certmeister 1.0.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d599d2605bb65cd2744e7de3d7989ebbb9f5c9ec
-  data.tar.gz: 9f0e0e9d87f1c9420c8071e42d365737df0d24b0
+  metadata.gz: d5a9e171d0871cb9253d14dca465d5a9803fa07c
+  data.tar.gz: 163ae3a914300d3893107bd791d5a9a8f707a24e
 SHA512:
-  metadata.gz: 364b0d70f2d07ffc8f0c82f12974171b8f7861dad592bf02c5515b9930c85ae933cb1a29efccfca7b4c32b26c1c85e702b9bba6fa3f586709993c68a82b247dc
-  data.tar.gz: b8755d5da13d7c2275638218d739dfc4c40cff95da95080402ae2734000fea2bbcec5dd9e2e1f9b4678ede071bd92e9843e260aa473dcd68db70cf7aa2860b98
+  metadata.gz: e2da9a19b6c041e1567cc4e83258d44b8c40084904d53e03b5d0ce8ff1c39c3097aa639f7547ca123615a9d7dda352868a00062690da32624bffdcaf631b468e
+  data.tar.gz: 63887e6513a50bc4418d6aab14ef10c07dae4c614d881a27f7b30bef38526c87f1ac34440e293f4cb90f99e34faa9ee7ca1020849293517761a80c1b0549afc5

data/Gemfile.lock

@@ -1,13 +1,10 @@
 PATH
   remote: .
   specs:
-    certmeister (1.0.0)
-    certmeister-rack (1.0.0)
-      certmeister (= 1.0.0)
+    certmeister (1.0.1)
+    certmeister-rack (1.0.1)
+      certmeister (= 1.0.1)
       rack (~> 1.5)
-    certmeister-redis (1.0.0)
-      certmeister (= 1.0.0)
-      redis-sentinel (~> 1.4)
 
 GEM
   remote: http://rubygems.org/
@@ -17,9 +14,6 @@ GEM
     rack-test (0.6.2)
       rack (>= 1.0)
     rake (0.9.6)
-    redis (3.0.7)
-    redis-sentinel (1.4.2)
-      redis
     rspec (3.1.0)
       rspec-core (~> 3.1.0)
       rspec-expectations (~> 3.1.0)
@@ -40,7 +34,6 @@ DEPENDENCIES
   bundler (~> 1.5)
   certmeister!
   certmeister-rack!
-  certmeister-redis!
   rack-test (~> 0.6)
   rake (~> 0)
   rspec (~> 3.1)

data/README.md

@@ -15,12 +15,17 @@ The reference access policy in use by Hetzner PTY Ltd is:
 
 This allows us the convenience of Puppet's autosign feature, without the horrendous security implications.
 
-This repository currently builds three gems:
+This repository currently builds two gems:
 
 * _certmeister_ - the CA, some off-the-shelf policy modules and an in-memory cert store
-* _certmeister-redis_ - a redis-backed store
 * _certmeister-rack_ - a rack application to provide an HTTP interface to the CA
 
+Only an in-memory store is provided. Others are available as separate gems:
+
+* [certmeister-dynamodb](https://github.com/sheldonh/certmeister-dynamodb)
+* [certmeister-pg](https://github.com/sheldonh/certmeister-pg)
+* [certmeister-redis](https://github.com/sheldonh/certmeister-redis)
+
 An example, using redis and rack and enforcing Hetzner PTY Ltd's policy, is available in [contrib/config.ru](contrib/config.ru).
 
 To hit the service:
@@ -34,19 +39,8 @@ $ curl -L \
 
 ## Testing
 
-Because we test both certmeister and certmeister-redis with `rake spec`, you need redis up if you want to run the tests. It's easy:
-
-* Install redis-2.8.4 or later.
-* Start redis.
-* Run tests.
-* Stop redis.
-
 ```
-sudo yum install -y ansible
-sudo ansible-playbook -i contrib/hosts contrib/redis.yml
-redis-server --logfile /dev/null &
 rake spec
-kill %1; wait %1
 ```
 
 ## Releasing

data/contrib/.ruby-version

@@ -1 +1 @@
-ruby-2.0.0-p247
+ruby-2.1.5

data/contrib/Gemfile

@@ -1,6 +1,6 @@
 source "https://rubygems.org/"
 
 gem "certmeister", path: '..'
-gem "certmeister-redis", path: '..'
+gem "certmeister-redis"
 gem "redis"
 gem "rack"

data/lib/certmeister/policy/existing.rb

@@ -12,7 +12,9 @@ module Certmeister
       end
 
       def authenticate(request)
-        if @store.fetch(request[:cn]).nil?
+        if not request[:cn]
+	  Certmeister::Policy::Response.new(false, "missing cn")
+        elsif @store.fetch(request[:cn]).nil?
           Certmeister::Policy::Response.new(true, nil)
         else
           Certmeister::Policy::Response.new(false, "certificate for cn already exists")

data/lib/certmeister/version.rb

@@ -1,5 +1,5 @@
 module Certmeister
 
-  VERSION = '1.0.0' unless defined?(VERSION)
+  VERSION = '1.0.1' unless defined?(VERSION)
 
 end

data/spec/certmeister/policy/existing_spec.rb

@@ -17,6 +17,12 @@ describe Certmeister::Policy::Existing do
     expect { subject.authenticate }.to raise_error(ArgumentError)
   end
 
+  it "refuses to authenticate a request with a missing cn" do
+    response = subject.authenticate(cn: nil)
+    expect(response).to_not be_authenticated
+    expect(response.error).to eql "missing cn"
+  end
+
   context "when the store contains a cert for axl.hetzner.africa" do
 
     subject { Certmeister::Policy::Existing.new(Certmeister::InMemoryStore.new({"axl.hetzner.africa" => "...cert..."})) }

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: certmeister
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Sheldon Hearn
@@ -72,7 +72,6 @@ files:
 - README.md
 - Rakefile
 - certmeister-rack.gemspec
-- certmeister-redis.gemspec
 - certmeister.gemspec
 - contrib/.ruby-gemset
 - contrib/.ruby-version

data/certmeister-redis.gemspec

@@ -1,22 +0,0 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'certmeister/version'
-
-Gem::Specification.new do |spec|
-  spec.name          = "certmeister-redis"
-  spec.version       = Certmeister::VERSION
-  spec.authors       = ["Sheldon Hearn"]
-  spec.email         = ["sheldonh@starjuice.net"]
-  spec.summary       = %q{Redis store for certmeister}
-  spec.description   = %q{This gem provides a redis store for use in certmeister, the conditional autosigning certificate authority.}
-  spec.homepage      = "https://github.com/sheldonh/certmeister"
-  spec.license       = "MIT"
-
-  spec.files         = `git ls-files -z lib/certmeister spec/certmeister`.split("\x0").grep(/redis/)
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-  spec.require_paths = ["lib"]
-
-  spec.add_dependency "certmeister", Certmeister::VERSION
-  spec.add_dependency "redis-sentinel", "~> 1.4"
-end