dsv-sdk 0.0.4 → 0.0.6.pre.dev

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7852bac952052c86909bbefa031d64af43920e7658fe522b962bff8515a1f711
-  data.tar.gz: 716caf976f0b6b90923162a07210076ad4f5acd70f246592809e5452e55caa93
+  metadata.gz: ef58849c45425870cb24105d3399712dffc14fe46cbcfc384062acddd34dbb63
+  data.tar.gz: 963dabfba1bad411711c8c95aab628477fafff699cb3a381ffeb38be3abeeeb0
 SHA512:
-  metadata.gz: 38b4142bcf7412b4213120580ecfc12475c4de2d6b904d33848fe3a7b0e6e22fee8f52b58d5aaacff138342d7c6389fd039fca7e723eb2d910e393fe9125e441
-  data.tar.gz: 3b4e130e8f7c73e3d61640253f46a86e709f33f12d8e5bbde1849e3717f410f398617fa8349fa0c389715992388d78677e991ceb6eaf3e4c8673576ce7ac4ab7
+  metadata.gz: dba5aa908ff38e851778cd0664ac14e5fb568a54aaecf97a96ffbc583c04317d01450ce204c409aab763a459bfba2c906e49c2d4d48aa916364456ab0efba1e0
+  data.tar.gz: 1c101637a50f07ba426f197a10a9d90ba2c185305abafd4f85f1df2e530b1265aa876579ad4b5745287f882360f1c84521d5ed2af995e91b3e543afbb421af40

data/lib/dsv.rb

@@ -0,0 +1,189 @@
+require 'json'
+require 'faraday'
+require 'logger'
+
+##
+# If we're in the +test+ environment just dump logs to Null
+# Otherwise, use stdout
+if ENV['test']
+  $logger = Logger.new(IO::NULL)
+else
+  $logger = Logger.new(STDOUT)
+end
+
+##
+# Invoked when the API returns an +API_AccessDenied+ error
+class AccessDeniedException < StandardError; end;
+class ResourceNotFoundException < StandardError; end;
+class InvalidConfigurationException < StandardError; end;
+class InvalidCredentialsException < StandardError; end;
+class InvalidMethodTypeException < StandardError; end;
+class UnrecognizedResourceException < StandardError; end;
+
+
+module Dsv
+  require_relative 'dsv/client'
+  require_relative 'dsv/secret'
+  require_relative 'dsv/role'
+
+  class Vault
+    DEFAULT_URL_TEMPLATE = "https://%s.secretsvaultcloud.%s/v1/%s%s"
+    DEFAULT_TLD = "com"
+  
+    # Initialize a +Vault+ object with provided configuration.
+    #
+    # @param config [Hash]
+    #   - client_id: ''
+    #   - client_secret: ''
+    #   - tld: 'com'
+    #   - tenant: ''
+    def initialize(config = nil)
+  
+      unless config.nil?
+        @configuration = config.collect{|k,v| [k.to_s, v]}.to_h
+      else
+        @configuration = {}
+  
+        @configuration['client_id'] = ENV['DSV_CLIENT_ID']
+        @configuration['client_secret'] = ENV['DSV_CLIENT_SECRET']
+        @configuration['tenant'] = ENV['DSV_TENANT']
+        @configuration['tld'] = ENV['DSV_TLD']
+      end
+  
+      if @configuration['client_id'].nil? || @configuration['client_secret'].nil?
+        $logger.error("Must provide client_id and client_secret")
+        raise InvalidConfigurationException
+      end
+  
+      $logger.debug("Vault is configured for client_id: #{@configuration['client_id']}")
+    end
+  
+    # Helper method to access a resource via API
+    #
+    # @param method [String] HTTP Request Method
+    # @param resource [String] The resource type to invoke
+    # @param path [String] The API Path to request
+    # @param input [String] Input to send via POST/PUT body
+    #
+    # @return [Hash] - return Hash of JSON contents
+    #
+    # - +AccessDeniedException+ is raised if the server responds with an +API_AccessDenied+ error
+    # - +InvalidMethodTypeException+ is raised if a method other than +["GET", "POST", "PUT", "DELETE"]+ is provided
+    # - +UnrecognizedResourceException+ is raised if a resource other than +["clients", "roles", "secrets"]+ is requested
+    def accessResource(method, resource, path, input, parse_json=true)
+      unless ["GET", "POST", "PUT", "DELETE"].include?(method.upcase)
+        $logger.error "Invalid request method: #{method}"
+        raise InvalidMethodTypeException
+      end
+  
+      unless ["clients", "roles", "secrets"].include? resource
+        message = "unrecognized resource"
+        $logger.debug "#{message}, #{resource}"
+  
+        raise UnrecognizedResourceException
+      end
+  
+      body = ""
+  
+      unless input.nil?
+        body = input.to_json
+      end
+  
+      accessToken = getAccessToken
+  
+      # Yikes, normally not a fan of metaprogramming
+      # We first ensured that `method` is legit to prevent
+      # arbitrary method invocation
+      url = urlFor(resource, path)
+      $logger.debug "Sending request to: #{url}"
+      resp = Faraday.send(method.downcase, url) do | req |
+        req.headers['Authorization'] = "Bearer #{accessToken}"
+        req.body = body unless body.empty?
+  
+        if ["POST", "PUT"].include?(method.upcase)
+          req.headers['Content-Type'] = 'application/json'
+        end
+      end
+  
+      data = resp.body
+  
+      return data unless parse_json
+  
+      begin
+        hash = JSON.parse(data)
+  
+        if hash['errorCode'] == "API_AccessDenied"
+          raise AccessDeniedException
+        end
+  
+        if hash['message'] == "Invalid permissions"
+          raise AccessDeniedException
+        end
+  
+        if hash['code'] == 404
+          raise ResourceNotFoundException
+        end
+        
+      rescue JSON::ParserError => e
+        $logger.error "Error parsing JSON: #{e.to_s}"
+        raise e
+      end
+  
+      return hash
+    end
+  
+    # Query API for OAuth token
+    #
+    # - +InvalidCredentialsException+ is returned if the provided credentials are not valid
+    # 
+    # @return [String]
+    def getAccessToken
+      grantRequest = {
+        grant_type: "client_credentials",
+        client_id: @configuration['client_id'],
+        client_secret: @configuration['client_secret']
+      }.to_json
+  
+      url = urlFor("token")
+  
+      $logger.debug "calling #{url} with client_id #{@configuration['client_id']}"
+  
+      response = Faraday.post(
+        url, 
+        grantRequest,
+        "Content-Type" => "application/json"
+      )
+  
+      unless response.status == 200
+        $logger.debug "grant response error: #{response.body}"
+        raise InvalidCredentialsException
+      end
+  
+      begin
+        grant = JSON.parse(response.body)
+        return grant['accessToken']
+      rescue JSON::ParserError => e
+        $logger.error "Error parsing JSON: #{e.to_s}"
+        raise e
+      end
+    end
+  
+    # Generate the URL for a specific request.
+    # This factors in several configuration options including:
+    # - +tenant+
+    # - +tld+
+    #
+    # @param resource [String] The specific API resource to request
+    # @param path [String] The path to the resource
+    #
+    # @return [String] The generated URL for the request
+    def urlFor(resource, path=nil)
+  
+      if path != nil
+        path = "/#{path.delete_prefix("/")}"
+      end
+  
+      sprintf(DEFAULT_URL_TEMPLATE, @configuration['tenant'], @configuration['tld'] || DEFAULT_TLD, resource, path)
+    end
+  end
+end

data/lib/dsv/client.rb

@@ -0,0 +1,35 @@
+module Dsv
+  class Client
+      CLIENTS_RESOURCE = "clients".freeze
+    
+      # Fetch desired client information from the specified Vault
+      #
+      # @param vault [Vault] The initialized Vault
+      # @param id [String] The ID of the client
+      #
+      # @return client [Hash]
+      def self.fetch(vault, id)
+        @vault = vault
+        client = @vault.accessResource("GET", CLIENTS_RESOURCE, id, nil)
+      end
+    
+      # Mark the client as ready to be removed
+      #
+      # @param vault [Vault] The initialized Vault
+      # @param id [String] The ID of the client
+      def self.delete(vault, id)
+        vault.accessResource("DELETE", CLIENTS_RESOURCE, id, nil, nil)
+      end
+
+      # Create the client for the desired Vault
+      #
+      # @param vault [Vault] The initialized Vault
+      # @param role_Name [String] Name of the role to create
+      def self.create(vault, role_name)
+        client_data = {
+          role: role_name
+        }
+        vault.accessResource("POST", CLIENTS_RESOURCE, "/", client_data)
+      end
+    end
+  end

data/lib/{vault → dsv}/role.rb

@@ -1,5 +1,5 @@
-require './lib/vault.rb'
-class Vault::Role
+module Dsv
+  class Role
     ROLES_RESOURCE = "roles".freeze
   
     # Return the specified role
@@ -13,4 +13,5 @@ class Vault::Role
   
       role = @vault.accessResource("GET", ROLES_RESOURCE, name, nil)
     end
-  end
+  end
+end

data/lib/{vault → dsv}/secret.rb

@@ -1,6 +1,5 @@
-
-# Utilized to fetch secrets from an initialzed +Vault+
-class Vault::Secret
+module Dsv
+  class Secret
     SECRETS_RESOURCE = "secrets".freeze
   
     # Fetch secrets from the server
@@ -14,4 +13,5 @@ class Vault::Secret
   
         @secret = @vault.accessResource("GET", SECRETS_RESOURCE, path, nil)
     end
-  end
+  end
+end

metadata

@@ -1,16 +1,57 @@
 --- !ruby/object:Gem::Specification
 name: dsv-sdk
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.6.pre.dev
 platform: ruby
 authors:
 - John Poulin
-- Adam Migus
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
 date: 2020-04-08 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: logger
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -26,24 +67,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3.7'
 description: The Thycotic DevOps Secrets Vault SDK for Ruby
-email:
-- john.m.poulin@gmail.com
-- adam@migus.org
+email: john.m.poulin@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- lib/vault.rb
-- lib/vault/client.rb
-- lib/vault/role.rb
-- lib/vault/secret.rb
-- lib/vault/vault.rb
-homepage: https://rubygems.org/gems/hola
+- lib/dsv.rb
+- lib/dsv/client.rb
+- lib/dsv/role.rb
+- lib/dsv/secret.rb
+homepage: https://github.com/thycotic/dsv-sdk-ruby
 licenses:
 - Apache-2.0
 metadata:
   github_repo: ssh://github.com/thycotic/dsv-sdk-ruby
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -54,12 +92,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.0.8
+signing_key:
 specification_version: 4
-summary: dsv-sdk
+summary: dsv_sdk
 test_files: []

data/lib/vault.rb

@@ -1,7 +0,0 @@
-class Vault
-  require 'vault/vault'
-
-  require 'vault/client'
-  require 'vault/secret'
-  require 'vault/role'
-end

data/lib/vault/client.rb

@@ -1,33 +0,0 @@
-class Vault::Client
-    CLIENTS_RESOURCE = "clients".freeze
-  
-    # Fetch desired client information from the specified Vault
-    #
-    # @param vault [Vault] The initialized Vault
-    # @param id [String] The ID of the client
-    #
-    # @return client [Hash]
-    def self.fetch(vault, id)
-      @vault = vault
-      client = @vault.accessResource("GET", CLIENTS_RESOURCE, id, nil)
-    end
-  
-    # Mark the client as ready to be removed
-    #
-    # @param vault [Vault] The initialized Vault
-    # @param id [String] The ID of the client
-    def self.delete(vault, id)
-      vault.accessResource("DELETE", CLIENTS_RESOURCE, id, nil, nil)
-    end
-
-    # Create the client for the desired Vault
-    #
-    # @param vault [Vault] The initialized Vault
-    # @param role_Name [String] Name of the role to create
-    def self.create(vault, role_name)
-      client_data = {
-        role: role_name
-      }
-      vault.accessResource("POST", CLIENTS_RESOURCE, "/", client_data)
-    end
-  end

data/lib/vault/vault.rb

@@ -1,183 +0,0 @@
-require 'json'
-require 'faraday'
-require 'logger'
-
-##
-# If we're in the +test+ environment just dump logs to Null
-# Otherwise, use stdout
-if ENV['test']
-  $logger = Logger.new(IO::NULL)
-else
-  $logger = Logger.new(STDOUT)
-end
-
-##
-# Invoked when the API returns an +API_AccessDenied+ error
-class AccessDeniedException < StandardError; end;
-class ResourceNotFoundException < StandardError; end;
-class InvalidConfigurationException < StandardError; end;
-class InvalidCredentialsException < StandardError; end;
-class InvalidMethodTypeException < StandardError; end;
-class UnrecognizedResourceException < StandardError; end;
-
-class Vault
-  DEFAULT_URL_TEMPLATE = "https://%s.secretsvaultcloud.%s/v1/%s%s"
-  DEFAULT_TLD = "com"
-
-  # Initialize a +Vault+ object with provided configuration.
-  #
-  # @param config [Hash]
-  #   - client_id: ''
-  #   - client_secret: ''
-  #   - tld: 'com'
-  #   - tenant: ''
-  def initialize(config = nil)
-
-    if config 
-      @configuration = config.collect{|k,v| [k.to_s, v]}.to_h
-    else
-      @configuration = {}
-
-      @configuration['client_id'] = ENV['DSV_CLIENT_ID']
-      @configuration['client_secret'] = ENV['DSV_CLIENT_SECRET']
-      @configuration['tenant'] = ENV['DSV_TENANT']
-      @configuration['tld'] = ENV['DSV_TLD']
-    end
-
-    if @configuration['client_id'].nil? || @configuration['client_secret'].nil?
-      $logger.error("Must provide client_id and client_secret")
-      raise InvalidConfigurationException
-    end
-
-    $logger.debug("Vault is configured for client_id: #{@configuration['client_id']}")
-  end
-
-  # Helper method to access a resource via API
-  #
-  # @param method [String] HTTP Request Method
-  # @param resource [String] The resource type to invoke
-  # @param path [String] The API Path to request
-  # @param input [String] Input to send via POST/PUT body
-  #
-  # @return [Hash] - return Hash of JSON contents
-  #
-  # - +AccessDeniedException+ is raised if the server responds with an +API_AccessDenied+ error
-  # - +InvalidMethodTypeException+ is raised if a method other than +["GET", "POST", "PUT", "DELETE"]+ is provided
-  # - +UnrecognizedResourceException+ is raised if a resource other than +["clients", "roles", "secrets"]+ is requested
-  def accessResource(method, resource, path, input, parse_json=true)
-    unless ["GET", "POST", "PUT", "DELETE"].include?(method.upcase)
-      $logger.error "Invalid request method: #{method}"
-      raise InvalidMethodTypeException
-    end
-
-    unless ["clients", "roles", "secrets"].include? resource
-      message = "unrecognized resource"
-      $logger.debug "#{message}, #{resource}"
-
-      raise UnrecognizedResourceException
-    end
-
-    body = ""
-
-    unless input.nil?
-      body = input.to_json
-    end
-
-    accessToken = getAccessToken
-
-    # Yikes, normally not a fan of metaprogramming
-    # We first ensured that `method` is legit to prevent
-    # arbitrary method invocation
-    url = urlFor(resource, path)
-    $logger.debug "Sending request to: #{url}"
-    resp = Faraday.send(method.downcase, url) do | req |
-      req.headers['Authorization'] = "Bearer #{accessToken}"
-      req.body = body unless body.empty?
-
-      if ["POST", "PUT"].include?(method.upcase)
-        req.headers['Content-Type'] = 'application/json'
-      end
-    end
-
-    data = resp.body
-
-    return data unless parse_json
-
-    begin
-      hash = JSON.parse(data)
-
-      if hash['errorCode'] == "API_AccessDenied"
-        raise AccessDeniedException
-      end
-
-      if hash['message'] == "Invalid permissions"
-        raise AccessDeniedException
-      end
-
-      if hash['code'] == 404
-        raise ResourceNotFoundException
-      end
-      
-    rescue JSON::ParserError => e
-      $logger.error "Error parsing JSON: #{e.to_s}"
-      raise e
-    end
-
-    return hash
-  end
-
-  # Query API for OAuth token
-  #
-  # - +InvalidCredentialsException+ is returned if the provided credentials are not valid
-  # 
-  # @return [String]
-  def getAccessToken
-    grantRequest = {
-      grant_type: "client_credentials",
-      client_id: @configuration['client_id'],
-      client_secret: @configuration['client_secret']
-    }.to_json
-
-    url = urlFor("token")
-
-    $logger.debug "calling #{url} with client_id #{@configuration['client_id']}"
-
-    response = Faraday.post(
-      url, 
-      grantRequest,
-      "Content-Type" => "application/json"
-    )
-
-    unless response.status == 200
-      $logger.debug "grant response error: #{response.body}"
-      raise InvalidCredentialsException
-    end
-
-    begin
-      grant = JSON.parse(response.body)
-      return grant['accessToken']
-    rescue JSON::ParserError => e
-      $logger.error "Error parsing JSON: #{e.to_s}"
-      raise e
-    end
-  end
-
-  # Generate the URL for a specific request.
-  # This factors in several configuration options including:
-  # - +tenant+
-  # - +tld+
-  #
-  # @param resource [String] The specific API resource to request
-  # @param path [String] The path to the resource
-  #
-  # @return [String] The generated URL for the request
-  def urlFor(resource, path=nil)
-
-    if path != nil
-      path = "/#{path.delete_prefix("/")}"
-    end
-
-    sprintf(DEFAULT_URL_TEMPLATE, @configuration['tenant'], @configuration['tld'] || DEFAULT_TLD, resource, path)
-  end
-  
-end