cdap-authentication-client 1.3.0.a.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: da6082bc56bb8f748d015d3d7dbdaab9a4be3193
+  data.tar.gz: e42658a258566d1fdbe9648de9676075ffabf597
+SHA512:
+  metadata.gz: d86ae9e280779e7a259b584c89673f3ec45c1b95cfada4d0cf94283c46cf4a900e70cb891520764dec2d9b5a62e3cb94860c89c0cb43599deb4e52618b7f4577
+  data.tar.gz: c34b158ce6255c594c92e11489962c90ef66544b28135e4e1edce130192236eecce575275b4a58aa275f9ebb9e177cf285faf69a441ee240839643f3f5b0ef08

data/lib/cdap-authentication-client.rb

@@ -0,0 +1,25 @@
+#  Copyright © 2014 Cask Data, Inc.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may not
+#  use this file except in compliance with the License. You may obtain a copy of
+#  the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations under
+#  the License.
+
+require 'httparty'
+
+module CDAP
+end
+
+require 'cdap-authentication-client/authentication_client'
+require 'cdap-authentication-client/auth_client_rest'
+require 'cdap-authentication-client/access_token'
+require 'cdap-authentication-client/version'
+require 'cdap-authentication-client/credential'
+require 'cdap-authentication-client/authentication_client_interface'

data/lib/cdap-authentication-client/access_token.rb

@@ -0,0 +1,29 @@
+#  Copyright © 2014-2015 Cask Data, Inc.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may not
+#  use this file except in compliance with the License. You may obtain a copy of
+#  the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations under
+#  the License.
+
+module CDAP
+  ###
+  #  This class represents access token object.
+  class AccessToken
+    attr_accessor :value
+    attr_accessor :expires_in
+    attr_accessor :token_type
+
+    def initialize(value, token_type, expires_in)
+      self.value = value
+      self.expires_in = expires_in
+      self.token_type = token_type
+    end
+  end
+end

data/lib/cdap-authentication-client/auth_client_rest.rb

@@ -0,0 +1,83 @@
+#  Copyright © 2014-2015 Cask Data, Inc.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may not
+#  use this file except in compliance with the License. You may obtain a copy of
+#  the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations under
+#  the License.
+
+require 'httparty'
+
+module CDAP
+  ###
+  # The helper class for providing http requests
+  class AuthClientRest
+    include HTTParty
+
+    def get(url, options = {}, ssl_cert_check, &block)
+      request('get', url, options, ssl_cert_check, &block)
+    end
+
+    def put(url, options = {}, ssl_cert_check, &block)
+      request('put', url, options, ssl_cert_check, &block)
+    end
+
+    def post(url, options = {}, ssl_cert_check, &block)
+      request('post', url, options, ssl_cert_check, &block)
+    end
+
+    private
+
+    def request(method, url, options = {}, ssl_cert_check, &block)
+      method.downcase!
+      # send request
+      HTTParty::Basement.default_options.update(verify: ssl_cert_check)
+      case method
+      when 'get'
+        response = self.class.get(url, options, &block)
+      when 'post'
+        response = self.class.post(url, options, &block)
+      when 'put'
+        response = self.class.put(url, options, &block)
+      else
+        fail 'Unknown http method'
+      end
+      # process response
+      unless response.response.is_a?(Net::HTTPSuccess)
+        error = ResponseError.new response
+        case response.code
+        when 400
+          fail error, 'The request had a combination of
+                          parameters that is not recognized'
+        when 401
+          fail error, 'Invalid username or password' unless url =~ /ping/
+        when 403
+          fail error, 'The request was authenticated but
+                          the client does not have permission'
+        when 404
+          fail error, 'The request did not address any of the known URIs'
+        when 405
+          fail error, 'A request was received with a
+                       method not supported for the URI'
+        when 409
+          fail error, 'A request could not be completed due to a conflict
+                          with the current resource state'
+        when 500
+          fail error, 'An internal error occurred while processing the request'
+        when 501
+          fail error, 'A request contained a query that
+                       is not supported by this API'
+        else
+          fail error, 'Unknown http error'
+        end
+      end
+      response
+    end
+  end
+end

data/lib/cdap-authentication-client/authentication_client.rb

@@ -0,0 +1,109 @@
+#  Copyright © 2014-2015 Cask Data, Inc.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may not
+#  use this file except in compliance with the License. You may obtain a copy of
+#  the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations under
+#  the License.
+
+module CDAP
+  require 'cdap-authentication-client/authentication_client_interface'
+  ###
+  # The client class to fetch access token from the authentication server
+  class AuthenticationClient < AuthenticationClientInterface
+    attr_reader :rest
+    attr_reader :username
+    attr_reader :password
+    attr_reader :ssl_cert_check
+
+    SPARSE_TIME_IN_MILLIS = 5000
+    USERNAME_PROP_NAME = 'security_auth_client_username'
+    PASSWORD_PROP_NAME = 'security_auth_client_password'
+
+    def initialize
+      @rest = AuthClientRest.new
+      @ping_url = nil
+      @auth_url = nil
+      @is_auth_enabled = nil
+      @access_token = nil
+      @ssl_cert_check = false
+      @credentials = [Credential.new(USERNAME_PROP_NAME, 'Username for basic authentication.', false),
+                      Credential.new(PASSWORD_PROP_NAME, 'Password for basic authentication.', true)]
+    end
+
+    def configure(hash)
+      if @username || @password
+        fail IllegalStateException.new, 'Client is already configured!'
+      end
+      @username = hash['security.auth.client.username']
+      @password = hash['security.auth.client.password']
+      @ssl_cert_check = hash['security.auth.client.ssl_cert_check']
+    end
+
+    def get_required_credentials
+      @credentials
+    end
+
+    def set_connection_info(host, port, ssl)
+      if @ping_url
+        fail IllegalStateException.new, 'Connection info is already configured!'
+      end
+      protocol = ssl ? 'https' : 'http'
+      @ping_url = "#{protocol}://#{host}:#{port}/ping"
+    end
+
+    def fetch_auth_url
+      req = rest.get(@ping_url, @ssl_cert_check)
+      auth_urls = req ['auth_uri']
+      if auth_urls.empty?
+        fail AuthenticationServerNotFoundException.new 'No Authentication server to get a token from was found'
+      else
+        @auth_url = auth_urls.sample
+      end
+    end
+
+    def get_access_token
+      unless auth_enabled?
+        fail ArgumentError.new, 'Authentication is disabled
+                                 in the gateway server.'
+      end
+      if @access_token.nil? || token_expired?
+        request_time = Time.now.to_f * 1000
+        options = { basic_auth: { username: @username, password: @password } }
+        response = rest.get(@auth_url, options, @ssl_cert_check)
+        token_value = response['access_token']
+        token_type  = response['token_type']
+        expires_in = response['expires_in']
+        @expiration_time = request_time + expires_in - SPARSE_TIME_IN_MILLIS
+        @access_token = AccessToken.new(token_value, token_type, expires_in)
+      end
+      @access_token
+    end
+
+    def auth_enabled?
+      if @is_auth_enabled.nil?
+        @auth_url = fetch_auth_url
+        @auth_url ? @is_auth_enabled = true : @is_auth_enabled = false
+      end
+      @is_auth_enabled
+    end
+
+    def token_expired?
+      @expiration_time < Time.now.to_f * 1000
+    end
+
+    def invalidate_token
+      @access_token = nil
+    end
+  end
+end
+
+class IllegalStateException < Exception; end
+
+class AuthenticationServerNotFoundException < Exception; end

data/lib/cdap-authentication-client/authentication_client_interface.rb

@@ -0,0 +1,41 @@
+#  Copyright © 2014-2015 Cask Data, Inc.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may not
+#  use this file except in compliance with the License. You may obtain a copy of
+#  the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations under
+#  the License.
+
+module CDAP
+  class AuthenticationClientInterface
+    def configure(_properties)
+      fail 'This method should be overridden'
+    end
+
+    def get_access_token
+      fail 'This method should be overridden'
+    end
+
+    def auth_enabled?
+      fail 'This method should be overridden'
+    end
+
+    def invalidate_token
+      fail 'This method should be overridden'
+    end
+
+    def set_connection_info(_host, _port, _ssl)
+      fail 'This method should be overridden'
+    end
+
+    def get_required_credentials
+      fail 'This method should be overridden'
+    end
+  end
+end

data/lib/cdap-authentication-client/credential.rb

@@ -0,0 +1,35 @@
+#  Copyright © 2014-2015 Cask Data, Inc.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may not
+#  use this file except in compliance with the License. You may obtain a copy of
+#  the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations under
+#  the License.
+
+module CDAP
+  class Credential
+    def initialize(name, description, secret)
+      @name = name
+      @description = description
+      @secret = secret
+    end
+
+    def get_name
+      @name
+    end
+
+    def get_description
+      @description
+    end
+
+    def is_secret
+      @secret
+    end
+  end
+end

data/lib/cdap-authentication-client/version.rb

@@ -0,0 +1,17 @@
+#  Copyright © 2014-2015 Cask Data, Inc.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may not
+#  use this file except in compliance with the License. You may obtain a copy of
+#  the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations under
+#  the License.
+
+module CDAP
+  VERSION = '1.3.0.a.1'
+end

metadata

@@ -0,0 +1,107 @@
+--- !ruby/object:Gem::Specification
+name: cdap-authentication-client
+version: !ruby/object:Gem::Version
+  version: 1.3.0.a.1
+platform: ruby
+authors:
+- Cask Data, Inc.
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-11-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov-rcov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A Ruby client for authentication in Cask CDAP services
+email:
+- ops@cask.co
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/cdap-authentication-client/access_token.rb
+- lib/cdap-authentication-client/auth_client_rest.rb
+- lib/cdap-authentication-client/authentication_client.rb
+- lib/cdap-authentication-client/authentication_client_interface.rb
+- lib/cdap-authentication-client/credential.rb
+- lib/cdap-authentication-client/version.rb
+- lib/cdap-authentication-client.rb
+homepage: 
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>'
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubyforge_project: cdap-authentication-client
+rubygems_version: 2.0.14
+signing_key: 
+specification_version: 4
+summary: A Ruby client for authentication in Cask CDAP services
+test_files: []