cloudcover 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 2a63adaeeea97662bb92f5ff7a09b57982d3f101
+  data.tar.gz: 112b8afe37e3998c86ed74c9c08280a75ed15980
+SHA512:
+  metadata.gz: 26f23e4d7d7ebed15e4a51c56d95f621833db58e4dfb4702db1ca4b9c575b000271f60918fdf5b758ca0193d3bad6c3f4067c80323218a2962935b4e71542e40
+  data.tar.gz: a4c5482e7ebd9992ac1693f3e7d4c0635f50678ba88bcc29fe9158f51fe7b8a4aca64340602daaadedb0bf05fdbf0125a48509d86d3988ef11b2352d9ffcf2e9

data/.gitignore

@@ -0,0 +1,3 @@
+test.creds
+.DS_Store
+.idea

data/.ruby-version

@@ -0,0 +1 @@
+2.2.4

data/Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gemspec

data/Gemfile.lock

@@ -0,0 +1,46 @@
+PATH
+  remote: .
+  specs:
+    cloudcover (0.0.1)
+      gli (~> 2.13.4)
+      hashdiff
+      highline
+      http-cookie
+      httparty
+      minitar
+      terminal-table
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    domain_name (0.5.25)
+      unf (>= 0.0.5, < 1.0.0)
+    gli (2.13.4)
+    hashdiff (0.2.3)
+    highline (1.7.8)
+    http-cookie (1.0.2)
+      domain_name (~> 0.5)
+    httparty (0.13.7)
+      json (~> 1.8)
+      multi_xml (>= 0.5.2)
+    json (1.8.3)
+    minitar (0.5.4)
+    multi_xml (0.5.5)
+    rake (10.4.2)
+    rdoc (4.2.0)
+      json (~> 1.4)
+    terminal-table (1.5.2)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.7.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  cloudcover!
+  rake
+  rdoc
+
+BUNDLED WITH
+   1.12.3

data/README.md

@@ -0,0 +1,28 @@
+Cloudcover
+--
+
+A simple interface for using Okta authentication in command line applications
+
+```
+NAME
+    cloudcover - A simple interface for using Okta authentication in command line applications
+
+SYNOPSIS
+    cloudcover [global options] command [command options] [arguments...]
+
+VERSION
+    0.0.1
+
+GLOBAL OPTIONS
+    --[no-]color  - Colorize output (default: enabled)
+    --config=arg  - Cloudcover config file path (default: /Users/mattkrieger/.cloudcover)
+    --cookie=arg  - Cloudcover cookie file path (default: /Users/mattkrieger/.cloudcookie)
+    -d, --debug   - Debug output (Includes verbose)
+    --help        - Show this message
+    -v, --verbose - Verbose output
+    --version     - Display the program version
+
+COMMANDS
+    help        - Shows a list of commands or help for one command
+    simple-auth - Simply verify that a set of credentials are valid to login to Okta
+```

data/Rakefile

@@ -0,0 +1,14 @@
+require 'rake/clean'
+require 'rubygems'
+require 'rubygems/package_task'
+require 'rdoc/task'
+Rake::RDocTask.new do |rd|
+  rd.main = "README.rdoc"
+  rd.rdoc_files.include("README.rdoc","lib/**/*.rb","bin/**/*")
+  rd.title = 'Cloudcover'
+end
+
+spec = eval(File.read('cloudcover.gemspec'))
+
+Gem::PackageTask.new(spec) do |pkg|
+end

data/bin/cloudcover

@@ -0,0 +1,58 @@
+#!/usr/bin/env ruby
+require 'gli'
+require 'cloudcover'
+
+include GLI::App
+
+program_desc 'A simple interface for using Okta authentication in command line applications'
+
+version Cloudcover::VERSION
+
+subcommand_option_handling :normal
+arguments :strict
+
+switch  [:v,:verbose],    :desc => 'Verbose output', :negatable => false
+switch  [:d,:debug],      :desc => 'Debug output (Includes verbose)', :negatable => false
+switch  [:color],         :desc => 'Colorize output', :default_value => true
+flag    [:config],        :desc => 'Cloudcover config file path', :default_value => File.join(ENV['HOME'],'.cloudcover')
+flag    ['session-path'], :desc => 'Cloudcover cookie file path', :default_value => File.join(ENV['HOME'],'.oktasession')
+
+desc 'Simply verify that a set of credentials are valid to login to Okta. Returns 0 on success and non-zero on failure.'
+arg_name '[credential file path]'
+command 'simple-auth' do |c|
+  c.switch [:f], :desc => 'Get credentials from file path specified as first argument (Useful for OpenVPN authentication)'
+  c.switch   [:radius], :desc => 'Return RADIUS style Accept/Reject Messages', :default_value => false
+  c.flag   [:g, :group], :desc => 'Verify membership to the specified group during authentication', :default_value => false
+  c.flag   [:c, :context], :desc => 'Extra context for success/fail message', :default_value => false
+
+  c.action do |global_options,options,args|
+    if options[:f]
+      raise CredentialFileError, "No readable credential file specified" unless File.readable?(args.first)
+    end
+
+    Cloudcover::SimpleAuth.new(options,args.first).verify_user
+
+  end
+end
+
+pre do |global,command,options,args|
+  $verbose = global[:verbose] || global[:debug]
+  $debug = global[:debug]
+  $config_path = global[:config]
+  $color = global[:color]
+  true
+end
+
+post do |global,command,options,args|
+  # Post logic here
+  # Use skips_post before a command to skip this
+  # block on that command only
+end
+
+on_error do |exception|
+  # Error logic here
+  # return false to skip default error handling
+  false
+end
+
+exit run(ARGV)

data/cloudcover.gemspec

@@ -0,0 +1,29 @@
+# Ensure we require the local version and not one we might have installed already
+require File.join([File.dirname(__FILE__),'lib','cloudcover','version.rb'])
+spec = Gem::Specification.new do |s|
+  s.name = 'cloudcover'
+  s.version = Cloudcover::VERSION
+  s.author = 'Matt Krieger'
+  s.email = 'matt.krieger@sportngin.com'
+  s.homepage = 'http://www.sportngin.com'
+  s.platform = Gem::Platform::RUBY
+  s.summary = 'Provides a simple interface for using Okta authentication in command line applications'
+  s.files = `git ls-files`.split("
+")
+  s.require_paths << 'lib'
+  s.bindir = 'bin'
+  s.executables << 'cloudcover'
+
+  s.add_dependency 'httparty'
+  s.add_dependency 'http-cookie'
+  s.add_dependency "highline"
+  s.add_dependency "terminal-table"
+  s.add_dependency "minitar"
+  s.add_dependency "hashdiff"
+
+  s.add_development_dependency 'rake'
+  s.add_development_dependency 'rdoc'
+
+
+  s.add_runtime_dependency "gli", "~>2.13.4"
+end

data/lib/cloudcover/commands/simple_auth.rb

@@ -0,0 +1,107 @@
+module Cloudcover
+  class SimpleAuth
+
+    DEFAULT_CONTEXT = "AUTH"
+
+    def initialize(opts,path)
+      Output.say_debug("SimpleAuth class: #{self}")
+      @config = Cloudcover::Config.config
+      @okta = Cloudcover::Okta::Client.new
+      @credentials = {}
+      @opts = opts
+      @creds_path = path unless path.nil?
+    end
+
+    def verify_user
+      get_credentials
+      auth_response(false, "#{formatted_date(Time.now)} - #{context_message} - Access denied, failed login for #{username}") unless login
+      if group_id
+        auth_response(false,"#{formatted_date(Time.now)} - #{context_message} - Access denied, #{username} is not a member of group ID '#{group_id}'") unless is_valid_group_member
+      end
+      auth_response(true, "#{formatted_date(Time.now)} - #{context_message} - Access granted for #{username}")
+    end
+
+    def auth_response(auth, msg)
+      if auth
+        if  @opts[:radius]
+          p "Accept"
+        else
+          p msg
+        end
+      else
+        if @opts[:radius]
+          abort 'Reject'
+        else
+          abort msg
+        end
+      end
+    end
+
+    def get_credentials
+      if file_based?
+        Output.say_debug("Using credtials from #{@creds_path}")
+        creds = file_creds(@creds_path)
+        @credentials[:username] = creds.first
+        @credentials[:password] = creds.last
+      else
+        @credentials[:username] = Output.ask("Username: ")
+        @credentials[:password] = Output.ask("Password: "){ |q| q.echo = "*" }
+      end
+    end
+
+    def file_creds(creds_path)
+      credentials = IO.read(creds_path).split rescue {}
+      raise InvalidCredsFile unless credentials.length == 2
+      credentials
+    end
+
+    def formatted_date(time)
+      Time.at(time).strftime(date_format)
+    end
+
+    def username
+      @credentials[:username]
+    end
+
+    def password
+      @credentials[:password]
+    end
+
+    def login
+      @okta.login(username, password)
+      if @okta.logged_in?
+        @user_id = @okta.login_id
+        true
+      else
+        false
+      end
+    end
+
+    def is_valid_group_member
+      @okta.groups.map{ |g| g[:id] }.include? group_id
+    end
+
+    def date_format
+      @config.has_key?(:date_format) ? @config[:date_format] : "%a %b %e %H:%M:%S %Y"
+    end
+
+    def group_id
+      @opts[:group]
+    end
+
+    def file_based?
+      @opts[:f]
+    end
+
+    def context
+      @opts[:context]
+    end
+
+    def context_message
+      context || DEFAULT_CONTEXT
+    end
+
+
+    InvalidCredsFile = Class.new(StandardError)
+  end
+end

data/lib/cloudcover/commands.rb

@@ -0,0 +1 @@
+require "cloudcover/commands/simple_auth"

data/lib/cloudcover/config.rb

@@ -0,0 +1,36 @@
+require 'yaml'
+
+module Cloudcover
+  class Config
+
+    def self.config
+     self.new.load_config($config_path)
+    end
+
+    def load_config(file)
+      Output.say_debug("Loading the config file from #{file}")
+      raise MissingConfig, "Missing configuration file: #{file}  Run 'cloudcover help'" unless File.exist?(file)
+      @cloudcover_config = symbolize_keys(YAML.load_file(file)) rescue {}
+    end
+
+    # We want all ouf our YAML loaded keys to be symbols
+    # taken from http://devblog.avdi.org/2009/07/14/recursively-symbolize-keys/
+    def symbolize_keys(hash)
+      hash.inject({}){|result, (key, value)|
+        new_key = case key
+                  when String then key.to_sym
+                  else key
+                  end
+        new_value = case value
+                    when Hash then symbolize_keys(value)
+                    else value
+                    end
+        result[new_key] = new_value
+        result
+      }
+    end
+
+    MissingConfig = Class.new(StandardError)
+    MissingEnvironment = Class.new(StandardError)
+  end
+end

data/lib/cloudcover/okta/client.rb

@@ -0,0 +1,85 @@
+require 'httparty'
+require 'socket'
+
+module Cloudcover
+  module Okta
+    class Client
+      include HTTParty
+      debug_output if $debug
+
+      attr_reader :headers
+
+      def initialize
+        @config = Cloudcover::Config.config
+        self.class.base_uri "https://#{@config[:okta_domain]}.okta.com"
+        @headers = {
+          'Content-Type' => "application/json",
+          'Accept' => "application/json",
+          'User-Agent' => "Cloudcover/#{Cloudcover::VERSION} (#{Socket.gethostname})"
+        }
+      end
+
+      def self.login(username, password)
+          new.tap { |instance| instance.login(username, password) }
+      end
+
+      def set_headers(headers)
+        @headers.merge!(headers)
+      end
+
+      def remove_header(key)
+        @headers.delete(key)
+      end
+
+      def get_json(path, options = {})
+        JSON.parse(self.class.get(path, options).body, symbolize_names: true)
+      end
+
+      def me
+        get_json('/api/v1/users/me', headers: @headers)
+      end
+
+      def groups
+        get_json('/api/v1/users/me/groups', headers: @headers)
+      end
+
+      def login_id
+        me[:profile][:login]
+      end
+
+      def logged_in?
+        me[:status] == "ACTIVE"
+      rescue
+        false
+      end
+
+      def login(username, password)
+        post_body = {username: username, password: password}.to_json
+        resp = self.class.post('/api/v1/sessions?additionalFields=cookieToken', {body: post_body, headers: @headers})
+        if resp.parsed_response['status'] == "ACTIVE"
+          set_session_cookie(resp.parsed_response['cookieToken'])
+        else
+          resp.parsed_response
+        end
+      end
+
+      def test_get(path)
+        self.class.get(path, headers: @headers)
+      end
+
+      def set_session_cookie(cookie_token)
+        resp = self.class.get("/login/sessionCookie?token=#{cookie_token}", headers: @headers)
+        @headers['Cookie'] = parse_cookie(resp.headers).to_cookie_string
+      end
+      private :set_session_cookie
+
+      def parse_cookie(resp_cookie)
+        cookie_hash = CookieHash.new
+        resp_cookie.get_fields('Set-Cookie').each { |c| cookie_hash.add_cookies(c) }
+        cookie_hash
+      end
+      private :parse_cookie
+
+    end
+  end
+end

data/lib/cloudcover/okta.rb

@@ -0,0 +1 @@
+require "cloudcover/okta/client"

data/lib/cloudcover/output.rb

@@ -0,0 +1,48 @@
+require 'highline'
+
+module Cloudcover
+  module Output
+    def self.terminal
+      HighLine.color_scheme = color_scheme
+      @terminal ||= HighLine.new
+    end
+
+    def self.color_scheme
+      @color_scheme ||= HighLine::ColorScheme.new(
+          :normal => [],
+          :error => [:bold, :red],
+          :warning => [:bold, :yellow],
+          :verbose => [:bold, :magenta],
+          :debug => [:bold, :cyan],
+          :success => [:bold, :green],
+          :addition => [:bold, :green],
+          :removal => [:bold, :red],
+          :modification => [:bold, :yellow],
+      )
+    end
+
+    def self.say(msg, log_style=:normal)
+      terminal.say format(msg, log_style)
+    end
+
+    def self.format(msg, log_style=:normal)
+      if $color
+        terminal.color(msg.to_s, log_style)
+      else
+        msg
+      end
+    end
+
+    def self.say_verbose(msg)
+      terminal.say format(msg.to_s, 'verbose') if $verbose
+    end
+
+    def self.say_debug(msg, log_style=:debug)
+      terminal.say format(msg.to_s, log_style) if $debug
+    end
+
+    def self.ask(*args, &block)
+      terminal.ask(*args, &block)
+    end
+  end
+end

data/lib/cloudcover/version.rb

@@ -0,0 +1,3 @@
+module Cloudcover
+  VERSION = '0.0.1'
+end

data/lib/cloudcover.rb

@@ -0,0 +1,7 @@
+require "cloudcover/version"
+require "cloudcover/output"
+
+require "cloudcover/config"
+require "cloudcover/okta"
+
+require "cloudcover/commands"

metadata

@@ -0,0 +1,188 @@
+--- !ruby/object:Gem::Specification
+name: cloudcover
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Matt Krieger
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-06-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: http-cookie
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: highline
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: terminal-table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitar
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: hashdiff
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: gli
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.13.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.13.4
+description: 
+email: matt.krieger@sportngin.com
+executables:
+- cloudcover
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".ruby-version"
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- bin/cloudcover
+- cloudcover.gemspec
+- lib/cloudcover.rb
+- lib/cloudcover/commands.rb
+- lib/cloudcover/commands/simple_auth.rb
+- lib/cloudcover/config.rb
+- lib/cloudcover/okta.rb
+- lib/cloudcover/okta/client.rb
+- lib/cloudcover/output.rb
+- lib/cloudcover/version.rb
+homepage: http://www.sportngin.com
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: Provides a simple interface for using Okta authentication in command line
+  applications
+test_files: []
+has_rdoc: