cased-ruby 0.4.2 → 0.4.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f866d60b9da3d895469686a8510dc93a0bf2ec80b45c8b0d0c2af912233b5849
-  data.tar.gz: bca2f7aff437b0b739a5784b0d598171c5e61c6491ee4bf408fc3718f4a649a1
+  metadata.gz: 4592facfed9641c5f262e1c82905e77b8ba687cf3a32e056688a7521573ea3ca
+  data.tar.gz: bb5c406b6423b618a0ad9c6356fcfe4e67cfce24c80fc97951aea1cbb846f138
 SHA512:
-  metadata.gz: 6fad8ffa2d18d75001a72cd6a861658e5b8e02c11d6ede6f7df320ec420424db372bbbd06f8e3b57425a96f0d684513144a863b6f5a65d7c0301a3fcc15159fc
-  data.tar.gz: d51546813623b1a5196dbf7bc393581e75ad347522909a45c09bd9ae3e3e620341f905670c71e206f2b12ba405cdb8e589b2c35e2ec7b0cae34b6cb192183a35
+  metadata.gz: 86d308c4698823a52959e7fcd32f62c4d023539162fea109d4c893f524e43bb57a845140a21a8177c2e2c1c0fbde5e58832ec8637383b4ea76db0e6f49605ad5
+  data.tar.gz: fe135b92df5a2987e01f2b8272af7b45479bc59ea9a73c35c246602c4ffe7b0e42bd766049b4867d574c14113b5fb83ff515f9e1ad62027a4a1aa347e0a1eb87

data/.github/workflows/ruby.yml

@@ -28,19 +28,3 @@ jobs:
       - name: Run Tests
         run: |
           bundle exec rake test
-
-      - name: Generate yard documentation
-        run: |
-          bundle exec yard
-
-      - name: Upload test coverage report
-        uses: actions/upload-artifact@v2
-        with:
-          name: coverage
-          path: coverage/**/*
-
-      - name: Upload generated yard documentation
-        uses: actions/upload-artifact@v2
-        with:
-          name: yard
-          path: doc/**/*

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    cased-ruby (0.4.2)
+    cased-ruby (0.4.7)
       activesupport (~> 6)
       dotpath (= 0.1.0)
       faraday (~> 1.0)
@@ -14,7 +14,7 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (6.1.3)
+    activesupport (6.1.3.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -38,7 +38,7 @@ GEM
     faraday_middleware (1.0.0)
       faraday (~> 1.0)
     hashdiff (1.0.1)
-    i18n (1.8.9)
+    i18n (1.8.10)
       concurrent-ruby (~> 1.0)
     jaro_winkler (1.5.4)
     json (2.5.1)

data/README.md

@@ -9,6 +9,7 @@ A Cased client for Ruby applications in your organization to control and monitor
 - [Usage](#usage)
   - [Cased CLI](#cased-cli)
     - [Starting an approval workflow](#starting-an-approval-workflow)
+    - [Attaching metadata to all CLI requests](#attaching-metadata-to-all-cli-requests)
   - [Audit trails](#audit-trails)
     - [Publishing events to Cased](#publishing-events-to-cased)
     - [Retrieving events from a Cased audit trail](#retrieving-events-from-a-cased-audit-trail)
@@ -85,6 +86,17 @@ Cased.configure do |config|
 
   # CASED_HTTP_READ_TIMEOUT=10
   config.http_read_timeout = 10
+
+  # Attach metadata to all CLI requests. This metadata will appear in Cased and
+  # any notification source such as email or Slack.
+  #
+  # You are limited to 20 properties and cannot be a nested dictionary. Metadata
+  # specified in the CLI request overrides any configured globally.
+  config.cli.metadata = {
+    rails_env: ENV['RAILS_ENV'],
+    heroku_application: ENV['HEROKU_APP_NAME'],
+    git_commit: ENV['GIT_COMMIT'],
+  }
 end
 ```
 
@@ -135,7 +147,8 @@ end
 
 authentication = Cased::CLI::Authentication.new
 identity = Cased::CLI::Identity.new
-authentication.token = identity.identify
+token, ip_address = identity.identify
+authentication.token = token
 
 session = Cased::CLI::Session.new(
   authentication: authentication,
@@ -180,6 +193,27 @@ You no longer need to handle obtaining the user token or asking for a reason up
 front, `Cased::CLI::InteractiveSession` will prompt the user for any reason
 being required as necessary.
 
+#### Attaching metadata to all CLI requests
+
+While you can customize the metadata included for each CLI request, it may prove
+useful to specify metadata globally that will be included with each CLI request.
+Some useful information to include may be the current Rails environment, Heroku
+application, Git commit deployed, and more.
+
+Metadata is limited to 20 properties and cannot be a nested dictionary.
+
+```ruby
+Cased.configure do |config|
+  config.cli.metadata = {
+    rails_env: ENV['RAILS_ENV'],
+    heroku_application: ENV['HEROKU_APP_NAME'],
+    git_commit: ENV['GIT_COMMIT'],
+  }
+end
+```
+
+Note: Metadata specified in the CLI request overrides any configured globally.
+
 ### Audit trails
 
 #### Publishing events to Cased

data/lib/cased/cli/asciinema/file.rb

@@ -15,12 +15,17 @@ module Cased
         end
 
         def self.from_cast(cast)
+          return if cast.blank?
+
           stream = cast.split("\n").collect do |data|
             JSON.parse(data)
           end
           header = stream.shift
+          return unless header.is_a?(Hash)
 
           new(header, stream)
+        rescue JSON::ParserError
+          nil
         end
 
         # Required

data/lib/cased/cli/config.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Cased
+  module CLI
+    class Config
+      # @example
+      #   Cased.configure do |config|
+      #     config.cli.metadata = {
+      #       rails_env: ENV['RAILS_ENV'],
+      #       heroku_application: ENV['HEROKU_APP_NAME'],
+      #       git_commit: ENV['GIT_COMMIT'],
+      #     }
+      #   end
+      attr_accessor :metadata
+
+      def initialize
+        @metadata = {}
+      end
+    end
+  end
+end

data/lib/cased/cli/identity.rb

@@ -23,15 +23,20 @@ module Cased
       def poll(poll_url)
         count = 0
         user_id = nil
+        ip_address = nil
 
         while user_id.nil?
           count += 1
           response = Cased.clients.cli.get(poll_url)
-          user_id = response.body.dig('user', 'id')
-          sleep 1 if user_id.nil?
+          if response.success?
+            user_id = response.body.dig('user', 'id')
+            ip_address = response.body.fetch('ip_address')
+          else
+            sleep 1
+          end
         end
 
-        user_id
+        [user_id, ip_address]
       end
     end
   end

data/lib/cased/cli/interactive_session.rb

@@ -30,8 +30,31 @@ module Cased
       end
 
       def create
+        signal_handler = Signal.trap('SIGINT') do
+          if session.requested?
+            Cased::CLI::Log.log 'Exiting and canceling request…'
+            session.cancel
+            exit 0
+          elsif signal_handler.respond_to?(:call)
+            # We need to call the original handler if we exit this interactive
+            # session successfully
+            signal_handler.call
+          else
+            raise Interrupt
+          end
+        end
+
         if session.create
           handle_state(session.state)
+        elsif session.reauthenticate?
+          Cased::CLI::Log.log "You must re-authenticate with Cased due to recent changes to this application's settings."
+
+          identity = Cased::CLI::Identity.new
+          token, ip_address = identity.identify
+          session.authentication.token = token
+          session.forwarded_ip_address = ip_address
+
+          create
         elsif session.unauthorized?
           if session.authentication.exists?
             Cased::CLI::Log.log "Existing credentials at #{session.authentication.credentials_path} are not valid."
@@ -40,7 +63,9 @@ module Cased
           end
 
           identity = Cased::CLI::Identity.new
-          session.authentication.token = identity.identify
+          token, ip_address = identity.identify
+          session.authentication.token = token
+          session.forwarded_ip_address = ip_address
 
           create
         elsif session.reason_required?
@@ -61,22 +86,36 @@ module Cased
       end
 
       def wait_for_approval
+        sleep 1
         session.refresh && handle_state(session.state)
       end
 
+      def waiting_for_approval_message
+        return if defined?(@waiting_for_approval_message_displayed)
+
+        motd = session.guard_application.dig('settings', 'message_of_the_day')
+        waiting_message = motd.blank? ? 'Approval request sent…' : motd
+        Cased::CLI::Log.log "#{waiting_message} (id: #{session.id})"
+        @waiting_for_approval_message_displayed = true
+      end
+
       def handle_state(state)
         case state
         when 'approved'
           Cased::CLI::Log.log 'CLI session has been approved'
           session.record
         when 'requested'
+          waiting_for_approval_message
           wait_for_approval
         when 'denied'
           Cased::CLI::Log.log 'CLI session has been denied'
+          exit 1
         when 'timed_out'
           Cased::CLI::Log.log 'CLI session has timed out'
+          exit 1
         when 'canceled'
           Cased::CLI::Log.log 'CLI session has been canceled'
+          exit 0
         end
       end
     end

data/lib/cased/cli/log.rb

@@ -13,6 +13,8 @@ module Cased
 
       def self.log(text)
         puts string(text)
+      ensure
+        STDOUT.flush
       end
 
       def self.color(text, color, bold = false)

data/lib/cased/cli/session.rb

@@ -86,9 +86,17 @@ module Cased
       # @return [String, nil]
       attr_accessor :reason
 
+      # Public: The forwarded IP V4 or IP V6 address of the user that initiated
+      # the CLI session.
+      #
+      # @example
+      #   session.forwarded_ip_address #=> "1.1.1.1"
+      # @return [String, nil]
+      attr_accessor :forwarded_ip_address
+
       # Public: The client's IP V4 or IP V6 address that initiated the CLI session.
       # @example
-      #   session.reason #=> "1.1.1.1"
+      #   session.ip_address #=> "1.1.1.1"
       # @return [String, nil]
       attr_reader :ip_address
 
@@ -120,7 +128,7 @@ module Cased
         @authentication = authentication || Cased::CLI::Authentication.new
         @reason = reason
         @command = command || [$PROGRAM_NAME, *ARGV].join(' ')
-        @metadata = metadata
+        @metadata = Cased.config.cli.metadata.merge(metadata)
         @requester = {}
         @responder = {}
         @guard_application = {}
@@ -144,6 +152,7 @@ module Cased
         @command = session.fetch('command')
         @metadata = session.fetch('metadata')
         @reason = session.fetch('reason')
+        @forwarded_ip_address = session.fetch('forwarded_ip_address')
         @ip_address = session.fetch('ip_address')
         @requester = session.fetch('requester')
         @responded_at = session['responded_at']
@@ -175,7 +184,7 @@ module Cased
         return false unless api_url
 
         response = Cased.clients.cli.get(api_url, user_token: authentication.token)
-        self.session = response.body if response.success?
+        self.session = response.body
       end
 
       def error?
@@ -194,6 +203,10 @@ module Cased
         error == :unauthorized
       end
 
+      def reauthenticate?
+        error == :reauthenticate
+      end
+
       def record_output?
         guard_application.dig('settings', 'record_output') || false
       end
@@ -222,6 +235,7 @@ module Cased
 
         response = Cased.clients.cli.post('cli/sessions',
           user_token: authentication.token,
+          forwarded_ip_address: forwarded_ip_address,
           reason: reason,
           metadata: metadata,
           command: command)
@@ -233,6 +247,8 @@ module Cased
             @error = :reason_required
           when 'unauthorized'
             @error = :unauthorized
+          when 'reauthenticate'
+            @error = :reauthenticate
           else
             @error = true
             return false
@@ -244,7 +260,7 @@ module Cased
 
       def cancel
         response = Cased.clients.cli.post("#{api_url}/cancel", user_token: authentication.token)
-        self.session = response.body if response.success?
+        self.session = response.body
 
         canceled?
       end

data/lib/cased/config.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'cased/cli/config'
+
 module Cased
   class Config
     # The amount of time in seconds to allow the HTTP client to open a
@@ -149,6 +151,16 @@ module Cased
     #   end
     attr_writer :silence
 
+    # @example
+    #   Cased.configure do |config|
+    #     config.cli.metadata = {
+    #       rails_env: ENV['RAILS_ENV'],
+    #       heroku_application: ENV['HEROKU_APP_NAME'],
+    #       git_commit: ENV['GIT_COMMIT'],
+    #     }
+    #   end
+    attr_reader :cli
+
     def initialize
       @http_read_timeout = ENV.fetch('CASED_HTTP_READ_TIMEOUT', 10).to_i
       @http_open_timeout = ENV.fetch('CASED_HTTP_OPEN_TIMEOUT', 5).to_i
@@ -172,6 +184,7 @@ module Cased
           hash[normalized_key] = api_key if api_key
         end
       end
+      @cli = Cased::CLI::Config.new
     end
 
     # Policy keys are used to query for events from audit trails.

data/lib/cased/http/client.rb

@@ -20,8 +20,6 @@ module Cased
 
           conn.options.timeout = Cased.config.http_read_timeout
           conn.options.open_timeout = Cased.config.http_open_timeout
-
-          conn.adapter :net_http_persistent
         end
       end
 

data/lib/cased/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Cased
-  VERSION = '0.4.2'
+  VERSION = '0.4.7'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cased-ruby
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 0.4.7
 platform: ruby
 authors:
 - Garrett Bjerkhoel
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-03-05 00:00:00.000000000 Z
+date: 2021-04-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -305,6 +305,7 @@ files:
 - lib/cased/cli/asciinema/file.rb
 - lib/cased/cli/asciinema/writer.rb
 - lib/cased/cli/authentication.rb
+- lib/cased/cli/config.rb
 - lib/cased/cli/identity.rb
 - lib/cased/cli/interactive_session.rb
 - lib/cased/cli/log.rb
@@ -343,7 +344,7 @@ files:
 - lib/cased/sensitive/string.rb
 - lib/cased/test_helper.rb
 - lib/cased/version.rb
-- vendor/cache/activesupport-6.1.3.gem
+- vendor/cache/activesupport-6.1.3.1.gem
 - vendor/cache/addressable-2.7.0.gem
 - vendor/cache/ast-2.4.0.gem
 - vendor/cache/byebug-11.0.1.gem
@@ -356,7 +357,7 @@ files:
 - vendor/cache/faraday-net_http-1.0.1.gem
 - vendor/cache/faraday_middleware-1.0.0.gem
 - vendor/cache/hashdiff-1.0.1.gem
-- vendor/cache/i18n-1.8.9.gem
+- vendor/cache/i18n-1.8.10.gem
 - vendor/cache/jaro_winkler-1.5.4.gem
 - vendor/cache/json-2.5.1.gem
 - vendor/cache/jwt-2.2.2.gem