puppetclassify 0.1.5 → 0.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 523f6019b4d5b7deb67a65980e47f0be7f049b29
-  data.tar.gz: fc27b32eafa867ffabc950a03ec04ec42d2e5878
+  metadata.gz: 7a263281371dfe1516c40c60aa682e5de078a4b7
+  data.tar.gz: ff35572dea53621a79790ed5e6bf91b65a8ba257
 SHA512:
-  metadata.gz: 7a9c9cc102ffe563c6237adbdd7b9e389c96103147f2b8126761acf73e6c871cbf906499c57541909c24e412b7c5a240dc8ea815116b8fb3b4572e138e2e212a
-  data.tar.gz: f6667db9fd1432e0852c0624f7d1b2899639501228eb4e5da68af248098d507ff640f67b7d22d5ad4a186c8bf8e846cfcdb170e38ef29a5e2b3213d29af44612
+  metadata.gz: c6ef8817dcd5d0c829573a52db46db2d6e5a4645289dae740544604d46b9a433bc817e664a9e98550fc0e30da35985fcb48f0b20983fa1a604e0fbaac6b1f76a
+  data.tar.gz: 044d06e59b36d1d86ade763648a8aff7784f5ee645e8cd3ddb26b8dcc07a540bdd2a79c0b0024734c30795d49a9efe547ecc3b7c49219db28fb521fb1b0532cf

data/README.md

@@ -25,7 +25,7 @@ Tickets: Open an issue or pull request directly on this repository
 
 ## How to use
 
-Here is the basic configuration you'll need to use the puppetclassify class:
+Here is the basic configuration you'll need to use the puppetclassify class with certificate auth:
 
 ```ruby
 require 'puppetclassify'
@@ -41,6 +41,33 @@ classifier_url = 'https://puppetmaster.local:4433/classifier-api'
 puppetclassify = PuppetClassify.new(classifier_url, auth_info)
 ```
 
+You can also use token auth by either supplying a path to a token file:
+
+```ruby
+auth_info = {
+  "ca_certificate_path" => "/etc/puppetlabs/puppet/ssl/certs/ca.pem",
+  "token_path"          => "/home/sam/.puppetlabs/token",
+}
+```
+
+Or by specifying a token string directly:
+
+```ruby
+token = 'eyJhbGciOiJSUzUxM....'
+auth_info = {
+  "ca_certificate_path" => "/etc/puppetlabs/puppet/ssl/certs/ca.pem",
+  "token"               => token,
+}
+```
+
+If you have a token file at `~/.puppetlabs/token` then you can make use of it by not specifying any authentication info, ie:
+
+```ruby
+auth_info = {
+  "ca_certificate_path" => "/etc/puppetlabs/puppet/ssl/certs/ca.pem",
+}
+```
+
 ### Basic case
 
 If you are wanting to get all of the groups the classifier knows about:

data/lib/puppet_https.rb

@@ -2,38 +2,82 @@ require 'uri'
 require 'net/https'
 
 class PuppetHttps
+  attr_reader :auth_method, :token_path
+
   def initialize(settings)
     # Settings hash:
     #   - ca_certificate_path
-    #   - certificate_path
-    #   - private_key_path
-    #   - read_timeout
+    #   - certificate_path (optional)
+    #   - private_key_path (optional)
+    #   - read_timeout (optional)
+    #   - token_path (default: $HOME/.puppetlabs/token)
+    #   - token (optional, takes precedence over token_path)
+    #
+    #   token auth takes precedence over cert auth (in the case that both methods are provided)
+
+    default_token_path = File.join(ENV['HOME'], '.puppetlabs', 'token')
+
+    ca_cert_path = settings['ca_certificate_path']
+    cert_path    = settings['certificate_path']
+    pkey_path    = settings['private_key_path']
+
+    @ca_file      = settings['ca_certificate_path'] if ca_cert_path and File.exists?(ca_cert_path)
+    @read_timeout = settings['read_timeout'] || 90 # A default timeout value in seconds
+
+    @auth_method = case
+      when (settings['token'] or settings['token_path'])
+        'token'
+      when (cert_path and pkey_path)
+        'cert'
+      when File.exists?(default_token_path)
+        'token'
+      else
+        nil
+      end
+
+    unless @auth_method
+      raise RuntimeError, "No authentication methods available."
+    end
+
+    case @auth_method
+    when 'token'
+      @token      = settings['token']
+      @token_path = (settings['token_path'] || default_token_path) unless @token
+      # Make sure we have a token and it's not empty
+      case
+      when (@token and @token.empty?)
+        raise RuntimeError, "Received an empty string for token"
+      when (not @token and not File.exists?(@token_path))
+        raise RuntimeError, "Token file not found at [#{@token_path}]"
+      when (not @token and File.zero?(@token_path))
+        raise RuntimeError, "Token file at [#{@token_path}] is empty"
+      end
+    when 'cert'
+      if File.exists?(cert_path) and File.exists?(pkey_path)
+        @cert = OpenSSL::X509::Certificate.new(File.read(cert_path))
+        @key  = OpenSSL::PKey::RSA.new(File.read(pkey_path))
+      else
+        raise RuntimeError, "Certificate auth requested but certificate or private key cannot be found."
+      end
+    end
+
 
-    @settings = settings
   end
 
   def make_ssl_request(url, req)
     connection = Net::HTTP.new(url.host, url.port)
-    # connection.set_debug_output $stderr
-    connection.use_ssl = true
-    connection.ssl_version = :TLSv1
-    connection.read_timeout = @settings['read_timeout'] || 90 #A default timeout value in seconds
 
-    connection.verify_mode = OpenSSL::SSL::VERIFY_PEER
-    ca_file = @settings['ca_certificate_path']
-    certpath = @settings['certificate_path']
-    pkey_path = @settings['private_key_path']
-
-    if File.exists?(ca_file)
-      connection.ca_file = ca_file
-    end
+    # connection.set_debug_output $stderr
 
-    if File.exists?(certpath)
-      connection.cert = OpenSSL::X509::Certificate.new(File.read(certpath))
-    end
+    connection.use_ssl      = true
+    connection.ssl_version  = :TLSv1
+    connection.verify_mode  = OpenSSL::SSL::VERIFY_PEER
+    connection.ca_file      = @ca_file if @ca_file
+    connection.read_timeout = @read_timeout
 
-    if File.exists?(pkey_path)
-      connection.key = OpenSSL::PKey::RSA.new(File.read(pkey_path))
+    if @auth_method == 'cert'
+      connection.cert = @cert
+      connection.key  = @key
     end
 
     connection.start { |http| http.request(req) }
@@ -41,7 +85,7 @@ class PuppetHttps
 
   def put(url, request_body=nil)
     url = URI.parse(url)
-    req = Net::HTTP::Put.new(url.path)
+    req = Net::HTTP::Put.new(url.path, self.auth_header)
     req.content_type = 'application/json'
 
     unless request_body.nil?
@@ -54,7 +98,7 @@ class PuppetHttps
   def get(url)
     url = URI.parse(url)
     accept = 'application/json'
-    req = Net::HTTP::Get.new("#{url.path}?#{url.query}", "Accept" => accept)
+    req = Net::HTTP::Get.new("#{url.path}?#{url.query}", {"Accept" => accept}.merge(self.auth_header))
     res = make_ssl_request(url, req)
     res
   end
@@ -62,7 +106,7 @@ class PuppetHttps
   def post(url, request_body=nil)
     url = URI.parse(url)
 
-    request = Net::HTTP::Post.new(url.request_uri)
+    request = Net::HTTP::Post.new(url.request_uri, self.auth_header)
     request.content_type = 'application/json'
 
     unless request_body.nil?
@@ -76,10 +120,26 @@ class PuppetHttps
   def delete(url)
     url = URI.parse(url)
 
-    request = Net::HTTP::Delete.new(url.request_uri)
+    request = Net::HTTP::Delete.new(url.request_uri, self.auth_header)
     request.content_type = 'application/json'
 
     res = make_ssl_request(url, request)
     res
   end
+
+  #private
+
+  def token
+    return @token if @token
+    if @token_path and File.exists?(@token_path)
+      @token = File.read(@token_path)
+      return @token
+    end
+    return nil
+  end
+
+  def auth_header
+    token  = self.token
+    header = token ? {"X-Authentication" => token} : {}
+  end
 end

metadata

@@ -1,17 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: puppetclassify
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.6
 platform: ruby
 authors:
-- Brian Cain
+- Puppet Labs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-30 00:00:00.000000000 Z
+date: 2017-05-15 00:00:00.000000000 Z
 dependencies: []
 description: A ruby library to interface with the classifier service
-email: brian.cain@puppetlabs.com
+email: info@puppet.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -50,7 +50,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.2.5
 signing_key: 
 specification_version: 4
 summary: Puppet Classify!