conjur-cli 5.6.6 → 6.0.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.dockerignore +1 -1
- data/.gitignore +2 -0
- data/.rubocop.yml +1 -1
- data/APPLIANCE_VERSION +1 -1
- data/CHANGELOG.md +3 -42
- data/Gemfile +4 -7
- data/Humanfile.md +31 -0
- data/Jenkinsfile +34 -63
- data/README.md +41 -55
- data/Rakefile +5 -1
- data/bin/conjur +0 -2
- data/build-deb.sh +1 -3
- data/ci/cli-test.sh +6 -0
- data/ci/package.sh +3 -1
- data/ci/publish.sh +2 -2
- data/ci/secrets/publish.yml +2 -2
- data/ci/wait_for_server.sh +10 -0
- data/conjur-cli.gemspec +7 -7
- data/dev/docker-compose.yml +24 -0
- data/dev/start.sh +15 -0
- data/dev/stop.sh +5 -0
- data/docker-compose.yml +30 -0
- data/features/authentication/authenticate.feature +34 -0
- data/features/authentication/login.feature +13 -0
- data/features/authentication/logout.feature +15 -0
- data/{acceptance-features → features}/authentication/whoami.feature +0 -0
- data/features/authorization/resource/annotate.feature +22 -0
- data/features/authorization/resource/check.feature +47 -0
- data/{acceptance-features → features}/authorization/resource/exists.feature +18 -6
- data/features/authorization/resource/permitted_roles.feature +35 -0
- data/features/authorization/resource/show.feature +34 -0
- data/features/authorization/role/exists.feature +28 -0
- data/features/authorization/role/members.feature +45 -0
- data/features/authorization/role/memberships.feature +43 -0
- data/features/conjurenv/check.feature +34 -0
- data/features/conjurenv/run.feature +15 -0
- data/{acceptance-features → features}/conjurenv/template.feature +8 -3
- data/{acceptance-features → features}/directory/user/update_password.feature +8 -2
- data/{acceptance-features → features}/directory/variable/value.feature +9 -5
- data/{acceptance-features → features}/directory/variable/values-add.feature +8 -3
- data/features/hostfactory/tokens.feature +22 -0
- data/features/pubkeys/show.feature +18 -0
- data/features/step_definitions/authn_steps.rb +22 -0
- data/features/step_definitions/cli_steps.rb +28 -0
- data/features/step_definitions/file_steps.rb +12 -0
- data/features/step_definitions/flow_control_steps.rb +7 -0
- data/features/step_definitions/graph_steps.rb +4 -3
- data/{acceptance-features → features}/step_definitions/http_steps.rb +0 -0
- data/features/step_definitions/overrides.rb +9 -0
- data/features/step_definitions/policy_steps.rb +11 -0
- data/{acceptance-features → features}/step_definitions/trusted_proxy_steps.rb +0 -0
- data/features/support/blank.yml +1 -0
- data/features/support/env.rb +21 -7
- data/features/support/hooks.rb +31 -116
- data/features/support/world.rb +16 -76
- data/jenkins.sh +33 -0
- data/lib/conjur/authenticator.rb +83 -0
- data/lib/conjur/authn.rb +5 -20
- data/lib/conjur/cli.rb +13 -6
- data/lib/conjur/command.rb +30 -350
- data/lib/conjur/command/authn.rb +23 -15
- data/lib/conjur/command/host_factories.rb +2 -74
- data/lib/conjur/command/hosts.rb +6 -113
- data/lib/conjur/command/init.rb +20 -35
- data/lib/conjur/command/{secrets.rb → policies.rb} +33 -22
- data/lib/conjur/command/pubkeys.rb +3 -63
- data/lib/conjur/command/resources.rb +45 -162
- data/lib/conjur/command/roles.rb +11 -181
- data/lib/conjur/command/rspec/helpers.rb +0 -1
- data/lib/conjur/command/rspec/mock_services.rb +4 -4
- data/lib/conjur/command/users.rb +2 -159
- data/lib/conjur/command/variables.rb +5 -218
- data/lib/conjur/complete.rb +2 -2
- data/lib/conjur/config.rb +1 -11
- data/lib/conjur/conjurenv.rb +12 -9
- data/lib/conjur/identifier_manipulation.rb +3 -5
- data/lib/conjur/version.rb +2 -2
- data/{publish-rubygem.sh → publish.sh} +0 -4
- data/spec/authn_spec.rb +4 -0
- data/spec/command/hosts_spec.rb +2 -69
- data/spec/command/init_spec.rb +16 -11
- data/spec/command/pubkeys_spec.rb +1 -46
- data/spec/command/resources_spec.rb +21 -170
- data/spec/command/roles_spec.rb +5 -181
- data/spec/command/users_spec.rb +3 -79
- data/spec/command_spec.rb +1 -20
- data/spec/complete_spec.rb +1 -23
- data/spec/config_spec.rb +1 -1
- data/spec/spec_helper.rb +4 -5
- data/test.sh +29 -25
- metadata +92 -212
- data/.githooks/pre_commit/run_specs.rb +0 -23
- data/Dockerfile +0 -15
- data/Dockerfile.fpm +0 -18
- data/Dockerfile.publish +0 -12
- data/Dockerfile.standalone +0 -33
- data/Dockerfile.validate-packaging +0 -9
- data/VERSION +0 -1
- data/acceptance-features/audit/audit_event_send.feature +0 -107
- data/acceptance-features/audit/fetch.feature +0 -16
- data/acceptance-features/audit/send.feature +0 -51
- data/acceptance-features/authentication/authenticate.feature +0 -10
- data/acceptance-features/authentication/login.feature +0 -12
- data/acceptance-features/authentication/logout.feature +0 -13
- data/acceptance-features/authorization/resource/annotate.feature +0 -35
- data/acceptance-features/authorization/resource/check.feature +0 -24
- data/acceptance-features/authorization/resource/create.feature +0 -21
- data/acceptance-features/authorization/resource/deny.feature +0 -12
- data/acceptance-features/authorization/resource/give.feature +0 -24
- data/acceptance-features/authorization/resource/permit.feature +0 -20
- data/acceptance-features/authorization/resource/permitted_roles.feature +0 -16
- data/acceptance-features/authorization/resource/show.feature +0 -28
- data/acceptance-features/authorization/role/create.feature +0 -13
- data/acceptance-features/authorization/role/exists.feature +0 -19
- data/acceptance-features/authorization/role/grant_to.feature +0 -21
- data/acceptance-features/authorization/role/graph.feature +0 -57
- data/acceptance-features/authorization/role/members.feature +0 -23
- data/acceptance-features/authorization/role/memberships.feature +0 -27
- data/acceptance-features/bootstrap.feature +0 -13
- data/acceptance-features/conjurenv/check.feature +0 -21
- data/acceptance-features/conjurenv/run.feature +0 -10
- data/acceptance-features/directory/group/create.feature +0 -20
- data/acceptance-features/directory/group/retire.feature +0 -54
- data/acceptance-features/directory/host/create.feature +0 -23
- data/acceptance-features/directory/host/retire.feature +0 -6
- data/acceptance-features/directory/hostfactory/create.feature +0 -28
- data/acceptance-features/directory/hostfactory/tokens.feature +0 -16
- data/acceptance-features/directory/layer/create.feature +0 -10
- data/acceptance-features/directory/layer/hosts-add.feature +0 -9
- data/acceptance-features/directory/layer/hosts-remove.feature +0 -10
- data/acceptance-features/directory/layer/retire.feature +0 -43
- data/acceptance-features/directory/user/create.feature +0 -23
- data/acceptance-features/directory/user/retire.feature +0 -6
- data/acceptance-features/directory/variable/create.feature +0 -14
- data/acceptance-features/directory/variable/retire.feature +0 -17
- data/acceptance-features/dsl/policy_owner.feature +0 -45
- data/acceptance-features/dsl/resource_owner.feature +0 -17
- data/acceptance-features/dsl/retire.feature +0 -15
- data/acceptance-features/global-privilege/elevate.feature +0 -20
- data/acceptance-features/global-privilege/reveal.privilege +0 -20
- data/acceptance-features/pubkeys/add.feature +0 -22
- data/acceptance-features/pubkeys/delete.feature +0 -9
- data/acceptance-features/pubkeys/names.feature +0 -26
- data/acceptance-features/pubkeys/show.feature +0 -27
- data/acceptance-features/step_definitions/cli_steps.rb +0 -57
- data/acceptance-features/step_definitions/graph_steps.rb +0 -22
- data/acceptance-features/step_definitions/user_steps.rb +0 -51
- data/acceptance-features/support/env.rb +0 -23
- data/acceptance-features/support/hooks.rb +0 -178
- data/acceptance-features/support/world.rb +0 -176
- data/acceptance-features/trusted_proxies.feature +0 -82
- data/bin/conjurize +0 -26
- data/bin/jsonfield +0 -70
- data/build-standalone +0 -6
- data/deprecations.sh +0 -38
- data/features/conjurize.feature +0 -134
- data/features/dsl_context.feature +0 -36
- data/features/dsl_host_create.feature +0 -11
- data/features/dsl_ownership.feature +0 -30
- data/features/dsl_permission.feature +0 -45
- data/features/dsl_resource_create.feature +0 -23
- data/features/dsl_role_create.feature +0 -11
- data/features/dsl_user_create.feature +0 -23
- data/features/jsonfield.feature +0 -49
- data/features/role_graph.feature +0 -58
- data/features/step_definitions/conjurize_steps.rb +0 -5
- data/features/step_definitions/dsl_steps.rb +0 -52
- data/features/support/conjur.conf +0 -6
- data/lib/conjur/command/assets.rb +0 -121
- data/lib/conjur/command/audit.rb +0 -155
- data/lib/conjur/command/bootstrap.rb +0 -129
- data/lib/conjur/command/dsl_command.rb +0 -75
- data/lib/conjur/command/elevate.rb +0 -76
- data/lib/conjur/command/field.rb +0 -45
- data/lib/conjur/command/groups.rb +0 -208
- data/lib/conjur/command/ids.rb +0 -34
- data/lib/conjur/command/layers.rb +0 -211
- data/lib/conjur/command/ldapsync.rb +0 -118
- data/lib/conjur/command/rspec/audit_helpers.rb +0 -68
- data/lib/conjur/command/rubydsl.rb +0 -93
- data/lib/conjur/command/script.rb +0 -48
- data/lib/conjur/command/server.rb +0 -67
- data/lib/conjur/conjurize.rb +0 -71
- data/lib/conjur/conjurize/script.rb +0 -150
- data/lib/conjur/dsl/runner.rb +0 -273
- data/publish-deb.sh +0 -6
- data/push-image +0 -29
- data/spec/command/assets_spec.rb +0 -115
- data/spec/command/audit_spec.rb +0 -376
- data/spec/command/elevate_spec.rb +0 -28
- data/spec/command/env_spec.rb +0 -168
- data/spec/command/groups_spec.rb +0 -77
- data/spec/command/host_factories_spec.rb +0 -38
- data/spec/command/layers_spec.rb +0 -35
- data/spec/command/ldapsync_spec.rb +0 -28
- data/spec/command/rubydsl_spec.rb +0 -63
- data/spec/command/variable_expiration_spec.rb +0 -164
- data/spec/command/variables_spec.rb +0 -192
- data/spec/conjurize/script_spec.rb +0 -62
- data/spec/conjurize_spec.rb +0 -70
- data/spec/dsl/runner_spec.rb +0 -93
- data/spec/env_spec.rb +0 -214
data/spec/command/roles_spec.rb
CHANGED
@@ -2,204 +2,28 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
describe Conjur::Command::Roles, logged_in: true do
|
4
4
|
|
5
|
-
describe "role:grant_to" do
|
6
|
-
describe_command "role:grant_to test:a test:b" do
|
7
|
-
it "grants the role without options" do
|
8
|
-
expect_any_instance_of(Conjur::Role).to receive(:grant_to).with("test:b", {})
|
9
|
-
invoke
|
10
|
-
end
|
11
|
-
end
|
12
|
-
describe_command "role:grant_to --admin test:a test:b" do
|
13
|
-
it "grants the role with admin option" do
|
14
|
-
expect_any_instance_of(Conjur::Role).to receive(:grant_to).with("test:b", {admin_option: true})
|
15
|
-
invoke
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
describe "role:create" do
|
21
|
-
describe_command "role:create test:the-role" do
|
22
|
-
it "creates the role with no options" do
|
23
|
-
expect_any_instance_of(Conjur::Role).to receive(:create).with({})
|
24
|
-
|
25
|
-
invoke
|
26
|
-
end
|
27
|
-
end
|
28
|
-
describe_command "role:create --as-role test:foo test:the-role" do
|
29
|
-
it "creates the role with acting_as option" do
|
30
|
-
expect(api).to receive(:role).with("test:foo").and_return double("test:foo", exists?: true, roleid: "test:test:foo")
|
31
|
-
expect(api).to receive(:role).with("test:the-role").and_return role = double("new-role", roleid: "test:the-role")
|
32
|
-
expect(role).to receive(:create).with({acting_as: "test:test:foo"})
|
33
|
-
|
34
|
-
expect { invoke }.to write("Created role test:the-role")
|
35
|
-
end
|
36
|
-
end
|
37
|
-
describe_command "role:create --as-group the-group test:the-role" do
|
38
|
-
it "creates the role with with acting_as option" do
|
39
|
-
expect(api).to receive(:group).with("the-group").and_return group = double("the-group", roleid: "test:group:the-group")
|
40
|
-
expect(api).to receive(:role).with(group.roleid).and_return double("group:the-group", exists?: true, roleid: "test:group:the-group")
|
41
|
-
expect(api).to receive(:role).with("test:the-role").and_return role = double("new-role", roleid: "test:the-role")
|
42
|
-
expect(role).to receive(:create).with({acting_as: "test:group:the-group"})
|
43
|
-
|
44
|
-
expect { invoke }.to write("Created role test:the-role")
|
45
|
-
end
|
46
|
-
end
|
47
|
-
end
|
48
|
-
|
49
|
-
describe "role:members" do
|
50
|
-
let(:all_roles) { %w(foo:user:joerandom foo:something:cool foo:something:else foo:group:admins) }
|
51
|
-
let(:all_role_grants) {
|
52
|
-
all_roles.map do |r|
|
53
|
-
Conjur::RoleGrant.new(api.role("foo:user:joerandom"), api.role(r), api.role("foo:user:admin"), false)
|
54
|
-
end
|
55
|
-
}
|
56
|
-
let(:role) do
|
57
|
-
double "the role", members: all_role_grants
|
58
|
-
end
|
59
|
-
|
60
|
-
before do
|
61
|
-
allow(api).to receive(:role).and_call_original
|
62
|
-
allow(api).to receive(:role).with(rolename).and_return role
|
63
|
-
end
|
64
|
-
|
65
|
-
context "when logged in as a user" do
|
66
|
-
let(:username) { "joerandom" }
|
67
|
-
let(:rolename) { "user:joerandom" }
|
68
|
-
|
69
|
-
describe_command "role:members" do
|
70
|
-
it "lists all roles" do
|
71
|
-
expect(JSON::parse(expect { invoke }.to write)).to eq(all_roles)
|
72
|
-
end
|
73
|
-
end
|
74
|
-
|
75
|
-
describe_command "role:members -V" do
|
76
|
-
it "lists all roles verbosely" do
|
77
|
-
expect(JSON::parse(expect { invoke }.to write)).to eq(all_role_grants.map(&:to_h).map(&:stringify_keys))
|
78
|
-
end
|
79
|
-
describe "without RoleGrant.role field" do
|
80
|
-
it "lists the roles verbosely" do
|
81
|
-
all_role_grants.each do |rg|
|
82
|
-
rg.instance_variable_set "@role", nil
|
83
|
-
end
|
84
|
-
expect(JSON::parse(expect { invoke }.to write)).to eq(all_role_grants.map(&:to_h).map(&:stringify_keys))
|
85
|
-
end
|
86
|
-
end
|
87
|
-
end
|
88
|
-
|
89
|
-
describe_command "role:members --count" do
|
90
|
-
it "counts the roles" do
|
91
|
-
expect(role).to receive(:members).with({count: true}).and_return(all_roles.size)
|
92
|
-
expect(JSON::parse(expect { invoke }.to write)).to eq(all_roles.size)
|
93
|
-
end
|
94
|
-
end
|
95
|
-
|
96
|
-
describe_command "role:members -k hamster -s frontend -o 10 -l 10" do
|
97
|
-
it "lists selected roles" do
|
98
|
-
expect(role).to receive(:members).with({kind: 'hamster', search: 'frontend', offset: "10", limit: "10"}).and_return(all_role_grants)
|
99
|
-
expect(JSON::parse(expect { invoke }.to write)).to eq(all_roles)
|
100
|
-
end
|
101
|
-
end
|
102
|
-
|
103
|
-
describe_command "role:members -k hamster,giraffe" do
|
104
|
-
it "lists selected roles" do
|
105
|
-
expect(role).to receive(:members).with({kind: %w(hamster giraffe)}).and_return(all_role_grants)
|
106
|
-
expect(JSON::parse(expect { invoke }.to write)).to eq(all_roles)
|
107
|
-
end
|
108
|
-
end
|
109
|
-
|
110
|
-
describe_command "role:members -k hamster -k giraffe" do
|
111
|
-
it "applies only the last 'kind' filter" do
|
112
|
-
expect(role).to receive(:members).with({kind: 'giraffe'}).and_return(all_role_grants)
|
113
|
-
expect(JSON::parse(expect { invoke }.to write)).to eq(all_roles)
|
114
|
-
end
|
115
|
-
end
|
116
|
-
|
117
|
-
describe_command "role:members foo:bar" do
|
118
|
-
let(:rolename) { 'foo:bar' }
|
119
|
-
it "lists all roles of foo:bar" do
|
120
|
-
expect(JSON::parse(expect { invoke }.to write)).to eq(all_roles)
|
121
|
-
end
|
122
|
-
end
|
123
|
-
end
|
124
|
-
end
|
125
|
-
|
126
5
|
describe "role:memberships" do
|
127
6
|
let(:all_roles) { %w(foo:user:joerandom foo:something:cool foo:something:else foo:group:admins) }
|
128
|
-
let(:all_role_objects) { all_roles.map{|r| double r, roleid: r } }
|
129
7
|
let(:role) do
|
130
|
-
double "the role",
|
8
|
+
double "the role", memberships: all_roles.map{|r| double r, id: r }
|
131
9
|
end
|
132
10
|
|
133
11
|
before do
|
134
|
-
allow(api).to receive(:role).and_call_original
|
135
12
|
allow(api).to receive(:role).with(rolename).and_return role
|
136
13
|
end
|
137
14
|
|
138
15
|
context "when logged in as a user" do
|
139
16
|
let(:username) { "joerandom" }
|
140
|
-
let(:rolename) { "user:joerandom" }
|
17
|
+
let(:rolename) { "#{account}:user:joerandom" }
|
141
18
|
|
142
19
|
describe_command "role:memberships" do
|
143
20
|
it "lists all roles" do
|
144
21
|
expect(JSON::parse(expect { invoke }.to write)).to eq(all_roles)
|
145
22
|
end
|
146
23
|
end
|
147
|
-
|
148
|
-
describe_command "when empty" do
|
149
|
-
let(:all_roles) { [] }
|
150
|
-
describe_command "role:memberships" do
|
151
|
-
it "prints an empty array" do
|
152
|
-
expect(JSON::parse(expect { invoke }.to write)).to eq([])
|
153
|
-
end
|
154
|
-
end
|
155
|
-
end
|
156
|
-
|
157
|
-
describe_command "role:memberships" do
|
158
|
-
it "hides system roles" do
|
159
|
-
expect(role).to receive(:all).with({}).and_return([
|
160
|
-
double(:role, roleid: "the-account:@:hamster")
|
161
|
-
])
|
162
|
-
expect(JSON::parse(expect { invoke }.to write)).to eq([])
|
163
|
-
end
|
164
|
-
end
|
165
|
-
|
166
|
-
describe_command "role:memberships --count" do
|
167
|
-
it "counts the roles" do
|
168
|
-
expect(role).to receive(:all).with({count: true}).and_return(all_roles.size)
|
169
|
-
expect(JSON::parse(expect { invoke }.to write)).to eq(all_roles.size)
|
170
|
-
end
|
171
|
-
end
|
172
|
-
|
173
|
-
context "with full role grant info" do
|
174
|
-
let(:all_role_grants) {
|
175
|
-
all_roles.map do |r|
|
176
|
-
Conjur::RoleGrant.new(api.role(r), api.role("foo:user:joerandom"), api.role("foo:user:admin"), false)
|
177
|
-
end
|
178
|
-
}
|
179
|
-
before {
|
180
|
-
expect(role).to receive(:all).with({recursive: false}).and_return(all_role_grants)
|
181
|
-
}
|
182
|
-
describe_command "role:memberships --no-recursive" do
|
183
|
-
it "lists the roles" do
|
184
|
-
expect(JSON::parse(expect { invoke }.to write)).to eq(all_roles)
|
185
|
-
end
|
186
|
-
end
|
187
|
-
describe_command "role:memberships -V --no-recursive" do
|
188
|
-
it "shows all the roles" do
|
189
|
-
expect(JSON::parse(expect { invoke }.to write)).to eq(all_role_grants.map(&:to_h).map(&:stringify_keys))
|
190
|
-
end
|
191
|
-
end
|
192
|
-
end
|
193
|
-
|
194
|
-
describe_command "role:memberships -k hamster -s frontend -o 10 -l 10" do
|
195
|
-
it "lists selected roles" do
|
196
|
-
expect(role).to receive(:all).with({kind: 'hamster', search: 'frontend', offset: "10", limit: "10"}).and_return(all_role_objects)
|
197
|
-
expect(JSON::parse(expect { invoke }.to write)).to eq(all_roles)
|
198
|
-
end
|
199
|
-
end
|
200
24
|
|
201
25
|
describe_command "role:memberships foo:bar" do
|
202
|
-
let(:rolename) {
|
26
|
+
let(:rolename) { "#{account}:foo:bar" }
|
203
27
|
it "lists all roles of foo:bar" do
|
204
28
|
expect(JSON::parse(expect { invoke }.to write)).to eq(all_roles)
|
205
29
|
end
|
@@ -208,7 +32,7 @@ describe Conjur::Command::Roles, logged_in: true do
|
|
208
32
|
|
209
33
|
context "when logged in as a host" do
|
210
34
|
let(:username) { "host/foobar" }
|
211
|
-
let(:rolename) { "host:foobar" }
|
35
|
+
let(:rolename) { "#{account}:host:foobar" }
|
212
36
|
|
213
37
|
describe_command "role:memberships" do
|
214
38
|
it "lists all roles" do
|
@@ -218,7 +42,7 @@ describe Conjur::Command::Roles, logged_in: true do
|
|
218
42
|
end
|
219
43
|
end
|
220
44
|
|
221
|
-
describe "role graph" do
|
45
|
+
describe "role graph", wip: true do
|
222
46
|
let(:roles){ [] }
|
223
47
|
let(:options){ { ancestors: true, descendants: true } }
|
224
48
|
let(:extra_options){ {} }
|
data/spec/command/users_spec.rb
CHANGED
@@ -1,85 +1,9 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe Conjur::Command::Users, logged_in: true do
|
4
|
-
let(:
|
5
|
-
let(:update_password_url) {
|
6
|
-
|
7
|
-
context "creating a user" do
|
8
|
-
let(:new_user) { double("new-user") }
|
9
|
-
before do
|
10
|
-
expect(Conjur::Command::Users).to receive(:display).with(new_user)
|
11
|
-
end
|
12
|
-
|
13
|
-
[ "user:create", "user create" ].each do |cmd|
|
14
|
-
describe_command "#{cmd} -p the-user" do
|
15
|
-
it "Creates a user with a password obtained by prompting the user" do
|
16
|
-
expect_any_instance_of(Conjur::API).to receive(:create_user).with("the-user", password: "the-password").and_return new_user
|
17
|
-
expect(Conjur::Command::Users).to receive(:prompt_for_password).and_return "the-password"
|
18
|
-
|
19
|
-
invoke
|
20
|
-
end
|
21
|
-
end
|
22
|
-
describe_command "#{cmd} the-user" do
|
23
|
-
it "Creates a user without a password" do
|
24
|
-
expect_any_instance_of(Conjur::API).to receive(:create_user).with("the-user", {}).and_return new_user
|
25
|
-
invoke
|
26
|
-
end
|
27
|
-
end
|
28
|
-
describe_command "#{cmd} --uidnumber 12345 the-user" do
|
29
|
-
it "Creates a user with specified uidnumber" do
|
30
|
-
expect_any_instance_of(Conjur::API).to receive(:create_user).with("the-user", { uidnumber: 12345 }).and_return new_user
|
31
|
-
invoke
|
32
|
-
end
|
33
|
-
end
|
34
|
-
describe_command "#{cmd} --cidr 192.168.1.1,127.0.0.0/32 the-user" do
|
35
|
-
it "Creates a user with specified CIDR" do
|
36
|
-
expect_any_instance_of(Conjur::API).to receive(:create_user).with(
|
37
|
-
"the-user", { cidr: ['192.168.1.1', '127.0.0.0/32'] }
|
38
|
-
).and_return new_user
|
39
|
-
invoke
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
context "updating user attributes" do
|
46
|
-
describe_command "user update --uidnumber 12345 the-user" do
|
47
|
-
it "updates the uidnumber" do
|
48
|
-
stub_user = double()
|
49
|
-
expect_any_instance_of(Conjur::API).to receive(:user).with("the-user").and_return stub_user
|
50
|
-
expect(stub_user).to receive(:update).with(uidnumber: 12345).and_return ""
|
51
|
-
expect { invoke }.to write "User updated"
|
52
|
-
end
|
53
|
-
end
|
54
|
-
describe_command "user update --cidr 127.0.0.0/32 the-user" do
|
55
|
-
it "updates the CIDR" do
|
56
|
-
stub_user = double()
|
57
|
-
expect_any_instance_of(Conjur::API).to receive(:user).with("the-user").and_return stub_user
|
58
|
-
expect(stub_user).to receive(:update).with(cidr: ['127.0.0.0/32']).and_return ""
|
59
|
-
expect { invoke }.to write "User updated"
|
60
|
-
end
|
61
|
-
end
|
62
|
-
|
63
|
-
describe_command "user update --cidr all the-user" do
|
64
|
-
it "resets the CIDR restrictions" do
|
65
|
-
stub_user = double()
|
66
|
-
expect_any_instance_of(Conjur::API).to receive(:user).with("the-user").and_return stub_user
|
67
|
-
expect(stub_user).to receive(:update).with(cidr: []).and_return ""
|
68
|
-
expect { invoke }.to write "User updated"
|
69
|
-
end
|
70
|
-
end
|
71
|
-
end
|
4
|
+
let (:rotate_api_key_url) { [Conjur.configuration.authn_url, account, 'api_key'].join('/') }
|
5
|
+
let (:update_password_url) { [Conjur.configuration.authn_url, account, 'password'].join('/') }
|
72
6
|
|
73
|
-
context "lookup per UID" do
|
74
|
-
let(:search_result) { {id: "the-user"} }
|
75
|
-
describe_command "user uidsearch 12345" do
|
76
|
-
it "finds user" do
|
77
|
-
expect_any_instance_of(Conjur::API).to receive(:find_users).with(uidnumber: 12345).and_return search_result
|
78
|
-
expect { invoke }.to write(JSON.pretty_generate(search_result))
|
79
|
-
end
|
80
|
-
end
|
81
|
-
end
|
82
|
-
|
83
7
|
context "updating password" do
|
84
8
|
before do
|
85
9
|
expect(RestClient::Request).to receive(:execute).with({
|
@@ -112,7 +36,7 @@ describe Conjur::Command::Users, logged_in: true do
|
|
112
36
|
before do
|
113
37
|
expect(RestClient::Request).to receive(:execute).with({
|
114
38
|
method: :put,
|
115
|
-
url:
|
39
|
+
url: rotate_api_key_url,
|
116
40
|
user: username,
|
117
41
|
password: api_key,
|
118
42
|
headers: {},
|
data/spec/command_spec.rb
CHANGED
@@ -10,7 +10,7 @@ describe Conjur::Command do
|
|
10
10
|
end
|
11
11
|
end
|
12
12
|
context "brief id(2 tokens)" do
|
13
|
-
before(:each) { allow(
|
13
|
+
before(:each) { allow(Conjur.configuration).to receive(:account).and_return("current/acc") }
|
14
14
|
it "injects current account as a prefix" do
|
15
15
|
expect(described_class.full_resource_id("a:b")).to eq("current/acc:a:b")
|
16
16
|
end
|
@@ -58,23 +58,4 @@ describe Conjur::Command do
|
|
58
58
|
end
|
59
59
|
end
|
60
60
|
|
61
|
-
describe "supports asset retirement" do
|
62
|
-
let(:role){ double('Role', roleid: 'the-role-id')}
|
63
|
-
let(:permission){ { 'role' => 'the-role-id', 'privilege' => 'read' } }
|
64
|
-
let(:permissions){ [ permission ] }
|
65
|
-
let(:resource){ double('Resource', deny: nil, attributes: {'permissions' => permissions}) }
|
66
|
-
let(:resources){ [resource] }
|
67
|
-
let(:api){ double('API') }
|
68
|
-
let(:asset){ double('Asset', resources: resources, resource: resource) }
|
69
|
-
describe "#retire_resource" do
|
70
|
-
context "when given an object without a role" do
|
71
|
-
it 'works' do
|
72
|
-
expect(described_class).to receive(:api).and_return api
|
73
|
-
expect(api).to receive(:role).with('the-role-id').and_return role
|
74
|
-
described_class.retire_resource(asset)
|
75
|
-
end
|
76
|
-
end
|
77
|
-
end
|
78
|
-
end
|
79
|
-
|
80
61
|
end
|
data/spec/complete_spec.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
describe Conjur::CLI::Complete do
|
3
|
+
describe Conjur::CLI::Complete, wip: true do
|
4
4
|
def expects_completions_for string, point=nil
|
5
5
|
expect(described_class.new("conjur #{string}",point)
|
6
6
|
.completions
|
@@ -28,10 +28,6 @@ describe Conjur::CLI::Complete do
|
|
28
28
|
it { expects_completions_for('host l').to include 'layers',
|
29
29
|
'list' }
|
30
30
|
end
|
31
|
-
|
32
|
-
context 'with "conjur rubydsl"' do
|
33
|
-
it { expects_completions_for('rubydsl ').to include 'load' }
|
34
|
-
end
|
35
31
|
end
|
36
32
|
|
37
33
|
describe 'for deprecated subcommands such as `conjur field`' do
|
@@ -56,16 +52,6 @@ describe Conjur::CLI::Complete do
|
|
56
52
|
.to include '-f', '--follow', '-l', '--limit=',
|
57
53
|
'-o', '--offset=', '-s', '--short' }
|
58
54
|
end
|
59
|
-
|
60
|
-
context 'conjur layer create --as-' do
|
61
|
-
it { expects_completions_for('layer create --as-')
|
62
|
-
.to include '--as-role=' }
|
63
|
-
end
|
64
|
-
|
65
|
-
context 'conjur group create --as-role' do
|
66
|
-
it { expects_completions_for('layer create --as-role')
|
67
|
-
.to contain_exactly '--as-role=' }
|
68
|
-
end
|
69
55
|
end
|
70
56
|
|
71
57
|
describe 'for arguments' do
|
@@ -108,10 +94,6 @@ describe Conjur::CLI::Complete do
|
|
108
94
|
it { expects_completions_for('group show ')
|
109
95
|
.to contain_exactly(*groups) }
|
110
96
|
end
|
111
|
-
context 'for a flag' do
|
112
|
-
it { expects_completions_for('group create --as-group=')
|
113
|
-
.to contain_exactly(*groups) }
|
114
|
-
end
|
115
97
|
end
|
116
98
|
|
117
99
|
context 'with kind "layer"' do
|
@@ -175,10 +157,6 @@ describe Conjur::CLI::Complete do
|
|
175
157
|
end
|
176
158
|
|
177
159
|
describe 'completes mid-line' do
|
178
|
-
it 'completes a subcommand not at the end of a line' do
|
179
|
-
expect(described_class.new('conjur gr create dwarves/7', 9).completions)
|
180
|
-
.to include 'group '
|
181
|
-
end
|
182
160
|
it 'tolerates garbage flags and arguments' do
|
183
161
|
expect(described_class.new('conjur omg --lol wat pu').completions)
|
184
162
|
.to include 'pubkeys '
|
data/spec/config_spec.rb
CHANGED
@@ -113,8 +113,8 @@ describe Conjur::Config do
|
|
113
113
|
|
114
114
|
describe "#apply" do
|
115
115
|
before {
|
116
|
-
allow_any_instance_of(Conjur::Configuration).to receive(:ensure_cert_readable!)
|
117
116
|
allow(OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE).to receive(:add_file)
|
117
|
+
allow(File).to receive(:open)
|
118
118
|
}
|
119
119
|
|
120
120
|
context "ssl_certificate string" do
|
data/spec/spec_helper.rb
CHANGED
@@ -18,15 +18,16 @@ end
|
|
18
18
|
# stub parameters to be used in resource/asset tests
|
19
19
|
KIND="asset_kind"
|
20
20
|
ID="unique_id"
|
21
|
-
ROLE='<role>'
|
22
21
|
MEMBER='<member>'
|
23
22
|
PRIVILEGE='<privilege>'
|
24
23
|
OWNER='<owner/userid>'
|
25
24
|
ACCOUNT='<core_account>'
|
25
|
+
ROLE="#{ACCOUNT}:user:user"
|
26
26
|
|
27
27
|
require 'conjur/command/rspec/helpers'
|
28
28
|
|
29
29
|
ENV['CONJURRC'] = '/dev/null'
|
30
|
+
ENV['CONJUR_ACCOUNT'] = ACCOUNT
|
30
31
|
|
31
32
|
require 'conjur/cli'
|
32
33
|
require 'conjur/api'
|
@@ -35,6 +36,8 @@ require 'conjur/complete'
|
|
35
36
|
shared_context "fresh config" do
|
36
37
|
before {
|
37
38
|
ENV.delete_if do |k,v|
|
39
|
+
next if k == 'CONJUR_ACCOUNT'
|
40
|
+
|
38
41
|
k =~ /^CONJUR_/
|
39
42
|
end
|
40
43
|
|
@@ -47,10 +50,6 @@ shared_context "fresh config" do
|
|
47
50
|
}
|
48
51
|
end
|
49
52
|
|
50
|
-
def invoke_silently
|
51
|
-
STDERR.grab { return invoke }
|
52
|
-
end
|
53
|
-
|
54
53
|
RSpec::Core::DSL.change_global_dsl do
|
55
54
|
def describe_conjurize *argv, &block
|
56
55
|
describe *argv do
|