conjur-cli 4.8.0 → 4.9.3

data/spec/command/roles_spec.rb

@@ -28,20 +28,20 @@ describe Conjur::Command::Roles, logged_in: true do
     describe_command "role:create --as-role test:foo test:the-role" do
       it "creates the role with acting_as option" do
         api.should_receive(:role).with("test:foo").and_return double("test:foo", exists?: true, roleid: "test:test:foo")
-        api.should_receive(:role).with("test:the-role").and_return role = double("new-role")
+        api.should_receive(:role).with("test:the-role").and_return role = double("new-role", roleid: "test:the-role")
         role.should_receive(:create).with({acting_as: "test:test:foo"})
         
-        invoke
+        expect { invoke }.to write("Created role test:the-role")
       end
     end
     describe_command "role:create --as-group the-group test:the-role" do
       it "creates the role with with acting_as option" do
         api.should_receive(:group).with("the-group").and_return group = double("the-group", roleid: "test:group:the-group")
         api.should_receive(:role).with(group.roleid).and_return double("group:the-group", exists?: true, roleid: "test:group:the-group")
-        api.should_receive(:role).with("test:the-role").and_return role = double("new-role")
+        api.should_receive(:role).with("test:the-role").and_return role = double("new-role", roleid: "test:the-role")
         role.should_receive(:create).with({acting_as: "test:group:the-group"})
         
-        invoke
+        expect { invoke }.to write("Created role test:the-role")
       end
     end
   end

data/spec/command/variables_spec.rb

@@ -44,5 +44,4 @@ describe Conjur::Command::Variables, logged_in: true do
   end
 
 
-
 end

data/spec/config_spec.rb

@@ -5,6 +5,27 @@ describe Conjur::Config do
   after {
     Conjur::Config.clear
   }
+
+  describe ".default_config_files" do
+    subject { Conjur::Config.default_config_files }
+    around do |example|
+      realhome = ENV.delete 'HOME'
+      ENV['HOME'] = '/home/isfake'
+      example.run
+      ENV['HOME'] = realhome
+    end
+
+    context "when CONJURRC is not set" do
+      around do |example|
+        oldrc = ENV.delete 'CONJURRC'
+        example.run
+        ENV['CONJURRC'] = oldrc
+      end
+
+      it { should include('/home/isfake/.conjurrc') }
+    end
+  end
+
   describe "#load" do
     it "resolves the cert_file" do
       Conjur::Config.load([ File.expand_path('conjurrc', File.dirname(__FILE__)) ])

data/spec/dsl/runner_spec.rb

@@ -5,16 +5,25 @@ describe Conjur::DSL::Runner, logged_in: true do
   let(:filename) { nil }
   let(:runner) { Conjur::DSL::Runner.new script, filename }
   let(:script) { "user 'alice'" }
+  let(:alice) {
+    Conjur::User.new("alice").tap do |user|
+      user.attributes = { "api_key" => "the-api-key" }    
+    end
+  }
   before {
     Conjur.stub(:account).and_return "the-account"
     runner.stub(:api).and_return api
   }
-  it "should store the api_key in the context keyed by roleid" do
-    user = Conjur::User.new("alice")
-    user.attributes = { "api_key" => "the-api-key" }
+  it "should populate the root ownerid" do
+    api.should_receive(:user).with("alice").and_return double("alice-exists", exists?: false)
+    api.should_receive(:create_user).with(id: "alice", ownerid: "user:bob").and_return alice
     
+    runner.owner = "user:bob"
+    runner.execute
+  end
+  it "should store the api_key in the context keyed by roleid" do
     api.should_receive(:user).with("alice").and_return double("alice-exists", exists?: false)
-    api.should_receive(:create_user).with(id: "alice").and_return user
+    api.should_receive(:create_user).with(id: "alice").and_return alice
     
     runner.execute
     

data/spec/env_spec.rb

@@ -0,0 +1,180 @@
+require 'spec_helper'
+require 'conjur/conjurenv'
+
+describe Conjur::Env do
+
+  describe "#initialize" do
+
+    describe "requires either :file or :yaml parameter" do
+      before { 
+        Conjur::Env.any_instance.should_not_receive(:parse) 
+      }
+      it "fails if both options are provided" do
+        expect { Conjur::Env.new(file: 'f', yaml: 'y') }.to raise_error ":file and :yaml options can not be provided together"
+      end   
+      it "fails if neither option is provided" do  
+        expect { Conjur::Env.new() }.to raise_error "either :file or :yaml option is mandatory"
+      end
+      it "fails if :yaml option is empty or is not a string" do
+        expect { Conjur::Env.new(yaml: "") }.to raise_error ":yaml option should be non-empty string"
+        expect { Conjur::Env.new(yaml: nil) }.to raise_error ":yaml option should be non-empty string"
+        expect { Conjur::Env.new(yaml: 2) }.to raise_error ":yaml option should be non-empty string"
+      end
+      it "fails if :file option is empty or is not a string"do
+        expect { Conjur::Env.new(file: "") }.to raise_error ":file option should be non-empty string"
+        expect { Conjur::Env.new(file: nil) }.to raise_error ":file option should be non-empty string"
+        expect { Conjur::Env.new(file: 2) }.to raise_error ":file option should be non-empty string"
+      end
+    end
+
+    describe "with correct parameters" do
+
+      let(:parsed) { :parsed_structure_stub }
+
+      describe "if :file parameter provided" do
+        it "does not catch any errors from File.read" do
+          Conjur::Env.any_instance.should_not_receive(:parse) 
+          File.stub(:read).with('unexisting').and_return { raise "Custom error" }
+          expect { Conjur::Env.new(file: 'unexisting') }.to raise_error "Custom error"
+        end 
+
+        it "if file is readable, passes contents to #parse and stores result in @definition attribute" do 
+          File.should_receive(:read).with("somefile").and_return(:file_contents) 
+          Conjur::Env.any_instance.should_receive(:parse).with(:file_contents).and_return(:stub_parsed) 
+          Conjur::Env.new(file:"somefile").instance_variable_get("@definition").should == :stub_parsed
+        end
+      end
+      it "if :yaml parameter provided, passes it to #parse and stores result in @definition attribute" do
+        Conjur::Env.any_instance.should_receive(:parse).with("custom yaml").and_return(:stub_parsed)
+        Conjur::Env.new(yaml:"custom yaml").instance_variable_get("@definition").should == :stub_parsed
+      end
+    end
+  end
+
+  describe "#parse (called from 'initialize')" do
+
+    it 'parses input as YAML and does not hide YAML errors' do
+      YAML.should_receive(:load).with("custom yaml").and_return { raise "Custom error" }
+      expect { Conjur::Env.new(yaml: "custom yaml") }.to raise_error "Custom error"
+    end
+
+    it "fails unless YAML represents a Hash" do
+      expect { Conjur::Env.new(yaml: "[ 1,2,3 ]") }.to raise_error "Definition should be a Hash"
+    end
+
+    it "fails if values are not literal, !tmp or !var" do
+      expect { Conjur::Env.new(yaml: "{a: literal, b: !tmp tempfile, c: !var conjurvar, d: { x: another literal }}") }.to raise_error /^Definition can not include values of types/
+      expect { Conjur::Env.new(yaml: "{a: literal, b: !tmp tempfile, c: !var conjurvar}") }.to_not raise_error 
+    end 
+
+    it 'does not allow empty values for !tmp and !var' do
+      expect { Conjur::Env.new(yaml: "{a: literal, b: !tmp , c: !var conjurvar }") }.to raise_error "ConjurTempfile requires a parameter"
+      expect { Conjur::Env.new(yaml: "{a: literal, b: !tmp tempfile, c: !var }") }.to raise_error "ConjurVariable requires a parameter"
+      expect { Conjur::Env.new(yaml: "{a: literal, b: !tmp tempfile, c: !var conjurvar}") }.to_not raise_error 
+    end
+
+    it "Returns hash consisting of literals, ConjurTempfile and ConjurVariable objects" do
+      result = Conjur::Env.new(yaml: "{a: literal, b: !tmp 'sometmp', c: !var 'somevar'}").instance_variable_get("@definition")
+      result.keys.sort.should == ["a","b","c"]
+      result["a"].should == 'literal'
+      result["b"].should be_a_kind_of(Conjur::Env::ConjurTempfile)
+      result["c"].should be_a_kind_of(Conjur::Env::ConjurVariable)
+    end
+  end
+
+  describe "#obtain", logged_in: true do
+    let(:subject) { Conjur::Env.new(yaml: "{a: literal, b: !tmp tempfile, c: !var conjurvar}") }
+    before { 
+      api.stub(:variable_values).with(["tempfile","conjurvar"]).and_return({"tempfile" => "stubtemp", "conjurvar" => "stubvar" })
+    }
+
+    it "requests variable_values with list of !var and !tmp values" do    
+      Conjur::Env::ConjurTempfile.any_instance.stub(:evaluate).and_return(:stub_value) # avoid tempfiles creation
+      api.should_receive(:variable_values).with(["tempfile","conjurvar"]).and_return({"tempfile" => "stub1", "conjurvar" => "stub2" })
+      subject.obtain(api)
+    end
+
+    it 'does not suppress api errors' do  
+      api.stub(:variable_values).and_return { raise "Custom API error" }
+      expect { subject.obtain(api) }.to raise_error "Custom API error" 
+    end
+
+    describe "for !tmp creates temporary files with Conjur variable value" do
+      it "in /dev/shm if it exists" do  
+        tempfile = double(path: '/dev/shm/newfile', close: true)
+        File.should_receive(:directory?).with("/dev/shm").and_return(true)
+        File.should_receive(:writable?).with("/dev/shm").and_return(true)
+        Tempfile.should_receive(:new).with("conjur","/dev/shm").and_return(tempfile)
+        tempfile.should_receive(:write).with("stubtemp")
+        subject.obtain(api)
+      end
+      it "otherwise uses Tempfile defaults" do
+        tempfile = double(path: '/tmp/newfile', close: true)
+        File.should_receive(:directory?).with("/dev/shm").and_return(false)
+        Tempfile.should_receive(:new).with("conjur").and_return(tempfile)
+        tempfile.should_receive(:write).with("stubtemp")
+        subject.obtain(api)
+      end
+    end
+
+    describe "returns hash consisting of original keys and following values" do
+      before {  
+        tempfile=double(path:"/stub/tempfile",write: true, close: true)
+        File.stub(:directory?).with("/dev/shm").and_return(true)
+        File.stub(:writable?).with("/dev/shm").and_return(true)
+        Tempfile.stub(:new).with("conjur","/dev/shm").and_return(tempfile)
+      }
+      let(:result) { subject.obtain(api) }
+
+      it 'literals' do
+        result.should include("a"=>"literal") 
+      end
+      it '!tmp: names of temp files' do
+        result.should include("b"=>"/stub/tempfile")
+      end
+      it '!var: variable values' do
+        result.should include("c"=>"stubvar")
+      end
+    end
+  end
+
+  describe "#check", logged_in: true do
+
+    let(:subject) { Conjur::Env.new(yaml: "{a: literal, b: !tmp tempfile_b, c: !var conjurvar_c, d: !tmp tempfile_d, e: !var conjurvar_e }") }
+    before { 
+      api.should_not_receive(:variable_values) 
+      Tempfile.should_not_receive(:new)
+    }
+    let(:permitted)  { double(permitted?:true) }
+    let(:restricted) { double(permitted?:false) }
+
+    it "requests resource 'execute' permission for each !var and !tmp value" do
+      api.should_receive(:resource).with("variable:tempfile_b").and_return(permitted) 
+      api.should_receive(:resource).with("variable:conjurvar_c").and_return(permitted) 
+      api.should_receive(:resource).with("variable:tempfile_d").and_return(permitted) 
+      api.should_receive(:resource).with("variable:conjurvar_e").and_return(permitted) 
+      permitted.should_receive(:permitted?).exactly(4).times.with(:execute).and_return(true)
+      subject.check(api)
+    end
+
+    it 'does not rescue from unexpected api errors' do  
+      api.should_receive(:resource).with("variable:tempfile_b").and_return { raise "Custom error" }
+      expect { subject.check(api) }.to raise_error "Custom error"
+    end
+
+    it "returns Hash consisting of original keys and following statuses: :literal, :available, :unavailable" do
+      api.should_receive(:resource).with("variable:tempfile_b").and_return(permitted) 
+      api.should_receive(:resource).with("variable:conjurvar_c").and_return(restricted) 
+      api.should_receive(:resource).with("variable:tempfile_d").and_return(restricted) 
+      api.should_receive(:resource).with("variable:conjurvar_e").and_return(permitted) 
+      
+      result = subject.check(api).should == { "a" => :literal, 
+                                              "b" => :available, 
+                                              "c" => :unavailable, 
+                                              "d" => :unavailable, 
+                                              "e" => :available 
+                                            }
+    end
+  end
+    
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-cli
 version: !ruby/object:Gem::Version
-  version: 4.8.0
+  version: 4.9.3
   prerelease: 
 platform: ruby
 authors:
@@ -10,8 +10,24 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-04-02 00:00:00.000000000 Z
+date: 2014-05-23 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: conjur-api
   requirement: !ruby/object:Gem::Requirement
@@ -19,7 +35,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 4.7.2
+        version: '4.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -27,7 +43,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 4.7.2
+        version: '4.8'
 - !ruby/object:Gem::Dependency
   name: gli
   requirement: !ruby/object:Gem::Requirement
@@ -245,6 +261,7 @@ files:
 - lib/conjur/command/audit.rb
 - lib/conjur/command/authn.rb
 - lib/conjur/command/dsl_command.rb
+- lib/conjur/command/env.rb
 - lib/conjur/command/field.rb
 - lib/conjur/command/groups.rb
 - lib/conjur/command/hosts.rb
@@ -262,6 +279,7 @@ files:
 - lib/conjur/command/users.rb
 - lib/conjur/command/variables.rb
 - lib/conjur/config.rb
+- lib/conjur/conjurenv.rb
 - lib/conjur/dsl/runner.rb
 - lib/conjur/identifier_manipulation.rb
 - lib/conjur/version.rb
@@ -270,6 +288,7 @@ files:
 - spec/command/assets_spec.rb
 - spec/command/audit_spec.rb
 - spec/command/authn_spec.rb
+- spec/command/env_spec.rb
 - spec/command/groups_spec.rb
 - spec/command/hosts_spec.rb
 - spec/command/init_spec.rb
@@ -282,6 +301,7 @@ files:
 - spec/config_spec.rb
 - spec/conjurrc
 - spec/dsl/runner_spec.rb
+- spec/env_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/conjurinc/cli-ruby
 licenses:
@@ -296,12 +316,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: 4419990204005105741
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: 4419990204005105741
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.25
@@ -325,6 +351,7 @@ test_files:
 - spec/command/assets_spec.rb
 - spec/command/audit_spec.rb
 - spec/command/authn_spec.rb
+- spec/command/env_spec.rb
 - spec/command/groups_spec.rb
 - spec/command/hosts_spec.rb
 - spec/command/init_spec.rb
@@ -337,4 +364,5 @@ test_files:
 - spec/config_spec.rb
 - spec/conjurrc
 - spec/dsl/runner_spec.rb
+- spec/env_spec.rb
 - spec/spec_helper.rb