conjur-api 5.3.8.pre.3 → 5.3.8.pre.8

data/spec/configuration_spec.rb

@@ -1,330 +0,0 @@
-require 'spec_helper'
-
-describe Conjur::Configuration do
-  before {
-    Conjur.configuration = Conjur::Configuration.new
-  }
-  after(:all) do
-    # reset the configuration so it doesn't clobber other tests
-    Conjur.configuration = Conjur::Configuration.new
-  end
-
-  subject(:configuration) { Conjur.configuration }
-  context "thread-local behavior" do
-    it "can swap the Configuration in a new thread" do
-      original = Conjur.configuration
-      c = Conjur::Configuration.new
-      Thread.new do
-        Thread.current[:conjur_configuration] = :foo
-        Conjur.with_configuration c do
-          expect(Conjur.configuration).to eq(c)
-        end
-        expect(Thread.current[:conjur_configuration]).to eq(:foo)
-      end.join
-      expect(Conjur.configuration).to eq(original)
-    end
-  end
-  context "with various options" do
-    before {
-      configuration.account = "the-account"
-      configuration.appliance_url = "https://conjur/api"
-    }
-
-    it "rest_client_options defaults" do
-      expected = {
-        ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
-      }
-      expect(configuration.rest_client_options).to eq(expected)
-    end
-
-    it "rest_client_options propagate to RestClient::Resource" do
-      expected = {
-        ssl_ca_file: "ca_certificate.pem",
-        proxy: "http://proxy.example.com/"
-      }
-      configuration.rest_client_options = {
-        ssl_ca_file: "ca_certificate.pem",
-        proxy: "http://proxy.example.com/"
-      }
-
-      resource = Conjur::API.url_for(:authn_login, *["account", "username", "password"])
-      expect(resource.options).to include(expected)
-    end
-
-    it "can still be changed by changing the appliance_url" do
-      configuration.appliance_url = "https://other/api"
-      expect(configuration.core_url).to eq "https://other/api"
-    end
-
-    it "can still be changed by changing the authn_url" do
-      configuration.authn_url = "http://authn-docker"
-      expect(configuration.core_url).to eq "https://conjur/api"
-      expect(configuration.authn_url).to eq "http://authn-docker"
-    end
-
-    context "and duplicated" do
-      subject { configuration.clone override_options }
-      let(:override_options) { Hash.new }
-
-      describe '#account' do
-        subject { super().account }
-        it { is_expected.to eq(configuration.account) }
-      end
-
-      describe '#appliance_url' do
-        subject { super().appliance_url }
-        it { is_expected.to eq(configuration.appliance_url) }
-      end
-
-      describe '#core_url' do
-        subject { super().core_url }
-        it { is_expected.to eq(configuration.appliance_url) }
-      end
-
-      context "appliance_url overridden" do
-        let(:override_options) {
-          { :appliance_url => "https://example/api" }
-        }
-        it "is ignored by the configuration core_url" do
-          expect(configuration.core_url).to eq("https://conjur/api")
-        end
-        it "is reflected in the copy core_url" do
-          expect(subject.core_url).to eq("https://example/api")
-        end
-      end
-    end
-  end
-
-  describe "url generation" do
-    describe 'authn_url' do
-      before {
-        allow_any_instance_of(Conjur::Configuration).to receive(:account).and_return "the-account"
-      }
-      context "with appliance_url" do
-        before {
-          allow_any_instance_of(Conjur::Configuration).to receive(:appliance_url).and_return "http://example.com"
-        }
-
-        describe '#authn_url' do
-          subject { super().authn_url }
-          it { is_expected.to eq("http://example.com/authn") }
-        end
-      end
-      context "without appliance_url" do
-        describe '#authn_url' do
-          subject { super().authn_url }
-          it { is_expected.to eq("http://localhost:5000") }
-        end
-      end
-    end
-
-    describe 'core_url' do
-      before {
-        allow_any_instance_of(Conjur::Configuration).to receive(:account).and_return "the-account"
-      }
-      subject { super().core_url }
-      context "with appliance_url" do
-        before {
-          allow_any_instance_of(Conjur::Configuration).to receive(:appliance_url).and_return "http://example.com"
-        }
-
-        it { is_expected.to eq("http://example.com") }
-      end
-      context "without appliance_url" do
-        it { is_expected.to eq("http://localhost:5000") }
-      end
-    end
-  end
-
-  describe "apply_cert_config!" do
-    let (:cert_exists) { true }
-    let (:cert_readable) { true }
-    subject{ Conjur.configuration.apply_cert_config! }
-
-    let(:store){ double('default store') }
-
-    before do
-      stub_const 'OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE', store
-      allow_any_instance_of(Conjur::Configuration).to receive(:ssl_certificate).and_return ssl_certificate
-      allow_any_instance_of(Conjur::Configuration).to receive(:cert_file).and_return cert_file
-      allow_any_instance_of(Conjur::Configuration).to receive(:ensure_cert_readable!).with(cert_file) do
-        raise Errno::ENOENT unless cert_exists
-        raise Errno::EPERM unless cert_readable
-      end
-    end
-
-    context 'when cert file may exist' do
-      context "when neither cert_file or ssl_certificate is present" do
-        let(:cert_file){ nil }
-        let(:ssl_certificate){ nil }
-
-        it 'does nothing to the store' do
-          expect(store).to_not receive(:add_file)
-          expect(store).to_not receive(:add_cert)
-          expect(subject).to be_falsey
-        end
-      end
-
-      context 'when both are given' do
-        let(:cert_file){ '/path/to/cert.pem' }
-        let(:ssl_certificate){ "-----BEGIN CERTIFICATE-----\nfoo\n-----END CERTIFICATE-----\n" }
-        let(:cert){ double('certificate') }
-        it 'calls store.add_cert with a certificate created from ssl_certificate' do
-          expect(OpenSSL::X509::Certificate).to receive(:new).with(ssl_certificate).once.and_return cert
-          expect(store).to receive(:add_cert).once.with(cert)
-          expect(subject).to be_truthy
-        end
-      end
-
-      context 'when cert_file is given and ssl_certificate is not' do
-        let(:cert_file){ '/path/to/cert.pem' }
-        let(:ssl_certificate){ nil }
-        it 'calls store.add_file with cert_file' do
-          expect(store).to receive(:add_file).with(cert_file).once
-          expect(subject).to be_truthy
-        end
-      end
-
-      context 'when ssl_certificate is given' do
-        let(:cert_file){ nil }
-        let(:ssl_certificate){ "-----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIJAO4Lf1Rf2cciMA0GCSqGSIb3DQEBBQUAMDMxMTAvBgNV BAMTKGVjMi01NC05MS0yNDYtODQuY29tcHV0ZS0xLmFtYXpvbmF3cy5jb20wHhcN MTQxMDA4MjEwNTA5WhcNMjQxMDA1MjEwNTA5WjAzMTEwLwYDVQQDEyhlYzItNTQt OTEtMjQ2LTg0LmNvbXB1dGUtMS5hbWF6b25hd3MuY29tMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAx+OFANXNEYNsMR3Uvg4/72VG3LZO8yxrYaYzc3FZ NN3NpIOCZvRTC5S+OawsdEljHwfhdVoXdWNKgVJakSxsAnnaj11fA6XpfN60o6Fk i4q/BqwqgeNJjKAlElFsNz2scWFWRe49NHlj9qaq/yWZ8Cn0IeHy8j8F+jMek4zt dCSxVEayVG/k8RFmYCcluQc/1LuCjPiFwJU43AGkO+yvmOuYGivsNKY+54yuEZqF VDsjAjMsYXxgLx9y1F7Rq3CfeqY6IajR7pmmRup8/D9NyyyQuIML83mjTSvo0UYu rkdXPObd/m6gumscvXMl6SoJ5IPItvTA42MZqTaNzimF0QIDAQABo2gwZjBkBgNV HREEXTBbgglsb2NhbGhvc3SCBmNvbmp1coIcY29uanVyLW1hc3Rlci5pdHAuY29u anVyLm5ldIIoZWMyLTU0LTkxLTI0Ni04NC5jb21wdXRlLTEuYW1hem9uYXdzLmNv bTANBgkqhkiG9w0BAQUFAAOCAQEANk7P3ZEZHLgiTrLG13VAkm33FAvFzRG6akx1 jgNeRDgSaxRtrfJq3mnhsmD6hdvv+e6prPCFOjeEDheyCZyQDESdVEJBwytHVjnH dbvgMRaPm6OO8CyRyNjg3YcC36T//oQKOdAXXEcrtd0QbelBDYlKA7smJtznfhAb XypVdeS/6I4qvJi3Ckp5sQ1GszYhVXAvEeWeY59WwsTWYHLkzss9QShnigPyo3LY ZA5JVXofYi9DJ6VexP7sJNhCMrY2WnMpPcAOB9T7a6lcoXj6mWxvFys0xDIEOnc6 NGb+d47blphUKRZMAUZgYgFfMfmlyu1IXj03J8AuKtIMEwkXAA== -----END CERTIFICATE----- " }
-        let(:actual_certificate) {
-          <<-CERT
------BEGIN CERTIFICATE-----
-MIIDUTCCAjmgAwIBAgIJAO4Lf1Rf2cciMA0GCSqGSIb3DQEBBQUAMDMxMTAvBgNV
-BAMTKGVjMi01NC05MS0yNDYtODQuY29tcHV0ZS0xLmFtYXpvbmF3cy5jb20wHhcN
-MTQxMDA4MjEwNTA5WhcNMjQxMDA1MjEwNTA5WjAzMTEwLwYDVQQDEyhlYzItNTQt
-OTEtMjQ2LTg0LmNvbXB1dGUtMS5hbWF6b25hd3MuY29tMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAx+OFANXNEYNsMR3Uvg4/72VG3LZO8yxrYaYzc3FZ
-NN3NpIOCZvRTC5S+OawsdEljHwfhdVoXdWNKgVJakSxsAnnaj11fA6XpfN60o6Fk
-i4q/BqwqgeNJjKAlElFsNz2scWFWRe49NHlj9qaq/yWZ8Cn0IeHy8j8F+jMek4zt
-dCSxVEayVG/k8RFmYCcluQc/1LuCjPiFwJU43AGkO+yvmOuYGivsNKY+54yuEZqF
-VDsjAjMsYXxgLx9y1F7Rq3CfeqY6IajR7pmmRup8/D9NyyyQuIML83mjTSvo0UYu
-rkdXPObd/m6gumscvXMl6SoJ5IPItvTA42MZqTaNzimF0QIDAQABo2gwZjBkBgNV
-HREEXTBbgglsb2NhbGhvc3SCBmNvbmp1coIcY29uanVyLW1hc3Rlci5pdHAuY29u
-anVyLm5ldIIoZWMyLTU0LTkxLTI0Ni04NC5jb21wdXRlLTEuYW1hem9uYXdzLmNv
-bTANBgkqhkiG9w0BAQUFAAOCAQEANk7P3ZEZHLgiTrLG13VAkm33FAvFzRG6akx1
-jgNeRDgSaxRtrfJq3mnhsmD6hdvv+e6prPCFOjeEDheyCZyQDESdVEJBwytHVjnH
-dbvgMRaPm6OO8CyRyNjg3YcC36T//oQKOdAXXEcrtd0QbelBDYlKA7smJtznfhAb
-XypVdeS/6I4qvJi3Ckp5sQ1GszYhVXAvEeWeY59WwsTWYHLkzss9QShnigPyo3LY
-ZA5JVXofYi9DJ6VexP7sJNhCMrY2WnMpPcAOB9T7a6lcoXj6mWxvFys0xDIEOnc6
-NGb+d47blphUKRZMAUZgYgFfMfmlyu1IXj03J8AuKtIMEwkXAA==
------END CERTIFICATE-----
-CERT
-        }
-        let(:cert){ double('cert') }
-
-        before do
-          expect(OpenSSL::X509::Certificate).to receive(:new).with(actual_certificate).at_least(:once).and_return cert
-        end
-
-        it 'calls store.add_cert with a certificate created from ssl_certificate' do
-          expect(store).to receive(:add_cert).with(cert).once
-          expect(subject).to be_truthy
-        end
-
-        it 'rescues from a StoreError with message "cert already in hash tabble"' do
-          expect(store).to receive(:add_cert).with(cert).once.and_raise(OpenSSL::X509::StoreError.new('cert already in hash table'))
-          expect(subject).to be_truthy
-        end
-
-
-        it 'does not rescue from other exceptions' do
-          exn = OpenSSL::X509::StoreError.new('some other message')
-          expect(store).to receive(:add_cert).with(cert).once.and_raise(exn)
-          expect{subject}.to raise_error exn
-          exn = ArgumentError.new('bad news')
-          expect(store).to receive(:add_cert).with(cert).once.and_raise(exn)
-          expect{subject}.to raise_error exn
-        end
-      end
-
-      context 'when given a store argument' do
-        let(:cert_file){ '/path/to/cert.pem' }
-        let(:ssl_certificate){ nil }
-        let(:alt_store){ double('alt store') }
-        subject{ Conjur.configuration.apply_cert_config! alt_store }
-
-        it 'uses that store instead' do
-          expect(alt_store).to receive(:add_file).with(cert_file).once
-          expect(subject).to be_truthy
-        end
-      end
-
-      context 'with two certificates in a string' do
-        let(:cert_file) { nil }
-        let(:ssl_certificate) do
-          """-----BEGIN CERTIFICATE-----
-MIIDPjCCAiagAwIBAgIVAKW1gdmOFrXt6xB0iQmYQ4z8Pf+kMA0GCSqGSIb3DQEB
-CwUAMD0xETAPBgNVBAoTCGN1Y3VtYmVyMRIwEAYDVQQLEwlDb25qdXIgQ0ExFDAS
-BgNVBAMTC2N1a2UtbWFzdGVyMB4XDTE1MTAwNzE2MzAwNloXDTI1MTAwNDE2MzAw
-NlowFjEUMBIGA1UEAwwLY3VrZS1tYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQC9e8bGIHOLOypKA4lsLcAOcDLAq+ICuVxn9Vg0No0m32Ok/K7G
-uEGtlC8RidObntblUwqdX2uP7mqAQm19j78UTl1KT97vMmmFrpVZ7oQvEm1FUq3t
-FBmJglthJrSbpdZjLf7a7eL1NnunkfBdI1DK9QL9ndMjNwZNFbXhld4fC5zuSr/L
-PxawSzTEsoTaB0Nw0DdRowaZgrPxc0hQsrj9OF20gTIJIYO7ctZzE/JJchmBzgI4
-CdfAYg7zNS+0oc0ylV0CWMerQtLICI6BtiQ482bCuGYJ00NlDcdjd3w+A2cj7PrH
-wH5UhtORL5Q6i9EfGGUCDbmfpiVD9Bd3ukbXAgMBAAGjXDBaMA4GA1UdDwEB/wQE
-AwIFoDAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/YBwkwKQYDVR0RBCIwIIIL
-Y3VrZS1tYXN0ZXKCCWxvY2FsaG9zdIIGY29uanVyMA0GCSqGSIb3DQEBCwUAA4IB
-AQBCepy6If67+sjuVnT9NGBmjnVaLa11kgGNEB1BZQnvCy0IN7gpLpshoZevxYDR
-3DnPAetQiZ70CSmCwjL4x6AVxQy59rRj0Awl9E1dgFTYI3JxxgLsI9ePdIRVEPnH
-dhXqPY5ZIZhvdHlLStjsXX7laaclEtMeWfSzxe4AmP/Sm/er4ks0gvLQU6/XJNIu
-RnRH59ZB1mZMsIv9Ii790nnioYFR54JmQu1JsIib77ZdSXIJmxAtraJSTLcZbU1E
-+SM3XCE423Xols7onyluMYDy3MCUTFwoVMRBcRWCAk5gcv6XvZDfLi6Zwdne6x3Y
-bGenr4vsPuSFsycM03/EcQDT
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIJAJnsrJ1+j9MhMA0GCSqGSIb3DQEBCwUAMD0xETAPBgNV
-BAoTCGN1Y3VtYmVyMRIwEAYDVQQLEwlDb25qdXIgQ0ExFDASBgNVBAMTC2N1a2Ut
-bWFzdGVyMB4XDTE1MTAwNzE2MzAwM1oXDTI1MTAwNDE2MzAwM1owPTERMA8GA1UE
-ChMIY3VjdW1iZXIxEjAQBgNVBAsTCUNvbmp1ciBDQTEUMBIGA1UEAxMLY3VrZS1t
-YXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsuZ06Ld4JDhxZ
-FcxKVxu7MTjXVv6W8pI7qFKmgr39aNqmDpKYJ1H9aM+r9zaTAeithpM4wJpVswkJ
-d0RSuKdm1LOx11yHLyZ1OvlPHFhsVWdZIQZ6R9srhPYBUCMem4sHR5IAcBBX+HkR
-35gaPYUl1uFV/9zCniekt92Kdta+it1WL7XinXTBURlhDawiD/kv1C9x6dICEJVe
-IT/jRohmqHAoM/JSOQTthaDli3Qvu5K8XAx8UXvWVmv3eStZFVDbC4ZEueRd9KAe
-4IZ5FxdpFYkPBgt2lBYeydYKRShyYrDKye1uJBDkeplNaYW4cS4mOhYuRkdKn7MH
-uY/xb1lFAgMBAAGjgYkwgYYwKQYDVR0RBCIwIIILY3VrZS1tYXN0ZXKCCWxvY2Fs
-aG9zdIIGY29uanVyMB0GA1UdDgQWBBRHpGF7aQbHdORYgQKDC2hV6NzEKzAfBgNV
-HSMEGDAWgBRHpGF7aQbHdORYgQKDC2hV6NzEKzAMBgNVHRMEBTADAQH/MAsGA1Ud
-DwQEAwIB5jANBgkqhkiG9w0BAQsFAAOCAQEAGZT9Wek1hYluIVaxu03wSKCKIJ4p
-KxTHw+mLDapg1y9t3Fa/5IQQK0Bx0xGU2qWiQKjda3vdFPJWO6l6XJvsUY5Nwtm5
-Gcsk8l3L/zWCrjrFTH3TdVad5E+DTwVhThelmEjw68AyM+WuOL61j0MItd9mLW74
-Lv2zouj9nQBdnUBHWQ0EL/9d5cfaCVu/bFlDfYt7Yj0IzXCuaWZfJeHodU1hmqVX
-BvYRjnTB2LSxfmSnkrCeFPmhE11bWVtsLIdrGIgtEMX0/s9xg58QuNnva1U3pJsW
-RjvSxre4Xg2qlI9Laybb4oZ4g6DI8hRbL0VdFAsveg6SXg2RxgJcXeJUFw==
------END CERTIFICATE-----
-"""
-        end
-
-        it 'adds both to the store' do
-          expect(store).to receive(:add_cert).twice
-          expect(subject).to be_truthy
-        end
-      end
-
-    end
-
-    context 'when cert file is not readable' do
-      let(:cert_file) { '/path/to/not_cert.pem' }
-      let(:ssl_certificate) { nil }
-
-      context 'raises ENOENT when cert file does not exist' do
-        let(:cert_exists) { false }
-        it 'raises the exception' do
-          expect{subject}.to raise_error(Errno::ENOENT)
-        end
-      end
-
-      context "raises EPERM when cert file does not have read permission" do
-        let(:cert_readable) {false}
-        it 'raises the exception' do
-          expect{subject}.to raise_error(Errno::EPERM)
-        end
-      end
-
-    end
-
-  end
-end

data/spec/has_attributes_spec.rb

@@ -1,63 +0,0 @@
-require 'spec_helper'
-
-describe Conjur::HasAttributes do
-  class ObjectWithAttributes
-    include Conjur::HasAttributes
-
-    def id; "the-object"; end
-    def credentials; {}; end
-    def username; 'alice'; end
-    def url; 'http://example.com/the-object'; end
-  end
-
-  def new_object
-    ObjectWithAttributes.new
-  end
-
-  let(:object) { new_object }
-  let(:second_object) { new_object }
-  let(:attributes) { { 'id' => 'the-id' } }
-  let(:rbac_resource_resource) { double(:rbac_resource_resource, url: object.url) }
-
-  before {
-    allow(object).to receive(:url_for).with(:resources_resource, {}, "the-object").and_return(rbac_resource_resource)
-    allow(second_object).to receive(:url_for).with(:resources_resource, {}, "the-object").and_return(rbac_resource_resource)
-    expect(rbac_resource_resource).to receive(:get).with(no_args).and_return(double(:response, body: attributes.to_json))
-  }
-
-  it "should fetch attributes from the server" do
-    expect(object.attributes).to eq(attributes)
-  end
-
-  describe "caching" do
-    let(:cache) {
-      Struct.new(:dummy) do
-        def table; @table ||= Hash.new; end
-
-        def fetch_attributes cache_key, &block
-          table[cache_key] || table[cache_key] = yield
-        end
-      end.new
-    }
-
-    around do |example|
-      saved = Conjur.cache
-      Conjur.cache = cache
-
-      begin
-        example.run
-      ensure
-        Conjur.cache = saved
-      end
-    end
-    context "enabled" do
-      it "caches the attributes across objects" do
-        expect(object.attributes).to eq(attributes)
-        expect(second_object.attributes).to eq(attributes)
-        expect(cache.table).to eq({
-          "alice.http://example.com/the-object" => attributes
-        })
-      end
-    end
-  end
-end

data/spec/helpers/errors_matcher.rb

@@ -1,34 +0,0 @@
-require 'rspec/expectations'
-
-RSpec::Matchers.define :raise_one_of do |*exn_classes|
-  supports_block_expectations
-
-  match do |block|
-    expect(&block).to raise_error do |error|
-      @actual_error = error
-      expect(exn_classes).to include error.class
-    end
-  end
-
-  failure_message do
-    "expected #{expected_error}#{given_error}"
-  end
-
-  define_method :expected_error do
-    "one of " + exn_classes.join(', ')
-  end
-
-  def given_error
-    return " but nothing was raised" unless @actual_error
-    backtrace = format_backtrace(@actual_error.backtrace)
-    [
-      ", got #{@actual_error.inspect} with backtrace:",
-      *backtrace
-    ].join("\n  # ")
-  end
-
-  def format_backtrace backtrace
-    formatter = RSpec::Matchers.configuration.backtrace_formatter
-    formatter.format_backtrace(backtrace)
-  end
-end

data/spec/helpers/request_helpers.rb

@@ -1,10 +0,0 @@
-# Helpers for REST client tests
-module RequestHelpers
-  def expect_request details, &block
-    expect(RestClient::Request).to receive(:execute).with(hash_including(details), &block)
-  end
-
-  def allow_request details, &block
-    allow(RestClient::Request).to receive(:execute).with(hash_including(details), &block)
-  end
-end

data/spec/id_spec.rb

@@ -1,29 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-describe Conjur::Id do
-  it 'requires the id to be fully qualified' do
-    expect { Conjur::Id.new 'foo:bar' }.to raise_error ArgumentError
-  end
-
-  it 'can be constructed from a string' do
-    id = Conjur::Id.new 'foo:bar:baz'
-    expect(id).to be
-    {
-      account: 'foo',
-      kind: 'bar',
-      identifier: 'baz'
-    }.each { |k, v| expect(id.send(k)).to eq v }
-  end
-
-  it 'can be constructed from an array' do
-    id = Conjur::Id.new %w(foo bar baz)
-    expect(id).to be
-    {
-      account: 'foo',
-      kind: 'bar',
-      identifier: 'baz'
-    }.each { |k, v| expect(id.send(k)).to eq v }
-  end
-end

data/spec/ldap_sync_spec.rb

@@ -1,21 +0,0 @@
-require 'spec_helper'
-
-describe Conjur::API, api: :dummy do
-  let(:router) { double('router', :get => "{}") }
-  before do
-    allow_any_instance_of(Conjur::API).to receive(:url_for).with(:ldap_sync_policy, any_args).and_return(router)
-  end
-
-  # verify that the method exists, and takes the correct argument.
-  describe '#ldap_sync_policy' do
-    context 'with default config' do
-      subject { api.ldap_sync_policy }
-      it { is_expected.to eq({})  }
-    end
-
-    context 'with a config specified' do
-      subject { api.ldap_sync_policy config_name: 'non-default-config' }
-      it { is_expected.to eq({}) }
-    end
-  end
-end

data/spec/log_source_spec.rb

@@ -1,13 +0,0 @@
-require 'spec_helper'
-
-describe Conjur::LogSource, logging: :temp, api: :dummy do
-  describe "#log" do
-    it "adds a username to the log" do
-      api.log do |log|
-        log << 'foo'
-      end
-
-      expect(log).to eq("[#{username}] foo\n")
-    end
-  end
-end

data/spec/log_spec.rb

@@ -1,42 +0,0 @@
-require 'spec_helper'
-require 'io/grab'
-require 'tempfile'
-
-describe Conjur do
-  describe '::log=' do
-    before { @old_log = Conjur.log }
-    let(:log) { double 'log' }
-    it "creates the log with given type and makes it available" do
-      allow(Conjur).to receive(:create_log).with(:param).and_return log
-      Conjur::log = :param
-      expect(Conjur::log).to eq(log)
-    end
-    after { Conjur.class_variable_set :@@log, @old_log }
-  end
-
-  describe '::create_log' do
-    let(:log) { Conjur::create_log param }
-    context "with 'stdout'" do
-      let(:param) { 'stdout' }
-      it "creates something which writes to STDOUT" do
-        expect($stdout.grab { log << "foo" }).to eq('foo')
-      end
-    end
-
-    context "with 'stderr'" do
-      let(:param) { 'stderr' }
-      it "creates something which writes to STDERR" do
-        expect($stderr.grab { log << "foo" }).to eq('foo')
-      end
-    end
-
-    context "with a filename" do
-      let(:tempfile) { Tempfile.new 'spec' }
-      let(:param) { tempfile.path }
-      it "creates something which writes to the file" do
-        log << "foo"
-        expect(tempfile.read).to eq("foo")
-      end
-    end
-  end
-end

data/spec/roles_spec.rb

@@ -1,24 +0,0 @@
-require 'spec_helper'
-
-describe Conjur::API do
-  describe '#role_name_from_username' do
-    let(:account) { "the-account" }
-    context "when username is" do
-      [
-        [ 'the-user', 'the-account:user:the-user' ],
-        [ 'host/the-host', 'the-account:host:the-host' ],
-        [ 'host/a/quite/long/host/name', 'the-account:host:a/quite/long/host/name' ],
-        [ 'newkind/host/name', 'the-account:newkind:host/name' ],
-      ].each do |p|
-        context "'#{p[0]}'" do
-          let(:username) { p[0] }
-
-          describe '#role_name_from_username' do
-            subject { Conjur::API.role_name_from_username username, account }
-            it { is_expected.to eq(p[1]) }
-          end
-        end
-      end
-    end
-  end
-end

data/spec/spec_helper.rb

@@ -1,113 +0,0 @@
-require 'simplecov'
-
-SimpleCov.start do
-  command_name "#{ENV['RUBY_VERSION']}"
-end
-
-require 'rubygems'
-$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
-$:.unshift File.join(File.dirname(__FILE__), "lib")
-
-# This file is copied to ~/spec when you run 'ruby script/generate rspec'
-# from the project root directory.
-ENV["CONJUR_ENV"] ||= 'test'
-
-# Allows loading of an environment config based on the environment
-require 'rspec'
-require 'securerandom'
-
-# Uncomment the next line to use webrat's matchers
-#require 'webrat/integrations/rspec-rails'
-
-RSpec.configure do |config|
-  config.before do
-    # test with a clean environment
-    stub_const 'ENV', 'CONJUR_ENV' => 'test'
-  end
-
-
-  # If you're not using ActiveRecord you should remove these
-  # lines, delete config/database.yml and disable :active_record
-  # in your config/boot.rb
-  #config.use_transactional_fixtures = true
-  #config.use_instantiated_fixtures  = false
-  #config.fixture_path = File.join(redmine_root, 'test', 'fixtures')
-
-  # == Fixtures
-  #
-  # You can declare fixtures for each example_group like this:
-  #   describe "...." do
-  #     fixtures :table_a, :table_b
-  #
-  # Alternatively, if you prefer to declare them only once, you can
-  # do so right here. Just uncomment the next line and replace the fixture
-  # names with your fixtures.
-  #
-  #
-  # If you declare global fixtures, be aware that they will be declared
-  # for all of your examples, even those that don't use them.
-  #
-  # You can also declare which fixtures to use (for example fixtures for test/fixtures):
-  #
-  # config.fixture_path = RAILS_ROOT + '/spec/fixtures/'
-  #
-  # == Mock Framework
-  #
-  # RSpec uses its own mocking framework by default. If you prefer to
-  # use mocha, flexmock or RR, uncomment the appropriate line:
-  #
-  # config.mock_with :mocha
-  # config.mock_with :flexmock
-  # config.mock_with :rr
-  #
-  # == Notes
-  #
-  # For more information take a look at Spec::Runner::Configuration and Spec::Runner
-end
-
-# This code will be run each time you run your specs.
-
-# Requires supporting files with custom matchers and macros, etc,
-# in ./support/ and its subdirectories.
-Dir[File.expand_path(File.join(File.dirname(__FILE__),'support','**','*.rb'))].each {|f| require f}
-
-shared_examples_for "http response" do
-  let(:http_response) { double(:response) }
-
-  before(:each) do
-    allow(http_response).to receive(:code).and_return 200
-    allow(http_response).to receive(:message).and_return nil
-    allow(http_response).to receive(:body).and_return http_json.to_json
-  end
-end
-
-require 'conjur/api'
-
-KIND="asset_kind"
-ID="unique_id"
-ROLE='<role>'
-MEMBER='<member>'
-PRIVILEGE='<privilege>'
-OWNER='<owner/userid>'
-ACCOUNT='<core_account>'
-OPTIONS={}
-
-shared_context api: :dummy do
-  let(:username) { "user" }
-  let(:api){ Conjur::API.new_from_key username, 'key' }
-  let(:authn_host) { 'http://authn.example.com' }
-  let(:core_host) { 'http://core.example.com' }
-  let(:credentials) { { headers: { authorization: "Token token=\"stub\"" } } } #, username: username } }
-  let(:account) { 'the-account' }
-
-  before do
-    allow(Conjur.configuration).to receive_messages account: account, core_url: core_host, authn_url: authn_host
-    allow(api).to receive_messages credentials: credentials
-  end
-end
-
-shared_context logging: :temp do
-  let(:logfile) { Tempfile.new("log") }
-  before { Conjur.log = logfile.path }
-  let(:log) { logfile.read }
-end