conjur-api 4.30.0 → 4.31.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: bac541f4dc5eb324e42a7dce3dc436312b98ef18
-  data.tar.gz: 184c9e5ec253703bd0918b31145a4fa1c26d0d0f
+  metadata.gz: b84596e733b93800963e2ac84ea2fac5155a8b97
+  data.tar.gz: e16ebc289ad64de1e0b7725d1fb2707257bc17ea
 SHA512:
-  metadata.gz: 25fc29905946cadcd53c6828eadc568cde3f05790a78987093d3219396130ab36cfc920c723e455126f0d573c1be85b7ff5b1c057facc50c9272fa6e7d7cf39b
-  data.tar.gz: ca362cd00b847a5269fe723b1c39eaee9798531d73e55b9e897f369a85165c98f8be2ebf3cac43befbdb1f7d4b392b26c51aa21328ec6e19d8a0ac713213ce31
+  metadata.gz: bc34db065767e08c6287fb4c420e9e86c21a57201d9398e250d6dfe1bea6006c3271d6751d90ad362d9ce3d6ba2e35ceb29199a6f5b5fcaa27f4d0c6a41b490c
+  data.tar.gz: 0a33fc0d59135d23dfa9bc1d79371a403f82c5619fab374da83bc1ab00ce8ec7e0799d8bc888aba01b6d347333bd10e5a6f59f8d18ff569cf87d0f3453c81709

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+# v4.31.0
+
+* Internal refactor to improve performance and facilitate caching.
+
 # v4.30.0
 
 The following enhancements require Conjur server 4.9.1.0 or later:

data/lib/conjur-api/version.rb

@@ -19,6 +19,6 @@
 
 module Conjur
   class API
-    VERSION = "4.30.0"
+    VERSION = "4.31.0"
   end
 end

data/lib/conjur/api.rb

@@ -43,6 +43,7 @@ require 'conjur/layer-api'
 require 'conjur/pubkeys-api'
 require 'conjur/host-factory-api'
 require 'conjur/bootstrap'
+require 'conjur/cache'
 require 'conjur-api/version'
 require 'conjur/api/info'
 require 'conjur/api/ldapsync'

data/lib/conjur/api/roles.rb

@@ -131,7 +131,6 @@ module Conjur
       role_from_username username
     end
 
-
     #@!endgroup
 
     # @api private

data/lib/conjur/cache.rb

@@ -0,0 +1,26 @@
+module Conjur
+  # A cache which performs no caching.
+  class BaseCache
+    def fetch_attributes cache_key, &block
+      yield
+    end
+  end
+
+  class << self
+    @@cache = BaseCache.new
+
+    # Sets the global cache. It should implement +fetch_:method+ methods.
+    # The easy way to accomplish this is to extend BaseCache.
+    def cache= cache
+      @@cache = cache
+    end
+
+    # Gets the global cache.
+    def cache; @@cache; end
+
+    # Builds a cache key from a +username+, +url+ and optional +path+.
+    def cache_key username, url, path = nil
+      [ username, [ url, path ].compact.join ].join(".")
+    end
+  end
+end

data/lib/conjur/configuration.rb

@@ -172,6 +172,8 @@ module Conjur
     # @api private
     attr_reader :supplied
 
+    # @api private
+    attr_reader :computed
 
     # Create a new {Conjur::Configuration}, setting initial values from
     # `options`.
@@ -187,6 +189,7 @@ module Conjur
     def initialize options = {}
       @explicit = options.dup
       @supplied = options.dup
+      @computed = Hash.new
     end
     
     class << self
@@ -236,14 +239,20 @@ module Conjur
         end
         
         define_method(name) do
+          value = computed[name]
+          return value unless value.nil?
+
           if supplied.member?(name)
             supplied[name]
           elsif allow_env && ENV.member?(env_var)
             instance_exec(ENV[env_var], &convert)
           else 
             instance_eval(&def_proc)
+          end.tap do |value|
+            computed[name] = value
           end
         end
+
         alias_method("#{name}?", name) if options[:boolean]
       end
     end
@@ -273,6 +282,7 @@ module Conjur
       if self.class.accepted_options.include?(key.to_sym)
         explicit[key.to_sym] = value
         supplied[key.to_sym] = value
+        computed.clear
       end
     end
 

data/lib/conjur/graph.rb

@@ -52,7 +52,7 @@ module Conjur
         else raise ArgumentError, "don't know how to turn #{val}:#{val.class} into a Graph"
       end.map{|pair| Edge.new(*pair) }.freeze
       @next_node_id = 0
-      @node_ids = Hash.new{ |h,k| h[k] = next_node_id }
+      @node_ids = Hash.new
     end
 
     # Enumerates the edges of this graph.
@@ -144,7 +144,11 @@ module Conjur
 
     def node_id_for role
       role = role.id if role.respond_to?(:id)
-      @node_ids[role]
+      node_id = @node_ids[role]
+      if node_id.nil?
+        node_id = @node_ids[role] = next_node_id
+      end
+      node_id
     end
 
     def next_node_id

data/lib/conjur/has_attributes.rb

@@ -107,10 +107,18 @@ module Conjur
     end
 
     protected
+
     # @api private
     # Fetch the attributes, overwriting any current ones.
     def fetch
-      @attributes = JSON.parse(get.body)
+      @attributes ||= fetch_attributes
+    end
+
+    def fetch_attributes # :nodoc:
+      cache_key = Conjur.cache_key self.username, self.url
+      Conjur.cache.fetch_attributes cache_key do
+        JSON.parse(get.body)
+      end
     end
   end
 end

data/lib/conjur/resource.rb

@@ -91,7 +91,7 @@ module Conjur
       self.put(options)
     end
     
-    # Lists roles that have a specified permission on the resource. 
+    # Lists roles that have a specified privilege on the resource. 
     #
     # This will return only roles of which api.current_user is a member.
     #
@@ -106,19 +106,19 @@ module Conjur
     #   resource.permit 'execute', api.user('jon')
     #   resource.permitted_roles 'execute' # => ['conjur:user:admin', 'conjur:user:jon']
     #
-    # @param permission [String] the permission
+    # @param privilege [String] the privilege
     # @param options [Hash, nil] extra parameters to pass to the webservice method.
-    # @return [Array<String>] the ids of roles that have `permission` on this resource, sorted 
+    # @return [Array<String>] the ids of roles that have `privilege` on this resource, sorted 
     # alphabetically.
-    def permitted_roles(permission, options = {})
-      result = JSON.parse RestClient::Resource.new(Conjur::Authz::API.host, self.options)["#{account}/roles/allowed_to/#{permission}/#{path_escape kind}/#{path_escape identifier}#{options_querystring options}"].get
+    def permitted_roles(privilege, options = {})
+      result = JSON.parse RestClient::Resource.new(Conjur::Authz::API.host, self.options)["#{account}/roles/allowed_to/#{privilege}/#{path_escape kind}/#{path_escape identifier}#{options_querystring options}"].get
       if result.is_a?(Hash) && ( count = result['count'] )
         count
       else
         result
       end
     end
-    
+
     # Changes the owner of a resource.  You must be the owner of the resource
     # or a member of the owner role to do this.
     #
@@ -170,7 +170,7 @@ module Conjur
     #   object, in which case the Strings yielded by #each will all be granted
     #
     # @param role [String, #roleid] The role-ish object or full role id
-    #   to which the permission is to be granted/
+    #   to which the privilege is to be granted.
     #
     # @param options [Hash, nil] options to pass through to `RestClient::Resource#post`
     #
@@ -195,7 +195,7 @@ module Conjur
       nil
     end
 
-    # The inverse operation of `#permit`.  Deny permission `privilege` to `role`
+    # The inverse operation of `#permit`.  Deny privilege `privilege` to `role`
     # on this resource.
     #
     # @example
@@ -204,10 +204,10 @@ module Conjur
     #   resource.deny 'execute', 'conjur:user:alice'
     #   resource.permitted_roles 'execute' # =>  ['conjur:user:admin']
     #
-    # @param privilege [String, #each] A permission name or an `Enumerable` of permissions to deny.  In the
-    #   later, all permissions will be denied.
+    # @param privilege [String, #each] A privilege name or an `Enumerable` of privileges to deny.  In the
+    #   later, all privileges will be denied.
     #
-    # @param role [String, :roleid] A full role id or a role-ish object whose permissions we will deny.
+    # @param role [String, :roleid] A full role id or a role-ish object whose privileges we will deny.
     #
     # @return [void]
     def deny(privilege, role, options = {})

data/lib/conjur/role.rb

@@ -35,7 +35,6 @@ module Conjur
     include PathBased
     include QueryString
 
-
     # The *unqualified* identifier for this role.
     #
     # @example
@@ -117,16 +116,17 @@ module Conjur
       if result.is_a?(Hash) && ( count = result['count'] )
         count
       else
+        host = Conjur::Authz::API.host
         result.collect do |item|
           if item.is_a?(String)
-            Role.new(Conjur::Authz::API.host, self.options)[Conjur::API.parse_role_id(item).join('/')]
+            Role.new(host, self.options)[Conjur::API.parse_role_id(item).join('/')]
           else
             RoleGrant.parse_from_json(item, self.options)
           end
         end
       end
     end
-    
+
     alias memberships all
 
     # Check to see if this role is a member of another role.  Membership is transitive.

data/spec/lib/has_attributes_spec.rb

@@ -0,0 +1,57 @@
+require 'spec_helper'
+
+describe Conjur::HasAttributes do
+  class ObjectWithAttributes
+    include Conjur::HasAttributes
+
+    def username; 'alice'; end
+    def url; 'http://example.com/the-object'; end
+  end
+
+  def new_object
+    ObjectWithAttributes.new
+  end
+
+  let(:object) { new_object }
+  let(:attributes) { { 'id' => 'the-id' } }
+
+  before {
+    expect(object).to receive(:get).with(no_args).and_return(double(:response, body: attributes.to_json))
+  }
+
+  it "should fetch attributes from the server" do
+    expect(object.attributes).to eq(attributes)
+  end
+
+  describe "caching" do
+    let(:cache) {
+      Struct.new(:dummy) do
+        def table; @table ||= Hash.new; end
+
+        def fetch_attributes cache_key, &block
+          table[cache_key] || table[cache_key] = yield
+        end
+      end.new
+    }
+
+    around do |example|
+      saved = Conjur.cache
+      Conjur.cache = cache
+
+      begin
+        example.run
+      ensure
+        Conjur.cache = saved
+      end
+    end
+    context "enabled" do
+      it "caches the attributes across objects" do
+        expect(object.attributes).to eq(attributes)
+        expect(new_object.attributes).to eq(attributes)
+        expect(cache.table).to eq({
+          "alice.http://example.com/the-object" => attributes
+        })
+      end
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-api
 version: !ruby/object:Gem::Version
-  version: 4.30.0
+  version: 4.31.0
 platform: ruby
 authors:
 - Rafal Rzepecki
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-07 00:00:00.000000000 Z
+date: 2017-03-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -374,6 +374,7 @@ files:
 - lib/conjur/base.rb
 - lib/conjur/bootstrap.rb
 - lib/conjur/build_from_response.rb
+- lib/conjur/cache.rb
 - lib/conjur/cast.rb
 - lib/conjur/cert_utils.rb
 - lib/conjur/cidr.rb
@@ -440,6 +441,7 @@ files:
 - spec/lib/deputy_spec.rb
 - spec/lib/exists_spec.rb
 - spec/lib/group_spec.rb
+- spec/lib/has_attributes_spec.rb
 - spec/lib/host_spec.rb
 - spec/lib/log_source_spec.rb
 - spec/lib/log_spec.rb
@@ -517,6 +519,7 @@ test_files:
 - spec/lib/deputy_spec.rb
 - spec/lib/exists_spec.rb
 - spec/lib/group_spec.rb
+- spec/lib/has_attributes_spec.rb
 - spec/lib/host_spec.rb
 - spec/lib/log_source_spec.rb
 - spec/lib/log_spec.rb