conjur-api 4.4.1 → 4.6.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -3,10 +3,10 @@ require File.expand_path('../lib/conjur-api/version', __FILE__)
3
3
 
4
4
  Gem::Specification.new do |gem|
5
5
  gem.authors = ["Rafa\305\202 Rzepecki","Kevin Gilpin"]
6
- gem.email = ["divided.mind@gmail.com","kgilpin@conjur.net"]
6
+ gem.email = ["rafal@conjur.net","kgilpin@conjur.net"]
7
7
  gem.description = %q{Conjur API}
8
8
  gem.summary = %q{Conjur API}
9
- gem.homepage = ""
9
+ gem.homepage = "https://github.com/conjurinc/api-ruby/"
10
10
  gem.license = "MIT"
11
11
 
12
12
  gem.files = `git ls-files`.split($\) + Dir['build_number']
@@ -20,6 +20,6 @@
20
20
  #
21
21
  module Conjur
22
22
  class API
23
- VERSION = "4.4.1"
23
+ VERSION = "4.6.0"
24
24
  end
25
25
  end
@@ -18,6 +18,7 @@
18
18
  # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19
19
  # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
20
  #
21
+ require 'conjur/cast'
21
22
  require 'conjur/configuration'
22
23
  require 'conjur/env'
23
24
  require 'conjur/base'
@@ -39,8 +40,9 @@ require 'conjur-api/version'
39
40
  class RestClient::Resource
40
41
  include Conjur::Escape
41
42
  include Conjur::LogSource
43
+ include Conjur::Cast
42
44
  extend Conjur::BuildFromResponse
43
-
45
+
44
46
  def core_conjur_account
45
47
  Conjur::Core::API.conjur_account
46
48
  end
@@ -49,11 +51,6 @@ class RestClient::Resource
49
51
  {}
50
52
  end
51
53
 
52
- def path_components
53
- require 'uri'
54
- URI.parse(self.url).path.split('/').map{|e| URI.unescape e}
55
- end
56
-
57
54
  def username
58
55
  options[:user] || options[:username]
59
56
  end
@@ -21,7 +21,7 @@ module Conjur
21
21
  class API
22
22
  # Return audit events related to the given role_id. Identitical to audit_events
23
23
  # except that a String may be given instead of a Role object.
24
- # @param role_id [String] the role for which events should be returned.
24
+ # @param role [String] the role for which events should be returned.
25
25
  def audit_role role, options={}
26
26
  audit_event_feed 'role', (role.roleid rescue role), options
27
27
  end
@@ -22,7 +22,7 @@ require 'conjur/deputy'
22
22
 
23
23
  module Conjur
24
24
  class API
25
- def create_deputy options
25
+ def create_deputy options = {}
26
26
  standard_create Conjur::Core::API.host, :deputy, nil, options
27
27
  end
28
28
 
@@ -37,7 +37,7 @@ module Conjur
37
37
  end
38
38
  end
39
39
 
40
- def create_host options
40
+ def create_host options = {}
41
41
  standard_create Conjur::Core::API.host, :host, nil, options
42
42
  end
43
43
 
@@ -0,0 +1,42 @@
1
+ #
2
+ # Copyright (C) 2013 Conjur Inc
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining a copy of
5
+ # this software and associated documentation files (the "Software"), to deal in
6
+ # the Software without restriction, including without limitation the rights to
7
+ # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
8
+ # the Software, and to permit persons to whom the Software is furnished to do so,
9
+ # subject to the following conditions:
10
+ #
11
+ # The above copyright notice and this permission notice shall be included in all
12
+ # copies or substantial portions of the Software.
13
+ #
14
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
16
+ # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
17
+ # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
18
+ # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19
+ # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
+ #
21
+ module Conjur
22
+ module Cast
23
+ protected
24
+
25
+ def cast(obj, kind)
26
+ case kind
27
+ when :roleid, :resourceid
28
+ if obj.is_a?(String)
29
+ obj
30
+ elsif obj.is_a?(Array)
31
+ obj.join(':')
32
+ elsif obj.respond_to?(kind)
33
+ obj.send(kind)
34
+ else
35
+ raise "I don't know how to cast a #{obj.class} to a #{kind}"
36
+ end
37
+ else
38
+ raise "I don't know how to convert things to a #{kind}"
39
+ end
40
+ end
41
+ end
42
+ end
@@ -106,14 +106,14 @@ module Conjur
106
106
  end
107
107
 
108
108
  add_option :core_url do
109
- account_service_url 'core', 200
109
+ default_service_url 'core', 200
110
110
  end
111
111
 
112
112
  add_option :audit_url do
113
113
  global_service_url 'audit', 300
114
114
  end
115
115
 
116
- add_option :service_url
116
+ add_option :appliance_url
117
117
 
118
118
  add_option :service_base_port, default: 5000
119
119
 
@@ -135,8 +135,8 @@ module Conjur
135
135
  private
136
136
 
137
137
  def global_service_url(service_name, service_port_offset)
138
- if service_url
139
- URI.join(service_url, service_name).to_s
138
+ if appliance_url
139
+ URI.join(appliance_url + '/', service_name).to_s
140
140
  else
141
141
  case env
142
142
  when 'test', 'development'
@@ -148,8 +148,8 @@ module Conjur
148
148
  end
149
149
 
150
150
  def account_service_url(service_name, service_port_offset)
151
- if service_url
152
- URI.join(service_url, "/#{service_name}/", account).to_s
151
+ if appliance_url
152
+ URI.join(appliance_url + '/', service_name).to_s
153
153
  else
154
154
  case env
155
155
  when 'test', 'development'
@@ -160,6 +160,14 @@ module Conjur
160
160
  end
161
161
  end
162
162
 
163
+ def default_service_url(service_name, service_port_offset)
164
+ if appliance_url
165
+ appliance_url
166
+ else
167
+ account_service_url(service_name, service_port_offset)
168
+ end
169
+ end
170
+
163
171
  def supplied
164
172
  @supplied ||= {}
165
173
  end
@@ -25,7 +25,7 @@ module Conjur
25
25
  end
26
26
 
27
27
  def id
28
- path_components[2..-1].join('/')
28
+ URI.unescape self.url.split('/')[-1]
29
29
  end
30
30
  end
31
31
  end
@@ -31,9 +31,11 @@ module Conjur
31
31
  protected
32
32
 
33
33
  def match_path(range)
34
- require 'uri'
35
- tokens = URI.parse(self.url).path[1..-1].split('/')[range]
36
- tokens.map{|t| URI.unescape(t)}.join('/')
34
+ tokens[range].map{|t| URI.unescape(t)}.join('/')
35
+ end
36
+
37
+ def tokens
38
+ self.url[RestClient::Resource.new(Conjur::Authz::API.host)[''].url.length..-1].split('/')
37
39
  end
38
40
  end
39
41
  end
@@ -52,6 +52,7 @@ module Conjur
52
52
 
53
53
  # Changes the owner of a resource
54
54
  def give_to(owner, options = {})
55
+ owner = cast(owner, :roleid)
55
56
  self.put(options.merge(owner: owner))
56
57
  end
57
58
 
@@ -66,6 +67,7 @@ module Conjur
66
67
  end
67
68
 
68
69
  def permit(privilege, role, options = {})
70
+ role = cast(role, :roleid)
69
71
  eachable(privilege).each do |p|
70
72
  log do |logger|
71
73
  logger << "Permitting #{p} on resource #{kind}:#{identifier} by #{role}"
@@ -84,6 +86,7 @@ module Conjur
84
86
  end
85
87
 
86
88
  def deny(privilege, role, options = {})
89
+ role = cast(role, :roleid)
87
90
  eachable(privilege).each do |p|
88
91
  log do |logger|
89
92
  logger << "Denying #{p} on resource #{kind}:#{identifier} by #{role}"
@@ -50,6 +50,7 @@ module Conjur
50
50
 
51
51
  if filter = options.delete(:filter)
52
52
  filter = [filter] unless filter.is_a?(Array)
53
+ filter.map!{ |obj| cast(obj, :roleid) }
53
54
  (query_string << "&" << filter.to_query("filter")) unless filter.empty?
54
55
  end
55
56
  JSON.parse(self[query_string].get(options)).collect do |id|
@@ -58,10 +59,12 @@ module Conjur
58
59
  end
59
60
 
60
61
  def member_of?(other_role)
61
- not all(filter: (other_role.roleid rescue other_role)).empty?
62
+ other_role = cast(other_role, :roleid)
63
+ not all(filter: other_role).empty?
62
64
  end
63
65
 
64
66
  def grant_to(member, options={})
67
+ member = cast(member, :roleid)
65
68
  log do |logger|
66
69
  logger << "Granting role #{identifier} to #{member}"
67
70
  unless options.blank?
@@ -72,6 +75,7 @@ module Conjur
72
75
  end
73
76
 
74
77
  def revoke_from(member, options = {})
78
+ member = cast(member, :roleid)
75
79
  log do |logger|
76
80
  logger << "Revoking role #{identifier} from #{member}"
77
81
  unless options.empty?
@@ -81,9 +85,10 @@ module Conjur
81
85
  self["?members&member=#{query_escape member}"].delete(options)
82
86
  end
83
87
 
84
- def permitted?(resource_id, privilege, options = {})
88
+ def permitted?(resource, privilege, options = {})
89
+ resource = cast(resource, :resourceid)
85
90
  # NOTE: in previous versions there was 'kind' passed separately. Now it is part of id
86
- self["?check&resource_id=#{query_escape resource_id}&privilege=#{query_escape privilege}"].get(options)
91
+ self["?check&resource_id=#{query_escape resource}&privilege=#{query_escape privilege}"].get(options)
87
92
  true
88
93
  rescue RestClient::ResourceNotFound
89
94
  false
@@ -22,13 +22,13 @@ describe Conjur::Configuration do
22
22
  before {
23
23
  Conjur::Configuration.any_instance.stub(:account).and_return "the-account"
24
24
  }
25
- context "with service_url" do
25
+ context "with appliance_url" do
26
26
  before {
27
- Conjur::Configuration.any_instance.stub(:service_url).and_return "http://example.com"
27
+ Conjur::Configuration.any_instance.stub(:appliance_url).and_return "http://example.com"
28
28
  }
29
- its(:authn_url) { should == "http://example.com/authn/the-account" }
29
+ its(:authn_url) { should == "http://example.com/authn" }
30
30
  end
31
- context "without service_url" do
31
+ context "without appliance_url" do
32
32
  its(:authn_url) { should == "https://authn-the-account-conjur.herokuapp.com" }
33
33
  end
34
34
  end
@@ -36,13 +36,13 @@ describe Conjur::Configuration do
36
36
  before {
37
37
  Conjur::Configuration.any_instance.stub(:account).and_return "the-account"
38
38
  }
39
- context "with service_url" do
39
+ context "with appliance_url" do
40
40
  before {
41
- Conjur::Configuration.any_instance.stub(:service_url).and_return "http://example.com"
41
+ Conjur::Configuration.any_instance.stub(:appliance_url).and_return "http://example.com"
42
42
  }
43
43
  its(:authz_url) { should == "http://example.com/authz" }
44
44
  end
45
- context "without service_url" do
45
+ context "without appliance_url" do
46
46
  its(:authz_url) { should == "https://authz-v4-conjur.herokuapp.com" }
47
47
  context "with specific stack" do
48
48
  before { Conjur::Configuration.any_instance.stub(:stack).and_return "the-stack" }
@@ -53,33 +53,47 @@ describe Conjur::Configuration do
53
53
  end
54
54
  context "CONJUR_ENV = 'test'" do
55
55
  its(:env) { should == "test" }
56
+ before {
57
+ Conjur::Configuration.any_instance.stub(:account).and_return "the-account"
58
+ }
56
59
  describe 'authn_url' do
57
- before {
58
- Conjur::Configuration.any_instance.stub(:account).and_return "the-account"
59
- }
60
- context "with service_url" do
60
+ context "with appliance_url hostname" do
61
61
  before {
62
- Conjur::Configuration.any_instance.stub(:service_url).and_return "http://example.com"
62
+ Conjur::Configuration.any_instance.stub(:appliance_url).and_return "http://example.com"
63
63
  }
64
- its(:authn_url) { should == "http://example.com/authn/the-account" }
64
+ its(:authn_url) { should == "http://example.com/authn" }
65
65
  end
66
- context "without service_url" do
66
+ context "with appliance_url hostname and non-trailing-slash path" do
67
+ before {
68
+ Conjur::Configuration.any_instance.stub(:appliance_url).and_return "http://example.com/api"
69
+ }
70
+ its(:authn_url) { should == "http://example.com/api/authn" }
71
+ end
72
+ context "without appliance_url" do
67
73
  its(:authn_url) { should == "http://localhost:5000" }
68
74
  end
69
75
  end
70
76
  describe 'authz_url' do
71
- before {
72
- Conjur::Configuration.any_instance.stub(:account).and_return "the-account"
73
- }
74
- context "with service_url" do
77
+ context "with appliance_url" do
75
78
  before {
76
- Conjur::Configuration.any_instance.stub(:service_url).and_return "http://example.com"
79
+ Conjur::Configuration.any_instance.stub(:appliance_url).and_return "http://example.com/api/"
77
80
  }
78
- its(:authz_url) { should == "http://example.com/authz" }
81
+ its(:authz_url) { should == "http://example.com/api/authz" }
79
82
  end
80
- context "without service_url" do
83
+ context "without appliance_url" do
81
84
  its(:authz_url) { should == "http://localhost:5100" }
82
85
  end
83
86
  end
87
+ describe 'core_url' do
88
+ context "with appliance_url" do
89
+ before {
90
+ Conjur::Configuration.any_instance.stub(:appliance_url).and_return "http://example.com/api"
91
+ }
92
+ its(:core_url) { should == "http://example.com/api" }
93
+ end
94
+ context "without appliance_url" do
95
+ its(:core_url) { should == "http://localhost:5200" }
96
+ end
97
+ end
84
98
  end
85
99
  end
@@ -1,7 +1,7 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Conjur::Deputy, api: :dummy do
4
- subject { Conjur::Deputy.new 'http://example.com/deputies/my/hostname', nil }
4
+ subject { Conjur::Deputy.new 'http://example.com/deputies/my%2Fhostname', nil }
5
5
 
6
6
  its(:resource) { should be }
7
7
  its(:login) { should == 'deputy/my/hostname' }
@@ -1,13 +1,13 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Conjur::Host, api: :dummy do
4
- subject { Conjur::Host.new 'http://example.com/hosts/my/hostname', nil }
4
+ subject { Conjur::Host.new 'http://example.com/hosts/my%2Fhostname', nil }
5
5
 
6
6
  its(:resource) { should be }
7
7
  its(:login) { should == 'host/my/hostname' }
8
8
 
9
9
  it "fetches enrollment_url" do
10
- stub_request(:head, "http://example.com/hosts/my/hostname/enrollment_url").
10
+ stub_request(:head, "http://example.com/hosts/my%2Fhostname/enrollment_url").
11
11
  to_return(:status => 200, :headers => {location: 'foo'})
12
12
  subject.enrollment_url.should == 'foo'
13
13
  end
@@ -11,7 +11,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
11
11
  context "Object with an #id" do
12
12
  let(:kind) { "host" }
13
13
  let(:identifier) do
14
- Conjur::Host.new("#{Conjur::Core::API.host}/hosts/foobar", {})
14
+ "foobar"
15
15
  end
16
16
  it "identifier should obtained from the id" do
17
17
  resource.identifier.should == "foobar"
@@ -39,6 +39,20 @@ describe Conjur::Role, api: :dummy do
39
39
  subject.grant_to "other"
40
40
  end
41
41
 
42
+ it "converts an object to roleid" do
43
+ members = double "members request"
44
+ subject.should_receive(:[]).with('?members&member=other').and_return(members)
45
+ members.should_receive(:put).with({})
46
+ require 'ostruct'
47
+ subject.grant_to OpenStruct.new(roleid: "other")
48
+ end
49
+
50
+ it "converts an Array to roleid" do
51
+ members = double "members request"
52
+ subject.should_receive(:[]).with('?members&member=other').and_return(members)
53
+ members.should_receive(:put).with({})
54
+ subject.grant_to %w(other)
55
+ end
42
56
  end
43
57
 
44
58
  describe '#create' do
@@ -68,8 +82,14 @@ describe Conjur::Role, api: :dummy do
68
82
  all[1].id.should == 'xyzzy'
69
83
  end
70
84
 
71
-
72
85
  describe "filter param" do
86
+ it "applies #cast to the filter" do
87
+ filter = %w(foo bar)
88
+ filter.each{ |e| subject.should_receive(:cast).with(e, :roleid).and_return e }
89
+ RestClient::Request.stub execute: [].to_json
90
+ role.all filter: filter
91
+ end
92
+
73
93
  def self.it_passes_the_filter_as(query_string)
74
94
  it "calls ?all&#{query_string}" do
75
95
  RestClient::Request.should_receive(:execute).with(
@@ -80,6 +100,7 @@ describe Conjur::Role, api: :dummy do
80
100
  role.all filter: filter
81
101
  end
82
102
  end
103
+
83
104
  context "when a string" do
84
105
  let(:filter){ 'string' }
85
106
  it_passes_the_filter_as ['string'].to_query('filter')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: conjur-api
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.4.1
4
+ version: 4.6.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2013-12-24 00:00:00.000000000 Z
13
+ date: 2014-01-11 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: rest-client
@@ -190,7 +190,7 @@ dependencies:
190
190
  version: '0'
191
191
  description: Conjur API
192
192
  email:
193
- - divided.mind@gmail.com
193
+ - rafal@conjur.net
194
194
  - kgilpin@conjur.net
195
195
  executables: []
196
196
  extensions: []
@@ -230,6 +230,7 @@ files:
230
230
  - lib/conjur/authz-api.rb
231
231
  - lib/conjur/base.rb
232
232
  - lib/conjur/build_from_response.rb
233
+ - lib/conjur/cast.rb
233
234
  - lib/conjur/configuration.rb
234
235
  - lib/conjur/core-api.rb
235
236
  - lib/conjur/deputy.rb
@@ -276,14 +277,13 @@ files:
276
277
  - spec/lib/role_spec.rb
277
278
  - spec/lib/standard_methods_spec.rb
278
279
  - spec/lib/user_spec.rb
279
- - spec/rest_client/resource_spec.rb
280
280
  - spec/spec_helper.rb
281
281
  - spec/standard_methods_helper.rb
282
282
  - spec/variable_spec.rb
283
283
  - spec/vcr_cassettes/Conjur_Resource/_create/with_path-like_identifier.yml
284
284
  - spec/vcr_cassettes/Conjur_Resource/_create/with_un-encoded_path-like_identifier.yml
285
285
  - spec/vcr_cassettes/Conjur_Resource/_create/with_uuid_identifier.yml
286
- homepage: ''
286
+ homepage: https://github.com/conjurinc/api-ruby/
287
287
  licenses:
288
288
  - MIT
289
289
  post_install_message:
@@ -304,7 +304,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
304
304
  version: '0'
305
305
  segments:
306
306
  - 0
307
- hash: 2545594353040758492
307
+ hash: -3859174285940063267
308
308
  requirements: []
309
309
  rubyforge_project:
310
310
  rubygems_version: 1.8.25
@@ -340,7 +340,6 @@ test_files:
340
340
  - spec/lib/role_spec.rb
341
341
  - spec/lib/standard_methods_spec.rb
342
342
  - spec/lib/user_spec.rb
343
- - spec/rest_client/resource_spec.rb
344
343
  - spec/spec_helper.rb
345
344
  - spec/standard_methods_helper.rb
346
345
  - spec/variable_spec.rb
@@ -1,28 +0,0 @@
1
- require 'spec_helper'
2
-
3
- describe RestClient::Resource do
4
- context "URL path parsing" do
5
- let(:resource) { RestClient::Resource.new "http://test.host/#{path}" }
6
-
7
- shared_examples_for "extracts the expected identifier" do
8
- include Conjur::HasId
9
- specify {
10
- resource.path_components.should == path_components
11
- id.should == path_components[2..-1].join('/')
12
- }
13
- end
14
-
15
- it_should_behave_like "extracts the expected identifier" do
16
- let(:path) { "hosts/foo" }
17
- let(:path_components) { [ "", "hosts", "foo" ] }
18
- end
19
- it_should_behave_like "extracts the expected identifier" do
20
- let(:path) { "hosts/foo/bar" }
21
- let(:path_components) { [ "", "hosts", "foo", "bar" ] }
22
- end
23
- it_should_behave_like "extracts the expected identifier" do
24
- let(:path) { "hosts/foo%2Fbar" }
25
- let(:path_components) { [ "", "hosts", "foo/bar" ] }
26
- end
27
- end
28
- end