skull_island 1.1.1 → 1.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2599c9fbc76abcc4be21923b95477c784515165c3891aa5155d7a9d88c5c887b
-  data.tar.gz: df6f3715f49a4a6cb09118bd446f1c7097fa7d0228dfce497e7396e63921e13c
+  metadata.gz: 0cadf0fd8b018522876070d358219f78a94ee7fe5ff94efe1045a961758783ba
+  data.tar.gz: 1fb907a4a66a77c9c22ff58ad5c1544001e124c49e8c34610dbcbadaf86da2df
 SHA512:
-  metadata.gz: 70be200f4e3721d42c820176d16350e705c40c38254876322181a1509538b0e7612156fbb2ddb29b9a8bdfab522ec8452046b346a2fe059a3bd838f4f2c578bc
-  data.tar.gz: 7c426dfbf53dbb080ed5211c14ce22b0d5ef78aa06a8e27c1fd1d91b1534065f77554ffc93edc56728fec870aa8bdd591ed10d1fcadf454c4372f897e16f03bf
+  metadata.gz: 8324088d97171e7c91205b09f219391827542b23e8635b06f77793b6cff7e86ec1dab1a0d431f25a8d39b03dff38344db961f4cf8944dac9be9d23a470a23c93
+  data.tar.gz: 876b5971f3955f88baa89dbb2f6395e52130a0b58625ad56f6d38c08402dba437760d7fa4e3dd4769b4bf0a43942717314065a717b13ecd7be8fd5fb52f7dfa6

data/.rubocop.yml

@@ -8,10 +8,10 @@ Metrics/LineLength:
   Max: 100
 
 Metrics/ClassLength:
-  Max: 170
+  Max: 175
 
 Metrics/ModuleLength:
-  Max: 170
+  Max: 175
   Exclude:
     - 'lib/skull_island/helpers/resource.rb'
 

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    skull_island (1.1.1)
+    skull_island (1.1.2)
       deepsort (~> 0.4)
       erubi (~> 1.8)
       json (~> 2.1)

data/README.md

@@ -318,10 +318,10 @@ From here, the SDK mostly wraps the attributes described in the [Kong API Docs](
 resource = Resources::Certificate.new
 
 # These attributes can be set and read
-resource.cert = '-----BEGIN CERTIFICATE-----...'    # PEM-encoded public key
+resource.cert = '-----BEGIN CERTIFICATE-----...'     # PEM-encoded public key
 resource.key  = '-----BEGIN RSA PRIVATE KEY-----...' # PEM-encoded private key
-resource.snis = ['example.com', 'example.org']      # Array of names for which this cert is valid
-
+resource.snis = ['example.com', 'example.org']       # Array of names for which this cert is valid
+resource.tags = ['production', 'example']            # Array of tags
 resource.save
 
 # These attributes are read-only
@@ -333,14 +333,15 @@ resource.created_at
 
 #### Consumers (and their Credentials)
 
-Note that for Consumer credentials, only [`key-auth`](https://docs.konghq.com/hub/kong-inc/key-auth/) and [`basic-auth`](https://docs.konghq.com/hub/kong-inc/basic-auth/) are currently supported.
+Note that for Consumer credentials, only [`key-auth`](https://docs.konghq.com/hub/kong-inc/key-auth/), [`jwt`](https://docs.konghq.com/hub/kong-inc/jwt/), and [`basic-auth`](https://docs.konghq.com/hub/kong-inc/basic-auth/) are currently supported.
 
 ```ruby
 resource = Resources::Consumer.new
 
 # These attributes can be set and read
-resource.custom_id = 'user1' # A string
-resource.username  = 'user1' # A string
+resource.custom_id = 'user1'              # A string
+resource.username  = 'user1'              # A string
+resource.tags = ['production', 'example'] # Array of tags
 
 resource.save
 
@@ -375,9 +376,10 @@ Note that this doesn't _install_ plugins; it only allows using them.
 resource = Resources::Plugin.new
 
 # These attributes can be set and read
-resource.name     = 'rate-limiting' # The name of the plugin
-resource.enabled  = true            # A Boolean
+resource.name     = 'rate-limiting'                    # The name of the plugin
+resource.enabled  = true                               # A Boolean
 resource.config   = { 'minute' => 50, 'hour' => 1000 } # A Hash of config keys and values
+resource.tags = ['production', 'example']              # Array of tags
 
 # Either reference related resources by ID
 resource.service  = { 'id' => '5fd1z584-1adb-40a5-c042-63b19db49x21' }
@@ -418,6 +420,7 @@ Resources::Plugin.schema('acl')
 resource = Resources::Route.new
 
 # These attributes can be set and read
+resource.name           = 'example_route'
 resource.hosts          = ['example.com', 'example.org']
 resource.protocols      = ['https']
 resource.methods        = ['GET', 'POST']
@@ -425,6 +428,19 @@ resource.paths          = ['/some/path']
 resource.regex_priority = 10
 resource.strip_path     = false
 resource.preserve_host  = true
+resource.tags = ['production', 'example']
+
+# Or, for TCP/TLS routes
+resource.protocols    = ['tcp', 'tls']
+resource.sources      = [
+  { "ip" => "10.1.0.0/16", "port" => 1234 }
+]
+resource.destinations = [
+  { "ip" => "10.1.0.0/16", "port" => 1234 },
+  { "ip" => "10.2.2.2" },
+  { "port" => 9123 }
+]
+resource.snis         = ['example.com', 'example.org']
 
 # Either reference related resources by ID
 resource.service = { 'id' => '4e13f54a-bbf1-47a8-8777-255fed7116f2' }
@@ -461,6 +477,7 @@ resource.name            = 'example-service'
 resource.retries         = 10
 resource.read_timeout    = 60000
 resource.write_timeout   = 60000
+resource.tags = ['production', 'example']
 
 resource.save
 
@@ -513,6 +530,7 @@ resource.healthchecks  = {
     }
   }
 }
+resource.tags = ['production', 'example']
 
 resource.save
 

data/lib/skull_island/resource.rb

@@ -5,7 +5,7 @@ module SkullIsland
   # TODO: Thread safety
   class Resource
     attr_accessor :api_client
-    attr_reader :errors
+    attr_reader :errors, :entity
 
     include Comparable
     include Validations::Resource

data/lib/skull_island/resources/consumer.rb

@@ -30,6 +30,14 @@ module SkullIsland
             test: test
           )
 
+          JWTCredential.batch_import(
+            (
+              resource_data.dig('credentials', 'jwt') || []
+            ).map { |t| t.merge('consumer' => { 'id' => resource.id }) },
+            verbose: verbose,
+            test: test
+          )
+
           KeyauthCredential.batch_import(
             (
               resource_data.dig('credentials', 'key-auth') || []
@@ -41,9 +49,19 @@ module SkullIsland
       end
 
       # Convenience method to add upstream targets
+      # rubocop:disable Metrics/AbcSize
+      # rubocop:disable Metrics/CyclomaticComplexity
+      # rubocop:disable Metrics/PerceivedComplexity
       def add_credential!(details)
-        r = if [BasicauthCredential, KeyauthCredential].include? details.class
+        r = if [BasicauthCredential, JWTCredential, KeyauthCredential].include? details.class
               details
+            elsif details.is_a?(Hash) && details.key?(:algorithm)
+              cred = JWTCredential.new(api_client: api_client)
+              cred.algorithm = details[:algorithm]
+              cred.key = details[:key] if details[:key]
+              cred.secret = details[:secret] if details[:secret]
+              cred.rsa_public_key = details[:rsa_public_key] if details[:rsa_public_key]
+              cred
             elsif details.is_a?(Hash) && details.key?(:key)
               cred = KeyauthCredential.new(api_client: api_client)
               cred.key = details[:key]
@@ -58,6 +76,9 @@ module SkullIsland
         r.consumer = self
         r.save
       end
+      # rubocop:enable Metrics/AbcSize
+      # rubocop:enable Metrics/CyclomaticComplexity
+      # rubocop:enable Metrics/PerceivedComplexity
 
       def credentials
         creds = {}
@@ -65,6 +86,8 @@ module SkullIsland
         creds['key-auth'] = keyauth_creds if keyauth_creds
         basicauth_creds = BasicauthCredential.where(:consumer, self, api_client: api_client)
         creds['basic-auth'] = basicauth_creds if basicauth_creds
+        jwt_creds = JWTCredential.where(:consumer, self, api_client: api_client)
+        creds['jwt'] = jwt_creds if jwt_creds
         creds
       end
 
@@ -112,6 +135,11 @@ module SkullIsland
             cred.export(exclude: 'consumer')
           end
         end
+        unless credentials['jwt'].empty?
+          creds['jwt'] = credentials['jwt'].collect do |cred|
+            cred.export(exclude: 'consumer')
+          end
+        end
         unless credentials['basic-auth'].empty?
           creds['basic-auth'] = credentials['basic-auth'].collect do |cred|
             cred.export(exclude: 'consumer')

data/lib/skull_island/resources/jwt_credential.rb

@@ -0,0 +1,121 @@
+# frozen_string_literal: true
+
+module SkullIsland
+  # Resource classes go here...
+  module Resources
+    # The JWTCredential resource class
+    #
+    # @see https://docs.konghq.com/hub/kong-inc/jwt/ JWT Authentication details
+    class JWTCredential < Resource
+      property :algorithm, required: true, validate: true
+      property :key, validate: true
+      property :secret, validated: true
+      property :rsa_public_key, validated: true
+      property(
+        :consumer,
+        required: true, validate: true, preprocess: true, postprocess: true
+      )
+      property :created_at, read_only: true, postprocess: true
+
+      def self.batch_import(data, verbose: false, test: false)
+        raise(Exceptions::InvalidArguments) unless data.is_a?(Array)
+
+        data.each_with_index do |resource_data, index|
+          resource = new
+          resource.algorithm = resource_data['algorithm']
+          resource.key = resource_data['key'] if resource_data['key']
+          resource.secret = resource_data['secret'] if resource_data['secret']
+          if resource_data['rsa_public_key']
+            resource.rsa_public_key = resource_data['rsa_public_key']
+          end
+          resource.delayed_set(:consumer, resource_data, 'consumer')
+          resource.import_update_or_skip(index: index, verbose: verbose, test: test)
+        end
+      end
+
+      def self.relative_uri
+        'jwts'
+      end
+
+      def relative_uri
+        consumer ? "#{consumer.relative_uri}/jwt/#{id}" : nil
+      end
+
+      def save_uri
+        consumer ? "#{consumer.relative_uri}/jwt" : nil
+      end
+
+      def export(options = {})
+        hash = { 'algorithm' => algorithm }
+        hash['key'] = key if key
+        hash['secret'] = secret if secret
+        hash['rsa_public_key'] = rsa_public_key if rsa_public_key
+        hash['consumer'] = "<%= lookup :consumer, '#{consumer.username}' %>" if consumer
+        [*options[:exclude]].each do |exclude|
+          hash.delete(exclude.to_s)
+        end
+        [*options[:include]].each do |inc|
+          hash[inc.to_s] = send(inc.to_sym)
+        end
+        hash.reject { |_, value| value.nil? }
+      end
+
+      # Keys can't be updated, only created or deleted
+      def modified_existing?
+        false
+      end
+
+      private
+
+      def postprocess_consumer(value)
+        if value.is_a?(Hash)
+          Consumer.new(
+            entity: value,
+            lazy: true,
+            tainted: false
+          )
+        else
+          value
+        end
+      end
+
+      def preprocess_consumer(input)
+        if input.is_a?(Hash)
+          input
+        else
+          { 'id' => input.id }
+        end
+      end
+
+      # Used to validate {#consumer} on set
+      def validate_consumer(value)
+        # allow either a Consumer object or a Hash
+        value.is_a?(Consumer) || value.is_a?(Hash)
+      end
+
+      # Used to validate {#algorithm} on set
+      def validate_algorithm(value)
+        # allow a String
+        %w[HS256 HS384 HS512 RS256 ES256].include? value
+      end
+
+      # Used to validate {#key} on set
+      def validate_key(value)
+        # allow a String
+        value.is_a?(String)
+      end
+
+      # Used to validate {#secret} on set
+      def validate_secret(value)
+        # allow a String
+        value.is_a?(String)
+      end
+
+      # Used to validate {#rsa_public_key} on set
+      def validate_rsa_public_key(value)
+        # allow a String
+        value.is_a?(String)
+      end
+    end
+  end
+end

data/lib/skull_island/resources/plugin.rb

@@ -42,6 +42,10 @@ module SkullIsland
         api_client.get("#{relative_uri}/schema/#{name}")
       end
 
+      def digest_properties
+        super.reject { |k| %i[run_on].include? k }
+      end
+
       def export(options = {})
         hash = {
           'name' => name,

data/lib/skull_island/resources/upstream.rb

@@ -30,8 +30,8 @@ module SkullIsland
           resource.name = rdata['name']
           resource.slots = rdata['slots'] if rdata['slots']
           resource.hash_on = rdata['hash_on']
-          resource.hash_fallback = rdata['hash_fallback']
-          resource.hash_on_header = rdata['hash_on_header']
+          resource.hash_fallback = rdata['hash_fallback'] if rdata['hash_fallback']
+          resource.hash_on_header = rdata['hash_on_header'] if rdata['hash_on_header']
           if rdata['hash_fallback_header']
             resource.hash_fallback_header = rdata['hash_fallback_header']
           end
@@ -78,12 +78,7 @@ module SkullIsland
       end
 
       def target(target_id)
-        UpstreamTarget.new(
-          entity: { 'id' => target_id, 'upstream' => { 'id' => id } },
-          lazy: true,
-          tainted: false,
-          api_client: api_client
-        )
+        targets.where(id: target_id).first
       end
 
       def targets
@@ -176,10 +171,10 @@ module SkullIsland
         value.is_a?(String) && [hash_on, hash_fallback].include?('cookie')
       end
 
-      # Used to validate {#hash_cookie_path} on set
-      def validate_hash_cookie_path(value)
-        # only String is allowed and only when {#hash_on} or {#hash_fallback} is set to 'cookie'
-        value.is_a?(String) && [hash_on, hash_fallback].include?('cookie')
+      # Used to validate {#hash_on_cookie_path} on set
+      def validate_hash_on_cookie_path(value)
+        # only String is allowed
+        value.is_a?(String)
       end
 
       # Used to validate {#name} on set

data/lib/skull_island/resources/upstream_target.rb

@@ -29,6 +29,12 @@ module SkullIsland
         end
       end
 
+      def self.all(options = {})
+        api_client = options[:api_client] || APIClient.instance
+
+        Upstream.all(api_client: api_client).map(&:targets).reduce(&:merge)
+      end
+
       def self.get(id, options = {})
         if options[:upstream]&.is_a?(Upstream)
           options[:upstream].target(id)
@@ -38,6 +44,19 @@ module SkullIsland
         end
       end
 
+      # Tests for an existing version of this resource based on its properties rather than its `id`
+      def find_by_digest
+        result = self.class.where(:digest, digest) # matching digest means the equivalent resource
+        if result.size == 1
+          @entity  = result.first.entity
+          @lazy    = false
+          @tainted = false
+          true
+        else
+          false
+        end
+      end
+
       def relative_uri
         upstream ? "#{upstream.relative_uri}/targets/#{id}" : nil
       end
@@ -111,7 +130,7 @@ module SkullIsland
       def validate_target(value)
         # only URIs or specific strings
         value.is_a?(URI) || (
-          value.is_a?(String) && value.match?(/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d{1,5}/)
+          value.is_a?(String) && value.match?(/[\w\d.-]+:\d{1,5}/)
         )
       end
 

data/lib/skull_island/version.rb

@@ -4,6 +4,6 @@ module SkullIsland
   VERSION = [
     1, # Major
     1, # Minor
-    1  # Patch
+    2  # Patch
   ].join('.')
 end

data/lib/skull_island.rb

@@ -46,6 +46,7 @@ require 'skull_island/validations/resource'
 require 'skull_island/resource'
 require 'skull_island/resources/certificate'
 require 'skull_island/resources/basicauth_credential'
+require 'skull_island/resources/jwt_credential'
 require 'skull_island/resources/keyauth_credential'
 require 'skull_island/resources/consumer'
 require 'skull_island/resources/plugin'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: skull_island
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.1.2
 platform: ruby
 authors:
 - Jonathan Gnagy
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-05-13 00:00:00.000000000 Z
+date: 2019-06-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: deepsort
@@ -251,6 +251,7 @@ files:
 - lib/skull_island/resources/basicauth_credential.rb
 - lib/skull_island/resources/certificate.rb
 - lib/skull_island/resources/consumer.rb
+- lib/skull_island/resources/jwt_credential.rb
 - lib/skull_island/resources/keyauth_credential.rb
 - lib/skull_island/resources/plugin.rb
 - lib/skull_island/resources/route.rb
@@ -283,7 +284,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.0.4
 signing_key: 
 specification_version: 4
 summary: Ruby SDK for Kong