oci 2.4.4 → 2.4.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/oci/auth/federation_client.rb +66 -48
- data/lib/oci/database/models/create_database_from_backup_details.rb +18 -4
- data/lib/oci/internal/util.rb +1 -1
- data/lib/oci/regions.rb +3 -0
- data/lib/oci/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e2b92722ec1966e7dde1c815a6f17cc9ce02a78ae34c69e74915e3d196e2517c
|
4
|
+
data.tar.gz: 70ef65d3a37c9f629cbe2df847e1e7ccf0befd6677eb2c6c60be7325df052f38
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7983dd94e186bfdf68ac94791f5f94cdfca632442385228ae344f8f7aeb078a2af779ab0629f33d99aad0d55015bb7579126d2c9fac95e791fe39bbb6c024265
|
7
|
+
data.tar.gz: ac8b2b4bd13f1beefd3c1a6aa1fae13609f50d6a3c4960716e0885e432d9e0cdaa0a1055ba35f5e77aa7f5f94fb428f3630e2ceba8ccd79f7eb2c82a57dd44aa
|
data/README.md
CHANGED
@@ -2,7 +2,6 @@
|
|
2
2
|
|
3
3
|
require 'json'
|
4
4
|
require 'net/http'
|
5
|
-
require 'thread'
|
6
5
|
|
7
6
|
require 'oci/auth/internal/auth_token_request_signer'
|
8
7
|
require 'oci/auth/session_key_supplier'
|
@@ -27,6 +26,8 @@ module OCI
|
|
27
26
|
# @return [OCI::Auth::SessionKeySupplier] A supplier which vends a private and public key for signing token requests to Auth Service
|
28
27
|
attr_reader :session_key_supplier
|
29
28
|
|
29
|
+
# rubocop:disable Metrics/LineLength
|
30
|
+
|
30
31
|
# Creates a new FederationClient
|
31
32
|
#
|
32
33
|
# @param [String] federation_endpoint The Auth Service endpoint from which to retrieve the token
|
@@ -51,6 +52,8 @@ module OCI
|
|
51
52
|
@security_token = nil
|
52
53
|
end
|
53
54
|
|
55
|
+
# rubocop:enable Metrics/LineLength
|
56
|
+
|
54
57
|
# Retrieves a security token, but always asks Auth Service for a new token, regardless of whether or not the previously requested
|
55
58
|
# token is still valid
|
56
59
|
# @return [String] The security token
|
@@ -63,69 +66,84 @@ module OCI
|
|
63
66
|
# @return [String] The security token
|
64
67
|
def security_token
|
65
68
|
return @security_token.security_token if @security_token && @security_token.token_valid?
|
69
|
+
|
66
70
|
refresh_security_token_inner
|
67
71
|
end
|
68
72
|
|
69
73
|
private
|
70
|
-
def refresh_security_token_inner
|
71
|
-
@refresh_lock.lock
|
72
|
-
|
73
|
-
@session_key_supplier.refresh
|
74
|
-
@leaf_certificate_supplier.refresh
|
75
74
|
|
76
|
-
|
77
|
-
raise "Unexpected update of tenancy OCID in the leaf certificate. Previous tenancy: #{@tenancy_id}, Updated: #{updated_tenancy_id}" if updated_tenancy_id != @tenancy_id
|
75
|
+
# rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity
|
78
76
|
|
79
|
-
|
77
|
+
def refresh_security_token_inner
|
78
|
+
@refresh_lock.lock
|
80
79
|
|
81
|
-
|
82
|
-
|
83
|
-
'certificate': OCI::Auth::Util.sanitize_certificate_string(leaf_certificate_pem),
|
84
|
-
'publicKey': OCI::Auth::Util.sanitize_certificate_string(@session_key_supplier.key_pair[:public_key].to_pem)
|
85
|
-
}
|
80
|
+
@session_key_supplier.refresh
|
81
|
+
@leaf_certificate_supplier.refresh
|
86
82
|
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
fingerprint = OCI::Auth::Util.colon_separate_fingerprint(OpenSSL::Digest::SHA1.new(@leaf_certificate_supplier.certificate.to_der).to_s)
|
94
|
-
signer = OCI::Auth::Internal::AuthTokenRequestSigner.new(@tenancy_id, fingerprint, @leaf_certificate_supplier.private_key_pem)
|
95
|
-
|
96
|
-
request = Net::HTTP::Post.new(@federation_endpoint)
|
97
|
-
request.body = request_payload.to_json
|
83
|
+
updated_tenancy_id = OCI::Auth::Util.get_tenancy_id_from_certificate(@leaf_certificate_supplier.certificate)
|
84
|
+
if updated_tenancy_id != @tenancy_id
|
85
|
+
raise 'Unexpected update of tenancy OCID in the leaf certificate.' \
|
86
|
+
"Previous tenancy: #{@tenancy_id}, Updated: #{updated_tenancy_id}"
|
87
|
+
end
|
98
88
|
|
99
|
-
|
100
|
-
header_params['content-type'] = 'application/json'
|
101
|
-
signer.sign(:post, @federation_endpoint, header_params, request.body)
|
102
|
-
header_params.each { |key, value| request[key.to_s] = value }
|
89
|
+
@intermediate_certificate_suppliers.each(&:refresh)
|
103
90
|
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
91
|
+
leaf_certificate_pem = @leaf_certificate_supplier.certificate_pem
|
92
|
+
request_payload = {
|
93
|
+
'certificate': OCI::Auth::Util.sanitize_certificate_string(leaf_certificate_pem),
|
94
|
+
'publicKey': OCI::Auth::Util.sanitize_certificate_string(@session_key_supplier.key_pair[:public_key].to_pem)
|
95
|
+
}
|
108
96
|
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
end
|
97
|
+
unless @intermediate_certificate_suppliers.empty?
|
98
|
+
retrieved_certs = []
|
99
|
+
@intermediate_certificate_suppliers.each do |supplier|
|
100
|
+
retrieved_certs << OCI::Auth::Util.sanitize_certificate_string(supplier.certificate_pem)
|
114
101
|
end
|
102
|
+
request_payload['intermediateCertificates'] = retrieved_certs
|
103
|
+
end
|
115
104
|
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
105
|
+
fingerprint = OCI::Auth::Util.colon_separate_fingerprint(
|
106
|
+
OpenSSL::Digest::SHA1.new(@leaf_certificate_supplier.certificate.to_der).to_s
|
107
|
+
)
|
108
|
+
signer = OCI::Auth::Internal::AuthTokenRequestSigner.new(@tenancy_id,
|
109
|
+
fingerprint,
|
110
|
+
@leaf_certificate_supplier.private_key_pem)
|
111
|
+
|
112
|
+
request = Net::HTTP::Post.new(@federation_endpoint)
|
113
|
+
request.body = request_payload.to_json
|
114
|
+
|
115
|
+
header_params = {}
|
116
|
+
header_params['content-type'] = 'application/json'
|
117
|
+
signer.sign(:post, @federation_endpoint, header_params, request.body)
|
118
|
+
header_params.each { |key, value| request[key.to_s] = value }
|
119
|
+
|
120
|
+
# Additional header info to aid in debugging issues
|
121
|
+
request['opc-client-info'] = OCI::ApiClient.build_user_info
|
122
|
+
request['opc-request-id'] ||= OCI::ApiClient.build_request_id
|
123
|
+
request['User-Agent'] = OCI::ApiClient.build_user_agent
|
124
|
+
|
125
|
+
raw_body = nil
|
126
|
+
@federation_http_client.start do
|
127
|
+
@federation_http_client.request(request) do |response|
|
128
|
+
raw_body = response.body
|
123
129
|
end
|
130
|
+
end
|
131
|
+
|
132
|
+
begin
|
133
|
+
parsed_response = JSON.parse(raw_body)
|
134
|
+
raise "No token received in the response from auth service: #{raw_body}" unless parsed_response.key?('token')
|
124
135
|
|
125
|
-
@security_token.
|
126
|
-
|
127
|
-
|
136
|
+
@security_token = OCI::Auth::SecurityTokenContainer.new(parsed_response['token'])
|
137
|
+
rescue JSON::ParserError => ex
|
138
|
+
raise "Unable to parse response from Auth Service [#{ex}]: #{raw_body}"
|
128
139
|
end
|
140
|
+
|
141
|
+
@security_token.security_token
|
142
|
+
ensure
|
143
|
+
@refresh_lock.unlock if @refresh_lock.locked? && @refresh_lock.owned?
|
144
|
+
end
|
145
|
+
|
146
|
+
# rubocop:enable Metrics/AbcSize, Metrics/CyclomaticComplexity
|
129
147
|
end
|
130
148
|
end
|
131
149
|
end
|
@@ -18,13 +18,18 @@ module OCI
|
|
18
18
|
# @return [String]
|
19
19
|
attr_accessor :admin_password
|
20
20
|
|
21
|
+
# The display name of the database to be created from the backup. It must begin with an alphabetic character and can contain a maximum of eight alphanumeric characters. Special characters are not permitted.
|
22
|
+
# @return [String]
|
23
|
+
attr_accessor :db_name
|
24
|
+
|
21
25
|
# Attribute mapping from ruby-style variable name to JSON key.
|
22
26
|
def self.attribute_map
|
23
27
|
{
|
24
28
|
# rubocop:disable Style/SymbolLiteral
|
25
29
|
'backup_id': :'backupId',
|
26
30
|
'backup_tde_password': :'backupTDEPassword',
|
27
|
-
'admin_password': :'adminPassword'
|
31
|
+
'admin_password': :'adminPassword',
|
32
|
+
'db_name': :'dbName'
|
28
33
|
# rubocop:enable Style/SymbolLiteral
|
29
34
|
}
|
30
35
|
end
|
@@ -35,7 +40,8 @@ module OCI
|
|
35
40
|
# rubocop:disable Style/SymbolLiteral
|
36
41
|
'backup_id': :'String',
|
37
42
|
'backup_tde_password': :'String',
|
38
|
-
'admin_password': :'String'
|
43
|
+
'admin_password': :'String',
|
44
|
+
'db_name': :'String'
|
39
45
|
# rubocop:enable Style/SymbolLiteral
|
40
46
|
}
|
41
47
|
end
|
@@ -49,6 +55,7 @@ module OCI
|
|
49
55
|
# @option attributes [String] :backup_id The value to assign to the {#backup_id} property
|
50
56
|
# @option attributes [String] :backup_tde_password The value to assign to the {#backup_tde_password} property
|
51
57
|
# @option attributes [String] :admin_password The value to assign to the {#admin_password} property
|
58
|
+
# @option attributes [String] :db_name The value to assign to the {#db_name} property
|
52
59
|
def initialize(attributes = {})
|
53
60
|
return unless attributes.is_a?(Hash)
|
54
61
|
|
@@ -72,6 +79,12 @@ module OCI
|
|
72
79
|
raise 'You cannot provide both :adminPassword and :admin_password' if attributes.key?(:'adminPassword') && attributes.key?(:'admin_password')
|
73
80
|
|
74
81
|
self.admin_password = attributes[:'admin_password'] if attributes[:'admin_password']
|
82
|
+
|
83
|
+
self.db_name = attributes[:'dbName'] if attributes[:'dbName']
|
84
|
+
|
85
|
+
raise 'You cannot provide both :dbName and :db_name' if attributes.key?(:'dbName') && attributes.key?(:'db_name')
|
86
|
+
|
87
|
+
self.db_name = attributes[:'db_name'] if attributes[:'db_name']
|
75
88
|
end
|
76
89
|
# rubocop:enable Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/PerceivedComplexity
|
77
90
|
# rubocop:enable Metrics/LineLength, Metrics/MethodLength, Layout/EmptyLines, Style/SymbolLiteral
|
@@ -87,7 +100,8 @@ module OCI
|
|
87
100
|
self.class == other.class &&
|
88
101
|
backup_id == other.backup_id &&
|
89
102
|
backup_tde_password == other.backup_tde_password &&
|
90
|
-
admin_password == other.admin_password
|
103
|
+
admin_password == other.admin_password &&
|
104
|
+
db_name == other.db_name
|
91
105
|
end
|
92
106
|
# rubocop:enable Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/PerceivedComplexity, Metrics/LineLength, Layout/EmptyLines
|
93
107
|
|
@@ -103,7 +117,7 @@ module OCI
|
|
103
117
|
# Calculates hash code according to all attributes.
|
104
118
|
# @return [Fixnum] Hash code
|
105
119
|
def hash
|
106
|
-
[backup_id, backup_tde_password, admin_password].hash
|
120
|
+
[backup_id, backup_tde_password, admin_password, db_name].hash
|
107
121
|
end
|
108
122
|
# rubocop:enable Metrics/AbcSize, Metrics/LineLength, Layout/EmptyLines
|
109
123
|
|
data/lib/oci/internal/util.rb
CHANGED
@@ -4,7 +4,7 @@ module OCI
|
|
4
4
|
module Internal
|
5
5
|
# Utility methods for internal use only.
|
6
6
|
module Util
|
7
|
-
BLANK_STRING_REGEX = /\A[[:space:]]*\z
|
7
|
+
BLANK_STRING_REGEX = /\A[[:space:]]*\z/.freeze
|
8
8
|
def self.blank_string?(str)
|
9
9
|
str.nil? || str.empty? || !BLANK_STRING_REGEX.match(str).nil?
|
10
10
|
end
|
data/lib/oci/regions.rb
CHANGED
@@ -4,6 +4,7 @@ module OCI
|
|
4
4
|
# Module defining available regions and helper methods to get value service endpoints
|
5
5
|
module Regions
|
6
6
|
REGION_ENUM = [
|
7
|
+
REGION_CA_TORONTO_1 = 'ca-toronto-1'.freeze,
|
7
8
|
REGION_US_PHOENIX_1 = 'us-phoenix-1'.freeze,
|
8
9
|
REGION_US_ASHBURN_1 = 'us-ashburn-1'.freeze,
|
9
10
|
REGION_EU_FRANKFURT_1 = 'eu-frankfurt-1'.freeze,
|
@@ -11,6 +12,7 @@ module OCI
|
|
11
12
|
].freeze
|
12
13
|
|
13
14
|
REGION_SHORT_NAMES_TO_LONG_NAMES = {
|
15
|
+
'yyz': REGION_CA_TORONTO_1,
|
14
16
|
'phx': REGION_US_PHOENIX_1,
|
15
17
|
'iad': REGION_US_ASHBURN_1,
|
16
18
|
'fra': REGION_EU_FRANKFURT_1,
|
@@ -19,6 +21,7 @@ module OCI
|
|
19
21
|
|
20
22
|
# --- Start of region realm mapping ---
|
21
23
|
REGION_REALM_MAPPING = {
|
24
|
+
'ca-toronto-1': 'oc1'.freeze,
|
22
25
|
'us-phoenix-1': 'oc1'.freeze,
|
23
26
|
'us-ashburn-1': 'oc1'.freeze,
|
24
27
|
'eu-frankfurt-1': 'oc1'.freeze,
|
data/lib/oci/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: oci
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.4.
|
4
|
+
version: 2.4.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Oracle
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-01-
|
11
|
+
date: 2019-01-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: json
|