cf-uaac 3.1.3 → 3.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cli/common.rb +10 -6
  3. data/lib/cli/runner.rb +6 -3
  4. data/lib/cli/token.rb +3 -2
  5. data/lib/cli/version.rb +1 -1
  6. data/spec/common_spec.rb +6 -0
  7. data/spec/ssl_integration_spec.rb +32 -1
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 47cadfc05edd8a5368554f8da515fc79d7b6b66a
4
- data.tar.gz: e4accbc8d0414b321e38b70e2216f8475db2d96e
3
+ metadata.gz: ceef01d629cbe38d03cfb10efaa1aa00148cace7
4
+ data.tar.gz: 94fa2bcc964a0bf540ad3e88bb75ffd5f276e879
5
5
  SHA512:
6
- metadata.gz: cc7c7861b0fdf8bc3d8f3c132c107366295881097d8a6242647eff0500fc4b6811140021310c0c3579cda0c9360029ee2984956113b9dc87eec6055b99573295
7
- data.tar.gz: 2ba75233691d77f1b0ead9bf33d058e1f0282493724e95ccdc4b02169f7586de22ea169b50f82612884e089a1a38f529758357064e0f1796a5762b59809752fa
6
+ metadata.gz: a9859b220984a395a14ae08de49f14cfe696ac875f6a284f264053325de9acaed2ad438aa9f6c1ef0bf4fdd899e4d1768cbc2d597e01da3910ef5b5bd73d70ef
7
+ data.tar.gz: ffb57562d844090b631259bac618e99b29b814af432b41cb0e7c23371c8ac2d9b293405d1c32dc18d671c170dcbacbbf2f8b0a25236e86fa2b30d079cd744b2f
data/lib/cli/common.rb CHANGED
@@ -67,7 +67,9 @@ class CommonCli < Topic
67
67
  end
68
68
 
69
69
  def scim_request
70
- yield Scim.new(Config.target, auth_header, { skip_ssl_validation: Config.target_value(:skip_ssl_validation) })
70
+ yield Scim.new(Config.target, auth_header, {
71
+ skip_ssl_validation: Config.target_value(:skip_ssl_validation),
72
+ ssl_ca_file: Config.target_value(:ca_cert) })
71
73
  rescue Exception => e
72
74
  complain e
73
75
  end
@@ -141,32 +143,34 @@ class MiscCli < CommonCli
141
143
  url.to_s.to_sym
142
144
  end
143
145
 
144
- def bad_uaa_url(url, info, skip_ssl_validation = false)
145
- info.replace(@cli_class.uaa_info_client(url.to_s, skip_ssl_validation).server)
146
+ def bad_uaa_url(url, info, skip_ssl_validation = false, ca_cert = nil)
147
+ info.replace(@cli_class.uaa_info_client(url.to_s, skip_ssl_validation, ca_cert).server)
146
148
  nil
147
149
  rescue Exception => e
148
150
  "failed to access #{url}: #{e.message}"
149
151
  end
150
152
 
153
+ define_option :ca_cert, "--ca-cert [file]", "use the given CA certificate to validate the target's SSL certificate"
151
154
  define_option :skip_ssl_validation, "--skip-ssl-validation", "do not attempt to validate ssl certificate"
152
155
  define_option :force, "--[no-]force", "-f", "set even if target does not respond"
153
- desc "target [uaa_url]", "Display current or set new target", :force, :skip_ssl_validation do |uaa_url|
156
+ desc "target [uaa_url]", "Display current or set new target", :force, :ca_cert, :skip_ssl_validation do |uaa_url|
154
157
  msg, info = nil, {}
155
158
  if uaa_url
156
159
  if uaa_url.to_i.to_s == uaa_url
157
160
  return gripe "invalid target index" unless url = Config.target?(uaa_url.to_i)
158
161
  elsif url = normalize_url(uaa_url)
159
- return gripe msg if (msg = bad_uaa_url(url, info, opts[:skip_ssl_validation])) unless opts[:force] || Config.target?(url)
162
+ return gripe msg if (msg = bad_uaa_url(url, info, opts[:skip_ssl_validation], opts[:ca_cert])) unless opts[:force] || Config.target?(url)
160
163
  elsif !Config.target?(url = normalize_url(uaa_url, "https")) &&
161
164
  !Config.target?(url = normalize_url(uaa_url, "http"))
162
165
  if opts[:force]
163
166
  url = normalize_url(uaa_url, "https")
164
167
  else
165
- return gripe msg if msg = bad_uaa_url((url = normalize_url(uaa_url, "https")), info, opts[:skip_ssl_validation])
168
+ return gripe msg if msg = bad_uaa_url((url = normalize_url(uaa_url, "https")), info, opts[:skip_ssl_validation], opts[:ca_cert])
166
169
  end
167
170
  end
168
171
  Config.target = url # we now have a canonical url set to https if possible
169
172
  Config.target_opts(skip_ssl_validation: true) if opts[:skip_ssl_validation]
173
+ Config.target_opts(ca_cert: opts[:ca_cert])
170
174
  update_target_info(info) if info[:prompts]
171
175
  end
172
176
  return say "no target set" unless Config.target
data/lib/cli/runner.rb CHANGED
@@ -50,9 +50,12 @@ class Cli < BaseCli
50
50
  @uaa_logger = Util.default_logger(opts[:trace]? :trace: opts[:debug]? :debug: :warn, @output)
51
51
  end
52
52
 
53
- def self.uaa_info_client(url = Config.target, skip_ssl_validation = false)
54
- skip_ssl_validation = Config.config[url][:skip_ssl_validation] if Config.config[url]
55
- client = Info.new(url, { skip_ssl_validation: skip_ssl_validation })
53
+ def self.uaa_info_client(url = Config.target, skip_ssl_validation = false, ca_cert = nil)
54
+ if Config.config[url]
55
+ skip_ssl_validation = Config.config[url][:skip_ssl_validation]
56
+ ca_cert = Config.config[url][:ca_cert]
57
+ end
58
+ client = Info.new(url, { skip_ssl_validation: skip_ssl_validation, ssl_ca_file: ca_cert })
56
59
  client.logger = @uaa_logger
57
60
  client
58
61
  end
data/lib/cli/token.rb CHANGED
@@ -25,7 +25,7 @@ class TokenCatcher < Stub::Base
25
25
  secret = server.info.delete(:client_secret)
26
26
  ti = TokenIssuer.new(Config.target, server.info.delete(:client_id), secret,
27
27
  { token_target: Config.target_value(:token_target),
28
- skip_ssl_validation: Config.target_value(:skip_ssl_validation) })
28
+ skip_ssl_validation: Config.target_value(:skip_ssl_validation)})
29
29
  tkn = secret ? ti.authcode_grant(server.info.delete(:uri), data) :
30
30
  ti.implicit_grant(server.info.delete(:uri), data)
31
31
  server.info.update(token_info: tkn.info)
@@ -88,7 +88,8 @@ class TokenCli < CommonCli
88
88
  update_target_info
89
89
  yield TokenIssuer.new(Config.target.to_s, client_id, secret,
90
90
  { token_target: Config.target_value(:token_endpoint),
91
- skip_ssl_validation: Config.target_value(:skip_ssl_validation) })
91
+ skip_ssl_validation: Config.target_value(:skip_ssl_validation),
92
+ ssl_ca_file: Config.target_value(:ca_cert) })
92
93
  rescue Exception => e
93
94
  complain e
94
95
  end
data/lib/cli/version.rb CHANGED
@@ -14,6 +14,6 @@
14
14
  # Cloud Foundry namespace
15
15
  module CF
16
16
  module UAA
17
- CLI_VERSION = "3.1.3"
17
+ CLI_VERSION = "3.1.4"
18
18
  end
19
19
  end
data/spec/common_spec.rb CHANGED
@@ -89,6 +89,12 @@ describe CommonCli do
89
89
  Config.yaml.should include "skip_ssl_validation: true"
90
90
  end
91
91
 
92
+ it "accepts a root CA as a commandline parameter" do
93
+ Cli.run("target --force --ca-cert dir/rootCA.pem https://example.com")
94
+ Cli.output.string.should include "https://example.com"
95
+ Config.yaml.should include "ca_cert: dir/rootCA.pem"
96
+ end
97
+
92
98
  it "only attempts http if scheme is http" do
93
99
  Cli.run("target http://example.com")
94
100
  puts Cli.output.string
data/spec/ssl_integration_spec.rb CHANGED
@@ -50,19 +50,50 @@ module CF::UAA
50
50
  end
51
51
  end
52
52
 
53
+ describe 'targetting a https URL' do
54
+ it "fails ssl validation without a certificate via HTTPS" do
55
+ Cli.run("target #{ENV["UAA_CLIENT_TARGET"]}")
56
+ Cli.output.string.should include "Invalid SSL Cert"
57
+ end
58
+
59
+ it "passes ssl validation if a valid rootCA is passed with an option" do
60
+ Cli.run("target #{ENV["UAA_CLIENT_TARGET"]} --ca-cert #{ENV["UAA_CLIENT_CA_CERT_PATH"]}")
61
+ Cli.output.string.should include "Target: #{ENV["UAA_CLIENT_TARGET"]}"
62
+ Cli.output.string.should_not match /invalid/i
63
+ end
64
+ end
65
+
53
66
  describe 'targeting a URL without specifying the scheme' do
54
67
  it "uses HTTPS if --skip-ssl-validation is true" do
55
68
  Cli.run("target #{@url.host}:#{@url.port}/#{@url.path} --skip-ssl-validation")
56
69
  Cli.output.string.should include "https"
57
70
  Cli.output.string.should_not include "Invalid SSL Cert"
58
71
  end
72
+
73
+ it "uses HTTPS if --ca-cert is true" do
74
+ Cli.run("target #{@url.host}:#{@url.port}/#{@url.path} --ca-cert #{ENV["UAA_CLIENT_CA_CERT_PATH"]}")
75
+ Cli.output.string.should include "https"
76
+ Cli.output.string.should_not match /invalid/i
77
+ end
59
78
  end
60
79
 
61
80
  describe 'using other commands after skipping ssl validation' do
62
81
  it "does not raise SSLException for the same target" do
63
82
  Cli.run("target #{ENV["UAA_CLIENT_TARGET"]} --skip-ssl-validation")
64
83
  Cli.run("token client get foo -s bar")
65
- Cli.output.string.should_not include "Invalid SSL Cert"
84
+ Cli.output.string.should_not match /invalid/i
85
+ Cli.run("groups")
86
+ Cli.output.string.should_not match /invalid/i
87
+ end
88
+ end
89
+
90
+ describe 'using other commands after setting ca-cert' do
91
+ it "does not raise SSLException for the same target" do
92
+ Cli.run("target #{ENV["UAA_CLIENT_TARGET"]} --ca-cert #{ENV["UAA_CLIENT_CA_CERT_PATH"]}")
93
+ Cli.run("token client get foo -s bar")
94
+ Cli.output.string.should_not match /invalid/i
95
+ Cli.run("groups")
96
+ Cli.output.string.should_not match /invalid/i
66
97
  end
67
98
  end
68
99
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cf-uaac
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.3
4
+ version: 3.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dave Syer
@@ -12,7 +12,7 @@ authors:
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
- date: 2015-09-22 00:00:00.000000000 Z
15
+ date: 2015-10-16 00:00:00.000000000 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: bundler