spec/lib/api_spec.rb in conjur-api-2.7.1 vs spec/lib/api_spec.rb in conjur-api-4.1.1
- old
+ new
@@ -33,26 +33,85 @@
end
end
end
describe Conjur::API do
- context "parse_role_id" do
- subject { Conjur::API }
- specify {
- Conjur::Core::API.should_receive(:conjur_account).and_return 'ci'
- subject.parse_role_id('foo:bar').should == [ 'ci', 'roles', 'foo', 'bar' ]
- }
- specify {
- subject.parse_role_id('biz:foo:bar').should == [ 'biz', 'roles', 'foo', 'bar' ]
- }
- specify {
- subject.parse_role_id('biz:foo:bar/12').should == [ 'biz', 'roles', 'foo', 'bar/12' ]
- }
- specify {
- subject.parse_role_id('biz:foo:bar:12').should == [ 'biz', 'roles', 'foo', 'bar:12' ]
- }
+ describe "provides functions for id parsing" do
+ describe "#parse_id(id, kind)" do
+ subject { Conjur::API }
+ let (:kind) { "sample-kind" }
+
+ it "fails on non-string ids" do
+ expect { subject.parse_id({}, kind) }.to raise_error
+ end
+
+ it "fails on malformed ids (<2 tokens)" do
+ expect { subject.parse_id("foo", kind) }.to raise_error
+ expect { subject.parse_id("", kind) }.to raise_error
+ expect { subject.parse_id(nil, kind) }.to raise_error
+ end
+
+ describe "returns array of [account, kind, subkind, id]" do
+ subject { Conjur::API.parse_id(id, kind) }
+ def escaped smth ; Conjur::API.path_escape(smth) ; end
+
+ context "for short id (2 tokens)" do
+ let(:id) { "token#1:token#2" }
+ let(:current_account) { "current_account" }
+ before(:each) { Conjur::Core::API.stub(:conjur_account).and_return current_account }
+
+ it "account: current account" do
+ subject[0].should == current_account
+ end
+
+ it "kind: passed kind" do
+ subject[1].should == kind
+ end
+
+ it "subkind: token #1 (escaped)" do
+ subject[2].should == escaped("token#1")
+ end
+
+ it "id: token #2 (escaped)" do
+ subject[3].should == escaped("token#2")
+ end
+ end
+
+ context "for long ids (3+ tokens)" do
+ let(:id) { "token#1:token#2:token#3:token#4" }
+ it "account: token #1 (escaped)" do
+ subject[0].should == escaped("token#1")
+ end
+
+ it "kind: passed kind" do
+ subject[1].should == kind
+ end
+ it "subkind: token #2 (escaped)" do
+ subject[2].should == escaped("token#2")
+ end
+ it "id: tail of id starting from token#3" do
+ subject[3].should == escaped("token#3:token#4")
+ end
+ end
+
+ end
+ end
+ describe "wrapper functions" do
+ let(:result) { [:account,:kind,:id] }
+ let(:id) { :input_id }
+
+ it "#parse_role_id(id): calls parse_id(id, 'roles') and returns result" do
+ Conjur::API.should_receive(:parse_id).with(id, 'roles').and_return(result)
+ Conjur::API.parse_role_id(id).should == result
+ end
+ it "#parse_resource_id(id): calls parse_id(id, 'resources') and returns result" do
+ Conjur::API.should_receive(:parse_id).with(id, 'resources').and_return(result)
+ Conjur::API.parse_resource_id(id).should == result
+ end
+ end
end
+
context "host construction" do
context "of authn service" do
let(:port_offset) { 0 }
let(:api) { Conjur::Authn::API }
it_should_behave_like "API endpoint"
@@ -65,31 +124,44 @@
before {
Conjur.stub(:account).and_return 'ci'
}
context "in stage" do
before(:each) do
+ # Looks at "ENV['CONJUR_STACK']" first, stub this out
+ ENV.stub(:[]).with('CONJUR_STACK').and_return nil
Conjur.stub(:env).and_return "stage"
end
its "default_host" do
should == "https://authz-stage-conjur.herokuapp.com"
end
end
context "in ci" do
before(:each) do
+ # Looks at "ENV['CONJUR_STACK']" first, stub this out
+ ENV.stub(:[]).with('CONJUR_STACK').and_return nil
Conjur.stub(:env).and_return "ci"
end
its "default_host" do
should == "https://authz-ci-conjur.herokuapp.com"
end
end
+ context "when ENV['CONJUR_STACK'] is set to 'v12'" do
+ before do
+ ENV.stub(:[]).and_call_original
+ ENV.stub(:[]).with('CONJUR_STACK').and_return 'v12'
+ # If the "real" env is used ('test') then the URL is always localhost:<someport>
+ Conjur.stub(:env).and_return "ci"
+ end
+ its(:default_host){ should == "https://authz-v12-conjur.herokuapp.com"}
+ end
end
context "in production" do
before(:each) do
Conjur.stub(:env).and_return "production"
end
its "default_host" do
- should == "https://authz-v3-conjur.herokuapp.com"
+ should == "https://authz-v4-conjur.herokuapp.com"
end
end
context "in named production version" do
before(:each) do
Conjur.stub(:env).and_return "production"
@@ -140,10 +212,10 @@
it "returns a user role when username is plain" do
api.role_from_username("plain-username").roleid.should == "#{account}:user:plain-username"
end
it "returns an appropriate role kind when username is qualified" do
- api.role_from_username("host/foobar").roleid.should == "#{account}:host:foobar"
+ api.role_from_username("host/foo/bar").roleid.should == "#{account}:host:foo/bar"
end
end
describe "#current_role", logged_in: true do
context "when logged in as user" do