conjur-api 2.1.7 → 2.1.8
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/conjur-api/version.rb +1 -1
- data/lib/conjur/acts_as_resource.rb +1 -1
- data/lib/conjur/acts_as_role.rb +1 -5
- data/lib/conjur/api.rb +4 -0
- data/lib/conjur/base.rb +1 -1
- data/lib/conjur/resource.rb +3 -3
- data/lib/conjur/standard_methods.rb +2 -1
- data/spec/lib/api_spec.rb +16 -0
- data/spec/lib/user_spec.rb +2 -5
- metadata +4 -4
data/lib/conjur-api/version.rb
CHANGED
@@ -2,7 +2,7 @@ module Conjur
|
|
2
2
|
module ActsAsResource
|
3
3
|
def resource
|
4
4
|
require 'conjur/resource'
|
5
|
-
Conjur::Resource.new(Conjur::Authz::API.host, self.options)[[
|
5
|
+
Conjur::Resource.new(Conjur::Authz::API.host, self.options)[[ core_conjur_account, 'resources', path_escape(resource_kind), path_escape(resource_id) ].join('/')]
|
6
6
|
end
|
7
7
|
|
8
8
|
def resource_kind
|
data/lib/conjur/acts_as_role.rb
CHANGED
@@ -1,17 +1,13 @@
|
|
1
1
|
module Conjur
|
2
2
|
module ActsAsRole
|
3
3
|
def roleid
|
4
|
-
[
|
4
|
+
[ core_conjur_account, role_kind, id ].join(':')
|
5
5
|
end
|
6
6
|
|
7
7
|
def role_kind
|
8
8
|
self.class.name.split('::')[-1].underscore
|
9
9
|
end
|
10
10
|
|
11
|
-
def conjur_account
|
12
|
-
Conjur::Core::API.conjur_account
|
13
|
-
end
|
14
|
-
|
15
11
|
def role
|
16
12
|
require 'conjur/role'
|
17
13
|
Conjur::Role.new(Conjur::Authz::API.host, self.options)[Conjur::API.parse_role_id(self.roleid).join('/')]
|
data/lib/conjur/api.rb
CHANGED
data/lib/conjur/base.rb
CHANGED
data/lib/conjur/resource.rb
CHANGED
@@ -30,7 +30,7 @@ module Conjur
|
|
30
30
|
|
31
31
|
def delete(options = {})
|
32
32
|
log do |logger|
|
33
|
-
logger << "Deleting resource #{kind}
|
33
|
+
logger << "Deleting resource #{kind}:#{identifier}"
|
34
34
|
unless options.empty?
|
35
35
|
logger << " with options #{options.to_json}"
|
36
36
|
end
|
@@ -41,7 +41,7 @@ module Conjur
|
|
41
41
|
def permit(privilege, role, options = {})
|
42
42
|
eachable(privilege).each do |p|
|
43
43
|
log do |logger|
|
44
|
-
logger << "Permitting #{p} on resource #{kind}
|
44
|
+
logger << "Permitting #{p} on resource #{kind}:#{identifier} by #{role}"
|
45
45
|
unless options.empty?
|
46
46
|
logger << " with options #{options.to_json}"
|
47
47
|
end
|
@@ -54,7 +54,7 @@ module Conjur
|
|
54
54
|
def deny(privilege, role, options = {})
|
55
55
|
eachable(privilege).each do |p|
|
56
56
|
log do |logger|
|
57
|
-
logger << "Denying #{p} on resource #{kind}
|
57
|
+
logger << "Denying #{p} on resource #{kind}:#{identifier} by #{role}"
|
58
58
|
unless options.empty?
|
59
59
|
logger << " with options #{options.to_json}"
|
60
60
|
end
|
@@ -6,7 +6,8 @@ module Conjur
|
|
6
6
|
|
7
7
|
def standard_create(host, type, id = nil, options = nil)
|
8
8
|
log do |logger|
|
9
|
-
logger << "Creating #{type}
|
9
|
+
logger << "Creating #{type}"
|
10
|
+
logger << " #{id}" if id
|
10
11
|
unless options.blank?
|
11
12
|
logger << " with options #{options.inspect}"
|
12
13
|
end
|
data/spec/lib/api_spec.rb
CHANGED
@@ -37,6 +37,22 @@ shared_examples_for "API endpoint" do
|
|
37
37
|
end
|
38
38
|
|
39
39
|
describe Conjur::API do
|
40
|
+
context "parse_role_id" do
|
41
|
+
subject { Conjur::API }
|
42
|
+
specify {
|
43
|
+
Conjur::Core::API.should_receive(:conjur_account).and_return 'ci'
|
44
|
+
subject.parse_role_id('foo:bar').should == [ 'ci', 'roles', 'foo', 'bar' ]
|
45
|
+
}
|
46
|
+
specify {
|
47
|
+
subject.parse_role_id('biz:foo:bar').should == [ 'biz', 'roles', 'foo', 'bar' ]
|
48
|
+
}
|
49
|
+
specify {
|
50
|
+
subject.parse_role_id('biz:foo:bar/12').should == [ 'biz', 'roles', 'foo', 'bar/12' ]
|
51
|
+
}
|
52
|
+
specify {
|
53
|
+
subject.parse_role_id('biz:foo:bar:12').should == [ 'biz', 'roles', 'foo', 'bar:12' ]
|
54
|
+
}
|
55
|
+
end
|
40
56
|
context "host construction" do
|
41
57
|
context "of authn service" do
|
42
58
|
let(:port_offset) { 0 }
|
data/spec/lib/user_spec.rb
CHANGED
@@ -19,20 +19,17 @@ describe Conjur::User do
|
|
19
19
|
lambda { user.roleid }.should raise_error
|
20
20
|
}
|
21
21
|
end
|
22
|
-
before {
|
23
|
-
Conjur.stub(:account).and_return 'ci'
|
24
|
-
}
|
25
22
|
it "connects to a Resource" do
|
26
23
|
require 'conjur/resource'
|
24
|
+
Conjur::Core::API.should_receive(:conjur_account).and_return 'ci'
|
27
25
|
Conjur::Resource.should_receive(:new).with(Conjur::Authz::API.host, credentials).and_return resource = double(:resource)
|
28
26
|
resource.should_receive(:[]).with("ci/resources/user/the-login")
|
29
27
|
|
30
28
|
user.resource
|
31
29
|
end
|
32
30
|
it "connects to a Role" do
|
33
|
-
user.stub(:roleid).and_return "ci:user:the-login"
|
34
|
-
|
35
31
|
require 'conjur/role'
|
32
|
+
Conjur::Core::API.should_receive(:conjur_account).and_return 'ci'
|
36
33
|
Conjur::Role.should_receive(:new).with(Conjur::Authz::API.host, credentials).and_return role = double(:role)
|
37
34
|
role.should_receive(:[]).with("ci/roles/user/the-login")
|
38
35
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-api
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.1.
|
4
|
+
version: 2.1.8
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2013-05-
|
13
|
+
date: 2013-05-15 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: rest-client
|
@@ -206,7 +206,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
206
206
|
version: '0'
|
207
207
|
segments:
|
208
208
|
- 0
|
209
|
-
hash:
|
209
|
+
hash: 3260339129685537425
|
210
210
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
211
211
|
none: false
|
212
212
|
requirements:
|
@@ -215,7 +215,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
215
215
|
version: '0'
|
216
216
|
segments:
|
217
217
|
- 0
|
218
|
-
hash:
|
218
|
+
hash: 3260339129685537425
|
219
219
|
requirements: []
|
220
220
|
rubyforge_project:
|
221
221
|
rubygems_version: 1.8.24
|