cred_hubble 0.0.1.pre → 0.1.0.pre

data/spec/cred_hubble/http/client_spec.rb

@@ -1,5 +1,67 @@
 require 'spec_helper'
 
+RSpec.shared_examples 'a request with error handling' do
+  context 'when the response status is 400' do
+    let(:response_body) { 'Bad request' }
+    let(:status) { 400 }
+
+    it 'raises a CredHubble::Http::BadRequestError' do
+      expect { subject }
+        .to raise_error(CredHubble::Http::BadRequestError, "status: #{status}, body: #{response_body}")
+    end
+  end
+
+  context 'when the response status is 401' do
+    let(:response_body) { 'Unauthorized' }
+    let(:status) { 401 }
+
+    it 'raises a CredHubble::Http::UnauthorizedError' do
+      expect { subject }
+        .to raise_error(CredHubble::Http::UnauthorizedError, "status: #{status}, body: #{response_body}")
+    end
+  end
+
+  context 'when the response status is 403' do
+    let(:response_body) { 'Forbidden' }
+    let(:status) { 403 }
+
+    it 'raises a CredHubble::Http::ForbiddenError' do
+      expect { subject }
+        .to raise_error(CredHubble::Http::ForbiddenError, "status: #{status}, body: #{response_body}")
+    end
+  end
+
+  context 'when the response status is 404' do
+    let(:response_body) { 'Not found' }
+    let(:status) { 404 }
+
+    it 'raises a CredHubble::Http::NotFoundError' do
+      expect { subject }
+        .to raise_error(CredHubble::Http::NotFoundError, "status: #{status}, body: #{response_body}")
+    end
+  end
+
+  context 'when the response status is 500' do
+    let(:response_body) { 'Internal Server Error' }
+    let(:status) { 500 }
+
+    it 'raises a CredHubble::Http::InternalServerError' do
+      expect { subject }
+        .to raise_error(CredHubble::Http::InternalServerError, "status: #{status}, body: #{response_body}")
+    end
+  end
+
+  context 'when the response status is not otherwise handled' do
+    let(:response_body) { "I'm a teapot" }
+    let(:status) { 418 }
+
+    it 'raises a CredHubble::Http::InternalServerError' do
+      expect { subject }
+        .to raise_error(CredHubble::Http::UnknownError, "status: #{status}, body: #{response_body}")
+    end
+  end
+end
+
 RSpec.describe CredHubble::Http::Client do
   let(:url) { 'https://example.com:8845' }
   subject { CredHubble::Http::Client.new(url) }
@@ -30,98 +92,330 @@ RSpec.describe CredHubble::Http::Client do
       expect(response.status).to eq(status)
     end
 
-    context 'when a Faraday::SSLError occurrs' do
-      let(:error) { Faraday::SSLError.new('SSL_connect returned=1 errno=0 state=error: certificate verify failed') }
-      let(:fake_connection) { instance_double(Faraday::Connection) }
+    describe 'error handling' do
+      subject { CredHubble::Http::Client.new(url).get(path) }
+
+      context 'when a Faraday::SSLError occurs' do
+        let(:error) { Faraday::SSLError.new('SSL_connect returned=1 errno=0 state=error: certificate verify failed') }
+        let(:fake_connection) { instance_double(Faraday::Connection) }
+
+        before do
+          allow_any_instance_of(CredHubble::Http::Client).to receive(:connection).and_return(fake_connection)
+          allow(fake_connection).to receive(:get).and_raise(error)
+        end
 
-      before do
-        allow(subject).to receive(:connection).and_return(fake_connection)
-        allow(fake_connection).to receive(:get).and_raise(error)
+        it 'raises a CredHubble::Exceptions::SSLError' do
+          expect { subject }.to raise_error(CredHubble::Http::SSLError)
+        end
       end
 
-      it 'raises a CredHubble::Exceptions::SSLError' do
-        expect { subject.get(path) }.to raise_error(CredHubble::Http::SSLError)
+      it_behaves_like 'a request with error handling'
+    end
+
+    describe 'request headers' do
+      context 'when client is initialized with an auth_token_header' do
+        let(:token) { 'meesa-jar-jar-binks-token' }
+        subject { CredHubble::Http::Client.new(url, auth_header_token: token) }
+
+        it 'includes an Authorization header with the provided bearer token' do
+          subject.get(path)
+          assert_requested(
+            :get,
+            "#{url}#{path}",
+            headers: { 'Content-Type' => 'application/json', 'Authorization' => "bearer #{token}" }
+          )
+        end
       end
+
+      context 'when client is not initialized with an auth_token_header' do
+        subject { CredHubble::Http::Client.new(url) }
+
+        it 'does not include an authorization header' do
+          subject.get(path)
+          assert_requested(:get, "#{url}#{path}", headers: { 'Content-Type' => 'application/json' })
+        end
+      end
+    end
+  end
+
+  describe '#put' do
+    let(:path) { '/api/v1/data' }
+    let(:status) { 200 }
+    let(:request_body) do
+      '{
+        "name": "/la-la-land",
+        "type": "value",
+        "value": "another day of sun: purple shirt parkour"
+      }'
+    end
+    let(:response_body) do
+      '{
+        "id": "62630719-2413-4332-9e39-a8acbd73d3b7",
+        "name": "/la-la-land",
+        "type": "value",
+        "value": "another day of sun: purple shirt parkour",
+        "version_created_at": "2017-01-01T04:07:18Z"
+      }'
     end
 
-    context 'when the response status is 400' do
-      let(:response_body) { 'Bad request' }
-      let(:status) { 400 }
+    before do
+      stub_request(:put, "#{url}#{path}").with(body: request_body).to_return(status: status, body: response_body)
+    end
 
-      it 'raises a CredHubble::Http::BadRequestError' do
-        expect { subject.get(path) }
-          .to raise_error(CredHubble::Http::BadRequestError, "status: #{status}, body: #{response_body}")
+    it 'makes a PUT request with the given body to the requested url and path' do
+      response = subject.put(path, request_body)
+      expect(response).to be_a(Faraday::Response)
+      expect(response.body).to eq(response_body)
+      expect(response.status).to eq(status)
+    end
+
+    describe 'error handling' do
+      subject { CredHubble::Http::Client.new(url).put(path, request_body) }
+
+      context 'when a Faraday::SSLError occurs' do
+        let(:error) { Faraday::SSLError.new('SSL_connect returned=1 errno=0 state=error: certificate verify failed') }
+        let(:fake_connection) { instance_double(Faraday::Connection) }
+
+        before do
+          allow_any_instance_of(CredHubble::Http::Client).to receive(:connection).and_return(fake_connection)
+          allow(fake_connection).to receive(:put).and_raise(error)
+        end
+
+        it 'raises a CredHubble::Exceptions::SSLError' do
+          expect { subject }.to raise_error(CredHubble::Http::SSLError)
+        end
       end
+
+      it_behaves_like 'a request with error handling'
     end
 
-    context 'when the response status is 401' do
-      let(:response_body) { 'Unauthorized' }
-      let(:status) { 401 }
+    describe 'request headers' do
+      context 'when client is initialized with an auth_token_header' do
+        let(:token) { 'meesa-jar-jar-binks-token' }
+        subject { CredHubble::Http::Client.new(url, auth_header_token: token) }
 
-      it 'raises a CredHubble::Http::UnauthorizedError' do
-        expect { subject.get(path) }
-          .to raise_error(CredHubble::Http::UnauthorizedError, "status: #{status}, body: #{response_body}")
+        it 'includes an Authorization header with the provided bearer token' do
+          subject.put(path, request_body)
+          assert_requested(
+            :put,
+            "#{url}#{path}",
+            body: request_body,
+            headers: { 'Content-Type' => 'application/json', 'Authorization' => "bearer #{token}" }
+          )
+        end
       end
+
+      context 'when client is not initialized with an auth_token_header' do
+        subject { CredHubble::Http::Client.new(url) }
+
+        it 'does not include an authorization header' do
+          subject.put(path, request_body)
+          assert_requested(
+            :put,
+            "#{url}#{path}",
+            body: request_body,
+            headers: { 'Content-Type' => 'application/json' }
+          )
+        end
+      end
+    end
+  end
+
+  describe '#post' do
+    let(:path) { '/api/v1/data' }
+    let(:status) { 200 }
+    let(:request_body) do
+      '{
+        "name": "/ron-dunn",
+        "type": "value",
+        "value": "is that your name or are you telling me you\'re finished talking?"
+      }'
+    end
+    let(:response_body) do
+      '{
+        "id": "62630719-2413-4332-9e39-a8acbd73d3b7",
+        "name": "/ron-dunn",
+        "type": "value",
+        "value": "is that your name or are you telling me you\'re finished talking?",
+        "version_created_at": "2017-01-01T04:07:18Z"
+      }'
+    end
+
+    before do
+      stub_request(:post, "#{url}#{path}").with(body: request_body).to_return(status: status, body: response_body)
     end
 
-    context 'when the response status is 403' do
-      let(:response_body) { 'Forbidden' }
-      let(:status) { 403 }
+    it 'makes a POST request with the given body to the requested url and path' do
+      response = subject.post(path, request_body)
+      expect(response).to be_a(Faraday::Response)
+      expect(response.body).to eq(response_body)
+      expect(response.status).to eq(status)
+    end
+
+    describe 'error handling' do
+      subject { CredHubble::Http::Client.new(url).post(path, request_body) }
+
+      context 'when a Faraday::SSLError occurs' do
+        let(:error) { Faraday::SSLError.new('SSL_connect returned=1 errno=0 state=error: certificate verify failed') }
+        let(:fake_connection) { instance_double(Faraday::Connection) }
+
+        before do
+          allow_any_instance_of(CredHubble::Http::Client).to receive(:connection).and_return(fake_connection)
+          allow(fake_connection).to receive(:post).and_raise(error)
+        end
 
-      it 'raises a CredHubble::Http::ForbiddenError' do
-        expect { subject.get(path) }
-          .to raise_error(CredHubble::Http::ForbiddenError, "status: #{status}, body: #{response_body}")
+        it 'raises a CredHubble::Exceptions::SSLError' do
+          expect { subject }.to raise_error(CredHubble::Http::SSLError)
+        end
       end
+
+      it_behaves_like 'a request with error handling'
     end
 
-    context 'when the response status is 404' do
-      let(:response_body) { 'Not found' }
-      let(:status) { 404 }
+    describe 'request headers' do
+      context 'when client is initialized with an auth_token_header' do
+        let(:token) { 'meesa-jar-jar-binks-token' }
+        subject { CredHubble::Http::Client.new(url, auth_header_token: token) }
+
+        it 'includes an Authorization header with the provided bearer token' do
+          subject.post(path, request_body)
+          assert_requested(
+            :post,
+            "#{url}#{path}",
+            body: request_body,
+            headers: { 'Content-Type' => 'application/json', 'Authorization' => "bearer #{token}" }
+          )
+        end
+      end
+
+      context 'when client is not initialized with an auth_token_header' do
+        subject { CredHubble::Http::Client.new(url) }
 
-      it 'raises a CredHubble::Http::NotFoundError' do
-        expect { subject.get(path) }
-          .to raise_error(CredHubble::Http::NotFoundError, "status: #{status}, body: #{response_body}")
+        it 'does not include an authorization header' do
+          subject.post(path, request_body)
+          assert_requested(
+            :post,
+            "#{url}#{path}",
+            body: request_body,
+            headers: { 'Content-Type' => 'application/json' }
+          )
+        end
       end
     end
+  end
+
+  describe '#delete' do
+    let(:path) { '/data' }
+    let(:status) { 204 }
+    let(:response_body) { '' }
+
+    before do
+      stub_request(:delete, "#{url}#{path}").to_return(status: status, body: response_body)
+    end
 
-    context 'when the response status is 500' do
-      let(:response_body) { 'Internal Server Error' }
-      let(:status) { 500 }
+    it 'makes a GET request to the requested url and path' do
+      response = subject.delete(path)
+      expect(response).to be_a(Faraday::Response)
+      expect(response.body).to eq(response_body)
+      expect(response.status).to eq(status)
+    end
+
+    describe 'error handling' do
+      subject { CredHubble::Http::Client.new(url).delete(path) }
+
+      context 'when a Faraday::SSLError occurs' do
+        let(:error) { Faraday::SSLError.new('SSL_connect returned=1 errno=0 state=error: certificate verify failed') }
+        let(:fake_connection) { instance_double(Faraday::Connection) }
 
-      it 'raises a CredHubble::Http::InternalServerError' do
-        expect { subject.get(path) }
-          .to raise_error(CredHubble::Http::InternalServerError, "status: #{status}, body: #{response_body}")
+        before do
+          allow_any_instance_of(CredHubble::Http::Client).to receive(:connection).and_return(fake_connection)
+          allow(fake_connection).to receive(:delete).and_raise(error)
+        end
+
+        it 'raises a CredHubble::Exceptions::SSLError' do
+          expect { subject }.to raise_error(CredHubble::Http::SSLError)
+        end
       end
+
+      it_behaves_like 'a request with error handling'
     end
 
-    context 'when the response status is not otherwise handled' do
-      let(:response_body) { "I'm a teapot" }
-      let(:status) { 418 }
+    describe 'request headers' do
+      context 'when client is initialized with an auth_token_header' do
+        let(:token) { 'some-oauth2-bearer-token' }
+        subject { CredHubble::Http::Client.new(url, auth_header_token: token) }
+
+        it 'includes an Authorization header with the provided bearer token' do
+          subject.delete(path)
+          assert_requested(
+            :delete,
+            "#{url}#{path}",
+            headers: { 'Content-Type' => 'application/json', 'Authorization' => "bearer #{token}" }
+          )
+        end
+      end
+
+      context 'when client is not initialized with an auth_token_header' do
+        subject { CredHubble::Http::Client.new(url) }
 
-      it 'raises a CredHubble::Http::InternalServerError' do
-        expect { subject.get(path) }
-          .to raise_error(CredHubble::Http::UnknownError, "status: #{status}, body: #{response_body}")
+        it 'does not include an authorization header' do
+          subject.delete(path)
+          assert_requested(:delete, "#{url}#{path}", headers: { 'Content-Type' => 'application/json' })
+        end
       end
     end
   end
 
-  describe 'SSL verification' do
-    context 'when verify_ssl is not specified' do
+  describe 'SSL/TLS configuration' do
+    subject { CredHubble::Http::Client.new(url) }
+
+    it 'has ssl verification enabled' do
+      connection = subject.send(:connection)
+      expect(connection.ssl.verify).to eq(true)
+    end
+
+    context 'when a file path is not provided for the CredHub CA' do
       subject { CredHubble::Http::Client.new(url) }
 
-      it 'has ssl verification enabled by default' do
+      it 'does not include any additional CA certs' do
         connection = subject.send(:connection)
-        expect(connection.ssl.verify).to eq(true)
+        expect(connection.ssl.ca_file).to be_nil
       end
     end
 
-    # TODO: Remove ability to disable ssl verification
-    context 'when verify_ssl is set to false' do
-      subject { CredHubble::Http::Client.new(url, verify_ssl: false) }
+    context 'when a file path is provided for the CredHub CA' do
+      let(:ca_path) { '/custom/certstore/credhub_ca.crt' }
+      subject { CredHubble::Http::Client.new(url, ca_path: ca_path) }
 
-      it 'has ssl verification disabled' do
+      it 'includes the CA cert file path in the connection ssl config' do
         connection = subject.send(:connection)
-        expect(connection.ssl.verify).to eq(false)
+        expect(connection.ssl.ca_file).to eq(ca_path)
+      end
+    end
+
+    describe 'mutual TLS client cert and client key' do
+      let(:mock_cert) { instance_double(OpenSSL::X509::Certificate) }
+      let(:mock_key) { instance_double(OpenSSL::PKey::RSA) }
+
+      context 'when a client cert and client key are not provided' do
+        subject { CredHubble::Http::Client.new(url) }
+
+        it 'does not include any client cert or client key' do
+          connection = subject.send(:connection)
+          expect(connection.ssl.client_cert).to be_nil
+          expect(connection.ssl.client_key).to be_nil
+        end
+      end
+
+      context 'when a client cert and client key are provided for the CredHub CA' do
+        let(:ca_path) { '/custom/certstore/credhub_ca.crt' }
+        subject { CredHubble::Http::Client.new(url, client_cert: mock_cert, client_key: mock_key) }
+
+        it 'includes the cert file in the connection ssl config' do
+          connection = subject.send(:connection)
+          expect(connection.ssl.client_cert).to eq(mock_cert)
+          expect(connection.ssl.client_key).to eq(mock_key)
+        end
       end
     end
   end

data/spec/cred_hubble/resources/certificate_credential_spec.rb

@@ -0,0 +1,49 @@
+require 'spec_helper'
+
+RSpec.describe CredHubble::Resources::CertificateCredential do
+  let(:json_response) do
+    '{
+        "id": "15811465-8538-460d-9682-5514d44439fd",
+        "name": "/load-balancer-tls-cert",
+        "type": "certificate",
+        "value": {
+          "ca": "-----BEGIN CERTIFICATE-----\n... CA CERT ...\n-----END CERTIFICATE-----",
+          "certificate": "-----BEGIN CERTIFICATE-----\n... CERTIFICATE ...\n-----END CERTIFICATE-----",
+          "private_key": "-----BEGIN RSA PRIVATE KEY-----\n... RSA PRIVATE KEY ...\n-----END RSA PRIVATE KEY-----"
+        },
+        "version_created_at": "1990-05-18T01:01:01Z"
+      }'
+  end
+
+  describe '.from_json' do
+    subject { CredHubble::Resources::CertificateCredential }
+
+    context 'when the JSON includes the required attributes' do
+      it 'instantiates a new CertificateCredential object' do
+        credential = subject.from_json(json_response)
+
+        expect(credential).to be_a(CredHubble::Resources::CertificateCredential)
+        expect(credential.value.ca)
+          .to eq("-----BEGIN CERTIFICATE-----\n... CA CERT ...\n-----END CERTIFICATE-----")
+        expect(credential.value.certificate)
+          .to eq("-----BEGIN CERTIFICATE-----\n... CERTIFICATE ...\n-----END CERTIFICATE-----")
+        expect(credential.value.private_key)
+          .to eq("-----BEGIN RSA PRIVATE KEY-----\n... RSA PRIVATE KEY ...\n-----END RSA PRIVATE KEY-----")
+      end
+    end
+
+    it_behaves_like 'a Credential resource'
+    it_behaves_like 'a JSON deserializing resource'
+  end
+
+  describe '#type' do
+    it 'returns "certificate"' do
+      subject.type = 'attempting-to-overwrite'
+      expect(subject.type).to eq('certificate')
+    end
+  end
+
+  describe '#to_json' do
+    it_behaves_like 'a JSON serializing resource'
+  end
+end