conjur-cli 4.10.3 → 4.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9364641a7961f68f6327900c82a3b48df392a8ff
-  data.tar.gz: aa7a0645cba4fc6055263fb7893e1a87272759a1
+  metadata.gz: 4340c1ab3fdec7c2cb49b4fa1ec442298df85a50
+  data.tar.gz: 4acef5138095751da921eba71e2a13780fddd9d6
 SHA512:
-  metadata.gz: 885fe1eed115b3f3ca176a89cbbf50538a582f0610327a5b20bc77e8d4698bcc4781d45cb94927ddd3b2d76f3a849b718e5c7bbd3f62a267b09a9c76c294fdda
-  data.tar.gz: 85d230b34bd07280dc4d24c495e24bae284073c66c0e58e4d01267b918f35d0ca1a836ba71768ca71dad3879bf0c3a39792d49e480bd8a8bba5423dce9eb8e2f
+  metadata.gz: 9d52290d6b3fb8a86df68d8bbc2faff5bd24e4b382f570096b74fe1d24b724592abb724df3e580448f52f93edf0376be8167e3b6fc4ff0b6c4daa45c90af959a
+  data.tar.gz: 70fa8e0a22fe5cc93eb51b08b07b0e8ee875b8336c6e4e06fa9fa5d66e2bae27345c50005e947c814fe6d2139448f76467b93bbfc20547201b5f499c9988cc79

data/conjur.gemspec

@@ -17,7 +17,7 @@ Gem::Specification.new do |gem|
 
 
   gem.add_dependency 'activesupport'
-  gem.add_dependency 'conjur-api', '>=4.9.1'
+  gem.add_dependency 'conjur-api', '>=4.9.2'
   gem.add_dependency 'gli', '>=2.8.0'
   gem.add_dependency 'highline'
   gem.add_dependency 'netrc'

data/lib/conjur/authn.rb

@@ -54,7 +54,15 @@ module Conjur::Authn
     end
     
     def get_credentials(options = {})
-      @credentials ||= (read_credentials || fetch_credentials(options))
+      @credentials ||= (env_credentials || read_credentials || fetch_credentials(options))
+    end
+    
+    def env_credentials
+      if (login = ENV['CONJUR_AUTHN_LOGIN']) && (api_key = ENV['CONJUR_AUTHN_API_KEY'])
+        [ login, api_key ]
+      else
+        nil
+      end
     end
     
     def read_credentials

data/lib/conjur/command/audit.rb

@@ -11,22 +11,30 @@ class Conjur::Command
         'resource:deny' => lambda{|e| "denied #{e[:privilege]} from #{e[:grantee]} on #{e[:resource]}" },
         'resource:permitted_roles' => lambda{|e| "listed roles permitted to #{e[:privilege]} on #{e[:resource]}" },
         'role:check' => lambda{|e| "checked that #{e[:role] == e[:user] ? 'they' : e[:role]} can #{e[:privilege]} #{e[:resource]} (#{e[:allowed]})" },
-        'role:grant' => lambda{|e| "granted role #{e[:role]} to #{e[:member]} #{e[:admin_option] ? ' with ' : ' without '}admin" },
+        'role:grant' => lambda{|e| "granted role #{e[:role]} to #{e[:member]} #{e[:admin_option] ? 'with' : 'without'} admin" },
         'role:revoke' => lambda{|e| "revoked role #{e[:role]} from #{e[:member]}" },
-        'role:create' => lambda{|e| "created role #{e[:role]}" }
+        'role:create' => lambda{|e| "created role #{e[:role]}" },
+        'audit' => lambda{ |e| 
+          action_part = [ e[:facility], e[:action] ].compact.join(":")
+          actor_part = e[:role] ? "by #{e[:role]}" : nil
+          resource_part = e[:resource_id] ? "on #{e[:resource_id]}" : nil
+          allowed_part = e.has_key?(:allowed) ? "(allowed: #{e[:allowed]})" : nil
+          message_part = e[:audit_message] ? "; message: #{e[:audit_message]}" : ""
+          statement = [ action_part, actor_part, resource_part, allowed_part ].compact.join(" ")
+          "reported #{statement}"+ message_part
+        }
       }
       
-      
       def short_event_format e
         e.symbolize_keys!
         s = "[#{Time.parse(e[:timestamp])}]"
         s << " #{e[:user]}"
         s << " (as #{e[:acting_as]})" if e[:acting_as] != e[:user]
-        formatter = SHORT_FORMATS["#{e[:kind]}:#{e[:action]}"]
+        formatter = SHORT_FORMATS["#{e[:kind]}:#{e[:action]}"] || SHORT_FORMATS[e[:kind]]
         if formatter
           s << " " << formatter.call(e)
         else
-          s << " unknown event: #{e[:asset]}:#{e[:action]}!"
+          s << " unknown event: #{e[:kind]}:#{e[:action]}!"
         end
         s << " (failed with #{e[:error]})" if e[:error]
         s
@@ -53,6 +61,10 @@ class Conjur::Command
       
       def show_audit_events events, options
         events = [events] unless events.kind_of?(Array)
+        # offset and limit options seem to be broken. this is a temporary workaround (should be applied on server-side eventually)
+        events = events.drop(options[:offset]) if options[:offset]
+        events = events.take(options[:limit]) if options[:limit]
+
         if options[:short]
           events.each{|e| puts short_event_format(e)}
         else
@@ -82,14 +94,13 @@ class Conjur::Command
       end
     end
 
-    desc "Show audit events"
-    command  :audit do |audit|
+    desc "Fetch audit events"
+    command :audit do |audit|
       audit.desc "Show all audit events visible to the current user"
       audit_feed_command audit, :all do |args, options|
         api.audit(options){ |es| show_audit_events es, options }
       end
 
-
       audit.desc "Show audit events related to a role"
       audit.arg_name 'role'
       audit_feed_command audit, :role do |args, options|
@@ -97,13 +108,12 @@ class Conjur::Command
         api.audit_role(id, options){ |es| show_audit_events es, options }
       end
 
-
       audit.desc "Show audit events related to a resource"
       audit.arg_name 'resource'
       audit_feed_command audit, :resource do |args, options|
         id = full_resource_id(require_arg args, "resource")
         api.audit_resource(id, options){|es| show_audit_events es, options}
-      end
+      end 
     end
   end
-end
+end

data/lib/conjur/command/init.rb

@@ -94,7 +94,10 @@ class Conjur::Command::Init < Conjur::Command
       
       exit_now! "account is required" if account.blank?
       
-      config = { account: account }
+      config = { 
+        account: account,
+        plugins: []
+      }
       
       config[:appliance_url] = "https://#{hostname}/api" unless hostname.blank?
       

data/lib/conjur/command/rspec/audit_helpers.rb

@@ -0,0 +1,69 @@
+shared_context "default audit behavior" do
+  let(:common_prefix) { "[#{default_audit_event["timestamp"]}] #{default_audit_event["user"]}" }
+
+  let(:default_audit_event) {
+    {
+      "request" => {
+                  "ip" => "1.2.3.4",
+                  "url"=>"https://conjur/api",
+                  "method"=>"POST",
+                  "uuid" => "abcdef",
+                  "params"=> {
+                    "controller"=>"role",
+                    "action"=>"create",
+                    "account"=>"the-account"
+                    }
+                  },
+      "user" => "account:user:alice",
+      "acting_as" => "account:group:admins",
+      "conjur" =>   { # new behaviour
+                  "user" => "account:user:alice",
+                  "role" => "account:group:admins",
+                  "domain" => "authz",
+                  "env"    => "test",
+                  "account" => "the-account"
+                  },
+      "completely_custom_field" => "with some value",
+      "kind" => "some_asset",
+      "action" => "some_action",
+      "user" => "account:user:alice",
+      "id"   => 12345,
+      "timestamp" => Time.now().to_s,
+      "event_id" => "xaxaxaxaxa",
+      "resources" => ["the-account:layer:resources/production", "layer:resources/frontend"],
+      "roles" => ["the-account:group:roles/qa", "group:roles/ssh_users"]
+    }
+  }
+
+  shared_examples_for "it supports standard prefix:" do
+    describe "if acting_as is the same as user" do
+      let(:audit_event) { test_event.tap { |e| e["acting_as"]=e["user"] } }
+      it "prints default prefix" do
+        expect { invoke }.to write(common_prefix)
+      end
+      it "does not print 'acting_as' statement" do
+        expect { invoke }.to_not write(common_prefix+" (as ")
+      end
+    end
+
+    describe "if acting_as is different from user" do
+      it 'prints default prefix followed by (acting as..) statement' do
+        expect { invoke }.to write(common_prefix+" (as #{audit_event['acting_as']})")
+      end
+    end
+  end
+
+  shared_examples_for "it recognizes error messages:" do
+    describe "if :error is not empty" do
+      let(:audit_event) { test_event.merge("error"=>"everything's down") }
+      it 'appends (failed with...) statement' do
+        expect { invoke }.to write(" (failed with everything's down)")
+      end
+    end
+    describe "if :error is empty" do
+      it 'does not print "failed with" statement' do
+        expect { invoke }.not_to write(" (failed with ")
+      end
+    end
+  end
+end

data/lib/conjur/command/rspec/describe_command.rb

@@ -3,6 +3,7 @@ module RSpec::Core::DSL
     describe *argv do
       let(:invoke) do
         Conjur::CLI.error_device = $stderr
+        # TODO: allow proper handling of description like "audit:send 'hello world'"
         Conjur::CLI.run argv.first.split(' ')
       end
       instance_eval &block

data/lib/conjur/command/rspec/helpers.rb

@@ -1,3 +1,4 @@
 require 'conjur/command/rspec/describe_command'
 require 'conjur/command/rspec/output_matchers'
 require 'conjur/command/rspec/mock_services'
+require 'conjur/command/rspec/audit_helpers'

data/lib/conjur/config.rb

@@ -31,7 +31,11 @@ module Conjur
       end
       
       def default_config_files
-        [ File.join("/etc", "conjur.conf"), ( ENV['CONJURRC'] || File.expand_path("~/.conjurrc") ), '.conjurrc' ]
+        [ File.join("/etc", "conjur.conf"), ( ENV['CONJURRC'] || [ File.expand_path("~/.conjurrc"), '.conjurrc'] ) ].flatten.tap do |f| 
+          if f.include?'.conjurrc' and File.file?('.conjurrc') and not ENV['CONJURRC']=='.conjurrc'
+            $stderr.puts "WARNING: .conjurrc file from current directory is used. This behaviour is deprecated. Use ENV['CONJURRC'] to explicitly define custom configuration file if needed"
+          end
+        end
       end
       
       def load(config_files = default_config_files)
@@ -55,14 +59,14 @@ module Conjur
         require 'conjur/configuration'
         keys = Config.keys.dup
         keys.delete(:plugins)
-
+        
         cfg = Conjur.configuration
         keys.each do |k|
-          begin
-            next if cfg.send(k)
-          rescue
-            # we use try..rescue because Conjur.configuration
-            # provides no API to see if key is set
+          if Conjur.configuration.respond_to?("#{k}_env_var") && (env_var = Conjur.configuration.send("#{k}_env_var")) && (v = ENV[env_var])
+            if Conjur.log
+              Conjur.log << "Not overriding environment setting #{k}=#{v}\n"
+            end
+            next
           end
           value = Config[k]
           cfg.set k, value if value

data/lib/conjur/dsl/runner.rb

@@ -195,7 +195,7 @@ module Conjur
             api.send(create_method, options)
           end
         end
-        if annotations.kind_of? Hash
+        if annotations.kind_of?(Hash) && !annotations.blank?
           # TODO: fix API to make 'annotations' available directly on objects
           #   https://basecamp.com/1949725/projects/4268938-api-version-4-x/todos/84970444-high-support
           obj_as_resource = obj.resource

data/lib/conjur/version.rb

@@ -19,6 +19,6 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 module Conjur
-  VERSION = "4.10.3"
+  VERSION = "4.12.0"
   ::Version=VERSION
 end

data/spec/authn_spec.rb

@@ -2,6 +2,23 @@ require 'conjur/authn'
 require 'conjur/config'
 
 describe Conjur::Authn do
+  describe "credentials from environment" do
+    before {
+      Conjur::Authn.instance_variable_set("@credentials", nil)
+      ENV.should_receive(:[]).with("CONJUR_AUTHN_LOGIN").and_return "the-login"
+      ENV.should_receive(:[]).with("CONJUR_AUTHN_API_KEY").and_return "the-api-key"
+    }
+    after {
+      Conjur::Authn.instance_variable_set("@credentials", nil)
+    }
+    it "are used to authn" do
+      Conjur::Authn.get_credentials.should == [ "the-login", "the-api-key" ]
+    end
+    it "are not written to netrc" do
+      Conjur::Authn.stub(:write_credentials).and_raise "should not write credentials"
+      Conjur::Authn.get_credentials
+    end
+  end
   describe "netrc" do
     before {
       Conjur::Authn.instance_variable_set("@netrc", nil)

data/spec/command/audit_spec.rb

@@ -80,4 +80,271 @@ describe Conjur::Command::Audit, logged_in: true do
   describe "audit:all" do
     it_calls_the_api "audit:all", :audit, {}
   end
-end
+
+  describe "output formatting:" do
+    include_context "default audit behavior"
+    
+    before {
+      api.stub(:audit_event_feed).and_yield([audit_event])
+    }
+
+    describe_command "audit all" do
+      let(:audit_event) { default_audit_event }
+      it 'prints full JSON retrieved from API' do
+        expect { invoke }.to write( JSON.pretty_generate(audit_event)  )
+      end
+    end
+
+    describe_command "audit all -s" do
+      let(:common_prefix) { "[#{default_audit_event["timestamp"]}] #{default_audit_event["user"]}" }
+      let(:audit_event) { test_event }
+      shared_examples_for "it supports standard prefix:" do
+        describe "if acting_as is the same as user" do
+          let(:audit_event) { test_event.tap { |e| e["acting_as"]=e["user"] } }
+          it "prints default prefix" do
+            expect { invoke }.to write(common_prefix)
+          end
+          it "does not print 'acting_as' statement" do
+            expect { invoke }.to_not write(common_prefix+" (as ")
+          end
+        end
+
+        describe "if acting_as is different from user" do
+          it 'prints default prefix followed by (acting as..) statement' do
+            expect { invoke }.to write(common_prefix+" (as #{audit_event['acting_as']})")
+          end
+        end
+      end
+
+      shared_examples_for "it recognizes error messages:" do
+        describe "if :error is not empty" do
+          let(:audit_event) { test_event.merge("error"=>"everything's down") }
+          it 'appends (failed with...) statement' do
+            expect { invoke }.to write(" (failed with everything's down)")
+          end
+        end
+        describe "if :error is empty" do
+          it 'does not print "failed with" statement' do
+            expect { invoke }.not_to write(" (failed with ")
+          end
+        end
+        
+      end       
+
+      describe "(unknown kind:action)" do
+        let(:test_event) { default_audit_event }
+        it_behaves_like "it supports standard prefix:" 
+        it_behaves_like "it recognizes error messages:"
+        it "prints 'unknown event: <kind>:<action>'" do
+          expect { invoke }.to write(" unknown event: some_asset:some_action!")
+        end
+      end
+
+      describe "(resource:check)" do
+        let(:test_event) { default_audit_event.merge("kind"=>"resource",
+                                                      "action"=>"check", 
+                                                      "privilege"=>"fry", 
+                                                      "resource"=>"food:bacon",
+                                                      "allowed" => "false" 
+                                                     ) 
+                          }
+        it_behaves_like "it supports standard prefix:" 
+        it_behaves_like "it recognizes error messages:"
+        it "prints 'checked that they...'" do
+          expect { invoke }.to write(" checked that they can fry food:bacon (false)")
+        end
+      
+      end
+
+      describe "(resource:create)" do
+        let(:test_event) { default_audit_event.merge("kind"=>"resource", "action" => "create",
+                                                      "resource" => "food:bacon", 
+                                                      "owner" => "user:cook" 
+                                                    ) 
+                         }
+        it_behaves_like "it supports standard prefix:" 
+        it_behaves_like "it recognizes error messages:"
+        it "prints 'created resource ... owned by ... '" do
+          expect { invoke }.to write(" created resource food:bacon owned by user:cook")
+        end
+      end
+
+      describe "(resource:update)" do
+        let(:test_event) { default_audit_event.merge("kind"=>"resource", "action" => "update",
+                                                      "resource" => "food:bacon", 
+                                                      "owner" => "user:cook" 
+                                                    ) 
+                         }
+        it_behaves_like "it supports standard prefix:" 
+        it_behaves_like "it recognizes error messages:"
+        it "prints 'gave .. to .. '" do
+          expect { invoke }.to write(" gave food:bacon to user:cook")
+        end
+      end
+ 
+      describe "(resource:destroy)" do
+        let(:test_event) { default_audit_event.merge("kind"=>"resource", "action" => "destroy",
+                                                      "resource" => "food:bacon"
+                                                    ) 
+                         }
+        it_behaves_like "it supports standard prefix:" 
+        it_behaves_like "it recognizes error messages:"
+        it "prints 'destroyed resource ... '" do
+          expect { invoke }.to write(" destroyed resource food:bacon")
+        end
+      end
+      
+      describe "(resource:permit)" do
+        let(:test_event) { default_audit_event.merge("kind"=>"resource", "action" => "permit",
+                                                     "resource" => "food:bacon",
+                                                     "privilege" => "fry",
+                                                     "grantee" => "user:cook"
+                                                    ) 
+                         }
+        it_behaves_like "it supports standard prefix:" 
+        it_behaves_like "it recognizes error messages:"
+        it "prints 'permitted .. to .. (grant option: .. ) '" do
+          expect { invoke }.to write(" permitted user:cook to fry food:bacon (grant option: false)")
+        end
+      end
+      
+      describe "(resource:deny)" do
+        let(:test_event) { default_audit_event.merge("kind"=>"resource", "action" => "deny",
+                                                     "resource" => "food:bacon",
+                                                     "privilege" => "fry",
+                                                     "grantee" => "user:cook"
+                                                    ) 
+                         }
+        it_behaves_like "it supports standard prefix:" 
+        it_behaves_like "it recognizes error messages:"
+        it "prints 'denied .. from .. on ..'" do
+          expect { invoke }.to write(" denied fry from user:cook on food:bacon")
+        end
+      end
+
+      describe "(resource:permitted_roles)" do
+        let(:test_event) { default_audit_event.merge("kind"=>"resource", "action" => "permitted_roles",
+                                                     "resource" => "food:bacon",
+                                                     "privilege" => "fry"
+                                                    ) 
+                         }
+        it_behaves_like "it supports standard prefix:" 
+        it_behaves_like "it recognizes error messages:"
+        it "prints 'listed roles permitted to .. on ..'" do
+          expect { invoke }.to write(" listed roles permitted to fry on food:bacon")
+        end
+      end
+
+      describe "(role:check)" do
+        let(:options_set) { 
+          {
+             "kind"=>"role", "action" => "check",
+             "resource" => "food:bacon",
+             "privilege" => "fry",
+             "allowed" => "false"
+          }
+        }
+        describe 'on themselves' do
+          let(:test_event) { default_audit_event.merge(options_set).merge("role" => default_audit_event["user"]) }
+          it_behaves_like "it supports standard prefix:" 
+          it_behaves_like "it recognizes error messages:"
+          it "prints 'checked that they...'" do
+            expect { invoke }.to write(" checked that they can fry food:bacon (false)")
+          end
+        end
+        describe 'on others' do
+          let(:test_event) { default_audit_event.merge(options_set).merge("role" => "some:other:guy") }
+          it_behaves_like "it supports standard prefix:" 
+          it_behaves_like "it recognizes error messages:"
+          it "prints 'checked that they...'" do
+            expect { invoke }.to write(" checked that some:other:guy can fry food:bacon (false)")
+          end
+        end
+      end
+
+      describe "(role:grant)" do
+        let(:options_set) { 
+          {
+             "kind"=>"role", "action" => "grant",
+             "member" => "other:guy",
+             "role" => "super:user"
+          }
+        }
+        describe 'without admin option' do
+          let(:test_event) { default_audit_event.merge(options_set) }
+          it_behaves_like "it supports standard prefix:" 
+          it_behaves_like "it recognizes error messages:"
+          it "prints 'granted role .. to .. without admin'" do
+            expect { invoke }.to write(" granted role super:user to other:guy without admin")
+          end
+        end
+        describe 'with admin option' do
+          let(:test_event) { default_audit_event.merge(options_set).merge("admin_option" => true) }
+          it_behaves_like "it supports standard prefix:" 
+          it_behaves_like "it recognizes error messages:"
+          it "prints 'granted role .. to .. with admin'" do
+            expect { invoke }.to write(" granted role super:user to other:guy with admin")
+          end
+        end
+      end
+    
+      describe "(role:revoke)" do
+        let(:test_event) { default_audit_event.merge("kind"=>"role", "action" => "revoke",
+                                                     "role" => "super:user",
+                                                     "member" => "other:guy"
+                                                    ) 
+                         }
+        it_behaves_like "it supports standard prefix:" 
+        it_behaves_like "it recognizes error messages:"
+        it "prints 'revoked role .. from .." do
+          expect { invoke }.to write(" revoked role super:user from other:guy")
+        end
+      end
+
+      describe "(role:create)" do
+        let(:test_event) { default_audit_event.merge("kind"=>"role", "action" => "create",
+                                                     "role" => "super:user",
+                                                    ) 
+                         }
+        it_behaves_like "it supports standard prefix:" 
+        it_behaves_like "it recognizes error messages:"
+        it "prints 'created role .. " do
+          expect { invoke }.to write(" created role super:user")
+        end
+      end
+    end
+  end
+
+  describe "limit and offset" do
+    let(:events) { (1 .. 5).map { |x| { event: x } } }
+    before {
+      api.stub(:audit_event_feed).and_yield(events)
+    }
+
+    describe_command "audit all" do 
+      it "prints all the elements" do
+        (expect { invoke }.to write).should ==  events.map {|e| JSON.pretty_generate(e)}.join("\n")+"\n"  
+      end
+    end
+
+    describe_command "audit all -l 2" do  
+      it "prints only <limit> elements" do
+        (expect { invoke }.to write).should ==  events[0..1].map {|e| JSON.pretty_generate(e)}.join("\n")+"\n"  
+      end
+    end
+
+    describe_command "audit all -o 2" do  
+      it "skips <offset> elements" do
+        (expect { invoke }.to write).should ==  events[2..4].map {|e| JSON.pretty_generate(e)}.join("\n")+"\n"   
+      end
+    end
+
+    describe_command "audit all -o 2 -l 2" do
+      it "skips <offset> elements and prints only <limit> of remaining part" do
+        (expect { invoke }.to write).should ==  events[2..3].map {|e| JSON.pretty_generate(e)}.join("\n")+"\n"
+      end
+    end
+
+  end
+
+end

data/spec/command/init_spec.rb

@@ -83,20 +83,21 @@ describe Conjur::Command::Init do
         expect { invoke }.to raise_error(GLI::CustomExit, /unable to retrieve certificate/i)
       end
     end
-    describe_command 'init -a the-account -h google.com' do
-      it "writes the config and cert" do
-        HighLine.any_instance.stub(:ask).and_return "yes"
-        File.should_receive(:open).twice
-        invoke
-      end
-    end
-    describe_command 'init -a the-account -h https://google.com' do
-      it "writes the config and cert" do
-        HighLine.any_instance.stub(:ask).and_return "yes"
-        File.should_receive(:open).twice
-        invoke
-      end
-    end
+    # KEG: These tests have a nasty habit of hanging
+#    describe_command 'init -a the-account -h google.com' do
+#      it "writes the config and cert" do
+#        HighLine.any_instance.stub(:ask).and_return "yes"
+#        File.should_receive(:open).twice
+#        invoke
+#      end
+#    end
+#    describe_command 'init -a the-account -h https://google.com' do
+#      it "writes the config and cert" do
+#        HighLine.any_instance.stub(:ask).and_return "yes"
+#        File.should_receive(:open).twice
+#        invoke
+#      end
+#    end
     describe_command 'init -a the-account -h localhost -c the-cert' do
       it "writes config and cert files" do
         File.should_receive(:open).twice
@@ -111,7 +112,8 @@ describe Conjur::Command::Init do
           expect(YAML.load(File.read(File.join(tmpdir, ".conjurrc")))).to eq({
             account: 'the-account',
             appliance_url: "https://localhost/api",
-            cert_file: "#{tmpdir}/conjur-the-account.pem"
+            cert_file: "#{tmpdir}/conjur-the-account.pem",
+            plugins: [],
           }.stringify_keys)
 
           File.read(File.join(tmpdir, "conjur-the-account.pem")).should == "the-cert\n"

data/spec/config_spec.rb

@@ -1,5 +1,6 @@
 require 'conjur/authn'
 require 'conjur/config'
+require 'conjur/command/rspec/output_matchers'
 
 describe Conjur::Config do
   after {
@@ -15,6 +16,7 @@ describe Conjur::Config do
       ENV['HOME'] = realhome
     end
 
+    let(:deprecation_warning) { "WARNING: .conjurrc file from current directory is used. This behaviour is deprecated. Use ENV['CONJURRC'] to explicitly define custom configuration file if needed" }
     context "when CONJURRC is not set" do
       around do |example|
         oldrc = ENV.delete 'CONJURRC'
@@ -22,7 +24,53 @@ describe Conjur::Config do
         ENV['CONJURRC'] = oldrc
       end
 
+      it { should include('/etc/conjur.conf') }
       it { should include('/home/isfake/.conjurrc') }
+      it { should include('.conjurrc') }
+      context "When .conjurrc is present" do
+        before { File.stub(:file?).with('.conjurrc').and_return true }
+        it "Issues a deprecation warning" do 
+          expect { subject }.to write(deprecation_warning).to(:stderr)
+        end
+      end 
+      context "When .conjurrc is missing" do
+        before { File.stub(:file?).with('.conjurrc').and_return false }
+        it "Does not issue a deprecation warning" do 
+          expect { subject }.to_not write(deprecation_warning).to(:stderr)
+        end
+      end
+    end
+
+    context "when CONJURRC is set" do
+      around do |example|
+        oldrc = ENV['CONJURRC']
+        ENV['CONJURRC']='stub_conjurrc'
+        example.run
+        ENV['CONJURRC'] = oldrc
+      end
+      it { should include('/etc/conjur.conf') }
+      it { should include('stub_conjurrc') }
+      it { should_not include('/home/isfake/.conjurrc') }
+      it { should_not include('.conjurrc') }
+      it "Does not issue a deprecation warning" do
+        expect { subject }.to_not write(deprecation_warning).to(:stderr)
+      end
+    end
+
+    context "when CONJURRC is set to .conjurrc" do
+      around do |example|
+        oldrc = ENV['CONJURRC']
+        ENV['CONJURRC']='.conjurrc'
+        example.run
+        ENV['CONJURRC'] = oldrc
+      end
+      before { File.stub(:file?).with('.conjurrc').and_return true }
+      it { should include('/etc/conjur.conf') }
+      it { should include('.conjurrc') }
+      it { should_not include('/home/isfake/.conjurrc') }
+      it "Does not issue a deprecation warning" do
+        expect { subject }.to_not write(deprecation_warning).to(:stderr)
+      end
     end
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-cli
 version: !ruby/object:Gem::Version
-  version: 4.10.3
+  version: 4.12.0
 platform: ruby
 authors:
 - Rafał Rzepecki
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-07-17 00:00:00.000000000 Z
+date: 2014-08-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -31,14 +31,14 @@ dependencies:
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
-        version: 4.9.1
+        version: 4.9.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
-        version: 4.9.1
+        version: 4.9.2
 - !ruby/object:Gem::Dependency
   name: gli
   requirement: !ruby/object:Gem::Requirement
@@ -255,6 +255,7 @@ files:
 - lib/conjur/command/pubkeys.rb
 - lib/conjur/command/resources.rb
 - lib/conjur/command/roles.rb
+- lib/conjur/command/rspec/audit_helpers.rb
 - lib/conjur/command/rspec/describe_command.rb
 - lib/conjur/command/rspec/helpers.rb
 - lib/conjur/command/rspec/mock_services.rb