skull_island 2.0.1 → 2.2.1

data/lib/skull_island/helpers/cli_erb.rb

@@ -12,8 +12,8 @@ module SkullIsland
       end
 
       # At this phase, we want to leave this alone...
-      def lookup(type, value)
-        "<%= lookup :#{type}, '#{value}' %>"
+      def lookup(type, value, raw = false)
+        "<%= lookup :#{type}, '#{value}', #{raw} %>"
       end
     end
   end

data/lib/skull_island/helpers/meta.rb

@@ -44,7 +44,7 @@ module SkullIsland
       end
 
       def project=(project_id)
-        unless project_id.is_a?(String) && project_id.match?(/^[\w_\-\.~]+$/)
+        unless project_id.is_a?(String) && project_id.match?(/^[\w_\-.~]+$/)
           raise Exceptions::InvalidArguments, 'project'
         end
 

data/lib/skull_island/helpers/resource.rb

@@ -16,6 +16,8 @@ module SkullIsland
 
       # rubocop:disable Style/GuardClause
       # rubocop:disable Security/Eval
+      # The delayed_set method allows a second phase of Erb templating immediately
+      # before sending data to the API. This allows the `lookup` function to work dynamically
       def delayed_set(property, data, key = property.to_s)
         if data[key]
           value = recursive_erubi(data[key])
@@ -27,11 +29,12 @@ module SkullIsland
       end
 
       def recursive_erubi(data)
-        if data.is_a?(String)
+        case data
+        when String
           eval(Erubi::Engine.new(data).src)
-        elsif data.is_a?(Array)
+        when Array
           data.map { |item| recursive_erubi(item) }
-        elsif data.is_a?(Hash)
+        when Hash
           data.map { |k, v| [k, recursive_erubi(v)] }.to_h
         else
           data
@@ -72,7 +75,7 @@ module SkullIsland
       end
 
       def host_regex
-        /^(([\w]|[\w][\w\-]*[\w])\.)*([\w]|[\w][\w\-]*[\w])$/
+        /^((\w|\w[\w\-]*\w)\.)*(\w|\w[\w\-]*\w)$/
       end
 
       def id_property
@@ -87,9 +90,8 @@ module SkullIsland
         self.class.immutable?
       end
 
-      # rubocop:disable Metrics/CyclomaticComplexity
       # rubocop:disable Metrics/PerceivedComplexity
-      def import_update_or_skip(verbose: false, test: false, index:)
+      def import_update_or_skip(index:, verbose: false, test: false)
         if find_by_digest
           puts "[INFO] Skipping #{self.class} index #{index} (#{id})" if verbose
         elsif test
@@ -102,22 +104,29 @@ module SkullIsland
           puts "[ERR] Failed to save #{self.class} index #{index}"
         end
       end
-      # rubocop:enable Metrics/CyclomaticComplexity
+
       # rubocop:enable Metrics/PerceivedComplexity
 
-      def lookup(type, value)
-        case type
-        when :consumer
-          { 'id' => Resources::Consumer.find(:username, value).id }
-        when :route
-          { 'id' => Resources::Route.find(:name, value).id }
-        when :service
-          { 'id' => Resources::Service.find(:name, value).id }
-        when :upstream
-          { 'id' => Resources::Upstream.find(:name, value).id }
-        else
-          raise Exceptions::InvalidArguments, "#{type} is not a valid lookup type"
-        end
+      # Looks up IDs (and usually wraps them in a Hash)
+      def lookup(type, value, raw = false)
+        id_value = case type
+                   when :ca_certificate
+                     Resources::CACertificate.find(:name, value).id
+                   when :certificate
+                     Resources::Certificate.find(:name, value).id
+                   when :consumer
+                     Resources::Consumer.find(:username, value).id
+                   when :route
+                     Resources::Route.find(:name, value).id
+                   when :service
+                     Resources::Service.find(:name, value).id
+                   when :upstream
+                     Resources::Upstream.find(:name, value).id
+                   else
+                     raise Exceptions::InvalidArguments, "#{type} is not a valid lookup type"
+                   end
+
+        raw ? id_value : { 'id' => id_value }
       end
 
       # ActiveRecord ActiveModel::Name compatibility method

data/lib/skull_island/resource.rb

@@ -57,9 +57,10 @@ module SkullIsland
         define_method(method_name) do |value|
           raise Exceptions::ImmutableModification if immutable?
 
-          if opts[:validate]
-            raise Exceptions::InvalidArguments, name unless send("validate_#{name}".to_sym, value)
+          if opts[:validate] && !send("validate_#{name}".to_sym, value)
+            raise Exceptions::InvalidArguments, name
           end
+
           @entity[name.to_s] = if opts[:preprocess]
                                  send("preprocess_#{name}".to_sym, value)
                                else
@@ -121,7 +122,7 @@ module SkullIsland
       )
     end
 
-    def self.from_hash(hash)
+    def self.from_hash(hash, options = {})
       # TODO: better options validations
       raise Exceptions::InvalidOptions unless options.is_a?(Hash)
 
@@ -179,8 +180,10 @@ module SkullIsland
       )
     end
 
-    def self.cleanup_except(project, keep_these)
-      where(:project, project).reject { |res| keep_these.include?(res.id) }.map do |res|
+    def self.cleanup_except(project, keep_these, from_these = nil)
+      old_resources = from_these || where(:project, project)
+
+      old_resources.reject { |res| keep_these.include?(res.id) }.map do |res|
         puts "[WARN] ! Removing #{name} (#{res.id})"
         res.destroy
       end

data/lib/skull_island/resource_collection.rb

@@ -161,9 +161,10 @@ module SkullIsland
     #   use #merge
     # @return [ResourceCollection]
     def +(other)
-      if other.is_a?(self.class)
+      case other
+      when self.class
         self.class.new(@list + other.to_a, type: @type, api_client: @api_client)
-      elsif other.is_a?(@type)
+      when @type
         self.class.new(@list + [other], type: @type, api_client: @api_client)
       else
         raise Exceptions::InvalidArguments
@@ -171,7 +172,7 @@ module SkullIsland
     end
 
     def <<(other)
-      raise Exceptions::InvalidArguments, 'Resource Type Mismatch' unless other.class == @type
+      raise Exceptions::InvalidArguments, 'Resource Type Mismatch' unless other.instance_of?(@type)
 
       @list << other
     end

data/lib/skull_island/resources/ca_certificate.rb

@@ -12,7 +12,10 @@ module SkullIsland
       property :cert, required: true, validate: true
       property :created_at, read_only: true, postprocess: true
       property :tags, validate: true, preprocess: true, postprocess: true
+      # property :name
 
+      # rubocop:disable Metrics/CyclomaticComplexity
+      # rubocop:disable Metrics/PerceivedComplexity
       def self.batch_import(data, verbose: false, test: false, project: nil, time: nil)
         raise(Exceptions::InvalidArguments) unless data.is_a?(Array)
 
@@ -22,6 +25,7 @@ module SkullIsland
           resource = new
           resource.delayed_set(:cert, resource_data)
           resource.tags = resource_data['tags'] if resource_data['tags']
+          resource.name = resource_data['name'] if resource_data['name']
           resource.project = project if project
           resource.import_time = (time || Time.now.utc.to_i) if project
           resource.import_update_or_skip(index: index, verbose: verbose, test: test)
@@ -29,11 +33,16 @@ module SkullIsland
         end
 
         cleanup_except(project, known_ids) if project
+
+        known_ids
       end
+      # rubocop:enable Metrics/CyclomaticComplexity
+      # rubocop:enable Metrics/PerceivedComplexity
 
       def export(options = {})
         hash = { 'cert' => cert }
         hash['tags'] = tags unless tags.empty?
+        hash['name'] = name if name
         [*options[:exclude]].each do |exclude|
           hash.delete(exclude.to_s)
         end
@@ -46,10 +55,19 @@ module SkullIsland
       def modified_existing?
         return false unless new?
 
-        # Find CA certs of the same cert
-        same_cert = self.class.where(:cert, cert)
+        # Find CA certs of the same "name"
+        if name
+          same_name = self.class.where(:name, name)
+
+          existing = same_name.size == 1 ? same_name.first : nil
+        end
 
-        existing = same_cert.size == 1 ? same_cert.first : nil
+        unless existing
+          # Find CA certs of the same cert
+          same_cert = self.class.where(:cert, cert)
+
+          existing = same_cert.size == 1 ? same_cert.first : nil
+        end
 
         if existing
           @entity['id'] = existing.id
@@ -59,6 +77,16 @@ module SkullIsland
         end
       end
 
+      # Simulates retrieving a #name property via a tag
+      def name
+        metatags['name']
+      end
+
+      # Simulates setting a #name property via a tag
+      def name=(value)
+        add_meta('name', value.to_s)
+      end
+
       private
 
       # Used to validate {#cert} on set

data/lib/skull_island/resources/certificate.rb

@@ -12,11 +12,12 @@ module SkullIsland
       property :cert, required: true, validate: true
       property :key, required: true, validate: true
       property :snis, validate: true
+      # property :name
       property :created_at, read_only: true, postprocess: true
       property :tags, validate: true, preprocess: true, postprocess: true
 
-      # rubocop:disable Metrics/CyclomaticComplexity
       # rubocop:disable Metrics/PerceivedComplexity
+      # rubocop:disable Metrics/CyclomaticComplexity
       def self.batch_import(data, verbose: false, test: false, project: nil, time: nil)
         raise(Exceptions::InvalidArguments) unless data.is_a?(Array)
 
@@ -28,6 +29,7 @@ module SkullIsland
           resource.delayed_set(:key, resource_data)
           resource.snis = resource_data['snis'] if resource_data['snis']
           resource.tags = resource_data['tags'] if resource_data['tags']
+          resource.name = resource_data['name'] if resource_data['name']
           resource.project = project if project
           resource.import_time = (time || Time.now.utc.to_i) if project
           resource.import_update_or_skip(index: index, verbose: verbose, test: test)
@@ -35,14 +37,18 @@ module SkullIsland
         end
 
         cleanup_except(project, known_ids) if project
+
+        known_ids
       end
-      # rubocop:enable Metrics/CyclomaticComplexity
       # rubocop:enable Metrics/PerceivedComplexity
+      # rubocop:enable Metrics/CyclomaticComplexity
 
+      # rubocop:disable Metrics/AbcSize
       def export(options = {})
         hash = { 'cert' => cert, 'key' => key }
         hash['snis'] = snis if snis && !snis.empty?
         hash['tags'] = tags unless tags.empty?
+        hash['name'] = name if name
         [*options[:exclude]].each do |exclude|
           hash.delete(exclude.to_s)
         end
@@ -51,14 +57,24 @@ module SkullIsland
         end
         hash.reject { |_, value| value.nil? }
       end
+      # rubocop:enable Metrics/AbcSize
 
       def modified_existing?
         return false unless new?
 
-        # Find certs of the same cert and key
-        same_key = self.class.where(:key, key)
+        # Find certs of the same "name"
+        if name
+          same_name = self.class.where(:name, name)
+
+          existing = same_name.size == 1 ? same_name.first : nil
+        end
 
-        existing = same_key.size == 1 ? same_key.first : nil
+        unless existing
+          # Find certs of the same cert and key
+          same_key = self.class.where(:key, key)
+
+          existing = same_key.size == 1 ? same_key.first : nil
+        end
 
         if existing
           @entity['id'] = existing.id
@@ -68,6 +84,16 @@ module SkullIsland
         end
       end
 
+      # Simulates retrieving a #name property via a tag
+      def name
+        metatags['name']
+      end
+
+      # Simulates setting a #name property via a tag
+      def name=(value)
+        add_meta('name', value.to_s)
+      end
+
       private
 
       # Used to validate {#cert} on set

data/lib/skull_island/resources/consumer.rb

@@ -60,7 +60,7 @@ module SkullIsland
 
           known_acls = AccessControlList.batch_import(
             (
-              resource_data.dig('acls') || []
+              resource_data['acls'] || []
             ).map { |t| t.merge('consumer' => { 'id' => resource.id }) },
             verbose: verbose,
             test: test
@@ -95,6 +95,8 @@ module SkullIsland
         # rubocop:enable Metrics/BlockLength
 
         cleanup_except(project, known_ids) if project
+
+        known_ids
       end
       # rubocop:enable Metrics/MethodLength
 
@@ -103,9 +105,10 @@ module SkullIsland
       end
 
       def add_acl!(details)
-        r = if details.is_a?(AccessControlList)
+        r = case details
+            when AccessControlList
               details
-            elsif details.is_a?(String)
+            when String
               resource = AccessControlList.new(api_client: api_client)
               resource.group = details
               resource
@@ -162,6 +165,7 @@ module SkullIsland
         Plugin.where(:consumer, self, api_client: api_client)
       end
 
+      # rubocop:disable Metrics/AbcSize
       def export(options = {})
         hash = { 'username' => username, 'custom_id' => custom_id }
         creds = credentials_for_export
@@ -176,6 +180,7 @@ module SkullIsland
         end
         hash.reject { |_, value| value.nil? }
       end
+      # rubocop:enable Metrics/AbcSize
 
       def modified_existing?
         return false unless new?

data/lib/skull_island/resources/jwt_credential.rb

@@ -48,6 +48,7 @@ module SkullIsland
         consumer ? "#{consumer.relative_uri}/jwt" : nil
       end
 
+      # rubocop:disable Metrics/AbcSize
       def export(options = {})
         hash = { 'algorithm' => algorithm }
         hash['key'] = key if key
@@ -62,6 +63,7 @@ module SkullIsland
         end
         hash.reject { |_, value| value.nil? }
       end
+      # rubocop:enable Metrics/AbcSize
 
       # Keys can't be updated, only created or deleted
       def modified_existing?
@@ -102,9 +104,10 @@ module SkullIsland
       end
 
       # Used to validate {#algorithm} on set
+      # @see https://github.com/Kong/kong/blob/master/kong/plugins/jwt/daos.lua#L29
       def validate_algorithm(value)
         # allow a String
-        %w[HS256 HS384 HS512 RS256 ES256].include? value
+        %w[HS256 HS384 HS512 RS256 RS512 ES256].include? value
       end
 
       # Used to validate {#key} on set

data/lib/skull_island/resources/plugin.rb

@@ -21,6 +21,7 @@ module SkullIsland
 
       # rubocop:disable Metrics/CyclomaticComplexity
       # rubocop:disable Metrics/PerceivedComplexity
+      # rubocop:disable Metrics/AbcSize
       def self.batch_import(data, verbose: false, test: false, project: nil, time: nil)
         raise(Exceptions::InvalidArguments) unless data.is_a?(Array)
 
@@ -43,9 +44,12 @@ module SkullIsland
         end
 
         cleanup_except(project, known_ids) if project
+
+        known_ids
       end
       # rubocop:enable Metrics/CyclomaticComplexity
       # rubocop:enable Metrics/PerceivedComplexity
+      # rubocop:enable Metrics/AbcSize
 
       def self.enabled_names(api_client: APIClient.instance)
         api_client.get("#{relative_uri}/enabled")['enabled_plugins']
@@ -121,14 +125,15 @@ module SkullIsland
       end
 
       def postprocess_consumer(value)
-        if value.is_a?(Hash)
+        case value
+        when Hash
           Consumer.new(
             entity: value,
             lazy: true,
             tainted: false,
             api_client: api_client
           )
-        elsif value.is_a?(String)
+        when String
           Consumer.new(
             entity: { 'id' => value },
             lazy: true,
@@ -141,9 +146,10 @@ module SkullIsland
       end
 
       def preprocess_consumer(input)
-        if input.is_a?(Hash)
+        case input
+        when Hash
           input
-        elsif input.is_a?(Consumer)
+        when Consumer
           { 'id' => input.id }
         else
           input
@@ -151,14 +157,15 @@ module SkullIsland
       end
 
       def postprocess_route(value)
-        if value.is_a?(Hash)
+        case value
+        when Hash
           Route.new(
             entity: value,
             lazy: true,
             tainted: false,
             api_client: api_client
           )
-        elsif value.is_a?(String)
+        when String
           Route.new(
             entity: { 'id' => value },
             lazy: true,
@@ -171,9 +178,10 @@ module SkullIsland
       end
 
       def preprocess_route(input)
-        if input.is_a?(Hash)
+        case input
+        when Hash
           input
-        elsif input.is_a?(Route)
+        when Route
           { 'id' => input.id }
         else
           input
@@ -181,14 +189,15 @@ module SkullIsland
       end
 
       def postprocess_service(value)
-        if value.is_a?(Hash)
+        case value
+        when Hash
           Service.new(
             entity: value,
             lazy: true,
             tainted: false,
             api_client: api_client
           )
-        elsif value.is_a?(String)
+        when String
           Service.new(
             entity: { 'id' => value },
             lazy: true,
@@ -201,9 +210,10 @@ module SkullIsland
       end
 
       def preprocess_service(input)
-        if input.is_a?(Hash)
+        case input
+        when Hash
           input
-        elsif input.is_a?(Service)
+        when Service
           { 'id' => input.id }
         else
           input