conjur-api 4.8.0 → 4.9.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +1 -0
- data/conjur-api.gemspec +1 -1
- data/lib/conjur-api/version.rb +1 -1
- data/lib/conjur/acts_as_resource.rb +5 -2
- data/lib/conjur/annotations.rb +26 -4
- data/lib/conjur/api.rb +5 -0
- data/lib/conjur/api/layers.rb +17 -0
- data/lib/conjur/api/pubkeys.rb +54 -0
- data/lib/conjur/group.rb +2 -0
- data/lib/conjur/has_attributes.rb +3 -3
- data/lib/conjur/layer-api.rb +9 -0
- data/lib/conjur/layer.rb +37 -0
- data/lib/conjur/pubkeys-api.rb +38 -0
- data/lib/conjur/resource.rb +10 -5
- data/lib/conjur/role.rb +4 -0
- data/lib/conjur/standard_methods.rb +5 -2
- data/spec/api/layer_spec.rb +16 -0
- data/spec/api/pubkeys_spec.rb +66 -0
- data/spec/lib/annotations_spec.rb +14 -11
- data/spec/lib/resource_spec.rb +1 -1
- metadata +20 -5
data/.gitignore
CHANGED
data/conjur-api.gemspec
CHANGED
@@ -24,7 +24,7 @@ Gem::Specification.new do |gem|
|
|
24
24
|
|
25
25
|
gem.add_development_dependency 'rake'
|
26
26
|
gem.add_development_dependency 'spork'
|
27
|
-
gem.add_development_dependency 'rspec'
|
27
|
+
gem.add_development_dependency 'rspec', '>= 2.14', '< 3.0'
|
28
28
|
gem.add_development_dependency 'webmock'
|
29
29
|
gem.add_development_dependency 'ci_reporter'
|
30
30
|
gem.add_development_dependency 'simplecov'
|
data/lib/conjur-api/version.rb
CHANGED
@@ -18,6 +18,10 @@
|
|
18
18
|
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
19
|
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
20
|
#
|
21
|
+
|
22
|
+
require 'active_support/dependencies/autoload'
|
23
|
+
require 'active_support/core_ext'
|
24
|
+
|
21
25
|
module Conjur
|
22
26
|
module ActsAsResource
|
23
27
|
def resource
|
@@ -31,7 +35,6 @@ module Conjur
|
|
31
35
|
end
|
32
36
|
|
33
37
|
def resource_kind
|
34
|
-
require 'active_support/core_ext'
|
35
38
|
self.class.name.split("::")[-1].underscore.split('/').join('-')
|
36
39
|
end
|
37
40
|
|
@@ -52,4 +55,4 @@ module Conjur
|
|
52
55
|
resource.deny privilege, role
|
53
56
|
end
|
54
57
|
end
|
55
|
-
end
|
58
|
+
end
|
data/lib/conjur/annotations.rb
CHANGED
@@ -1,3 +1,23 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (C) 2013 Conjur Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
+
# this software and associated documentation files (the "Software"), to deal in
|
6
|
+
# the Software without restriction, including without limitation the rights to
|
7
|
+
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
+
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
+
# subject to the following conditions:
|
10
|
+
#
|
11
|
+
# The above copyright notice and this permission notice shall be included in all
|
12
|
+
# copies or substantial portions of the Software.
|
13
|
+
#
|
14
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
+
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
+
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
+
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
+
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
+
#
|
1
21
|
module Conjur
|
2
22
|
# An Annotations instance acts like a Hash: you can fetch an annotation
|
3
23
|
# with '[]' and update with '[]=', 'each' it, and 'merge!' to do bulk updates
|
@@ -58,9 +78,11 @@ module Conjur
|
|
58
78
|
protected
|
59
79
|
|
60
80
|
def update_annotation name, value
|
61
|
-
@
|
62
|
-
|
63
|
-
|
81
|
+
@resource.invalidate do
|
82
|
+
@annotations_hash = nil
|
83
|
+
path = [@resource.account,'annotations', @resource.kind, @resource.identifier].join '/'
|
84
|
+
RestClient::Resource.new(Conjur::Authz::API.host, @resource.options)[path].put name: name, value: value
|
85
|
+
end
|
64
86
|
end
|
65
87
|
|
66
88
|
def annotations_hash
|
@@ -69,7 +91,7 @@ module Conjur
|
|
69
91
|
|
70
92
|
def fetch_annotations
|
71
93
|
{}.tap do |hash|
|
72
|
-
|
94
|
+
@resource.attributes['annotations'].each do |annotation|
|
73
95
|
hash[annotation['name'].to_sym] = annotation['value']
|
74
96
|
end
|
75
97
|
end
|
data/lib/conjur/api.rb
CHANGED
@@ -18,6 +18,9 @@
|
|
18
18
|
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
19
|
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
20
|
#
|
21
|
+
require 'active_support'
|
22
|
+
require 'active_support/deprecation'
|
23
|
+
|
21
24
|
require 'conjur/cast'
|
22
25
|
require 'conjur/configuration'
|
23
26
|
require 'conjur/env'
|
@@ -35,6 +38,8 @@ require 'conjur/authn-api'
|
|
35
38
|
require 'conjur/authz-api'
|
36
39
|
require 'conjur/audit-api'
|
37
40
|
require 'conjur/core-api'
|
41
|
+
require 'conjur/layer-api'
|
42
|
+
require 'conjur/pubkeys-api'
|
38
43
|
require 'conjur-api/version'
|
39
44
|
|
40
45
|
class RestClient::Resource
|
@@ -0,0 +1,17 @@
|
|
1
|
+
require 'conjur/layer'
|
2
|
+
|
3
|
+
module Conjur
|
4
|
+
class API
|
5
|
+
def create_layer(id, options = {})
|
6
|
+
standard_create Conjur::API.layer_asset_host, :layer, id, options
|
7
|
+
end
|
8
|
+
|
9
|
+
def layers(options = {})
|
10
|
+
standard_list Conjur::API.layer_asset_host, :layer, options
|
11
|
+
end
|
12
|
+
|
13
|
+
def layer id
|
14
|
+
standard_show Conjur::API.layer_asset_host, :layer, id
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,54 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (C) 2013 Conjur Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
+
# this software and associated documentation files (the "Software"), to deal in
|
6
|
+
# the Software without restriction, including without limitation the rights to
|
7
|
+
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
+
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
+
# subject to the following conditions:
|
10
|
+
#
|
11
|
+
# The above copyright notice and this permission notice shall be included in all
|
12
|
+
# copies or substantial portions of the Software.
|
13
|
+
#
|
14
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
+
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
+
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
+
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
+
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
+
#
|
21
|
+
|
22
|
+
module Conjur
|
23
|
+
class API
|
24
|
+
# Return all of a user's public keys, as a newline delimited string
|
25
|
+
# (the format expected by authorized-keys)
|
26
|
+
def public_keys username
|
27
|
+
public_keys_resource(username).get
|
28
|
+
end
|
29
|
+
|
30
|
+
# Return a specific public key for a given user and key name
|
31
|
+
def public_key username, keyname
|
32
|
+
public_keys_resource(username, keyname).get
|
33
|
+
end
|
34
|
+
|
35
|
+
# Add a public key for the given user
|
36
|
+
def add_public_key username, key
|
37
|
+
public_keys_resource(username).post key
|
38
|
+
end
|
39
|
+
|
40
|
+
# Delete a public key for the given user and key name
|
41
|
+
def delete_public_key username, keyname
|
42
|
+
public_keys_resource(username, keyname).delete
|
43
|
+
end
|
44
|
+
|
45
|
+
protected
|
46
|
+
def public_keys_resource *path
|
47
|
+
RestClient::Resource.new(Conjur::API.pubkeys_asset_host, credentials)[public_keys_path *path]
|
48
|
+
end
|
49
|
+
|
50
|
+
def public_keys_path *args
|
51
|
+
args.map{|a| fully_escape(a)}.join('/')
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
data/lib/conjur/group.rb
CHANGED
data/lib/conjur/layer.rb
ADDED
@@ -0,0 +1,37 @@
|
|
1
|
+
module Conjur
|
2
|
+
class Layer < RestClient::Resource
|
3
|
+
include ActsAsAsset
|
4
|
+
include ActsAsRole
|
5
|
+
|
6
|
+
def add_host(hostid)
|
7
|
+
hostid = cast(hostid, :roleid)
|
8
|
+
log do |logger|
|
9
|
+
logger << "Adding host #{hostid} to layer #{id}"
|
10
|
+
end
|
11
|
+
invalidate do
|
12
|
+
RestClient::Resource.new(self['hosts'].url, options).post(hostid: hostid)
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
def remove_host(hostid)
|
17
|
+
hostid = cast(hostid, :roleid)
|
18
|
+
log do |logger|
|
19
|
+
logger << "Removing host #{hostid} from layer #{id}"
|
20
|
+
end
|
21
|
+
invalidate do
|
22
|
+
RestClient::Resource.new(self["hosts/#{fully_escape hostid}"].url, options).delete
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
# Lists the roles that have been granted access to the hosts owned roles.
|
27
|
+
def hosts_members(role_name)
|
28
|
+
owned_role(role_name).members
|
29
|
+
end
|
30
|
+
|
31
|
+
def hosts
|
32
|
+
self.attributes['hosts'].collect do |id|
|
33
|
+
Conjur::Host.new(Conjur::API.core_asset_host, options)["hosts/#{fully_escape id}"]
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (C) 2013 Conjur Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
+
# this software and associated documentation files (the "Software"), to deal in
|
6
|
+
# the Software without restriction, including without limitation the rights to
|
7
|
+
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
+
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
+
# subject to the following conditions:
|
10
|
+
#
|
11
|
+
# The above copyright notice and this permission notice shall be included in all
|
12
|
+
# copies or substantial portions of the Software.
|
13
|
+
#
|
14
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
+
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
+
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
+
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
+
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
+
#
|
21
|
+
require 'conjur/api'
|
22
|
+
require 'conjur/configuration'
|
23
|
+
|
24
|
+
class Conjur::Configuration
|
25
|
+
add_option :pubkeys_url do
|
26
|
+
account_service_url 'pubkeys', 400
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
class Conjur::API
|
31
|
+
class << self
|
32
|
+
def pubkeys_asset_host
|
33
|
+
Conjur.configuration.pubkeys_url
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
require 'conjur/api/pubkeys'
|
data/lib/conjur/resource.rb
CHANGED
@@ -39,7 +39,7 @@ module Conjur
|
|
39
39
|
|
40
40
|
def create(options = {})
|
41
41
|
log do |logger|
|
42
|
-
logger << "Creating resource #{
|
42
|
+
logger << "Creating resource #{resourceid}"
|
43
43
|
unless options.empty?
|
44
44
|
logger << " with options #{options.to_json}"
|
45
45
|
end
|
@@ -60,7 +60,7 @@ module Conjur
|
|
60
60
|
|
61
61
|
def delete(options = {})
|
62
62
|
log do |logger|
|
63
|
-
logger << "Deleting resource #{
|
63
|
+
logger << "Deleting resource #{resourceid}"
|
64
64
|
unless options.empty?
|
65
65
|
logger << " with options #{options.to_json}"
|
66
66
|
end
|
@@ -72,7 +72,7 @@ module Conjur
|
|
72
72
|
role = cast(role, :roleid)
|
73
73
|
eachable(privilege).each do |p|
|
74
74
|
log do |logger|
|
75
|
-
logger << "Permitting #{p} on resource #{
|
75
|
+
logger << "Permitting #{p} on resource #{resourceid} by #{role}"
|
76
76
|
unless options.empty?
|
77
77
|
logger << " with options #{options.to_json}"
|
78
78
|
end
|
@@ -91,7 +91,7 @@ module Conjur
|
|
91
91
|
role = cast(role, :roleid)
|
92
92
|
eachable(privilege).each do |p|
|
93
93
|
log do |logger|
|
94
|
-
logger << "Denying #{p} on resource #{
|
94
|
+
logger << "Denying #{p} on resource #{resourceid} by #{role}"
|
95
95
|
unless options.empty?
|
96
96
|
logger << " with options #{options.to_json}"
|
97
97
|
end
|
@@ -103,7 +103,12 @@ module Conjur
|
|
103
103
|
# True if the logged-in role, or a role specified using the acting-as option, has the
|
104
104
|
# specified +privilege+ on this resource.
|
105
105
|
def permitted?(privilege, options = {})
|
106
|
-
|
106
|
+
params = {
|
107
|
+
check: true,
|
108
|
+
privilege: query_escape(privilege)
|
109
|
+
}
|
110
|
+
params[:acting_as] = options[:acting_as] if options[:acting_as]
|
111
|
+
self["?#{params.to_query}"].get(options)
|
107
112
|
true
|
108
113
|
rescue RestClient::ResourceNotFound
|
109
114
|
false
|
data/lib/conjur/role.rb
CHANGED
@@ -58,11 +58,15 @@ module Conjur
|
|
58
58
|
end
|
59
59
|
end
|
60
60
|
|
61
|
+
alias memberships all
|
62
|
+
|
61
63
|
def member_of?(other_role)
|
62
64
|
other_role = cast(other_role, :roleid)
|
63
65
|
not all(filter: other_role).empty?
|
64
66
|
end
|
65
67
|
|
68
|
+
# @param [Hash] options
|
69
|
+
# * *admin_option* enables the +member+ to manage members of this role
|
66
70
|
def grant_to(member, options={})
|
67
71
|
member = cast(member, :roleid)
|
68
72
|
log do |logger|
|
@@ -18,9 +18,12 @@
|
|
18
18
|
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
19
|
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
20
|
#
|
21
|
+
|
22
|
+
require 'active_support/dependencies/autoload'
|
23
|
+
require 'active_support/core_ext'
|
24
|
+
|
21
25
|
module Conjur
|
22
26
|
module StandardMethods
|
23
|
-
require 'active_support/core_ext'
|
24
27
|
|
25
28
|
protected
|
26
29
|
|
@@ -52,4 +55,4 @@ module Conjur
|
|
52
55
|
"Conjur::#{type.to_s.classify}".constantize.new(host, credentials)[ [type.to_s.pluralize, fully_escape(id)].join('/') ]
|
53
56
|
end
|
54
57
|
end
|
55
|
-
end
|
58
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'webmock/rspec'
|
3
|
+
|
4
|
+
describe Conjur::Layer do
|
5
|
+
subject { Conjur::Layer.new 'http://example.com/layers/my%2Flayername', nil }
|
6
|
+
|
7
|
+
describe "#add_host" do
|
8
|
+
it "casts Host to roleid" do
|
9
|
+
host = double(:host)
|
10
|
+
host.should_receive(:roleid).and_return "the-hostid"
|
11
|
+
stub_request(:post, "http://example.com/layers/my%2Flayername/hosts").with(hostid: "the-hostid")
|
12
|
+
|
13
|
+
subject.add_host host
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,66 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (C) 2013 Conjur Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
+
# this software and associated documentation files (the "Software"), to deal in
|
6
|
+
# the Software without restriction, including without limitation the rights to
|
7
|
+
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
+
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
+
# subject to the following conditions:
|
10
|
+
#
|
11
|
+
# The above copyright notice and this permission notice shall be included in all
|
12
|
+
# copies or substantial portions of the Software.
|
13
|
+
#
|
14
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
+
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
+
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
+
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
+
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
+
#
|
21
|
+
require 'spec_helper'
|
22
|
+
|
23
|
+
describe Conjur::API, api: :dummy do
|
24
|
+
let(:pubkeys_url){ "http://pubkeys.example.com/api/pubkeys" }
|
25
|
+
def pubkeys_url_for *path
|
26
|
+
[pubkeys_url, path.map{|p| CGI.escape(p)} ].join("/")
|
27
|
+
end
|
28
|
+
|
29
|
+
before do
|
30
|
+
Conjur::API.stub(pubkeys_asset_host: pubkeys_url)
|
31
|
+
end
|
32
|
+
|
33
|
+
describe "#public_keys" do
|
34
|
+
it "GETs /:username" do
|
35
|
+
RestClient::Request.should_receive(:execute).with(
|
36
|
+
url: pubkeys_url_for("bob"),
|
37
|
+
method: :get,
|
38
|
+
headers: credentials[:headers],
|
39
|
+
).and_return "key key key"
|
40
|
+
expect(api.public_keys("bob")).to eq("key key key")
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
describe "#add_public_key" do
|
45
|
+
it "POSTs /:username with the data" do
|
46
|
+
RestClient::Request.should_receive(:execute).with(
|
47
|
+
url: pubkeys_url_for("bob"),
|
48
|
+
method: :post,
|
49
|
+
headers: credentials[:headers],
|
50
|
+
payload: "key data",
|
51
|
+
)
|
52
|
+
api.add_public_key("bob", "key data")
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
describe "#delete_public_key" do
|
57
|
+
it "DELETEs /:username/:keyname" do
|
58
|
+
RestClient::Request.should_receive(:execute).with(
|
59
|
+
url: pubkeys_url_for("bob", "bob-key"),
|
60
|
+
method: :delete,
|
61
|
+
headers: credentials[:headers]
|
62
|
+
)
|
63
|
+
api.delete_public_key("bob", "bob-key")
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
@@ -8,17 +8,17 @@ describe Conjur::Annotations do
|
|
8
8
|
let(:options){ { } }
|
9
9
|
let(:raw_annotations){ [{'name' => 'name', 'value' => 'bar'},
|
10
10
|
{'name' => 'comment', 'value' => 'some comment'}] }
|
11
|
-
let(:
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
11
|
+
let(:attributes){ { 'annotations' => raw_annotations } }
|
12
|
+
|
13
|
+
let(:resource){
|
14
|
+
double('resource', attributes: attributes, account: account,
|
15
|
+
kind: kind, identifier: identifier, resourceid: resourceid,
|
16
|
+
options: options
|
17
|
+
) }
|
18
|
+
|
18
19
|
let(:annotations){ Conjur::Annotations.new(resource) }
|
19
20
|
|
20
|
-
subject{ annotations }
|
21
|
-
|
21
|
+
subject { annotations }
|
22
22
|
|
23
23
|
let(:url){ "#{Conjur::Authz::API.host}/#{account}/annotations/#{kind}/#{identifier}" }
|
24
24
|
|
@@ -39,7 +39,7 @@ describe Conjur::Annotations do
|
|
39
39
|
end
|
40
40
|
|
41
41
|
it "caches the get result" do
|
42
|
-
resource.should_receive(:
|
42
|
+
resource.should_receive(:attributes).exactly(1).times.and_return(attributes)
|
43
43
|
subject[:name]
|
44
44
|
subject[:name]
|
45
45
|
end
|
@@ -76,6 +76,7 @@ describe Conjur::Annotations do
|
|
76
76
|
hash.each do |k,v|
|
77
77
|
expect_put_request(url, name: k, value: v)
|
78
78
|
end
|
79
|
+
resource.should_receive(:invalidate).exactly(hash.count).times.and_yield
|
79
80
|
subject.merge! hash
|
80
81
|
end
|
81
82
|
end
|
@@ -84,12 +85,14 @@ describe Conjur::Annotations do
|
|
84
85
|
|
85
86
|
it "makes a put request" do
|
86
87
|
expect_put_request url, name: :blah, value: 'boo'
|
88
|
+
resource.should_receive(:invalidate).and_yield
|
87
89
|
subject[:blah] = 'boo'
|
88
90
|
end
|
89
91
|
|
90
92
|
it "forces a fresh request for the annotations" do
|
91
93
|
expect_put_request(url, name: :foo, value: 'bar')
|
92
|
-
resource.should_receive(:
|
94
|
+
resource.should_receive(:attributes).exactly(2).times.and_return(attributes)
|
95
|
+
resource.should_receive(:invalidate).and_yield
|
93
96
|
# One get request
|
94
97
|
subject[:name].should == 'bar'
|
95
98
|
# Update
|
data/spec/lib/resource_spec.rb
CHANGED
@@ -120,7 +120,7 @@ describe Conjur::Resource, api: :dummy, logging: :temp do
|
|
120
120
|
it 'gets the ?permitted? action' do
|
121
121
|
RestClient::Request.should_receive(:execute).with(
|
122
122
|
method: :get,
|
123
|
-
url: uri + "/?check&privilege=fry",
|
123
|
+
url: uri + "/?check=true&privilege=fry",
|
124
124
|
headers: {}
|
125
125
|
)
|
126
126
|
subject.permitted? 'fry'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-api
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.9.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2014-
|
13
|
+
date: 2014-06-06 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: rest-client
|
@@ -83,7 +83,10 @@ dependencies:
|
|
83
83
|
requirements:
|
84
84
|
- - ! '>='
|
85
85
|
- !ruby/object:Gem::Version
|
86
|
-
version: '
|
86
|
+
version: '2.14'
|
87
|
+
- - <
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '3.0'
|
87
90
|
type: :development
|
88
91
|
prerelease: false
|
89
92
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -91,7 +94,10 @@ dependencies:
|
|
91
94
|
requirements:
|
92
95
|
- - ! '>='
|
93
96
|
- !ruby/object:Gem::Version
|
94
|
-
version: '
|
97
|
+
version: '2.14'
|
98
|
+
- - <
|
99
|
+
- !ruby/object:Gem::Version
|
100
|
+
version: '3.0'
|
95
101
|
- !ruby/object:Gem::Dependency
|
96
102
|
name: webmock
|
97
103
|
requirement: !ruby/object:Gem::Requirement
|
@@ -221,6 +227,8 @@ files:
|
|
221
227
|
- lib/conjur/api/deputies.rb
|
222
228
|
- lib/conjur/api/groups.rb
|
223
229
|
- lib/conjur/api/hosts.rb
|
230
|
+
- lib/conjur/api/layers.rb
|
231
|
+
- lib/conjur/api/pubkeys.rb
|
224
232
|
- lib/conjur/api/resources.rb
|
225
233
|
- lib/conjur/api/roles.rb
|
226
234
|
- lib/conjur/api/secrets.rb
|
@@ -245,9 +253,12 @@ files:
|
|
245
253
|
- lib/conjur/has_identifier.rb
|
246
254
|
- lib/conjur/has_owner.rb
|
247
255
|
- lib/conjur/host.rb
|
256
|
+
- lib/conjur/layer-api.rb
|
257
|
+
- lib/conjur/layer.rb
|
248
258
|
- lib/conjur/log.rb
|
249
259
|
- lib/conjur/log_source.rb
|
250
260
|
- lib/conjur/path_based.rb
|
261
|
+
- lib/conjur/pubkeys-api.rb
|
251
262
|
- lib/conjur/resource.rb
|
252
263
|
- lib/conjur/role.rb
|
253
264
|
- lib/conjur/role_grant.rb
|
@@ -258,6 +269,8 @@ files:
|
|
258
269
|
- spec/api/authn_spec.rb
|
259
270
|
- spec/api/groups_spec.rb
|
260
271
|
- spec/api/hosts_spec.rb
|
272
|
+
- spec/api/layer_spec.rb
|
273
|
+
- spec/api/pubkeys_spec.rb
|
261
274
|
- spec/api/resources_spec.rb
|
262
275
|
- spec/api/roles_spec.rb
|
263
276
|
- spec/api/secrets_spec.rb
|
@@ -307,7 +320,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
307
320
|
version: '0'
|
308
321
|
segments:
|
309
322
|
- 0
|
310
|
-
hash:
|
323
|
+
hash: 1491369076526143326
|
311
324
|
requirements: []
|
312
325
|
rubyforge_project:
|
313
326
|
rubygems_version: 1.8.25
|
@@ -322,6 +335,8 @@ test_files:
|
|
322
335
|
- spec/api/authn_spec.rb
|
323
336
|
- spec/api/groups_spec.rb
|
324
337
|
- spec/api/hosts_spec.rb
|
338
|
+
- spec/api/layer_spec.rb
|
339
|
+
- spec/api/pubkeys_spec.rb
|
325
340
|
- spec/api/resources_spec.rb
|
326
341
|
- spec/api/roles_spec.rb
|
327
342
|
- spec/api/secrets_spec.rb
|