conjur-asset-dsl2 0.4.2 → 0.4.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8f38c1c218b12a47f1fb2170f0cd57dc5e267e02
-  data.tar.gz: 6b500271f6c523ad283f561575275d80cd26d2df
+  metadata.gz: 964f33500185235bd65a6b64faefc618ccb71994
+  data.tar.gz: ee1a68a365e3bc9ea036e873bacf7da1ad31844f
 SHA512:
-  metadata.gz: 90da10c662515b1f93c8961a61a493b2a68475c9b8375d2df099363322ed5bc35d3465eb9ff028b39756daaeb32397961d0951630b34002e9baf3565b1fa10f6
-  data.tar.gz: fd56bb4cdd2ff5f269abbb95f6716d5709df7e93f3fd0a3e655f207759f041470e786f82a5d3b7718ac35665377c88ff167cd23081fb42bc84fd35a6402d6dc3
+  metadata.gz: a0e879f8446c5d68520b1e38ec75f73cc0596949a475fdba8081705ed11f303f08522790e6bd2bac09b98add69ee5dd15b0d260a394503b19e6611f21058d9ee
+  data.tar.gz: bc5511cb4931c99a23bf1e15f8d9e7e22e272e68b116464854aceb31e65e6ae5f72dad44434a71ad88035759b102fd1091570cb5a7b7f903f483c52c93f3a6b8

data/CHANGELOG

@@ -1,14 +1,19 @@
-# 0.4.0
+# 0.4.3
 
- * Support `--context` flag to save API keys to a file.
+* Fix a load error which can occur when using YAML lists inside of policies
+
+# 0.4.2
+
+* Support `--context` flag to save API keys to a file.
 
 # 0.3.2
 
- * Fix issue where webservices were being treated as core assets by the executor.
+* Fix issue where webservices were being treated as core assets by the executor.
 
 # 0.3.1
 
- * Fix bug in executor for permissions
+* Fix bug in executor for permissions
 
 # 0.3.0
- * Initial stable version
+ 
+* Initial stable version

data/lib/conjur/command/dsl2.rb

@@ -131,16 +131,6 @@ command. Therefore, a policy can be loaded in three steps, if desired:
     DESC
     policy.arg_name "(policy-file | STDIN)"
     policy.command :load do |c|
-      
-      # Undefine options which are declared in the base (default) implementation.
-      # TODO: This code can be removed if and when dsl2 becomes the default.
-      %w(as-group as-role collection context c).each do |switch|
-        c.switches.delete switch.to_sym
-        c.flags.delete switch.to_sym
-        c.switches_declaration_order.delete_if{|s| s.name == switch.to_sym}
-        c.flags_declaration_order.delete_if{|s| s.name == switch.to_sym}
-      end
-
       acting_as_option(c)
 
       c.desc "Policy namespace (optional)"

data/lib/conjur/dsl2/executor/base.rb

@@ -4,6 +4,8 @@ module Conjur::DSL2
     # is an object from Conjur::DSL2::Types. Each execution action is
     # an HTTP method, a request path, and request parameters.
     class Base
+      include Conjur::DSL2::Logger
+      
       attr_reader :statement, :actions, :default_account
       
       def initialize statement, actions, default_account

data/lib/conjur/dsl2/logger.rb

@@ -0,0 +1,12 @@
+module Conjur::DSL2::Logger
+  def self.included base
+    base.module_eval do
+      # Override the logger with this method.
+      cattr_accessor :logger
+      
+      require 'logger'
+      self.logger = Logger.new(STDERR)
+      self.logger.level = Logger::INFO
+    end
+  end
+end

data/lib/conjur/dsl2/planner/base.rb

@@ -2,11 +2,11 @@ module Conjur
   module DSL2
     module Planner
       class Base
+        include Conjur::DSL2::Logger
 
         attr_reader :record, :api
         attr_accessor :plan
 
-
         def initialize record, api
           @record = record
           @api = api
@@ -80,7 +80,7 @@ module Conjur
         # Sort in canonical order -- basically, a `Record` or `Create` comes before everything
         # else.  So the base class's sort just places those before us, and anything else gets 0.
         def <=> other
-          other.kind_of?(Conjur::DSL2::Planner::ActsAsRecord) ? 1 : 0
+          (other.kind_of?(Conjur::DSL2::Planner::ActsAsRecord) or other.kind_of?(Conjur::DSL2::Planner::Array)) ? 1 : 0
         end
 
         def resource_exists? resource
@@ -101,21 +101,12 @@ module Conjur
           raise message
         end
 
-        def trace message
-          if trace_enabled?
-            $stderr.puts "[trace #{record}] #{message}"
-          end
-        end
-
-        def trace_enabled?
-          ENV["DSL_PLANNER_TRACE"] || !!@trace_enabled
-        end
-
-        def trace_enabled= enabled
-          @trace_enabled = enabled
+        def log &block
+          logger.debug('conjur/dsl2/planner') {
+            yield
+          }
         end
 
-
         def update_record
           update = Conjur::DSL2::Types::Update.new
           update.record = record
@@ -198,8 +189,13 @@ module Conjur
       end
       
       class Array < Base
+        # Array sorts before everything because sanity.
+        def <=> other
+          -1
+        end
 
         def do_plan
+
           planners = record.map do |item|
             Planner.planner_for(item, api)
           end.sort

data/lib/conjur/dsl2/planner/grants.rb

@@ -10,7 +10,6 @@ module Conjur
         # be granted every role. If the +replace+ option is set, then any existing
         # grant on a role that is *not* given should be revoked, except for role admins.
         def do_plan
-
           roles = Array(record.roles)
           members = Array(record.members)
           given_grants = Hash.new { |hash, key| hash[key] = [] }

data/lib/conjur/dsl2/planner/permissions.rb

@@ -51,7 +51,7 @@ module Conjur
               (Set.new(requested) - Set.new(given)).each do |p|
                 role, admin = p
 
-                error("role not found: #{role}") unless role_exists?(role)
+                error(%Q(Role "#{role}" not found")) unless role_exists?(role)
 
                 permit = Conjur::DSL2::Types::Permit.new
                 permit.resource = resource_record target

data/lib/conjur/dsl2/planner/record.rb

@@ -72,7 +72,10 @@ module Conjur
             Planner.planner_for(record, api)
           end.sort
 
+          log{ "Planing policy with body #{planners.map{|p| p.class.name}}" }
+
           planners.each do |planner|
+            planner.log{  "Planning #{planner}"}
             ownerid = plan.ownerid
             begin
               plan.policy = self.record
@@ -87,9 +90,9 @@ module Conjur
               plan.ownerid = ownerid
 
               planner.plan = plan
-              planner.trace("planning...")
+              planner.log { "Planning policy record #{record}" }
               planner.do_plan
-              planner.trace("ok!")
+              planner.log { "Done" }
             ensure
               plan.policy = nil
               plan.ownerid = ownerid

data/lib/conjur/dsl2/planner.rb

@@ -10,13 +10,16 @@ module Conjur
         def plan records, api, options = {}
           namespace = options[:namespace]
           ownerid   = options[:ownerid]
-          Plan.new.tap do |plan|
+          plan = options[:plan] || Plan.new
+          plan.tap do |plan|
             plan.namespace = namespace if namespace
             plan.ownerid = ownerid if ownerid
-            records.map{ |record| planner_for(record, api) }.sort.each do |planner|
+            Array(records).map{ |record| planner_for(record, api) }.sort.each do |planner|
               planner.plan = plan
+              planner.log { %Q(Planning "#{planner.record} using #{planner.class}") }
               begin
                 planner.do_plan
+                planner.log { "\tFinished \"#{planner.record}\"" }
               ensure
                 planner.plan = nil
               end

data/lib/conjur/dsl2/types/permit.rb

@@ -14,7 +14,7 @@ module Conjur
         end
         
         def to_s
-          "Permit #{role.role} to '#{privilege}' #{resource}#{role.admin ? ' with grant option' : ''}"
+          "Permit #{role.role} to [#{Array(privilege).join(', ')}] on #{Array(resource).join(', ')}#{role.admin ? ' with grant option' : ''}"
         end
       end
     end

data/lib/conjur/dsl2/yaml/handler.rb

@@ -2,16 +2,10 @@ module Conjur
   module DSL2
     module YAML
       class Handler < Psych::Handler
+        include Conjur::DSL2::Logger
+
         attr_accessor :parser, :filename, :result
         
-        # Override the logger with this method.
-        cattr_accessor :logger
-        
-        require 'logger'
-        
-        self.logger = Logger.new(STDERR)
-        self.logger.level = Logger::INFO
-        
         # An abstract Base handler. The handler will receive each document message within
         # its particular context (sequence, mapping, etc).
         #

data/lib/conjur/dsl2/yaml/loader.rb

@@ -14,7 +14,7 @@ module Conjur
             rescue
               handler.log { $!.message }
               handler.log { $!.backtrace.join("  \n") }
-              raise Invalid.new($!.message, filename, parser.mark)
+              raise Invalid.new($!.message || "(no message)", filename, parser.mark)
             end
             handler.result
           end

data/lib/conjur-asset-dsl2-version.rb

@@ -1,7 +1,7 @@
 module Conjur
   module Asset
     module DSL2
-      VERSION = "0.4.2"
+      VERSION = "0.4.3"
     end
   end
 end

data/lib/conjur-asset-dsl2.rb

@@ -6,7 +6,13 @@ require 'active_support/core_ext'
 SafeYAML::OPTIONS[:default_mode] = :safe
 SafeYAML::OPTIONS[:deserialize_symbols] = false
    
+module Conjur
+  module DSL2
+  end
+end
+  
 require 'rest-client'
+require 'conjur/dsl2/logger'
 require 'conjur/dsl2/invalid'
 require 'conjur/dsl2/types/base'
 require 'conjur/dsl2/types/records'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: conjur-asset-dsl2
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 0.4.3
 platform: ruby
 authors:
 - Kevin Gilpin
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-02-05 00:00:00.000000000 Z
+date: 2016-02-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: safe_yaml
@@ -201,6 +201,7 @@ files:
 - lib/conjur/dsl2/executor/revoke.rb
 - lib/conjur/dsl2/executor/update.rb
 - lib/conjur/dsl2/invalid.rb
+- lib/conjur/dsl2/logger.rb
 - lib/conjur/dsl2/plan.rb
 - lib/conjur/dsl2/planner.rb
 - lib/conjur/dsl2/planner/base.rb