cdap-authentication-client 1.3.0.a.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/lib/cdap-authentication-client.rb +25 -0
- data/lib/cdap-authentication-client/access_token.rb +29 -0
- data/lib/cdap-authentication-client/auth_client_rest.rb +83 -0
- data/lib/cdap-authentication-client/authentication_client.rb +109 -0
- data/lib/cdap-authentication-client/authentication_client_interface.rb +41 -0
- data/lib/cdap-authentication-client/credential.rb +35 -0
- data/lib/cdap-authentication-client/version.rb +17 -0
- metadata +107 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: da6082bc56bb8f748d015d3d7dbdaab9a4be3193
|
4
|
+
data.tar.gz: e42658a258566d1fdbe9648de9676075ffabf597
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: d86ae9e280779e7a259b584c89673f3ec45c1b95cfada4d0cf94283c46cf4a900e70cb891520764dec2d9b5a62e3cb94860c89c0cb43599deb4e52618b7f4577
|
7
|
+
data.tar.gz: c34b158ce6255c594c92e11489962c90ef66544b28135e4e1edce130192236eecce575275b4a58aa275f9ebb9e177cf285faf69a441ee240839643f3f5b0ef08
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# Copyright © 2014 Cask Data, Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
4
|
+
# use this file except in compliance with the License. You may obtain a copy of
|
5
|
+
# the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
11
|
+
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
12
|
+
# License for the specific language governing permissions and limitations under
|
13
|
+
# the License.
|
14
|
+
|
15
|
+
require 'httparty'
|
16
|
+
|
17
|
+
module CDAP
|
18
|
+
end
|
19
|
+
|
20
|
+
require 'cdap-authentication-client/authentication_client'
|
21
|
+
require 'cdap-authentication-client/auth_client_rest'
|
22
|
+
require 'cdap-authentication-client/access_token'
|
23
|
+
require 'cdap-authentication-client/version'
|
24
|
+
require 'cdap-authentication-client/credential'
|
25
|
+
require 'cdap-authentication-client/authentication_client_interface'
|
@@ -0,0 +1,29 @@
|
|
1
|
+
# Copyright © 2014-2015 Cask Data, Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
4
|
+
# use this file except in compliance with the License. You may obtain a copy of
|
5
|
+
# the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
11
|
+
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
12
|
+
# License for the specific language governing permissions and limitations under
|
13
|
+
# the License.
|
14
|
+
|
15
|
+
module CDAP
|
16
|
+
###
|
17
|
+
# This class represents access token object.
|
18
|
+
class AccessToken
|
19
|
+
attr_accessor :value
|
20
|
+
attr_accessor :expires_in
|
21
|
+
attr_accessor :token_type
|
22
|
+
|
23
|
+
def initialize(value, token_type, expires_in)
|
24
|
+
self.value = value
|
25
|
+
self.expires_in = expires_in
|
26
|
+
self.token_type = token_type
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,83 @@
|
|
1
|
+
# Copyright © 2014-2015 Cask Data, Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
4
|
+
# use this file except in compliance with the License. You may obtain a copy of
|
5
|
+
# the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
11
|
+
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
12
|
+
# License for the specific language governing permissions and limitations under
|
13
|
+
# the License.
|
14
|
+
|
15
|
+
require 'httparty'
|
16
|
+
|
17
|
+
module CDAP
|
18
|
+
###
|
19
|
+
# The helper class for providing http requests
|
20
|
+
class AuthClientRest
|
21
|
+
include HTTParty
|
22
|
+
|
23
|
+
def get(url, options = {}, ssl_cert_check, &block)
|
24
|
+
request('get', url, options, ssl_cert_check, &block)
|
25
|
+
end
|
26
|
+
|
27
|
+
def put(url, options = {}, ssl_cert_check, &block)
|
28
|
+
request('put', url, options, ssl_cert_check, &block)
|
29
|
+
end
|
30
|
+
|
31
|
+
def post(url, options = {}, ssl_cert_check, &block)
|
32
|
+
request('post', url, options, ssl_cert_check, &block)
|
33
|
+
end
|
34
|
+
|
35
|
+
private
|
36
|
+
|
37
|
+
def request(method, url, options = {}, ssl_cert_check, &block)
|
38
|
+
method.downcase!
|
39
|
+
# send request
|
40
|
+
HTTParty::Basement.default_options.update(verify: ssl_cert_check)
|
41
|
+
case method
|
42
|
+
when 'get'
|
43
|
+
response = self.class.get(url, options, &block)
|
44
|
+
when 'post'
|
45
|
+
response = self.class.post(url, options, &block)
|
46
|
+
when 'put'
|
47
|
+
response = self.class.put(url, options, &block)
|
48
|
+
else
|
49
|
+
fail 'Unknown http method'
|
50
|
+
end
|
51
|
+
# process response
|
52
|
+
unless response.response.is_a?(Net::HTTPSuccess)
|
53
|
+
error = ResponseError.new response
|
54
|
+
case response.code
|
55
|
+
when 400
|
56
|
+
fail error, 'The request had a combination of
|
57
|
+
parameters that is not recognized'
|
58
|
+
when 401
|
59
|
+
fail error, 'Invalid username or password' unless url =~ /ping/
|
60
|
+
when 403
|
61
|
+
fail error, 'The request was authenticated but
|
62
|
+
the client does not have permission'
|
63
|
+
when 404
|
64
|
+
fail error, 'The request did not address any of the known URIs'
|
65
|
+
when 405
|
66
|
+
fail error, 'A request was received with a
|
67
|
+
method not supported for the URI'
|
68
|
+
when 409
|
69
|
+
fail error, 'A request could not be completed due to a conflict
|
70
|
+
with the current resource state'
|
71
|
+
when 500
|
72
|
+
fail error, 'An internal error occurred while processing the request'
|
73
|
+
when 501
|
74
|
+
fail error, 'A request contained a query that
|
75
|
+
is not supported by this API'
|
76
|
+
else
|
77
|
+
fail error, 'Unknown http error'
|
78
|
+
end
|
79
|
+
end
|
80
|
+
response
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
@@ -0,0 +1,109 @@
|
|
1
|
+
# Copyright © 2014-2015 Cask Data, Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
4
|
+
# use this file except in compliance with the License. You may obtain a copy of
|
5
|
+
# the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
11
|
+
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
12
|
+
# License for the specific language governing permissions and limitations under
|
13
|
+
# the License.
|
14
|
+
|
15
|
+
module CDAP
|
16
|
+
require 'cdap-authentication-client/authentication_client_interface'
|
17
|
+
###
|
18
|
+
# The client class to fetch access token from the authentication server
|
19
|
+
class AuthenticationClient < AuthenticationClientInterface
|
20
|
+
attr_reader :rest
|
21
|
+
attr_reader :username
|
22
|
+
attr_reader :password
|
23
|
+
attr_reader :ssl_cert_check
|
24
|
+
|
25
|
+
SPARSE_TIME_IN_MILLIS = 5000
|
26
|
+
USERNAME_PROP_NAME = 'security_auth_client_username'
|
27
|
+
PASSWORD_PROP_NAME = 'security_auth_client_password'
|
28
|
+
|
29
|
+
def initialize
|
30
|
+
@rest = AuthClientRest.new
|
31
|
+
@ping_url = nil
|
32
|
+
@auth_url = nil
|
33
|
+
@is_auth_enabled = nil
|
34
|
+
@access_token = nil
|
35
|
+
@ssl_cert_check = false
|
36
|
+
@credentials = [Credential.new(USERNAME_PROP_NAME, 'Username for basic authentication.', false),
|
37
|
+
Credential.new(PASSWORD_PROP_NAME, 'Password for basic authentication.', true)]
|
38
|
+
end
|
39
|
+
|
40
|
+
def configure(hash)
|
41
|
+
if @username || @password
|
42
|
+
fail IllegalStateException.new, 'Client is already configured!'
|
43
|
+
end
|
44
|
+
@username = hash['security.auth.client.username']
|
45
|
+
@password = hash['security.auth.client.password']
|
46
|
+
@ssl_cert_check = hash['security.auth.client.ssl_cert_check']
|
47
|
+
end
|
48
|
+
|
49
|
+
def get_required_credentials
|
50
|
+
@credentials
|
51
|
+
end
|
52
|
+
|
53
|
+
def set_connection_info(host, port, ssl)
|
54
|
+
if @ping_url
|
55
|
+
fail IllegalStateException.new, 'Connection info is already configured!'
|
56
|
+
end
|
57
|
+
protocol = ssl ? 'https' : 'http'
|
58
|
+
@ping_url = "#{protocol}://#{host}:#{port}/ping"
|
59
|
+
end
|
60
|
+
|
61
|
+
def fetch_auth_url
|
62
|
+
req = rest.get(@ping_url, @ssl_cert_check)
|
63
|
+
auth_urls = req ['auth_uri']
|
64
|
+
if auth_urls.empty?
|
65
|
+
fail AuthenticationServerNotFoundException.new 'No Authentication server to get a token from was found'
|
66
|
+
else
|
67
|
+
@auth_url = auth_urls.sample
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
def get_access_token
|
72
|
+
unless auth_enabled?
|
73
|
+
fail ArgumentError.new, 'Authentication is disabled
|
74
|
+
in the gateway server.'
|
75
|
+
end
|
76
|
+
if @access_token.nil? || token_expired?
|
77
|
+
request_time = Time.now.to_f * 1000
|
78
|
+
options = { basic_auth: { username: @username, password: @password } }
|
79
|
+
response = rest.get(@auth_url, options, @ssl_cert_check)
|
80
|
+
token_value = response['access_token']
|
81
|
+
token_type = response['token_type']
|
82
|
+
expires_in = response['expires_in']
|
83
|
+
@expiration_time = request_time + expires_in - SPARSE_TIME_IN_MILLIS
|
84
|
+
@access_token = AccessToken.new(token_value, token_type, expires_in)
|
85
|
+
end
|
86
|
+
@access_token
|
87
|
+
end
|
88
|
+
|
89
|
+
def auth_enabled?
|
90
|
+
if @is_auth_enabled.nil?
|
91
|
+
@auth_url = fetch_auth_url
|
92
|
+
@auth_url ? @is_auth_enabled = true : @is_auth_enabled = false
|
93
|
+
end
|
94
|
+
@is_auth_enabled
|
95
|
+
end
|
96
|
+
|
97
|
+
def token_expired?
|
98
|
+
@expiration_time < Time.now.to_f * 1000
|
99
|
+
end
|
100
|
+
|
101
|
+
def invalidate_token
|
102
|
+
@access_token = nil
|
103
|
+
end
|
104
|
+
end
|
105
|
+
end
|
106
|
+
|
107
|
+
class IllegalStateException < Exception; end
|
108
|
+
|
109
|
+
class AuthenticationServerNotFoundException < Exception; end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
# Copyright © 2014-2015 Cask Data, Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
4
|
+
# use this file except in compliance with the License. You may obtain a copy of
|
5
|
+
# the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
11
|
+
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
12
|
+
# License for the specific language governing permissions and limitations under
|
13
|
+
# the License.
|
14
|
+
|
15
|
+
module CDAP
|
16
|
+
class AuthenticationClientInterface
|
17
|
+
def configure(_properties)
|
18
|
+
fail 'This method should be overridden'
|
19
|
+
end
|
20
|
+
|
21
|
+
def get_access_token
|
22
|
+
fail 'This method should be overridden'
|
23
|
+
end
|
24
|
+
|
25
|
+
def auth_enabled?
|
26
|
+
fail 'This method should be overridden'
|
27
|
+
end
|
28
|
+
|
29
|
+
def invalidate_token
|
30
|
+
fail 'This method should be overridden'
|
31
|
+
end
|
32
|
+
|
33
|
+
def set_connection_info(_host, _port, _ssl)
|
34
|
+
fail 'This method should be overridden'
|
35
|
+
end
|
36
|
+
|
37
|
+
def get_required_credentials
|
38
|
+
fail 'This method should be overridden'
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
# Copyright © 2014-2015 Cask Data, Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
4
|
+
# use this file except in compliance with the License. You may obtain a copy of
|
5
|
+
# the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
11
|
+
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
12
|
+
# License for the specific language governing permissions and limitations under
|
13
|
+
# the License.
|
14
|
+
|
15
|
+
module CDAP
|
16
|
+
class Credential
|
17
|
+
def initialize(name, description, secret)
|
18
|
+
@name = name
|
19
|
+
@description = description
|
20
|
+
@secret = secret
|
21
|
+
end
|
22
|
+
|
23
|
+
def get_name
|
24
|
+
@name
|
25
|
+
end
|
26
|
+
|
27
|
+
def get_description
|
28
|
+
@description
|
29
|
+
end
|
30
|
+
|
31
|
+
def is_secret
|
32
|
+
@secret
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
# Copyright © 2014-2015 Cask Data, Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
4
|
+
# use this file except in compliance with the License. You may obtain a copy of
|
5
|
+
# the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
11
|
+
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
12
|
+
# License for the specific language governing permissions and limitations under
|
13
|
+
# the License.
|
14
|
+
|
15
|
+
module CDAP
|
16
|
+
VERSION = '1.3.0.a.1'
|
17
|
+
end
|
metadata
ADDED
@@ -0,0 +1,107 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: cdap-authentication-client
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.3.0.a.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Cask Data, Inc.
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2015-11-17 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: httparty
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - '>='
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - '>='
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: pry
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - '>='
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - '>='
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: simplecov
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - '>='
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - '>='
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: simplecov-rcov
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - '>='
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - '>='
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
description: A Ruby client for authentication in Cask CDAP services
|
70
|
+
email:
|
71
|
+
- ops@cask.co
|
72
|
+
executables: []
|
73
|
+
extensions: []
|
74
|
+
extra_rdoc_files: []
|
75
|
+
files:
|
76
|
+
- lib/cdap-authentication-client/access_token.rb
|
77
|
+
- lib/cdap-authentication-client/auth_client_rest.rb
|
78
|
+
- lib/cdap-authentication-client/authentication_client.rb
|
79
|
+
- lib/cdap-authentication-client/authentication_client_interface.rb
|
80
|
+
- lib/cdap-authentication-client/credential.rb
|
81
|
+
- lib/cdap-authentication-client/version.rb
|
82
|
+
- lib/cdap-authentication-client.rb
|
83
|
+
homepage:
|
84
|
+
licenses:
|
85
|
+
- Apache-2.0
|
86
|
+
metadata: {}
|
87
|
+
post_install_message:
|
88
|
+
rdoc_options: []
|
89
|
+
require_paths:
|
90
|
+
- lib
|
91
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
92
|
+
requirements:
|
93
|
+
- - '>='
|
94
|
+
- !ruby/object:Gem::Version
|
95
|
+
version: '0'
|
96
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
97
|
+
requirements:
|
98
|
+
- - '>'
|
99
|
+
- !ruby/object:Gem::Version
|
100
|
+
version: 1.3.1
|
101
|
+
requirements: []
|
102
|
+
rubyforge_project: cdap-authentication-client
|
103
|
+
rubygems_version: 2.0.14
|
104
|
+
signing_key:
|
105
|
+
specification_version: 4
|
106
|
+
summary: A Ruby client for authentication in Cask CDAP services
|
107
|
+
test_files: []
|