conjur-api 4.30.0 → 4.31.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: bac541f4dc5eb324e42a7dce3dc436312b98ef18
4
- data.tar.gz: 184c9e5ec253703bd0918b31145a4fa1c26d0d0f
3
+ metadata.gz: b84596e733b93800963e2ac84ea2fac5155a8b97
4
+ data.tar.gz: e16ebc289ad64de1e0b7725d1fb2707257bc17ea
5
5
  SHA512:
6
- metadata.gz: 25fc29905946cadcd53c6828eadc568cde3f05790a78987093d3219396130ab36cfc920c723e455126f0d573c1be85b7ff5b1c057facc50c9272fa6e7d7cf39b
7
- data.tar.gz: ca362cd00b847a5269fe723b1c39eaee9798531d73e55b9e897f369a85165c98f8be2ebf3cac43befbdb1f7d4b392b26c51aa21328ec6e19d8a0ac713213ce31
6
+ metadata.gz: bc34db065767e08c6287fb4c420e9e86c21a57201d9398e250d6dfe1bea6006c3271d6751d90ad362d9ce3d6ba2e35ceb29199a6f5b5fcaa27f4d0c6a41b490c
7
+ data.tar.gz: 0a33fc0d59135d23dfa9bc1d79371a403f82c5619fab374da83bc1ab00ce8ec7e0799d8bc888aba01b6d347333bd10e5a6f59f8d18ff569cf87d0f3453c81709
@@ -1,3 +1,7 @@
1
+ # v4.31.0
2
+
3
+ * Internal refactor to improve performance and facilitate caching.
4
+
1
5
  # v4.30.0
2
6
 
3
7
  The following enhancements require Conjur server 4.9.1.0 or later:
@@ -19,6 +19,6 @@
19
19
 
20
20
  module Conjur
21
21
  class API
22
- VERSION = "4.30.0"
22
+ VERSION = "4.31.0"
23
23
  end
24
24
  end
@@ -43,6 +43,7 @@ require 'conjur/layer-api'
43
43
  require 'conjur/pubkeys-api'
44
44
  require 'conjur/host-factory-api'
45
45
  require 'conjur/bootstrap'
46
+ require 'conjur/cache'
46
47
  require 'conjur-api/version'
47
48
  require 'conjur/api/info'
48
49
  require 'conjur/api/ldapsync'
@@ -131,7 +131,6 @@ module Conjur
131
131
  role_from_username username
132
132
  end
133
133
 
134
-
135
134
  #@!endgroup
136
135
 
137
136
  # @api private
@@ -0,0 +1,26 @@
1
+ module Conjur
2
+ # A cache which performs no caching.
3
+ class BaseCache
4
+ def fetch_attributes cache_key, &block
5
+ yield
6
+ end
7
+ end
8
+
9
+ class << self
10
+ @@cache = BaseCache.new
11
+
12
+ # Sets the global cache. It should implement +fetch_:method+ methods.
13
+ # The easy way to accomplish this is to extend BaseCache.
14
+ def cache= cache
15
+ @@cache = cache
16
+ end
17
+
18
+ # Gets the global cache.
19
+ def cache; @@cache; end
20
+
21
+ # Builds a cache key from a +username+, +url+ and optional +path+.
22
+ def cache_key username, url, path = nil
23
+ [ username, [ url, path ].compact.join ].join(".")
24
+ end
25
+ end
26
+ end
@@ -172,6 +172,8 @@ module Conjur
172
172
  # @api private
173
173
  attr_reader :supplied
174
174
 
175
+ # @api private
176
+ attr_reader :computed
175
177
 
176
178
  # Create a new {Conjur::Configuration}, setting initial values from
177
179
  # `options`.
@@ -187,6 +189,7 @@ module Conjur
187
189
  def initialize options = {}
188
190
  @explicit = options.dup
189
191
  @supplied = options.dup
192
+ @computed = Hash.new
190
193
  end
191
194
 
192
195
  class << self
@@ -236,14 +239,20 @@ module Conjur
236
239
  end
237
240
 
238
241
  define_method(name) do
242
+ value = computed[name]
243
+ return value unless value.nil?
244
+
239
245
  if supplied.member?(name)
240
246
  supplied[name]
241
247
  elsif allow_env && ENV.member?(env_var)
242
248
  instance_exec(ENV[env_var], &convert)
243
249
  else
244
250
  instance_eval(&def_proc)
251
+ end.tap do |value|
252
+ computed[name] = value
245
253
  end
246
254
  end
255
+
247
256
  alias_method("#{name}?", name) if options[:boolean]
248
257
  end
249
258
  end
@@ -273,6 +282,7 @@ module Conjur
273
282
  if self.class.accepted_options.include?(key.to_sym)
274
283
  explicit[key.to_sym] = value
275
284
  supplied[key.to_sym] = value
285
+ computed.clear
276
286
  end
277
287
  end
278
288
 
@@ -52,7 +52,7 @@ module Conjur
52
52
  else raise ArgumentError, "don't know how to turn #{val}:#{val.class} into a Graph"
53
53
  end.map{|pair| Edge.new(*pair) }.freeze
54
54
  @next_node_id = 0
55
- @node_ids = Hash.new{ |h,k| h[k] = next_node_id }
55
+ @node_ids = Hash.new
56
56
  end
57
57
 
58
58
  # Enumerates the edges of this graph.
@@ -144,7 +144,11 @@ module Conjur
144
144
 
145
145
  def node_id_for role
146
146
  role = role.id if role.respond_to?(:id)
147
- @node_ids[role]
147
+ node_id = @node_ids[role]
148
+ if node_id.nil?
149
+ node_id = @node_ids[role] = next_node_id
150
+ end
151
+ node_id
148
152
  end
149
153
 
150
154
  def next_node_id
@@ -107,10 +107,18 @@ module Conjur
107
107
  end
108
108
 
109
109
  protected
110
+
110
111
  # @api private
111
112
  # Fetch the attributes, overwriting any current ones.
112
113
  def fetch
113
- @attributes = JSON.parse(get.body)
114
+ @attributes ||= fetch_attributes
115
+ end
116
+
117
+ def fetch_attributes # :nodoc:
118
+ cache_key = Conjur.cache_key self.username, self.url
119
+ Conjur.cache.fetch_attributes cache_key do
120
+ JSON.parse(get.body)
121
+ end
114
122
  end
115
123
  end
116
124
  end
@@ -91,7 +91,7 @@ module Conjur
91
91
  self.put(options)
92
92
  end
93
93
 
94
- # Lists roles that have a specified permission on the resource.
94
+ # Lists roles that have a specified privilege on the resource.
95
95
  #
96
96
  # This will return only roles of which api.current_user is a member.
97
97
  #
@@ -106,19 +106,19 @@ module Conjur
106
106
  # resource.permit 'execute', api.user('jon')
107
107
  # resource.permitted_roles 'execute' # => ['conjur:user:admin', 'conjur:user:jon']
108
108
  #
109
- # @param permission [String] the permission
109
+ # @param privilege [String] the privilege
110
110
  # @param options [Hash, nil] extra parameters to pass to the webservice method.
111
- # @return [Array<String>] the ids of roles that have `permission` on this resource, sorted
111
+ # @return [Array<String>] the ids of roles that have `privilege` on this resource, sorted
112
112
  # alphabetically.
113
- def permitted_roles(permission, options = {})
114
- result = JSON.parse RestClient::Resource.new(Conjur::Authz::API.host, self.options)["#{account}/roles/allowed_to/#{permission}/#{path_escape kind}/#{path_escape identifier}#{options_querystring options}"].get
113
+ def permitted_roles(privilege, options = {})
114
+ result = JSON.parse RestClient::Resource.new(Conjur::Authz::API.host, self.options)["#{account}/roles/allowed_to/#{privilege}/#{path_escape kind}/#{path_escape identifier}#{options_querystring options}"].get
115
115
  if result.is_a?(Hash) && ( count = result['count'] )
116
116
  count
117
117
  else
118
118
  result
119
119
  end
120
120
  end
121
-
121
+
122
122
  # Changes the owner of a resource. You must be the owner of the resource
123
123
  # or a member of the owner role to do this.
124
124
  #
@@ -170,7 +170,7 @@ module Conjur
170
170
  # object, in which case the Strings yielded by #each will all be granted
171
171
  #
172
172
  # @param role [String, #roleid] The role-ish object or full role id
173
- # to which the permission is to be granted/
173
+ # to which the privilege is to be granted.
174
174
  #
175
175
  # @param options [Hash, nil] options to pass through to `RestClient::Resource#post`
176
176
  #
@@ -195,7 +195,7 @@ module Conjur
195
195
  nil
196
196
  end
197
197
 
198
- # The inverse operation of `#permit`. Deny permission `privilege` to `role`
198
+ # The inverse operation of `#permit`. Deny privilege `privilege` to `role`
199
199
  # on this resource.
200
200
  #
201
201
  # @example
@@ -204,10 +204,10 @@ module Conjur
204
204
  # resource.deny 'execute', 'conjur:user:alice'
205
205
  # resource.permitted_roles 'execute' # => ['conjur:user:admin']
206
206
  #
207
- # @param privilege [String, #each] A permission name or an `Enumerable` of permissions to deny. In the
208
- # later, all permissions will be denied.
207
+ # @param privilege [String, #each] A privilege name or an `Enumerable` of privileges to deny. In the
208
+ # later, all privileges will be denied.
209
209
  #
210
- # @param role [String, :roleid] A full role id or a role-ish object whose permissions we will deny.
210
+ # @param role [String, :roleid] A full role id or a role-ish object whose privileges we will deny.
211
211
  #
212
212
  # @return [void]
213
213
  def deny(privilege, role, options = {})
@@ -35,7 +35,6 @@ module Conjur
35
35
  include PathBased
36
36
  include QueryString
37
37
 
38
-
39
38
  # The *unqualified* identifier for this role.
40
39
  #
41
40
  # @example
@@ -117,16 +116,17 @@ module Conjur
117
116
  if result.is_a?(Hash) && ( count = result['count'] )
118
117
  count
119
118
  else
119
+ host = Conjur::Authz::API.host
120
120
  result.collect do |item|
121
121
  if item.is_a?(String)
122
- Role.new(Conjur::Authz::API.host, self.options)[Conjur::API.parse_role_id(item).join('/')]
122
+ Role.new(host, self.options)[Conjur::API.parse_role_id(item).join('/')]
123
123
  else
124
124
  RoleGrant.parse_from_json(item, self.options)
125
125
  end
126
126
  end
127
127
  end
128
128
  end
129
-
129
+
130
130
  alias memberships all
131
131
 
132
132
  # Check to see if this role is a member of another role. Membership is transitive.
@@ -0,0 +1,57 @@
1
+ require 'spec_helper'
2
+
3
+ describe Conjur::HasAttributes do
4
+ class ObjectWithAttributes
5
+ include Conjur::HasAttributes
6
+
7
+ def username; 'alice'; end
8
+ def url; 'http://example.com/the-object'; end
9
+ end
10
+
11
+ def new_object
12
+ ObjectWithAttributes.new
13
+ end
14
+
15
+ let(:object) { new_object }
16
+ let(:attributes) { { 'id' => 'the-id' } }
17
+
18
+ before {
19
+ expect(object).to receive(:get).with(no_args).and_return(double(:response, body: attributes.to_json))
20
+ }
21
+
22
+ it "should fetch attributes from the server" do
23
+ expect(object.attributes).to eq(attributes)
24
+ end
25
+
26
+ describe "caching" do
27
+ let(:cache) {
28
+ Struct.new(:dummy) do
29
+ def table; @table ||= Hash.new; end
30
+
31
+ def fetch_attributes cache_key, &block
32
+ table[cache_key] || table[cache_key] = yield
33
+ end
34
+ end.new
35
+ }
36
+
37
+ around do |example|
38
+ saved = Conjur.cache
39
+ Conjur.cache = cache
40
+
41
+ begin
42
+ example.run
43
+ ensure
44
+ Conjur.cache = saved
45
+ end
46
+ end
47
+ context "enabled" do
48
+ it "caches the attributes across objects" do
49
+ expect(object.attributes).to eq(attributes)
50
+ expect(new_object.attributes).to eq(attributes)
51
+ expect(cache.table).to eq({
52
+ "alice.http://example.com/the-object" => attributes
53
+ })
54
+ end
55
+ end
56
+ end
57
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: conjur-api
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.30.0
4
+ version: 4.31.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rafal Rzepecki
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2017-03-07 00:00:00.000000000 Z
12
+ date: 2017-03-27 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rest-client
@@ -374,6 +374,7 @@ files:
374
374
  - lib/conjur/base.rb
375
375
  - lib/conjur/bootstrap.rb
376
376
  - lib/conjur/build_from_response.rb
377
+ - lib/conjur/cache.rb
377
378
  - lib/conjur/cast.rb
378
379
  - lib/conjur/cert_utils.rb
379
380
  - lib/conjur/cidr.rb
@@ -440,6 +441,7 @@ files:
440
441
  - spec/lib/deputy_spec.rb
441
442
  - spec/lib/exists_spec.rb
442
443
  - spec/lib/group_spec.rb
444
+ - spec/lib/has_attributes_spec.rb
443
445
  - spec/lib/host_spec.rb
444
446
  - spec/lib/log_source_spec.rb
445
447
  - spec/lib/log_spec.rb
@@ -517,6 +519,7 @@ test_files:
517
519
  - spec/lib/deputy_spec.rb
518
520
  - spec/lib/exists_spec.rb
519
521
  - spec/lib/group_spec.rb
522
+ - spec/lib/has_attributes_spec.rb
520
523
  - spec/lib/host_spec.rb
521
524
  - spec/lib/log_source_spec.rb
522
525
  - spec/lib/log_spec.rb