conjur-api 2.2.2 → 2.2.3
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/conjur-api/version.rb +1 -1
- data/lib/conjur/base.rb +1 -3
- data/spec/lib/api_spec.rb +5 -16
- data/spec/lib/role_spec.rb +5 -5
- metadata +4 -5
- data/lib/conjur/token_cache.rb +0 -41
data/lib/conjur-api/version.rb
CHANGED
data/lib/conjur/base.rb
CHANGED
@@ -9,7 +9,6 @@ require 'conjur/escape'
|
|
9
9
|
require 'conjur/log'
|
10
10
|
require 'conjur/log_source'
|
11
11
|
require 'conjur/standard_methods'
|
12
|
-
require 'conjur/token_cache'
|
13
12
|
|
14
13
|
module Conjur
|
15
14
|
class API
|
@@ -58,7 +57,6 @@ module Conjur
|
|
58
57
|
@username = username
|
59
58
|
@api_key = api_key
|
60
59
|
@token = token
|
61
|
-
TokenCache.store(@token) if token
|
62
60
|
|
63
61
|
raise "Expecting ( username and api_key ) or token" unless ( username && api_key ) || token
|
64
62
|
end
|
@@ -74,7 +72,7 @@ module Conjur
|
|
74
72
|
end
|
75
73
|
|
76
74
|
def token
|
77
|
-
|
75
|
+
@token ||= Conjur::API.authenticate(@username, @api_key)
|
78
76
|
end
|
79
77
|
|
80
78
|
# Authenticate the username and api_key to obtain a request token.
|
data/spec/lib/api_spec.rb
CHANGED
@@ -110,33 +110,22 @@ describe Conjur::API do
|
|
110
110
|
let(:login) { "bob" }
|
111
111
|
let(:token) { { 'data' => login, 'timestamp' => (Time.now + elapsed ).to_s } }
|
112
112
|
let(:elapsed) { 0 }
|
113
|
-
before {
|
114
|
-
Conjur::TokenCache.class_variable_set("@@tokens", Hash.new)
|
115
|
-
}
|
116
113
|
subject { api }
|
117
114
|
context "from token" do
|
118
115
|
let(:api) { Conjur::API.new_from_token(token) }
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
}
|
123
|
-
it "should raise an error" do
|
124
|
-
$stderr.should_receive(:puts).with("Token will soon expire and no api_key is available to renew it")
|
125
|
-
|
126
|
-
api.credentials
|
127
|
-
end
|
128
|
-
end
|
129
|
-
context "not expired" do
|
130
|
-
its(:credentials) { should == { headers: { authorization: "Token token=\"#{Base64.strict_encode64(token.to_json)}\"" }, username: login } }
|
131
|
-
end
|
116
|
+
subject { api }
|
117
|
+
its(:token) { should == token }
|
118
|
+
its(:credentials) { should == { headers: { authorization: "Token token=\"#{Base64.strict_encode64(token.to_json)}\"" }, username: login } }
|
132
119
|
end
|
133
120
|
context "from api key" do
|
134
121
|
let(:api_key) { "theapikey" }
|
135
122
|
let(:api) { Conjur::API.new_from_key(login, api_key) }
|
123
|
+
subject { api }
|
136
124
|
it("should authenticate to get a token") do
|
137
125
|
Conjur::API.should_receive(:authenticate).with(login, api_key).and_return token
|
138
126
|
|
139
127
|
api.instance_variable_get("@token").should == nil
|
128
|
+
api.token.should == token
|
140
129
|
api.credentials.should == { headers: { authorization: "Token token=\"#{Base64.strict_encode64(token.to_json)}\"" }, username: login }
|
141
130
|
end
|
142
131
|
end
|
data/spec/lib/role_spec.rb
CHANGED
@@ -10,13 +10,13 @@ describe Conjur::Role do
|
|
10
10
|
let(:account) { "the-account" }
|
11
11
|
context "#new" do
|
12
12
|
let(:kind) { "test" }
|
13
|
-
let(:role) { Conjur::API.
|
14
|
-
let(:token) { 'the-token' }
|
15
|
-
before {
|
16
|
-
Conjur::TokenCache.stub(:fetch).and_return token
|
17
|
-
}
|
13
|
+
let(:role) { Conjur::API.new_from_token({ 'data' => 'the-login' }).role([ account, kind, id ].join(":")) }
|
18
14
|
context "with plain id" do
|
19
15
|
let(:id) { "foo" }
|
16
|
+
context "credentials" do
|
17
|
+
subject { role }
|
18
|
+
its(:options) { should == {:headers=>{:authorization=>"Token token=\"eyJkYXRhIjoidGhlLWxvZ2luIn0=\""}, :username=>'the-login'} }
|
19
|
+
end
|
20
20
|
it_should_behave_like "properties"
|
21
21
|
end
|
22
22
|
context "with more complex id" do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-api
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.2.
|
4
|
+
version: 2.2.3
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2013-05-
|
13
|
+
date: 2013-05-31 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: rest-client
|
@@ -182,7 +182,6 @@ files:
|
|
182
182
|
- lib/conjur/role_grant.rb
|
183
183
|
- lib/conjur/secret.rb
|
184
184
|
- lib/conjur/standard_methods.rb
|
185
|
-
- lib/conjur/token_cache.rb
|
186
185
|
- lib/conjur/user.rb
|
187
186
|
- lib/conjur/variable.rb
|
188
187
|
- spec/lib/api_spec.rb
|
@@ -209,7 +208,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
209
208
|
version: '0'
|
210
209
|
segments:
|
211
210
|
- 0
|
212
|
-
hash: -
|
211
|
+
hash: -3721927865223886977
|
213
212
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
214
213
|
none: false
|
215
214
|
requirements:
|
@@ -218,7 +217,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
218
217
|
version: '0'
|
219
218
|
segments:
|
220
219
|
- 0
|
221
|
-
hash: -
|
220
|
+
hash: -3721927865223886977
|
222
221
|
requirements: []
|
223
222
|
rubyforge_project:
|
224
223
|
rubygems_version: 1.8.24
|
data/lib/conjur/token_cache.rb
DELETED
@@ -1,41 +0,0 @@
|
|
1
|
-
module Conjur
|
2
|
-
# Cache API tokens. The cache key is the authentication hostname and the username.
|
3
|
-
# Tokens are cached for a short period of time; long enough to save on server trips
|
4
|
-
# but not long enough to worry about tokens expiring.
|
5
|
-
class TokenCache
|
6
|
-
@@tokens = Hash.new
|
7
|
-
|
8
|
-
class << self
|
9
|
-
def fetch(username, api_key)
|
10
|
-
key = [ Conjur::Authn::API.host, username ]
|
11
|
-
token = @@tokens[key]
|
12
|
-
if token.nil? || expired?(token)
|
13
|
-
if username && api_key
|
14
|
-
store(token = Conjur::API.authenticate(username, api_key))
|
15
|
-
elsif token.nil?
|
16
|
-
raise "Token is nil and no api_key is available to create it"
|
17
|
-
else
|
18
|
-
$stderr.puts "Token will soon expire and no api_key is available to renew it"
|
19
|
-
end
|
20
|
-
end
|
21
|
-
token
|
22
|
-
end
|
23
|
-
|
24
|
-
def store(token)
|
25
|
-
username = token['data']
|
26
|
-
raise "No data in token" unless username
|
27
|
-
raise "Expecting string username in token" unless username.is_a?(String)
|
28
|
-
key = [ Conjur::Authn::API.host, username ]
|
29
|
-
@@tokens[key] = token
|
30
|
-
end
|
31
|
-
|
32
|
-
protected
|
33
|
-
|
34
|
-
# Expire tokens after 1 minute, even though they are valid for longer.
|
35
|
-
def expired?(token, expiry = 1 * 60)
|
36
|
-
raise "No timestamp in token" unless token['timestamp']
|
37
|
-
Time.parse(token["timestamp"]) + expiry < Time.now
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|