cred_hubble 0.0.1.pre → 0.1.0.pre

Sign up to get free protection for your applications and to get access to all the features.
Files changed (42) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -0
  3. data/.rubocop.yml +7 -1
  4. data/.travis.yml +3 -1
  5. data/README.md +353 -13
  6. data/cred_hubble.gemspec +3 -0
  7. data/lib/cred_hubble.rb +3 -2
  8. data/lib/cred_hubble/client.rb +119 -13
  9. data/lib/cred_hubble/http/client.rb +39 -4
  10. data/lib/cred_hubble/resources/certificate_credential.rb +25 -0
  11. data/lib/cred_hubble/resources/credential.rb +32 -0
  12. data/lib/cred_hubble/resources/credential_collection.rb +21 -0
  13. data/lib/cred_hubble/resources/credential_factory.rb +41 -0
  14. data/lib/cred_hubble/resources/immutable_resource.rb +2 -2
  15. data/lib/cred_hubble/resources/json_credential.rb +13 -0
  16. data/lib/cred_hubble/resources/password_credential.rb +13 -0
  17. data/lib/cred_hubble/resources/permission.rb +10 -0
  18. data/lib/cred_hubble/resources/permission_collection.rb +21 -0
  19. data/lib/cred_hubble/resources/resource.rb +10 -0
  20. data/lib/cred_hubble/resources/resources.rb +15 -0
  21. data/lib/cred_hubble/resources/{base_resource.rb → rest_resource.rb} +6 -2
  22. data/lib/cred_hubble/resources/rsa_credential.rb +24 -0
  23. data/lib/cred_hubble/resources/ssh_credential.rb +39 -0
  24. data/lib/cred_hubble/resources/user_credential.rb +39 -0
  25. data/lib/cred_hubble/resources/value_credential.rb +13 -0
  26. data/lib/cred_hubble/version.rb +1 -1
  27. data/spec/cred_hubble/client_spec.rb +487 -3
  28. data/spec/cred_hubble/http/client_spec.rb +347 -53
  29. data/spec/cred_hubble/resources/certificate_credential_spec.rb +49 -0
  30. data/spec/cred_hubble/resources/credential_collection_spec.rb +59 -0
  31. data/spec/cred_hubble/resources/credential_factory_spec.rb +154 -0
  32. data/spec/cred_hubble/resources/credential_spec.rb +10 -0
  33. data/spec/cred_hubble/resources/json_credential_spec.rb +52 -0
  34. data/spec/cred_hubble/resources/password_credential_spec.rb +41 -0
  35. data/spec/cred_hubble/resources/permission_collection_spec.rb +87 -0
  36. data/spec/cred_hubble/resources/permission_spec.rb +36 -0
  37. data/spec/cred_hubble/resources/rsa_credential_spec.rb +46 -0
  38. data/spec/cred_hubble/resources/ssh_credential_spec.rb +73 -0
  39. data/spec/cred_hubble/resources/user_credential_spec.rb +72 -0
  40. data/spec/cred_hubble/resources/value_credential_spec.rb +42 -0
  41. data/spec/support/shared_examples/resource_examples.rb +49 -0
  42. metadata +57 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4aa942e3ce3bb4edbd7b3324c07e288ad90d5bca
4
- data.tar.gz: ad29b2209eab77575ac361754ddf214965194d04
3
+ metadata.gz: 9fbb2a2213b7e25f0b2df91998752c619c30e659
4
+ data.tar.gz: eec8c7e06c8435368b241ba5eba2bd646eb0adc9
5
5
  SHA512:
6
- metadata.gz: 6479f99426131ce1fbbf03b0ed2411d480039a8e9836a6d225785bf8727fce0a29d61ab0914b6f9a39ebd1ceb22fe4b68ef995872fd6248c92da9a7035ae06a7
7
- data.tar.gz: 02d1c42a6dda653f6b6a4f84ad16654bce77eb3b280b90f683b6daef86873e47fb409332f31de5ad83b9758dfea776938e5932597666c0760b0f1226ce9519ef
6
+ metadata.gz: 79f915304e5b0e401c247b2ea8948513243e6fd5e2de99eb0621e6ab585612904f6904e8c8faa8cdf607d71e0246b6b9ed193e36a69bb38d8755c4c11f479740
7
+ data.tar.gz: af03b68be2dae89b3df1d2afba454668f3ecee12a457c08f38659c74e6571b7dca134c272cff3f5848cb6d5f5ee34d7e45e3ba412e1eea10ae8eeec5073011fd
data/.gitignore CHANGED
@@ -11,3 +11,4 @@
11
11
 
12
12
  # rspec failure tracking
13
13
  .rspec_status
14
+ *.gem
data/.rubocop.yml CHANGED
@@ -5,4 +5,10 @@ Metrics/BlockLength:
5
5
  Metrics/LineLength:
6
6
  Max: 120
7
7
  Metrics/MethodLength:
8
- Max: 30
8
+ Max: 30
9
+ Metrics/CyclomaticComplexity:
10
+ Max: 12
11
+ Style/DoubleNegation:
12
+ Enabled: false
13
+ Metrics/ParameterLists:
14
+ CountKeywordArgs: false
data/.travis.yml CHANGED
@@ -1,5 +1,7 @@
1
1
  sudo: false
2
2
  language: ruby
3
3
  rvm:
4
- - 2.4.2
4
+ - 2.2
5
+ - 2.3
6
+ - 2.4
5
7
  before_install: gem install bundler -v 1.15.4
data/README.md CHANGED
@@ -1,8 +1,10 @@
1
- # CredHubble :telescope: :full_moon_with_face:
1
+ # CredHubble :full_moon_with_face::telescope::full_moon_with_face:
2
2
 
3
- Unofficial and **incomplete** Ruby client for storing and fetching credentials from a [Cloud Foundry CredHub](https://github.com/cloudfoundry-incubator/credhub) credential storage service.
3
+ [![Gem Version](https://badge.fury.io/rb/cred_hubble.svg)](https://badge.fury.io/rb/cred_hubble) [![Build Status](https://travis-ci.org/tcdowney/cred_hubble.svg?branch=master)](https://travis-ci.org/tcdowney/cred_hubble)
4
4
 
5
- It only supports the unauthenticated `/info` and `/health` endpoints for now, but eventually this library will let your Ruby app fetch secrets (e.g. database creds, Rails session secrets, AWS access keys, etc.) from CredHub at runtime, meaning you'll no longer need to store them in plaintext config files or in your app's environment.
5
+ Unofficial and **incomplete** Ruby client for storing and fetching credentials from a [Cloud Foundry CredHub](https://github.com/cloudfoundry-incubator/credhub) credential store.
6
+
7
+ The gem only supports endpoints detailed in the [usage](#usage) section for now, but eventually this library will let your Ruby app fetch secrets (e.g. database creds, Rails session secrets, AWS access keys, etc.) from CredHub at runtime, meaning you'll no longer need to store them in plaintext config files or in your app's environment.
6
8
 
7
9
  That's the dream at least.
8
10
 
@@ -10,10 +12,12 @@ Right now this is just something I'm working on for fun since it's been a while
10
12
 
11
13
  ## Installation
12
14
 
13
- Add this line to your application's Gemfile:
15
+ There is a `0.1.0.pre` release available on Ruby Gems that you can install which handles quite a few CredHub endpoints.
16
+ I'd like to implement a few more endpoints, do some additional polishing, and add better documentation before taking off the `.pre` suffix, though.
14
17
 
18
+ To pick up the latest changes, add this line to your application's Gemfile:
15
19
  ```ruby
16
- gem 'cred_hubble'
20
+ gem 'cred_hubble', git: 'https://github.com/tcdowney/cred_hubble'
17
21
  ```
18
22
 
19
23
  And then execute:
@@ -24,31 +28,367 @@ Or install it yourself as:
24
28
 
25
29
  $ gem install cred_hubble
26
30
 
31
+ ## Authentication
32
+
33
+ To call endpoints that require authentication, you can authenticate with either an oAuth2 bearer token auth header or using mutual TLS (mTLS).
34
+ Here are some examples:
35
+
36
+ ### Authenticating with an oAuth2 header
37
+ ```ruby
38
+ > auth_header = 'eyJhbGc.....OiJSUzI1NiIsI' # omit any 'bearer' portion
39
+ > credhub_client = CredHubble::Client.new_from_token_auth(
40
+ host: 'credhub.your-cloud-foundry.com',
41
+ port: '8844',
42
+ auth_header_token: auth_header
43
+ )
44
+
45
+ > credential = credhub_client.credential_by_id('f8d5a201-c3b9-48ae-8bc4-3b86b42210a1')
46
+ => #<CredHubble::Resources::ValueCredential:0x0055f3811a5958 ...
47
+ ```
48
+
49
+ ### Authenticating with a client cert and key over mutual TLS
50
+ A typical Cloud Foundry application using CredHub will have access to two environment variables that contain these paths:
51
+ * `ENV['CF_INSTANCE_CERT']`
52
+ * `ENV['CF_INSTANCE_KEY']`
53
+
54
+ CredHub's CA certificate should already have been placed in the app instance's trusted cert store by Diego.
55
+
56
+ ```ruby
57
+ > client_cert_path = '/etc/cf-instance-credentials/instance.crt' # ENV['CF_INSTANCE_CERT']
58
+ > client_key_path = '/etc/cf-instance-credentials/instance.key' # ENV['CF_INSTANCE_KEY']
59
+ > credhub_client = CredHubble::Client.new_from_mtls_auth(
60
+ host: 'credhub.your-cloud-foundry.com',
61
+ port: '8844',
62
+ client_cert_path: client_cert_path,
63
+ client_key_path: client_key_path
64
+ )
65
+
66
+ > credential = credhub_client.credential_by_id('f8d5a201-c3b9-48ae-8bc4-3b86b42210a1')
67
+ => #<CredHubble::Resources::ValueCredential:0x0055f3811a5958 ...
68
+ ```
69
+
70
+ ### Specifying the CredHub CA certificate
71
+ If your CredHub server is using a self-signed (or otherwise non-trusted by your system) certificate you can supply CredHubble with the path to a local copy of the signing CA certificate.
72
+
73
+ ```ruby
74
+ > auth_header = 'eyJhbGc.....OiJSUzI1NiIsI' # omit any 'bearer' portion
75
+ > credhub_ca_path = '/some/path/certs/credhub_ca.crt'
76
+ > credhub_client = CredHubble::Client.new_from_token_auth(
77
+ host: 'credhub.your-cloud-foundry.com',
78
+ port: '8844',
79
+ auth_header_token: auth_header,
80
+ ca_path: credhub_ca_path
81
+ )
82
+
83
+ > credential = credhub_client.credential_by_id('f8d5a201-c3b9-48ae-8bc4-3b86b42210a1')
84
+ => #<CredHubble::Resources::ValueCredential:0x0055f3811a5958 ...
85
+ ```
86
+
27
87
  ## Usage
28
88
 
29
- This gem currently only support the CredHub endpoints that allow unauthenticated access:
89
+ CredHubble currently supports the following [CredHub endpoints](https://credhub-api.cfapps.io):
90
+
91
+ * **[GET Info](#get-info-and-get-health):** `/info`
92
+ * **[GET Health](#get-info-and-get-health):** `/health`
93
+
94
+
95
+ * **[GET Credential by ID](#get-credential-by-id):** `/api/v1/data/<credential-id>`
96
+ * **[GET Credentials by Name](#get-credentials-by-name):** `/api/v1/data?name=<credential-name>`
97
+ * **[PUT Credential](#put-credential):** `/api/v1/data`
98
+ * **[DELETE Credential by Name](#delete-credential-by-name):** `/api/v1/data`
99
+ * **[POST Interpolate Credentials](#post-interpolate-credentials):** `/api/v1/interpolate`
30
100
 
31
- * `/info`
32
- * `/health`
33
101
 
34
- To try out these endpoints, just do the following in your favorite Ruby console:
102
+ * **[GET Permissions by Credential Name](#get-permissions-by-credential-name):** `/api/v1/permissions?credential_name=<credential-name>`
103
+ * **[POST Add Permissions](#post-add-permissions):** `/api/v1/permissions`
104
+ * **[DELETE Delete Permissions](#delete-delete-permissions):** `/api/v1/permissions?credential_name=<credential-name>&actor=<actor>`
105
+
106
+
107
+ ### GET Info and GET Health
108
+ To try out the unauthenticated `info` and `health` endpoints, just do the following in your Ruby console:
35
109
 
36
110
  ```ruby
37
- > credhub_url = 'https://credhub.your-cloud-foundry.com:8844'
38
- > credhub_client = CredHubble::Client.new(credhub_url)
111
+ > credhub_client = CredHubble::Client.new(host: 'credhub.your-cloud-foundry.com', port: '8844')
112
+
39
113
  > info = credhub_client.info
40
114
  => #<CredHubble::Resources::Info:0x00007fb36497a490 ...
115
+
41
116
  > info.auth_server.url
42
117
  => "https://uaa.service.cf.internal:8443"
118
+
43
119
  > health = credhub_client.health
44
120
  => #<CredHubble::Resources::Health:0x00007fb3648f0218 ...
121
+
45
122
  > health.status
46
123
  => "UP"
47
124
  ```
48
125
 
49
- A future update to the gem will allow you hit authenticated endpoints using either a UAA token or mutual TLS for authentication.
126
+ For accessing endpoints that require authentication, simply create an authenticated client using one of the [authentication methods above](#authentication).
127
+
128
+ ### GET Credential by ID
129
+ The `credential_by_id` method retrieves a single Credential resource from CredHub by ID.
130
+
131
+ ```ruby
132
+ > credhub_client.credential_by_id('f297f736-dad2-4450-a7da-d3ff99f2030d')
133
+ => #<CredHubble::Resources::ValueCredential:0x0055f3811a5958 ...
134
+ ```
135
+
136
+ ### GET Credentials by Name
137
+ Retrieves a collection of Credentials from CredHub for the given name. The `credentials_by_name` method will return all stored versions of the credential by default.
138
+ You can retrieve only the most recent version of the credential using the `current` option, or specify the number of versions to fetch with the `versions` option.
139
+
140
+ ```ruby
141
+ > credentials = credhub_client.credentials_by_name('/admin-user-password')
142
+ => #<CredHubble::Resources::CredentialCollection:0x00007f @data=[#<CredHubble::Resources::PasswordCredential:0x00004a ...
143
+ > credentials.count
144
+ => 3
145
+ > credentials.map(&:id)
146
+ => ["5298e0e4-c3f5-4c73-a156-9ffce4c137f5", "6980ec59-c7e6-449a-b525-298648cfe6a7", "3e709d6e-585c-4526-ac0d-fe99316f2255"]
147
+
148
+ > credentials = credhub_client.credentials_by_name('/admin-user-password', versions: 2)
149
+ > credentials.count
150
+ => 2
151
+ > credentials.map(&:id)
152
+ => ["5298e0e4-c3f5-4c73-a156-9ffce4c137f5", "6980ec59-c7e6-449a-b525-298648cfe6a7"]
153
+
154
+ > credentials = credhub_client.credentials_by_name('/admin-user-password', current: true)
155
+ => #<CredHubble::Resources::CredentialCollection:0x00007f @data=[#<CredHubble::Resources::PasswordCredential:0x00004a ...
156
+ > credentials.count
157
+ => 1
158
+ > credentials.map(&:id)
159
+ => ["5298e0e4-c3f5-4c73-a156-9ffce4c137f5"]
160
+ ```
161
+
162
+ ### PUT Credential
163
+ You can create new Credentials using the `put_credential` method. If you wish to replace an already existing Credential, simply pass
164
+ `overwrite: true` to the method and CredHub will create a new version of the Credential. Previous versions can be retrieved by using
165
+ the `credentials_by_name` method.
50
166
 
51
- This is still very much a work in progress.
167
+ ```ruby
168
+ > credential = CredHubble::Resources::UserCredential.new(
169
+ name: '/foundry-fred-user',
170
+ value: {username: 'foundy_fred', password: 's3cr3t'}
171
+ )
172
+ => #<CredHubble::Resources::UserCredential:0x00007fb322caf3f0 @name="/foundry-fred-user", @value=#<CredHubble::Resources::UserValue ...
173
+
174
+ > credhub_client.put_credential(credential)
175
+ => #<CredHubble::Resources::UserCredential:0x00007fb322d676d0
176
+ @name="/foundry-fred-user",
177
+ @value=#<CredHubble::Resources::UserValue:0x00007fb322d67478
178
+ @username="foundy_fred",
179
+ @password="s3cr3t",
180
+ @password_hash="$6$WwMLCRDr$Br54U0EnWD.A5i1EV9Cc7P16ZdjIBk0fFiYKghfOjW1MvL.vaXhWua.eGIbe0ziQIEP4s2OcGQpEEsc9ClFuA0">,
181
+ @id="92775889-71e0-41d1-a44c-93eb8fc5161a",
182
+ @type="user",
183
+ @version_created_at="2017-10-06T05:10:57Z">
184
+
185
+ > credential.value.password = 'foo bar'
186
+ => "foo bar"
187
+
188
+ > credhub_client.put_credential(credential, overwrite: true)
189
+ => #<CredHubble::Resources::UserCredential:0x00007fb322d676d0
190
+ @name="/foundry-fred-user",
191
+ @value=#<CredHubble::Resources::UserValue:0x00007fb322d67478
192
+ @username="foundy_fred",
193
+ @password="foo bar",
194
+ @password_hash="$6$WNAIgDrf$/.DxIfIg.8W6ZaIRjrjlOWS8FenigeWtswWr/D9edMbmSReYCzgG6VVdcdaftenq5VED3C8MJNVtDnNLF86SD.">,
195
+ @id="292ae24c-d7a3-4d8b-86a2-43630b83bafb",
196
+ @type="user",
197
+ @version_created_at="2017-10-06T05:11:43Z">
198
+ ````
199
+
200
+ By default, only the creator of a Credential has access to read, write, delete, view its ACL, or updates its ACL. If you wish to
201
+ grant other parties various permissions for a given Credential, the `put_credential` method takes an optional `additional_permissions` array.
202
+
203
+ ```ruby
204
+ > credential = CredHubble::Resources::UserCredential.new(
205
+ name: '/foundry-fred-user',
206
+ value: {username: 'foundy_fred', password: 's3cr3t'}
207
+ )
208
+ => #<CredHubble::Resources::UserCredential:0x00007fb322caf3f0 @name="/foundry-fred-user", @value=#<CredHubble::Resources::UserValue ...
209
+
210
+ > permission = CredHubble::Resources::Permission.new(
211
+ actor: 'uaa-user:82f8ff1a-fcf8-4221-8d6b-0a1d579b6e47',
212
+ operations: ['write', 'read']
213
+ )
214
+ => #<CredHubble::Resources::Permission:0x00007f @actor="uaa-user:82f8ff1a-fcf8-4221-8d6b-0a1d579b6e47", @operations=["write", "read"]>
215
+
216
+ > credhub_client.put_credential(credential, additional_permissions: [permission])
217
+ => #<CredHubble::Resources::UserCredential:0x00007fb322d676d0 ...
218
+ ````
219
+
220
+ ### DELETE Credential by Name
221
+ The `delete_credential_by_name` method allows you to delete all versions of a Credential for the given name.
222
+
223
+ ```ruby
224
+ > credentials = credhub_client.credentials_by_name('/admin-user-password')
225
+ => #<CredHubble::Resources::CredentialCollection:0x00007f @data=[#<CredHubble::Resources::PasswordCredential:0x00004a ...
226
+ > credentials.count
227
+ => 3
228
+
229
+ > credhub_client.delete_credential_by_name('/admin-user-password')
230
+ => true
231
+ > credhub_client.credentials_by_name('/admin-user-password')
232
+ => CredHubble::Http::NotFoundError: status: 404, body: {"error":"The request could not be completed ...
233
+ ````
234
+
235
+ ### POST Interpolate Credentials
236
+ Cloud Foundry applications traditionally access the credentials for any bound service instances through a `VCAP_SERVICES` environment variable.
237
+ Nowadays, however, some Service Brokers are CredHub aware and may choose to store service instance credentials in CredHub.
238
+ Apps bound to said services would only see `"credhub-ref"` key in place of actual credentials for that service instance. Here's an example `VCAP_SERVICES`:
239
+
240
+ ```json
241
+ {
242
+ "grid-config":[
243
+ {
244
+ "credentials":{
245
+ "credhub-ref":"/grid-config/users/kflynn"
246
+ },
247
+ "label":"grid-config",
248
+ "name":"config-server",
249
+ "plan":"digital-frontier",
250
+ "provider":null,
251
+ "syslog_drain_url":null,
252
+ "tags":[
253
+ "configuration",
254
+ "biodigital-jazz"
255
+ ],
256
+ "volume_mounts":[]
257
+ }
258
+ ],
259
+ "encomSQL":[
260
+ {
261
+ "credentials":{
262
+ "credhub-ref":"/encomSQL/db/users/63f7b900-982f-4f20-9213-6d270c3c58ea"
263
+ },
264
+ "label":"encom-db",
265
+ "name":"encom-enterprise-db",
266
+ "plan":"enterprise",
267
+ "provider":null,
268
+ "syslog_drain_url":null,
269
+ "tags":[
270
+ "database",
271
+ "sql"
272
+ ],
273
+ "volume_mounts":[]
274
+ }
275
+ ]
276
+ }
277
+ ```
278
+
279
+ Fortunately, CredHub supports an "interpolate" endpoint which allows an app to populate these values wholesale.
280
+ Here's how a CF application might use CredHubble's `interpolate_credentials` method to do that via mTLS authentication:
281
+
282
+ ```ruby
283
+ > client_cert_path = ENV['CF_INSTANCE_CERT']
284
+ > client_key_path = ENV['CF_INSTANCE_KEY']
285
+ > credhub_client = CredHubble::Client.new_from_mtls_auth(
286
+ host: 'credhub.your-cloud-foundry.com',
287
+ port: '8844',
288
+ client_cert_path: client_cert_path,
289
+ client_key_path: client_key_path
290
+ )
291
+
292
+ > interpolated_services_json = credhub_client.interpolate_credentials(ENV['VCAP_SERVICES'])
293
+ => '{
294
+ "grid-config":[
295
+ {
296
+ "credentials":{
297
+ "username":"kflynn",
298
+ "password":"FlynnLives"
299
+ },
300
+ "label":"grid-config",
301
+ "name":"config-server",
302
+ "plan":"digital-frontier",
303
+ "provider":null,
304
+ "syslog_drain_url":null,
305
+ "tags":[
306
+ "configuration",
307
+ "biodigital-jazz"
308
+ ],
309
+ "volume_mounts":[]
310
+ }
311
+ ],
312
+ "encomSQL":[
313
+ {
314
+ "credentials":{
315
+ "username":"grid-db-user",
316
+ "password":"p4ssw0rd"
317
+ },
318
+ ... abridged ...
319
+ }
320
+ ]
321
+ }'
322
+ ```
323
+
324
+ ### GET Permissions by Credential Name
325
+
326
+ You can use the `permissions_by_credential_name` method to view the list of permissions for a given Credential.
327
+
328
+ ```ruby
329
+ > credhub_client.permissions_by_credential_name('/credential-name')
330
+ => #<CredHubble::Resources::PermissionCollection:0x00007fa231c12020
331
+ @credential_name="/credential-name",
332
+ @permissions=[
333
+ #<CredHubble::Resources::Permission:0x00007fa231c11f08
334
+ @actor="uaa-user:82f8ff1a-fcf8-4221-8d6b-0a1d579b6e47",
335
+ @operations=["read", "write", "delete"]>,
336
+ #<CredHubble::Resources::Permission:0x00007fa231c11e18
337
+ @actor="mtls-app:18f64563-bcfe-4c88-bf73-05c9ad3654c8",
338
+ @operations=["read"]>,
339
+ #<CredHubble::Resources::Permission:0x00007fa231c11d00
340
+ @actor="uaa-client:some_uaa_client",
341
+ @operations=["read", "write", "delete", "read_acl", "write_acl"]>
342
+ ]>
343
+ ```
344
+
345
+ ### POST Add Permissions
346
+
347
+ You can use the `add_permissions` method to add additional permissions to an existing Credential.
348
+
349
+ ```ruby
350
+ > credhub_client.permissions_by_credential_name('/my-awesome-credential').count
351
+ => 2
352
+
353
+ > new_permission = CredHubble::Resources::Permission.new(actor: 'uaa-user:b2449249', operations: ['read'])
354
+ > new_permission_collection = CredHubble::Resources::PermissionCollection.new(
355
+ credential_name: '/my-awesome-credential',
356
+ permissions: [new_permission]
357
+ )
358
+
359
+ > credhub_client.add_permissions(new_permission_collection)
360
+ => #<CredHubble::Resources::PermissionCollection:0x00007fa231c12020
361
+ @credential_name="/my-awesome-credential",
362
+ @permissions=[
363
+ #<CredHubble::Resources::Permission:0x00007fa231c11f08
364
+ @actor="uaa-user:82f8ff1a-fcf8-4221-8d6b-0a1d579b6e47",
365
+ @operations=["read", "write", "delete"]>,
366
+ #<CredHubble::Resources::Permission:0x00007fa231c11e18
367
+ @actor="mtls-app:18f64563-bcfe-4c88-bf73-05c9ad3654c8",
368
+ @operations=["read"]>,
369
+ #<CredHubble::Resources::Permission:0x00007fa231c11d00
370
+ @actor="uaa-user:b2449249",
371
+ @operations=["read"]>
372
+ ]>
373
+
374
+ > credhub_client.permissions_by_credential_name('/my-awesome-credential').count
375
+ => 3
376
+ ```
377
+
378
+ ### DELETE Delete Permissions
379
+
380
+ You can remove any permissions for a given actor from a credential with the `delete_permissions` method which takes a `credential_name` and `actor`.
381
+
382
+ ```ruby
383
+ > credhub_client.permissions_by_credential_name('/my-awesome-credential').count
384
+ => 3
385
+
386
+ > credhub_client.delete_permissions('/my-awesome-credential', 'uaa-user:b2449249')
387
+ => true
388
+
389
+ > credhub_client.permissions_by_credential_name('/my-awesome-credential').count
390
+ => 2
391
+ ```
52
392
 
53
393
  ## Development
54
394
 
data/cred_hubble.gemspec CHANGED
@@ -20,8 +20,11 @@ Gem::Specification.new do |spec|
20
20
 
21
21
  spec.require_paths = ['lib']
22
22
 
23
+ spec.required_ruby_version = '~> 2.1'
24
+
23
25
  spec.add_runtime_dependency 'faraday', ['>= 0.13', '< 1.0']
24
26
  spec.add_runtime_dependency 'virtus', ['>= 1.0', '< 2.0']
27
+ spec.add_runtime_dependency 'addressable', '~> 2.0'
25
28
 
26
29
  spec.add_development_dependency 'bundler', '~> 1.15'
27
30
  spec.add_development_dependency 'rake', '~> 10.0'