lex-kerberos 0.1.7 → 0.1.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b532fa3b7470e4f7048bbe88b98ad670ff261992a45aac9b32af5e48077f1369
-  data.tar.gz: 451c7b9c3df3f0b84af43d85c4d3aeca1ec1b6a2e3f3fe1b5e41ce074c0e169c
+  metadata.gz: '08560b2f835b1f611a3572b11e1dd4d036a9abd9569c95b80baab7f4b995dc1c'
+  data.tar.gz: 79c90f3527d01c44c6093d5023845433dfd53bc62ffd1147bdb7297d6489a077
 SHA512:
-  metadata.gz: cade08384530ed4f865dbbc52669c14f57256dd7805bd87011ed24ac69aea637e8b122b28cef5acbc880a1300c11ca76ef3dd12683aab8a7e1450580a5fd66a3
-  data.tar.gz: 59ea5d8ae529436830f799f3cba04e7c9a17c69d19f4fd3509de5cbd1c3c306edc488e3e54837d73c35896093db5beeeece32f8e163df203e1f3f9de97840ee4
+  metadata.gz: '09ea67d28b7288f7af1f72706c9f1a2f04d466c5fd8e3389727bc2bf6e7386f5c793cf82a4290e7176d0048a600c4dc277dfac03fcccfbc8580cb030aa1eb49d'
+  data.tar.gz: 234403c8baa6e49ad0691e764f9c08a6627a51b1d76c73d460e87fa0cf96d4ad4acd0a1d056b812df497493064709348f89f5874eaec5df2226462a53285c224

data/.github/workflows/ci.yml

@@ -10,8 +10,8 @@ jobs:
   ci:
     uses: LegionIO/.github/.github/workflows/ci.yml@main
 
-  lint:
-    uses: LegionIO/.github/.github/workflows/lint-patterns.yml@main
+  excluded-files:
+    uses: LegionIO/.github/.github/workflows/excluded-files.yml@main
 
   security:
     uses: LegionIO/.github/.github/workflows/security-scan.yml@main
@@ -27,7 +27,7 @@ jobs:
     uses: LegionIO/.github/.github/workflows/stale.yml@main
 
   release:
-    needs: [ci, lint]
+    needs: [ci, excluded-files]
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     uses: LegionIO/.github/.github/workflows/release.yml@main
     secrets:

data/.rubocop.yml

@@ -1,15 +1,2 @@
-AllCops:
-  NewCops: enable
-  TargetRubyVersion: 3.4
-  SuggestExtensions: false
-
-Metrics/BlockLength:
-  Exclude:
-    - 'spec/**/*'
-    - '*.gemspec'
-
-Metrics/ParameterLists:
-  Max: 10
-
-Style/Documentation:
-  Enabled: false
+inherit_gem:
+  rubocop-legion: config/lex.yml

data/CHANGELOG.md

@@ -2,6 +2,11 @@
 
 ## [Unreleased]
 
+## [0.1.8] - 2026-03-30
+
+### Changed
+- update to rubocop-legion 0.1.7, resolve all offenses
+
 ## [0.1.7] - 2026-03-26
 
 ### Fixed

data/Gemfile

@@ -6,5 +6,6 @@ gemspec
 group :development, :test do
   gem 'rspec', '~> 3.13'
   gem 'rubocop', '~> 1.75'
+  gem 'rubocop-legion', '~> 0.1'
   gem 'simplecov', '~> 0.22'
 end

data/lib/legion/extensions/kerberos/actors/keytab_refresh.rb

@@ -1,12 +1,12 @@
 # frozen_string_literal: true
 
-require 'legion/extensions/actors/every' if defined?(Legion::Extensions::Actors)
+require 'legion/extensions/actors/every'
 
 module Legion
   module Extensions
     module Kerberos
       module Actor
-        class KeytabRefresh < Legion::Extensions::Actors::Every
+        class KeytabRefresh < Legion::Extensions::Actors::Every # rubocop:disable Legion/Extension/SelfContainedActorRunnerClass, Legion/Extension/EveryActorRequiresTime
           def initialize(**opts)
             return unless enabled?
 
@@ -19,9 +19,9 @@ module Legion
           def check_subtask? = false
           def generate_task? = false
 
-          def enabled?
+          def enabled? # rubocop:disable Legion/Extension/ActorEnabledSideEffects
             defined?(Legion::Extensions::Kerberos::Helpers::Keytab)
-          rescue StandardError
+          rescue StandardError => _e
             false
           end
 
@@ -29,7 +29,7 @@ module Legion
             result = keytab_helper.resolve_keytab(sources: keytab_sources)
             log_result(result)
           rescue StandardError => e
-            log_error(e)
+            log.error(e)
           end
 
           private
@@ -45,17 +45,15 @@ module Legion
           end
 
           def log_result(result)
-            return unless defined?(Legion::Logging)
-
             if result[:success]
-              Legion::Logging.debug("KeytabRefresh: refreshed keytab from #{result[:source]}")
+              log.debug("KeytabRefresh: refreshed keytab from #{result[:source]}")
             else
-              Legion::Logging.warn("KeytabRefresh: #{result[:error]}")
+              log.warn("KeytabRefresh: #{result[:error]}")
             end
           end
 
           def log_error(err)
-            Legion::Logging.error("KeytabRefresh: #{err.message}") if defined?(Legion::Logging)
+            log.error("KeytabRefresh: #{err.message}")
           end
         end
       end

data/lib/legion/extensions/kerberos/client.rb

@@ -29,8 +29,8 @@ module Legion
           return kt unless kt[:success]
 
           accept_spnego_token(
-            token: token,
-            keytab: kt[:path],
+            token:             token,
+            keytab:            kt[:path],
             service_principal: @service_principal
           )
         end

data/lib/legion/extensions/kerberos/helpers/client.rb

@@ -7,19 +7,19 @@ module Legion
         module Client
           DEFAULTS = {
             kerberos: {
-              enabled: true,
-              realm: 'MS.DS.UHC.COM',
+              enabled:           true,
+              realm:             'MS.DS.UHC.COM',
               service_principal: 'HTTP/legion.uhg.com',
-              keytab: ['/etc/legion/krb5.keytab'],
-              mutual_auth: true,
-              ldap: {
+              keytab:            ['/etc/legion/krb5.keytab'],
+              mutual_auth:       true,
+              ldap:              {
                 port: 636, encryption: :simple_tls,
                 group_attribute: 'memberOf',
                 user_filter: '(sAMAccountName=%<username>s)'
               },
-              role_map: {},
-              fallback: :entra,
-              cache_groups_ttl: 300
+              role_map:          {},
+              fallback:          :entra,
+              cache_groups_ttl:  300
             }
           }.freeze
 

data/lib/legion/extensions/kerberos/helpers/ldap.rb

@@ -18,7 +18,7 @@ module Legion
             country: :co, country_code: :c, city: :l, state: :st, ad_created_at: :whencreated
           }.freeze
 
-          def lookup_groups(username:, host:, base_dn:, bind_dn:, bind_password:,
+          def lookup_groups(username:, host:, base_dn:, bind_dn:, bind_password:, # rubocop:disable Metrics/ParameterLists
                             port: 636, encryption: :simple_tls,
                             user_filter: '(sAMAccountName=%<username>s)',
                             group_attribute: 'memberOf', **)

data/lib/legion/extensions/kerberos/helpers/spnego.rb

@@ -30,9 +30,7 @@ module Legion
           end
 
           def obtain_spnego_token(service_principal:)
-            unless service_principal.include?('/')
-              return { success: false, error: "service_principal must contain '/'" }
-            end
+            return { success: false, error: "service_principal must contain '/'" } unless service_principal.include?('/')
 
             token_bytes = init_spnego_context(service_principal)
             { success: true, token: Base64.strict_encode64(token_bytes) }
@@ -61,7 +59,7 @@ module Legion
               ptr = ctx.instance_variable_get(ivar)
               ptr.autorelease = false if ptr.respond_to?(:autorelease=)
             end
-          rescue StandardError # rubocop:disable Lint/SuppressedException
+          rescue StandardError => _e # rubocop:disable Lint/SuppressedException
           end
 
           def negotiate(input_bytes, service_principal)
@@ -76,11 +74,11 @@ module Legion
 
           def build_token_result(principal, output_bytes)
             {
-              success: true,
-              principal: principal,
+              success:      true,
+              principal:    principal,
               output_token: output_bytes ? Base64.strict_encode64(output_bytes) : nil,
-              username: extract_username(principal),
-              realm: extract_realm(principal)
+              username:     extract_username(principal),
+              realm:        extract_realm(principal)
             }
           end
         end

data/lib/legion/extensions/kerberos/runners/authenticate.rb

@@ -34,14 +34,10 @@ module Legion
 
           def negotiate(headers: {}, **)
             auth_header = headers['HTTP_AUTHORIZATION']
-            unless auth_header&.match?(/\ANegotiate\s+/i)
-              return negotiate_error('negotiate_required', 'Negotiate token required')
-            end
+            return negotiate_error('negotiate_required', 'Negotiate token required') unless auth_header&.match?(/\ANegotiate\s+/i) # rubocop:disable Legion/Extension/RunnerReturnHash
 
             auth_result = negotiate_authenticate(auth_header.sub(/\ANegotiate\s+/i, ''))
-            unless auth_result&.dig(:success)
-              return negotiate_error('kerberos_auth_failed', 'Kerberos authentication failed')
-            end
+            return negotiate_error('kerberos_auth_failed', 'Kerberos authentication failed') unless auth_result&.dig(:success) # rubocop:disable Legion/Extension/RunnerReturnHash
 
             negotiate_success(auth_result)
           end
@@ -50,7 +46,7 @@ module Legion
 
           def resolve_groups(ldap:, cfg:, username:)
             ldap_opts = ldap || cfg[:ldap] || {}
-            return [[], nil, {}] unless ldap_opts[:host]
+            return [[], nil, {}] unless ldap_opts[:host] # rubocop:disable Legion/Extension/RunnerReturnHash
 
             result = lookup_groups(username: username, **ldap_opts)
             if result[:success]
@@ -69,15 +65,15 @@ module Legion
 
           def negotiate_authenticate(token)
             Client.new.authenticate(token: token)
-          rescue StandardError
+          rescue StandardError => _e
             nil
           end
 
           def negotiate_error(code, message)
             body = negotiate_json({ error: { code: code, message: message },
-                                    meta: { timestamp: Time.now.utc.iso8601 } })
+                                    meta:  { timestamp: Time.now.utc.iso8601 } })
             {
-              result: { error: code },
+              result:   { error: code },
               response: { status: 401, content_type: 'application/json',
                           headers: { 'WWW-Authenticate' => 'Negotiate' }, body: body }
             }
@@ -94,13 +90,13 @@ module Legion
           def negotiate_success_response(auth_result, data)
             hdrs = ({ 'WWW-Authenticate' => "Negotiate #{auth_result[:output_token]}" } if auth_result[:output_token])
             body = negotiate_json({ data: data, meta: { timestamp: Time.now.utc.iso8601 } })
-            { result: data,
+            { result:   data,
               response: { status: 200, content_type: 'application/json',
                           headers: hdrs, body: body }.compact }
           end
 
           def issue_negotiate_token(auth_result, profile)
-            return [nil, []] unless defined?(Legion::Rbac::KerberosClaimsMapper) && defined?(Legion::API::Token)
+            return [nil, []] unless defined?(Legion::Rbac::KerberosClaimsMapper) && defined?(Legion::API::Token) # rubocop:disable Legion/Extension/RunnerReturnHash
 
             mapped = map_negotiate_claims(auth_result, profile)
             display = mapped[:display_name] || mapped[:first_name]
@@ -108,7 +104,7 @@ module Legion
               msid: mapped[:sub], name: display, roles: mapped[:roles], ttl: 28_800
             )
             [token, mapped[:roles]]
-          rescue StandardError
+          rescue StandardError => _e
             [nil, []]
           end
 
@@ -121,14 +117,14 @@ module Legion
           end
 
           def negotiate_json(hash)
-            return Legion::JSON.dump(hash) if defined?(Legion::JSON)
+            return json_dump(hash) if defined?(Legion::JSON) # rubocop:disable Legion/Extension/RunnerReturnHash
 
             require 'json'
             ::JSON.generate(hash)
           end
 
-          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers) &&
-                                                      Legion::Extensions::Helpers.const_defined?(:Lex)
+          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers, false) &&
+                                                      Legion::Extensions::Helpers.const_defined?(:Lex, false)
         end
       end
     end

data/lib/legion/extensions/kerberos/version.rb

@@ -3,7 +3,7 @@
 module Legion
   module Extensions
     module Kerberos
-      VERSION = '0.1.7'
+      VERSION = '0.1.8'
     end
   end
 end

data/lib/legion/extensions/kerberos.rb

@@ -6,13 +6,13 @@ require 'legion/extensions/kerberos/helpers/ldap'
 require 'legion/extensions/kerberos/helpers/keytab'
 require 'legion/extensions/kerberos/helpers/client'
 require 'legion/extensions/kerberos/runners/authenticate'
-require 'legion/extensions/kerberos/actors/keytab_refresh' if defined?(Legion::Extensions::Actors)
+require 'legion/extensions/kerberos/actors/keytab_refresh'
 require 'legion/extensions/kerberos/client'
 
 module Legion
   module Extensions
     module Kerberos
-      extend Legion::Extensions::Core if Legion::Extensions.const_defined? :Core
+      extend Legion::Extensions::Core if Legion::Extensions.const_defined? :Core, false
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: lex-kerberos
 version: !ruby/object:Gem::Version
-  version: 0.1.7
+  version: 0.1.8
 platform: ruby
 authors:
 - Esity