conjur-api 4.6.1 → 4.7.1

data/lib/conjur-api/version.rb

@@ -20,6 +20,6 @@
 #
 module Conjur
   class API
-    VERSION = "4.6.1"
+    VERSION = "4.7.1"
   end
 end

data/lib/conjur/annotations.rb

@@ -0,0 +1,78 @@
+module Conjur
+  # An Annotations instance acts like a Hash: you can fetch an annotation
+  # with '[]' and update with '[]=', 'each' it, and 'merge!' to do bulk updates
+  # (although merge! is not more efficient than setting each pair with '[]=').
+  class Annotations
+    include Enumerable
+    
+    # @api private
+    def initialize resource
+      @resource = resource
+    end
+    
+    # Get the value of the annotation with the given name
+    # @param [String,Symbol] name the annotation name, indifferent to whether it's
+    # a String or Symbol.
+    def [] name
+      annotations_hash[name.to_sym]
+    end
+    
+    # Set an annotation value
+    # @param [String, Symbol] name the annotation name
+    # @param [String] value the annotation value
+    def []= name, value
+      update_annotation name, value
+      value
+    end
+    
+    # Enumerate all annotations, yielding key,value pairs.
+    # @return [Conjur::Annotations] self
+    def each &blk
+      annotations_hash.each &blk
+      self
+    end
+
+    # Set annotations from key,value pairs in +hash+
+    # @param [#each] hash
+    # @return [Conjur::Annotations] self
+    def merge! hash
+      hash.each{|k,v| self[k] = v }
+      self
+    end
+    
+    # Return a proper hash containing a +copy+ of ourself.  Note that
+    # updates to this hash have no effect on the actual annotations.
+    # @return [Hash]
+    def to_h
+      annotations_hash.dup
+    end
+    
+    def to_s
+      annotations_hash.to_s
+    end
+    
+    def inspect
+      "<Annotations for #{@resource.resourceid}: #{to_s}>"
+    end
+    
+    protected
+    
+    def update_annotation name, value
+      @annotations_hash = nil
+      path = [@resource.account,'annotations', @resource.kind, @resource.identifier].join '/'
+      RestClient::Resource.new(Conjur::Authz::API.host, @resource.options)[path].put name: name, value: value
+    end
+    
+    def annotations_hash
+      @annotations_hash ||= fetch_annotations
+    end
+    
+    def fetch_annotations
+      {}.tap do |hash|
+        JSON.parse(@resource.get)['annotations'].each do |annotation|
+          hash[annotation['name'].to_sym] = annotation['value']
+        end
+      end
+    end
+  end
+end

data/lib/conjur/api.rb

@@ -51,6 +51,19 @@ class RestClient::Resource
     {}
   end
   
+  def conjur_api
+    Conjur::API.new_from_token token
+  end
+  
+  def token
+    authorization = options[:headers][:authorization]
+    if authorization && authorization.to_s[/^Token token="(.*)"/]
+      JSON.parse(Base64.decode64($1))
+    else
+      raise AuthorizationError.new("Authorization missing")
+    end
+  end
+
   def username
     options[:user] || options[:username]
   end

data/lib/conjur/api/resources.rb

@@ -35,7 +35,10 @@ module Conjur
     # Return all visible resources.
     # In opts you should pass an account to filter by, and optionally a kind.
     def resources opts = {}
-      Resource.all({ host: Conjur::Authz::API.host, credentials: credentials }.merge opts).map do |result|
+      opts = { host: Conjur::Authz::API.host, credentials: credentials }.merge opts
+      opts[:account] ||= Conjur.account
+      
+      Resource.all(opts).map do |result|
         resource(result['id']).tap do |r|
           r.attributes = result
         end

data/lib/conjur/resource.rb

@@ -18,6 +18,8 @@
 # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
+require 'conjur/annotations'
+
 module Conjur
   class Resource < RestClient::Resource
     include Exists
@@ -106,6 +108,12 @@ module Conjur
     rescue RestClient::ResourceNotFound
       false
     end
+    
+    # Return a Conjur::Annotations instance to read and manipulate our annotations.
+    def annotations
+      @annotations ||= Conjur::Annotations.new(self)
+    end
+    alias tags annotations
 
     # Returns all resources (optionally qualified by kind)
     # visible to the user with given credentials.
@@ -113,16 +121,22 @@ module Conjur
     # - host - authz url,
     # - credentials,
     # - account,
-    # - kind (optional).
+    # - kind (optional),
+    # - search (optional),
+    # - limit (optional),
+    # - offset (optional).
     def self.all opts = {}
       host, credentials, account, kind = opts.values_at(*[:host, :credentials, :account, :kind])
       fail ArgumentError, "host and account are required" unless [host, account].all?
 
       credentials ||= {}
 
-      path = "#{account}/resources"
+      path = "#{account}/resources" 
       path += "/#{kind}" if kind
+      query = opts.slice(:acting_as, :limit, :offset, :search)
+      path += "?#{query.to_query}" unless query.empty?
       resource = RestClient::Resource.new(host, credentials)[path]
+      
       JSON.parse resource.get
     end
 

data/spec/api/resources_spec.rb

@@ -33,13 +33,13 @@ describe Conjur::API, api: :dummy do
     }
     it "lists all resources" do
       expect(Conjur::Resource).to receive(:all)
-        .with(host: authz_host, credentials: api.credentials).and_return(resources)
+        .with(host: authz_host, account: account, credentials: api.credentials).and_return(resources)
 
       expect(api.resources.map(&:url)).to eql(ids.map { |id| api.resource(id).url })
     end
     it "can filter by kind" do
       expect(Conjur::Resource).to receive(:all)
-        .with(host: authz_host, credentials: api.credentials, kind: :chunky).and_return(resources)
+        .with(host: authz_host, account: account, credentials: api.credentials, kind: :chunky).and_return(resources)
 
       expect(api.resources(kind: :chunky).map(&:url)).to eql(ids.map { |id| api.resource(id).url })
     end

data/spec/lib/annotations_spec.rb

@@ -0,0 +1,102 @@
+require 'spec_helper'
+
+describe Conjur::Annotations do
+  let(:identifier){ 'the-resource-id' }
+  let(:kind){ 'some-kind' }
+  let(:account){ 'the-account' }
+  let(:resourceid){ [account, kind, identifier].join ':'}
+  let(:options){ { } }
+  let(:raw_annotations){ [{'name' => 'name', 'value' => 'bar'}, 
+                      {'name' => 'comment', 'value' => 'some comment'}] }
+  let(:resource_hash){ { 'annotations' => raw_annotations } }
+  let(:resource){ 
+    double('resource', account: account, 
+           kind: kind, identifier: identifier, 
+           options: options, resourceid: resourceid,
+           get: resource_hash.to_json) 
+  }
+  let(:annotations){ Conjur::Annotations.new(resource) }
+  
+  subject{ annotations }
+
+
+  let(:url){ "#{Conjur::Authz::API.host}/#{account}/annotations/#{kind}/#{identifier}" }
+
+  def expect_put_request url, payload
+    RestClient::Request.should_receive(:execute).with(
+      method: :put,
+      headers: {},
+      url: url,
+      payload: payload
+    )
+  end
+  
+  describe '[]' do
+    it "returns annotations" do
+      subject[:name].should == 'bar'
+      subject[:comment].should == 'some comment'
+      subject['comment'].should == subject[:comment]
+    end
+    
+    it "caches the get result" do
+      resource.should_receive(:get).exactly(1).times.and_return(resource_hash.to_json)
+      subject[:name]
+      subject[:name]
+    end
+  end
+  
+  describe '#each' do
+    it "yields each annotation pair" do
+      pairs = []
+      subject.each{|k,v| pairs << [k,v]}
+      pairs.should == [[:name, 'bar'], [:comment, 'some comment']]
+    end
+  end
+
+  it "is Enumerable" do
+    subject.should be_a(Enumerable)
+  end
+  
+  describe '#to_h' do
+    it "returns the correct hash" do
+      subject.to_h.should == {name: 'bar', comment: 'some comment'}
+    end
+    it "does not propagate modifications to the returned hash" do
+      RestClient::Request.should_not_receive(:execute)
+      subject.to_h[:name] = 'new name'
+      subject[:name].should == subject.to_h[:name]
+      subject[:name].should == "bar"
+    end
+  end
+  
+  describe "#merge!" do
+    let(:hash){ {blah: 'blahbah', zelda: 'link'} }
+    
+    it "makes a put request for each pair" do
+      hash.each do |k,v|
+        expect_put_request(url, name: k, value: v)
+      end
+      subject.merge! hash
+    end
+  end
+  
+  describe '[]=' do
+
+    it "makes a put request" do
+      expect_put_request url, name: :blah, value: 'boo'
+      subject[:blah] = 'boo'
+    end
+    
+    it "forces a fresh request for the annotations" do
+      expect_put_request(url, name: :foo, value: 'bar')
+      resource.should_receive(:get).exactly(2).times.and_return(resource_hash.to_json)
+      # One get request
+      subject[:name].should == 'bar'
+      # Update
+      subject[:foo] = 'bar'
+      # Second get request
+      subject[:name].should == 'bar'
+    end
+  end
+  
+end

data/spec/lib/api_spec.rb

@@ -214,6 +214,15 @@ describe Conjur::API do
         api.credentials.should == { headers: { authorization: "Token token=\"#{Base64.strict_encode64(token.to_json)}\"" }, username: login }
       end
     end
+    context "from logged-in RestClient::Resource" do
+      let(:token_encoded) { Base64.strict_encode64(token.to_json) }
+      let(:resource) { RestClient::Resource.new("http://example.com", { headers: { authorization: "Token token=\"#{token_encoded}\"" } })}
+      it "can construct a new API instance" do
+        api = resource.conjur_api
+        api.credentials[:headers][:authorization].should == "Token token=\"#{token_encoded}\""
+        api.credentials[:username].should == "bob"
+      end
+    end
   end
 
   describe "#role_from_username", logged_in: true do

data/spec/lib/resource_spec.rb

@@ -148,6 +148,16 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
       expect(Conjur::Resource.all host: authz_host, account: account, kind: :chunky)
         .to eql(%w(foo bar))
     end
+    
+    it "passes search, limit, and offset params" do
+      RestClient::Request.should_receive(:execute).with(
+        method: :get,
+        # Note that to_query sorts the keys
+        url: "http://authz.example.com/the-account/resources?limit=5&offset=6&search=something",
+        headers: {}
+      ).and_return '["foo", "bar"]'
+      Conjur::Resource.all(host: authz_host, account: account, search: 'something', limit:5, offset:6).should == %w(foo bar)
+    end
 
     it "uses the given authz url" do
       RestClient::Request.should_receive(:execute).with(

data/spec/spec_helper.rb

@@ -105,6 +105,7 @@ shared_context api: :dummy do
     Conjur::Core::API.stub host: core_host
     Conjur::Core::API.stub conjur_account: account
     Conjur::Audit::API.stub host:audit_host
+    Conjur.configuration.set :account, account
     api.stub credentials: credentials
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-api
 version: !ruby/object:Gem::Version
-  version: 4.6.1
+  version: 4.7.1
   prerelease: 
 platform: ruby
 authors:
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-02-28 00:00:00.000000000 Z
+date: 2014-03-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -214,6 +214,7 @@ files:
 - lib/conjur/acts_as_resource.rb
 - lib/conjur/acts_as_role.rb
 - lib/conjur/acts_as_user.rb
+- lib/conjur/annotations.rb
 - lib/conjur/api.rb
 - lib/conjur/api/audit.rb
 - lib/conjur/api/authn.rb
@@ -262,6 +263,7 @@ files:
 - spec/api/users_spec.rb
 - spec/api/variables_spec.rb
 - spec/cas_rest_client.rb
+- spec/lib/annotations_spec.rb
 - spec/lib/api_spec.rb
 - spec/lib/asset_spec.rb
 - spec/lib/audit_spec.rb
@@ -304,7 +306,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -564295811495519523
+      hash: 1666526476905320839
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.25
@@ -325,6 +327,7 @@ test_files:
 - spec/api/users_spec.rb
 - spec/api/variables_spec.rb
 - spec/cas_rest_client.rb
+- spec/lib/annotations_spec.rb
 - spec/lib/api_spec.rb
 - spec/lib/asset_spec.rb
 - spec/lib/audit_spec.rb