conjur-asset-policy 0.8.0 → 0.8.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.project +1 -1
- data/CHANGELOG.md +5 -0
- data/conjur-asset-policy.gemspec +0 -1
- data/lib/conjur-asset-policy-version.rb +1 -1
- data/lib/conjur/policy/resolver.rb +18 -12
- metadata +2 -17
- data/backup.tar +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 968557e0aea9a85ef617653c52a53038b192692c
|
|
4
|
+
data.tar.gz: e6cc8fd57b8166496eac893ba606057cef724335
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4ed5a7e4a662c16aaf897d94dbddf23b72acd231ae6a7cd124bc91d31c7baca2dfbc8d599f17de5d315360d9faed99307f73caae545a8942f57b95e0ca2470ca
|
|
7
|
+
data.tar.gz: 5941c7d5c486b2cdc482065223ebb03b7c269af9b86448358045c1e3520e1aa40efcc8b0cf7635e3bc6e99e0a495930f33120c65d829eba562cecf4475d1fbe0
|
data/.project
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# 0.8.1
|
|
2
|
+
|
|
3
|
+
* Report an error if the same kind of record with the same id is declared more than once.
|
|
4
|
+
* Report an error if a cycle is detected in the record/ownership dependency graph.
|
|
5
|
+
|
|
1
6
|
# 0.8.0
|
|
2
7
|
|
|
3
8
|
* **Breaking change** Removed `--syntax` flag from `policy load`. Only YML is supported going forwards.
|
data/conjur-asset-policy.gemspec
CHANGED
|
@@ -6,7 +6,7 @@ module Conjur
|
|
|
6
6
|
class << self
|
|
7
7
|
# Resolve records to the specified owner id and namespace.
|
|
8
8
|
def resolve records, account, ownerid, namespace = nil
|
|
9
|
-
resolver_classes = [ AccountResolver, IdResolver, OwnerResolver, FlattenResolver ]
|
|
9
|
+
resolver_classes = [ AccountResolver, IdResolver, OwnerResolver, FlattenResolver, DuplicateResolver ]
|
|
10
10
|
resolver_classes.each do |cls|
|
|
11
11
|
resolver = cls.new account, ownerid, namespace
|
|
12
12
|
records = resolver.resolve records
|
|
@@ -79,7 +79,7 @@ module Conjur
|
|
|
79
79
|
if record.respond_to?(:id) && record.respond_to?(:id=)
|
|
80
80
|
id = record.id
|
|
81
81
|
if id.blank?
|
|
82
|
-
raise "#{record.
|
|
82
|
+
raise "#{record.class.simple_name} has no id" unless namespace
|
|
83
83
|
id = namespace
|
|
84
84
|
elsif id[0] == '/'
|
|
85
85
|
id = id[1..-1]
|
|
@@ -157,7 +157,10 @@ module Conjur
|
|
|
157
157
|
@result.flatten.sort do |a,b|
|
|
158
158
|
score = sort_score(a) - sort_score(b)
|
|
159
159
|
if score == 0
|
|
160
|
-
if a.respond_to?(:roleid) && @referenced_record_index[b].member?(a.roleid)
|
|
160
|
+
if a.respond_to?(:roleid) && @referenced_record_index[b].member?(a.roleid) &&
|
|
161
|
+
b.respond_to?(:roleid) && @referenced_record_index[a].member?(b.roleid)
|
|
162
|
+
raise "Dependency cycle encountered between #{a} and #{b}"
|
|
163
|
+
elsif a.respond_to?(:roleid) && @referenced_record_index[b].member?(a.roleid)
|
|
161
164
|
score = -1
|
|
162
165
|
elsif b.respond_to?(:roleid) && @referenced_record_index[a].member?(b.roleid)
|
|
163
166
|
score = 1
|
|
@@ -171,15 +174,6 @@ module Conjur
|
|
|
171
174
|
|
|
172
175
|
protected
|
|
173
176
|
|
|
174
|
-
# Select things uniquely by class and id, in this resolver.
|
|
175
|
-
def id_of record
|
|
176
|
-
if record.respond_to?(:id)
|
|
177
|
-
[ record.id, record.class.name ].join("@")
|
|
178
|
-
else
|
|
179
|
-
super
|
|
180
|
-
end
|
|
181
|
-
end
|
|
182
|
-
|
|
183
177
|
# Sort "Create" and "Record" objects to the front.
|
|
184
178
|
def sort_score record
|
|
185
179
|
if record.is_a?(Types::Create) || record.is_a?(Types::Record)
|
|
@@ -202,6 +196,18 @@ module Conjur
|
|
|
202
196
|
end
|
|
203
197
|
end
|
|
204
198
|
|
|
199
|
+
# Raises an exception if the same record is declared more than once.
|
|
200
|
+
class DuplicateResolver < Resolver
|
|
201
|
+
def resolve records
|
|
202
|
+
seen = Set.new
|
|
203
|
+
Array(records).flatten.each do |record|
|
|
204
|
+
if record.respond_to?(:id) && !seen.add?([ record.class.short_name, record.id ])
|
|
205
|
+
raise "#{record} is declared more than once"
|
|
206
|
+
end
|
|
207
|
+
end
|
|
208
|
+
end
|
|
209
|
+
end
|
|
210
|
+
|
|
205
211
|
# Unsets attributes that make for more verbose YAML output. This class is used to
|
|
206
212
|
# compact YAML expectations in test cases. It expects pre-flattened input.
|
|
207
213
|
#
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: conjur-asset-policy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.8.
|
|
4
|
+
version: 0.8.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Kevin Gilpin
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-04-
|
|
11
|
+
date: 2016-04-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: safe_yaml
|
|
@@ -164,20 +164,6 @@ dependencies:
|
|
|
164
164
|
- - '>='
|
|
165
165
|
- !ruby/object:Gem::Version
|
|
166
166
|
version: '0'
|
|
167
|
-
- !ruby/object:Gem::Dependency
|
|
168
|
-
name: simplecov
|
|
169
|
-
requirement: !ruby/object:Gem::Requirement
|
|
170
|
-
requirements:
|
|
171
|
-
- - '>='
|
|
172
|
-
- !ruby/object:Gem::Version
|
|
173
|
-
version: '0'
|
|
174
|
-
type: :development
|
|
175
|
-
prerelease: false
|
|
176
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
177
|
-
requirements:
|
|
178
|
-
- - '>='
|
|
179
|
-
- !ruby/object:Gem::Version
|
|
180
|
-
version: '0'
|
|
181
167
|
description:
|
|
182
168
|
email:
|
|
183
169
|
- kgilpin@conjur.net
|
|
@@ -195,7 +181,6 @@ files:
|
|
|
195
181
|
- LICENSE.txt
|
|
196
182
|
- README.md
|
|
197
183
|
- Rakefile
|
|
198
|
-
- backup.tar
|
|
199
184
|
- bin/console
|
|
200
185
|
- bin/setup
|
|
201
186
|
- ci/test.sh
|
data/backup.tar
DELETED
|
Binary file
|