pe_rbac 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/exe/pe_rbac +34 -8
  3. data/lib/pe_rbac/version.rb +1 -1
  4. data/lib/pe_rbac.rb +29 -12
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e8e46eabe4fa453dae8cef44b5ae0f7371d9a2bb
4
- data.tar.gz: d89e915974bd3bd5b7edb4bbc45e4736411905c6
3
+ metadata.gz: 858d59d7f1c47371a5f8379f5a9aa271d2ad6078
4
+ data.tar.gz: 0f2bd35912191340c9978a0d08547d87bb6dc09b
5
5
  SHA512:
6
- metadata.gz: 0033af434edc4f964d0e442e66dca216551052d1e39c424648841d312949bcf3aabb1e82c0c7afbe8e74a15b1cb28a663e87728b5636958d06cc6cd319dad960
7
- data.tar.gz: 3a13fd98d0dfd3aaac65e6609fb412bc090183d45bb01a145971e42538047f569e4bd7a53a1038bf39d9533cd6077d1809721ca6ac61fd58738f1638f01b6136
6
+ metadata.gz: 07a17310e5e1369d72a97eba970a34dd5d33b919eac5a4ae8d9bbca6145ccd5c7692ffc955285a4229aaf00a065f02fd66471e8f56f80ad4299271018eb6d7a1
7
+ data.tar.gz: 6ade6201c2003bcab6790d99086dfb4d4519ab9e2d226bc805406f0a246e438115dc7dd37b1ac16f721af0c12d1853acf9e46a03fcd0282610d7e03b4e3e8a82
data/exe/pe_rbac CHANGED
@@ -18,7 +18,7 @@ Escort::App.create do |app|
18
18
  username = options[:global][:commands][cmd][:options][:username]
19
19
  password = options[:global][:commands][cmd][:options][:password]
20
20
  email = options[:global][:commands][cmd][:options][:email]
21
-
21
+
22
22
  role_ids = PeRbac::get_role_ids(role)
23
23
 
24
24
  perms = [{
@@ -29,13 +29,13 @@ Escort::App.create do |app|
29
29
 
30
30
  # only need to update the role since its built-in
31
31
  PeRbac::update_role(
32
- role,
32
+ role,
33
33
  nil,
34
- perms,
34
+ perms,
35
35
  )
36
36
 
37
37
  PeRbac::ensure_user(username, email, username, password, role_ids)
38
- PeRbac::login(username, password, lifetime)
38
+ PeRbac::login(username, password, lifetime)
39
39
  end
40
40
  command.options do |opts|
41
41
  opts.opt(:username,
@@ -91,15 +91,15 @@ Escort::App.create do |app|
91
91
  "action" => "edit_data",
92
92
  "instance" => "*",
93
93
  })
94
- end
94
+ end
95
95
 
96
96
  # create/update the role
97
97
  PeRbac::ensure_role(
98
98
  role,
99
- description,
99
+ description,
100
100
  perms
101
101
  )
102
-
102
+
103
103
  # get the ID of the newly created role
104
104
  role_ids = PeRbac::get_role_ids(role)
105
105
 
@@ -141,7 +141,33 @@ Escort::App.create do |app|
141
141
  'Custommise the role description',
142
142
  :long => '--description',
143
143
  :default => 'Token access to PuppetDB'
144
- )
144
+ )
145
+ end
146
+ end
147
+
148
+ app.command :reset_password do |command|
149
+ command.summary "Reset a logon password"
150
+ command.description "Obtain a reset token and then reset a password"
151
+ command.action do |options, arguments|\
152
+ # fixme - obtain automatically
153
+ cmd = :reset_password
154
+ username = options[:global][:commands][cmd][:options][:username]
155
+ password = options[:global][:commands][cmd][:options][:password]
156
+
157
+ PeRbac::reset_password(username, password)
158
+ end
159
+ command.options do |opts|
160
+ opts.opt(:username,
161
+ 'Username to reset',
162
+ :long => '--username',
163
+ :default => 'admin'
164
+ )
165
+ opts.opt(:password,
166
+ 'Password to reset to',
167
+ :long => '--password',
168
+ :default => 'changeme'
169
+ )
145
170
  end
146
171
  end
172
+
147
173
  end
data/lib/pe_rbac/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module PeRbac
2
- VERSION = "0.2.0"
2
+ VERSION = "0.3.0"
3
3
  end
data/lib/pe_rbac.rb CHANGED
@@ -12,7 +12,7 @@ module PeRbac
12
12
  pe_new_cert = "#{ssldir}/certs/#{fqdn}.pem"
13
13
 
14
14
  # pe 2016.4.0 removes the pe-internal-orchestrator.pem file but old systems
15
- # will still have the client cert (which won't work), so pick based on
15
+ # will still have the client cert (which won't work), so pick based on
16
16
  # using pe-internal-orchestrator.pem if its available
17
17
  if File.exist?(pe_old_pk)
18
18
  pk = pe_old_pk
@@ -34,7 +34,7 @@ module PeRbac
34
34
 
35
35
  #
36
36
  # user
37
- #
37
+ #
38
38
 
39
39
  def self.get_users
40
40
  JSON.parse(_request(:get, '/users').body)
@@ -97,8 +97,8 @@ module PeRbac
97
97
  user['email'] = email ? email : user['email']
98
98
  user['display_name'] = display_name ? display_name : user['display_name']
99
99
  end
100
- user['role_ids'] = role_ids ? role_ids : user['role_ids']
101
- user['is_revoked'] = (! is_revoked.nil?) ? is_revoked : user['is_revoked']
100
+ user['role_ids'] = role_ids ? role_ids : user['role_ids']
101
+ user['is_revoked'] = (! is_revoked.nil?) ? is_revoked : user['is_revoked']
102
102
 
103
103
  _request(:put, "/users/#{user['id']}", user)
104
104
  end
@@ -113,7 +113,7 @@ module PeRbac
113
113
 
114
114
  _request(:post, '/auth/reset', reset)
115
115
  end
116
-
116
+
117
117
  #
118
118
  # role
119
119
  #
@@ -138,7 +138,7 @@ module PeRbac
138
138
  found
139
139
  end
140
140
 
141
-
141
+
142
142
  # get the role id for a display name
143
143
  # eg ['Code Deployers', 'blah'] => [4,8]
144
144
  def self.get_role_ids(display_names)
@@ -167,8 +167,8 @@ module PeRbac
167
167
  create_role(display_name, description, permissions, user_ids)
168
168
  end
169
169
  end
170
-
171
- # https://docs.puppet.com/pe/latest/rbac_roles_v1.html#post-roles
170
+
171
+ # https://docs.puppet.com/pe/latest/rbac_roles_v1.html#post-roles
172
172
  def self.create_role(display_name, description=display_name, permissions=[], user_ids=[], group_ids=[])
173
173
  role = {
174
174
  "permissions" => permissions,
@@ -182,7 +182,7 @@ module PeRbac
182
182
 
183
183
  def self.update_role(display_name, description=nil, permissions=nil, user_ids=nil, group_ids=nil)
184
184
  role_id = get_role_id(display_name)
185
- if role_id
185
+ if role_id
186
186
  role = get_role(role_id)
187
187
  role['display_name'] = display_name ? display_name : role['display_name']
188
188
  role['description'] = description ? display_name : role['description']
@@ -195,7 +195,7 @@ module PeRbac
195
195
  raise("No such role exists: #{display_name} create it first or use ensure_role")
196
196
  end
197
197
  end
198
-
198
+
199
199
 
200
200
  #
201
201
  # Permissions
@@ -213,7 +213,7 @@ module PeRbac
213
213
  "login" => login,
214
214
  "password" => password,
215
215
  }
216
-
216
+
217
217
  # see https://docs.puppet.com/pe/latest/rbac_token_auth.html#setting-a-token-specific-lifetime
218
218
  if lifetime
219
219
  payload["lifetime"] = lifetime
@@ -232,6 +232,23 @@ module PeRbac
232
232
  File.chmod(0600, tokenfile)
233
233
  end
234
234
 
235
+ def self.reset_password(login, password)
236
+ # lookup user id
237
+ user_id = self.get_user_id(login)
238
+ if user_id
239
+ # get password reset token
240
+ reset_token = _request(:post, "/users/#{user_id}/password/reset")
241
+
242
+ # reset password
243
+ _request(:post, '/auth/reset', {
244
+ 'token' => reset_token,
245
+ 'password' => password,
246
+ })
247
+ else
248
+ Escort::Logger.error.error "No such user: #{login}"
249
+ end
250
+ end
251
+
235
252
  private
236
253
 
237
254
  def self._request(method, path, payload=nil, raw=false)
@@ -247,7 +264,7 @@ module PeRbac
247
264
  end
248
265
  begin
249
266
  RestClient::Request.execute(
250
- method: method,
267
+ method: method,
251
268
  url: url,
252
269
  ssl_ca_file: CONF[:cacert],
253
270
  ssl_client_cert: OpenSSL::X509::Certificate.new(File.read(CONF[:cert])),
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pe_rbac
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Geoff Williams
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-11-16 00:00:00.000000000 Z
11
+ date: 2016-11-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler