RubyGems - cred_hubble - Versions diffs - 0.0.1.pre → 0.1.0.pre - Mend

cred_hubble 0.0.1.pre → 0.1.0.pre

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/.rubocop.yml +7 -1
data/.travis.yml +3 -1
data/README.md +353 -13
data/cred_hubble.gemspec +3 -0
data/lib/cred_hubble.rb +3 -2
data/lib/cred_hubble/client.rb +119 -13
data/lib/cred_hubble/http/client.rb +39 -4
data/lib/cred_hubble/resources/certificate_credential.rb +25 -0
data/lib/cred_hubble/resources/credential.rb +32 -0
data/lib/cred_hubble/resources/credential_collection.rb +21 -0
data/lib/cred_hubble/resources/credential_factory.rb +41 -0
data/lib/cred_hubble/resources/immutable_resource.rb +2 -2
data/lib/cred_hubble/resources/json_credential.rb +13 -0
data/lib/cred_hubble/resources/password_credential.rb +13 -0
data/lib/cred_hubble/resources/permission.rb +10 -0
data/lib/cred_hubble/resources/permission_collection.rb +21 -0
data/lib/cred_hubble/resources/resource.rb +10 -0
data/lib/cred_hubble/resources/resources.rb +15 -0
data/lib/cred_hubble/resources/{base_resource.rb → rest_resource.rb} +6 -2
data/lib/cred_hubble/resources/rsa_credential.rb +24 -0
data/lib/cred_hubble/resources/ssh_credential.rb +39 -0
data/lib/cred_hubble/resources/user_credential.rb +39 -0
data/lib/cred_hubble/resources/value_credential.rb +13 -0
data/lib/cred_hubble/version.rb +1 -1
data/spec/cred_hubble/client_spec.rb +487 -3
data/spec/cred_hubble/http/client_spec.rb +347 -53
data/spec/cred_hubble/resources/certificate_credential_spec.rb +49 -0
data/spec/cred_hubble/resources/credential_collection_spec.rb +59 -0
data/spec/cred_hubble/resources/credential_factory_spec.rb +154 -0
data/spec/cred_hubble/resources/credential_spec.rb +10 -0
data/spec/cred_hubble/resources/json_credential_spec.rb +52 -0
data/spec/cred_hubble/resources/password_credential_spec.rb +41 -0
data/spec/cred_hubble/resources/permission_collection_spec.rb +87 -0
data/spec/cred_hubble/resources/permission_spec.rb +36 -0
data/spec/cred_hubble/resources/rsa_credential_spec.rb +46 -0
data/spec/cred_hubble/resources/ssh_credential_spec.rb +73 -0
data/spec/cred_hubble/resources/user_credential_spec.rb +72 -0
data/spec/cred_hubble/resources/value_credential_spec.rb +42 -0
data/spec/support/shared_examples/resource_examples.rb +49 -0
metadata +57 -5

data/lib/cred_hubble.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 require 'cred_hubble/version'
 require 'cred_hubble/exceptions/error'
-require 'cred_hubble/resources/info'
-require 'cred_hubble/resources/health'
+require 'cred_hubble/resources/resources'
+require 'cred_hubble/resources/credential_factory'
 require 'cred_hubble/client'

data/lib/cred_hubble/client.rb CHANGED Viewed

@@ -1,12 +1,39 @@
-require 'cred_hubble/resources/info'
-require 'cred_hubble/resources/health'
+require 'addressable'
+require 'cred_hubble/resources/resources'
 require 'cred_hubble/http/client'
+require 'openssl'
+# rubocop:disable ClassLength
 module CredHubble
   class Client
-    def initialize(credhub_url)
-      @credhub_url = credhub_url
-      @verify_ssl = true
+    def initialize(host:, port: 8844, auth_header_token: nil, ca_path: nil,
+                   client_cert_path: nil, client_key_path: nil)
+      @host = host
+      @port = port
+      @auth_header_token = auth_header_token
+      @ca_path = ca_path
+      @client_cert_path = client_cert_path
+      @client_key_path = client_key_path
+    end
+    def self.new_from_token_auth(host:, port: 8844, auth_header_token:, ca_path: nil)
+      new(
+        auth_header_token: auth_header_token,
+        ca_path: ca_path,
+        host: host,
+        port: port
+      )
+    end
+    def self.new_from_mtls_auth(host:, port: 8844, client_cert_path:, client_key_path:, ca_path: nil)
+      new(
+        client_cert_path: client_cert_path,
+        client_key_path: client_key_path,
+        host: host,
+        ca_path: ca_path,
+        port: port
+      )
     end
     def info
@@ -19,20 +46,99 @@ module CredHubble
       CredHubble::Resources::Health.from_json(response)
     end
+    def credential_by_id(credential_id)
+      response = http_client.get("/api/v1/data/#{credential_id}").body
+      CredHubble::Resources::CredentialFactory.from_json(response)
+    end
+    def credentials_by_name(name, current: nil, versions: nil)
+      template = Addressable::Template.new('/api/v1/data{?query*}')
+      query_args = { name: name, current: current, versions: versions }.reject { |_, v| v.nil? }
+      path = template.expand(query: query_args).to_s
+      response = http_client.get(path).body
+      CredHubble::Resources::CredentialCollection.from_json(response)
+    end
+    def permissions_by_credential_name(credential_name)
+      template = Addressable::Template.new('/api/v1/permissions{?query*}')
+      query_args = { credential_name: credential_name }
+      path = template.expand(query: query_args).to_s
+      response = http_client.get(path).body
+      CredHubble::Resources::PermissionCollection.from_json(response)
+    end
+    def put_credential(credential, overwrite: nil, additional_permissions: [])
+      credential_body = credential.attributes_for_put
+      credential_body[:overwrite] = !!overwrite unless overwrite.nil?
+      unless additional_permissions.empty?
+        credential_body[:additional_permissions] = additional_permissions.map(&:attributes)
+      end
+      response = http_client.put('/api/v1/data', credential_body.to_json).body
+      CredHubble::Resources::CredentialFactory.from_json(response)
+    end
+    def interpolate_credentials(vcap_services_json)
+      http_client.post('/api/v1/interpolate', vcap_services_json).body
+    end
+    def delete_credential_by_name(name)
+      template = Addressable::Template.new('/api/v1/data{?query*}')
+      query_args = { name: name }
+      path = template.expand(query: query_args).to_s
+      http_client.delete(path).success?
+    end
+    def add_permissions(permission_collection)
+      response = http_client.post('/api/v1/permissions', permission_collection.to_json).body
+      CredHubble::Resources::PermissionCollection.from_json(response)
+    end
+    def delete_permissions(credential_name, actor)
+      template = Addressable::Template.new('/api/v1/permissions{?query*}')
+      query_args = { credential_name: credential_name, actor: actor }
+      path = template.expand(query: query_args).to_s
+      http_client.delete(path).success?
+    end
     private
-    attr_reader :credhub_url, :verify_ssl
+    attr_reader :auth_header_token, :client_cert_path, :client_key_path, :ca_path, :host, :port
     def http_client
-      CredHubble::Http::Client.new(credhub_url, verify_ssl: verify_ssl)
+      CredHubble::Http::Client.new(
+        credhub_url,
+        auth_header_token: auth_header_token,
+        ca_path: ca_path,
+        client_cert: client_cert,
+        client_key: client_key
+      )
+    end
+    def client_cert
+      return unless client_cert_path
+      OpenSSL::X509::Certificate.new(File.read(client_cert_path))
+    end
+    def client_key
+      return unless client_key_path
+      OpenSSL::PKey::RSA.new(File.read(client_key_path))
     end
-    # TODO: Remove ability to disable ssl verification
-    # Only leaving this in to simplify initial development
-    # Will be removed before the 0.0.1 release since non-SSL + CredHub is not a good combo
-    def unsafe_mode!
-      @verify_ssl = false
-      puts 'WARNING: SSL verification disabled!'
+    def credhub_url
+      Addressable::URI.new(scheme: 'https', host: host, port: port).to_s
     end
   end
 end
+# rubocop:enable ClassLength

data/lib/cred_hubble/http/client.rb CHANGED Viewed

@@ -6,9 +6,12 @@ module CredHubble
     class Client
       DEFAULT_HEADERS = { 'Content-Type' => 'application/json' }.freeze
-      def initialize(url, verify_ssl: true)
+      def initialize(url, auth_header_token: nil, ca_path: nil, client_cert: nil, client_key: nil)
         @url = url
-        @verify_ssl = verify_ssl
+        @auth_header_token = auth_header_token
+        @ca_path = ca_path
+        @client_cert = client_cert
+        @client_key = client_key
       end
       def get(path)
@@ -17,17 +20,49 @@ module CredHubble
         end
       end
+      def post(path, body)
+        with_error_handling do
+          connection.post(path, body)
+        end
+      end
+      def put(path, body)
+        with_error_handling do
+          connection.put(path, body)
+        end
+      end
+      def delete(path)
+        with_error_handling do
+          connection.delete(path)
+        end
+      end
       private
-      attr_reader :url, :verify_ssl
+      attr_reader :auth_header_token, :client_cert, :client_key, :ca_path, :url
       def connection
-        Faraday.new(url: url, headers: DEFAULT_HEADERS, ssl: { verify: verify_ssl }) do |faraday|
+        Faraday.new(url: url, headers: request_headers, ssl: ssl_config) do |faraday|
           faraday.request :url_encoded
           faraday.adapter Faraday.default_adapter
         end
       end
+      def request_headers
+        headers = DEFAULT_HEADERS
+        return headers unless auth_header_token
+        headers.merge('Authorization' => "bearer #{auth_header_token}")
+      end
+      def ssl_config
+        additional_config = { ca_file: ca_path, client_cert: client_cert, client_key: client_key }
+        additional_config.reject! { |_, v| v.nil? }
+        { verify: true }.merge(additional_config)
+      end
       def with_error_handling(&_block)
         response = yield

data/lib/cred_hubble/resources/certificate_credential.rb ADDED Viewed

@@ -0,0 +1,25 @@
+require 'cred_hubble/resources/credential'
+module CredHubble
+  module Resources
+    class CertificateValue
+      include Virtus.model
+      attribute :ca, String
+      attribute :certificate, String
+      attribute :private_key, String
+      def to_json(options = {})
+        attributes.to_json(options)
+      end
+    end
+    class CertificateCredential < Credential
+      attribute :value, CertificateValue
+      def type
+        Credential::CERTIFICATE_TYPE
+      end
+    end
+  end
+end

data/lib/cred_hubble/resources/credential.rb ADDED Viewed

@@ -0,0 +1,32 @@
+require 'cred_hubble/resources/resource'
+module CredHubble
+  module Resources
+    class Credential < Resource
+      TYPES = [
+        VALUE_TYPE = 'value'.freeze,
+        JSON_TYPE = 'json'.freeze,
+        PASSWORD_TYPE = 'password'.freeze,
+        USER_TYPE = 'user'.freeze,
+        CERTIFICATE_TYPE = 'certificate'.freeze,
+        RSA_TYPE = 'rsa'.freeze,
+        SSH_TYPE = 'ssh'.freeze
+      ].freeze
+      attribute :id, String
+      attribute :name, String
+      attribute :type, String
+      attribute :version_created_at, String
+      def attributes_for_put
+        attributes.delete_if { |k, _| immutable_attributes.include?(k) }
+      end
+      private
+      def immutable_attributes
+        %i[id version_created_at]
+      end
+    end
+  end
+end

data/lib/cred_hubble/resources/credential_collection.rb ADDED Viewed

@@ -0,0 +1,21 @@
+require 'cred_hubble/resources/rest_resource'
+require 'cred_hubble/resources/credential_factory'
+module CredHubble
+  module Resources
+    class CredentialCollection < Resource
+      include Enumerable
+      def initialize(value_hash)
+        credentials_array = value_hash['data']
+        @data = credentials_array.map { |credential_data| CredentialFactory.credential_from_data(credential_data) }
+      end
+      def each(&block)
+        data.each(&block)
+      end
+      attr_reader :data
+    end
+  end
+end

data/lib/cred_hubble/resources/credential_factory.rb ADDED Viewed

@@ -0,0 +1,41 @@
+require 'cred_hubble/resources/rest_resource'
+require 'cred_hubble/resources/credential'
+require 'cred_hubble/resources/value_credential'
+require 'cred_hubble/resources/json_credential'
+require 'cred_hubble/resources/password_credential'
+require 'cred_hubble/resources/user_credential'
+require 'cred_hubble/resources/certificate_credential'
+require 'cred_hubble/resources/rsa_credential'
+require 'cred_hubble/resources/ssh_credential'
+module CredHubble
+  module Resources
+    class CredentialFactory < RestResource
+      def self.from_json(raw_json)
+        parsed_json = parse_json(raw_json)
+        credential_from_data(parsed_json)
+      end
+      def self.credential_from_data(credential_data)
+        case credential_data['type']
+        when Credential::VALUE_TYPE
+          ValueCredential.new(credential_data)
+        when Credential::JSON_TYPE
+          JsonCredential.new(credential_data)
+        when Credential::PASSWORD_TYPE
+          PasswordCredential.new(credential_data)
+        when Credential::USER_TYPE
+          UserCredential.new(credential_data)
+        when Credential::CERTIFICATE_TYPE
+          CertificateCredential.new(credential_data)
+        when Credential::RSA_TYPE
+          RsaCredential.new(credential_data)
+        when Credential::SSH_TYPE
+          SshCredential.new(credential_data)
+        else
+          Credential.new(credential_data)
+        end
+      end
+    end
+  end
+end

data/lib/cred_hubble/resources/immutable_resource.rb CHANGED Viewed

@@ -1,9 +1,9 @@
-require 'cred_hubble/resources/base_resource'
+require 'cred_hubble/resources/rest_resource'
 require 'virtus'
 module CredHubble
   module Resources
-    class ImmutableResource < BaseResource
+    class ImmutableResource < RestResource
       include ::Virtus.value_object
     end
   end

data/lib/cred_hubble/resources/json_credential.rb ADDED Viewed

@@ -0,0 +1,13 @@
+require 'cred_hubble/resources/credential'
+module CredHubble
+  module Resources
+    class JsonCredential < Credential
+      attribute :value, Hash
+      def type
+        Credential::JSON_TYPE
+      end
+    end
+  end
+end

data/lib/cred_hubble/resources/password_credential.rb ADDED Viewed

@@ -0,0 +1,13 @@
+require 'cred_hubble/resources/credential'
+module CredHubble
+  module Resources
+    class PasswordCredential < Credential
+      attribute :value, String
+      def type
+        Credential::PASSWORD_TYPE
+      end
+    end
+  end
+end

data/lib/cred_hubble/resources/permission.rb ADDED Viewed

@@ -0,0 +1,10 @@
+require 'cred_hubble/resources/rest_resource'
+module CredHubble
+  module Resources
+    class Permission < Resource
+      attribute :actor, String
+      attribute :operations, Array[String]
+    end
+  end
+end

data/lib/cred_hubble/resources/permission_collection.rb ADDED Viewed

@@ -0,0 +1,21 @@
+require 'cred_hubble/resources/rest_resource'
+require 'cred_hubble/resources/permission'
+module CredHubble
+  module Resources
+    class PermissionCollection < Resource
+      include Enumerable
+      attribute :credential_name, String
+      attribute :permissions, Array[Permission]
+      def each(&block)
+        permissions.each(&block)
+      end
+      def empty?
+        permissions.empty?
+      end
+    end
+  end
+end

data/lib/cred_hubble/resources/resource.rb ADDED Viewed

@@ -0,0 +1,10 @@
+require 'cred_hubble/resources/rest_resource'
+require 'virtus'
+module CredHubble
+  module Resources
+    class Resource < RestResource
+      include ::Virtus.model
+    end
+  end
+end

data/lib/cred_hubble/resources/resources.rb ADDED Viewed

@@ -0,0 +1,15 @@
+require 'cred_hubble/resources/info'
+require 'cred_hubble/resources/health'
+require 'cred_hubble/resources/credential'
+require 'cred_hubble/resources/credential_collection'
+require 'cred_hubble/resources/value_credential'
+require 'cred_hubble/resources/json_credential'
+require 'cred_hubble/resources/password_credential'
+require 'cred_hubble/resources/user_credential'
+require 'cred_hubble/resources/certificate_credential'
+require 'cred_hubble/resources/rsa_credential'
+require 'cred_hubble/resources/ssh_credential'
+require 'cred_hubble/resources/permission'
+require 'cred_hubble/resources/permission_collection'