conjur-api 4.4.1 → 4.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -3,10 +3,10 @@ require File.expand_path('../lib/conjur-api/version', __FILE__)
3
3
 
4
4
  Gem::Specification.new do |gem|
5
5
  gem.authors = ["Rafa\305\202 Rzepecki","Kevin Gilpin"]
6
- gem.email = ["divided.mind@gmail.com","kgilpin@conjur.net"]
6
+ gem.email = ["rafal@conjur.net","kgilpin@conjur.net"]
7
7
  gem.description = %q{Conjur API}
8
8
  gem.summary = %q{Conjur API}
9
- gem.homepage = ""
9
+ gem.homepage = "https://github.com/conjurinc/api-ruby/"
10
10
  gem.license = "MIT"
11
11
 
12
12
  gem.files = `git ls-files`.split($\) + Dir['build_number']
@@ -20,6 +20,6 @@
20
20
  #
21
21
  module Conjur
22
22
  class API
23
- VERSION = "4.4.1"
23
+ VERSION = "4.6.0"
24
24
  end
25
25
  end
@@ -18,6 +18,7 @@
18
18
  # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19
19
  # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
20
  #
21
+ require 'conjur/cast'
21
22
  require 'conjur/configuration'
22
23
  require 'conjur/env'
23
24
  require 'conjur/base'
@@ -39,8 +40,9 @@ require 'conjur-api/version'
39
40
  class RestClient::Resource
40
41
  include Conjur::Escape
41
42
  include Conjur::LogSource
43
+ include Conjur::Cast
42
44
  extend Conjur::BuildFromResponse
43
-
45
+
44
46
  def core_conjur_account
45
47
  Conjur::Core::API.conjur_account
46
48
  end
@@ -49,11 +51,6 @@ class RestClient::Resource
49
51
  {}
50
52
  end
51
53
 
52
- def path_components
53
- require 'uri'
54
- URI.parse(self.url).path.split('/').map{|e| URI.unescape e}
55
- end
56
-
57
54
  def username
58
55
  options[:user] || options[:username]
59
56
  end
@@ -21,7 +21,7 @@ module Conjur
21
21
  class API
22
22
  # Return audit events related to the given role_id. Identitical to audit_events
23
23
  # except that a String may be given instead of a Role object.
24
- # @param role_id [String] the role for which events should be returned.
24
+ # @param role [String] the role for which events should be returned.
25
25
  def audit_role role, options={}
26
26
  audit_event_feed 'role', (role.roleid rescue role), options
27
27
  end
@@ -22,7 +22,7 @@ require 'conjur/deputy'
22
22
 
23
23
  module Conjur
24
24
  class API
25
- def create_deputy options
25
+ def create_deputy options = {}
26
26
  standard_create Conjur::Core::API.host, :deputy, nil, options
27
27
  end
28
28
 
@@ -37,7 +37,7 @@ module Conjur
37
37
  end
38
38
  end
39
39
 
40
- def create_host options
40
+ def create_host options = {}
41
41
  standard_create Conjur::Core::API.host, :host, nil, options
42
42
  end
43
43
 
@@ -0,0 +1,42 @@
1
+ #
2
+ # Copyright (C) 2013 Conjur Inc
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining a copy of
5
+ # this software and associated documentation files (the "Software"), to deal in
6
+ # the Software without restriction, including without limitation the rights to
7
+ # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
8
+ # the Software, and to permit persons to whom the Software is furnished to do so,
9
+ # subject to the following conditions:
10
+ #
11
+ # The above copyright notice and this permission notice shall be included in all
12
+ # copies or substantial portions of the Software.
13
+ #
14
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
16
+ # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
17
+ # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
18
+ # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19
+ # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
+ #
21
+ module Conjur
22
+ module Cast
23
+ protected
24
+
25
+ def cast(obj, kind)
26
+ case kind
27
+ when :roleid, :resourceid
28
+ if obj.is_a?(String)
29
+ obj
30
+ elsif obj.is_a?(Array)
31
+ obj.join(':')
32
+ elsif obj.respond_to?(kind)
33
+ obj.send(kind)
34
+ else
35
+ raise "I don't know how to cast a #{obj.class} to a #{kind}"
36
+ end
37
+ else
38
+ raise "I don't know how to convert things to a #{kind}"
39
+ end
40
+ end
41
+ end
42
+ end
@@ -106,14 +106,14 @@ module Conjur
106
106
  end
107
107
 
108
108
  add_option :core_url do
109
- account_service_url 'core', 200
109
+ default_service_url 'core', 200
110
110
  end
111
111
 
112
112
  add_option :audit_url do
113
113
  global_service_url 'audit', 300
114
114
  end
115
115
 
116
- add_option :service_url
116
+ add_option :appliance_url
117
117
 
118
118
  add_option :service_base_port, default: 5000
119
119
 
@@ -135,8 +135,8 @@ module Conjur
135
135
  private
136
136
 
137
137
  def global_service_url(service_name, service_port_offset)
138
- if service_url
139
- URI.join(service_url, service_name).to_s
138
+ if appliance_url
139
+ URI.join(appliance_url + '/', service_name).to_s
140
140
  else
141
141
  case env
142
142
  when 'test', 'development'
@@ -148,8 +148,8 @@ module Conjur
148
148
  end
149
149
 
150
150
  def account_service_url(service_name, service_port_offset)
151
- if service_url
152
- URI.join(service_url, "/#{service_name}/", account).to_s
151
+ if appliance_url
152
+ URI.join(appliance_url + '/', service_name).to_s
153
153
  else
154
154
  case env
155
155
  when 'test', 'development'
@@ -160,6 +160,14 @@ module Conjur
160
160
  end
161
161
  end
162
162
 
163
+ def default_service_url(service_name, service_port_offset)
164
+ if appliance_url
165
+ appliance_url
166
+ else
167
+ account_service_url(service_name, service_port_offset)
168
+ end
169
+ end
170
+
163
171
  def supplied
164
172
  @supplied ||= {}
165
173
  end
@@ -25,7 +25,7 @@ module Conjur
25
25
  end
26
26
 
27
27
  def id
28
- path_components[2..-1].join('/')
28
+ URI.unescape self.url.split('/')[-1]
29
29
  end
30
30
  end
31
31
  end
@@ -31,9 +31,11 @@ module Conjur
31
31
  protected
32
32
 
33
33
  def match_path(range)
34
- require 'uri'
35
- tokens = URI.parse(self.url).path[1..-1].split('/')[range]
36
- tokens.map{|t| URI.unescape(t)}.join('/')
34
+ tokens[range].map{|t| URI.unescape(t)}.join('/')
35
+ end
36
+
37
+ def tokens
38
+ self.url[RestClient::Resource.new(Conjur::Authz::API.host)[''].url.length..-1].split('/')
37
39
  end
38
40
  end
39
41
  end
@@ -52,6 +52,7 @@ module Conjur
52
52
 
53
53
  # Changes the owner of a resource
54
54
  def give_to(owner, options = {})
55
+ owner = cast(owner, :roleid)
55
56
  self.put(options.merge(owner: owner))
56
57
  end
57
58
 
@@ -66,6 +67,7 @@ module Conjur
66
67
  end
67
68
 
68
69
  def permit(privilege, role, options = {})
70
+ role = cast(role, :roleid)
69
71
  eachable(privilege).each do |p|
70
72
  log do |logger|
71
73
  logger << "Permitting #{p} on resource #{kind}:#{identifier} by #{role}"
@@ -84,6 +86,7 @@ module Conjur
84
86
  end
85
87
 
86
88
  def deny(privilege, role, options = {})
89
+ role = cast(role, :roleid)
87
90
  eachable(privilege).each do |p|
88
91
  log do |logger|
89
92
  logger << "Denying #{p} on resource #{kind}:#{identifier} by #{role}"
@@ -50,6 +50,7 @@ module Conjur
50
50
 
51
51
  if filter = options.delete(:filter)
52
52
  filter = [filter] unless filter.is_a?(Array)
53
+ filter.map!{ |obj| cast(obj, :roleid) }
53
54
  (query_string << "&" << filter.to_query("filter")) unless filter.empty?
54
55
  end
55
56
  JSON.parse(self[query_string].get(options)).collect do |id|
@@ -58,10 +59,12 @@ module Conjur
58
59
  end
59
60
 
60
61
  def member_of?(other_role)
61
- not all(filter: (other_role.roleid rescue other_role)).empty?
62
+ other_role = cast(other_role, :roleid)
63
+ not all(filter: other_role).empty?
62
64
  end
63
65
 
64
66
  def grant_to(member, options={})
67
+ member = cast(member, :roleid)
65
68
  log do |logger|
66
69
  logger << "Granting role #{identifier} to #{member}"
67
70
  unless options.blank?
@@ -72,6 +75,7 @@ module Conjur
72
75
  end
73
76
 
74
77
  def revoke_from(member, options = {})
78
+ member = cast(member, :roleid)
75
79
  log do |logger|
76
80
  logger << "Revoking role #{identifier} from #{member}"
77
81
  unless options.empty?
@@ -81,9 +85,10 @@ module Conjur
81
85
  self["?members&member=#{query_escape member}"].delete(options)
82
86
  end
83
87
 
84
- def permitted?(resource_id, privilege, options = {})
88
+ def permitted?(resource, privilege, options = {})
89
+ resource = cast(resource, :resourceid)
85
90
  # NOTE: in previous versions there was 'kind' passed separately. Now it is part of id
86
- self["?check&resource_id=#{query_escape resource_id}&privilege=#{query_escape privilege}"].get(options)
91
+ self["?check&resource_id=#{query_escape resource}&privilege=#{query_escape privilege}"].get(options)
87
92
  true
88
93
  rescue RestClient::ResourceNotFound
89
94
  false
@@ -22,13 +22,13 @@ describe Conjur::Configuration do
22
22
  before {
23
23
  Conjur::Configuration.any_instance.stub(:account).and_return "the-account"
24
24
  }
25
- context "with service_url" do
25
+ context "with appliance_url" do
26
26
  before {
27
- Conjur::Configuration.any_instance.stub(:service_url).and_return "http://example.com"
27
+ Conjur::Configuration.any_instance.stub(:appliance_url).and_return "http://example.com"
28
28
  }
29
- its(:authn_url) { should == "http://example.com/authn/the-account" }
29
+ its(:authn_url) { should == "http://example.com/authn" }
30
30
  end
31
- context "without service_url" do
31
+ context "without appliance_url" do
32
32
  its(:authn_url) { should == "https://authn-the-account-conjur.herokuapp.com" }
33
33
  end
34
34
  end
@@ -36,13 +36,13 @@ describe Conjur::Configuration do
36
36
  before {
37
37
  Conjur::Configuration.any_instance.stub(:account).and_return "the-account"
38
38
  }
39
- context "with service_url" do
39
+ context "with appliance_url" do
40
40
  before {
41
- Conjur::Configuration.any_instance.stub(:service_url).and_return "http://example.com"
41
+ Conjur::Configuration.any_instance.stub(:appliance_url).and_return "http://example.com"
42
42
  }
43
43
  its(:authz_url) { should == "http://example.com/authz" }
44
44
  end
45
- context "without service_url" do
45
+ context "without appliance_url" do
46
46
  its(:authz_url) { should == "https://authz-v4-conjur.herokuapp.com" }
47
47
  context "with specific stack" do
48
48
  before { Conjur::Configuration.any_instance.stub(:stack).and_return "the-stack" }
@@ -53,33 +53,47 @@ describe Conjur::Configuration do
53
53
  end
54
54
  context "CONJUR_ENV = 'test'" do
55
55
  its(:env) { should == "test" }
56
+ before {
57
+ Conjur::Configuration.any_instance.stub(:account).and_return "the-account"
58
+ }
56
59
  describe 'authn_url' do
57
- before {
58
- Conjur::Configuration.any_instance.stub(:account).and_return "the-account"
59
- }
60
- context "with service_url" do
60
+ context "with appliance_url hostname" do
61
61
  before {
62
- Conjur::Configuration.any_instance.stub(:service_url).and_return "http://example.com"
62
+ Conjur::Configuration.any_instance.stub(:appliance_url).and_return "http://example.com"
63
63
  }
64
- its(:authn_url) { should == "http://example.com/authn/the-account" }
64
+ its(:authn_url) { should == "http://example.com/authn" }
65
65
  end
66
- context "without service_url" do
66
+ context "with appliance_url hostname and non-trailing-slash path" do
67
+ before {
68
+ Conjur::Configuration.any_instance.stub(:appliance_url).and_return "http://example.com/api"
69
+ }
70
+ its(:authn_url) { should == "http://example.com/api/authn" }
71
+ end
72
+ context "without appliance_url" do
67
73
  its(:authn_url) { should == "http://localhost:5000" }
68
74
  end
69
75
  end
70
76
  describe 'authz_url' do
71
- before {
72
- Conjur::Configuration.any_instance.stub(:account).and_return "the-account"
73
- }
74
- context "with service_url" do
77
+ context "with appliance_url" do
75
78
  before {
76
- Conjur::Configuration.any_instance.stub(:service_url).and_return "http://example.com"
79
+ Conjur::Configuration.any_instance.stub(:appliance_url).and_return "http://example.com/api/"
77
80
  }
78
- its(:authz_url) { should == "http://example.com/authz" }
81
+ its(:authz_url) { should == "http://example.com/api/authz" }
79
82
  end
80
- context "without service_url" do
83
+ context "without appliance_url" do
81
84
  its(:authz_url) { should == "http://localhost:5100" }
82
85
  end
83
86
  end
87
+ describe 'core_url' do
88
+ context "with appliance_url" do
89
+ before {
90
+ Conjur::Configuration.any_instance.stub(:appliance_url).and_return "http://example.com/api"
91
+ }
92
+ its(:core_url) { should == "http://example.com/api" }
93
+ end
94
+ context "without appliance_url" do
95
+ its(:core_url) { should == "http://localhost:5200" }
96
+ end
97
+ end
84
98
  end
85
99
  end
@@ -1,7 +1,7 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Conjur::Deputy, api: :dummy do
4
- subject { Conjur::Deputy.new 'http://example.com/deputies/my/hostname', nil }
4
+ subject { Conjur::Deputy.new 'http://example.com/deputies/my%2Fhostname', nil }
5
5
 
6
6
  its(:resource) { should be }
7
7
  its(:login) { should == 'deputy/my/hostname' }
@@ -1,13 +1,13 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Conjur::Host, api: :dummy do
4
- subject { Conjur::Host.new 'http://example.com/hosts/my/hostname', nil }
4
+ subject { Conjur::Host.new 'http://example.com/hosts/my%2Fhostname', nil }
5
5
 
6
6
  its(:resource) { should be }
7
7
  its(:login) { should == 'host/my/hostname' }
8
8
 
9
9
  it "fetches enrollment_url" do
10
- stub_request(:head, "http://example.com/hosts/my/hostname/enrollment_url").
10
+ stub_request(:head, "http://example.com/hosts/my%2Fhostname/enrollment_url").
11
11
  to_return(:status => 200, :headers => {location: 'foo'})
12
12
  subject.enrollment_url.should == 'foo'
13
13
  end
@@ -11,7 +11,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
11
11
  context "Object with an #id" do
12
12
  let(:kind) { "host" }
13
13
  let(:identifier) do
14
- Conjur::Host.new("#{Conjur::Core::API.host}/hosts/foobar", {})
14
+ "foobar"
15
15
  end
16
16
  it "identifier should obtained from the id" do
17
17
  resource.identifier.should == "foobar"
@@ -39,6 +39,20 @@ describe Conjur::Role, api: :dummy do
39
39
  subject.grant_to "other"
40
40
  end
41
41
 
42
+ it "converts an object to roleid" do
43
+ members = double "members request"
44
+ subject.should_receive(:[]).with('?members&member=other').and_return(members)
45
+ members.should_receive(:put).with({})
46
+ require 'ostruct'
47
+ subject.grant_to OpenStruct.new(roleid: "other")
48
+ end
49
+
50
+ it "converts an Array to roleid" do
51
+ members = double "members request"
52
+ subject.should_receive(:[]).with('?members&member=other').and_return(members)
53
+ members.should_receive(:put).with({})
54
+ subject.grant_to %w(other)
55
+ end
42
56
  end
43
57
 
44
58
  describe '#create' do
@@ -68,8 +82,14 @@ describe Conjur::Role, api: :dummy do
68
82
  all[1].id.should == 'xyzzy'
69
83
  end
70
84
 
71
-
72
85
  describe "filter param" do
86
+ it "applies #cast to the filter" do
87
+ filter = %w(foo bar)
88
+ filter.each{ |e| subject.should_receive(:cast).with(e, :roleid).and_return e }
89
+ RestClient::Request.stub execute: [].to_json
90
+ role.all filter: filter
91
+ end
92
+
73
93
  def self.it_passes_the_filter_as(query_string)
74
94
  it "calls ?all&#{query_string}" do
75
95
  RestClient::Request.should_receive(:execute).with(
@@ -80,6 +100,7 @@ describe Conjur::Role, api: :dummy do
80
100
  role.all filter: filter
81
101
  end
82
102
  end
103
+
83
104
  context "when a string" do
84
105
  let(:filter){ 'string' }
85
106
  it_passes_the_filter_as ['string'].to_query('filter')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: conjur-api
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.4.1
4
+ version: 4.6.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2013-12-24 00:00:00.000000000 Z
13
+ date: 2014-01-11 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: rest-client
@@ -190,7 +190,7 @@ dependencies:
190
190
  version: '0'
191
191
  description: Conjur API
192
192
  email:
193
- - divided.mind@gmail.com
193
+ - rafal@conjur.net
194
194
  - kgilpin@conjur.net
195
195
  executables: []
196
196
  extensions: []
@@ -230,6 +230,7 @@ files:
230
230
  - lib/conjur/authz-api.rb
231
231
  - lib/conjur/base.rb
232
232
  - lib/conjur/build_from_response.rb
233
+ - lib/conjur/cast.rb
233
234
  - lib/conjur/configuration.rb
234
235
  - lib/conjur/core-api.rb
235
236
  - lib/conjur/deputy.rb
@@ -276,14 +277,13 @@ files:
276
277
  - spec/lib/role_spec.rb
277
278
  - spec/lib/standard_methods_spec.rb
278
279
  - spec/lib/user_spec.rb
279
- - spec/rest_client/resource_spec.rb
280
280
  - spec/spec_helper.rb
281
281
  - spec/standard_methods_helper.rb
282
282
  - spec/variable_spec.rb
283
283
  - spec/vcr_cassettes/Conjur_Resource/_create/with_path-like_identifier.yml
284
284
  - spec/vcr_cassettes/Conjur_Resource/_create/with_un-encoded_path-like_identifier.yml
285
285
  - spec/vcr_cassettes/Conjur_Resource/_create/with_uuid_identifier.yml
286
- homepage: ''
286
+ homepage: https://github.com/conjurinc/api-ruby/
287
287
  licenses:
288
288
  - MIT
289
289
  post_install_message:
@@ -304,7 +304,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
304
304
  version: '0'
305
305
  segments:
306
306
  - 0
307
- hash: 2545594353040758492
307
+ hash: -3859174285940063267
308
308
  requirements: []
309
309
  rubyforge_project:
310
310
  rubygems_version: 1.8.25
@@ -340,7 +340,6 @@ test_files:
340
340
  - spec/lib/role_spec.rb
341
341
  - spec/lib/standard_methods_spec.rb
342
342
  - spec/lib/user_spec.rb
343
- - spec/rest_client/resource_spec.rb
344
343
  - spec/spec_helper.rb
345
344
  - spec/standard_methods_helper.rb
346
345
  - spec/variable_spec.rb
@@ -1,28 +0,0 @@
1
- require 'spec_helper'
2
-
3
- describe RestClient::Resource do
4
- context "URL path parsing" do
5
- let(:resource) { RestClient::Resource.new "http://test.host/#{path}" }
6
-
7
- shared_examples_for "extracts the expected identifier" do
8
- include Conjur::HasId
9
- specify {
10
- resource.path_components.should == path_components
11
- id.should == path_components[2..-1].join('/')
12
- }
13
- end
14
-
15
- it_should_behave_like "extracts the expected identifier" do
16
- let(:path) { "hosts/foo" }
17
- let(:path_components) { [ "", "hosts", "foo" ] }
18
- end
19
- it_should_behave_like "extracts the expected identifier" do
20
- let(:path) { "hosts/foo/bar" }
21
- let(:path_components) { [ "", "hosts", "foo", "bar" ] }
22
- end
23
- it_should_behave_like "extracts the expected identifier" do
24
- let(:path) { "hosts/foo%2Fbar" }
25
- let(:path_components) { [ "", "hosts", "foo/bar" ] }
26
- end
27
- end
28
- end