conjur-api 2.0.0 → 2.0.1

data/conjur-api.gemspec

@@ -15,14 +15,13 @@ Gem::Specification.new do |gem|
   gem.require_paths = ["lib"]
   gem.version       = Conjur::API::VERSION
   
-  gem.add_runtime_dependency 'rest-client'
-  gem.add_runtime_dependency 'slosilo'
-  gem.add_runtime_dependency 'activesupport'
+  gem.add_dependency 'rest-client'
+  gem.add_dependency 'slosilo'
+  gem.add_dependency 'activesupport'
   
   gem.add_development_dependency 'rake'
   gem.add_development_dependency 'spork'
   gem.add_development_dependency 'rspec'
-  gem.add_development_dependency 'vcr'
   gem.add_development_dependency 'webmock'
   gem.add_development_dependency 'ci_reporter'
 end

data/lib/conjur-api/version.rb

@@ -1,5 +1,5 @@
 module Conjur
   class API
-    VERSION = "2.0.0"
+    VERSION = "2.0.1"
   end
 end

data/lib/conjur/api.rb

@@ -7,7 +7,6 @@ require 'conjur/log_source'
 require 'conjur/has_attributes'
 require 'conjur/has_identifier'
 require 'conjur/has_id'
-require 'conjur/das-api'
 require 'conjur/authn-api'
 require 'conjur/authz-api'
 require 'conjur/core-api'

data/lib/conjur/api/authn.rb

@@ -17,7 +17,7 @@ module Conjur
         if Conjur.log
           Conjur.log << "Logging in #{username} via Basic authentication\n"
         end
-        RestClient::Resource.new(Conjur::Authn::API.host, user: username, password: password)['/users/login'].get
+        RestClient::Resource.new(Conjur::Authn::API.host, user: username, password: password)['users/login'].get
       end
 
       # Perform login by CAS authentication.
@@ -34,7 +34,7 @@ module Conjur
         if Conjur.log
           Conjur.log << "Authenticating #{username}\n"
         end
-        JSON::parse(RestClient::Resource.new(Conjur::Authn::API.host)["/users/#{path_escape username}/authenticate"].post password, content_type: 'text/plain').tap do |token|
+        JSON::parse(RestClient::Resource.new(Conjur::Authn::API.host)["users/#{path_escape username}/authenticate"].post password, content_type: 'text/plain').tap do |token|
           raise InvalidToken.new unless token_valid?(token)
         end
       end
@@ -60,7 +60,7 @@ module Conjur
       log do |logger|
         logger << "Creating authn user #{login}"
       end
-      JSON.parse RestClient::Resource.new(Conjur::Authn::API.host, credentials)['/users'].post(options.merge(login: login))
+      JSON.parse RestClient::Resource.new(Conjur::Authn::API.host, credentials)['users'].post(options.merge(login: login))
     end
   end
 end

data/lib/conjur/api/groups.rb

@@ -3,16 +3,11 @@ require 'conjur/group'
 module Conjur
   class API
     def create_group(id, options = {})
-      log do |logger|
-        logger << "Creating group "
-        logger << id
-      end
-      resp = RestClient::Resource.new(Conjur::Core::API.host, credentials)['/groups'].post(options.merge(id: id))
-      Group.new(resp.headers[:location], credentials)
+      standard_create Conjur::Core::API.host, :group, id, options
     end
 
     def group id
-      Group.new(Conjur::Core::API.host)["/groups/#{path_escape id}"]
+      standard_show Conjur::Core::API.host, :group, id
     end
   end
 end

data/lib/conjur/api/hosts.rb

@@ -2,19 +2,6 @@ require 'conjur/host'
 
 module Conjur
   class API
-    def create_host options
-      log do |logger|
-        logger << "Creating host"
-      end
-      resp = JSON.parse RestClient::Resource.new("#{Conjur::Core::API.host}/hosts", credentials).post(options)
-      host(resp['id']).tap do |h|
-        log do |logger|
-          logger << "Created host #{h.id}"
-        end
-        h.attributes = resp
-      end
-    end
-    
     class << self
       def enroll_host(url)
         if Conjur.log
@@ -30,8 +17,12 @@ module Conjur
       end
     end
     
+    def create_host options
+      standard_create Conjur::Core::API.host, :host, nil, options
+    end
+    
     def host id
-      Host.new("#{Conjur::Core::API.host}/hosts/#{path_escape id}", credentials)
+      standard_show Conjur::Core::API.host, :host, id
     end
   end
 end

data/lib/conjur/api/roles.rb

@@ -4,15 +4,14 @@ module Conjur
   class API
     def create_role(role, options = {})
       log do |logger|
-        logger << "Creating role "
-        logger << role
+        logger << "Creating role #{account}/#{role}"
       end
-      RestClient::Resource.new(Conjur::Authz::API.host, credentials)["/roles/#{path_escape role}"].put(options)
-      Role.new(role, credentials)
+      RestClient::Resource.new(Conjur::Authz::API.host, credentials)["roles/#{path_escape role}"].put(options)
+      role(role)
     end
 
-    def role identifier
-      Role.new("#{Conjur::Authz::API.host}/roles/#{path_escape identifier}", credentials)
+    def role role
+      Role.new(Conjur::Authz::API.host, credentials)["roles/#{path_escape role}"]
     end
   end
 end

data/lib/conjur/api/secrets.rb

@@ -3,21 +3,11 @@ require 'conjur/secret'
 module Conjur
   class API
     def create_secret(value, options = {})
-      log do |logger|
-        logger << "Creating secret "
-        logger << value
-      end
-      resp = RestClient::Resource.new(Conjur::Core::API.host, credentials)['/secrets'].post(options.merge(value: value))
-      Secret.new(resp.headers[:location], credentials).tap do |secret|
-        log do |logger|
-          logger << "Created secret "
-          logger << secret.id
-        end
-      end
+      standard_create Conjur::Core::API.host, :secret, nil, options.merge(value: value)
     end
     
     def secret id
-      Secret.new("#{Conjur::Core::API.host}/secrets/#{path_escape id}", credentials)
+      standard_show Conjur::Core::API.host, :secret, id
     end
   end
 end

data/lib/conjur/api/users.rb

@@ -3,21 +3,11 @@ require 'conjur/user'
 module Conjur
   class API
     def create_user(login, options = {})
-      log do |logger|
-        logger << "Creating user "
-        logger << login
-      end
-      resp = JSON.parse RestClient::Resource.new(Conjur::Core::API.host, credentials)['/users'].post(options.merge(login: login))
-      user(resp['login']).tap do |u|
-        log do |logger|
-          logger << "Created user #{u.login}"
-        end
-        u.attributes = resp
-      end
+      standard_create Conjur::Core::API.host, :user, nil, options.merge(login: login)
     end
 
     def user login
-      User.new(Conjur::Core::API.host, credentials)["/users/#{path_escape login}"]
+      standard_show Conjur::Core::API.host, :user, login
     end
   end
 end

data/lib/conjur/api/variables.rb

@@ -3,23 +3,11 @@ require 'conjur/variable'
 module Conjur
   class API
     def create_variable(mime_type, kind, options = {})
-      log do |logger|
-        logger << "Creating #{mime_type} variable #{kind}"
-        if options
-          logger << " with options #{options.inspect}"
-        end
-      end
-      resp = RestClient::Resource.new(Conjur::Core::API.host, credentials)['variables'].post(options.merge(mime_type: mime_type, kind: kind))
-      Variable.new(resp.headers[:location], credentials).tap do |variable|
-        log do |logger|
-          logger << "Created variable "
-          logger << variable.id
-        end
-      end
+      standard_create Conjur::Core::API.host, :variable, nil, options.merge(mime_type: mime_type, kind: kind)
     end
     
     def variable id
-      Variable.new("#{Conjur::Core::API.host}/variables/#{path_escape id}", credentials)
+      standard_show Conjur::Core::API.host, :variable, id
     end
   end
 end

data/lib/conjur/base.rb

@@ -6,11 +6,14 @@ require 'conjur/has_attributes'
 require 'conjur/escape'
 require 'conjur/log'
 require 'conjur/log_source'
+require 'conjur/standard_methods'
+require 'conjur/token_cache'
 
 module Conjur
   class API
     include Escape
     include LogSource
+    include StandardMethods
     
     class << self
       def new_from_key(username, api_key)
@@ -26,25 +29,29 @@ module Conjur
       @username = username
       @api_key = api_key
       @token = token
+      TokenCache.store(@token) if token
+
       raise "Expecting ( username and api_key ) or token" unless ( username && api_key ) || token
     end
     
-    attr_reader :api_key, :username, :token
+    attr_reader :api_key, :username
     
     def username
-      @username || token['data']
+      @username || @token['data']
     end
     
     def host
       self.class.host
     end
     
+    def token
+      TokenCache.fetch(username, api_key)
+    end
+    
+    # Authenticate the username and api_key to obtain a request token.
+    # Tokens are cached by username for a short period of time.
     def credentials
-      if token
-        { headers: { authorization: "Token token=\"#{Base64.strict_encode64 token.to_json}\"" }, username: username }
-      else
-        { user: username, password: api_key }
-      end
+      { headers: { authorization: "Token token=\"#{Base64.strict_encode64 token.to_json}\"" }, username: username }
     end
   end
 end

data/lib/conjur/group.rb

@@ -3,6 +3,7 @@ module Conjur
     include ActsAsResource
     include ActsAsRole
     include HasId
+    include HasAttributes
     
     def roleid
       "group:#{id}"

data/lib/conjur/resource.rb

@@ -23,7 +23,7 @@ module Conjur
 
     # Lists roles that have a specified permission on the resource.
     def permitted_roles(permission, options = {})
-      JSON.parse RestClient::Resource.new(Conjur::Authz::API.host, self.options)["/roles/allowed_to/#{permission}/#{path_escape kind}/#{path_escape identifier}"].get(options)
+      JSON.parse RestClient::Resource.new(Conjur::Authz::API.host, self.options)["roles/allowed_to/#{permission}/#{path_escape kind}/#{path_escape identifier}"].get(options)
     end
     
     # Changes the owner of a resource

data/lib/conjur/role.rb

@@ -14,7 +14,7 @@ module Conjur
     end
     
     def all(options = {})
-      JSON.parse(self["/all"].get(options)).collect do |id|
+      JSON.parse(self["all"].get(options)).collect do |id|
         Role.new("#{Conjur::Authz::API.host}/roles/#{path_escape id}", self.options)
       end
     end
@@ -29,7 +29,7 @@ module Conjur
           logger << " and extended options #{options.to_json}"
         end
       end
-      self["/members/#{path_escape member}?admin_option=#{query_escape admin_option}"].put(options)
+      self["members/#{path_escape member}?admin_option=#{query_escape admin_option}"].put(options)
     end
 
     def revoke_from(member, options = {})
@@ -39,11 +39,11 @@ module Conjur
           logger << " with options #{options.to_json}"
         end
       end
-      self["/members/#{path_escape member}"].delete(options)
+      self["members/#{path_escape member}"].delete(options)
     end
 
     def permitted?(resource_kind, resource_id, privilege, options = {})
-      self["/permitted?resource_kind=#{query_escape resource_kind}&resource_id=#{query_escape resource_id}&privilege=#{query_escape privilege}"].get(options)
+      self["permitted?resource_kind=#{query_escape resource_kind}&resource_id=#{query_escape resource_id}&privilege=#{query_escape privilege}"].get(options)
       true
     rescue RestClient::ResourceNotFound
       false

data/lib/conjur/secret.rb

@@ -6,7 +6,7 @@ module Conjur
     include HasId
     
     def value
-      self['/value'].get.body
+      self['value'].get.body
     end
   end
 end

data/lib/conjur/standard_methods.rb

@@ -0,0 +1,39 @@
+module Conjur
+  module StandardMethods
+    require 'active_support/core_ext'
+    
+    protected
+    
+    def standard_create(host, type, id = nil, options = nil)
+      log do |logger|
+        logger << "Creating #{type} #{id}"
+        unless options.blank?
+          logger << " with options #{options.inspect}"
+        end
+      end
+      options ||= {}
+      options[:id] = id if id
+      resp = RestClient::Resource.new(host, credentials)[type.to_s.pluralize].post(options)
+      "Conjur::#{type.to_s.classify}".constantize.new(resp.headers[:location], credentials).tap do |obj|
+        obj.attributes = JSON.parse(resp.body)
+        if id.blank? && obj.respond_to?(:id)
+          log do |logger|
+            logger << "Created #{type} #{obj.id}"
+          end
+        end
+      end
+    end
+    
+    def standard_list(host, type, options)
+      JSON.parse(RestClient::Resource.new(host, credentials)[type.to_s.pluralize].get(options)).collect do |json|
+        send(type, json['id']).tap do |obj|
+          obj.attributes = json
+        end
+      end
+    end
+    
+    def standard_show(host, type, id)
+      "Conjur::#{type.to_s.classify}".constantize.new(host, credentials)[ [type.to_s.pluralize, path_escape(id)].join('/') ]
+    end
+  end
+end

data/lib/conjur/token_cache.rb

@@ -0,0 +1,40 @@
+module Conjur
+  # Cache API tokens. The cache key is the authentication hostname and the username.
+  # Tokens are cached for a short period of time; long enough to save on server trips
+  # but not long enough to worry about tokens expiring.
+  class TokenCache
+    @@tokens = Hash.new
+    
+    class << self
+      def fetch(username, api_key)
+        key = [ Conjur::Authn::API.host, username ]
+        token = @@tokens[key]
+        if token.nil? || expired?(token)
+          if username && api_key
+            store(token = Conjur::API.authenticate(username, api_key))
+          elsif token.nil?
+            raise "Token is nil and no api_key is available to create it"
+          else
+            $stderr.puts "Token is expired and no api_key is available to renew it"
+          end
+        end
+        token
+      end
+      
+      def store(token)
+        username = token['data']
+        raise "No data in token" unless username
+        raise "Expecting string username in token" unless username.is_a?(String)
+        key = [ Conjur::Authn::API.host, username ]
+        @@tokens[key] = token
+      end
+      
+      protected
+      
+      # Expire tokens after 1 minute, even though they are valid for longer.
+      def expired?(token, expiry = 1 * 60)
+        Time.parse(token["timestamp"]) + expiry < Time.now
+      end
+    end
+  end
+end

data/spec/lib/api_spec.rb

@@ -60,11 +60,6 @@ describe Conjur::API do
       let(:api) { Conjur::Authz::API }
       it_should_behave_like "API endpoint"
     end
-    context "of das service" do
-      let(:port_offset) { 200 }
-      let(:api) { Conjur::DAS::API }
-      it_should_behave_like "API endpoint"
-    end
     context "of core service" do
       let(:port_offset) { 300 }
       let(:api) { Conjur::Core::API }
@@ -83,16 +78,37 @@ describe Conjur::API do
   end
   context "credential handling" do
     let(:login) { "bob" }
+    let(:token) { { 'data' => login, 'timestamp' => (Time.now + elapsed ).to_s } }
+    let(:elapsed) { 0 }
+    before {
+      Conjur::TokenCache.class_variable_set("@@tokens", Hash.new)
+    }
     subject { api }
     context "from token" do
-      let(:token) { { 'data' => login } }
       let(:api) { Conjur::API.new_from_token(token) }
-      its(:credentials) { should == { headers: { authorization: "Token token=\"#{Base64.strict_encode64(token.to_json)}\"" }, username: login } }
+      context "expired" do
+        before {
+          Conjur::TokenCache.stub(:expired?).and_return true
+        }
+        it "should raise an error" do
+          $stderr.should_receive(:puts).with("Token is expired and no api_key is available to renew it")
+          
+          api.credentials
+        end
+      end
+      context "not expired" do
+        its(:credentials) { should == { headers: { authorization: "Token token=\"#{Base64.strict_encode64(token.to_json)}\"" }, username: login } }
+      end
     end
     context "from api key" do
       let(:api_key) { "theapikey" }
       let(:api) { Conjur::API.new_from_key(login, api_key) }
-      its(:credentials) { should == { user: login, password: api_key } }
+      it("should authenticate to get a token") do
+        Conjur::API.should_receive(:authenticate).with(login, api_key).and_return token
+        
+        api.instance_variable_get("@token").should == nil
+        api.credentials.should == { headers: { authorization: "Token token=\"#{Base64.strict_encode64(token.to_json)}\"" }, username: login }
+      end
     end
   end
 end

data/spec/lib/resource_spec.rb

@@ -3,32 +3,6 @@ require 'spec_helper'
 require 'conjur/api'
 
 describe Conjur::Resource do
-  let(:user) { 'admin' }
-  let(:api_key) { '^6feWZpr' }
-  
-  def conjur_api
-    Conjur::API.new_from_key(user, api_key)
-  end
-  
-  def self.it_creates_with code
-    it "should create with status #{code}" do
-      resource = conjur_api.resource("spec", identifier)
-      resource.create
-      resource.should exist
-      conjur_api.resource("spec", identifier).kind.should == "spec"
-      conjur_api.resource("spec", identifier).identifier.should == identifier
-    end
-  end
-
-  def self.it_fails_with code
-    it "should fail with status #{code}" do
-      expect { conjur_api.resource("spec", identifier).create }.to raise_error { |error|
-        error.should be_a(RestClient::Exception)
-        error.http_code.should == code
-      }
-    end
-  end
-
   let(:uuid) { "ddd1f59a-494d-48fb-b045-0374c4a6eef9" }
   
   context "identifier" do
@@ -60,25 +34,4 @@ describe Conjur::Resource do
       end
     end
   end
-  context "#create" do
-    context "with uuid identifier" do
-      use_vcr_cassette
-      let(:identifier) { uuid }
-      it_creates_with 204
-      it "is findable" do
-        conjur_api.resource("spec", identifier).create
-        conjur_api.resource("spec", identifier).should exist
-      end
-    end
-    context "with path-like identifier" do
-      use_vcr_cassette
-      let(:identifier) { [ uuid, "xxx" ].join("/") }
-      it_creates_with 204
-    end
-    context "with un-encoded path-like identifier" do
-      use_vcr_cassette
-      let(:identifier) { [ uuid, "+?!!?+/xxx" ].join("/") }
-      it_creates_with 204
-    end
-  end
 end

data/spec/spec_helper.rb

@@ -11,19 +11,11 @@ Spork.prefork do
   # Allows loading of an environment config based on the environment
   require 'rspec'
   require 'webmock/rspec'
-  require 'vcr'
   require 'securerandom'
   
   # Uncomment the next line to use webrat's matchers
   #require 'webrat/integrations/rspec-rails'
 
-  VCR.configure do |c|
-    c.cassette_library_dir = 'spec/vcr_cassettes'
-    c.hook_into :webmock
-    c.default_cassette_options = { :record => :new_episodes }
-#    c.ignore_localhost = true
-  end
-
   RSpec.configure do |config|
     # If you're not using ActiveRecord you should remove these
     # lines, delete config/database.yml and disable :active_record
@@ -62,8 +54,6 @@ Spork.prefork do
     # == Notes
     #
     # For more information take a look at Spec::Runner::Configuration and Spec::Runner
-
-    config.extend VCR::RSpec::Macros
   end
 end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-api
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.0.1
   prerelease: 
 platform: ruby
 authors:
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-03-12 00:00:00.000000000 Z
+date: 2013-03-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -108,22 +108,6 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: vcr
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -209,10 +193,11 @@ files:
 - lib/conjur/resource.rb
 - lib/conjur/role.rb
 - lib/conjur/secret.rb
+- lib/conjur/standard_methods.rb
+- lib/conjur/token_cache.rb
 - lib/conjur/user.rb
 - lib/conjur/variable.rb
 - spec/lib/api_spec.rb
-- spec/lib/das_spec.rb
 - spec/lib/resource_spec.rb
 - spec/lib/role_spec.rb
 - spec/lib/user_spec.rb
@@ -234,7 +219,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 3213033468970777555
+      hash: 3809342943954328390
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -243,7 +228,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 3213033468970777555
+      hash: 3809342943954328390
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.24
@@ -256,7 +241,6 @@ test_files:
 - features/ping_as_server.feature
 - features/ping_as_user.feature
 - spec/lib/api_spec.rb
-- spec/lib/das_spec.rb
 - spec/lib/resource_spec.rb
 - spec/lib/role_spec.rb
 - spec/lib/user_spec.rb

data/spec/lib/das_spec.rb

@@ -1,33 +0,0 @@
-require 'spec_helper'
-
-require 'conjur/api'
-
-describe Conjur::API do
-  context "data_access_service_url" do
-    let(:account) { "the-account" }
-    let(:path) { "upload" }
-    subject { Conjur::API.data_access_service_url(account, path, params) }
-    context "to test environment" do
-      before(:each) do
-        Conjur.stub(:env).and_return "development"
-      end
-      context "with empty params" do
-        let(:params) { {} }
-        it { should == "http://localhost:5200/data/the-account/inscitiv/upload" }
-      end
-      context "with params" do
-        let(:params) { { "foo" => "b/r" } }
-        it { should == "http://localhost:5200/data/the-account/inscitiv/upload?foo=b%2Fr" }
-      end
-    end
-    context "to production environment" do
-      before(:each) do
-        Conjur.stub(:env).and_return "production"
-      end
-      context "with empty params" do
-        let(:params) { {} }
-        it { should == "https://das-v2-conjur.herokuapp.com/data/the-account/inscitiv/upload" }
-      end
-    end
-  end
-end