pe_rbac 0.2.0 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/exe/pe_rbac +34 -8
  3. data/lib/pe_rbac/version.rb +1 -1
  4. data/lib/pe_rbac.rb +29 -12
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e8e46eabe4fa453dae8cef44b5ae0f7371d9a2bb
4
- data.tar.gz: d89e915974bd3bd5b7edb4bbc45e4736411905c6
3
+ metadata.gz: 858d59d7f1c47371a5f8379f5a9aa271d2ad6078
4
+ data.tar.gz: 0f2bd35912191340c9978a0d08547d87bb6dc09b
5
5
  SHA512:
6
- metadata.gz: 0033af434edc4f964d0e442e66dca216551052d1e39c424648841d312949bcf3aabb1e82c0c7afbe8e74a15b1cb28a663e87728b5636958d06cc6cd319dad960
7
- data.tar.gz: 3a13fd98d0dfd3aaac65e6609fb412bc090183d45bb01a145971e42538047f569e4bd7a53a1038bf39d9533cd6077d1809721ca6ac61fd58738f1638f01b6136
6
+ metadata.gz: 07a17310e5e1369d72a97eba970a34dd5d33b919eac5a4ae8d9bbca6145ccd5c7692ffc955285a4229aaf00a065f02fd66471e8f56f80ad4299271018eb6d7a1
7
+ data.tar.gz: 6ade6201c2003bcab6790d99086dfb4d4519ab9e2d226bc805406f0a246e438115dc7dd37b1ac16f721af0c12d1853acf9e46a03fcd0282610d7e03b4e3e8a82
data/exe/pe_rbac CHANGED
@@ -18,7 +18,7 @@ Escort::App.create do |app|
18
18
  username = options[:global][:commands][cmd][:options][:username]
19
19
  password = options[:global][:commands][cmd][:options][:password]
20
20
  email = options[:global][:commands][cmd][:options][:email]
21
-
21
+
22
22
  role_ids = PeRbac::get_role_ids(role)
23
23
 
24
24
  perms = [{
@@ -29,13 +29,13 @@ Escort::App.create do |app|
29
29
 
30
30
  # only need to update the role since its built-in
31
31
  PeRbac::update_role(
32
- role,
32
+ role,
33
33
  nil,
34
- perms,
34
+ perms,
35
35
  )
36
36
 
37
37
  PeRbac::ensure_user(username, email, username, password, role_ids)
38
- PeRbac::login(username, password, lifetime)
38
+ PeRbac::login(username, password, lifetime)
39
39
  end
40
40
  command.options do |opts|
41
41
  opts.opt(:username,
@@ -91,15 +91,15 @@ Escort::App.create do |app|
91
91
  "action" => "edit_data",
92
92
  "instance" => "*",
93
93
  })
94
- end
94
+ end
95
95
 
96
96
  # create/update the role
97
97
  PeRbac::ensure_role(
98
98
  role,
99
- description,
99
+ description,
100
100
  perms
101
101
  )
102
-
102
+
103
103
  # get the ID of the newly created role
104
104
  role_ids = PeRbac::get_role_ids(role)
105
105
 
@@ -141,7 +141,33 @@ Escort::App.create do |app|
141
141
  'Custommise the role description',
142
142
  :long => '--description',
143
143
  :default => 'Token access to PuppetDB'
144
- )
144
+ )
145
+ end
146
+ end
147
+
148
+ app.command :reset_password do |command|
149
+ command.summary "Reset a logon password"
150
+ command.description "Obtain a reset token and then reset a password"
151
+ command.action do |options, arguments|\
152
+ # fixme - obtain automatically
153
+ cmd = :reset_password
154
+ username = options[:global][:commands][cmd][:options][:username]
155
+ password = options[:global][:commands][cmd][:options][:password]
156
+
157
+ PeRbac::reset_password(username, password)
158
+ end
159
+ command.options do |opts|
160
+ opts.opt(:username,
161
+ 'Username to reset',
162
+ :long => '--username',
163
+ :default => 'admin'
164
+ )
165
+ opts.opt(:password,
166
+ 'Password to reset to',
167
+ :long => '--password',
168
+ :default => 'changeme'
169
+ )
145
170
  end
146
171
  end
172
+
147
173
  end
data/lib/pe_rbac/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module PeRbac
2
- VERSION = "0.2.0"
2
+ VERSION = "0.3.0"
3
3
  end
data/lib/pe_rbac.rb CHANGED
@@ -12,7 +12,7 @@ module PeRbac
12
12
  pe_new_cert = "#{ssldir}/certs/#{fqdn}.pem"
13
13
 
14
14
  # pe 2016.4.0 removes the pe-internal-orchestrator.pem file but old systems
15
- # will still have the client cert (which won't work), so pick based on
15
+ # will still have the client cert (which won't work), so pick based on
16
16
  # using pe-internal-orchestrator.pem if its available
17
17
  if File.exist?(pe_old_pk)
18
18
  pk = pe_old_pk
@@ -34,7 +34,7 @@ module PeRbac
34
34
 
35
35
  #
36
36
  # user
37
- #
37
+ #
38
38
 
39
39
  def self.get_users
40
40
  JSON.parse(_request(:get, '/users').body)
@@ -97,8 +97,8 @@ module PeRbac
97
97
  user['email'] = email ? email : user['email']
98
98
  user['display_name'] = display_name ? display_name : user['display_name']
99
99
  end
100
- user['role_ids'] = role_ids ? role_ids : user['role_ids']
101
- user['is_revoked'] = (! is_revoked.nil?) ? is_revoked : user['is_revoked']
100
+ user['role_ids'] = role_ids ? role_ids : user['role_ids']
101
+ user['is_revoked'] = (! is_revoked.nil?) ? is_revoked : user['is_revoked']
102
102
 
103
103
  _request(:put, "/users/#{user['id']}", user)
104
104
  end
@@ -113,7 +113,7 @@ module PeRbac
113
113
 
114
114
  _request(:post, '/auth/reset', reset)
115
115
  end
116
-
116
+
117
117
  #
118
118
  # role
119
119
  #
@@ -138,7 +138,7 @@ module PeRbac
138
138
  found
139
139
  end
140
140
 
141
-
141
+
142
142
  # get the role id for a display name
143
143
  # eg ['Code Deployers', 'blah'] => [4,8]
144
144
  def self.get_role_ids(display_names)
@@ -167,8 +167,8 @@ module PeRbac
167
167
  create_role(display_name, description, permissions, user_ids)
168
168
  end
169
169
  end
170
-
171
- # https://docs.puppet.com/pe/latest/rbac_roles_v1.html#post-roles
170
+
171
+ # https://docs.puppet.com/pe/latest/rbac_roles_v1.html#post-roles
172
172
  def self.create_role(display_name, description=display_name, permissions=[], user_ids=[], group_ids=[])
173
173
  role = {
174
174
  "permissions" => permissions,
@@ -182,7 +182,7 @@ module PeRbac
182
182
 
183
183
  def self.update_role(display_name, description=nil, permissions=nil, user_ids=nil, group_ids=nil)
184
184
  role_id = get_role_id(display_name)
185
- if role_id
185
+ if role_id
186
186
  role = get_role(role_id)
187
187
  role['display_name'] = display_name ? display_name : role['display_name']
188
188
  role['description'] = description ? display_name : role['description']
@@ -195,7 +195,7 @@ module PeRbac
195
195
  raise("No such role exists: #{display_name} create it first or use ensure_role")
196
196
  end
197
197
  end
198
-
198
+
199
199
 
200
200
  #
201
201
  # Permissions
@@ -213,7 +213,7 @@ module PeRbac
213
213
  "login" => login,
214
214
  "password" => password,
215
215
  }
216
-
216
+
217
217
  # see https://docs.puppet.com/pe/latest/rbac_token_auth.html#setting-a-token-specific-lifetime
218
218
  if lifetime
219
219
  payload["lifetime"] = lifetime
@@ -232,6 +232,23 @@ module PeRbac
232
232
  File.chmod(0600, tokenfile)
233
233
  end
234
234
 
235
+ def self.reset_password(login, password)
236
+ # lookup user id
237
+ user_id = self.get_user_id(login)
238
+ if user_id
239
+ # get password reset token
240
+ reset_token = _request(:post, "/users/#{user_id}/password/reset")
241
+
242
+ # reset password
243
+ _request(:post, '/auth/reset', {
244
+ 'token' => reset_token,
245
+ 'password' => password,
246
+ })
247
+ else
248
+ Escort::Logger.error.error "No such user: #{login}"
249
+ end
250
+ end
251
+
235
252
  private
236
253
 
237
254
  def self._request(method, path, payload=nil, raw=false)
@@ -247,7 +264,7 @@ module PeRbac
247
264
  end
248
265
  begin
249
266
  RestClient::Request.execute(
250
- method: method,
267
+ method: method,
251
268
  url: url,
252
269
  ssl_ca_file: CONF[:cacert],
253
270
  ssl_client_cert: OpenSSL::X509::Certificate.new(File.read(CONF[:cert])),
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pe_rbac
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Geoff Williams
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-11-16 00:00:00.000000000 Z
11
+ date: 2016-11-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler