conjur-cli 4.14.0 → 4.15.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -13
- data/CHANGELOG.md +5 -0
- data/bin/_conjur_completions.yaml +2 -0
- data/conjur.gemspec +4 -2
- data/features/step_definitions/dsl_steps.rb +1 -1
- data/lib/conjur/command.rb +17 -0
- data/lib/conjur/command/groups.rb +18 -0
- data/lib/conjur/command/hosts.rb +27 -1
- data/lib/conjur/command/init.rb +1 -1
- data/lib/conjur/command/rspec/describe_command.rb +1 -1
- data/lib/conjur/command/rspec/mock_services.rb +7 -7
- data/lib/conjur/command/rspec/output_matchers.rb +16 -38
- data/lib/conjur/command/users.rb +18 -0
- data/lib/conjur/command/variables.rb +17 -0
- data/lib/conjur/version.rb +1 -1
- data/spec/authn_spec.rb +9 -9
- data/spec/command/assets_spec.rb +20 -20
- data/spec/command/audit_spec.rb +9 -9
- data/spec/command/authn_spec.rb +8 -8
- data/spec/command/env_spec.rb +26 -26
- data/spec/command/groups_spec.rb +4 -4
- data/spec/command/hosts_spec.rb +2 -2
- data/spec/command/init_spec.rb +19 -10
- data/spec/command/layers_spec.rb +6 -6
- data/spec/command/policy_spec.rb +16 -16
- data/spec/command/pubkeys_spec.rb +9 -9
- data/spec/command/resources_spec.rb +26 -26
- data/spec/command/roles_spec.rb +14 -14
- data/spec/command/users_spec.rb +10 -10
- data/spec/command/variables_spec.rb +3 -3
- data/spec/command_spec.rb +7 -7
- data/spec/config_spec.rb +21 -21
- data/spec/dsl/runner_spec.rb +8 -8
- data/spec/env_spec.rb +45 -45
- metadata +59 -36
@@ -24,7 +24,7 @@ require 'conjur/command/pubkeys'
|
|
24
24
|
describe Conjur::Command::Pubkeys, logged_in: true do
|
25
25
|
describe_command "pubkeys:show alice" do
|
26
26
|
it "calls api.public_keys('alice') and prints the result" do
|
27
|
-
described_class.api.
|
27
|
+
expect(described_class.api).to receive(:public_keys).with('alice').and_return "a public key"
|
28
28
|
expect{ invoke }.to write("a public key")
|
29
29
|
end
|
30
30
|
end
|
@@ -33,14 +33,14 @@ describe Conjur::Command::Pubkeys, logged_in: true do
|
|
33
33
|
let(:keys){ ["x y foo", "x y bar"].join("\n") }
|
34
34
|
let(:names){ "bar\nfoo" }
|
35
35
|
it "calls api.public_keys('alice') and prints the names" do
|
36
|
-
described_class.api.
|
36
|
+
expect(described_class.api).to receive(:public_keys).with('alice').and_return keys
|
37
37
|
expect{ invoke }.to write(names)
|
38
38
|
end
|
39
39
|
end
|
40
40
|
|
41
41
|
describe_command "pubkeys:add alice data" do
|
42
42
|
it "calls api.add_public_key('alice', 'data') and prints the key name" do
|
43
|
-
described_class.api.
|
43
|
+
expect(described_class.api).to receive(:add_public_key).with('alice', 'data')
|
44
44
|
expect{ invoke }.to write("Public key 'data' added")
|
45
45
|
end
|
46
46
|
end
|
@@ -48,11 +48,11 @@ describe Conjur::Command::Pubkeys, logged_in: true do
|
|
48
48
|
describe_command "pubkeys:add alice @id_rsa.pub" do
|
49
49
|
let(:file_contents){ "ssh-rsa blahblah keyname" }
|
50
50
|
it "calls api.add_public_key('alice', data) and prints the key name" do
|
51
|
-
File.
|
52
|
-
filename.
|
51
|
+
expect(File).to receive(:read) do |filename|
|
52
|
+
expect(filename).to end_with("id_rsa.pub")
|
53
53
|
file_contents
|
54
54
|
end
|
55
|
-
described_class.api.
|
55
|
+
expect(described_class.api).to receive(:add_public_key).with('alice', file_contents)
|
56
56
|
expect{ invoke }.to write("Public key 'keyname' added")
|
57
57
|
end
|
58
58
|
end
|
@@ -60,15 +60,15 @@ describe Conjur::Command::Pubkeys, logged_in: true do
|
|
60
60
|
describe_command "pubkeys:add alice" do
|
61
61
|
let(:stdin_contents){ "ssh-rsa blahblah keyname" }
|
62
62
|
it "calls api.add_public_key('alice', stdin) and prints the key name" do
|
63
|
-
STDIN.
|
64
|
-
described_class.api.
|
63
|
+
expect(STDIN).to receive(:read).and_return(stdin_contents)
|
64
|
+
expect(described_class.api).to receive(:add_public_key).with('alice', stdin_contents)
|
65
65
|
expect{ invoke }.to write("Public key 'keyname' added")
|
66
66
|
end
|
67
67
|
end
|
68
68
|
|
69
69
|
describe_command "pubkeys:delete alice keyname" do
|
70
70
|
it "calls api.delete_public_key('alice', 'keyname')" do
|
71
|
-
described_class.api.
|
71
|
+
expect(described_class.api).to receive(:delete_public_key).with("alice", "keyname")
|
72
72
|
expect{ invoke }.to write("Public key 'keyname' deleted")
|
73
73
|
end
|
74
74
|
end
|
@@ -7,7 +7,7 @@ describe Conjur::Command::Resources, logged_in: true do
|
|
7
7
|
let (:resource_attributes) { { "some" => "attribute"} }
|
8
8
|
|
9
9
|
before :each do
|
10
|
-
api.
|
10
|
+
allow(api).to receive(:resource).with(full_resource_id).and_return(resource_instance)
|
11
11
|
end
|
12
12
|
|
13
13
|
def invoke_silently
|
@@ -16,27 +16,27 @@ describe Conjur::Command::Resources, logged_in: true do
|
|
16
16
|
|
17
17
|
shared_examples 'it displays resource attributes' do
|
18
18
|
it "as JSON to stdout" do
|
19
|
-
JSON::parse( expect { invoke }.to write ).
|
19
|
+
expect(JSON::parse( expect { invoke }.to write )).to eq(resource_attributes)
|
20
20
|
end
|
21
21
|
end
|
22
22
|
|
23
23
|
shared_examples "it obtains resource by id" do
|
24
24
|
it 'id is built from kind and id' do
|
25
|
-
api.
|
25
|
+
expect(api).to receive(:resource).with(%r{^[^:]*:#{KIND}:#{ID}$})
|
26
26
|
invoke_silently
|
27
27
|
end
|
28
28
|
it 'uses default account as a prefix' do
|
29
|
-
api.
|
29
|
+
expect(api).to receive(:resource).with(%r{^#{account}:})
|
30
30
|
invoke_silently
|
31
31
|
end
|
32
32
|
end
|
33
33
|
|
34
34
|
describe_command "resource:create #{KIND}:#{ID}" do
|
35
35
|
before :each do
|
36
|
-
resource_instance.
|
36
|
+
allow(resource_instance).to receive(:create)
|
37
37
|
end
|
38
38
|
it "calls resource.create()" do
|
39
|
-
resource_instance.
|
39
|
+
expect(resource_instance).to receive(:create)
|
40
40
|
invoke_silently
|
41
41
|
end
|
42
42
|
it_behaves_like "it obtains resource by id"
|
@@ -50,31 +50,31 @@ describe Conjur::Command::Resources, logged_in: true do
|
|
50
50
|
|
51
51
|
describe_command "resource:exists #{KIND}:#{ID}" do
|
52
52
|
before (:each) {
|
53
|
-
resource_instance.
|
53
|
+
allow(resource_instance).to receive(:exists?).and_return("true")
|
54
54
|
}
|
55
55
|
it_behaves_like "it obtains resource by id"
|
56
56
|
it 'calls resource.exists?' do
|
57
|
-
resource_instance.
|
57
|
+
expect(resource_instance).to receive(:exists?)
|
58
58
|
invoke_silently
|
59
59
|
end
|
60
60
|
context 'displays response of resource.exists? (true/false)' do
|
61
61
|
# NOTE: a bit redundant, but will be helpful in 'documentation' context
|
62
62
|
it 'true' do
|
63
|
-
resource_instance.
|
63
|
+
allow(resource_instance).to receive(:exists?).and_return("true")
|
64
64
|
expect { invoke }.to write "true"
|
65
65
|
end
|
66
66
|
it 'false' do
|
67
|
-
resource_instance.
|
67
|
+
allow(resource_instance).to receive(:exists?).and_return("false")
|
68
68
|
expect { invoke }.to write "false"
|
69
69
|
end
|
70
70
|
end
|
71
71
|
end
|
72
72
|
|
73
73
|
describe_command "resource:permit #{KIND}:#{ID} #{ROLE} #{PRIVILEGE}" do
|
74
|
-
before(:each) { resource_instance.
|
74
|
+
before(:each) { allow(resource_instance).to receive(:permit).and_return(true) }
|
75
75
|
it_behaves_like "it obtains resource by id"
|
76
76
|
it "calls resource.permit(#{PRIVILEGE}, #{ROLE})" do
|
77
|
-
resource_instance.
|
77
|
+
expect(resource_instance).to receive(:permit).with(PRIVILEGE, ROLE)
|
78
78
|
invoke_silently
|
79
79
|
end
|
80
80
|
it { expect { invoke }.to write "Permission granted" }
|
@@ -82,16 +82,16 @@ describe Conjur::Command::Resources, logged_in: true do
|
|
82
82
|
|
83
83
|
describe_command "resource:permit -g #{KIND}:#{ID} #{ROLE} #{PRIVILEGE}" do
|
84
84
|
it 'calls resource.permit() with grant option' do
|
85
|
-
resource_instance.
|
85
|
+
expect(resource_instance).to receive(:permit).with(PRIVILEGE, ROLE, grant_option: true)
|
86
86
|
invoke_silently
|
87
87
|
end
|
88
88
|
end
|
89
89
|
|
90
90
|
describe_command "resource:deny #{KIND}:#{ID} #{ROLE} #{PRIVILEGE}" do
|
91
|
-
before(:each) { resource_instance.
|
91
|
+
before(:each) { allow(resource_instance).to receive(:deny).and_return(true) }
|
92
92
|
it_behaves_like "it obtains resource by id"
|
93
93
|
it "calls resource.deny(#{PRIVILEGE},#{ROLE})" do
|
94
|
-
resource_instance.
|
94
|
+
expect(resource_instance).to receive(:deny).with(PRIVILEGE, ROLE)
|
95
95
|
invoke_silently
|
96
96
|
end
|
97
97
|
it { expect { invoke }.to write "Permission revoked" }
|
@@ -99,8 +99,8 @@ describe Conjur::Command::Resources, logged_in: true do
|
|
99
99
|
|
100
100
|
describe_command "resource:check #{KIND}:#{ID} #{PRIVILEGE}" do
|
101
101
|
it "performs a permission check for the logged-in user" do
|
102
|
-
api.
|
103
|
-
bacon.
|
102
|
+
expect(api).to receive(:resource).with("the-account:#{KIND}:#{ID}").and_return bacon = double("the-account:#{KIND}:#{ID}")
|
103
|
+
expect(bacon).to receive(:permitted?).with(PRIVILEGE)
|
104
104
|
|
105
105
|
invoke
|
106
106
|
end
|
@@ -111,25 +111,25 @@ describe Conjur::Command::Resources, logged_in: true do
|
|
111
111
|
let (:role_response) { "role response: true|false" }
|
112
112
|
let (:account) { ACCOUNT }
|
113
113
|
before(:each) {
|
114
|
-
api.
|
115
|
-
role_instance.
|
114
|
+
allow(api).to receive(:role).and_return(role_instance)
|
115
|
+
allow(role_instance).to receive(:permitted?).and_return(role_response)
|
116
116
|
}
|
117
117
|
it 'obtains role object by id' do
|
118
|
-
api.
|
118
|
+
expect(api).to receive(:role).with(ROLE)
|
119
119
|
invoke_silently
|
120
120
|
end
|
121
121
|
it "calls role.permitted?('#{ACCOUNT}:#{KIND}:#{ID}', #{PRIVILEGE})" do
|
122
|
-
role_instance.
|
122
|
+
expect(role_instance).to receive(:permitted?).with([ACCOUNT,KIND,ID].join(":"),PRIVILEGE)
|
123
123
|
invoke_silently
|
124
124
|
end
|
125
125
|
it { expect { invoke }.to write role_response }
|
126
126
|
end
|
127
127
|
|
128
128
|
describe_command "resource:give #{KIND}:#{ID} #{OWNER}" do
|
129
|
-
before(:each) { resource_instance.
|
129
|
+
before(:each) { allow(resource_instance).to receive(:give_to).and_return(true) }
|
130
130
|
it_behaves_like "it obtains resource by id"
|
131
131
|
it "calls resource.give_to(#{OWNER})" do
|
132
|
-
resource_instance.
|
132
|
+
expect(resource_instance).to receive(:give_to).with(OWNER)
|
133
133
|
invoke_silently
|
134
134
|
end
|
135
135
|
it { expect { invoke }.to write "Ownership granted" }
|
@@ -138,15 +138,15 @@ describe Conjur::Command::Resources, logged_in: true do
|
|
138
138
|
describe_command "resource:permitted_roles #{KIND}:#{ID} #{PRIVILEGE}" do
|
139
139
|
let(:roles_list) { %W[klaatu barada nikto] }
|
140
140
|
before(:each) {
|
141
|
-
resource_instance.
|
141
|
+
allow(resource_instance).to receive(:permitted_roles).and_return(roles_list)
|
142
142
|
}
|
143
143
|
it_behaves_like "it obtains resource by id"
|
144
144
|
it "calls resource.permitted_roles(#{PRIVILEGE}" do
|
145
|
-
resource_instance.
|
145
|
+
expect(resource_instance).to receive(:permitted_roles)
|
146
146
|
invoke_silently
|
147
147
|
end
|
148
148
|
it "displays JSONised list of roles" do
|
149
|
-
JSON.parse( expect { invoke }.to write ).
|
149
|
+
expect(JSON.parse( expect { invoke }.to write )).to eq(roles_list)
|
150
150
|
end
|
151
151
|
end
|
152
152
|
end
|
data/spec/command/roles_spec.rb
CHANGED
@@ -5,13 +5,13 @@ describe Conjur::Command::Roles, logged_in: true do
|
|
5
5
|
describe "role:grant_to" do
|
6
6
|
describe_command "role:grant_to test:a test:b" do
|
7
7
|
it "grants the role without options" do
|
8
|
-
Conjur::Role.
|
8
|
+
expect_any_instance_of(Conjur::Role).to receive(:grant_to).with("test:b", {})
|
9
9
|
invoke
|
10
10
|
end
|
11
11
|
end
|
12
12
|
describe_command "role:grant_to --admin test:a test:b" do
|
13
13
|
it "grants the role with admin option" do
|
14
|
-
Conjur::Role.
|
14
|
+
expect_any_instance_of(Conjur::Role).to receive(:grant_to).with("test:b", {admin_option: true})
|
15
15
|
invoke
|
16
16
|
end
|
17
17
|
end
|
@@ -20,26 +20,26 @@ describe Conjur::Command::Roles, logged_in: true do
|
|
20
20
|
describe "role:create" do
|
21
21
|
describe_command "role:create test:the-role" do
|
22
22
|
it "creates the role with no options" do
|
23
|
-
Conjur::Role.
|
23
|
+
expect_any_instance_of(Conjur::Role).to receive(:create).with({})
|
24
24
|
|
25
25
|
invoke
|
26
26
|
end
|
27
27
|
end
|
28
28
|
describe_command "role:create --as-role test:foo test:the-role" do
|
29
29
|
it "creates the role with acting_as option" do
|
30
|
-
api.
|
31
|
-
api.
|
32
|
-
role.
|
30
|
+
expect(api).to receive(:role).with("test:foo").and_return double("test:foo", exists?: true, roleid: "test:test:foo")
|
31
|
+
expect(api).to receive(:role).with("test:the-role").and_return role = double("new-role", roleid: "test:the-role")
|
32
|
+
expect(role).to receive(:create).with({acting_as: "test:test:foo"})
|
33
33
|
|
34
34
|
expect { invoke }.to write("Created role test:the-role")
|
35
35
|
end
|
36
36
|
end
|
37
37
|
describe_command "role:create --as-group the-group test:the-role" do
|
38
38
|
it "creates the role with with acting_as option" do
|
39
|
-
api.
|
40
|
-
api.
|
41
|
-
api.
|
42
|
-
role.
|
39
|
+
expect(api).to receive(:group).with("the-group").and_return group = double("the-group", roleid: "test:group:the-group")
|
40
|
+
expect(api).to receive(:role).with(group.roleid).and_return double("group:the-group", exists?: true, roleid: "test:group:the-group")
|
41
|
+
expect(api).to receive(:role).with("test:the-role").and_return role = double("new-role", roleid: "test:the-role")
|
42
|
+
expect(role).to receive(:create).with({acting_as: "test:group:the-group"})
|
43
43
|
|
44
44
|
expect { invoke }.to write("Created role test:the-role")
|
45
45
|
end
|
@@ -53,7 +53,7 @@ describe Conjur::Command::Roles, logged_in: true do
|
|
53
53
|
end
|
54
54
|
|
55
55
|
before do
|
56
|
-
api.
|
56
|
+
allow(api).to receive(:role).with(rolename).and_return role
|
57
57
|
end
|
58
58
|
|
59
59
|
context "when logged in as a user" do
|
@@ -62,14 +62,14 @@ describe Conjur::Command::Roles, logged_in: true do
|
|
62
62
|
|
63
63
|
describe_command "role:memberships" do
|
64
64
|
it "lists all roles" do
|
65
|
-
JSON::parse(expect { invoke }.to write).
|
65
|
+
expect(JSON::parse(expect { invoke }.to write)).to eq(all_roles)
|
66
66
|
end
|
67
67
|
end
|
68
68
|
|
69
69
|
describe_command "role:memberships foo:bar" do
|
70
70
|
let(:rolename) { 'foo:bar' }
|
71
71
|
it "lists all roles of foo:bar" do
|
72
|
-
JSON::parse(expect { invoke }.to write).
|
72
|
+
expect(JSON::parse(expect { invoke }.to write)).to eq(all_roles)
|
73
73
|
end
|
74
74
|
end
|
75
75
|
end
|
@@ -80,7 +80,7 @@ describe Conjur::Command::Roles, logged_in: true do
|
|
80
80
|
|
81
81
|
describe_command "role:memberships" do
|
82
82
|
it "lists all roles" do
|
83
|
-
JSON::parse(expect { invoke }.to write).
|
83
|
+
expect(JSON::parse(expect { invoke }.to write)).to eq(all_roles)
|
84
84
|
end
|
85
85
|
end
|
86
86
|
end
|
data/spec/command/users_spec.rb
CHANGED
@@ -7,27 +7,27 @@ describe Conjur::Command::Users, logged_in: true do
|
|
7
7
|
context "creating a user" do
|
8
8
|
let(:new_user) { double("new-user") }
|
9
9
|
before do
|
10
|
-
Conjur::Command::Users.
|
10
|
+
expect(Conjur::Command::Users).to receive(:display).with(new_user)
|
11
11
|
end
|
12
12
|
|
13
13
|
[ "user:create", "user create" ].each do |cmd|
|
14
14
|
describe_command "#{cmd} -p the-user" do
|
15
15
|
it "Creates a user with a password obtained by prompting the user" do
|
16
|
-
Conjur::API.
|
17
|
-
Conjur::Command::Users.
|
16
|
+
expect_any_instance_of(Conjur::API).to receive(:create_user).with("the-user", password: "the-password").and_return new_user
|
17
|
+
expect(Conjur::Command::Users).to receive(:prompt_for_password).and_return "the-password"
|
18
18
|
|
19
19
|
invoke
|
20
20
|
end
|
21
21
|
end
|
22
22
|
describe_command "#{cmd} the-user" do
|
23
23
|
it "Creates a user without a password" do
|
24
|
-
Conjur::API.
|
24
|
+
expect_any_instance_of(Conjur::API).to receive(:create_user).with("the-user", {}).and_return new_user
|
25
25
|
invoke
|
26
26
|
end
|
27
27
|
end
|
28
28
|
describe_command "#{cmd} --uidnumber 12345 the-user" do
|
29
29
|
it "Creates a user with specified uidnumber" do
|
30
|
-
Conjur::API.
|
30
|
+
expect_any_instance_of(Conjur::API).to receive(:create_user).with("the-user", { uidnumber: 12345 }).and_return new_user
|
31
31
|
invoke
|
32
32
|
end
|
33
33
|
end
|
@@ -38,8 +38,8 @@ describe Conjur::Command::Users, logged_in: true do
|
|
38
38
|
describe_command "user update --uidnumber 12345 the-user" do
|
39
39
|
it "updates the uidnumber" do
|
40
40
|
stub_user = double()
|
41
|
-
Conjur::API.
|
42
|
-
stub_user.
|
41
|
+
expect_any_instance_of(Conjur::API).to receive(:user).with("the-user").and_return stub_user
|
42
|
+
expect(stub_user).to receive(:update).with(uidnumber: 12345).and_return ""
|
43
43
|
expect { invoke }.to write "UID set"
|
44
44
|
end
|
45
45
|
end
|
@@ -49,7 +49,7 @@ describe Conjur::Command::Users, logged_in: true do
|
|
49
49
|
let(:search_result) { {id: "the-user"} }
|
50
50
|
describe_command "user uidsearch 12345" do
|
51
51
|
it "finds user" do
|
52
|
-
Conjur::API.
|
52
|
+
expect_any_instance_of(Conjur::API).to receive(:find_users).with(uidnumber: 12345).and_return search_result
|
53
53
|
expect { invoke }.to write(JSON.pretty_generate(search_result))
|
54
54
|
end
|
55
55
|
end
|
@@ -57,7 +57,7 @@ describe Conjur::Command::Users, logged_in: true do
|
|
57
57
|
|
58
58
|
context "updating password" do
|
59
59
|
before do
|
60
|
-
RestClient::Request.
|
60
|
+
expect(RestClient::Request).to receive(:execute).with(
|
61
61
|
method: :put,
|
62
62
|
url: update_password_url,
|
63
63
|
user: username,
|
@@ -75,7 +75,7 @@ describe Conjur::Command::Users, logged_in: true do
|
|
75
75
|
|
76
76
|
describe_command "user:update_password" do
|
77
77
|
it "PUTs the new password" do
|
78
|
-
Conjur::Command::Users.
|
78
|
+
expect(Conjur::Command::Users).to receive(:prompt_for_password).and_return "new-password"
|
79
79
|
|
80
80
|
invoke
|
81
81
|
end
|
@@ -7,7 +7,7 @@ describe Conjur::Command::Variables, logged_in: true do
|
|
7
7
|
|
8
8
|
describe_command "variable:create -m text/json -k password" do
|
9
9
|
it "lets the server assign the id" do
|
10
|
-
RestClient::Request.
|
10
|
+
expect(RestClient::Request).to receive(:execute).with(
|
11
11
|
method: :post,
|
12
12
|
url: collection_url,
|
13
13
|
headers: {},
|
@@ -19,7 +19,7 @@ describe Conjur::Command::Variables, logged_in: true do
|
|
19
19
|
end
|
20
20
|
describe_command "variable:create -m text/json -k password the-id" do
|
21
21
|
it "propagates the user-assigned id" do
|
22
|
-
RestClient::Request.
|
22
|
+
expect(RestClient::Request).to receive(:execute).with(
|
23
23
|
method: :post,
|
24
24
|
url: collection_url,
|
25
25
|
headers: {},
|
@@ -33,7 +33,7 @@ describe Conjur::Command::Variables, logged_in: true do
|
|
33
33
|
|
34
34
|
describe_command "variable:create" do
|
35
35
|
it "provides default values for optional parameters mime_type and kind" do
|
36
|
-
RestClient::Request.
|
36
|
+
expect(RestClient::Request).to receive(:execute).with(
|
37
37
|
method: :post,
|
38
38
|
url: collection_url,
|
39
39
|
headers: {},
|
data/spec/command_spec.rb
CHANGED
@@ -6,13 +6,13 @@ describe Conjur::Command do
|
|
6
6
|
describe "injects account into brief ids" do
|
7
7
|
context "long id (3+ tokens)" do
|
8
8
|
it "returns id as is" do
|
9
|
-
described_class.full_resource_id("a:b:c").
|
9
|
+
expect(described_class.full_resource_id("a:b:c")).to eq("a:b:c")
|
10
10
|
end
|
11
11
|
end
|
12
12
|
context "brief id(2 tokens)" do
|
13
|
-
before(:each) { described_class.
|
13
|
+
before(:each) { allow(described_class).to receive(:conjur_account).and_return("current/acc") }
|
14
14
|
it "injects current account as a prefix" do
|
15
|
-
described_class.full_resource_id("a:b").
|
15
|
+
expect(described_class.full_resource_id("a:b")).to eq("current/acc:a:b")
|
16
16
|
end
|
17
17
|
end
|
18
18
|
context "malformed id (no separators)" do
|
@@ -30,18 +30,18 @@ describe Conjur::Command do
|
|
30
30
|
end
|
31
31
|
context "for brief ids(2 tokens)" do
|
32
32
|
it "token#1=> kind (dashes replaced with undescrores), token#2=>id" do
|
33
|
-
subject("the-kind:the-id").
|
33
|
+
expect(subject("the-kind:the-id")).to eq(['the_kind','the-id'])
|
34
34
|
end
|
35
35
|
end
|
36
36
|
context "for long ids(3+ tokens)" do
|
37
37
|
it "token #1=> ignored" do
|
38
|
-
subject("a:b:c:d").
|
38
|
+
expect(subject("a:b:c:d")).not_to include('a')
|
39
39
|
end
|
40
40
|
it "token #2=> kind (dashes replaced with underscores)" do
|
41
|
-
subject("a:the-kind:c:d")[0].
|
41
|
+
expect(subject("a:the-kind:c:d")[0]).to eq("the_kind")
|
42
42
|
end
|
43
43
|
it "extracts remaining part (starting from 3rd token) as an id" do
|
44
|
-
subject("a:b:c-token:d-token")[1].
|
44
|
+
expect(subject("a:b:c-token:d-token")[1]).to eq("c-token:d-token")
|
45
45
|
end
|
46
46
|
end
|
47
47
|
context "for too short input" do
|
data/spec/config_spec.rb
CHANGED
@@ -30,26 +30,26 @@ describe Conjur::Config do
|
|
30
30
|
ENV['CONJURRC'] = oldrc
|
31
31
|
end
|
32
32
|
|
33
|
-
it {
|
34
|
-
it {
|
35
|
-
it {
|
33
|
+
it { is_expected.to include('/etc/conjur.conf') }
|
34
|
+
it { is_expected.to include("#{homedir}/.conjurrc") }
|
35
|
+
it { is_expected.to include('.conjurrc') }
|
36
36
|
|
37
37
|
before do
|
38
|
-
File.
|
39
|
-
File.
|
38
|
+
allow(File).to receive(:expand_path).and_call_original
|
39
|
+
allow(File).to receive(:expand_path).with('.conjurrc').and_return '.conjurrc'
|
40
40
|
end
|
41
41
|
|
42
42
|
context "When .conjurrc is present" do
|
43
|
-
before { File.
|
43
|
+
before { allow(File).to receive(:file?).with('.conjurrc').and_return true }
|
44
44
|
it "Issues a deprecation warning" do
|
45
45
|
expect { subject }.to write(deprecation_warning).to(:stderr)
|
46
46
|
end
|
47
47
|
|
48
48
|
context "but the current directory is home" do
|
49
49
|
before do
|
50
|
-
File.
|
51
|
-
File.
|
52
|
-
File.
|
50
|
+
allow(File).to receive(:expand_path).and_call_original
|
51
|
+
allow(File).to receive(:expand_path).and_call_original
|
52
|
+
allow(File).to receive(:expand_path).with('.conjurrc').and_return("#{homedir}/.conjurrc")
|
53
53
|
end
|
54
54
|
|
55
55
|
include_examples "no deprecation warning"
|
@@ -57,7 +57,7 @@ describe Conjur::Config do
|
|
57
57
|
end
|
58
58
|
|
59
59
|
context "When .conjurrc is missing" do
|
60
|
-
before { File.
|
60
|
+
before { allow(File).to receive(:file?).with('.conjurrc').and_return false }
|
61
61
|
include_examples "no deprecation warning"
|
62
62
|
end
|
63
63
|
end
|
@@ -69,10 +69,10 @@ describe Conjur::Config do
|
|
69
69
|
example.run
|
70
70
|
ENV['CONJURRC'] = oldrc
|
71
71
|
end
|
72
|
-
it {
|
73
|
-
it {
|
74
|
-
it {
|
75
|
-
it {
|
72
|
+
it { is_expected.to include('/etc/conjur.conf') }
|
73
|
+
it { is_expected.to include('stub_conjurrc') }
|
74
|
+
it { is_expected.not_to include("#{homedir}/.conjurrc") }
|
75
|
+
it { is_expected.not_to include('.conjurrc') }
|
76
76
|
|
77
77
|
include_examples "no deprecation warning"
|
78
78
|
end
|
@@ -84,10 +84,10 @@ describe Conjur::Config do
|
|
84
84
|
example.run
|
85
85
|
ENV['CONJURRC'] = oldrc
|
86
86
|
end
|
87
|
-
before { File.
|
88
|
-
it {
|
89
|
-
it {
|
90
|
-
it {
|
87
|
+
before { allow(File).to receive(:file?).with('.conjurrc').and_return true }
|
88
|
+
it { is_expected.to include('/etc/conjur.conf') }
|
89
|
+
it { is_expected.to include('.conjurrc') }
|
90
|
+
it { is_expected.not_to include("#{homedir}/.conjurrc") }
|
91
91
|
|
92
92
|
include_examples "no deprecation warning"
|
93
93
|
end
|
@@ -100,16 +100,16 @@ describe Conjur::Config do
|
|
100
100
|
it "resolves the cert_file" do
|
101
101
|
load!
|
102
102
|
|
103
|
-
Conjur::Config[:cert_file].
|
103
|
+
expect(Conjur::Config[:cert_file]).to eq(cert_path)
|
104
104
|
end
|
105
105
|
end
|
106
106
|
describe "#apply" do
|
107
|
-
before { OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.
|
107
|
+
before { allow(OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE).to receive(:add_file) }
|
108
108
|
|
109
109
|
let(:cert_file) { "/path/to/cert.pem" }
|
110
110
|
it "trusts the cert_file" do
|
111
111
|
Conjur::Config.class_variable_set("@@attributes", { 'cert_file' => cert_file })
|
112
|
-
OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.
|
112
|
+
expect(OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE).to receive(:add_file).with cert_file
|
113
113
|
Conjur::Config.apply
|
114
114
|
end
|
115
115
|
|