Merge pull request #2618 from cyberark/fix-comparison

Handle annotation if given as string (host factory)

app/models/loader/types.rb

@@ -149,7 +149,7 @@ def future_api_key_auth_will_fail?
         # does not explicitly state the policy authors intentions with the
         # `authn/api-key` annotation with value true, then we should reject this until the annotation
         # is added to the policy object.
-        self.annotations&.[]("authn/api-key").nil? or self.annotations["authn/api-key"] == false
+        self.annotations&.[]("authn/api-key").nil? || self.annotations["authn/api-key"].to_s.casecmp?("false")
       end
 
       def verify

spec/models/host_factory_spec.rb

@@ -59,7 +59,7 @@
                       "host-01", 
                       host_factory.role,
                       host_factory.role.layers,
-                      {})
+                      defined?(options) ? options : {})
     }
     let(:create_host) { host_builder.create_host }
     let(:host) { create_host[0] }
@@ -88,5 +88,52 @@
         expect(host.role.memberships_as_member.map(&:role)).to eq(host_factory.role.layers)
       end
     end
+
+    describe 'verify create host given AUTHN_API_KEY config' do
+      context 'when CONJUR_AUTHN_API_KEY_DEFAULT is true' do
+        before do
+          allow(Rails.application.config.conjur_config).to receive(:authn_api_key_default).and_return(true)
+        end
+
+        context 'when creating host with api-key annotation true' do
+          let(:options) { {annotations: {'authn/api-key' => true}} }
+          it { expect { host_builder.create_host }.to_not raise_error }
+        end
+
+        context 'when creating host with api-key annotation false' do
+          let(:options) { {annotations: {'authn/api-key' => false}} }
+          it { expect { host_builder.create_host }.to_not raise_error }
+        end
+
+        context 'when creating host without api-key annotation' do
+          it { expect { host_builder.create_host }.to_not raise_error }
+        end
+      end
+
+      context 'when CONJUR_AUTHN_API_KEY_DEFAULT is false' do
+        before do
+          allow(Rails.application.config.conjur_config).to receive(:authn_api_key_default).and_return(false)
+        end
+
+        context 'when creating host with api-key annotation true' do
+          let(:options) { {annotations: {'authn/api-key' => true}} }
+          it { expect { host_builder.create_host }.to_not raise_error }
+        end
+
+        context 'when creating host with api-key annotation false' do
+          let(:options) { {annotations: {'authn/api-key' => false}} }
+          it { expect { host_builder.create_host }.to raise_error }
+        end
+
+        context 'when creating host with api-key annotation False capital' do
+          let(:options) { {annotations: {'authn/api-key' => "FALSE"}} }
+          it { expect { host_builder.create_host }.to raise_error }
+        end
+
+        context 'when creating host without api-key annotation' do
+          it { expect { host_builder.create_host }.to raise_error }
+        end
+      end
+     end
   end
 end

spec/models/loader/types.rb

@@ -99,8 +99,7 @@
   describe '.verify' do
     context 'when CONJUR_AUTHN_API_KEY_DEFAULT is true' do
       before do
-        allow(ENV).to receive(:[]).with('CONJUR_AUTHN_API_KEY_DEFAULT').and_return('true')
-        Rails.application.config.conjur_config.authn_api_key_default = true
+        allow(Rails.application.config.conjur_config).to receive(:authn_api_key_default).and_return(true)
       end
 
       context 'when creating host with api-key annotation true' do
@@ -124,8 +123,7 @@
 
     context 'when CONJUR_AUTHN_API_KEY_DEFAULT is false' do
       before do
-        allow(ENV).to receive(:[]).with('CONJUR_AUTHN_API_KEY_DEFAULT').and_return('false')
-        Rails.application.config.conjur_config.authn_api_key_default = false
+        allow(Rails.application.config.conjur_config).to receive(:authn_api_key_default).and_return(false)
       end
 
       context 'when creating host with api-key annotation true' do