cred_hubble 0.1.0.pre → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/cred_hubble.gemspec +2 -0
- data/lib/cred_hubble/client.rb +84 -0
- data/lib/cred_hubble/version.rb +1 -1
- data/spec/cred_hubble/client_spec.rb +43 -0
- metadata +32 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8345013303bcb55d2335018f4d4469557ed6f88a
|
4
|
+
data.tar.gz: 24b09bdcef1948594f326f212c5581c7c9ef8d47
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 17bca452601dca62005f46a238671b565e7e0c481ef88278d6ca333881a0502b69ee4bff600c4b179cf9a2d63123b36dbdced0feff18d8defca75399ba39aa3e
|
7
|
+
data.tar.gz: a00b2bcf4adbaa8e8ee7fda6310c777087ec01d1a96df4b84c0a43408b39b3b37a782946e6f035125fa0c80d4ee45f349827b884d72ed0b1b4f0affdb3eb93a5
|
data/cred_hubble.gemspec
CHANGED
@@ -27,8 +27,10 @@ Gem::Specification.new do |spec|
|
|
27
27
|
spec.add_runtime_dependency 'addressable', '~> 2.0'
|
28
28
|
|
29
29
|
spec.add_development_dependency 'bundler', '~> 1.15'
|
30
|
+
spec.add_development_dependency 'gem-release'
|
30
31
|
spec.add_development_dependency 'rake', '~> 10.0'
|
31
32
|
spec.add_development_dependency 'rspec', '~> 3.0'
|
32
33
|
spec.add_development_dependency 'rubocop'
|
33
34
|
spec.add_development_dependency 'webmock', '~> 3.0'
|
35
|
+
spec.add_development_dependency 'yard'
|
34
36
|
end
|
data/lib/cred_hubble/client.rb
CHANGED
@@ -6,6 +6,15 @@ require 'openssl'
|
|
6
6
|
# rubocop:disable ClassLength
|
7
7
|
module CredHubble
|
8
8
|
class Client
|
9
|
+
# Instantiates a new CredHubble::Client.
|
10
|
+
#
|
11
|
+
# @param host [String] host for the target CredHub server
|
12
|
+
# @param port [Integer] port for the target CredHub server
|
13
|
+
# @param auth_header_token [String] oAuth2 bearer token for auth header
|
14
|
+
# @param client_cert_path [String] path to a client TLS certificate
|
15
|
+
# @param client_key_path [String] path to a client TLS encryption key
|
16
|
+
# @param ca_path [String] path to a CA certificate
|
17
|
+
# @return [CredHubble::Client] a CredHubble::Client instance
|
9
18
|
def initialize(host:, port: 8844, auth_header_token: nil, ca_path: nil,
|
10
19
|
client_cert_path: nil, client_key_path: nil)
|
11
20
|
|
@@ -17,6 +26,13 @@ module CredHubble
|
|
17
26
|
@client_key_path = client_key_path
|
18
27
|
end
|
19
28
|
|
29
|
+
# Instantiates a new CredHubble::Client using an oAuth2 bearer token for auth header authentication.
|
30
|
+
#
|
31
|
+
# @param host [String] host for the target CredHub server
|
32
|
+
# @param port [Integer] port for the target CredHub server
|
33
|
+
# @param auth_header_token [String] oAuth2 bearer token for auth header
|
34
|
+
# @param ca_path [String] path to a CA certificate
|
35
|
+
# @return [CredHubble::Client] a CredHubble::Client instance
|
20
36
|
def self.new_from_token_auth(host:, port: 8844, auth_header_token:, ca_path: nil)
|
21
37
|
new(
|
22
38
|
auth_header_token: auth_header_token,
|
@@ -26,6 +42,14 @@ module CredHubble
|
|
26
42
|
)
|
27
43
|
end
|
28
44
|
|
45
|
+
# Instantiates a new CredHubble::Client using a client TLS certificate and key for mutual TLS authentication.
|
46
|
+
#
|
47
|
+
# @param host [String] host for the target CredHub server
|
48
|
+
# @param port [Integer] port for the target CredHub server
|
49
|
+
# @param client_cert_path [String] path to a client TLS certificate
|
50
|
+
# @param client_key_path [String] path to a client TLS encryption key
|
51
|
+
# @param ca_path [String] path to a CA certificate
|
52
|
+
# @return [CredHubble::Client] a CredHubble::Client instance
|
29
53
|
def self.new_from_mtls_auth(host:, port: 8844, client_cert_path:, client_key_path:, ca_path: nil)
|
30
54
|
new(
|
31
55
|
client_cert_path: client_cert_path,
|
@@ -36,21 +60,39 @@ module CredHubble
|
|
36
60
|
)
|
37
61
|
end
|
38
62
|
|
63
|
+
# Performs a GET request to the CredHub /info endpoint.
|
64
|
+
#
|
65
|
+
# @return [CredHubble::Resources::Info] a CredHubble::Resources::Info instance
|
39
66
|
def info
|
40
67
|
response = http_client.get('/info').body
|
41
68
|
CredHubble::Resources::Info.from_json(response)
|
42
69
|
end
|
43
70
|
|
71
|
+
# Performs a GET request to the CredHub /health endpoint.
|
72
|
+
#
|
73
|
+
# @return [CredHubble::Resources::Health] a CredHubble::Resources::Health instance
|
44
74
|
def health
|
45
75
|
response = http_client.get('/health').body
|
46
76
|
CredHubble::Resources::Health.from_json(response)
|
47
77
|
end
|
48
78
|
|
79
|
+
# Retrieves a Credential by ID.
|
80
|
+
#
|
81
|
+
# @param credential_id [String] a CredHub credential identifier
|
82
|
+
# @return [CredHubble::Resources::Credential] a CredHubble::Resources::Credential instance,
|
83
|
+
# e.g. CredHubble::Resources::ValueCredential
|
49
84
|
def credential_by_id(credential_id)
|
50
85
|
response = http_client.get("/api/v1/data/#{credential_id}").body
|
51
86
|
CredHubble::Resources::CredentialFactory.from_json(response)
|
52
87
|
end
|
53
88
|
|
89
|
+
# Retrieves a collection of Credentials by Name.
|
90
|
+
#
|
91
|
+
# @param name [String] a CredHub credential name, e.g '/my-credential'
|
92
|
+
# @param current [Boolean] whether or not to return only the current version of a Credential
|
93
|
+
# @param versions [Integer] the maximum number of versions of a Credential to return
|
94
|
+
# @return [CredHubble::Resources::CredentialCollection] a CredHubble::Resources::CredentialCollection instance,
|
95
|
+
# containing an enumerable list of Credentials
|
54
96
|
def credentials_by_name(name, current: nil, versions: nil)
|
55
97
|
template = Addressable::Template.new('/api/v1/data{?query*}')
|
56
98
|
|
@@ -61,6 +103,20 @@ module CredHubble
|
|
61
103
|
CredHubble::Resources::CredentialCollection.from_json(response)
|
62
104
|
end
|
63
105
|
|
106
|
+
# Retrieves the value of the current Credential for the given name
|
107
|
+
#
|
108
|
+
# @param credential_name [String] a CredHub credential name, e.g '/my-credential'
|
109
|
+
# @return [String, Hash, RsaValue, SshValue, UserValue, CertificateValue, nil] the Credential#value if it exists
|
110
|
+
def current_credential_value(credential_name)
|
111
|
+
current_credential = credentials_by_name(credential_name, current: true).first
|
112
|
+
current_credential && current_credential.value
|
113
|
+
end
|
114
|
+
|
115
|
+
# Retrieves a collection of Permissions for a Credential by Credential Name.
|
116
|
+
#
|
117
|
+
# @param credential_name [String] a CredHub credential name, e.g '/my-credential'
|
118
|
+
# @return [CredHubble::Resources::PermissionCollection] a CredHubble::Resources::PermissionCollection instance,
|
119
|
+
# containing an enumerable list of Permissions
|
64
120
|
def permissions_by_credential_name(credential_name)
|
65
121
|
template = Addressable::Template.new('/api/v1/permissions{?query*}')
|
66
122
|
|
@@ -71,6 +127,14 @@ module CredHubble
|
|
71
127
|
CredHubble::Resources::PermissionCollection.from_json(response)
|
72
128
|
end
|
73
129
|
|
130
|
+
# Creates a new Credential or adds a new version of an existing Credential.
|
131
|
+
#
|
132
|
+
# @param credential [CredHubble::Resources::Credential] a CredHubble::Resources::Credential instance
|
133
|
+
# @param overwrite [Boolean] whether or not CredHub should create a new current version for existing Credentials
|
134
|
+
# @param additional_permissions [CredHubble::Resources::PermissionCollection]
|
135
|
+
# a CredHubble::Resources::PermissionCollection for additional Permissions to set on the credentials
|
136
|
+
# @return [CredHubble::Resources::Credential] a CredHubble::Resources::Credential instance,
|
137
|
+
# e.g. CredHubble::Resources::CertificateCredential
|
74
138
|
def put_credential(credential, overwrite: nil, additional_permissions: [])
|
75
139
|
credential_body = credential.attributes_for_put
|
76
140
|
credential_body[:overwrite] = !!overwrite unless overwrite.nil?
|
@@ -83,10 +147,19 @@ module CredHubble
|
|
83
147
|
CredHubble::Resources::CredentialFactory.from_json(response)
|
84
148
|
end
|
85
149
|
|
150
|
+
# Populates "credhub-ref" keys in a JSON string (e.g. ENV['VCAP_SERVICES']) with credential values.
|
151
|
+
#
|
152
|
+
# @param vcap_services_json [String] a valid JSON string including, particularly one from a Cloud Foundry app's
|
153
|
+
# VCAP_SERVICES environment variable
|
154
|
+
# @return [String] a valid JSON string with populated CredHub references
|
86
155
|
def interpolate_credentials(vcap_services_json)
|
87
156
|
http_client.post('/api/v1/interpolate', vcap_services_json).body
|
88
157
|
end
|
89
158
|
|
159
|
+
# Deletes a Credential with the given Name.
|
160
|
+
#
|
161
|
+
# @param name [String] a CredHub credential name, e.g '/my-credential'
|
162
|
+
# @return [Boolean] true if the deletion was successful
|
90
163
|
def delete_credential_by_name(name)
|
91
164
|
template = Addressable::Template.new('/api/v1/data{?query*}')
|
92
165
|
|
@@ -96,11 +169,22 @@ module CredHubble
|
|
96
169
|
http_client.delete(path).success?
|
97
170
|
end
|
98
171
|
|
172
|
+
# Adds additional Permissions to an existing Credential. The Credential is specified by the `credential_name` field
|
173
|
+
# on the PermissionCollection
|
174
|
+
#
|
175
|
+
# @param permission_collection [CredHubble::Resources::PermissionCollection]
|
176
|
+
# a CredHubble::Resources::PermissionCollection for additional Permissions to set on the credentials
|
177
|
+
# @return [CredHubble::Resources::PermissionCollection] a CredHubble::Resources::PermissionCollection instance
|
99
178
|
def add_permissions(permission_collection)
|
100
179
|
response = http_client.post('/api/v1/permissions', permission_collection.to_json).body
|
101
180
|
CredHubble::Resources::PermissionCollection.from_json(response)
|
102
181
|
end
|
103
182
|
|
183
|
+
# Deletes any permissions for the given actor for a Credential.
|
184
|
+
#
|
185
|
+
# @param credential_name [String] a CredHub credential name, e.g '/my-credential'
|
186
|
+
# @param actor [String] a CredHub actor, e.g. 'uaa-user:fca1ae5e-f417-45ce-94b0-79889e27e047'
|
187
|
+
# @return [Boolean] true if the deletion was successful
|
104
188
|
def delete_permissions(credential_name, actor)
|
105
189
|
template = Addressable::Template.new('/api/v1/permissions{?query*}')
|
106
190
|
|
data/lib/cred_hubble/version.rb
CHANGED
@@ -219,6 +219,49 @@ RSpec.describe CredHubble::Client do
|
|
219
219
|
end
|
220
220
|
end
|
221
221
|
|
222
|
+
describe '#current_credential_value' do
|
223
|
+
let(:response_body) do
|
224
|
+
'{
|
225
|
+
"data":[
|
226
|
+
{
|
227
|
+
"type":"user",
|
228
|
+
"version_created_at":"2017-10-03T04:12:21Z",
|
229
|
+
"id":"5298e0e4-c3f5-4c73-a156-9ffce4c137f5",
|
230
|
+
"name":"/trade-federation-admin",
|
231
|
+
"value": {
|
232
|
+
"username": "roger_roger",
|
233
|
+
"password": "2582aaf15ec84e3fa3ba682152663a52",
|
234
|
+
"password_hash": "3638fbae81358ff9020be1d7a9a509fc6:1234"
|
235
|
+
}
|
236
|
+
}
|
237
|
+
]
|
238
|
+
}'
|
239
|
+
end
|
240
|
+
|
241
|
+
it 'makes a request to the /api/v1/data endpoint with the name as a query parameter' do
|
242
|
+
subject.current_credential_value('/trade-federation-admin')
|
243
|
+
expect(mock_http_client).to have_received(:get).with('/api/v1/data?name=%2Ftrade-federation-admin¤t=true')
|
244
|
+
end
|
245
|
+
|
246
|
+
context 'when a credential for the given name exists' do
|
247
|
+
it 'returns the credential value' do
|
248
|
+
credential_value = subject.current_credential_value('/trade-federation-admin')
|
249
|
+
expect(credential_value.username).to eq('roger_roger')
|
250
|
+
expect(credential_value.password).to eq('2582aaf15ec84e3fa3ba682152663a52')
|
251
|
+
expect(credential_value.password_hash).to eq('3638fbae81358ff9020be1d7a9a509fc6:1234')
|
252
|
+
end
|
253
|
+
end
|
254
|
+
|
255
|
+
context 'when a credential for the given name does not exist' do
|
256
|
+
let(:response_body) { '{"data":[]}' }
|
257
|
+
|
258
|
+
it 'returns nil' do
|
259
|
+
credential_value = subject.current_credential_value('/trade-federation-admin')
|
260
|
+
expect(credential_value).to be_nil
|
261
|
+
end
|
262
|
+
end
|
263
|
+
end
|
264
|
+
|
222
265
|
describe '#permissions_by_credential_name' do
|
223
266
|
let(:response_body) do
|
224
267
|
'{
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cred_hubble
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.0
|
4
|
+
version: 0.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tim Downey
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-10-
|
11
|
+
date: 2017-10-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: faraday
|
@@ -78,6 +78,20 @@ dependencies:
|
|
78
78
|
- - "~>"
|
79
79
|
- !ruby/object:Gem::Version
|
80
80
|
version: '1.15'
|
81
|
+
- !ruby/object:Gem::Dependency
|
82
|
+
name: gem-release
|
83
|
+
requirement: !ruby/object:Gem::Requirement
|
84
|
+
requirements:
|
85
|
+
- - ">="
|
86
|
+
- !ruby/object:Gem::Version
|
87
|
+
version: '0'
|
88
|
+
type: :development
|
89
|
+
prerelease: false
|
90
|
+
version_requirements: !ruby/object:Gem::Requirement
|
91
|
+
requirements:
|
92
|
+
- - ">="
|
93
|
+
- !ruby/object:Gem::Version
|
94
|
+
version: '0'
|
81
95
|
- !ruby/object:Gem::Dependency
|
82
96
|
name: rake
|
83
97
|
requirement: !ruby/object:Gem::Requirement
|
@@ -134,6 +148,20 @@ dependencies:
|
|
134
148
|
- - "~>"
|
135
149
|
- !ruby/object:Gem::Version
|
136
150
|
version: '3.0'
|
151
|
+
- !ruby/object:Gem::Dependency
|
152
|
+
name: yard
|
153
|
+
requirement: !ruby/object:Gem::Requirement
|
154
|
+
requirements:
|
155
|
+
- - ">="
|
156
|
+
- !ruby/object:Gem::Version
|
157
|
+
version: '0'
|
158
|
+
type: :development
|
159
|
+
prerelease: false
|
160
|
+
version_requirements: !ruby/object:Gem::Requirement
|
161
|
+
requirements:
|
162
|
+
- - ">="
|
163
|
+
- !ruby/object:Gem::Version
|
164
|
+
version: '0'
|
137
165
|
description:
|
138
166
|
email:
|
139
167
|
- tim@downey.io
|
@@ -212,9 +240,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
212
240
|
version: '2.1'
|
213
241
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
214
242
|
requirements:
|
215
|
-
- - "
|
243
|
+
- - ">="
|
216
244
|
- !ruby/object:Gem::Version
|
217
|
-
version:
|
245
|
+
version: '0'
|
218
246
|
requirements: []
|
219
247
|
rubyforge_project:
|
220
248
|
rubygems_version: 2.6.13
|