cloudcover 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2c46caee78e42162043834818f5be3311401cbef
-  data.tar.gz: b39c7865e7175f6dbbe37d6acce347bf42e195b9
+  metadata.gz: dbb728764310a4e52eee3275ad788c2e9d7c7878
+  data.tar.gz: 156433fe14e1d78052f70a4432c7eeb74f1a1fef
 SHA512:
-  metadata.gz: f9fb2ca5845c9fb0a639dfc25b4e81e0038236672844fe396c5e34fc03a9bcc9e246ea03edeb10682516c2a7104df3525a6f31c04f30db6ffb8568b8f36d3601
-  data.tar.gz: da6f3e8f938865580c57e17ef097fab2b4bb4918a48239c7a1f74d9e3950ebf89f42ba7aeb573370912076921274816c466bdf6f6f0eca7cd9117fcce9e08db9
+  metadata.gz: e50396dcbbbce2a0ad2d276847ebf3b8b024f4b09a149bc173d9b41ea3b7527903cf716c3171585ef7f594918e3db97c9f355a351a3880f07c2965d8fd81ca4e
+  data.tar.gz: 8dd3cf589676ca586921628d4cab961d3ef2165d8d018c5c2d3d6791b1f607d5dfb17dbf4b9c3ef7a0851eb3e28f8a892926dd151ce0bc4d90bab52b702c1212

data/bin/cloudcover

@@ -22,7 +22,7 @@ arg_name '[credential file path]'
 command 'simple-auth' do |c|
   c.switch [:f], :desc => 'Get credentials from file path specified as first argument (Useful for OpenVPN authentication)'
   c.switch   [:radius], :desc => 'Return RADIUS style Accept/Reject Messages', :negatable => false
-  c.flag   [:g, :group], :desc => 'Verify membership to the specified group during authentication', :default_value => false
+  c.flag   [:a, :app], :desc => 'Verify membership to the specified application during authentication', :default_value => false
   c.flag   [:c, :context], :desc => 'Extra context for success/fail message', :default_value => false
 
   c.action do |global,options,args|

data/lib/cloudcover/commands/simple_auth.rb

@@ -14,8 +14,8 @@ module Cloudcover
     def verify_user
       get_credentials
       auth_response(false, "#{formatted_date(Time.now)} - #{context_message} - Access denied, failed login for #{username}") unless login
-      if group_id
-        auth_response(false,"#{formatted_date(Time.now)} - #{context_message} - Access denied, #{username} is not a member of group ID `#{group_id}`") unless is_valid_group_member
+      if app_id
+        auth_response(false,"#{formatted_date(Time.now)} - #{context_message} - Access denied, #{username} does not have access to application ID `#{app_id}`") unless has_application_access?
       end
       auth_response(true, "#{formatted_date(Time.now)} - #{context_message} - Access granted for #{username}")
     end
@@ -77,16 +77,16 @@ module Cloudcover
       end
     end
 
-    def is_valid_group_member
-      @okta.groups.map{ |g| g[:id] }.include? group_id
+    def has_application_access?
+      @okta.myApps.map{ |g| g[:appInstanceId] }.include? app_id
     end
 
     def date_format
       Cloudcover::Config.date_format ? Cloudcover::Config.date_format : "%a %b %e %H:%M:%S %Y"
     end
 
-    def group_id
-      @opts[:group]
+    def app_id
+      @opts[:app]
     end
 
     def file_based?

data/lib/cloudcover/okta/client.rb

@@ -42,6 +42,10 @@ module Cloudcover
         get_json('/api/v1/users/me/groups', headers: @headers)
       end
 
+      def myApps
+        get_json('/api/v1/users/me/appLinks', headers: @headers)
+      end
+
       def login_id
         me[:profile][:login]
       end

data/lib/cloudcover/version.rb

@@ -1,3 +1,3 @@
 module Cloudcover
-  VERSION = '0.1.0'
+  VERSION = '0.2.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cloudcover
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Matt Krieger