Move Conjur Cloud regex to module level, more test improvements

Author: gl-johnson

CHANGELOG.md

@@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ## [0.1.9] - 2025-12-31
 
 ### Added
-- Support dry_run parameter for policy load methods. (CNJR-11338)
+- Support dry_run parameter for policy load methods, based on [PR #51](https://github.com/cyberark/conjur-api-python/pull/51). (CNJR-11338)
 
 ## [0.1.8] - 2025-11-07
 

conjur_api/client.py

@@ -30,6 +30,25 @@
 
 logger = logging.getLogger(__name__)
 
+# List of possible Secrets Manager SaaS URL suffixes
+_CONJUR_CLOUD_SUFFIXES = [
+    ".cyberark.cloud",
+    ".integration-cyberark.cloud",
+    ".test-cyberark.cloud",
+    ".dev-cyberark.cloud",
+    ".cyberark-everest-integdev.cloud",
+    ".cyberark-everest-pre-prod.cloud",
+    ".sandbox-cyberark.cloud",
+    ".pt-cyberark.cloud",
+]
+
+# Build regex pattern: (\\.secretsmgr|-secretsmanager) followed by one of the suffixes
+_SUFFIXES_PATTERN = "|".join(re.escape(suffix) for suffix in _CONJUR_CLOUD_SUFFIXES)
+_CONJUR_CLOUD_REGEXP = re.compile(
+    rf"(\.secretsmgr|-secretsmanager)({_SUFFIXES_PATTERN})",
+    re.IGNORECASE
+)
+
 @allow_sync_invocation()
 # pylint: disable=too-many-public-methods
 class Client:
@@ -42,7 +61,8 @@ class Client:
     try:
         integration_version = version("conjur_api")
     except PackageNotFoundError:
-        integration_version = '0.0.dev'
+        # setuptools defaults to "0.0.dev0" (PEP 440), so we use a default version that adheres to that for testing purposes
+        integration_version = '0.0.dev0'
     integration_type = 'cybr-secretsmanager'
     vendor_name = 'CyberArk'
     vendor_version = None
@@ -379,24 +399,7 @@ def _is_conjur_cloud_url(self, url: str) -> bool:
         if not url:
             return False
 
-        # ConjurCloudSuffixes - all possible Secrets Manager SaaS URL suffixes
-        conjur_cloud_suffixes = [
-            ".cyberark.cloud",
-            ".integration-cyberark.cloud",
-            ".test-cyberark.cloud",
-            ".dev-cyberark.cloud",
-            ".cyberark-everest-integdev.cloud",
-            ".cyberark-everest-pre-prod.cloud",
-            ".sandbox-cyberark.cloud",
-            ".pt-cyberark.cloud",
-        ]
-
-        # Build regex pattern: (\\.secretsmgr|-secretsmanager) followed by one of the suffixes
-        suffixes_pattern = "|".join(re.escape(suffix) for suffix in conjur_cloud_suffixes)
-        pattern = rf"(\.secretsmgr|-secretsmanager)({suffixes_pattern})"
-
-        conjur_cloud_regexp = re.compile(pattern, re.IGNORECASE)
-        return bool(conjur_cloud_regexp.search(url))
+        return bool(_CONJUR_CLOUD_REGEXP.search(url))
 
     async def server_version(self) -> str:
         """

tests/https/test_unit_client.py

@@ -503,6 +503,12 @@ def test_is_version_less_than_less_than(self):
         self.assertTrue(self.client._is_version_less_than("1.20.1", "1.21.1"))
         self.assertTrue(self.client._is_version_less_than("1.21.1", "2.0.0"))
 
+    def test_is_version_less_than_with_suffix(self):
+        """Test version comparison with build suffixes"""
+        self.assertTrue(self.client._is_version_less_than("1.21.0-12345", "1.21.1"))
+        self.assertFalse(self.client._is_version_less_than("1.21.1-12345", "1.21.1"))
+        self.assertFalse(self.client._is_version_less_than("1.21.2-12345", "1.21.1"))
+
     def test_is_conjur_cloud_url_secretsmgr(self):
         """Test Conjur Cloud URL detection with .secretsmgr pattern"""
         self.assertTrue(self.client._is_conjur_cloud_url("https://example.secretsmgr.cyberark.cloud"))

tests/https/test_unit_http.py

@@ -56,7 +56,7 @@ async def test_invoke_endpoint_can_invoke_http_client(self, mock_request):
             await invoke_endpoint(HttpVerb.GET, self.MockEndpoint.NO_PARAMS, {})
 
             mock_create_ssl_context.assert_called_once_with()
-            mock_request.assert_called_once_with('GET', 'no/params', auth=None, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldiZ2bj1DeWJlckFyaw'}, data='', ssl=ssl_context,
+            mock_request.assert_called_once_with('GET', 'no/params', auth=None, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldjAmdm49Q3liZXJBcms'}, data='', ssl=ssl_context,
                                                  params=None, proxy=None)
 
     @patch('aiohttp.ClientSession.request')
@@ -67,7 +67,7 @@ async def test_invoke_endpoint_can_handle_unset_params(self, mock_request):
             await invoke_endpoint(HttpVerb.GET, self.MockEndpoint.NO_PARAMS, None)
 
             mock_create_ssl_context.assert_called_once_with()
-            mock_request.assert_called_once_with('GET', 'no/params', auth=None, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldiZ2bj1DeWJlckFyaw'}, data='', ssl=ssl_context,
+            mock_request.assert_called_once_with('GET', 'no/params', auth=None, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldjAmdm49Q3liZXJBcms'}, data='', ssl=ssl_context,
                                                  params=None, proxy=None)
 
     @patch('aiohttp.ClientSession.request')
@@ -77,15 +77,15 @@ async def test_invoke_endpoint_uses_http_verb_for_method_name(self, mock_request
             mock_request.return_value = MockResponse('', 200)
             await invoke_endpoint(HttpVerb.GET, self.MockEndpoint.NO_PARAMS, {})
             mock_create_ssl_context.assert_called_with()
-            mock_request.assert_called_with('GET', 'no/params', auth=None, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldiZ2bj1DeWJlckFyaw'}, data='', ssl=ssl_context,
+            mock_request.assert_called_with('GET', 'no/params', auth=None, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldjAmdm49Q3liZXJBcms'}, data='', ssl=ssl_context,
                                             params=None, proxy=None)
 
             await invoke_endpoint(HttpVerb.POST, self.MockEndpoint.NO_PARAMS, {})
-            mock_request.assert_called_with('POST', 'no/params', auth=None, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldiZ2bj1DeWJlckFyaw'}, data='', ssl=ssl_context,
+            mock_request.assert_called_with('POST', 'no/params', auth=None, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldjAmdm49Q3liZXJBcms'}, data='', ssl=ssl_context,
                                             params=None, proxy=None)
 
             await invoke_endpoint(HttpVerb.DELETE, self.MockEndpoint.NO_PARAMS, {})
-            mock_request.assert_called_with('DELETE', 'no/params', auth=None, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldiZ2bj1DeWJlckFyaw'}, data='', ssl=ssl_context,
+            mock_request.assert_called_with('DELETE', 'no/params', auth=None, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldjAmdm49Q3liZXJBcms'}, data='', ssl=ssl_context,
                                             params=None, proxy=None)
 
     @patch('aiohttp.ClientSession.request')
@@ -96,7 +96,7 @@ async def test_invoke_endpoint_generates_url_from_endpoint_object(self, mock_req
             await invoke_endpoint(HttpVerb.GET, self.MockEndpoint.WITH_URL, {'url': 'http://host'})
 
             mock_create_ssl_context.assert_called_once_with()
-            mock_request.assert_called_once_with('GET', 'http://host/no/params', auth=None, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldiZ2bj1DeWJlckFyaw'}, data='',
+            mock_request.assert_called_once_with('GET', 'http://host/no/params', auth=None, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldjAmdm49Q3liZXJBcms'}, data='',
                                                  ssl=ssl_context, params=None, proxy=None)
 
     @patch('aiohttp.ClientSession.request')
@@ -108,7 +108,7 @@ async def test_invoke_endpoint_attaches_api_token_header_if_present_in_params(se
 
             mock_create_ssl_context.assert_called_once_with()
             mock_request.assert_called_once_with('GET', 'no/params', auth=None, data='', ssl=ssl_context,
-                                                 headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldiZ2bj1DeWJlckFyaw','Authorization': 'Token token="dG9rZW4="'}, params=None,
+                                                 headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldjAmdm49Q3liZXJBcms','Authorization': 'Token token="dG9rZW4="'}, params=None,
                                                  proxy=None)
 
     @patch('aiohttp.ClientSession.request')
@@ -119,7 +119,7 @@ async def test_invoke_endpoint_verifies_ssl_by_default(self, mock_request):
             await invoke_endpoint(HttpVerb.GET, self.MockEndpoint.NO_PARAMS, None)
 
             mock_create_ssl_context.assert_called_once_with()
-            mock_request.assert_called_once_with('GET', 'no/params', auth=None, data='', ssl=ssl_context, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldiZ2bj1DeWJlckFyaw'},
+            mock_request.assert_called_once_with('GET', 'no/params', auth=None, data='', ssl=ssl_context, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldjAmdm49Q3liZXJBcms'},
                                                  params=None, proxy=None)
 
     @patch('aiohttp.ClientSession.request')
@@ -131,7 +131,7 @@ async def test_invoke_endpoint_ssl_verify_param_defaults_to_true_to_http_client(
                                         ssl_verification_metadata=create_ssl_verification_metadata())
 
             mock_create_ssl_context.assert_called_once_with()
-            mock_request.assert_called_once_with('GET', 'no/params', auth=None, data='', ssl=ssl_context, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldiZ2bj1DeWJlckFyaw'},
+            mock_request.assert_called_once_with('GET', 'no/params', auth=None, data='', ssl=ssl_context, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldjAmdm49Q3liZXJBcms'},
                                                  params=None, proxy=None)
 
     @patch('aiohttp.ClientSession.request')
@@ -148,7 +148,7 @@ async def test_invoke_endpoint_raises_hostname_mismatch_error(self, mock_request
 
             ssl_context_calls = [call(cafile='foo')]
             mock_create_ssl_context.assert_has_calls(ssl_context_calls)
-            mock_request.assert_called_with('GET', 'no/params', auth=None, data='', ssl=ssl_context, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldiZ2bj1DeWJlckFyaw'},
+            mock_request.assert_called_with('GET', 'no/params', auth=None, data='', ssl=ssl_context, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldjAmdm49Q3liZXJBcms'},
                                             params=None, proxy=None)
 
     @patch('aiohttp.ClientSession.request')
@@ -160,7 +160,7 @@ async def test_invoke_endpoint_passes_auth_param_to_http_client_if_provided(self
 
             mock_create_ssl_context.assert_called_once_with()
             mock_request.assert_called_once_with('GET', 'no/params', auth=BasicAuth('foo', 'bar'), data='',
-                                                 ssl=ssl_context, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldiZ2bj1DeWJlckFyaw'}, params=None, proxy=None)
+                                                 ssl=ssl_context, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldjAmdm49Q3liZXJBcms'}, params=None, proxy=None)
 
     @patch('aiohttp.ClientSession.request')
     async def test_invoke_endpoint_passes_extra_args_to_http_client(self, mock_request):
@@ -171,7 +171,7 @@ async def test_invoke_endpoint_passes_extra_args_to_http_client(self, mock_reque
 
             mock_create_ssl_context.assert_called_once_with()
             mock_request.assert_called_once_with('GET', 'no/params', auth=None, data='ab', ssl=ssl_context,
-                                                 headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldiZ2bj1DeWJlckFyaw'}, params=None, proxy=None)
+                                                 headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldjAmdm49Q3liZXJBcms'}, params=None, proxy=None)
 
     @patch('aiohttp.ClientSession.request')
     async def test_invoke_endpoint_passes_query_param(self, mock_request):
@@ -186,7 +186,7 @@ async def test_invoke_endpoint_passes_query_param(self, mock_request):
 
             mock_create_ssl_context.assert_called_once_with()
             mock_request.assert_called_once_with('GET', 'no/params', auth=None, data='ab', ssl=ssl_context,
-                                                 headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldiZ2bj1DeWJlckFyaw'}, params=query, proxy=None)
+                                                 headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldjAmdm49Q3liZXJBcms'}, params=query, proxy=None)
 
     @patch('aiohttp.ClientSession.request')
     async def test_invoke_endpoint_passes_proxy_param(self, mock_request):
@@ -198,7 +198,7 @@ async def test_invoke_endpoint_passes_proxy_param(self, mock_request):
 
             mock_create_ssl_context.assert_called_once_with()
             mock_request.assert_called_once_with('GET', 'no/params', auth=None, data='ab', ssl=ssl_context,
-                                                 headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldiZ2bj1DeWJlckFyaw'}, params=None, proxy='proxy.com')
+                                                 headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldjAmdm49Q3liZXJBcms'}, params=None, proxy='proxy.com')
 
     @patch('aiohttp.ClientSession.request')
     async def test_invoke_endpoint_quotes_all_params_except_url(self, mock_request):
@@ -211,7 +211,7 @@ async def test_invoke_endpoint_quotes_all_params_except_url(self, mock_request):
             quoted_endpoint = '/'.join([self.UNESCAPED_PARAMS['url']] + self.ESCAPED_PARAMS)
             mock_create_ssl_context.assert_called_once_with()
             mock_request.assert_called_once_with('GET', quoted_endpoint, data='$#\\% ^%', auth=None,
-                                                 ssl=ssl_context, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldiZ2bj1DeWJlckFyaw'}, params=None, proxy=None)
+                                                 ssl=ssl_context, headers={'x-cybr-telemetry': 'aW49U2VjcmV0c01hbmFnZXJQeXRob24gU0RLJml0PWN5YnItc2VjcmV0c21hbmFnZXImaXY9MC4wLmRldjAmdm49Q3liZXJBcms'}, params=None, proxy=None)
 
     @patch('aiohttp.ClientSession.request')
     async def test_invoke_endpoint_raises_error_if_bad_status_code_is_returned(self, mock_request):