      Accept:
-      - ! '*/*; q=0.5, application/xml'
-      Accept-Encoding:
-      - gzip, deflate
-      User-Agent:
-      - Ruby
-  response:
-    status:
-      code: 200
-      message: ! 'OK '
-    headers:
-      Content-Type:
-      - application/json; charset=utf-8
-      Etag:
-      - ! '"efa2bc5554b480a61948855b3b06a97e"'
-      Cache-Control:
-      - max-age=0, private, must-revalidate
-      X-Request-Id:
-      - 9790615667d793e342ac1ece26a0bbde
-      X-Runtime:
-      - '0.089211'
-      Server:
-      - WEBrick/1.3.1 (Ruby/1.9.3/2012-11-10)
-      Date:
-      - Wed, 30 Jan 2013 18:17:15 GMT
-      Content-Length:
-      - '0'
-      Connection:
-      - Keep-Alive
-    body:
-      encoding: US-ASCII
-      string: ''
-    http_version: 
-  recorded_at: Wed, 30 Jan 2013 18:17:15 GMT
-recorded_with: VCR 2.3.0