conjur-cli 4.14.0 → 4.15.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -13
- data/CHANGELOG.md +5 -0
- data/bin/_conjur_completions.yaml +2 -0
- data/conjur.gemspec +4 -2
- data/features/step_definitions/dsl_steps.rb +1 -1
- data/lib/conjur/command.rb +17 -0
- data/lib/conjur/command/groups.rb +18 -0
- data/lib/conjur/command/hosts.rb +27 -1
- data/lib/conjur/command/init.rb +1 -1
- data/lib/conjur/command/rspec/describe_command.rb +1 -1
- data/lib/conjur/command/rspec/mock_services.rb +7 -7
- data/lib/conjur/command/rspec/output_matchers.rb +16 -38
- data/lib/conjur/command/users.rb +18 -0
- data/lib/conjur/command/variables.rb +17 -0
- data/lib/conjur/version.rb +1 -1
- data/spec/authn_spec.rb +9 -9
- data/spec/command/assets_spec.rb +20 -20
- data/spec/command/audit_spec.rb +9 -9
- data/spec/command/authn_spec.rb +8 -8
- data/spec/command/env_spec.rb +26 -26
- data/spec/command/groups_spec.rb +4 -4
- data/spec/command/hosts_spec.rb +2 -2
- data/spec/command/init_spec.rb +19 -10
- data/spec/command/layers_spec.rb +6 -6
- data/spec/command/policy_spec.rb +16 -16
- data/spec/command/pubkeys_spec.rb +9 -9
- data/spec/command/resources_spec.rb +26 -26
- data/spec/command/roles_spec.rb +14 -14
- data/spec/command/users_spec.rb +10 -10
- data/spec/command/variables_spec.rb +3 -3
- data/spec/command_spec.rb +7 -7
- data/spec/config_spec.rb +21 -21
- data/spec/dsl/runner_spec.rb +8 -8
- data/spec/env_spec.rb +45 -45
- metadata +59 -36
data/spec/command/audit_spec.rb
CHANGED
@@ -4,7 +4,7 @@ describe Conjur::Command::Audit, logged_in: true do
|
|
4
4
|
let(:events) { [{'foo' => 'bar', 'zelda' => 'link', 'abc' => 'xyz'}, {'some' => 'other event'}] }
|
5
5
|
|
6
6
|
def expect_api_call method, *args
|
7
|
-
api.
|
7
|
+
expect(api).to receive(method.to_sym).with(*args).and_return events
|
8
8
|
#described_class.should_receive(:show_audit_events).with(events, an_instance_of(Hash))
|
9
9
|
end
|
10
10
|
|
@@ -49,7 +49,7 @@ describe Conjur::Command::Audit, logged_in: true do
|
|
49
49
|
end
|
50
50
|
context "without an account" do
|
51
51
|
it_calls_the_api "audit:role bar:baz", :audit_role, 'the-conjur-account:bar:baz', {} do
|
52
|
-
Conjur::Command.
|
52
|
+
allow(Conjur::Command).to receive_messages(conjur_account: "the-conjur-account")
|
53
53
|
end
|
54
54
|
end
|
55
55
|
context "without enough tokens" do
|
@@ -68,7 +68,7 @@ describe Conjur::Command::Audit, logged_in: true do
|
|
68
68
|
end
|
69
69
|
context "an id with two tokens" do
|
70
70
|
it_calls_the_api "audit:resource foo:bar", :audit_resource, "the-conjur-account:foo:bar", {} do
|
71
|
-
Conjur::Command.
|
71
|
+
allow(Conjur::Command).to receive_messages(conjur_account: "the-conjur-account")
|
72
72
|
end
|
73
73
|
end
|
74
74
|
context "an id with one token" do
|
@@ -85,7 +85,7 @@ describe Conjur::Command::Audit, logged_in: true do
|
|
85
85
|
include_context "default audit behavior"
|
86
86
|
|
87
87
|
before {
|
88
|
-
api.
|
88
|
+
allow(api).to receive(:audit_event_feed).and_yield([audit_event])
|
89
89
|
}
|
90
90
|
|
91
91
|
describe_command "audit all" do
|
@@ -318,30 +318,30 @@ describe Conjur::Command::Audit, logged_in: true do
|
|
318
318
|
describe "limit and offset" do
|
319
319
|
let(:events) { (1 .. 5).map { |x| { event: x } } }
|
320
320
|
before {
|
321
|
-
api.
|
321
|
+
allow(api).to receive(:audit_event_feed).and_yield(events)
|
322
322
|
}
|
323
323
|
|
324
324
|
describe_command "audit all" do
|
325
325
|
it "prints all the elements" do
|
326
|
-
(expect { invoke }.to write).
|
326
|
+
expect(expect { invoke }.to write).to eq(events.map {|e| JSON.pretty_generate(e)}.join("\n")+"\n")
|
327
327
|
end
|
328
328
|
end
|
329
329
|
|
330
330
|
describe_command "audit all -l 2" do
|
331
331
|
it "prints only <limit> elements" do
|
332
|
-
(expect { invoke }.to write).
|
332
|
+
expect(expect { invoke }.to write).to eq(events[0..1].map {|e| JSON.pretty_generate(e)}.join("\n")+"\n")
|
333
333
|
end
|
334
334
|
end
|
335
335
|
|
336
336
|
describe_command "audit all -o 2" do
|
337
337
|
it "skips <offset> elements" do
|
338
|
-
(expect { invoke }.to write).
|
338
|
+
expect(expect { invoke }.to write).to eq(events[2..4].map {|e| JSON.pretty_generate(e)}.join("\n")+"\n")
|
339
339
|
end
|
340
340
|
end
|
341
341
|
|
342
342
|
describe_command "audit all -o 2 -l 2" do
|
343
343
|
it "skips <offset> elements and prints only <limit> of remaining part" do
|
344
|
-
(expect { invoke }.to write).
|
344
|
+
expect(expect { invoke }.to write).to eq(events[2..3].map {|e| JSON.pretty_generate(e)}.join("\n")+"\n")
|
345
345
|
end
|
346
346
|
end
|
347
347
|
|
data/spec/command/authn_spec.rb
CHANGED
@@ -1,36 +1,36 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe Conjur::Command::Authn do
|
4
|
-
context logged_in: false do
|
4
|
+
context "when not logged in", logged_in: false do
|
5
5
|
context "logging in" do
|
6
6
|
[ "authn:login", "authn login" ].each do |cmd|
|
7
7
|
before do
|
8
|
-
Conjur::Authn.
|
8
|
+
allow(Conjur::Authn).to receive(:write_credentials)
|
9
9
|
end
|
10
10
|
describe_command "#{cmd}" do
|
11
11
|
it "prompts for username and password and logs in the user" do
|
12
|
-
Conjur::Authn.
|
12
|
+
expect(Conjur::Authn).to receive(:ask_for_credentials).with({}).and_return [ "the-user", "the-api-key" ]
|
13
13
|
|
14
14
|
expect { invoke }.to write("Logged in")
|
15
15
|
end
|
16
16
|
end
|
17
17
|
describe_command "#{cmd} -u the-user" do
|
18
18
|
it "prompts for password and logs in the user" do
|
19
|
-
Conjur::Authn.
|
19
|
+
expect(Conjur::Authn).to receive(:ask_for_credentials).with({username: 'the-user'}).and_return [ "the-user", "the-api-key" ]
|
20
20
|
|
21
21
|
expect { invoke }.to write("Logged in")
|
22
22
|
end
|
23
23
|
end
|
24
24
|
describe_command "#{cmd} -u the-user -p the-password" do
|
25
25
|
it "logs in the user" do
|
26
|
-
Conjur::Authn.
|
26
|
+
expect(Conjur::Authn).to receive(:ask_for_credentials).with({username: 'the-user', password: 'the-password'}).and_return [ "the-user", "the-api-key" ]
|
27
27
|
|
28
28
|
expect { invoke }.to write("Logged in")
|
29
29
|
end
|
30
30
|
end
|
31
31
|
describe_command "#{cmd} -p the-password the-user" do
|
32
32
|
it "logs in the user" do
|
33
|
-
Conjur::Authn.
|
33
|
+
expect(Conjur::Authn).to receive(:ask_for_credentials).with({username: 'the-user', password: 'the-password'}).and_return [ "the-user", "the-api-key" ]
|
34
34
|
|
35
35
|
expect { invoke }.to write("Logged in")
|
36
36
|
end
|
@@ -45,11 +45,11 @@ describe Conjur::Command::Authn do
|
|
45
45
|
end
|
46
46
|
end
|
47
47
|
|
48
|
-
context logged_in: true do
|
48
|
+
context "when logged in", logged_in: true do
|
49
49
|
describe_command 'authn:logout' do
|
50
50
|
it "deletes credentials" do
|
51
51
|
expect { invoke }.to write("Logged out")
|
52
|
-
netrc[authn_host].
|
52
|
+
expect(netrc[authn_host]).not_to be
|
53
53
|
end
|
54
54
|
end
|
55
55
|
|
data/spec/command/env_spec.rb
CHANGED
@@ -5,34 +5,34 @@ require 'tempfile'
|
|
5
5
|
|
6
6
|
shared_examples_for "processes environment definition" do |cmd, options|
|
7
7
|
before { # suspend all interaction with the environment
|
8
|
-
Kernel.
|
8
|
+
allow(Kernel).to receive(:system).and_return(true)
|
9
9
|
}
|
10
10
|
let(:stub_object) { double(obtain:{}, check:{}) }
|
11
11
|
|
12
12
|
describe_command "env:#{cmd} #{options}" do
|
13
13
|
it "uses .conjurenv file by default" do
|
14
|
-
Conjur::Env.
|
14
|
+
expect(Conjur::Env).to receive(:new).with(file:".conjurenv").and_return(stub_object)
|
15
15
|
invoke
|
16
16
|
end
|
17
17
|
end
|
18
18
|
|
19
19
|
describe_command "env:#{cmd} -c somefile #{options}" do
|
20
20
|
it "uses desired file" do
|
21
|
-
Conjur::Env.
|
21
|
+
expect(Conjur::Env).to receive(:new).with(file:"somefile").and_return(stub_object)
|
22
22
|
invoke
|
23
23
|
end
|
24
24
|
end
|
25
25
|
|
26
26
|
describe_command "env:#{cmd} --yaml someyaml #{options}" do
|
27
27
|
it "uses inline yaml" do
|
28
|
-
Conjur::Env.
|
28
|
+
expect(Conjur::Env).to receive(:new).with(yaml:"someyaml").and_return(stub_object)
|
29
29
|
invoke
|
30
30
|
end
|
31
31
|
end
|
32
32
|
|
33
33
|
describe_command "env:#{cmd} -c somefile --yaml someyaml #{options}" do
|
34
34
|
it "refuses to accept mutually exclusive options" do
|
35
|
-
Conjur::Env.
|
35
|
+
expect(Conjur::Env).not_to receive(:new)
|
36
36
|
expect { invoke }.to raise_error /Options -c and --yaml can not be provided together/
|
37
37
|
end
|
38
38
|
end
|
@@ -45,11 +45,11 @@ describe Conjur::Command::Env, logged_in: true do
|
|
45
45
|
it_behaves_like "processes environment definition", "check", ''
|
46
46
|
|
47
47
|
describe_command "env:check" do
|
48
|
-
before { Conjur::Env.
|
48
|
+
before { expect(Conjur::Env).to receive(:new).and_return(stub_env) }
|
49
49
|
describe "without api errors" do
|
50
50
|
let(:stub_result) { { "a" => :available, "b"=> :available } }
|
51
51
|
before {
|
52
|
-
stub_env.
|
52
|
+
expect(stub_env).to receive(:check).with(an_instance_of(Conjur::API)).and_return(stub_result)
|
53
53
|
}
|
54
54
|
|
55
55
|
describe "if all variables are available" do
|
@@ -73,7 +73,7 @@ describe Conjur::Command::Env, logged_in: true do
|
|
73
73
|
end
|
74
74
|
end
|
75
75
|
it 'does not rescue unexpected errors' do
|
76
|
-
stub_env.
|
76
|
+
expect(stub_env).to receive(:check).with(an_instance_of(Conjur::API)) { raise "Custom error" }
|
77
77
|
expect { invoke }.to raise_error "Custom error"
|
78
78
|
end
|
79
79
|
end
|
@@ -83,27 +83,27 @@ describe Conjur::Command::Env, logged_in: true do
|
|
83
83
|
it_behaves_like "processes environment definition", "run","-- extcmd"
|
84
84
|
describe_command "env:run" do
|
85
85
|
it 'fails because of missing argument' do
|
86
|
-
Kernel.
|
86
|
+
expect(Kernel).not_to receive(:system)
|
87
87
|
expect { invoke }.to raise_error "External command with optional arguments should be provided"
|
88
88
|
end
|
89
89
|
end
|
90
90
|
describe_command "env:run -- extcmd --arg1 arg2" do
|
91
91
|
before {
|
92
|
-
Conjur::Env.
|
92
|
+
expect(Conjur::Env).to receive(:new).and_return(stub_env)
|
93
93
|
}
|
94
94
|
|
95
95
|
describe "if no errors are raised" do
|
96
96
|
let(:stub_result) { { "a" => "value_a", "b" => "value_b" } }
|
97
97
|
before {
|
98
|
-
stub_env.
|
98
|
+
expect(stub_env).to receive(:obtain).with(an_instance_of(Conjur::API)).and_return(stub_result)
|
99
99
|
}
|
100
100
|
it "performs #exec with environment (names in uppercase)" do
|
101
|
-
Kernel.
|
101
|
+
expect(Kernel).to receive(:system).with({"A"=>"value_a", "B"=>"value_b"}, "extcmd", "--arg1","arg2").and_return(true)
|
102
102
|
invoke
|
103
103
|
end
|
104
104
|
end
|
105
105
|
it "does not rescue unexpected errors" do
|
106
|
-
stub_env.
|
106
|
+
expect(stub_env).to receive(:obtain).with(an_instance_of(Conjur::API)) { raise "Custom error" }
|
107
107
|
expect { invoke }.to raise_error "Custom error"
|
108
108
|
end
|
109
109
|
end
|
@@ -112,17 +112,17 @@ describe Conjur::Command::Env, logged_in: true do
|
|
112
112
|
describe ":template" do
|
113
113
|
context do
|
114
114
|
before { # prevent real operation
|
115
|
-
File.
|
116
|
-
File.
|
117
|
-
ERB.
|
118
|
-
Tempfile.
|
119
|
-
FileUtils.
|
115
|
+
allow(File).to receive(:readable?).with("config.erb").and_return(true)
|
116
|
+
allow(File).to receive(:read).with("config.erb").and_return("template")
|
117
|
+
allow(ERB).to receive(:new).and_return(double(result:''))
|
118
|
+
allow(Tempfile).to receive(:new).and_return(double(write: true, close: true, path: 'somepath'))
|
119
|
+
allow(FileUtils).to receive(:copy).and_return(true)
|
120
120
|
}
|
121
121
|
it_behaves_like "processes environment definition", "template","config.erb"
|
122
122
|
end
|
123
123
|
describe_command "env:template" do
|
124
124
|
it 'fails because of missing argument' do
|
125
|
-
Tempfile.
|
125
|
+
expect(Tempfile).not_to receive(:new)
|
126
126
|
expect { invoke }.to raise_error "Location of readable ERB template should be provided"
|
127
127
|
end
|
128
128
|
end
|
@@ -133,18 +133,18 @@ other variable <%= conjurenv['b'] %>
|
|
133
133
|
"""
|
134
134
|
}
|
135
135
|
before {
|
136
|
-
File.
|
137
|
-
File.
|
138
|
-
Conjur::Env.
|
139
|
-
stub_env.
|
136
|
+
allow(File).to receive(:readable?).with("config.erb").and_return(true)
|
137
|
+
allow(File).to receive(:read).with("config.erb").and_return(erb_template)
|
138
|
+
expect(Conjur::Env).to receive(:new).and_return(stub_env)
|
139
|
+
expect(stub_env).to receive(:obtain).with(an_instance_of(Conjur::API)).and_return( {"a"=>"value_a","b"=>"value_b","c"=>"value_c"} )
|
140
140
|
}
|
141
141
|
|
142
142
|
it "creates persistent tempfile, saves rendered template into it, prints out name of the file" do
|
143
143
|
stubpath="/tmp/temp.file"
|
144
144
|
tempfile=double(close: true, path: stubpath)
|
145
|
-
Tempfile.
|
146
|
-
tempfile.
|
147
|
-
FileUtils.
|
145
|
+
expect(Tempfile).to receive(:new).and_return(tempfile)
|
146
|
+
expect(tempfile).to receive(:write).with("\nvariable value_a\nother variable value_b\n")
|
147
|
+
expect(FileUtils).to receive(:copy).with(stubpath,stubpath+'.saved') # avoid garbage collection
|
148
148
|
expect { invoke }.to write stubpath+".saved"
|
149
149
|
end
|
150
150
|
end
|
data/spec/command/groups_spec.rb
CHANGED
@@ -3,7 +3,7 @@ require 'spec_helper'
|
|
3
3
|
describe Conjur::Command::Groups, logged_in: true do
|
4
4
|
describe_command "group:members:add group user:alice" do
|
5
5
|
it "adds the role to the group" do
|
6
|
-
RestClient::Request.
|
6
|
+
expect(RestClient::Request).to receive(:execute).with(
|
7
7
|
method: :put,
|
8
8
|
url: "https://authz.example.com/the-account/roles/group/group/?members&member=user:alice",
|
9
9
|
headers: {},
|
@@ -15,7 +15,7 @@ describe Conjur::Command::Groups, logged_in: true do
|
|
15
15
|
|
16
16
|
describe_command "group:members:add -a group user:alice" do
|
17
17
|
it "adds the role to the group with admin option" do
|
18
|
-
RestClient::Request.
|
18
|
+
expect(RestClient::Request).to receive(:execute).with(
|
19
19
|
method: :put,
|
20
20
|
url: "https://authz.example.com/the-account/roles/group/group/?members&member=user:alice",
|
21
21
|
headers: {},
|
@@ -26,7 +26,7 @@ describe Conjur::Command::Groups, logged_in: true do
|
|
26
26
|
end
|
27
27
|
describe_command "group:members:add -a group alice" do
|
28
28
|
it "assumes that a nake member name is a user" do
|
29
|
-
RestClient::Request.
|
29
|
+
expect(RestClient::Request).to receive(:execute).with(
|
30
30
|
method: :put,
|
31
31
|
url: "https://authz.example.com/the-account/roles/group/group/?members&member=user:alice",
|
32
32
|
headers: {},
|
@@ -38,7 +38,7 @@ describe Conjur::Command::Groups, logged_in: true do
|
|
38
38
|
|
39
39
|
describe_command "group:members:add -r group alice" do
|
40
40
|
it "revokes the admin rights" do
|
41
|
-
RestClient::Request.
|
41
|
+
expect(RestClient::Request).to receive(:execute).with(
|
42
42
|
method: :put,
|
43
43
|
url: "https://authz.example.com/the-account/roles/group/group/?members&member=user:alice",
|
44
44
|
headers: {},
|
data/spec/command/hosts_spec.rb
CHANGED
@@ -5,7 +5,7 @@ describe Conjur::Command::Hosts, logged_in: true do
|
|
5
5
|
|
6
6
|
describe_command "host:create" do
|
7
7
|
it "lets the server assign the id" do
|
8
|
-
RestClient::Request.
|
8
|
+
expect(RestClient::Request).to receive(:execute).with(
|
9
9
|
method: :post,
|
10
10
|
url: collection_url,
|
11
11
|
headers: {},
|
@@ -17,7 +17,7 @@ describe Conjur::Command::Hosts, logged_in: true do
|
|
17
17
|
end
|
18
18
|
describe_command "host:create the-id" do
|
19
19
|
it "propagates the user-assigned id" do
|
20
|
-
RestClient::Request.
|
20
|
+
expect(RestClient::Request).to receive(:execute).with(
|
21
21
|
method: :post,
|
22
22
|
url: collection_url,
|
23
23
|
headers: {},
|
data/spec/command/init_spec.rb
CHANGED
@@ -49,28 +49,28 @@ describe Conjur::Command::Init do
|
|
49
49
|
|
50
50
|
context logged_in: false do
|
51
51
|
before {
|
52
|
-
File.
|
52
|
+
allow(File).to receive(:exists?).and_return false
|
53
53
|
}
|
54
54
|
|
55
55
|
context "auto-fetching fingerprint" do
|
56
56
|
before {
|
57
|
-
HighLine.
|
58
|
-
Conjur::Command::Init.
|
59
|
-
HighLine.
|
57
|
+
allow_any_instance_of(HighLine).to receive(:ask).with("Enter the hostname (and optional port) of your Conjur endpoint: ").and_return "the-host"
|
58
|
+
allow(Conjur::Command::Init).to receive_messages get_certificate: ["the-fingerprint", nil]
|
59
|
+
allow_any_instance_of(HighLine).to receive(:ask).with(/^Trust this certificate/).and_return "yes"
|
60
60
|
}
|
61
61
|
|
62
62
|
describe_command 'init' do
|
63
63
|
it "fetches account and writes config file" do
|
64
64
|
# Stub hostname
|
65
|
-
Conjur::Core::API.
|
66
|
-
File.
|
65
|
+
expect(Conjur::Core::API).to receive(:info).and_return "account" => "the-account"
|
66
|
+
expect(File).to receive(:open)
|
67
67
|
invoke
|
68
68
|
end
|
69
69
|
end
|
70
70
|
|
71
71
|
describe_command 'init -a the-account' do
|
72
72
|
it "writes config file" do
|
73
|
-
File.
|
73
|
+
expect(File).to receive(:open)
|
74
74
|
invoke
|
75
75
|
end
|
76
76
|
end
|
@@ -100,7 +100,7 @@ describe Conjur::Command::Init do
|
|
100
100
|
|
101
101
|
describe_command 'init -a the-account -h localhost -c the-cert' do
|
102
102
|
it "writes config and cert files" do
|
103
|
-
File.
|
103
|
+
expect(File).to receive(:open).twice
|
104
104
|
invoke
|
105
105
|
end
|
106
106
|
end
|
@@ -137,17 +137,26 @@ describe Conjur::Command::Init do
|
|
137
137
|
context "default behavior" do
|
138
138
|
describe_command "init -a the-account -h localhost -c the-cert" do
|
139
139
|
before(:each) {
|
140
|
-
File.
|
141
|
-
File.
|
140
|
+
allow(File).to receive(:expand_path).and_call_original
|
141
|
+
allow(File).to receive(:expand_path).with('~/.conjurrc').and_return("#{tmpdir}/.conjurrc")
|
142
142
|
}
|
143
143
|
|
144
144
|
include_examples "check config and cert files", "#{tmpdir}/.conjurrc"
|
145
|
+
it "prints the config file location" do
|
146
|
+
expect { invoke }.to write("Wrote configuration to #{tmpdir}/.conjurrc")
|
147
|
+
end
|
148
|
+
it "prints the cert location" do
|
149
|
+
expect { invoke }.to write("Wrote certificate to #{tmpdir}/conjur-the-account.pem")
|
150
|
+
end
|
145
151
|
end
|
146
152
|
end
|
147
153
|
|
148
154
|
context "explicit output file" do
|
149
155
|
describe_command "init -f #{tmpdir}/.conjurrc2 -a the-account -h localhost -c the-cert" do
|
150
156
|
include_examples "check config and cert files", File.join(tmpdir, ".conjurrc2")
|
157
|
+
it "prints the config file location" do
|
158
|
+
expect { invoke }.to write("Wrote configuration to #{tmpdir}/.conjurrc2")
|
159
|
+
end
|
151
160
|
end
|
152
161
|
end
|
153
162
|
|
data/spec/command/layers_spec.rb
CHANGED
@@ -6,16 +6,16 @@ describe Conjur::Command::Layers, logged_in: true do
|
|
6
6
|
[ "layer hosts add", "layer:hosts:add" ].each do |cmd|
|
7
7
|
describe_command "#{cmd} the-layer the-host" do
|
8
8
|
it "adds a host id to the layer" do
|
9
|
-
Conjur::API.
|
10
|
-
layer.
|
9
|
+
expect_any_instance_of(Conjur::API).to receive(:layer).with("the-layer").and_return layer
|
10
|
+
expect(layer).to receive(:add_host).with("the-account:host:the-host")
|
11
11
|
|
12
12
|
expect { invoke }.to write("Host added")
|
13
13
|
end
|
14
14
|
end
|
15
15
|
describe_command "#{cmd} the-layer host:the-host" do
|
16
16
|
it "adds a qualified host id to the layer" do
|
17
|
-
Conjur::API.
|
18
|
-
layer.
|
17
|
+
expect_any_instance_of(Conjur::API).to receive(:layer).with("the-layer").and_return layer
|
18
|
+
expect(layer).to receive(:add_host).with("host:the-host")
|
19
19
|
|
20
20
|
expect { invoke }.to write("Host added")
|
21
21
|
end
|
@@ -25,8 +25,8 @@ describe Conjur::Command::Layers, logged_in: true do
|
|
25
25
|
[ "layer hosts remove", "layer:hosts:remove" ].each do |cmd|
|
26
26
|
describe_command "#{cmd} the-layer the-host" do
|
27
27
|
it "adds a host to the layer" do
|
28
|
-
Conjur::API.
|
29
|
-
layer.
|
28
|
+
expect_any_instance_of(Conjur::API).to receive(:layer).with("the-layer").and_return layer
|
29
|
+
expect(layer).to receive(:remove_host).with("the-account:host:the-host")
|
30
30
|
|
31
31
|
expect { invoke }.to write("Host removed")
|
32
32
|
end
|
data/spec/command/policy_spec.rb
CHANGED
@@ -14,7 +14,7 @@ describe Conjur::Command::Policy do
|
|
14
14
|
end
|
15
15
|
end
|
16
16
|
|
17
|
-
context logged_in: true do
|
17
|
+
context "when logged in", logged_in: true do
|
18
18
|
let(:role) do
|
19
19
|
double("role", exists?: true, api_key: "the-api-key", roleid: "the-role")
|
20
20
|
end
|
@@ -22,31 +22,31 @@ describe Conjur::Command::Policy do
|
|
22
22
|
double("resource", exists?: true).as_null_object
|
23
23
|
end
|
24
24
|
before {
|
25
|
-
File.
|
26
|
-
File.
|
27
|
-
Conjur::DSL::Runner.
|
25
|
+
allow(File).to receive(:exists?).with("policy.rb").and_return true
|
26
|
+
allow(File).to receive(:read).with("policy.rb").and_return "{}"
|
27
|
+
allow_any_instance_of(Conjur::DSL::Runner).to receive(:api).and_return api
|
28
28
|
}
|
29
29
|
before {
|
30
|
-
api.
|
31
|
-
api.
|
32
|
-
api.
|
33
|
-
api.
|
30
|
+
allow(api).to receive(:role).and_call_original
|
31
|
+
allow(api).to receive(:resource).and_call_original
|
32
|
+
allow(api).to receive(:role).with("the-account:policy:#{collection}/the-policy-1.0.0").and_return role
|
33
|
+
allow(api).to receive(:resource).with("the-account:policy:#{collection}/the-policy-1.0.0").and_return resource
|
34
34
|
}
|
35
35
|
|
36
36
|
describe_command 'policy:load --collection the-collection http://example.com/policy.rb' do
|
37
37
|
let(:collection) { "the-collection" }
|
38
38
|
before {
|
39
|
-
File.
|
40
|
-
URI.
|
39
|
+
allow(File).to receive(:exists?).with("http://example.com/policy.rb").and_return false
|
40
|
+
allow(URI).to receive(:parse).with("http://example.com/policy.rb").and_return double(:uri, read: "{}")
|
41
41
|
}
|
42
42
|
it "creates the policy" do
|
43
|
-
invoke.
|
43
|
+
expect(invoke).to eq(0)
|
44
44
|
end
|
45
45
|
end
|
46
46
|
describe_command 'policy:load --collection the-collection policy.rb' do
|
47
47
|
let(:collection) { "the-collection" }
|
48
48
|
it "creates the policy" do
|
49
|
-
invoke.
|
49
|
+
expect(invoke).to eq(0)
|
50
50
|
end
|
51
51
|
end
|
52
52
|
context "default collection" do
|
@@ -57,15 +57,15 @@ describe Conjur::Command::Policy do
|
|
57
57
|
describe_command 'policy:load --as-group the-group policy.rb' do
|
58
58
|
let(:group) { double(:group, exists?: true) }
|
59
59
|
it "creates the policy" do
|
60
|
-
Conjur::Command.api.
|
61
|
-
Conjur::DSL::Runner.
|
60
|
+
allow(Conjur::Command.api).to receive(:role).with("the-account:group:the-group").and_return group
|
61
|
+
expect_any_instance_of(Conjur::DSL::Runner).to receive(:owner=).with("the-account:group:the-group")
|
62
62
|
|
63
|
-
invoke.
|
63
|
+
expect(invoke).to eq(0)
|
64
64
|
end
|
65
65
|
end
|
66
66
|
describe_command 'policy:load policy.rb' do
|
67
67
|
it "creates the policy with default collection" do
|
68
|
-
invoke.
|
68
|
+
expect(invoke).to eq(0)
|
69
69
|
end
|
70
70
|
end
|
71
71
|
end
|