conjur-cli 2.6.0 → 4.1.0

data/spec/command/resources_spec.rb

@@ -2,22 +2,144 @@ require 'spec_helper'
 
 describe Conjur::Command::Resources, logged_in: true do
 
-  describe_command "resource:check food bacon fry" do
+  let (:full_resource_id) { [account, KIND, ID].join(":") }
+  let (:resource_instance) { double(attributes: resource_attributes) }
+  let (:resource_attributes) { { "some" => "attribute"} }
+
+  before :each do
+    api.stub(:resource).with(full_resource_id).and_return(resource_instance)
+  end 
+
+  def invoke_silently
+    expect { invoke }.to write
+  end
+
+  shared_examples 'it displays resource attributes' do
+    it "as JSON to stdout" do
+      JSON::parse( expect { invoke }.to write ).should == resource_attributes
+    end
+  end
+
+  shared_examples "it obtains resource by id" do
+    it 'id is built from kind and id' do
+      api.should_receive(:resource).with(%r{^[^:]*:#{KIND}:#{ID}$})
+      invoke_silently
+    end
+    it 'uses default account as a prefix' do
+      api.should_receive(:resource).with(%r{^#{account}:})
+      invoke_silently
+    end
+  end
+
+  describe_command "resource:create #{KIND}:#{ID}"  do
+    before :each do
+      resource_instance.stub(:create)
+    end
+    it "calls resource.create()" do
+      resource_instance.should_receive(:create)
+      invoke_silently
+    end
+    it_behaves_like "it obtains resource by id"
+    it_behaves_like "it displays resource attributes"
+  end
+
+  describe_command "resource:show #{KIND}:#{ID}" do
+    it_behaves_like "it obtains resource by id"
+    it_behaves_like "it displays resource attributes"
+  end
+
+  describe_command "resource:exists #{KIND}:#{ID}" do
+    before (:each) { 
+      resource_instance.stub(:exists?).and_return("true")
+    }
+    it_behaves_like "it obtains resource by id" 
+    it 'calls resource.exists?' do
+      resource_instance.should_receive(:exists?)
+      invoke_silently
+    end
+    context 'displays response of resource.exists? (true/false)' do
+      # NOTE: a bit redundant, but will be helpful in 'documentation' context
+      it 'true' do
+        resource_instance.stub(:exists?).and_return("true")
+        expect { invoke }.to write "true"
+      end
+      it 'false' do
+        resource_instance.stub(:exists?).and_return("false")
+        expect { invoke }.to write "false"
+      end
+    end
+  end
+
+  describe_command "resource:permit #{KIND}:#{ID} #{ROLE} #{PRIVILEGE}" do
+    before(:each) { resource_instance.stub(:permit).and_return(true) }
+    it_behaves_like "it obtains resource by id"
+    it "calls resource.permit(#{PRIVILEGE}, #{ROLE})" do
+      resource_instance.should_receive(:permit).with(PRIVILEGE, ROLE)
+      invoke_silently
+    end
+    it {  expect { invoke }.to write "Permission granted" }
+  end
+
+  describe_command "resource:deny #{KIND}:#{ID} #{ROLE} #{PRIVILEGE}" do
+    before(:each) { resource_instance.stub(:deny).and_return(true) }
+    it_behaves_like "it obtains resource by id"
+    it "calls resource.deny(#{PRIVILEGE},#{ROLE})" do
+      resource_instance.should_receive(:deny).with(PRIVILEGE, ROLE)
+      invoke_silently
+    end
+    it { expect { invoke }.to write "Permission revoked" }
+  end
+
+  describe_command "resource:check #{KIND}:#{ID} #{PRIVILEGE}" do
     it "performs a permission check for the logged-in user" do
-      api.should_receive(:resource).with("the-account:food:bacon").and_return bacon = double("the-account:food:bacon")
-      bacon.should_receive(:permitted?).with("fry")
+      api.should_receive(:resource).with("the-account:#{KIND}:#{ID}").and_return bacon = double("the-account:#{KIND}:#{ID}")
+      bacon.should_receive(:permitted?).with(PRIVILEGE)
       
       invoke
     end
   end
-  
-  describe_command "resource:check -r test:the-role food bacon fry" do
-    it "performs a permission check for a specified role" do
-      api.should_receive(:role).with("test:the-role").and_return role = double("the-account:test:the-role")
 
-      role.should_receive(:permitted?).with("food", "bacon", "fry")
-      
-      invoke
+  describe_command "resource:check -r #{ROLE} #{KIND}:#{ID} #{PRIVILEGE}" do
+    let (:role_instance) { double() }
+    let (:role_response) { "role response: true|false" }
+    let (:account) { ACCOUNT }
+    before(:each) { 
+      api.stub(:role).and_return(role_instance)
+      role_instance.stub(:permitted?).and_return(role_response)
+    }
+    it 'obtains role object by id' do
+      api.should_receive(:role).with(ROLE)
+      invoke_silently
+    end
+    it "calls role.permitted?('#{ACCOUNT}:#{KIND}:#{ID}', #{PRIVILEGE})" do
+      role_instance.should_receive(:permitted?).with([ACCOUNT,KIND,ID].join(":"),PRIVILEGE)
+      invoke_silently
+    end
+    it { expect { invoke }.to write role_response }
+  end
+
+  describe_command "resource:give #{KIND}:#{ID} #{OWNER}" do
+    before(:each) { resource_instance.stub(:give_to).and_return(true) }
+    it_behaves_like "it obtains resource by id"
+    it "calls resource.give_to(#{OWNER})" do
+      resource_instance.should_receive(:give_to).with(OWNER)
+      invoke_silently
+    end
+    it { expect { invoke }.to write "Ownership granted" }
+  end
+
+  describe_command "resource:permitted_roles #{KIND}:#{ID} #{PRIVILEGE}" do
+    let(:roles_list) { %W[klaatu barada nikto] }
+    before(:each) { 
+      resource_instance.stub(:permitted_roles).and_return(roles_list) 
+    }
+    it_behaves_like "it obtains resource by id"
+    it "calls resource.permitted_roles(#{PRIVILEGE}" do
+      resource_instance.should_receive(:permitted_roles)
+      invoke_silently
+    end
+    it "displays JSONised list of roles" do
+      JSON.parse( expect { invoke }.to write ).should == roles_list
     end
   end
-end
+end

data/spec/command/users_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+describe Conjur::Command::Users, logged_in: true do
+  let(:update_password_url) { "https://authn.example.com/users/password" }
+  
+  context "updating password" do
+    before do
+     RestClient::Request.should_receive(:execute).with(
+        method: :put,
+        url: update_password_url,
+        user: username, 
+        password: api_key,
+        headers: { },
+        payload: "new-password"
+      )
+    end
+    
+    describe_command "user:update_password -p new-password" do
+      it "PUTs the new password" do
+        invoke
+      end
+    end
+  
+    describe_command "user:update_password" do
+      it "PUTs the new password" do
+        Conjur::Command::Users.should_receive(:prompt_for_password).and_return "new-password"
+
+        invoke
+      end
+    end
+  end
+end

data/spec/command_spec.rb

@@ -0,0 +1,60 @@
+require 'spec_helper'
+
+describe Conjur::Command do
+  describe "provides id conversion functions as a class methods" do
+    describe "#full_resource_id(id)" do
+      describe  "injects account into brief ids" do
+        context "long id (3+ tokens)" do
+          it "returns id as is" do
+            described_class.full_resource_id("a:b:c").should == "a:b:c"
+          end
+        end 
+        context "brief id(2 tokens)" do
+          before(:each) { described_class.stub(:conjur_account).and_return("current/acc") }
+          it "injects current account as a prefix" do
+            described_class.full_resource_id("a:b").should == "current/acc:a:b"
+          end
+        end
+        context "malformed id (no separators)" do
+          it "breaks" do
+            expect  { described_class.full_resource_id("a") }.to raise_error
+            expect  { described_class.full_resource_id("nil") }.to raise_error
+          end
+        end
+      end
+    end
+    describe "#get_kind_and_id_from_args(args, [argname])" do
+      describe "extracts (kind, subid) from id" do
+        def subject *args 
+          described_class.get_kind_and_id_from_args(args) 
+        end
+        context "for brief ids(2 tokens)" do
+          it "token#1=> kind (dashes replaced with undescrores), token#2=>id" do
+            subject("the-kind:the-id").should == ['the_kind','the-id']
+          end
+        end
+        context "for long ids(3+ tokens)" do    
+          it "token #1=> ignored" do
+            subject("a:b:c:d").should_not include('a')
+          end
+          it "token #2=> kind (dashes replaced with underscores)" do
+            subject("a:the-kind:c:d")[0].should == "the_kind"
+          end
+          it "extracts remaining part (starting from 3rd token) as an id" do
+            subject("a:b:c-token:d-token")[1].should == "c-token:d-token"
+          end
+        end 
+        context "for too short input" do
+          it "breaks" do
+            expect { subject("a") }.to raise_error
+          end
+        end
+        context "for empty parameters" do
+          it "breaks" do
+            expect { subject() }.to raise_error
+          end
+        end
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -70,6 +70,16 @@ def post_response(id, attributes = {})
   })
 end
 
+# stub parameters to be used in resource/asset tests
+  KIND="asset_kind"
+  ID="unique_id" 
+  ROLE='<role>'
+  MEMBER='<member>'
+  PRIVILEGE='<privilege>'
+  OWNER='<owner/userid>'
+  ACCOUNT='<core_account>'
+
+
 require 'write_expectation'
 
 require 'conjur/cli'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-cli
 version: !ruby/object:Gem::Version
-  version: 2.6.0
+  version: 4.1.0
   prerelease: 
 platform: ruby
 authors:
@@ -10,24 +10,24 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-08-28 00:00:00.000000000 Z
+date: 2013-10-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: conjur-api
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ~>
+    - - ! '>='
       - !ruby/object:Gem::Version
-        version: '2.4'
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ~>
+    - - ! '>='
       - !ruby/object:Gem::Version
-        version: '2.4'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: gli
   requirement: !ruby/object:Gem::Requirement
@@ -215,6 +215,7 @@ files:
 - lib/conjur/cli.rb
 - lib/conjur/command.rb
 - lib/conjur/command/assets.rb
+- lib/conjur/command/audit.rb
 - lib/conjur/command/authn.rb
 - lib/conjur/command/field.rb
 - lib/conjur/command/groups.rb
@@ -227,12 +228,16 @@ files:
 - lib/conjur/command/variables.rb
 - lib/conjur/config.rb
 - lib/conjur/version.rb
+- spec/command/assets_spec.rb
+- spec/command/audit_spec.rb
 - spec/command/authn_spec.rb
 - spec/command/groups_spec.rb
 - spec/command/hosts_spec.rb
 - spec/command/resources_spec.rb
 - spec/command/roles_spec.rb
+- spec/command/users_spec.rb
 - spec/command/variables_spec.rb
+- spec/command_spec.rb
 - spec/spec_helper.rb
 - spec/write_expectation.rb
 homepage: https://github.com/inscitiv/cli-ruby
@@ -250,7 +255,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -4082547880357174583
+      hash: -1756527085096003511
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -259,7 +264,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -4082547880357174583
+      hash: -1756527085096003511
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.25
@@ -269,11 +274,15 @@ summary: Conjur command line interface
 test_files:
 - features/jsonfield.feature
 - features/support/env.rb
+- spec/command/assets_spec.rb
+- spec/command/audit_spec.rb
 - spec/command/authn_spec.rb
 - spec/command/groups_spec.rb
 - spec/command/hosts_spec.rb
 - spec/command/resources_spec.rb
 - spec/command/roles_spec.rb
+- spec/command/users_spec.rb
 - spec/command/variables_spec.rb
+- spec/command_spec.rb
 - spec/spec_helper.rb
 - spec/write_expectation.rb