cred_hubble 0.1.0.pre → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9fbb2a2213b7e25f0b2df91998752c619c30e659
4
- data.tar.gz: eec8c7e06c8435368b241ba5eba2bd646eb0adc9
3
+ metadata.gz: 8345013303bcb55d2335018f4d4469557ed6f88a
4
+ data.tar.gz: 24b09bdcef1948594f326f212c5581c7c9ef8d47
5
5
  SHA512:
6
- metadata.gz: 79f915304e5b0e401c247b2ea8948513243e6fd5e2de99eb0621e6ab585612904f6904e8c8faa8cdf607d71e0246b6b9ed193e36a69bb38d8755c4c11f479740
7
- data.tar.gz: af03b68be2dae89b3df1d2afba454668f3ecee12a457c08f38659c74e6571b7dca134c272cff3f5848cb6d5f5ee34d7e45e3ba412e1eea10ae8eeec5073011fd
6
+ metadata.gz: 17bca452601dca62005f46a238671b565e7e0c481ef88278d6ca333881a0502b69ee4bff600c4b179cf9a2d63123b36dbdced0feff18d8defca75399ba39aa3e
7
+ data.tar.gz: a00b2bcf4adbaa8e8ee7fda6310c777087ec01d1a96df4b84c0a43408b39b3b37a782946e6f035125fa0c80d4ee45f349827b884d72ed0b1b4f0affdb3eb93a5
data/cred_hubble.gemspec CHANGED
@@ -27,8 +27,10 @@ Gem::Specification.new do |spec|
27
27
  spec.add_runtime_dependency 'addressable', '~> 2.0'
28
28
 
29
29
  spec.add_development_dependency 'bundler', '~> 1.15'
30
+ spec.add_development_dependency 'gem-release'
30
31
  spec.add_development_dependency 'rake', '~> 10.0'
31
32
  spec.add_development_dependency 'rspec', '~> 3.0'
32
33
  spec.add_development_dependency 'rubocop'
33
34
  spec.add_development_dependency 'webmock', '~> 3.0'
35
+ spec.add_development_dependency 'yard'
34
36
  end
@@ -6,6 +6,15 @@ require 'openssl'
6
6
  # rubocop:disable ClassLength
7
7
  module CredHubble
8
8
  class Client
9
+ # Instantiates a new CredHubble::Client.
10
+ #
11
+ # @param host [String] host for the target CredHub server
12
+ # @param port [Integer] port for the target CredHub server
13
+ # @param auth_header_token [String] oAuth2 bearer token for auth header
14
+ # @param client_cert_path [String] path to a client TLS certificate
15
+ # @param client_key_path [String] path to a client TLS encryption key
16
+ # @param ca_path [String] path to a CA certificate
17
+ # @return [CredHubble::Client] a CredHubble::Client instance
9
18
  def initialize(host:, port: 8844, auth_header_token: nil, ca_path: nil,
10
19
  client_cert_path: nil, client_key_path: nil)
11
20
 
@@ -17,6 +26,13 @@ module CredHubble
17
26
  @client_key_path = client_key_path
18
27
  end
19
28
 
29
+ # Instantiates a new CredHubble::Client using an oAuth2 bearer token for auth header authentication.
30
+ #
31
+ # @param host [String] host for the target CredHub server
32
+ # @param port [Integer] port for the target CredHub server
33
+ # @param auth_header_token [String] oAuth2 bearer token for auth header
34
+ # @param ca_path [String] path to a CA certificate
35
+ # @return [CredHubble::Client] a CredHubble::Client instance
20
36
  def self.new_from_token_auth(host:, port: 8844, auth_header_token:, ca_path: nil)
21
37
  new(
22
38
  auth_header_token: auth_header_token,
@@ -26,6 +42,14 @@ module CredHubble
26
42
  )
27
43
  end
28
44
 
45
+ # Instantiates a new CredHubble::Client using a client TLS certificate and key for mutual TLS authentication.
46
+ #
47
+ # @param host [String] host for the target CredHub server
48
+ # @param port [Integer] port for the target CredHub server
49
+ # @param client_cert_path [String] path to a client TLS certificate
50
+ # @param client_key_path [String] path to a client TLS encryption key
51
+ # @param ca_path [String] path to a CA certificate
52
+ # @return [CredHubble::Client] a CredHubble::Client instance
29
53
  def self.new_from_mtls_auth(host:, port: 8844, client_cert_path:, client_key_path:, ca_path: nil)
30
54
  new(
31
55
  client_cert_path: client_cert_path,
@@ -36,21 +60,39 @@ module CredHubble
36
60
  )
37
61
  end
38
62
 
63
+ # Performs a GET request to the CredHub /info endpoint.
64
+ #
65
+ # @return [CredHubble::Resources::Info] a CredHubble::Resources::Info instance
39
66
  def info
40
67
  response = http_client.get('/info').body
41
68
  CredHubble::Resources::Info.from_json(response)
42
69
  end
43
70
 
71
+ # Performs a GET request to the CredHub /health endpoint.
72
+ #
73
+ # @return [CredHubble::Resources::Health] a CredHubble::Resources::Health instance
44
74
  def health
45
75
  response = http_client.get('/health').body
46
76
  CredHubble::Resources::Health.from_json(response)
47
77
  end
48
78
 
79
+ # Retrieves a Credential by ID.
80
+ #
81
+ # @param credential_id [String] a CredHub credential identifier
82
+ # @return [CredHubble::Resources::Credential] a CredHubble::Resources::Credential instance,
83
+ # e.g. CredHubble::Resources::ValueCredential
49
84
  def credential_by_id(credential_id)
50
85
  response = http_client.get("/api/v1/data/#{credential_id}").body
51
86
  CredHubble::Resources::CredentialFactory.from_json(response)
52
87
  end
53
88
 
89
+ # Retrieves a collection of Credentials by Name.
90
+ #
91
+ # @param name [String] a CredHub credential name, e.g '/my-credential'
92
+ # @param current [Boolean] whether or not to return only the current version of a Credential
93
+ # @param versions [Integer] the maximum number of versions of a Credential to return
94
+ # @return [CredHubble::Resources::CredentialCollection] a CredHubble::Resources::CredentialCollection instance,
95
+ # containing an enumerable list of Credentials
54
96
  def credentials_by_name(name, current: nil, versions: nil)
55
97
  template = Addressable::Template.new('/api/v1/data{?query*}')
56
98
 
@@ -61,6 +103,20 @@ module CredHubble
61
103
  CredHubble::Resources::CredentialCollection.from_json(response)
62
104
  end
63
105
 
106
+ # Retrieves the value of the current Credential for the given name
107
+ #
108
+ # @param credential_name [String] a CredHub credential name, e.g '/my-credential'
109
+ # @return [String, Hash, RsaValue, SshValue, UserValue, CertificateValue, nil] the Credential#value if it exists
110
+ def current_credential_value(credential_name)
111
+ current_credential = credentials_by_name(credential_name, current: true).first
112
+ current_credential && current_credential.value
113
+ end
114
+
115
+ # Retrieves a collection of Permissions for a Credential by Credential Name.
116
+ #
117
+ # @param credential_name [String] a CredHub credential name, e.g '/my-credential'
118
+ # @return [CredHubble::Resources::PermissionCollection] a CredHubble::Resources::PermissionCollection instance,
119
+ # containing an enumerable list of Permissions
64
120
  def permissions_by_credential_name(credential_name)
65
121
  template = Addressable::Template.new('/api/v1/permissions{?query*}')
66
122
 
@@ -71,6 +127,14 @@ module CredHubble
71
127
  CredHubble::Resources::PermissionCollection.from_json(response)
72
128
  end
73
129
 
130
+ # Creates a new Credential or adds a new version of an existing Credential.
131
+ #
132
+ # @param credential [CredHubble::Resources::Credential] a CredHubble::Resources::Credential instance
133
+ # @param overwrite [Boolean] whether or not CredHub should create a new current version for existing Credentials
134
+ # @param additional_permissions [CredHubble::Resources::PermissionCollection]
135
+ # a CredHubble::Resources::PermissionCollection for additional Permissions to set on the credentials
136
+ # @return [CredHubble::Resources::Credential] a CredHubble::Resources::Credential instance,
137
+ # e.g. CredHubble::Resources::CertificateCredential
74
138
  def put_credential(credential, overwrite: nil, additional_permissions: [])
75
139
  credential_body = credential.attributes_for_put
76
140
  credential_body[:overwrite] = !!overwrite unless overwrite.nil?
@@ -83,10 +147,19 @@ module CredHubble
83
147
  CredHubble::Resources::CredentialFactory.from_json(response)
84
148
  end
85
149
 
150
+ # Populates "credhub-ref" keys in a JSON string (e.g. ENV['VCAP_SERVICES']) with credential values.
151
+ #
152
+ # @param vcap_services_json [String] a valid JSON string including, particularly one from a Cloud Foundry app's
153
+ # VCAP_SERVICES environment variable
154
+ # @return [String] a valid JSON string with populated CredHub references
86
155
  def interpolate_credentials(vcap_services_json)
87
156
  http_client.post('/api/v1/interpolate', vcap_services_json).body
88
157
  end
89
158
 
159
+ # Deletes a Credential with the given Name.
160
+ #
161
+ # @param name [String] a CredHub credential name, e.g '/my-credential'
162
+ # @return [Boolean] true if the deletion was successful
90
163
  def delete_credential_by_name(name)
91
164
  template = Addressable::Template.new('/api/v1/data{?query*}')
92
165
 
@@ -96,11 +169,22 @@ module CredHubble
96
169
  http_client.delete(path).success?
97
170
  end
98
171
 
172
+ # Adds additional Permissions to an existing Credential. The Credential is specified by the `credential_name` field
173
+ # on the PermissionCollection
174
+ #
175
+ # @param permission_collection [CredHubble::Resources::PermissionCollection]
176
+ # a CredHubble::Resources::PermissionCollection for additional Permissions to set on the credentials
177
+ # @return [CredHubble::Resources::PermissionCollection] a CredHubble::Resources::PermissionCollection instance
99
178
  def add_permissions(permission_collection)
100
179
  response = http_client.post('/api/v1/permissions', permission_collection.to_json).body
101
180
  CredHubble::Resources::PermissionCollection.from_json(response)
102
181
  end
103
182
 
183
+ # Deletes any permissions for the given actor for a Credential.
184
+ #
185
+ # @param credential_name [String] a CredHub credential name, e.g '/my-credential'
186
+ # @param actor [String] a CredHub actor, e.g. 'uaa-user:fca1ae5e-f417-45ce-94b0-79889e27e047'
187
+ # @return [Boolean] true if the deletion was successful
104
188
  def delete_permissions(credential_name, actor)
105
189
  template = Addressable::Template.new('/api/v1/permissions{?query*}')
106
190
 
@@ -1,3 +1,3 @@
1
1
  module CredHubble
2
- VERSION = '0.1.0.pre'.freeze
2
+ VERSION = '0.1.0'.freeze
3
3
  end
@@ -219,6 +219,49 @@ RSpec.describe CredHubble::Client do
219
219
  end
220
220
  end
221
221
 
222
+ describe '#current_credential_value' do
223
+ let(:response_body) do
224
+ '{
225
+ "data":[
226
+ {
227
+ "type":"user",
228
+ "version_created_at":"2017-10-03T04:12:21Z",
229
+ "id":"5298e0e4-c3f5-4c73-a156-9ffce4c137f5",
230
+ "name":"/trade-federation-admin",
231
+ "value": {
232
+ "username": "roger_roger",
233
+ "password": "2582aaf15ec84e3fa3ba682152663a52",
234
+ "password_hash": "3638fbae81358ff9020be1d7a9a509fc6:1234"
235
+ }
236
+ }
237
+ ]
238
+ }'
239
+ end
240
+
241
+ it 'makes a request to the /api/v1/data endpoint with the name as a query parameter' do
242
+ subject.current_credential_value('/trade-federation-admin')
243
+ expect(mock_http_client).to have_received(:get).with('/api/v1/data?name=%2Ftrade-federation-admin&current=true')
244
+ end
245
+
246
+ context 'when a credential for the given name exists' do
247
+ it 'returns the credential value' do
248
+ credential_value = subject.current_credential_value('/trade-federation-admin')
249
+ expect(credential_value.username).to eq('roger_roger')
250
+ expect(credential_value.password).to eq('2582aaf15ec84e3fa3ba682152663a52')
251
+ expect(credential_value.password_hash).to eq('3638fbae81358ff9020be1d7a9a509fc6:1234')
252
+ end
253
+ end
254
+
255
+ context 'when a credential for the given name does not exist' do
256
+ let(:response_body) { '{"data":[]}' }
257
+
258
+ it 'returns nil' do
259
+ credential_value = subject.current_credential_value('/trade-federation-admin')
260
+ expect(credential_value).to be_nil
261
+ end
262
+ end
263
+ end
264
+
222
265
  describe '#permissions_by_credential_name' do
223
266
  let(:response_body) do
224
267
  '{
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cred_hubble
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0.pre
4
+ version: 0.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tim Downey
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-10-09 00:00:00.000000000 Z
11
+ date: 2017-10-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday
@@ -78,6 +78,20 @@ dependencies:
78
78
  - - "~>"
79
79
  - !ruby/object:Gem::Version
80
80
  version: '1.15'
81
+ - !ruby/object:Gem::Dependency
82
+ name: gem-release
83
+ requirement: !ruby/object:Gem::Requirement
84
+ requirements:
85
+ - - ">="
86
+ - !ruby/object:Gem::Version
87
+ version: '0'
88
+ type: :development
89
+ prerelease: false
90
+ version_requirements: !ruby/object:Gem::Requirement
91
+ requirements:
92
+ - - ">="
93
+ - !ruby/object:Gem::Version
94
+ version: '0'
81
95
  - !ruby/object:Gem::Dependency
82
96
  name: rake
83
97
  requirement: !ruby/object:Gem::Requirement
@@ -134,6 +148,20 @@ dependencies:
134
148
  - - "~>"
135
149
  - !ruby/object:Gem::Version
136
150
  version: '3.0'
151
+ - !ruby/object:Gem::Dependency
152
+ name: yard
153
+ requirement: !ruby/object:Gem::Requirement
154
+ requirements:
155
+ - - ">="
156
+ - !ruby/object:Gem::Version
157
+ version: '0'
158
+ type: :development
159
+ prerelease: false
160
+ version_requirements: !ruby/object:Gem::Requirement
161
+ requirements:
162
+ - - ">="
163
+ - !ruby/object:Gem::Version
164
+ version: '0'
137
165
  description:
138
166
  email:
139
167
  - tim@downey.io
@@ -212,9 +240,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
212
240
  version: '2.1'
213
241
  required_rubygems_version: !ruby/object:Gem::Requirement
214
242
  requirements:
215
- - - ">"
243
+ - - ">="
216
244
  - !ruby/object:Gem::Version
217
- version: 1.3.1
245
+ version: '0'
218
246
  requirements: []
219
247
  rubyforge_project:
220
248
  rubygems_version: 2.6.13