conjur-api 4.4.1 → 4.6.0

data/conjur-api.gemspec

@@ -3,10 +3,10 @@ require File.expand_path('../lib/conjur-api/version', __FILE__)
 
 Gem::Specification.new do |gem|
   gem.authors       = ["Rafa\305\202 Rzepecki","Kevin Gilpin"]
-  gem.email         = ["divided.mind@gmail.com","kgilpin@conjur.net"]
+  gem.email         = ["rafal@conjur.net","kgilpin@conjur.net"]
   gem.description   = %q{Conjur API}
   gem.summary       = %q{Conjur API}
-  gem.homepage      = ""
+  gem.homepage      = "https://github.com/conjurinc/api-ruby/"
   gem.license       = "MIT"
 
   gem.files         = `git ls-files`.split($\) + Dir['build_number']

data/lib/conjur-api/version.rb

@@ -20,6 +20,6 @@
 #
 module Conjur
   class API
-    VERSION = "4.4.1"
+    VERSION = "4.6.0"
   end
 end

data/lib/conjur/api.rb

@@ -18,6 +18,7 @@
 # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
+require 'conjur/cast'
 require 'conjur/configuration'
 require 'conjur/env'
 require 'conjur/base'
@@ -39,8 +40,9 @@ require 'conjur-api/version'
 class RestClient::Resource
   include Conjur::Escape
   include Conjur::LogSource
+  include Conjur::Cast
   extend  Conjur::BuildFromResponse
-
+  
   def core_conjur_account
     Conjur::Core::API.conjur_account
   end
@@ -49,11 +51,6 @@ class RestClient::Resource
     {}
   end
   
-  def path_components
-    require 'uri'
-    URI.parse(self.url).path.split('/').map{|e| URI.unescape e}
-  end
-  
   def username
     options[:user] || options[:username]
   end

data/lib/conjur/api/audit.rb

@@ -21,7 +21,7 @@ module Conjur
   class API
     # Return audit events related to the given role_id.  Identitical to audit_events
     # except that a String may be given instead of a Role object.
-    # @param role_id [String] the role for which events should be returned.
+    # @param role [String] the role for which events should be returned.
     def audit_role role, options={}
       audit_event_feed 'role', (role.roleid rescue role), options
     end

data/lib/conjur/api/deputies.rb

@@ -22,7 +22,7 @@ require 'conjur/deputy'
 
 module Conjur
   class API
-    def create_deputy options
+    def create_deputy options = {}
       standard_create Conjur::Core::API.host, :deputy, nil, options
     end
     

data/lib/conjur/api/hosts.rb

@@ -37,7 +37,7 @@ module Conjur
       end
     end
     
-    def create_host options
+    def create_host options = {}
       standard_create Conjur::Core::API.host, :host, nil, options
     end
     

data/lib/conjur/cast.rb

@@ -0,0 +1,42 @@
+#
+# Copyright (C) 2013 Conjur Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+module Conjur
+  module Cast
+    protected
+    
+    def cast(obj, kind)
+      case kind
+      when :roleid, :resourceid
+        if obj.is_a?(String)
+          obj
+        elsif obj.is_a?(Array)
+          obj.join(':')
+        elsif obj.respond_to?(kind)
+          obj.send(kind)
+        else
+          raise "I don't know how to cast a #{obj.class} to a #{kind}"
+        end
+      else
+        raise "I don't know how to convert things to a #{kind}"
+      end
+    end
+  end
+end

data/lib/conjur/configuration.rb

@@ -106,14 +106,14 @@ module Conjur
     end
 
     add_option :core_url do
-      account_service_url 'core', 200
+      default_service_url 'core', 200
     end    
     
     add_option :audit_url do
       global_service_url  'audit', 300
     end    
     
-    add_option :service_url
+    add_option :appliance_url
     
     add_option :service_base_port, default: 5000
 
@@ -135,8 +135,8 @@ module Conjur
     private
 
     def global_service_url(service_name, service_port_offset)
-      if service_url
-        URI.join(service_url, service_name).to_s
+      if appliance_url
+        URI.join(appliance_url + '/', service_name).to_s
       else
         case env
         when 'test', 'development'
@@ -148,8 +148,8 @@ module Conjur
     end
     
     def account_service_url(service_name, service_port_offset)
-      if service_url
-        URI.join(service_url, "/#{service_name}/", account).to_s
+      if appliance_url
+        URI.join(appliance_url + '/', service_name).to_s
       else
         case env
         when 'test', 'development'
@@ -160,6 +160,14 @@ module Conjur
       end
     end
     
+    def default_service_url(service_name, service_port_offset)
+      if appliance_url
+        appliance_url
+      else
+        account_service_url(service_name, service_port_offset)
+      end
+    end
+    
     def supplied
       @supplied ||= {}
     end

data/lib/conjur/has_id.rb

@@ -25,7 +25,7 @@ module Conjur
     end
   
     def id
-      path_components[2..-1].join('/')
+      URI.unescape self.url.split('/')[-1]
     end    
   end
 end

data/lib/conjur/path_based.rb

@@ -31,9 +31,11 @@ module Conjur
     protected
     
     def match_path(range)
-      require 'uri'
-      tokens = URI.parse(self.url).path[1..-1].split('/')[range]
-      tokens.map{|t| URI.unescape(t)}.join('/')
+      tokens[range].map{|t| URI.unescape(t)}.join('/')
+    end
+    
+    def tokens
+      self.url[RestClient::Resource.new(Conjur::Authz::API.host)[''].url.length..-1].split('/')
     end
   end
 end

data/lib/conjur/resource.rb

@@ -52,6 +52,7 @@ module Conjur
     
     # Changes the owner of a resource
     def give_to(owner, options = {})
+      owner = cast(owner, :roleid)
       self.put(options.merge(owner: owner))
     end
 
@@ -66,6 +67,7 @@ module Conjur
     end
 
     def permit(privilege, role, options = {})
+      role = cast(role, :roleid)
       eachable(privilege).each do |p|
         log do |logger|
           logger << "Permitting #{p} on resource #{kind}:#{identifier} by #{role}"
@@ -84,6 +86,7 @@ module Conjur
     end
     
     def deny(privilege, role, options = {})
+      role = cast(role, :roleid)
       eachable(privilege).each do |p|
         log do |logger|
           logger << "Denying #{p} on resource #{kind}:#{identifier} by #{role}"

data/lib/conjur/role.rb

@@ -50,6 +50,7 @@ module Conjur
       
       if filter = options.delete(:filter)
         filter = [filter] unless filter.is_a?(Array)
+        filter.map!{ |obj| cast(obj, :roleid) }
         (query_string << "&" << filter.to_query("filter")) unless filter.empty?
       end
       JSON.parse(self[query_string].get(options)).collect do |id|
@@ -58,10 +59,12 @@ module Conjur
     end
     
     def member_of?(other_role)
-      not all(filter: (other_role.roleid rescue other_role)).empty?
+      other_role = cast(other_role, :roleid)
+      not all(filter: other_role).empty?
     end
     
     def grant_to(member, options={})
+      member = cast(member, :roleid)
       log do |logger|
         logger << "Granting role #{identifier} to #{member}"
         unless options.blank?
@@ -72,6 +75,7 @@ module Conjur
     end
 
     def revoke_from(member, options = {})
+      member = cast(member, :roleid)
       log do |logger|
         logger << "Revoking role #{identifier} from #{member}"
         unless options.empty?
@@ -81,9 +85,10 @@ module Conjur
       self["?members&member=#{query_escape member}"].delete(options)
     end
 
-    def permitted?(resource_id, privilege, options = {})
+    def permitted?(resource, privilege, options = {})
+      resource = cast(resource, :resourceid)
       # NOTE: in previous versions there was 'kind' passed separately. Now it is part of id
-      self["?check&resource_id=#{query_escape resource_id}&privilege=#{query_escape privilege}"].get(options)
+      self["?check&resource_id=#{query_escape resource}&privilege=#{query_escape privilege}"].get(options)
       true
     rescue RestClient::ResourceNotFound
       false

data/spec/lib/configuration_spec.rb

@@ -22,13 +22,13 @@ describe Conjur::Configuration do
       before {
         Conjur::Configuration.any_instance.stub(:account).and_return "the-account"
       }
-      context "with service_url" do
+      context "with appliance_url" do
         before {
-          Conjur::Configuration.any_instance.stub(:service_url).and_return "http://example.com"
+          Conjur::Configuration.any_instance.stub(:appliance_url).and_return "http://example.com"
         }
-        its(:authn_url) { should == "http://example.com/authn/the-account" }
+        its(:authn_url) { should == "http://example.com/authn" }
       end
-      context "without service_url" do
+      context "without appliance_url" do
         its(:authn_url) { should == "https://authn-the-account-conjur.herokuapp.com" }
       end
     end
@@ -36,13 +36,13 @@ describe Conjur::Configuration do
       before {
         Conjur::Configuration.any_instance.stub(:account).and_return "the-account"
       }
-      context "with service_url" do
+      context "with appliance_url" do
         before {
-          Conjur::Configuration.any_instance.stub(:service_url).and_return "http://example.com"
+          Conjur::Configuration.any_instance.stub(:appliance_url).and_return "http://example.com"
         }
         its(:authz_url) { should == "http://example.com/authz" }
       end
-      context "without service_url" do
+      context "without appliance_url" do
         its(:authz_url) { should == "https://authz-v4-conjur.herokuapp.com" }
         context "with specific stack" do
           before { Conjur::Configuration.any_instance.stub(:stack).and_return "the-stack" }
@@ -53,33 +53,47 @@ describe Conjur::Configuration do
   end
   context "CONJUR_ENV = 'test'" do
     its(:env) { should == "test" }
+    before {
+      Conjur::Configuration.any_instance.stub(:account).and_return "the-account"
+    }
     describe 'authn_url' do
-      before {
-        Conjur::Configuration.any_instance.stub(:account).and_return "the-account"
-      }
-      context "with service_url" do
+      context "with appliance_url hostname" do
         before {
-          Conjur::Configuration.any_instance.stub(:service_url).and_return "http://example.com"
+          Conjur::Configuration.any_instance.stub(:appliance_url).and_return "http://example.com"
         }
-        its(:authn_url) { should == "http://example.com/authn/the-account" }
+        its(:authn_url) { should == "http://example.com/authn" }
       end
-      context "without service_url" do
+      context "with appliance_url hostname and non-trailing-slash path" do
+        before {
+          Conjur::Configuration.any_instance.stub(:appliance_url).and_return "http://example.com/api"
+        }
+        its(:authn_url) { should == "http://example.com/api/authn" }
+      end
+      context "without appliance_url" do
         its(:authn_url) { should == "http://localhost:5000" }
       end
     end
     describe 'authz_url' do
-      before {
-        Conjur::Configuration.any_instance.stub(:account).and_return "the-account"
-      }
-      context "with service_url" do
+      context "with appliance_url" do
         before {
-          Conjur::Configuration.any_instance.stub(:service_url).and_return "http://example.com"
+          Conjur::Configuration.any_instance.stub(:appliance_url).and_return "http://example.com/api/"
         }
-        its(:authz_url) { should == "http://example.com/authz" }
+        its(:authz_url) { should == "http://example.com/api/authz" }
       end
-      context "without service_url" do
+      context "without appliance_url" do
         its(:authz_url) { should == "http://localhost:5100" }
       end
     end
+    describe 'core_url' do
+      context "with appliance_url" do
+        before {
+          Conjur::Configuration.any_instance.stub(:appliance_url).and_return "http://example.com/api"
+        }
+        its(:core_url) { should == "http://example.com/api" }
+      end
+      context "without appliance_url" do
+        its(:core_url) { should == "http://localhost:5200" }
+      end
+    end
   end
 end

data/spec/lib/deputy_spec.rb

@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe Conjur::Deputy, api: :dummy do
-  subject { Conjur::Deputy.new 'http://example.com/deputies/my/hostname', nil }
+  subject { Conjur::Deputy.new 'http://example.com/deputies/my%2Fhostname', nil }
 
   its(:resource) { should be }
   its(:login) { should == 'deputy/my/hostname' }

data/spec/lib/host_spec.rb

@@ -1,13 +1,13 @@
 require 'spec_helper'
 
 describe Conjur::Host, api: :dummy do
-  subject { Conjur::Host.new 'http://example.com/hosts/my/hostname', nil }
+  subject { Conjur::Host.new 'http://example.com/hosts/my%2Fhostname', nil }
 
   its(:resource) { should be }
   its(:login) { should == 'host/my/hostname' }
 
   it "fetches enrollment_url" do
-    stub_request(:head, "http://example.com/hosts/my/hostname/enrollment_url").
+    stub_request(:head, "http://example.com/hosts/my%2Fhostname/enrollment_url").
          to_return(:status => 200, :headers => {location: 'foo'})
     subject.enrollment_url.should == 'foo'
   end

data/spec/lib/resource_spec.rb

@@ -11,7 +11,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
     context "Object with an #id" do
       let(:kind) { "host" }
       let(:identifier) do
-        Conjur::Host.new("#{Conjur::Core::API.host}/hosts/foobar", {})
+        "foobar"
       end
       it "identifier should obtained from the id" do
         resource.identifier.should == "foobar"

data/spec/lib/role_spec.rb

@@ -39,6 +39,20 @@ describe Conjur::Role, api: :dummy do
       subject.grant_to "other"
     end
 
+    it "converts an object to roleid" do
+      members = double "members request"
+      subject.should_receive(:[]).with('?members&member=other').and_return(members)
+      members.should_receive(:put).with({})
+      require 'ostruct'
+      subject.grant_to OpenStruct.new(roleid: "other")
+    end
+
+    it "converts an Array to roleid" do
+      members = double "members request"
+      subject.should_receive(:[]).with('?members&member=other').and_return(members)
+      members.should_receive(:put).with({})
+      subject.grant_to %w(other)
+    end
   end
 
   describe '#create' do
@@ -68,8 +82,14 @@ describe Conjur::Role, api: :dummy do
       all[1].id.should == 'xyzzy'
     end
     
-    
     describe "filter param" do
+      it "applies #cast to the filter" do
+        filter = %w(foo bar)
+        filter.each{ |e| subject.should_receive(:cast).with(e, :roleid).and_return e }
+        RestClient::Request.stub execute: [].to_json
+        role.all filter: filter
+      end
+      
       def self.it_passes_the_filter_as(query_string)
         it "calls ?all&#{query_string}" do
           RestClient::Request.should_receive(:execute).with(
@@ -80,6 +100,7 @@ describe Conjur::Role, api: :dummy do
           role.all filter: filter
         end
       end
+      
       context "when a string" do
         let(:filter){ 'string' }
         it_passes_the_filter_as ['string'].to_query('filter')

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-api
 version: !ruby/object:Gem::Version
-  version: 4.4.1
+  version: 4.6.0
   prerelease: 
 platform: ruby
 authors:
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-12-24 00:00:00.000000000 Z
+date: 2014-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -190,7 +190,7 @@ dependencies:
         version: '0'
 description: Conjur API
 email:
-- divided.mind@gmail.com
+- rafal@conjur.net
 - kgilpin@conjur.net
 executables: []
 extensions: []
@@ -230,6 +230,7 @@ files:
 - lib/conjur/authz-api.rb
 - lib/conjur/base.rb
 - lib/conjur/build_from_response.rb
+- lib/conjur/cast.rb
 - lib/conjur/configuration.rb
 - lib/conjur/core-api.rb
 - lib/conjur/deputy.rb
@@ -276,14 +277,13 @@ files:
 - spec/lib/role_spec.rb
 - spec/lib/standard_methods_spec.rb
 - spec/lib/user_spec.rb
-- spec/rest_client/resource_spec.rb
 - spec/spec_helper.rb
 - spec/standard_methods_helper.rb
 - spec/variable_spec.rb
 - spec/vcr_cassettes/Conjur_Resource/_create/with_path-like_identifier.yml
 - spec/vcr_cassettes/Conjur_Resource/_create/with_un-encoded_path-like_identifier.yml
 - spec/vcr_cassettes/Conjur_Resource/_create/with_uuid_identifier.yml
-homepage: ''
+homepage: https://github.com/conjurinc/api-ruby/
 licenses:
 - MIT
 post_install_message: 
@@ -304,7 +304,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 2545594353040758492
+      hash: -3859174285940063267
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.25
@@ -340,7 +340,6 @@ test_files:
 - spec/lib/role_spec.rb
 - spec/lib/standard_methods_spec.rb
 - spec/lib/user_spec.rb
-- spec/rest_client/resource_spec.rb
 - spec/spec_helper.rb
 - spec/standard_methods_helper.rb
 - spec/variable_spec.rb

data/spec/rest_client/resource_spec.rb

@@ -1,28 +0,0 @@
-require 'spec_helper'
-
-describe RestClient::Resource do
-  context "URL path parsing" do
-    let(:resource) { RestClient::Resource.new "http://test.host/#{path}" }
-    
-    shared_examples_for "extracts the expected identifier" do
-      include Conjur::HasId
-      specify {
-        resource.path_components.should == path_components
-        id.should == path_components[2..-1].join('/')
-      }
-    end
-    
-    it_should_behave_like "extracts the expected identifier" do
-      let(:path) { "hosts/foo" }
-      let(:path_components) { [ "", "hosts", "foo" ] }
-    end
-    it_should_behave_like "extracts the expected identifier" do
-      let(:path) { "hosts/foo/bar" }
-      let(:path_components) { [ "", "hosts", "foo", "bar" ] }
-    end
-    it_should_behave_like "extracts the expected identifier" do
-      let(:path) { "hosts/foo%2Fbar" }
-      let(:path_components) { [ "", "hosts", "foo/bar" ] }
-    end
-  end
-end