pe_rbac 0.3.1 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: b68ee5976cd98508a5b2c2c05c3812f84079c838
4
- data.tar.gz: ddb64bdd13aeea1f9ae5f6c248a6b657e1711821
3
+ metadata.gz: 3014fbdf37cd61996d946ca5ffc913381c487f43
4
+ data.tar.gz: e7843fbae2230eaa7cbdc54c7713a986f5fce735
5
5
  SHA512:
6
- metadata.gz: 6bb111f203b9d472937fdec79ed90cdaf4f9cdcd43b1ebe42e8afb8020128c4e5eb45fa75d11b4e3bde3ee6373bd65dd991cdb4c99ef304e2f14a9ec706b6623
7
- data.tar.gz: 101a4b969b827edd2fa07f1efde04648e81bb98a1e4e2fc3d8d67167021d6821b569d01b14ab87cb83f7e6066d5b9c7980729f78d83e6b3e05208d8fd4149264
6
+ metadata.gz: 274adf65e4a1070b83a6d7eaa5b488dccfc6ce75beb1017390eb11dcd6ca75708c4f537f2232fcbf7a6ff683c462ec6b9ec83c956ee95a2716c4438c20e416f5
7
+ data.tar.gz: 76167510d42307e88eea42dcdd1e3e16d4908ba33373a5579a9068c30a67a37e756f1b51b9db71861e88112e408d8dffd23a791112e2636cd209442bb211c85a
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --format documentation
2
+ --color
data/.travis.yml ADDED
@@ -0,0 +1,6 @@
1
+ sudo: false
2
+ language: ruby
3
+ rvm:
4
+ - 2.2.3
5
+ before_install: gem install bundler -v 1.12.5
6
+
data/LICENSE.txt CHANGED
@@ -1,21 +1,201 @@
1
- The MIT License (MIT)
2
-
3
- Copyright (c) 2016 Geoff Williams
4
-
5
- Permission is hereby granted, free of charge, to any person obtaining a copy
6
- of this software and associated documentation files (the "Software"), to deal
7
- in the Software without restriction, including without limitation the rights
8
- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
- copies of the Software, and to permit persons to whom the Software is
10
- furnished to do so, subject to the following conditions:
11
-
12
- The above copyright notice and this permission notice shall be included in
13
- all copies or substantial portions of the Software.
14
-
15
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
- THE SOFTWARE.
1
+ Apache License
2
+ Version 2.0, January 2004
3
+ http://www.apache.org/licenses/
4
+
5
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6
+
7
+ 1. Definitions.
8
+
9
+ "License" shall mean the terms and conditions for use, reproduction,
10
+ and distribution as defined by Sections 1 through 9 of this document.
11
+
12
+ "Licensor" shall mean the copyright owner or entity authorized by
13
+ the copyright owner that is granting the License.
14
+
15
+ "Legal Entity" shall mean the union of the acting entity and all
16
+ other entities that control, are controlled by, or are under common
17
+ control with that entity. For the purposes of this definition,
18
+ "control" means (i) the power, direct or indirect, to cause the
19
+ direction or management of such entity, whether by contract or
20
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
21
+ outstanding shares, or (iii) beneficial ownership of such entity.
22
+
23
+ "You" (or "Your") shall mean an individual or Legal Entity
24
+ exercising permissions granted by this License.
25
+
26
+ "Source" form shall mean the preferred form for making modifications,
27
+ including but not limited to software source code, documentation
28
+ source, and configuration files.
29
+
30
+ "Object" form shall mean any form resulting from mechanical
31
+ transformation or translation of a Source form, including but
32
+ not limited to compiled object code, generated documentation,
33
+ and conversions to other media types.
34
+
35
+ "Work" shall mean the work of authorship, whether in Source or
36
+ Object form, made available under the License, as indicated by a
37
+ copyright notice that is included in or attached to the work
38
+ (an example is provided in the Appendix below).
39
+
40
+ "Derivative Works" shall mean any work, whether in Source or Object
41
+ form, that is based on (or derived from) the Work and for which the
42
+ editorial revisions, annotations, elaborations, or other modifications
43
+ represent, as a whole, an original work of authorship. For the purposes
44
+ of this License, Derivative Works shall not include works that remain
45
+ separable from, or merely link (or bind by name) to the interfaces of,
46
+ the Work and Derivative Works thereof.
47
+
48
+ "Contribution" shall mean any work of authorship, including
49
+ the original version of the Work and any modifications or additions
50
+ to that Work or Derivative Works thereof, that is intentionally
51
+ submitted to Licensor for inclusion in the Work by the copyright owner
52
+ or by an individual or Legal Entity authorized to submit on behalf of
53
+ the copyright owner. For the purposes of this definition, "submitted"
54
+ means any form of electronic, verbal, or written communication sent
55
+ to the Licensor or its representatives, including but not limited to
56
+ communication on electronic mailing lists, source code control systems,
57
+ and issue tracking systems that are managed by, or on behalf of, the
58
+ Licensor for the purpose of discussing and improving the Work, but
59
+ excluding communication that is conspicuously marked or otherwise
60
+ designated in writing by the copyright owner as "Not a Contribution."
61
+
62
+ "Contributor" shall mean Licensor and any individual or Legal Entity
63
+ on behalf of whom a Contribution has been received by Licensor and
64
+ subsequently incorporated within the Work.
65
+
66
+ 2. Grant of Copyright License. Subject to the terms and conditions of
67
+ this License, each Contributor hereby grants to You a perpetual,
68
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69
+ copyright license to reproduce, prepare Derivative Works of,
70
+ publicly display, publicly perform, sublicense, and distribute the
71
+ Work and such Derivative Works in Source or Object form.
72
+
73
+ 3. Grant of Patent License. Subject to the terms and conditions of
74
+ this License, each Contributor hereby grants to You a perpetual,
75
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76
+ (except as stated in this section) patent license to make, have made,
77
+ use, offer to sell, sell, import, and otherwise transfer the Work,
78
+ where such license applies only to those patent claims licensable
79
+ by such Contributor that are necessarily infringed by their
80
+ Contribution(s) alone or by combination of their Contribution(s)
81
+ with the Work to which such Contribution(s) was submitted. If You
82
+ institute patent litigation against any entity (including a
83
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
84
+ or a Contribution incorporated within the Work constitutes direct
85
+ or contributory patent infringement, then any patent licenses
86
+ granted to You under this License for that Work shall terminate
87
+ as of the date such litigation is filed.
88
+
89
+ 4. Redistribution. You may reproduce and distribute copies of the
90
+ Work or Derivative Works thereof in any medium, with or without
91
+ modifications, and in Source or Object form, provided that You
92
+ meet the following conditions:
93
+
94
+ (a) You must give any other recipients of the Work or
95
+ Derivative Works a copy of this License; and
96
+
97
+ (b) You must cause any modified files to carry prominent notices
98
+ stating that You changed the files; and
99
+
100
+ (c) You must retain, in the Source form of any Derivative Works
101
+ that You distribute, all copyright, patent, trademark, and
102
+ attribution notices from the Source form of the Work,
103
+ excluding those notices that do not pertain to any part of
104
+ the Derivative Works; and
105
+
106
+ (d) If the Work includes a "NOTICE" text file as part of its
107
+ distribution, then any Derivative Works that You distribute must
108
+ include a readable copy of the attribution notices contained
109
+ within such NOTICE file, excluding those notices that do not
110
+ pertain to any part of the Derivative Works, in at least one
111
+ of the following places: within a NOTICE text file distributed
112
+ as part of the Derivative Works; within the Source form or
113
+ documentation, if provided along with the Derivative Works; or,
114
+ within a display generated by the Derivative Works, if and
115
+ wherever such third-party notices normally appear. The contents
116
+ of the NOTICE file are for informational purposes only and
117
+ do not modify the License. You may add Your own attribution
118
+ notices within Derivative Works that You distribute, alongside
119
+ or as an addendum to the NOTICE text from the Work, provided
120
+ that such additional attribution notices cannot be construed
121
+ as modifying the License.
122
+
123
+ You may add Your own copyright statement to Your modifications and
124
+ may provide additional or different license terms and conditions
125
+ for use, reproduction, or distribution of Your modifications, or
126
+ for any such Derivative Works as a whole, provided Your use,
127
+ reproduction, and distribution of the Work otherwise complies with
128
+ the conditions stated in this License.
129
+
130
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
131
+ any Contribution intentionally submitted for inclusion in the Work
132
+ by You to the Licensor shall be under the terms and conditions of
133
+ this License, without any additional terms or conditions.
134
+ Notwithstanding the above, nothing herein shall supersede or modify
135
+ the terms of any separate license agreement you may have executed
136
+ with Licensor regarding such Contributions.
137
+
138
+ 6. Trademarks. This License does not grant permission to use the trade
139
+ names, trademarks, service marks, or product names of the Licensor,
140
+ except as required for reasonable and customary use in describing the
141
+ origin of the Work and reproducing the content of the NOTICE file.
142
+
143
+ 7. Disclaimer of Warranty. Unless required by applicable law or
144
+ agreed to in writing, Licensor provides the Work (and each
145
+ Contributor provides its Contributions) on an "AS IS" BASIS,
146
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147
+ implied, including, without limitation, any warranties or conditions
148
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149
+ PARTICULAR PURPOSE. You are solely responsible for determining the
150
+ appropriateness of using or redistributing the Work and assume any
151
+ risks associated with Your exercise of permissions under this License.
152
+
153
+ 8. Limitation of Liability. In no event and under no legal theory,
154
+ whether in tort (including negligence), contract, or otherwise,
155
+ unless required by applicable law (such as deliberate and grossly
156
+ negligent acts) or agreed to in writing, shall any Contributor be
157
+ liable to You for damages, including any direct, indirect, special,
158
+ incidental, or consequential damages of any character arising as a
159
+ result of this License or out of the use or inability to use the
160
+ Work (including but not limited to damages for loss of goodwill,
161
+ work stoppage, computer failure or malfunction, or any and all
162
+ other commercial damages or losses), even if such Contributor
163
+ has been advised of the possibility of such damages.
164
+
165
+ 9. Accepting Warranty or Additional Liability. While redistributing
166
+ the Work or Derivative Works thereof, You may choose to offer,
167
+ and charge a fee for, acceptance of support, warranty, indemnity,
168
+ or other liability obligations and/or rights consistent with this
169
+ License. However, in accepting such obligations, You may act only
170
+ on Your own behalf and on Your sole responsibility, not on behalf
171
+ of any other Contributor, and only if You agree to indemnify,
172
+ defend, and hold each Contributor harmless for any liability
173
+ incurred by, or claims asserted against, such Contributor by reason
174
+ of your accepting any such warranty or additional liability.
175
+
176
+ END OF TERMS AND CONDITIONS
177
+
178
+ APPENDIX: How to apply the Apache License to your work.
179
+
180
+ To apply the Apache License to your work, attach the following
181
+ boilerplate notice, with the fields enclosed by brackets "{}"
182
+ replaced with your own identifying information. (Don't include
183
+ the brackets!) The text should be enclosed in the appropriate
184
+ comment syntax for the file format. We also recommend that a
185
+ file or class name and description of purpose be included on the
186
+ same "printed page" as the copyright notice for easier
187
+ identification within third-party archives.
188
+
189
+ Copyright {yyyy} {name of copyright owner}
190
+
191
+ Licensed under the Apache License, Version 2.0 (the "License");
192
+ you may not use this file except in compliance with the License.
193
+ You may obtain a copy of the License at
194
+
195
+ http://www.apache.org/licenses/LICENSE-2.0
196
+
197
+ Unless required by applicable law or agreed to in writing, software
198
+ distributed under the License is distributed on an "AS IS" BASIS,
199
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200
+ See the License for the specific language governing permissions and
201
+ limitations under the License.
data/README.md CHANGED
@@ -1,8 +1,18 @@
1
+ [![Build Status](https://travis-ci.org/GeoffWilliams/pe_rbac.svg?branch=master)](https://travis-ci.org/GeoffWilliams/pe_rbac)
1
2
  # PeRbac
2
3
 
3
- Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/pe_rbac`. To experiment with that code, run `bin/console` for an interactive prompt.
4
+ This gem lets you drive the Puppet Enterprise RBAC API from the command line or ruby. While you can of-course do the same thing using the [pltraining/rbac](https://forge.puppet.com/pltraining/rbac) forge module, this requires that you have:
5
+ * Write-access to Puppet's git repository
6
+ * Code Manager setup to read from git
7
+ * A desire to continually enforce your RBAC changes
4
8
 
5
- TODO: Delete this and the text above, and describe your gem
9
+ Since this is often not the case, this gem provides a command line to do things like reset passwords or setup Code Manager with a single command.
10
+
11
+ ## Features/Commands
12
+ * Setup Code Manager
13
+ * Setup Read-only PuppetDB access
14
+ * Reset passwords
15
+ * Ruby API
6
16
 
7
17
  ## Installation
8
18
 
@@ -55,11 +65,8 @@ pe_rbac reset_password --username foo --password 12345678
55
65
  Reset the password for the `foo` user to `12345678`
56
66
 
57
67
  ### Ruby API
58
- An *IN FLUX* Ruby API exists, see code for more info. This WILL change (well it
59
- will if I do any more development work on this...) - expect module names,
60
- functions, etc. to change. In particular, I'm planning:
61
- * Sub-modules/file reorgs
62
- * tests!
68
+ A Ruby API exists, see code for more info. For the moment this code does what I want, but may extend to cover new features as requred.
69
+
63
70
 
64
71
  ## Development
65
72
 
@@ -74,7 +81,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
74
81
 
75
82
  ## Contributing
76
83
 
77
- Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/pe_rbac.
84
+ Bug reports and pull requests are welcome on GitHub at https://github.com/GeoffWilliams/pe_rbac.
78
85
 
79
86
 
80
87
  ## License
data/Rakefile CHANGED
@@ -1,2 +1,6 @@
1
1
  require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
2
6
  task :default => :spec
data/example.rb CHANGED
@@ -28,23 +28,23 @@ begin
28
28
  resp = PeRbac::update_user('test','test@test.com.au', 'mrs test test')
29
29
  puts resp.code
30
30
 
31
- # change password
32
- resp = PeRbac::change_password('test','12345678')
31
+ # reset/change password
32
+ resp = PeRbac::reset_password('test','12345678')
33
33
  puts resp.code
34
34
 
35
35
  # get an API token
36
36
  resp = PeRbac::token('test', '12345678')
37
37
  puts resp
38
-
38
+
39
39
  # create or update a user with role access and write a token
40
- role_ids = PeRbac::get_role_ids('Code Deployers')
40
+ role_id = PeRbac::get_role_id('Code Deployers')
41
41
  perms = {
42
42
  "objectType" => "tokens",
43
43
  "action" => "override_lifetime",
44
44
  "instance" => nil,
45
45
  }
46
46
  PeRbac::update_role('Code Deployers', permissions=perms)
47
- PeRbac::ensure_user('psquared', 'root@localhost', 'psquared', 'changeme', role_ids)
47
+ PeRbac::ensure_user('psquared', 'root@localhost', 'psquared', 'changeme', role_id)
48
48
  PeRbac::login('psquared', 'changeme', '10y')
49
49
 
50
50
  # what permissions are there?
data/exe/pe_rbac CHANGED
@@ -1,7 +1,29 @@
1
1
  #!/usr/bin/env ruby
2
+ #
3
+ # Copyright 2016 Geoff Williams for Puppet Inc.
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
2
17
  require 'pe_rbac'
18
+ require 'pe_rbac/action'
19
+ require 'pe_rbac/core'
20
+ require 'pe_rbac/role'
21
+ require 'pe_rbac/user'
3
22
  require 'escort'
4
23
 
24
+ # display help if nothing specified
25
+ ARGV.push('-h') if ARGV.empty?
26
+
5
27
  Escort::App.create do |app|
6
28
  app.version PeRbac::VERSION
7
29
  app.summary "pe_rbac"
@@ -19,9 +41,8 @@ Escort::App.create do |app|
19
41
  password = options[:global][:commands][cmd][:options][:password]
20
42
  email = options[:global][:commands][cmd][:options][:email]
21
43
 
22
- role_ids = PeRbac::get_role_ids(role)
23
- # always returns an array even though there should only be one match
24
- role_data = PeRbac::get_role(role_ids.first)
44
+ role_id = PeRbac::Role::get_role_id(role)
45
+ role_data = PeRbac::Role::get_role(role_id)
25
46
 
26
47
  perms = [{
27
48
  "object_type" => "tokens",
@@ -30,14 +51,14 @@ Escort::App.create do |app|
30
51
  }]
31
52
 
32
53
  # only need to update the role since its built-in
33
- PeRbac::update_role(
54
+ PeRbac::Role::update_role(
34
55
  role,
35
56
  nil,
36
- PeRbac::merge_permissions(role_data['permissions'], perms)
57
+ PeRbac::Core::merge_permissions(role_data['permissions'], perms)
37
58
  )
38
59
 
39
- PeRbac::ensure_user(username, email, username, password, role_ids)
40
- PeRbac::login(username, password, lifetime)
60
+ PeRbac::User::ensure_user(username, email, username, password, role_id)
61
+ PeRbac::Action::login(username, password, lifetime)
41
62
  end
42
63
  command.options do |opts|
43
64
  opts.opt(:username,
@@ -96,20 +117,20 @@ Escort::App.create do |app|
96
117
  end
97
118
 
98
119
  # create/update the role
99
- PeRbac::ensure_role(
120
+ PeRbac::Role::ensure_role(
100
121
  role,
101
122
  description,
102
123
  perms
103
124
  )
104
125
 
105
126
  # get the ID of the newly created role
106
- role_ids = PeRbac::get_role_ids(role)
127
+ role_id = PeRbac::Role::get_role_id(role)
107
128
 
108
129
  # join a user to the role
109
- PeRbac::ensure_user(username, email, username, password, role_ids)
130
+ PeRbac::User::ensure_user(username, email, username, password, role_id)
110
131
 
111
132
  # Generate and output the token
112
- token = PeRbac::token(username, password, lifetime)
133
+ token = PeRbac::Action::token(username, password, lifetime)
113
134
  Escort::Logger.output.puts token
114
135
  end
115
136
  command.options do |opts|
@@ -156,7 +177,7 @@ Escort::App.create do |app|
156
177
  username = options[:global][:commands][cmd][:options][:username]
157
178
  password = options[:global][:commands][cmd][:options][:password]
158
179
 
159
- PeRbac::reset_password(username, password)
180
+ PeRbac::Action::reset_password(username, password)
160
181
  end
161
182
  command.options do |opts|
162
183
  opts.opt(:username,
@@ -0,0 +1,68 @@
1
+ #
2
+ # Copyright 2016 Geoff Williams for Puppet Inc.
3
+ #
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+ #
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+ #
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
16
+ require 'pe_rbac/core'
17
+ require 'pe_rbac/user'
18
+ module PeRbac
19
+ module Action
20
+
21
+ #
22
+ # Token
23
+ #
24
+ def self.token(login, password, lifetime=false)
25
+ payload = {
26
+ "login" => login,
27
+ "password" => password,
28
+ }
29
+
30
+ # see https://docs.puppet.com/pe/latest/rbac_token_auth.html#setting-a-token-specific-lifetime
31
+ if lifetime
32
+ payload["lifetime"] = lifetime
33
+ end
34
+ resp = PeRbac::Core::request(:post, '/auth/token', payload)
35
+ resp ? JSON.parse(resp.body)['token'] : false
36
+ end
37
+
38
+ def self.login(login, password, lifetime=false)
39
+ dirname = Dir.home + '/.puppetlabs'
40
+ tokenfile = dirname + '/token'
41
+ if ! Dir.exist?(dirname)
42
+ Dir.mkdir(dirname, 0700)
43
+ end
44
+ File.write(tokenfile, token(login, password, lifetime))
45
+ File.chmod(0600, tokenfile)
46
+ end
47
+
48
+ def self.reset_password(login, password)
49
+ # lookup user id
50
+ user_id = User::get_user_id(login)
51
+ status = false
52
+ if user_id
53
+ # get password reset token
54
+ reset_token = PeRbac::Core::request(:post, "/users/#{user_id}/password/reset")
55
+
56
+ # reset password
57
+ PeRbac::Core::request(:post, '/auth/reset', {
58
+ 'token' => reset_token,
59
+ 'password' => password,
60
+ })
61
+ status = true
62
+ end
63
+ status
64
+ end
65
+
66
+
67
+ end
68
+ end
@@ -0,0 +1,122 @@
1
+ #
2
+ # Copyright 2016 Geoff Williams for Puppet Inc.
3
+ #
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+ #
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+ #
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
16
+ require 'escort'
17
+ module PeRbac
18
+ module Core
19
+ @@ssldir = '/etc/puppetlabs/puppet/ssl'
20
+ @@fqdn = %x(facter fqdn).strip.downcase
21
+
22
+ def self.set_ssldir(ssldir)
23
+ @@ssldir = ssldir
24
+ end
25
+
26
+ def self.get_ssldir
27
+ @@ssldir
28
+ end
29
+
30
+ def self.set_fqdn(fqdn)
31
+ @@fqdn = fqdn
32
+ end
33
+
34
+ def self.get_fqdn
35
+ @@fqdn
36
+ end
37
+
38
+ def self.get_conf
39
+ pe_old_pk = "#{@@ssldir}/private_keys/pe-internal-orchestrator.pem"
40
+ pe_old_cert = "#{@@ssldir}/certs/pe-internal-orchestrator.pem"
41
+ pe_new_pk = "#{@@ssldir}/private_keys/#{@@fqdn}.pem"
42
+ pe_new_cert = "#{@@ssldir}/certs/#{@@fqdn}.pem"
43
+
44
+ # pe 2016.4.0 removes the pe-internal-orchestrator.pem file but old systems
45
+ # will still have the client cert (which won't work), so pick based on
46
+ # using pe-internal-orchestrator.pem if its available
47
+ if File.exist?(pe_old_pk)
48
+ pk = pe_old_pk
49
+ cert = pe_old_cert
50
+ else
51
+ pk = pe_new_pk
52
+ cert = pe_new_cert
53
+ end
54
+
55
+ conf = {
56
+ host: @@fqdn,
57
+ port: 4433,
58
+ cert: cert,
59
+ key: pk,
60
+ cacert: @@ssldir + '/certs/ca.pem'
61
+ }
62
+ end
63
+
64
+ def self.request(method, path, payload=nil, raw=false)
65
+ conf = get_conf()
66
+ url = "https://#{conf[:host]}:#{conf[:port]}#{PeRbac::BASE_URI}#{path}"
67
+ if payload
68
+ if raw
69
+ _payload=payload
70
+ else
71
+ _payload=payload.to_json
72
+ end
73
+ else
74
+ _payload=nil
75
+ end
76
+ begin
77
+ result = RestClient::Request.execute(
78
+ method: method,
79
+ url: url,
80
+ ssl_ca_file: conf[:cacert],
81
+ ssl_client_cert: OpenSSL::X509::Certificate.new(File.read(conf[:cert])),
82
+ ssl_client_key: OpenSSL::PKey::RSA.new(File.read(conf[:key])),
83
+ ssl_version: :TLSv1_2,
84
+ headers: {:content_type => :json, :accept => :json},
85
+ payload: _payload,
86
+ )
87
+ rescue RestClient::ExceptionWithResponse => e
88
+ Escort::Logger.error.error url
89
+ Escort::Logger.error.error _payload
90
+ Escort::Logger.error.error e.response
91
+ result = false
92
+ end
93
+
94
+ result
95
+ end
96
+
97
+
98
+ # return a new array of permissions, adding the permission `ensure` to the
99
+ # existing permissions if required
100
+ def self.merge_permissions(existing, ensure_perms)
101
+ # duplicate existing array of hash
102
+ permissions = existing.map do |e| e.dup end
103
+
104
+ ensure_perms.each { |ensure_perm|
105
+ ensure_perm_exists = false
106
+ existing.each { |existing_perm|
107
+ if existing_perm['object_type'] == ensure_perm['object_type'] and
108
+ existing_perm['action'] == ensure_perm['action'] and
109
+ existing_perm['instance'] == ensure_perm['instance']
110
+ ensure_perm_exists = true
111
+ end
112
+ }
113
+ if ! ensure_perm_exists
114
+ permissions.push(ensure_perm)
115
+ end
116
+ }
117
+
118
+ permissions
119
+ end
120
+ end
121
+
122
+ end
@@ -0,0 +1,28 @@
1
+ #
2
+ # Copyright 2016 Geoff Williams for Puppet Inc.
3
+ #
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+ #
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+ #
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
16
+ require 'pe_rbac/core'
17
+
18
+ module PeRbac
19
+ module Permission
20
+ #
21
+ # Permissions
22
+ #
23
+ def self.get_permissions()
24
+ resp = PeRbac::Core::request(:get, "/types")
25
+ resp ? JSON.parse(resp.body) : false
26
+ end
27
+ end
28
+ end
@@ -0,0 +1,83 @@
1
+ #
2
+ # Copyright 2016 Geoff Williams for Puppet Inc.
3
+ #
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+ #
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+ #
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
16
+ require 'pe_rbac/core'
17
+
18
+ module PeRbac
19
+ module Role
20
+ #
21
+ # role
22
+ #
23
+ def self.get_roles
24
+ JSON.parse(PeRbac::Core::request(:get, "/roles").body)
25
+ end
26
+
27
+ def self.get_role(id)
28
+ resp = PeRbac::Core::request(:get, "/roles/#{id}")
29
+ resp ? JSON.parse(resp.body) : false
30
+ end
31
+
32
+ def self.get_role_id(display_name)
33
+ i=0
34
+ found=false
35
+ roles = get_roles()
36
+ while !found and i < roles.length do
37
+ if roles[i]['display_name'] == display_name
38
+ found = roles[i]['id']
39
+ end
40
+ i+=1
41
+ end
42
+ found
43
+ end
44
+
45
+ # CREATE
46
+ def self.ensure_role(display_name, description, permissions=[], user_ids=[])
47
+ if get_role_id(display_name)
48
+ update_role(display_name, description, permissions, user_ids)
49
+ else
50
+ create_role(display_name, description, permissions, user_ids)
51
+ end
52
+ end
53
+
54
+ # https://docs.puppet.com/pe/latest/rbac_roles_v1.html#post-roles
55
+ def self.create_role(display_name, description=display_name, permissions=[], user_ids=[], group_ids=[])
56
+ role = {
57
+ "permissions" => permissions,
58
+ "user_ids" => Array(user_ids),
59
+ "group_ids" => Array(group_ids),
60
+ "display_name" => display_name,
61
+ "description" => description,
62
+ }
63
+ PeRbac::Core::request(:post, '/roles', role) ? true : false
64
+ end
65
+
66
+ def self.update_role(display_name, description=nil, permissions=nil, user_ids=nil, group_ids=nil)
67
+ role_id = get_role_id(display_name)
68
+ status = false
69
+ if role_id
70
+ role = get_role(role_id)
71
+ role['display_name'] = display_name ? display_name : role['display_name']
72
+ role['description'] = description ? display_name : role['description']
73
+ role['permissions'] = permissions ? permissions : role['permissions']
74
+ role['user_ids'] = user_ids ? Array(user_ids) : role['user_ids']
75
+ role['group_ids'] = group_ids ? Array(group_ids) : role['group_ids']
76
+
77
+ PeRbac::Core::request(:put, "/roles/#{role_id}", role)
78
+ status = true
79
+ end
80
+ status
81
+ end
82
+ end
83
+ end
@@ -0,0 +1,94 @@
1
+ #
2
+ # Copyright 2016 Geoff Williams for Puppet Inc.
3
+ #
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+ #
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+ #
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
16
+ require 'pe_rbac/core'
17
+ require 'pe_rbac/action'
18
+
19
+ module PeRbac
20
+ module User
21
+ def self.get_users
22
+ JSON.parse(PeRbac::Core::request(:get, '/users').body)
23
+ end
24
+
25
+ # get the user id for a login or false if missing
26
+ # eg 'admin' => '42bf351c-f9ec-40af-84ad-e976fec7f4bd'
27
+ def self.get_user_id(login)
28
+ users = get_users
29
+ id = false
30
+ i = 0
31
+ while !id and i < users.length do
32
+ if users[i]['login'] == login
33
+ id = users[i]['id']
34
+ end
35
+ i += 1
36
+ end
37
+ id
38
+ end
39
+
40
+ def self.get_user(id)
41
+ resp = PeRbac::Core::request(:get, "/users/#{id}")
42
+ resp ? JSON.parse(resp.body) : false
43
+ end
44
+
45
+ def self.ensure_user(login, email, display_name, password=nil, role_ids=[])
46
+ if get_user_id(login)
47
+ # existing user
48
+ update_user(login, email, display_name, role_ids)
49
+ if password
50
+ PeRbac::Action::reset_password(login, password)
51
+ end
52
+ else
53
+ # new user
54
+ create_user(login, email, display_name, password, role_ids)
55
+ end
56
+
57
+ end
58
+
59
+ def self.create_user(login, email, display_name, password=nil, role_ids=[])
60
+ # completely different to what the PE console sends... :/
61
+ # Elegantly convert role_ids to an array if it isn't one already
62
+ user={
63
+ "login" => login,
64
+ "email" => email,
65
+ "display_name" => display_name,
66
+ "role_ids" => Array(role_ids),
67
+ }
68
+
69
+ if password
70
+ user["password"] = password
71
+ end
72
+
73
+ PeRbac::Core::request(:post, '/users', user) ? true : false
74
+ end
75
+
76
+ def self.update_user(login, email=nil, display_name=nil, role_ids=nil, is_revoked=nil)
77
+ user = get_user(get_user_id(login))
78
+ status = false
79
+ if user
80
+ if ! user['remote']
81
+ # trade-off for auto id lookup is that you cant change logins...
82
+ user['login'] = login ? login : user['login']
83
+ user['email'] = email ? email : user['email']
84
+ user['display_name'] = display_name ? display_name : user['display_name']
85
+ end
86
+ user['role_ids'] = role_ids ? Array(role_ids) : user['role_ids']
87
+ user['is_revoked'] = (! is_revoked.nil?) ? is_revoked : user['is_revoked']
88
+
89
+ status = PeRbac::Core::request(:put, "/users/#{user['id']}", user) ? true : false
90
+ end
91
+ status
92
+ end
93
+ end
94
+ end
@@ -1,3 +1,18 @@
1
+ #
2
+ # Copyright 2016 Geoff Williams for Puppet Inc.
3
+ #
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+ #
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+ #
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
1
16
  module PeRbac
2
- VERSION = "0.3.1"
17
+ VERSION = "0.4.0"
3
18
  end
data/lib/pe_rbac.rb CHANGED
@@ -1,307 +1,24 @@
1
+ #
2
+ # Copyright 2016 Geoff Williams for Puppet Inc.
3
+ #
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+ #
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+ #
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
1
16
  require "pe_rbac/version"
2
17
  require 'restclient'
3
18
  require 'socket'
4
19
  require 'json'
5
20
 
6
21
  module PeRbac
7
- ssldir = '/etc/puppetlabs/puppet/ssl'
8
- fqdn = %x(facter fqdn).strip.downcase
9
- pe_old_pk = "#{ssldir}/private_keys/pe-internal-orchestrator.pem"
10
- pe_old_cert = "#{ssldir}/certs/pe-internal-orchestrator.pem"
11
- pe_new_pk = "#{ssldir}/private_keys/#{fqdn}.pem"
12
- pe_new_cert = "#{ssldir}/certs/#{fqdn}.pem"
13
-
14
- # pe 2016.4.0 removes the pe-internal-orchestrator.pem file but old systems
15
- # will still have the client cert (which won't work), so pick based on
16
- # using pe-internal-orchestrator.pem if its available
17
- if File.exist?(pe_old_pk)
18
- pk = pe_old_pk
19
- cert = pe_old_cert
20
- else
21
- pk = pe_new_pk
22
- cert = pe_new_cert
23
- end
24
-
25
- CONF = {
26
- host: Socket.gethostname.downcase,
27
- port: 4433,
28
- cert: cert,
29
- key: pk,
30
- cacert: ssldir + '/certs/ca.pem'
31
- }
32
-
33
22
  BASE_URI = '/rbac-api/v1'
34
23
 
35
- #
36
- # user
37
- #
38
-
39
- def self.get_users
40
- JSON.parse(_request(:get, '/users').body)
41
- end
42
-
43
- # get the user id for a login or false if missing
44
- # eg 'admin' => '42bf351c-f9ec-40af-84ad-e976fec7f4bd'
45
- def self.get_user_id(login)
46
- users = get_users
47
- id = false
48
- i = 0
49
- while !id and i < users.length do
50
- if users[i]['login'] == login
51
- id = users[i]['id']
52
- end
53
- i += 1
54
- end
55
- id
56
- end
57
-
58
- def self.get_user(id)
59
- JSON.parse(_request(:get, "/users/#{id}").body)
60
- end
61
-
62
- def self.ensure_user(login, email, display_name, password=nil, role_ids=[])
63
- if get_user_id(login)
64
- # existing user
65
- update_user(login, email, display_name, role_ids)
66
- if password
67
- change_password(login, password)
68
- end
69
- else
70
- # new user
71
- create_user(login, email, display_name, password, role_ids)
72
- end
73
-
74
- end
75
-
76
- def self.create_user(login, email, display_name, password=nil, role_ids=[])
77
- # completely different to what the PE console sends... :/
78
- user={
79
- "login" => login,
80
- "email" => email,
81
- "display_name" => display_name,
82
- "role_ids" => role_ids,
83
- }
84
-
85
- if password
86
- user["password"] = password
87
- end
88
-
89
- _request(:post, '/users', user)
90
- end
91
-
92
- def self.update_user(login, email=nil, display_name=nil, role_ids=nil, is_revoked=nil)
93
- user = get_user(get_user_id(login))
94
- if ! user['remote']
95
- # trade-off for auto id lookup is that you cant change logins...
96
- user['login'] = login ? login : user['login']
97
- user['email'] = email ? email : user['email']
98
- user['display_name'] = display_name ? display_name : user['display_name']
99
- end
100
- user['role_ids'] = role_ids ? role_ids : user['role_ids']
101
- user['is_revoked'] = (! is_revoked.nil?) ? is_revoked : user['is_revoked']
102
-
103
- _request(:put, "/users/#{user['id']}", user)
104
- end
105
-
106
- def self.change_password(login, new_password)
107
- token = _request(:post, "/users/#{get_user_id(login)}/password/reset").body
108
-
109
- reset = {
110
- "token" => token,
111
- "password" => new_password,
112
- }
113
-
114
- _request(:post, '/auth/reset', reset)
115
- end
116
-
117
- #
118
- # role
119
- #
120
- def self.get_roles
121
- JSON.parse(_request(:get, "/roles").body)
122
- end
123
-
124
- def self.get_role(id)
125
- JSON.parse(_request(:get, "/roles/#{id}").body)
126
- end
127
-
128
- def self.get_role_id(display_name)
129
- i=0
130
- found=false
131
- roles = get_roles()
132
- while !found and i < roles.length do
133
- if roles[i]['display_name'] == display_name
134
- found = roles[i]['id']
135
- end
136
- i+=1
137
- end
138
- found
139
- end
140
-
141
-
142
- # get the role id for a display name
143
- # eg ['Code Deployers', 'blah'] => [4,8]
144
- def self.get_role_ids(display_names)
145
- if ! display_names.is_a? Array
146
- display_names = [display_names]
147
- end
148
- roles = get_roles
149
- ids = []
150
- display_names.each { |display_name|
151
- found=get_role_id(display_name)
152
- #if !found
153
- # raise("RBAC role '#{display_name}' not found")
154
- #end
155
- if found
156
- ids.push(found)
157
- end
158
- }
159
- ids
160
- end
161
-
162
- # CREATE
163
- def self.ensure_role(display_name, description, permissions=[], user_ids=[])
164
- if get_role_id(display_name)
165
- update_role(display_name, description, permissions, user_ids)
166
- else
167
- create_role(display_name, description, permissions, user_ids)
168
- end
169
- end
170
-
171
- # https://docs.puppet.com/pe/latest/rbac_roles_v1.html#post-roles
172
- def self.create_role(display_name, description=display_name, permissions=[], user_ids=[], group_ids=[])
173
- role = {
174
- "permissions" => permissions,
175
- "user_ids" => user_ids,
176
- "group_ids" => group_ids,
177
- "display_name" => display_name,
178
- "description" => description,
179
- }
180
- _request(:post, '/roles', role)
181
- end
182
-
183
- def self.update_role(display_name, description=nil, permissions=nil, user_ids=nil, group_ids=nil)
184
- role_id = get_role_id(display_name)
185
- if role_id
186
- role = get_role(role_id)
187
- role['display_name'] = display_name ? display_name : role['display_name']
188
- role['description'] = description ? display_name : role['description']
189
- role['permissions'] = permissions ? permissions : role['permissions']
190
- role['user_ids'] = user_ids ? user_ids : role['user_ids']
191
- role['group_ids'] = group_ids ? group_ids : role['group_ids']
192
-
193
- _request(:put, "/roles/#{role_id}", role)
194
- else
195
- raise("No such role exists: #{display_name} create it first or use ensure_role")
196
- end
197
- end
198
-
199
-
200
- #
201
- # Permissions
202
- #
203
- def self.get_permissions()
204
- _request(:get, "/types")
205
- end
206
-
207
-
208
- #
209
- # Token
210
- #
211
- def self.token(login, password, lifetime=false)
212
- payload = {
213
- "login" => login,
214
- "password" => password,
215
- }
216
-
217
- # see https://docs.puppet.com/pe/latest/rbac_token_auth.html#setting-a-token-specific-lifetime
218
- if lifetime
219
- payload["lifetime"] = lifetime
220
- end
221
-
222
- JSON.parse(_request(:post, '/auth/token', payload))['token']
223
- end
224
-
225
- def self.login(login, password, lifetime=false)
226
- dirname = Dir.home + '/.puppetlabs'
227
- tokenfile = dirname + '/token'
228
- if ! Dir.exist?(dirname)
229
- Dir.mkdir(dirname, 0700)
230
- end
231
- File.write(tokenfile, token(login, password, lifetime))
232
- File.chmod(0600, tokenfile)
233
- end
234
-
235
- def self.reset_password(login, password)
236
- # lookup user id
237
- user_id = self.get_user_id(login)
238
- if user_id
239
- # get password reset token
240
- reset_token = _request(:post, "/users/#{user_id}/password/reset")
241
-
242
- # reset password
243
- _request(:post, '/auth/reset', {
244
- 'token' => reset_token,
245
- 'password' => password,
246
- })
247
- else
248
- Escort::Logger.error.error "No such user: #{login}"
249
- end
250
- end
251
-
252
- # return a new array of permissions, adding the permission `ensure` to the
253
- # existing permissions if required
254
- def self.merge_permissions(existing, ensure_perms)
255
- # duplicate existing array of hash
256
- permissions = existing.map do |e| e.dup end
257
-
258
- ensure_perms.each { |ensure_perm|
259
- ensure_perm_exists = false
260
- existing.each { |existing_perm|
261
- if existing_perm['object_type'] == ensure_perm['object_type'] and
262
- existing_perm['action'] == ensure_perm['action'] and
263
- existing_perm['instance'] == ensure_perm['instance']
264
- ensure_perm_exists = true
265
- end
266
- }
267
- if ! ensure_perm_exists
268
- permissions.push(ensure_perm)
269
- end
270
- }
271
-
272
- permissions
273
- end
274
-
275
- private
276
-
277
- def self._request(method, path, payload=nil, raw=false)
278
- url = "https://#{CONF[:host]}:#{CONF[:port]}#{BASE_URI}#{path}"
279
- if payload
280
- if raw
281
- _payload=payload
282
- else
283
- _payload=payload.to_json
284
- end
285
- else
286
- _payload=nil
287
- end
288
- begin
289
- RestClient::Request.execute(
290
- method: method,
291
- url: url,
292
- ssl_ca_file: CONF[:cacert],
293
- ssl_client_cert: OpenSSL::X509::Certificate.new(File.read(CONF[:cert])),
294
- ssl_client_key: OpenSSL::PKey::RSA.new(File.read(CONF[:key])),
295
- ssl_version: :TLSv1,
296
- headers: {:content_type => :json, :accept => :json},
297
- payload: _payload,
298
- )
299
- rescue RestClient::ExceptionWithResponse => e
300
- Escort::Logger.error.error url
301
- Escort::Logger.error.error _payload
302
- Escort::Logger.error.error e.response
303
- raise "API Error"
304
- end
305
- end
306
-
307
24
  end
data/pe_rbac.gemspec CHANGED
@@ -12,7 +12,7 @@ Gem::Specification.new do |spec|
12
12
  spec.summary = %q{Ruby API for Puppet Enterprise RBAC}
13
13
  spec.description = %q{Programatically do stuff with Puppet Enterprise RBAC}
14
14
  spec.homepage = "https://github.com/geoffwilliams/pe_rbac"
15
- spec.license = "MIT"
15
+ spec.license = "Apache 2.0"
16
16
 
17
17
  spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
18
18
  spec.bindir = "exe"
@@ -21,6 +21,16 @@ Gem::Specification.new do |spec|
21
21
 
22
22
  spec.add_development_dependency "bundler", "~> 1.12"
23
23
  spec.add_development_dependency "rake", "~> 10.0"
24
+ spec.add_development_dependency "sinatra", "1.4.7"
25
+ spec.add_development_dependency "webrick", "1.3.1"
26
+ spec.add_development_dependency "rack", "1.6.5"
27
+ spec.add_development_dependency "fakefs", "0.10.1"
28
+ spec.add_development_dependency "rspec", "~> 3.0"
29
+ spec.add_development_dependency 'simplecov', "0.12.0"
30
+
31
+ # required at runtime but provided by PE
32
+ spec.add_development_dependency "facter", "2.4.6"
33
+
24
34
 
25
35
  spec.add_runtime_dependency "rest-client", "2.0.0"
26
36
  spec.add_runtime_dependency "escort", "0.4.0"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pe_rbac
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.1
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Geoff Williams
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-01-09 00:00:00.000000000 Z
11
+ date: 2017-01-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -38,6 +38,104 @@ dependencies:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
40
  version: '10.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: sinatra
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - '='
46
+ - !ruby/object:Gem::Version
47
+ version: 1.4.7
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - '='
53
+ - !ruby/object:Gem::Version
54
+ version: 1.4.7
55
+ - !ruby/object:Gem::Dependency
56
+ name: webrick
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - '='
60
+ - !ruby/object:Gem::Version
61
+ version: 1.3.1
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - '='
67
+ - !ruby/object:Gem::Version
68
+ version: 1.3.1
69
+ - !ruby/object:Gem::Dependency
70
+ name: rack
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - '='
74
+ - !ruby/object:Gem::Version
75
+ version: 1.6.5
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - '='
81
+ - !ruby/object:Gem::Version
82
+ version: 1.6.5
83
+ - !ruby/object:Gem::Dependency
84
+ name: fakefs
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - '='
88
+ - !ruby/object:Gem::Version
89
+ version: 0.10.1
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - '='
95
+ - !ruby/object:Gem::Version
96
+ version: 0.10.1
97
+ - !ruby/object:Gem::Dependency
98
+ name: rspec
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: '3.0'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '3.0'
111
+ - !ruby/object:Gem::Dependency
112
+ name: simplecov
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - '='
116
+ - !ruby/object:Gem::Version
117
+ version: 0.12.0
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - '='
123
+ - !ruby/object:Gem::Version
124
+ version: 0.12.0
125
+ - !ruby/object:Gem::Dependency
126
+ name: facter
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - '='
130
+ - !ruby/object:Gem::Version
131
+ version: 2.4.6
132
+ type: :development
133
+ prerelease: false
134
+ version_requirements: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - '='
137
+ - !ruby/object:Gem::Version
138
+ version: 2.4.6
41
139
  - !ruby/object:Gem::Dependency
42
140
  name: rest-client
43
141
  requirement: !ruby/object:Gem::Requirement
@@ -75,6 +173,8 @@ extensions: []
75
173
  extra_rdoc_files: []
76
174
  files:
77
175
  - ".gitignore"
176
+ - ".rspec"
177
+ - ".travis.yml"
78
178
  - Gemfile
79
179
  - LICENSE.txt
80
180
  - README.md
@@ -84,11 +184,16 @@ files:
84
184
  - example.rb
85
185
  - exe/pe_rbac
86
186
  - lib/pe_rbac.rb
187
+ - lib/pe_rbac/action.rb
188
+ - lib/pe_rbac/core.rb
189
+ - lib/pe_rbac/permission.rb
190
+ - lib/pe_rbac/role.rb
191
+ - lib/pe_rbac/user.rb
87
192
  - lib/pe_rbac/version.rb
88
193
  - pe_rbac.gemspec
89
194
  homepage: https://github.com/geoffwilliams/pe_rbac
90
195
  licenses:
91
- - MIT
196
+ - Apache 2.0
92
197
  metadata: {}
93
198
  post_install_message:
94
199
  rdoc_options: []