legion-crypt 1.4.16 → 1.4.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/lib/legion/crypt/kerberos_auth.rb +11 -1
- data/lib/legion/crypt/version.rb +1 -1
- data/lib/legion/crypt.rb +4 -0
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9397c4eab60b75a13e4f1e9fd842ce6b4908d94d891e9ea29a893fb33e71d5ef
|
|
4
|
+
data.tar.gz: 852ec5569b543089412ce28e96b32f6424e7da1f169e836d3e596dd51719c74d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 59170bcaead98cda37e2be65b1e9b294ab4eff65fde9251ebb2de24390224e8ed6bf3d62a523a11cd9ac1f2ead894dbffeee79815194c583e47a565b9ac7ff1c
|
|
7
|
+
data.tar.gz: 7f65e04abcb52c320f0d6e133569604d8eba37dcd4d63bcf046b0ba8fb70c631ebf4723bce2cd8ce728bf46a7b4992af389c3cb0da25bfd9c7c1176a38e56866
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,20 @@
|
|
|
1
1
|
# Legion::Crypt
|
|
2
2
|
|
|
3
|
+
## [1.4.18] - 2026-03-26
|
|
4
|
+
|
|
5
|
+
### Fixed
|
|
6
|
+
- `KerberosAuth.login`: clear `@kerberos_principal` at the start of each login attempt so a failed re-auth does not leave a stale principal from a previous successful login
|
|
7
|
+
|
|
8
|
+
### Added
|
|
9
|
+
- `crypt_spec.rb`: delegation spec for `Legion::Crypt.kerberos_principal`
|
|
10
|
+
- `kerberos_auth_spec.rb`: spec verifying stale principal is cleared before a failing login attempt
|
|
11
|
+
|
|
12
|
+
## [1.4.17] - 2026-03-26
|
|
13
|
+
|
|
14
|
+
### Added
|
|
15
|
+
- Store Kerberos principal after successful SPNEGO authentication (`KerberosAuth.kerberos_principal`)
|
|
16
|
+
- Expose `Legion::Crypt.kerberos_principal` delegation
|
|
17
|
+
|
|
3
18
|
## [1.4.16] - 2026-03-26
|
|
4
19
|
|
|
5
20
|
### Changed
|
|
@@ -8,11 +8,20 @@ module Legion
|
|
|
8
8
|
|
|
9
9
|
DEFAULT_AUTH_PATH = 'auth/kerberos/login'
|
|
10
10
|
|
|
11
|
+
@kerberos_principal = nil
|
|
12
|
+
|
|
13
|
+
class << self
|
|
14
|
+
attr_reader :kerberos_principal
|
|
15
|
+
end
|
|
16
|
+
|
|
11
17
|
def self.login(vault_client:, service_principal:, auth_path: DEFAULT_AUTH_PATH)
|
|
12
18
|
raise GemMissingError, 'lex-kerberos gem is required for Kerberos auth' unless spnego_available?
|
|
13
19
|
|
|
20
|
+
@kerberos_principal = nil
|
|
14
21
|
token = obtain_token(service_principal)
|
|
15
|
-
exchange_token(vault_client, token, auth_path)
|
|
22
|
+
result = exchange_token(vault_client, token, auth_path)
|
|
23
|
+
@kerberos_principal = result[:metadata]&.dig('username') || result[:metadata]&.dig(:username)
|
|
24
|
+
result
|
|
16
25
|
end
|
|
17
26
|
|
|
18
27
|
def self.spnego_available?
|
|
@@ -29,6 +38,7 @@ module Legion
|
|
|
29
38
|
|
|
30
39
|
def self.reset!
|
|
31
40
|
@spnego_available = nil
|
|
41
|
+
@kerberos_principal = nil
|
|
32
42
|
end
|
|
33
43
|
|
|
34
44
|
class << self
|
data/lib/legion/crypt/version.rb
CHANGED
data/lib/legion/crypt.rb
CHANGED
|
@@ -34,6 +34,10 @@ module Legion
|
|
|
34
34
|
Legion::Settings[:crypt][:vault]
|
|
35
35
|
end
|
|
36
36
|
|
|
37
|
+
def kerberos_principal
|
|
38
|
+
KerberosAuth.kerberos_principal
|
|
39
|
+
end
|
|
40
|
+
|
|
37
41
|
def start
|
|
38
42
|
Legion::Logging.debug 'Legion::Crypt is running start'
|
|
39
43
|
::File.write('./legionio.key', private_key) if settings[:save_private_key]
|