RubyGems - etna - Versions diffs - 0.1.43 → 0.1.46 - Mend

etna 0.1.43 → 0.1.46

Files changed (37) hide show

checksums.yaml +4 -4
data/bin/etna +12 -1
data/etna.completion +36788 -1
data/lib/commands.rb +118 -0
data/lib/etna/application.rb +13 -16
data/lib/etna/auth.rb +37 -14
data/lib/etna/clients/janus/client.rb +17 -18
data/lib/etna/clients/janus/models.rb +52 -0
data/lib/etna/clients/magma/client.rb +41 -0
data/lib/etna/clients/magma/formatting/models_csv.rb +14 -4
data/lib/etna/clients/magma/models.rb +19 -8
data/lib/etna/clients/magma/workflows/create_project_workflow.rb +1 -1
data/lib/etna/clients/magma/workflows/json_validators.rb +5 -5
data/lib/etna/clients/magma/workflows/model_synchronization_workflow.rb +9 -9
data/lib/etna/clients/metis/client.rb +7 -2
data/lib/etna/clients/metis/models.rb +6 -3
data/lib/etna/clients/metis/workflows/metis_download_workflow.rb +1 -1
data/lib/etna/clients/metis/workflows/sync_metis_data_workflow.rb +23 -0
data/lib/etna/clients/metis/workflows/walk_metis_diff_workflow.rb +95 -0
data/lib/etna/clients/metis/workflows/walk_metis_workflow.rb +31 -0
data/lib/etna/clients/metis/workflows.rb +2 -0
data/lib/etna/controller.rb +48 -1
data/lib/etna/cwl.rb +8 -0
data/lib/etna/environment_variables.rb +50 -0
data/lib/etna/filesystem.rb +2 -0
data/lib/etna/injection.rb +57 -0
data/lib/etna/janus_utils.rb +55 -0
data/lib/etna/permissions.rb +104 -0
data/lib/etna/redirect.rb +36 -0
data/lib/etna/route.rb +54 -5
data/lib/etna/server.rb +13 -1
data/lib/etna/spec/auth.rb +11 -0
data/lib/etna/spec/vcr.rb +28 -3
data/lib/etna/test_auth.rb +25 -1
data/lib/etna/user.rb +4 -26
data/lib/etna.rb +4 -0
metadata +13 -6

data/lib/etna/route.rb CHANGED Viewed

@@ -15,6 +15,7 @@ module Etna
       @block = block
       @match_ext = options[:match_ext]
       @log_redact_keys = options[:log_redact_keys]
+      @dont_log = options[:dont_log]
     end
     def to_hash
@@ -37,11 +38,11 @@ module Etna
     UNSAFE=/[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,]/
-    def self.path(route, params=nil)
+    def self.path(route, params=nil, &block)
       if params
         PARAM_TYPES.reduce(route) do |path,pat|
           path.gsub(pat) do
-           URI.encode( params[$1.to_sym], UNSAFE)
+            params[$1.to_sym].split('/').map { |c| block_given? ? yield(c) : URI.encode_www_form_component(c) }.join('/')
           end
         end
       else
@@ -49,8 +50,8 @@ module Etna
       end
     end
-    def path(params=nil)
-      self.class.path(@route, params)
+    def path(params=nil, &block)
+      self.class.path(@route, params, &block)
     end
     def parts
@@ -123,10 +124,19 @@ module Etna
       update_params(request)
       unless authorized?(request)
+        if cc_available?(request)
+          if request.content_type == 'application/json'
+            return [ 403, { 'Content-Type' => 'application/json' }, [ { error: 'You are forbidden from performing this action, but you can visit the project home page and request access.' }.to_json ] ]
+          else
+            return cc_redirect(request)
+          end
+        end
         return [ 403, { 'Content-Type' => 'application/json' }, [ { error: 'You are forbidden from performing this action.' }.to_json ] ]
       end
       request.env['etna.redact_keys'] = @log_redact_keys
+      request.env['etna.dont_log'] = @dont_log
       if @action
         controller, action = @action.split('#')
@@ -154,8 +164,29 @@ module Etna
       @auth && @auth[:ignore_janus]
     end
+    def has_user_constraint?(constraint)
+      @auth && @auth[:user] && @auth[:user][constraint]
+    end
     private
+    def janus
+      @janus ||= Etna::JanusUtils.new
+    end
+    # If the application asks for a code of conduct redirect
+    def cc_redirect(request, msg = 'You are unauthorized')
+      return [ 401, { 'Content-Type' => 'text/html' }, [msg] ] unless application.config(:auth_redirect)
+      params = request.env['rack.request.params']
+      uri = URI(
+        application.config(:auth_redirect).chomp('/') + "/#{params[:project_name]}/cc"
+      )
+      uri.query = URI.encode_www_form(refer: request.url)
+      Etna::Redirect(request).to(uri.to_s)
+    end
     def application
       @application ||= Etna::Application.instance
     end
@@ -185,6 +216,24 @@ module Etna
       end
     end
+    def cc_available?(request)
+      user = request.env['etna.user']
+      return false unless user
+      params = request.env['rack.request.params']
+      return false unless params[:project_name]
+      # Only check for a CC if the user does not currently have permissions
+      #   for the project
+      return false if user.permissions.keys.include?(params[:project_name])
+      !janus.community_projects(user.token).select do |project|
+        project.project_name == params[:project_name]
+      end.first.nil?
+    end
     def hmac_authorized?(request)
       # either there is no hmac requirement, or we have a valid hmac
       !@auth[:hmac] || request.env['etna.hmac']&.valid?
@@ -207,7 +256,7 @@ module Etna
         Hash[
           match.names.map(&:to_sym).zip(
             match.captures.map do |capture|
-              URI.decode(capture)
+              capture.split('/').map {|c| URI.decode_www_form_component(c) }.join('/')
             end
           )
         ]

data/lib/etna/server.rb CHANGED Viewed

@@ -3,7 +3,19 @@ module Etna
   class Server
     class << self
       def route(method, path, options={}, &block)
-        @routes ||= []
+        # For healthchecks, set up servers
+        #   with an OPTIONS route on /, with noauth
+        @routes ||= [
+          Etna::Route.new(
+            'OPTIONS',
+            '/',
+            {
+              auth: {
+                noauth: true
+              }
+            }
+          )
+        ]
         @routes << Etna::Route.new(
           method,

data/lib/etna/spec/auth.rb CHANGED Viewed

@@ -18,11 +18,22 @@ module Etna::Spec
       },
       non_user: {
         email: 'nessus@centaurs.org', name: 'Nessus', perm: ''
+      },
+      guest: {
+        email: 'sinon@troy.org', name: 'Sinon', perm: 'g:labors'
       }
     }
     def auth_header(user_type)
       header(*Etna::TestAuth.token_header(AUTH_USERS[user_type]))
     end
+    def below_admin_roles
+      [:editor, :viewer, :guest]
+    end
+    def below_editor_roles
+      [:viewer, :guest]
+    end
   end
 end

data/lib/etna/spec/vcr.rb CHANGED Viewed

@@ -1,9 +1,27 @@
+require 'cgi'
 require 'webmock/rspec'
 require 'vcr'
 require 'openssl'
 require 'digest/sha2'
 require 'base64'
+def clean_query(json_or_string)
+  if json_or_string.is_a?(Hash) && json_or_string.include?('upload_path')
+    json_or_string['upload_path'] = clean_query(json_or_string['upload_path'])
+    json_or_string
+  elsif json_or_string.is_a?(String)
+    uri = URI(json_or_string)
+    if uri.query&.include?('X-Etna-Signature')
+      uri.query = 'etna-signature'
+    end
+    uri.to_s
+  else
+    json_or_string
+  end
+end
 def setup_base_vcr(spec_helper_dir, server: nil, application: nil)
   VCR.configure do |c|
     c.hook_into :webmock
@@ -30,6 +48,10 @@ def setup_base_vcr(spec_helper_dir, server: nil, application: nil)
       end
     end
+    c.register_request_matcher :try_uri do |request_1, request_2|
+      clean_query(request_1.uri) == clean_query(request_2.uri)
+    end
     c.register_request_matcher :try_body do |request_1, request_2|
       if request_1.headers['Content-Type'].first =~ /application\/json/
         if request_2.headers['Content-Type'].first =~ /application\/json/
@@ -40,7 +62,7 @@ def setup_base_vcr(spec_helper_dir, server: nil, application: nil)
             JSON.parse(request_2.body) rescue 'not-json'
           end
-          request_1_json == request_2_json
+          clean_query(request_1_json) == clean_query(request_2_json)
         else
           false
         end
@@ -49,7 +71,9 @@ def setup_base_vcr(spec_helper_dir, server: nil, application: nil)
       end
     end
-    # c.debug_logger = File.open('log/vcr_debug.log', 'w')
+    if File.exists?('log')
+      c.debug_logger = File.open('log/vcr_debug.log', 'w')
+    end
     c.default_cassette_options = {
         serialize_with: :compressed,
@@ -58,7 +82,7 @@ def setup_base_vcr(spec_helper_dir, server: nil, application: nil)
         else
           ENV['RERECORD'] ? :all : :once
         end,
-        match_requests_on: [:method, :uri, :try_body, :verify_uri_route]
+        match_requests_on: [:method, :try_uri, :try_body, :verify_uri_route]
     }
     # Filter the authorization headers of any request by replacing any occurrence of that request's
@@ -111,6 +135,7 @@ def setup_base_vcr(spec_helper_dir, server: nil, application: nil)
 end
 def prepare_vcr_secret
+  p ENV
   secret = ENV["CI_SECRET"]
   if (secret.nil? || secret.empty?) && ENV['IS_CI'] != '1'

data/lib/etna/test_auth.rb CHANGED Viewed

@@ -31,18 +31,42 @@ module Etna
       end.to_h
     end
+    def update_payload(payload, token, request)
+      route = server.find_route(request)
+      payload = payload.map{|k,v| [k.to_sym, v]}.to_h
+      return payload unless route
+      begin
+        permissions = Etna::Permissions.from_encoded_permissions(payload[:perm])
+        # Skip making an actual call to Janus. This behavior is tested in auth_spec
+        payload[:perm] = permissions.to_string
+      end if (!route.ignore_janus? && route.has_user_constraint?(:can_view?))
+      payload
+    end
     def approve_user(request)
       token = auth(request,:etna)
       return false unless token
+      # Useful for testing certain behavior
+      params = request.env["rack.request.params"]
       # Here we simply base64-encode our user hash and pass it through
       # In order to behave more like "real" tokens, we expect the user hash to be
       #   in index 1 after splitting by ".".
       # We do this to support Metis client tests, we pass in tokens with multiple "."-separated parts, so
       #   have to account for that.
       payload = JSON.parse(Base64.decode64(token.split('.')[1]))
-      request.env['etna.user'] = Etna::User.new(payload.map{|k,v| [k.to_sym, v]}.to_h, token)
+      request.env['etna.user'] = Etna::User.new(
+        update_payload(payload, token, request),
+        token
+      ) unless !!params[:do_not_set_user]
     end
     def approve_hmac(request)

data/lib/etna/user.rb CHANGED Viewed

@@ -1,11 +1,7 @@
+require_relative './permissions'
 module Etna
   class User
-    ROLE_NAMES = {
-      'A' => :admin,
-      'E' => :editor,
-      'V' => :viewer
-    }
     def initialize params, token=nil
       @name, @email, @encoded_permissions, encoded_flags, @task = params.values_at(:name, :email, :perm, :flags, :task)
@@ -21,19 +17,7 @@ module Etna
     end
     def permissions
-      @permissions ||= @encoded_permissions.split(/\;/).map do |roles|
-        role, projects = roles.split(/:/)
-        projects.split(/\,/).reduce([]) do |perms,project_name|
-          perms.push([
-            project_name,
-            {
-              role: ROLE_NAMES[role.upcase],
-              restricted: role == role.upcase
-            }
-          ])
-        end
-      end.inject([],:+).to_h
+      @permissions ||= Etna::Permissions.from_encoded_permissions(@encoded_permissions).to_hash
     end
     def has_flag?(flag)
@@ -44,12 +28,6 @@ module Etna
       permissions.keys
     end
-    ROLE_MATCH = {
-      admin: /[Aa]/,
-      editor: /[Ee]/,
-      viewer: /[Vv]/,
-      restricted: /[AEV]/,
-    }
     def has_any_role?(project, *roles)
       perm = permissions[project.to_s]
@@ -75,7 +53,7 @@ module Etna
     end
     def can_view? project
-      is_superviewer? || has_any_role?(project, :admin, :editor, :viewer)
+      is_superviewer? || has_any_role?(project, :admin, :editor, :viewer, :guest)
     end
     # superusers - administrators of the Administration group - cannot

data/lib/etna.rb CHANGED Viewed

@@ -1,4 +1,7 @@
 require 'json'
+require_relative './etna/redirect'
+require_relative './etna/environment_variables'
+require_relative './etna/injection'
 require_relative './etna/ext'
 require_relative './etna/logger'
 require_relative './etna/server'
@@ -24,6 +27,7 @@ require_relative './etna/cwl'
 require_relative './etna/metrics'
 require_relative './etna/remote'
 require_relative './etna/synchronize_db'
+require_relative './etna/janus_utils'
 class EtnaApp
   include Etna::Application

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: etna
 version: !ruby/object:Gem::Version
-  version: 0.1.43
+  version: 0.1.46
 platform: ruby
 authors:
 - Saurabh Asthana
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-10-28 00:00:00.000000000 Z
+date: 2022-08-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -56,16 +56,16 @@ dependencies:
   name: multipart-post
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.1.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.1.1
 - !ruby/object:Gem::Dependency
   name: rollbar
   requirement: !ruby/object:Gem::Requirement
@@ -177,6 +177,8 @@ files:
 - lib/etna/clients/metis/workflows/metis_download_workflow.rb
 - lib/etna/clients/metis/workflows/metis_upload_workflow.rb
 - lib/etna/clients/metis/workflows/sync_metis_data_workflow.rb
+- lib/etna/clients/metis/workflows/walk_metis_diff_workflow.rb
+- lib/etna/clients/metis/workflows/walk_metis_workflow.rb
 - lib/etna/clients/polyphemus.rb
 - lib/etna/clients/polyphemus/client.rb
 - lib/etna/clients/polyphemus/models.rb
@@ -190,17 +192,22 @@ files:
 - lib/etna/describe_routes.rb
 - lib/etna/directed_graph.rb
 - lib/etna/environment_scoped.rb
+- lib/etna/environment_variables.rb
 - lib/etna/errors.rb
 - lib/etna/ext.rb
 - lib/etna/filesystem.rb
 - lib/etna/formatting.rb
 - lib/etna/generate_autocompletion_script.rb
 - lib/etna/hmac.rb
+- lib/etna/injection.rb
+- lib/etna/janus_utils.rb
 - lib/etna/json_serializable_struct.rb
 - lib/etna/logger.rb
 - lib/etna/metrics.rb
 - lib/etna/multipart_serializable_nested_hash.rb
 - lib/etna/parse_body.rb
+- lib/etna/permissions.rb
+- lib/etna/redirect.rb
 - lib/etna/remote.rb
 - lib/etna/route.rb
 - lib/etna/server.rb