cred_hubble 0.1.0.pre → 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/cred_hubble.gemspec +2 -0
  3. data/lib/cred_hubble/client.rb +84 -0
  4. data/lib/cred_hubble/version.rb +1 -1
  5. data/spec/cred_hubble/client_spec.rb +43 -0
  6. metadata +32 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9fbb2a2213b7e25f0b2df91998752c619c30e659
4
- data.tar.gz: eec8c7e06c8435368b241ba5eba2bd646eb0adc9
3
+ metadata.gz: 8345013303bcb55d2335018f4d4469557ed6f88a
4
+ data.tar.gz: 24b09bdcef1948594f326f212c5581c7c9ef8d47
5
5
  SHA512:
6
- metadata.gz: 79f915304e5b0e401c247b2ea8948513243e6fd5e2de99eb0621e6ab585612904f6904e8c8faa8cdf607d71e0246b6b9ed193e36a69bb38d8755c4c11f479740
7
- data.tar.gz: af03b68be2dae89b3df1d2afba454668f3ecee12a457c08f38659c74e6571b7dca134c272cff3f5848cb6d5f5ee34d7e45e3ba412e1eea10ae8eeec5073011fd
6
+ metadata.gz: 17bca452601dca62005f46a238671b565e7e0c481ef88278d6ca333881a0502b69ee4bff600c4b179cf9a2d63123b36dbdced0feff18d8defca75399ba39aa3e
7
+ data.tar.gz: a00b2bcf4adbaa8e8ee7fda6310c777087ec01d1a96df4b84c0a43408b39b3b37a782946e6f035125fa0c80d4ee45f349827b884d72ed0b1b4f0affdb3eb93a5
data/cred_hubble.gemspec CHANGED
@@ -27,8 +27,10 @@ Gem::Specification.new do |spec|
27
27
  spec.add_runtime_dependency 'addressable', '~> 2.0'
28
28
 
29
29
  spec.add_development_dependency 'bundler', '~> 1.15'
30
+ spec.add_development_dependency 'gem-release'
30
31
  spec.add_development_dependency 'rake', '~> 10.0'
31
32
  spec.add_development_dependency 'rspec', '~> 3.0'
32
33
  spec.add_development_dependency 'rubocop'
33
34
  spec.add_development_dependency 'webmock', '~> 3.0'
35
+ spec.add_development_dependency 'yard'
34
36
  end
data/lib/cred_hubble/client.rb CHANGED
@@ -6,6 +6,15 @@ require 'openssl'
6
6
  # rubocop:disable ClassLength
7
7
  module CredHubble
8
8
  class Client
9
+ # Instantiates a new CredHubble::Client.
10
+ #
11
+ # @param host [String] host for the target CredHub server
12
+ # @param port [Integer] port for the target CredHub server
13
+ # @param auth_header_token [String] oAuth2 bearer token for auth header
14
+ # @param client_cert_path [String] path to a client TLS certificate
15
+ # @param client_key_path [String] path to a client TLS encryption key
16
+ # @param ca_path [String] path to a CA certificate
17
+ # @return [CredHubble::Client] a CredHubble::Client instance
9
18
  def initialize(host:, port: 8844, auth_header_token: nil, ca_path: nil,
10
19
  client_cert_path: nil, client_key_path: nil)
11
20
 
@@ -17,6 +26,13 @@ module CredHubble
17
26
  @client_key_path = client_key_path
18
27
  end
19
28
 
29
+ # Instantiates a new CredHubble::Client using an oAuth2 bearer token for auth header authentication.
30
+ #
31
+ # @param host [String] host for the target CredHub server
32
+ # @param port [Integer] port for the target CredHub server
33
+ # @param auth_header_token [String] oAuth2 bearer token for auth header
34
+ # @param ca_path [String] path to a CA certificate
35
+ # @return [CredHubble::Client] a CredHubble::Client instance
20
36
  def self.new_from_token_auth(host:, port: 8844, auth_header_token:, ca_path: nil)
21
37
  new(
22
38
  auth_header_token: auth_header_token,
@@ -26,6 +42,14 @@ module CredHubble
26
42
  )
27
43
  end
28
44
 
45
+ # Instantiates a new CredHubble::Client using a client TLS certificate and key for mutual TLS authentication.
46
+ #
47
+ # @param host [String] host for the target CredHub server
48
+ # @param port [Integer] port for the target CredHub server
49
+ # @param client_cert_path [String] path to a client TLS certificate
50
+ # @param client_key_path [String] path to a client TLS encryption key
51
+ # @param ca_path [String] path to a CA certificate
52
+ # @return [CredHubble::Client] a CredHubble::Client instance
29
53
  def self.new_from_mtls_auth(host:, port: 8844, client_cert_path:, client_key_path:, ca_path: nil)
30
54
  new(
31
55
  client_cert_path: client_cert_path,
@@ -36,21 +60,39 @@ module CredHubble
36
60
  )
37
61
  end
38
62
 
63
+ # Performs a GET request to the CredHub /info endpoint.
64
+ #
65
+ # @return [CredHubble::Resources::Info] a CredHubble::Resources::Info instance
39
66
  def info
40
67
  response = http_client.get('/info').body
41
68
  CredHubble::Resources::Info.from_json(response)
42
69
  end
43
70
 
71
+ # Performs a GET request to the CredHub /health endpoint.
72
+ #
73
+ # @return [CredHubble::Resources::Health] a CredHubble::Resources::Health instance
44
74
  def health
45
75
  response = http_client.get('/health').body
46
76
  CredHubble::Resources::Health.from_json(response)
47
77
  end
48
78
 
79
+ # Retrieves a Credential by ID.
80
+ #
81
+ # @param credential_id [String] a CredHub credential identifier
82
+ # @return [CredHubble::Resources::Credential] a CredHubble::Resources::Credential instance,
83
+ # e.g. CredHubble::Resources::ValueCredential
49
84
  def credential_by_id(credential_id)
50
85
  response = http_client.get("/api/v1/data/#{credential_id}").body
51
86
  CredHubble::Resources::CredentialFactory.from_json(response)
52
87
  end
53
88
 
89
+ # Retrieves a collection of Credentials by Name.
90
+ #
91
+ # @param name [String] a CredHub credential name, e.g '/my-credential'
92
+ # @param current [Boolean] whether or not to return only the current version of a Credential
93
+ # @param versions [Integer] the maximum number of versions of a Credential to return
94
+ # @return [CredHubble::Resources::CredentialCollection] a CredHubble::Resources::CredentialCollection instance,
95
+ # containing an enumerable list of Credentials
54
96
  def credentials_by_name(name, current: nil, versions: nil)
55
97
  template = Addressable::Template.new('/api/v1/data{?query*}')
56
98
 
@@ -61,6 +103,20 @@ module CredHubble
61
103
  CredHubble::Resources::CredentialCollection.from_json(response)
62
104
  end
63
105
 
106
+ # Retrieves the value of the current Credential for the given name
107
+ #
108
+ # @param credential_name [String] a CredHub credential name, e.g '/my-credential'
109
+ # @return [String, Hash, RsaValue, SshValue, UserValue, CertificateValue, nil] the Credential#value if it exists
110
+ def current_credential_value(credential_name)
111
+ current_credential = credentials_by_name(credential_name, current: true).first
112
+ current_credential && current_credential.value
113
+ end
114
+
115
+ # Retrieves a collection of Permissions for a Credential by Credential Name.
116
+ #
117
+ # @param credential_name [String] a CredHub credential name, e.g '/my-credential'
118
+ # @return [CredHubble::Resources::PermissionCollection] a CredHubble::Resources::PermissionCollection instance,
119
+ # containing an enumerable list of Permissions
64
120
  def permissions_by_credential_name(credential_name)
65
121
  template = Addressable::Template.new('/api/v1/permissions{?query*}')
66
122
 
@@ -71,6 +127,14 @@ module CredHubble
71
127
  CredHubble::Resources::PermissionCollection.from_json(response)
72
128
  end
73
129
 
130
+ # Creates a new Credential or adds a new version of an existing Credential.
131
+ #
132
+ # @param credential [CredHubble::Resources::Credential] a CredHubble::Resources::Credential instance
133
+ # @param overwrite [Boolean] whether or not CredHub should create a new current version for existing Credentials
134
+ # @param additional_permissions [CredHubble::Resources::PermissionCollection]
135
+ # a CredHubble::Resources::PermissionCollection for additional Permissions to set on the credentials
136
+ # @return [CredHubble::Resources::Credential] a CredHubble::Resources::Credential instance,
137
+ # e.g. CredHubble::Resources::CertificateCredential
74
138
  def put_credential(credential, overwrite: nil, additional_permissions: [])
75
139
  credential_body = credential.attributes_for_put
76
140
  credential_body[:overwrite] = !!overwrite unless overwrite.nil?
@@ -83,10 +147,19 @@ module CredHubble
83
147
  CredHubble::Resources::CredentialFactory.from_json(response)
84
148
  end
85
149
 
150
+ # Populates "credhub-ref" keys in a JSON string (e.g. ENV['VCAP_SERVICES']) with credential values.
151
+ #
152
+ # @param vcap_services_json [String] a valid JSON string including, particularly one from a Cloud Foundry app's
153
+ # VCAP_SERVICES environment variable
154
+ # @return [String] a valid JSON string with populated CredHub references
86
155
  def interpolate_credentials(vcap_services_json)
87
156
  http_client.post('/api/v1/interpolate', vcap_services_json).body
88
157
  end
89
158
 
159
+ # Deletes a Credential with the given Name.
160
+ #
161
+ # @param name [String] a CredHub credential name, e.g '/my-credential'
162
+ # @return [Boolean] true if the deletion was successful
90
163
  def delete_credential_by_name(name)
91
164
  template = Addressable::Template.new('/api/v1/data{?query*}')
92
165
 
@@ -96,11 +169,22 @@ module CredHubble
96
169
  http_client.delete(path).success?
97
170
  end
98
171
 
172
+ # Adds additional Permissions to an existing Credential. The Credential is specified by the `credential_name` field
173
+ # on the PermissionCollection
174
+ #
175
+ # @param permission_collection [CredHubble::Resources::PermissionCollection]
176
+ # a CredHubble::Resources::PermissionCollection for additional Permissions to set on the credentials
177
+ # @return [CredHubble::Resources::PermissionCollection] a CredHubble::Resources::PermissionCollection instance
99
178
  def add_permissions(permission_collection)
100
179
  response = http_client.post('/api/v1/permissions', permission_collection.to_json).body
101
180
  CredHubble::Resources::PermissionCollection.from_json(response)
102
181
  end
103
182
 
183
+ # Deletes any permissions for the given actor for a Credential.
184
+ #
185
+ # @param credential_name [String] a CredHub credential name, e.g '/my-credential'
186
+ # @param actor [String] a CredHub actor, e.g. 'uaa-user:fca1ae5e-f417-45ce-94b0-79889e27e047'
187
+ # @return [Boolean] true if the deletion was successful
104
188
  def delete_permissions(credential_name, actor)
105
189
  template = Addressable::Template.new('/api/v1/permissions{?query*}')
106
190
 
data/lib/cred_hubble/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module CredHubble
2
- VERSION = '0.1.0.pre'.freeze
2
+ VERSION = '0.1.0'.freeze
3
3
  end
data/spec/cred_hubble/client_spec.rb CHANGED
@@ -219,6 +219,49 @@ RSpec.describe CredHubble::Client do
219
219
  end
220
220
  end
221
221
 
222
+ describe '#current_credential_value' do
223
+ let(:response_body) do
224
+ '{
225
+ "data":[
226
+ {
227
+ "type":"user",
228
+ "version_created_at":"2017-10-03T04:12:21Z",
229
+ "id":"5298e0e4-c3f5-4c73-a156-9ffce4c137f5",
230
+ "name":"/trade-federation-admin",
231
+ "value": {
232
+ "username": "roger_roger",
233
+ "password": "2582aaf15ec84e3fa3ba682152663a52",
234
+ "password_hash": "3638fbae81358ff9020be1d7a9a509fc6:1234"
235
+ }
236
+ }
237
+ ]
238
+ }'
239
+ end
240
+
241
+ it 'makes a request to the /api/v1/data endpoint with the name as a query parameter' do
242
+ subject.current_credential_value('/trade-federation-admin')
243
+ expect(mock_http_client).to have_received(:get).with('/api/v1/data?name=%2Ftrade-federation-admin&current=true')
244
+ end
245
+
246
+ context 'when a credential for the given name exists' do
247
+ it 'returns the credential value' do
248
+ credential_value = subject.current_credential_value('/trade-federation-admin')
249
+ expect(credential_value.username).to eq('roger_roger')
250
+ expect(credential_value.password).to eq('2582aaf15ec84e3fa3ba682152663a52')
251
+ expect(credential_value.password_hash).to eq('3638fbae81358ff9020be1d7a9a509fc6:1234')
252
+ end
253
+ end
254
+
255
+ context 'when a credential for the given name does not exist' do
256
+ let(:response_body) { '{"data":[]}' }
257
+
258
+ it 'returns nil' do
259
+ credential_value = subject.current_credential_value('/trade-federation-admin')
260
+ expect(credential_value).to be_nil
261
+ end
262
+ end
263
+ end
264
+
222
265
  describe '#permissions_by_credential_name' do
223
266
  let(:response_body) do
224
267
  '{
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cred_hubble
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0.pre
4
+ version: 0.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tim Downey
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-10-09 00:00:00.000000000 Z
11
+ date: 2017-10-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday
@@ -78,6 +78,20 @@ dependencies:
78
78
  - - "~>"
79
79
  - !ruby/object:Gem::Version
80
80
  version: '1.15'
81
+ - !ruby/object:Gem::Dependency
82
+ name: gem-release
83
+ requirement: !ruby/object:Gem::Requirement
84
+ requirements:
85
+ - - ">="
86
+ - !ruby/object:Gem::Version
87
+ version: '0'
88
+ type: :development
89
+ prerelease: false
90
+ version_requirements: !ruby/object:Gem::Requirement
91
+ requirements:
92
+ - - ">="
93
+ - !ruby/object:Gem::Version
94
+ version: '0'
81
95
  - !ruby/object:Gem::Dependency
82
96
  name: rake
83
97
  requirement: !ruby/object:Gem::Requirement
@@ -134,6 +148,20 @@ dependencies:
134
148
  - - "~>"
135
149
  - !ruby/object:Gem::Version
136
150
  version: '3.0'
151
+ - !ruby/object:Gem::Dependency
152
+ name: yard
153
+ requirement: !ruby/object:Gem::Requirement
154
+ requirements:
155
+ - - ">="
156
+ - !ruby/object:Gem::Version
157
+ version: '0'
158
+ type: :development
159
+ prerelease: false
160
+ version_requirements: !ruby/object:Gem::Requirement
161
+ requirements:
162
+ - - ">="
163
+ - !ruby/object:Gem::Version
164
+ version: '0'
137
165
  description:
138
166
  email:
139
167
  - tim@downey.io
@@ -212,9 +240,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
212
240
  version: '2.1'
213
241
  required_rubygems_version: !ruby/object:Gem::Requirement
214
242
  requirements:
215
- - - ">"
243
+ - - ">="
216
244
  - !ruby/object:Gem::Version
217
- version: 1.3.1
245
+ version: '0'
218
246
  requirements: []
219
247
  rubyforge_project:
220
248
  rubygems_version: 2.6.13