diplomat 2.2.4 → 2.2.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a0813e8904655cc9ce1979f5bfc6eb1b2382be25a475713c999898d4bb06d02d
-  data.tar.gz: ccc830a11cbc3aedc20c9cb7aea4f79123d1be69b9dc076c9eaf8ef142685092
+  metadata.gz: 8ee74cdd0ff09ba455fa1185856231070da1a7b5296bcec09db981a72cb0a235
+  data.tar.gz: 2fd779c20984bc5f394c9c5fb6aef1a30abfcc99bd74d1700044c6fe2cc1d4e4
 SHA512:
-  metadata.gz: 8debd4bbd65bf6bde7fd86ebccc87748604d593b142ff68405386fcd4c193185ca9213b38392cab874654c2657a4297d05775396840ff4553f862e05a37dc14c
-  data.tar.gz: 2580b978e27ecb6b732d447d4cd93cf278659b1df85d7113c4b9dcf1bca98917f7f074e2caaead5e8462c21f35c47fc41a5efbae92e9aa31bebbb482218729d8
+  metadata.gz: 9d9a9c7e1d7a2fdfdabb7139013da70e5dee028c18dcd2fa820ed5d235a34a26ac3a1b5108d7fab2d76be1bad370ed85a47b791b190104088be2a63287d76d58
+  data.tar.gz: 9daf8932e9bd5e2e74ad19cb91b070552805f1f249d553c2975899edc2f1ee27146b6207fb07867cbbb563b0b60b8768d68fc3d276902de28ce0b0a65885d662

data/lib/diplomat.rb

@@ -28,7 +28,8 @@ module Diplomat
 
   require_libs 'configuration', 'rest_client', 'kv', 'datacenter', 'service',
                'members', 'node', 'nodes', 'check', 'health', 'session', 'lock',
-               'error', 'event', 'acl', 'maintenance', 'query', 'agent', 'status'
+               'error', 'event', 'acl', 'maintenance', 'query', 'agent', 'status',
+               'policy', 'token', 'role'
   self.configuration ||= Diplomat::Configuration.new
 
   class << self

data/lib/diplomat/error.rb

@@ -2,7 +2,7 @@ module Diplomat
   class KeyNotFound < StandardError; end
   class PathNotFound < StandardError; end
   class KeyAlreadyExists < StandardError; end
-  class AclNotFound < StandardError; end
+  class AclNotFound < PathNotFound; end
   class AclAlreadyExists < StandardError; end
   class EventNotFound < StandardError; end
   class EventAlreadyExists < StandardError; end
@@ -10,6 +10,15 @@ module Diplomat
   class QueryAlreadyExists < StandardError; end
   class UnknownStatus < StandardError; end
   class IdParameterRequired < StandardError; end
+  class NameParameterRequired < StandardError; end
   class InvalidTransaction < StandardError; end
   class DeprecatedArgument < StandardError; end
+  class PolicyNotFound < StandardError; end
+  class NameParameterRequired < StandardError; end
+  class PolicyMalformed < StandardError; end
+  class AccessorIdParameterRequired < StandardError; end
+  class TokenMalformed < StandardError; end
+  class PolicyAlreadyExists < StandardError; end
+  class RoleMalformed < StandardError; end
+  class RoleNotFound < StandardError; end
 end

data/lib/diplomat/kv.rb

@@ -42,12 +42,8 @@ module Diplomat
     #   - W W - get the first or next value; wait until there is an update
     # rubocop:disable PerceivedComplexity, MethodLength, LineLength, CyclomaticComplexity
     def get(key, options = {}, not_found = :reject, found = :return)
-      key_subst = if key.start_with? '/'
-                    key[1..-1]
-                  else
-                    key.freeze
-                  end
-      @key = key_subst
+      key = normalize_key_for_uri(key)
+      @key = key
       @options = options
       custom_params = []
       custom_params << recurse_get(@options)
@@ -111,6 +107,7 @@ module Diplomat
     # @option options [String] :acquire Session to attach to key
     # @return [Bool] Success or failure of the write (can fail in c-a-s mode)
     def put(key, value, options = {})
+      key = normalize_key_for_uri(key)
       @options = options
       custom_params = []
       custom_params << use_cas(@options)
@@ -132,6 +129,7 @@ module Diplomat
     # @option options [Boolean] :recurse If to make recursive get or not
     # @return [OpenStruct]
     def delete(key, options = {})
+      key = normalize_key_for_uri(key)
       @key = key
       @options = options
       custom_params = []

data/lib/diplomat/lock.rb

@@ -10,6 +10,7 @@ module Diplomat
     # @param options [Hash] options parameter hash
     # @return [Boolean] If the lock was acquired
     def acquire(key, session, value = nil, options = {})
+      key = normalize_key_for_uri(key)
       custom_params = []
       custom_params << use_named_parameter('acquire', session)
       custom_params << use_named_parameter('dc', options[:dc]) if options[:dc]
@@ -42,6 +43,7 @@ module Diplomat
     # @return [nil]
     # rubocop:disable AbcSize
     def release(key, session, options = {})
+      key = normalize_key_for_uri(key)
       custom_params = []
       custom_params << use_named_parameter('release', session)
       custom_params << use_named_parameter('dc', options[:dc]) if options[:dc]

data/lib/diplomat/policy.rb

@@ -0,0 +1,112 @@
+module Diplomat
+  # Methods for interacting with the Consul ACL Policy API endpoint
+  class Policy < Diplomat::RestClient
+    @access_methods = %i[list read create delete update]
+    attr_reader :id, :type, :acl
+
+    # Read ACL policy with the given UUID
+    # @param id [String] UUID of the ACL policy to read
+    # @param options [Hash] options parameter hash
+    # @return [Hash] existing ACL policy
+    # rubocop:disable PerceivedComplexity
+    def read(id, options = {}, not_found = :reject, found = :return)
+      @options = options
+      custom_params = []
+      custom_params << use_consistency(options)
+
+      @raw = send_get_request(@conn_no_err, ["/v1/acl/policy/#{id}"], options, custom_params)
+
+      if @raw.status == 200 && @raw.body.chomp != 'null'
+        case found
+        when :reject
+          raise Diplomat::PolicyNotFound, id
+        when :return
+          return parse_body
+        end
+      elsif @raw.status == 404
+        case not_found
+        when :reject
+          raise Diplomat::PolicyNotFound, id
+        when :return
+          return nil
+        end
+      elsif @raw.status == 403
+        case not_found
+        when :reject
+          raise Diplomat::AclNotFound, id
+        when :return
+          return nil
+        end
+      else
+        raise Diplomat::UnknownStatus, "status #{@raw.status}: #{@raw.body}"
+      end
+    end
+    # rubocop:enable PerceivedComplexity
+
+    # List all the ACL policies
+    # @param options [Hash] options parameter hash
+    # @return [List] list of [Hash] of ACL policies
+    def list(options = {})
+      @raw = send_get_request(@conn_no_err, ['/v1/acl/policies'], options)
+      raise Diplomat::AclNotFound if @raw.status == 403
+
+      parse_body
+    end
+
+    # Update an existing ACL policy
+    # @param value [Hash] ACL policy definition, ID and Name fields are mandatory
+    # @param options [Hash] options parameter hash
+    # @return [Hash] result ACL policy
+    def update(value, options = {})
+      id = value[:ID] || value['ID']
+      raise Diplomat::IdParameterRequired if id.nil?
+
+      policy_name = value[:Name] || value['Name']
+      raise Diplomat::NameParameterRequired if policy_name.nil?
+
+      custom_params = use_cas(@options)
+      @raw = send_put_request(@conn, ["/v1/acl/policy/#{id}"], options, value, custom_params)
+      if @raw.status == 200
+        parse_body
+      elsif @raw.status == 400
+        raise Diplomat::PolicyMalformed, @raw.body
+      else
+        raise Diplomat::UnknownStatus, "status #{@raw.status}: #{@raw.body}"
+      end
+    end
+
+    # Create a new ACL policy
+    # @param value [Hash] ACL policy definition, Name field is mandatory
+    # @param options [Hash] options parameter hash
+    # @return [Hash] new ACL policy
+    def create(value, options = {})
+      blacklist = ['ID', 'iD', 'Id', :ID, :iD, :Id] & value.keys
+      raise Diplomat::PolicyMalformed, 'ID should not be specified' unless blacklist.empty?
+
+      id = value[:Name] || value['Name']
+      raise Diplomat::NameParameterRequired if id.nil?
+
+      custom_params = use_cas(@options)
+      @raw = send_put_request(@conn, ['/v1/acl/policy'], options, value, custom_params)
+
+      # rubocop:disable GuardClause
+      if @raw.status == 200
+        return parse_body
+      elsif @raw.status == 500 && @raw.body.chomp.include?('already exists')
+        raise Diplomat::PolicyAlreadyExists, @raw.body
+      else
+        raise Diplomat::UnknownStatus, "status #{@raw.status}: #{@raw.body}"
+      end
+    end
+    # rubocop:enable GuardClause
+
+    # Delete an ACL policy by its UUID
+    # @param id [String] UUID of the ACL policy to delete
+    # @param options [Hash] options parameter hash
+    # @return [Bool]
+    def delete(id, options = {})
+      @raw = send_delete_request(@conn, ["/v1/acl/policy/#{id}"], options, nil)
+      @raw.body.chomp == 'true'
+    end
+  end
+end

data/lib/diplomat/rest_client.rb

@@ -82,6 +82,44 @@ module Diplomat
       end
     end
 
+    protected
+
+    # Turn the given key into something that the Consul API
+    # will consider its canonical form. If we don't do this,
+    # then the Consul API will return a HTTP 301 response directing
+    # us to the same action with a canonicalized key, and we'd
+    # have to waste time following that redirect.
+    def normalize_key_for_uri(key)
+      # The Consul docs suggest using slashes to organise keys
+      # (https://www.consul.io/docs/agent/kv.html#using-consul-kv).
+      #
+      # However, Consul (like many servers) does strange things with slashes,
+      # presumably to "paper over" users' errors in typing URLs.
+      # E.g. the key "/my/path" will end up in the URI path component
+      # "/v1/kv//my/path", which Consul will redirect (HTTP 301) to
+      # "/v1/kv/my/path" -- a very different URI!
+      #
+      # One solution might be to simply always URI-encode slashes
+      # (and all other non-URI-safe characters), but that appears to
+      # result in some other weirdness, e.g., keys being returned with
+      # URI-encoding in them in contexts totally unrelated to URIs.
+      # For examples, see these issues and follow the links:
+      #
+      # - https://github.com/hashicorp/consul/issues/889
+      # - https://github.com/hashicorp/consul/issues/1277
+      #
+      # For now it seems safest to simply assume that leading literal
+      # slashes on keys are benign mistakes, and strip them off.
+      # Hopefully the expected behaviour will be formalised/clarified
+      # in future versions of Consul, and we can introduce some stricter
+      # and more predictable handling of keys on this side.
+      if key.start_with? '/'
+        key[1..-1]
+      else
+        key.freeze
+      end
+    end
+
     private
 
     # Build the API Client
@@ -180,7 +218,7 @@ module Diplomat
       headers = { 'X-Consul-Token' => configuration.acl_token } if configuration.acl_token
       headers = { 'X-Consul-Token' => options[:token] } if options[:token]
 
-      # Parse options used as query params
+      # Parse consistency options used as query params
       consistency = 'stale' if options[:stale]
       consistency = 'leader' if options[:leader]
       consistency = 'consistent' if options[:consistent]
@@ -204,6 +242,10 @@ module Diplomat
           req.options.timeout = options[:timeout] if options[:timeout]
         end
       rescue Faraday::ClientError => e
+        resp = e.response
+        if resp
+          raise Diplomat::AclNotFound, e if resp[:status] == 403 && resp[:body] == 'ACL not found'
+        end
         raise Diplomat::PathNotFound, e
       end
     end

data/lib/diplomat/role.rb

@@ -0,0 +1,151 @@
+module Diplomat
+  # Methods for interacting with the Consul ACL Role API endpoint
+  class Role < Diplomat::RestClient
+    @access_methods = %i[list read read_name create delete update]
+    attr_reader :id, :type, :acl
+
+    # Read ACL role with the given UUID
+    # @param id [String] UUID or name of the ACL role to read
+    # @param options [Hash] options parameter hash
+    # @return [Hash] existing ACL role
+    # rubocop:disable PerceivedComplexity
+    def read(id, options = {}, not_found = :reject, found = :return)
+      @options = options
+      custom_params = []
+      custom_params << use_consistency(options)
+
+      @raw = send_get_request(@conn_no_err, ["/v1/acl/role/#{id}"], options, custom_params)
+
+      if @raw.status == 200 && @raw.body.chomp != 'null'
+        case found
+        when :reject
+          raise Diplomat::RoleNotFound, id
+        when :return
+          return parse_body
+        end
+      elsif @raw.status == 404
+        case not_found
+        when :reject
+          raise Diplomat::RoleNotFound, id
+        when :return
+          return nil
+        end
+      elsif @raw.status == 403
+        case not_found
+        when :reject
+          raise Diplomat::AclNotFound, id
+        when :return
+          return nil
+        end
+      else
+        raise Diplomat::UnknownStatus, "status #{@raw.status}: #{@raw.body}"
+      end
+    end
+    # rubocop:enable PerceivedComplexity
+
+    # Read ACL role with the given name
+    # @param name [String] name of the ACL role to read
+    # @param options [Hash] options parameter hash
+    # @return [Hash] existing ACL role
+    # rubocop:disable PerceivedComplexity
+    def read_name(name, options = {}, not_found = :reject, found = :return)
+      @options = options
+      custom_params = []
+      custom_params << use_consistency(options)
+
+      @raw = send_get_request(@conn_no_err, ["/v1/acl/role/name/#{name}"], options, custom_params)
+
+      if @raw.status == 200 && @raw.body.chomp != 'null'
+        case found
+        when :reject
+          raise Diplomat::RoleNotFound, name
+        when :return
+          return parse_body
+        end
+      elsif @raw.status == 404
+        case not_found
+        when :reject
+          raise Diplomat::RoleNotFound, name
+        when :return
+          return nil
+        end
+      elsif @raw.status == 403
+        case not_found
+        when :reject
+          raise Diplomat::AclNotFound, name
+        when :return
+          return nil
+        end
+      else
+        raise Diplomat::UnknownStatus, "status #{@raw.status}: #{@raw.body}"
+      end
+    end
+    # rubocop:enable PerceivedComplexity
+
+    # List all the ACL roles
+    # @param options [Hash] options parameter hash
+    # @return [List] list of [Hash] of ACL roles
+    def list(options = {})
+      @raw = send_get_request(@conn_no_err, ['/v1/acl/roles'], options)
+      raise Diplomat::AclNotFound if @raw.status == 403
+
+      parse_body
+    end
+
+    # Update an existing ACL role
+    # @param value [Hash] ACL role definition, ID and Name fields are mandatory
+    # @param options [Hash] options parameter hash
+    # @return [Hash] result ACL role
+    def update(value, options = {})
+      id = value[:ID] || value['ID']
+      raise Diplomat::IdParameterRequired if id.nil?
+
+      role_name = value[:Name] || value['Name']
+      raise Diplomat::NameParameterRequired if role_name.nil?
+
+      custom_params = use_cas(@options)
+      @raw = send_put_request(@conn, ["/v1/acl/role/#{id}"], options, value, custom_params)
+      if @raw.status == 200
+        parse_body
+      elsif @raw.status == 400
+        raise Diplomat::RoleMalformed, @raw.body
+      else
+        raise Diplomat::UnknownStatus, "status #{@raw.status}: #{@raw.body}"
+      end
+    end
+
+    # Create a new ACL role
+    # @param value [Hash] ACL role definition, Name field is mandatory
+    # @param options [Hash] options parameter hash
+    # @return [Hash] new ACL role
+    def create(value, options = {})
+      blacklist = ['ID', 'iD', 'Id', :ID, :iD, :Id] & value.keys
+      raise Diplomat::RoleMalformed, 'ID should not be specified' unless blacklist.empty?
+
+      id = value[:Name] || value['Name']
+      raise Diplomat::NameParameterRequired if id.nil?
+
+      custom_params = use_cas(@options)
+      @raw = send_put_request(@conn, ['/v1/acl/role'], options, value, custom_params)
+
+      # rubocop:disable GuardClause
+      if @raw.status == 200
+        return parse_body
+      elsif @raw.status == 500 && @raw.body.chomp.include?('already exists')
+        raise Diplomat::RoleAlreadyExists, @raw.body
+      else
+        raise Diplomat::UnknownStatus, "status #{@raw.status}: #{@raw.body}"
+      end
+    end
+    # rubocop:enable GuardClause
+
+    # Delete an ACL role by its UUID
+    # @param id [String] UUID of the ACL role to delete
+    # @param options [Hash] options parameter hash
+    # @return [Bool]
+    def delete(id, options = {})
+      @raw = send_delete_request(@conn, ["/v1/acl/role/#{id}"], options, nil)
+      @raw.body.chomp == 'true'
+    end
+  end
+end

data/lib/diplomat/token.rb

@@ -0,0 +1,133 @@
+module Diplomat
+  # Methods for interacting with the Consul ACL Policy API endpoint
+  class Token < Diplomat::RestClient
+    @access_methods = %i[list read create delete update clone self]
+    attr_reader :id, :type, :acl
+
+    # Read ACL token with the given Accessor ID
+    # @param id [String] accessor ID of the ACL token to read
+    # @param options [Hash] options parameter hash
+    # @return [Hash] existing ACL token
+    # rubocop:disable PerceivedComplexity
+    def read(id, options = {}, not_found = :reject, found = :return)
+      @options = options
+      custom_params = []
+      custom_params << use_consistency(options)
+
+      @raw = send_get_request(@conn_no_err, ["/v1/acl/token/#{id}"], options, custom_params)
+
+      if @raw.status == 200 && @raw.body.chomp != 'null'
+        case found
+        when :reject
+          raise Diplomat::AclNotFound, id
+        when :return
+          return parse_body
+        end
+      elsif @raw.status == 403
+        case not_found
+        when :reject
+          raise Diplomat::AclNotFound, id
+        when :return
+          return nil
+        end
+      else
+        raise Diplomat::UnknownStatus, "status #{@raw.status}: #{@raw.body}"
+      end
+    end
+    # rubocop:enable PerceivedComplexity
+
+    # List all the ACL tokens
+    # @param policy [String] filters the token list matching the specific policy ID
+    # @param role [String] filters the token list matching the specific role ID
+    # @param authmethod [String] the token list matching the specific named auth method
+    # @param options [Hash] options parameter hash
+    # @return [List] list of [Hash] of ACL tokens
+    def list(policy = nil, role = nil, authmethod = nil, options = {})
+      custom_params = []
+      custom_params << use_named_parameter('policy', policy) if policy
+      custom_params << use_named_parameter('role', policy) if role
+      custom_params << use_named_parameter('authmethod', policy) if authmethod
+      @raw = send_get_request(@conn_no_err, ['/v1/acl/tokens'], options, custom_params)
+      raise Diplomat::AclNotFound if @raw.status == 403
+
+      parse_body
+    end
+
+    # Update an existing ACL token
+    # @param value [Hash] ACL token definition, AccessorID is mandatory
+    # @param options [Hash] options parameter hash
+    # @return [Hash] result ACL token
+    def update(value, options = {})
+      id = value[:AccessorID] || value['AccessorID']
+      raise Diplomat::AccessorIdParameterRequired if id.nil?
+
+      custom_params = use_cas(@options)
+      @raw = send_put_request(@conn, ["/v1/acl/token/#{id}"], options, value, custom_params)
+      if @raw.status == 200
+        parse_body
+      elsif @raw.status == 403
+        raise Diplomat::AclNotFound, id
+      elsif @raw.status == 400
+        raise Diplomat::TokenMalformed, @raw.body
+      else
+        raise Diplomat::UnknownStatus, "status #{@raw.status}: #{@raw.body}"
+      end
+    end
+
+    # Create a new ACL token
+    # @param value [Hash] ACL token definition
+    # @param options [Hash] options parameter hash
+    # @return [Hash] new ACL token
+    def create(value, options = {})
+      custom_params = use_cas(@options)
+      @raw = send_put_request(@conn, ['/v1/acl/token'], options, value, custom_params)
+      return parse_body if @raw.status == 200
+
+      raise Diplomat::UnknownStatus, "status #{@raw.status}: #{@raw.body}"
+    end
+
+    # Delete an existing ACL token
+    # @param id [String] UUID of the ACL token to delete
+    # @param options [Hash] options parameter hash
+    # @return [Bool]
+    def delete(id, options = {})
+      anonymous_token = '00000000-0000-0000-0000-000000000002'
+      raise Diplomat::NotPermitted, "status #{@raw.status}: #{@raw.body}" if id == anonymous_token
+
+      @raw = send_delete_request(@conn, ["/v1/acl/token/#{id}"], options, nil)
+      @raw.body.chomp == 'true'
+    end
+
+    # Clone an existing ACL token
+    # @param value [Hash] ACL token definition, AccessorID is mandatory
+    # @param options [Hash] options parameter hash
+    # @return [Hash] cloned ACL token
+    def clone(value, options = {})
+      id = value[:AccessorID] || value['AccessorID']
+      raise Diplomat::AccessorIdParameterRequired if id.nil?
+
+      custom_params = use_cas(@options)
+      @raw = send_put_request(@conn, ["/v1/acl/token/#{id}/clone"], options, value, custom_params)
+      if @raw.status == 200
+        parse_body
+      elsif @raw.status == 403
+        raise Diplomat::AclNotFound, id
+      else
+        raise Diplomat::UnknownStatus, "status #{@raw.status}: #{@raw.body}"
+      end
+    end
+
+    # Returns ACL token details matching X-Consul-Token header
+    # @param options [Hash] options parameter hash
+    # @return [Hash] ACL token
+    def self(options = {})
+      custom_params = use_cas(@options)
+      @raw = send_get_request(@conn, ['/v1/acl/token/self'], options, custom_params)
+      if @raw.status == 200
+        parse_body
+      elsif @raw.status == 403
+        raise Diplomat::AclNotFound, id
+      end
+    end
+  end
+end

data/lib/diplomat/version.rb

@@ -1,3 +1,3 @@
 module Diplomat
-  VERSION = '2.2.4'.freeze
+  VERSION = '2.2.5'.freeze
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: diplomat
 version: !ruby/object:Gem::Version
-  version: 2.2.4
+  version: 2.2.5
 platform: ruby
 authors:
 - John Hamelink
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-04-11 00:00:00.000000000 Z
+date: 2019-06-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -149,14 +149,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.49'
+        version: 0.67.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.49'
+        version: 0.67.0
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -233,11 +233,14 @@ files:
 - lib/diplomat/members.rb
 - lib/diplomat/node.rb
 - lib/diplomat/nodes.rb
+- lib/diplomat/policy.rb
 - lib/diplomat/query.rb
 - lib/diplomat/rest_client.rb
+- lib/diplomat/role.rb
 - lib/diplomat/service.rb
 - lib/diplomat/session.rb
 - lib/diplomat/status.rb
+- lib/diplomat/token.rb
 - lib/diplomat/version.rb
 homepage: https://github.com/WeAreFarmGeek/diplomat
 licenses: