skull_island 1.2.13 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c66eccbdc4037117f866cbb422ad0e551471e231e5137d90b8924a38a904d630
-  data.tar.gz: bd1ee46f5e880b8cfeda56acbacfb99c81fa679e46aac45defefb21f7c4b0035
+  metadata.gz: 1cd4dad5c51622b123e9a28d07515e340fd3bf2aa2633edc408df2eb7016eef2
+  data.tar.gz: 91f778ff415330fb0c8c2c6f3118c6c894a76c77b42338ff345ff0848b0fd332
 SHA512:
-  metadata.gz: 32a3f5c1fcd0e54b9df82880c564d0e4a4af6f8482c67d5ca41e9e977c77d3c6b5684c55ff0198af909404abf6f2a085e1c605d13afea2d5436e22c9872683b9
-  data.tar.gz: 148b3e4fcfe3c21a25903571230fa6f5bc61c3b682b17cb2e4021e3d3527ceaecc8ce24376b0d16511afd0e5b3af7cd02b6a22c7677a512e861d1290b94b7a56
+  metadata.gz: 820eb9e9833274cf58dce2b3200c55bdddb29adf331457141a76a517048b33e1ee86d823a0367f32207ec4ec4287046f9b2f35e4f35f12daebcd3a215eb163a8
+  data.tar.gz: 13027398c076a86a7eee66824e72ed848cd0bce3d063a4f6ac441929c79379541ef2946669385dc2fc6c5c0c50ee3d1c1d4e1a28349f4195c93a04061ab942b2

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    skull_island (1.2.13)
+    skull_island (1.4.0)
       deepsort (~> 0.4)
       erubi (~> 1.8)
       json (~> 2.1)
@@ -53,7 +53,7 @@ GEM
     linguistics (2.1.0)
       loggability (~> 0.11)
     loggability (0.14.0)
-    mime-types (3.3.1)
+    mime-types (3.3)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2019.1009)
     multi_json (1.14.1)
@@ -62,7 +62,7 @@ GEM
     net-http-pipeline (1.0.1)
     netrc (0.11.0)
     parallel (1.19.1)
-    parser (2.7.0.1)
+    parser (2.6.5.0)
       ast (~> 2.4.0)
     pusher-client (0.6.2)
       json
@@ -78,15 +78,15 @@ GEM
       rspec-core (~> 3.9.0)
       rspec-expectations (~> 3.9.0)
       rspec-mocks (~> 3.9.0)
-    rspec-core (3.9.1)
-      rspec-support (~> 3.9.1)
+    rspec-core (3.9.0)
+      rspec-support (~> 3.9.0)
     rspec-expectations (3.9.0)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-mocks (3.9.0)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
-    rspec-support (3.9.2)
+    rspec-support (3.9.0)
     rubocop (0.78.0)
       jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)

data/README.md

@@ -1,6 +1,6 @@
 # Skull Island
 
-A full-featured SDK for [Kong](https://konghq.com/kong/) 1.1.x/1.2.x (with support for migrating from 0.14.x). Note that this is unofficial (meaning this project is in no way officially endorsed, recommended, or related to Kong [as a company](https://konghq.com/) or an [open-source project](https://github.com/Kong/kong)). It is also in no way related to the [pet toy company](https://www.kongcompany.com/) by the same name (but hopefully that was obvious).
+A full-featured SDK for [Kong](https://konghq.com/kong/) 1.4.x (with support for migrating from 0.14.x, 1.1.x, and 1.2.x). Note that this is unofficial (meaning this project is in no way officially endorsed, recommended, or related to Kong [as a company](https://konghq.com/) or an [open-source project](https://github.com/Kong/kong)). It is also in no way related to the [pet toy company](https://www.kongcompany.com/) by the same name (but hopefully that was obvious).
 
 ![Gem](https://img.shields.io/gem/v/skull_island)
 ![Travis (.org)](https://img.shields.io/travis/jgnagy/skull_island)
@@ -30,7 +30,7 @@ gem install skull_island
 Or add this to your Gemfile:
 
 ```ruby
-gem 'skull_island',  '~> 1.2'
+gem 'skull_island',  '~> 1.4'
 ```
 
 Or add this to your .gemspec:
@@ -38,7 +38,7 @@ Or add this to your .gemspec:
 ```ruby
 Gem::Specification.new do |spec|
  # ...
- spec.add_runtime_dependency 'skull_island', '~> 1.2'
+ spec.add_runtime_dependency 'skull_island', '~> 1.4'
  # ...
 end
 ```
@@ -47,7 +47,7 @@ end
 
 Skull Island comes with an executable called `skull_island` that leverages the SDK under the hood. Learn about what it can do via `help`:
 
-```
+```sh
 $ skull_island help
 Commands:
   skull_island export [OPTIONS] [OUTPUT|-]             # Export the current configuration to OUTPUT
@@ -63,7 +63,7 @@ Options:
 
 To use the commands that interact with the Kong API, set environment variables for the required parameters:
 
-```
+```sh
 KONG_ADMIN_URL='https://api-admin.mydomain.com' \
 KONG_ADMIN_USERNAME='my-basicauth-user' \
 KONG_ADMIN_PASSWORD='my-basicauth-password' \
@@ -74,7 +74,7 @@ Note that you can skip `KONG_ADMIN_USERNAME` and `KONG_ADMIN_PASSWORD` if you ar
 
 Also note that if you're having SSL issues (such as with a private CA), you can have Ruby make use of a custom CA public key using `SSL_CERT_FILE`:
 
-```
+```sh
 SSL_CERT_FILE=/path/to/cabundle.pem \
 KONG_ADMIN_URL='https://api-admin.mydomain.com' \
 KONG_ADMIN_USERNAME='my-basicauth-user' \
@@ -88,14 +88,14 @@ The CLI allows you to export an existing configuration to a YAML + ERB document
 
 The `export` command will default to outputting to STDOUT if you don't provide an output file location. Otherwise, simply specify the filename you'd like to export to:
 
-```
+```sh
 KONG_ADMIN_URL='https://api-admin.mydomain.com' \
 skull_island export /path/to/export.yml
 ```
 
 You can also get a little more information by turning on `--verbose`:
 
-```
+```sh
 KONG_ADMIN_URL='https://api-admin.mydomain.com' \
 skull_island export --verbose /path/to/export.yml
 ```
@@ -110,14 +110,14 @@ For most credential types, exporting works as expected (you'll see the plaintext
 
 Skull Island also supports importing configurations (both partial and full) from a YAML + ERB document:
 
-```
+```sh
 KONG_ADMIN_URL='https://api-admin.mydomain.com' \
 skull_island import /path/to/export.yml
 ```
 
 It'll also read from STDIN if you don't specify a file path (or if you specify `-` as the path):
 
-```
+```sh
 cat /path/to/export.yml | KONG_ADMIN_URL='https://api-admin.mydomain.com' skull_island import
 # OR
 KONG_ADMIN_URL='https://api-admin.mydomain.com' skull_island import < /path/to/export.yml
@@ -125,14 +125,14 @@ KONG_ADMIN_URL='https://api-admin.mydomain.com' skull_island import < /path/to/e
 
 You can also get a little more information by turning on `--verbose`:
 
-```
+```sh
 KONG_ADMIN_URL='https://api-admin.mydomain.com' \
 skull_island import --verbose /path/to/export.yml
 ```
 
 Importing also supports a "dry run" functionality that shows you what it would do (but makes no changes) using `--test`:
 
-```
+```sh
 KONG_ADMIN_URL='https://api-admin.mydomain.com' \
 skull_island import --verbose --test /path/to/export.yml
 ```
@@ -141,7 +141,7 @@ Note that `--test` has a high likelihood of generating errors with a complicated
 
 #### Importing with Projects
 
-Skull Island 1.2.1 introduces the ability to use a special top-level key in the configuration called `project` that uses meta-data to track which resources belong to a project. This meta-data can safely be added at another time as this tool will "adopt" otherwise matching resources into a project.
+Skull Island 1.2.1 introduced the ability to use a special top-level key in the configuration called `project` that uses meta-data to track which resources belong to a project. This meta-data can safely be added at another time as this tool will "adopt" otherwise matching resources into a project.
 
 To use this functionality, either add the `project` key to your configuration file (usually directly below the `version` key) with some value that will be unique on your gateway, or use `--project foo` (where `foo` is the name of your project) as a CLI flag.
 
@@ -149,17 +149,17 @@ When using the `project` feature of Skull Island, the CLI tool will automaticall
 
 ### Migrating
 
-With Skull Island, it is possible to migrate a configuration from a 0.14.x gateway to one compatible with a 1.2.x gateway. If you have a previous export, you can just run `skull_island migrate /path/to/export.yml` and you'll receive a 1.2 compatible config on standard out. If you'd prefer, you can have that config written to a file as well (just like the export command) like so:
+With Skull Island, it is possible to migrate a configuration from a 0.14.x, 1.1.x, or 1.2.x gateway to the most recent compatible gateway. If you have a previous export, you can just run `skull_island migrate /path/to/export.yml` and you'll receive a 1.4 compatible config on standard out. If you'd prefer, you can have that config written to a file as well (just like the export command) like so:
 
-```
+```sh
 skull_island migrate /path/to/export.yml /output/location/migrated.yml
 ```
 
-While this hasn't been heavily tested for all possible use-cases, any configuration generated or usable by the `'~> 0.14'` version of this gem should safely convert using the migration command. This tool also makes no guarantees about plugin functionality, configuration compatibility across versions, or that the same plugins are installed and available in your newer gateway. It should go without saying that you should **test and confirm** that all of your functionality was successfully migrated.
+While this hasn't been heavily tested for all possible use-cases, any configuration generated or usable by the `'~> 0.14'` or `'~> 1.2'` version of this gem should safely convert using the migration command. This tool also makes no guarantees about plugin functionality, configuration compatibility across versions, or that the same plugins are installed and available in your newer gateway. It should go without saying that you should **test and confirm** that all of your functionality was successfully migrated.
 
-If you don't have a previous export, you'll need to install an older version of this gem using `gem install --version '~> 0.14' skull_island`, then perform an `export`, then you can switch back to the latest version of the gem for migrating and importing.
+If you don't have a previous export, you'll need to install an older version of this gem using something like `gem install --version '~> 0.14' skull_island`, then perform an `export`, then you can switch back to the latest version of the gem for migrating and importing.
 
-While it would be possible to make migration _automatic_ for the `import` command, `skull_island` intentionally doesn't do this to avoid the appearance that the config is losslessly compatible across versions. In reality, the newer config version has additional features (like tagging) that will likely be used heavily. It makes sense to this author to maintain the migration component and the normal functionality as distinct features to encourage the use of the newer capabilities in 1.1+.
+While it would be possible to make migration _automatic_ for the `import` command, `skull_island` intentionally doesn't do this to avoid the appearance that the config is losslessly compatible across versions. In reality, the newer config version has additional features (like tagging) that are used heavily by skull_island. It makes sense to this author to maintain the migration component and the normal functionality as distinct features to encourage the use of the newer capabilities in 1.1 and beyond.
 
 ### Reset A Gateway
 
@@ -167,7 +167,7 @@ Skull Island can completely clear the configuration from a Kong instance using t
 
 Fully resetting a gateway looks like this:
 
-```
+```sh
 skull_island reset --force
 ```
 
@@ -175,7 +175,7 @@ You can, of course, include `--verbose` to see `skull_island` do its work, thoug
 
 You can also restrict the reset to just resources associated with a particular project using the `--project` flag:
 
-```
+```sh
 skull_island reset --force --project foo
 ```
 
@@ -185,10 +185,10 @@ This assumes the project is called `foo`.
 
 If you're wondering what version of `skull_island` is installed, use:
 
-```
+```sh
 $ skull_island version
 
-SkullIsland Version: 1.2.5
+SkullIsland Version: 1.4.1
 ```
 
 ### File Format
@@ -197,9 +197,14 @@ The import/export/migrate CLI functions produce YAML with support for embedded R
 
 ```yaml
 ---
-version: '1.2'
+version: '1.4'
 project: FooV2
 certificates: []
+ca_certificates:
+- cert: |-
+    -----BEGIN CERTIFICATE-----
+    MIIFUzCCA...
+    -----END CERTIFICATE-----
 consumers:
 - username: foo
   custom_id: foo
@@ -265,9 +270,9 @@ plugins:
   service: "<%= lookup :service, 'search_api' %>"
 ```
 
-All top-level keys (other than `version` and `project`) require an Array as a parameter, either by providing a list of entries or an empty Array (`[]`). The above shows how to use the `lookup()` function to refer to another resource. This "looks up" the resource type (`service` in this case) by `name` (`search_api` in this case) and resolves its `id`. This function can also be used to lookup a `route` or `upstream` by its `name`, or a `consumer` by its `username`. Note that Kong itself doesn't _require_ `route` resources to have unique names, so you'll need to enforce that practice yourself for `lookup` to be useful for Routes.
+All top-level keys (other than `version` and `project`) require an Array as a parameter, either by providing a list of entries or an empty Array (`[]`), or they can be omitted entirely which is the same as providing an empty Array. The above shows how to use the `lookup()` function to refer to another resource. This "looks up" the resource type (`service` in this case) by `name` (`search_api` in this case) and resolves its `id`. This function can also be used to lookup a `route` or `upstream` by its `name`, or a `consumer` by its `username`. Note that Kong itself doesn't _require_ `route` resources to have unique names, so you'll need to enforce that practice yourself for `lookup` to be useful for Routes.
 
-Note that while this configuration looks a lot like the [DB-less](https://docs.konghq.com/1.1.x/db-less-and-declarative-config/) configuration (and even may, at times, be interchangeable), this is merely a coincidence. **Skull Island doesn't support the DB-less mode for Kong.** This may potentially change in the future, but for now it is not a goal of this project.
+Note that while this configuration looks a lot like the [DB-less](https://docs.konghq.com/1.4.x/db-less-and-declarative-config/) configuration (and even may, at times, be interchangeable), this is merely a coincidence. **Skull Island doesn't support the DB-less mode for Kong.** This may potentially change in the future, but for now it is not a goal of this project.
 
 #### Embedded Ruby
 
@@ -277,6 +282,8 @@ While technically _any_ Ruby is valid, the following are pretty helpful for temp
 
 * `ENV.fetch('VARIABLE_NAME', 'default value')` - This allows looking up the environment variable `VARIABLE_NAME` and using its value, or, if it isn't defined, it uses `default value` as the value. With this we could change `host: api.example.com` to `host: <%= ENV.fetch('API_HOST', 'api.example.com') %>`. With this, if `API_HOST` is provided, it'll use that, otherwise it will default to `api.example.com`. This is especially helpful for sensitive information; you can version control the configuration but pass in things like credentials via environment variables at runtime.
 
+Note also that 1.4.x and beyond of Skull Island support two phases of embedded ruby: first, a simple phase that treats the **entire file** as just text, allowing you to use the full power of ruby for things like loops, conditional logic, and more; the second phase is applied for individual attributes within the rendered YAML document. This is where the `lookup()` function above is used. 
+
 ## SDK Usage
 
 The API Client requires configuration before it can be used. For now, this is a matter of calling `APIClient.configure()`, passing a Hash, with Symbols for keys:
@@ -391,7 +398,26 @@ service.routes.size
 # => 4
 ```
 
-From here, the SDK mostly wraps the attributes described in the [Kong API Docs](https://docs.konghq.com/1.2.x/admin-api/). For simplicity, I'll go over the resource types and attributes this SDK supports manipulating. Rely on the API documentation to determine which attributes are required and under which conditions.
+From here, the SDK mostly wraps the attributes described in the [Kong API Docs](https://docs.konghq.com/1.4.x/admin-api/). For simplicity, I'll go over the resource types and attributes this SDK supports manipulating. Rely on the API documentation to determine which attributes are required and under which conditions.
+
+#### CA Certificates
+
+These are used by the gateway to verify upstream certificates when connecting to them via HTTPS. These are not used to allow Kong to _generate_ certificates. Thus, there is only a public key (`cert`) attribute for this resource.
+
+```ruby
+resource = Resources::CACertificate.new
+
+# These attributes can be set and read
+resource.cert = '-----BEGIN CERTIFICATE-----...' # PEM-encoded public key
+resource.tags = ['production', 'example']        # Array of tags
+resource.save
+
+# These attributes are read-only
+resource.id
+# => "1cad3055-1027-459d-b76e-f590dc5f0071"
+resource.created_at
+# => #<DateTime: 2018-07-17T12:51:28+00:00 ((2458317j,46288s,0n),+0s,2299161j)>
+```
 
 #### Certificates
 
@@ -554,6 +580,7 @@ resource = Resources::Service.new
 
 # These attributes can be set and read
 resource.protocol        = 'http'
+resource.client_certificate = { 'id' => '77e32ff2-...' }
 resource.connect_timeout = 60000
 resource.host            = 'example.com'
 resource.port            = 80
@@ -591,6 +618,7 @@ resource = Resources::Upstream.new
 
 # These attributes can be set and read
 resource.name          = 'service.v1.xyz'
+resource.algorithm     = 'round-robin'
 resource.hash_on       = 'none'
 resource.hash_fallback = 'none'
 resource.slots         = 1000

data/lib/skull_island/cli.rb

@@ -11,6 +11,7 @@ module SkullIsland
   # Base CLI for SkullIsland
   class CLI < Thor
     include Helpers::Migration
+    include Helpers::CliErb
 
     class_option :verbose, type: :boolean
 
@@ -29,10 +30,11 @@ module SkullIsland
 
       validate_server_version
 
-      output = { 'version' => '1.2' }
+      output = { 'version' => '1.4' }
       output['project'] = options['project'] if options['project']
 
       [
+        Resources::CACertificate,
         Resources::Certificate,
         Resources::Consumer,
         Resources::Upstream,
@@ -54,7 +56,7 @@ module SkullIsland
       raw ||= acquire_input(input_file, options['verbose'])
 
       # rubocop:disable Security/YAMLLoad
-      input = YAML.load(raw)
+      input = YAML.load(erb_preprocess(raw))
       # rubocop:enable Security/YAMLLoad
 
       validate_config_version input['version']
@@ -63,12 +65,16 @@ module SkullIsland
       input['project'] = options['project'] if options['project']
 
       [
+        Resources::CACertificate,
         Resources::Certificate,
         Resources::Consumer,
         Resources::Upstream,
         Resources::Service,
         Resources::Plugin
-      ].each { |clname| import_class(clname, input, import_time) }
+      ].each do |clname|
+        input[clname.route_key] = [] unless input[clname.route_key] # enforce all top-level keys
+        import_class(clname, input, import_time)
+      end
     end
 
     desc(
@@ -117,6 +123,7 @@ module SkullIsland
         warn '[WARN] ! FULLY Resetting gateway'
       end
       [
+        Resources::CACertificate,
         Resources::Certificate,
         Resources::Consumer,
         Resources::Upstream,
@@ -184,9 +191,9 @@ module SkullIsland
     end
 
     def validate_config_version(version)
-      if version && ['1.1', '1.2'].include?(version)
+      if version && ['1.4'].include?(version)
         validate_server_version
-      elsif version && ['0.14', '1.0'].include?(version)
+      elsif version && ['0.14', '1.0', '1.1', '1.2'].include?(version)
         warn '[CRITICAL] Config version is too old. Try `migrate` instead of `import`.'
         exit 2
       else
@@ -206,7 +213,7 @@ module SkullIsland
 
     def validate_server_version
       server_version = SkullIsland::APIClient.about_service['version']
-      if server_version.match?(/^1.[12]/)
+      if server_version.match?(/^1.[4]/)
         true
       else
         warn '[CRITICAL] Server version mismatch!'

data/lib/skull_island/helpers/cli_erb.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module SkullIsland
+  module Helpers
+    # Performs a simple, first pass ERb preprocess on the entire input file for the CLI
+    module CliErb
+      def erb_preprocess(input)
+        warn '[INFO] Preprocessing template' if options['verbose']
+        # rubocop:disable Security/Eval
+        eval(Erubi::Engine.new(input).src)
+        # rubocop:enable Security/Eval
+      end
+
+      # At this phase, we want to leave this alone...
+      def lookup(type, value)
+        "<%= lookup :#{type}, '#{value}' %>"
+      end
+    end
+  end
+end

data/lib/skull_island/helpers/migration.rb

@@ -6,7 +6,9 @@ module SkullIsland
     module Migration
       def migrate_config(config)
         if config['version'] == '0.14'
-          migrate_0_14_to_1_1(config)
+          migrate_config migrate_0_14_to_1_1(config)
+        elsif ['1.1', '1.2', '1.3'].include?(config['version'])
+          migrate_1_1_to_1_4(config)
         else
           false # Just return false if it can't be migrated
         end
@@ -29,6 +31,12 @@ module SkullIsland
         new_config['version'] = '1.1'
         new_config
       end
+
+      def migrate_1_1_to_1_4(config)
+        new_config = config.dup
+        new_config['version'] = '1.4'
+        new_config
+      end
     end
   end
 end

data/lib/skull_island/helpers/resource.rb

@@ -16,7 +16,7 @@ module SkullIsland
 
       # rubocop:disable Style/GuardClause
       # rubocop:disable Security/Eval
-      def delayed_set(property, data, key)
+      def delayed_set(property, data, key = property.to_s)
         if data[key]
           value = recursive_erubi(data[key])
           send(

data/lib/skull_island/resources/access_control_list.rb

@@ -21,8 +21,8 @@ module SkullIsland
 
         data.each_with_index do |resource_data, index|
           resource = new
-          resource.delayed_set(:group, resource_data, 'group')
-          resource.delayed_set(:consumer, resource_data, 'consumer')
+          resource.delayed_set(:group, resource_data)
+          resource.delayed_set(:consumer, resource_data)
           resource.import_update_or_skip(index: index, verbose: verbose, test: test)
           known_ids << resource.id
         end

data/lib/skull_island/resources/basicauth_credential.rb

@@ -24,9 +24,9 @@ module SkullIsland
 
         data.each_with_index do |resource_data, index|
           resource = new
-          resource.delayed_set(:username, resource_data, 'username')
-          resource.delayed_set(:password, resource_data, 'password') if resource_data['password']
-          resource.delayed_set(:consumer, resource_data, 'consumer')
+          resource.delayed_set(:username, resource_data)
+          resource.delayed_set(:password, resource_data) if resource_data['password']
+          resource.delayed_set(:consumer, resource_data)
           resource.import_update_or_skip(index: index, verbose: verbose, test: test)
           known_ids << resource.id
         end

data/lib/skull_island/resources/ca_certificate.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+module SkullIsland
+  # Resource classes go here...
+  module Resources
+    # The CA Certificate resource class
+    #
+    # @see https://docs.konghq.com/1.4.x/admin-api/#ca-certificate-object CA Certificate definition
+    class CACertificate < Resource
+      include Helpers::Meta
+
+      property :cert, required: true, validate: true
+      property :created_at, read_only: true, postprocess: true
+      property :tags, validate: true, preprocess: true, postprocess: true
+
+      def self.batch_import(data, verbose: false, test: false, project: nil, time: nil)
+        raise(Exceptions::InvalidArguments) unless data.is_a?(Array)
+
+        known_ids = []
+
+        data.each_with_index do |resource_data, index|
+          resource = new
+          resource.delayed_set(:cert, resource_data)
+          resource.tags = resource_data['tags'] if resource_data['tags']
+          resource.project = project if project
+          resource.import_time = (time || Time.now.utc.to_i) if project
+          resource.import_update_or_skip(index: index, verbose: verbose, test: test)
+          known_ids << resource.id
+        end
+
+        cleanup_except(project, known_ids) if project
+      end
+
+      def export(options = {})
+        hash = { 'cert' => cert }
+        hash['tags'] = tags unless tags.empty?
+        [*options[:exclude]].each do |exclude|
+          hash.delete(exclude.to_s)
+        end
+        [*options[:include]].each do |inc|
+          hash[inc.to_s] = send(inc.to_sym)
+        end
+        hash.reject { |_, value| value.nil? }
+      end
+
+      def modified_existing?
+        return false unless new?
+
+        # Find CA certs of the same cert
+        same_cert = self.class.where(:cert, cert)
+
+        existing = same_cert.size == 1 ? same_cert.first : nil
+
+        if existing
+          @entity['id'] = existing.id
+          save
+        else
+          false
+        end
+      end
+
+      private
+
+      # Used to validate {#cert} on set
+      def validate_cert(value)
+        # only String is allowed
+        value.is_a?(String)
+      end
+    end
+  end
+end

data/lib/skull_island/resources/certificate.rb

@@ -24,8 +24,8 @@ module SkullIsland
 
         data.each_with_index do |resource_data, index|
           resource = new
-          resource.delayed_set(:cert, resource_data, 'cert')
-          resource.delayed_set(:key, resource_data, 'key')
+          resource.delayed_set(:cert, resource_data)
+          resource.delayed_set(:key, resource_data)
           resource.snis = resource_data['snis'] if resource_data['snis']
           resource.tags = resource_data['tags'] if resource_data['tags']
           resource.project = project if project

data/lib/skull_island/resources/jwt_credential.rb

@@ -25,11 +25,9 @@ module SkullIsland
         data.each_with_index do |resource_data, index|
           resource = new
           resource.algorithm = resource_data['algorithm']
-          resource.delayed_set(:key, resource_data, 'key') if resource_data['key']
-          resource.delayed_set(:secret, resource_data, 'secret') if resource_data['secret']
-          if resource_data['rsa_public_key']
-            resource.delayed_set(:rsa_public_key, resource_data, 'rsa_public_key')
-          end
+          resource.delayed_set(:key, resource_data) if resource_data['key']
+          resource.delayed_set(:secret, resource_data) if resource_data['secret']
+          resource.delayed_set(:rsa_public_key, resource_data) if resource_data['rsa_public_key']
           resource.delayed_set(:consumer, resource_data, 'consumer')
           resource.import_update_or_skip(index: index, verbose: verbose, test: test)
           known_ids << resource.id

data/lib/skull_island/resources/keyauth_credential.rb

@@ -21,8 +21,8 @@ module SkullIsland
 
         data.each_with_index do |resource_data, index|
           resource = new
-          resource.delayed_set(:key, resource_data, 'key')
-          resource.delayed_set(:consumer, resource_data, 'consumer')
+          resource.delayed_set(:key, resource_data)
+          resource.delayed_set(:consumer, resource_data)
           resource.import_update_or_skip(index: index, verbose: verbose, test: test)
           known_ids << resource.id
         end

data/lib/skull_island/resources/plugin.rb

@@ -31,13 +31,13 @@ module SkullIsland
           resource.name = resource_data['name']
           resource.enabled = resource_data['enabled']
           resource.run_on = resource_data['run_on'] if resource_data['run_on']
-          resource.delayed_set(:config, resource_data, 'config') if resource_data['config']
+          resource.delayed_set(:config, resource_data) if resource_data['config']
           resource.tags = resource_data['tags'] if resource_data['tags']
           resource.project = project if project
           resource.import_time = (time || Time.now.utc.to_i) if project
-          resource.delayed_set(:consumer, resource_data, 'consumer')
-          resource.delayed_set(:route, resource_data, 'route')
-          resource.delayed_set(:service, resource_data, 'service')
+          resource.delayed_set(:consumer, resource_data)
+          resource.delayed_set(:route, resource_data)
+          resource.delayed_set(:service, resource_data)
           resource.import_update_or_skip(index: index, verbose: verbose, test: test)
           known_ids << resource.id
         end

data/lib/skull_island/resources/route.rb

@@ -5,7 +5,7 @@ module SkullIsland
   module Resources
     # The Route resource class
     #
-    # @see https://docs.konghq.com/1.1.x/admin-api/#route-object Route API definition
+    # @see https://docs.konghq.com/1.4.x/admin-api/#route-object Route API definition
     class Route < Resource
       include Helpers::Meta
 
@@ -13,7 +13,9 @@ module SkullIsland
       property :methods
       property :paths
       property :protocols,      validate: true
+      property :headers,        validate: true
       property :hosts,          validate: true
+      property :https_redirect_status_code, validate: true
       property :regex_priority, validate: true
       property :strip_path,     type: :boolean
       property :preserve_host,  type: :boolean
@@ -39,15 +41,19 @@ module SkullIsland
           resource.methods = rdata['methods'] if rdata['methods']
           resource.paths = rdata['paths'] if rdata['paths']
           resource.protocols = rdata['protocols'] if rdata['protocols']
-          resource.delayed_set(:hosts, rdata, 'hosts') if rdata['hosts']
+          resource.delayed_set(:hosts, rdata) if rdata['hosts']
+          resource.delayed_set(:headers, rdata) if rdata['headers']
+          if rdata['https_redirect_status_code']
+            resource.https_redirect_status_code = rdata['https_redirect_status_code']
+          end
           resource.regex_priority = rdata['regex_priority'] if rdata['regex_priority']
           resource.strip_path = rdata['strip_path'] unless rdata['strip_path'].nil?
           resource.preserve_host = rdata['preserve_host'] unless rdata['preserve_host'].nil?
-          resource.delayed_set(:snis, rdata, 'snis') if rdata['snis']
+          resource.delayed_set(:snis, rdata) if rdata['snis']
           resource.tags = rdata['tags'] if rdata['tags']
           resource.project = project if project
           resource.import_time = (time || Time.now.utc.to_i) if project
-          resource.delayed_set(:service, rdata, 'service')
+          resource.delayed_set(:service, rdata)
           resource.import_update_or_skip(index: index, verbose: verbose, test: test)
           known_ids << resource.id
         end
@@ -71,12 +77,14 @@ module SkullIsland
           'paths' => paths,
           'protocols' => protocols,
           'hosts' => hosts,
+          'https_redirect_status_code' => https_redirect_status_code,
           'regex_priority' => regex_priority,
           'strip_path' => strip_path?,
           'preserve_host' => preserve_host?
         }
         hash['service'] = "<%= lookup :service, '#{service.name}' %>" if service
         hash['snis'] = snis if snis && !snis.empty?
+        hash['headers'] = headers if headers && !headers.empty?
         hash['tags'] = tags unless tags.empty?
         [*options[:exclude]].each do |exclude|
           hash.delete(exclude.to_s)
@@ -129,10 +137,19 @@ module SkullIsland
 
       # Used to validate {#protocols} on set
       def validate_protocols(value)
-        value.is_a?(Array) &&                     # Must be an array
-          (1..4).cover?(value.size) &&            # Must be exactly 1..4 in size
-          value.uniq == value &&                  # Must not have duplicate values
-          (value - %w[http https tls tcp]).empty? # Must only contain appropriate protocols
+        valid_protos = %w[http https tls tcp grpc grpcs]
+        value.is_a?(Array) &&           # Must be an array
+          (1..4).cover?(value.size) &&  # Must be exactly 1..4 in size
+          value.uniq == value &&        # Must not have duplicate values
+          (value - valid_protos).empty? # Must only contain appropriate protocols
+      end
+
+      # Validates the {#headers} on set
+      def validate_headers(value)
+        value.is_a?(Hash) &&
+          value.keys.map(&:class).uniq == [String] &&
+          value.values.map(&:class).uniq == [Array] &&
+          value.values.map { |v| v.map(&:class) }.flatten.uniq == [String]
       end
 
       # Used to validate {#hosts} on set
@@ -144,6 +161,11 @@ module SkullIsland
         true
       end
 
+      # Validates the {#https_redirect_status_code} on set
+      def validate_https_redirect_status_code(value)
+        value.is_a?(Integer) && value <= 599 && value >= 100
+      end
+
       # Used to validate {#regex_priority} on set
       def validate_regex_priority(value)
         # only positive Integers are allowed

data/lib/skull_island/resources/service.rb

@@ -18,6 +18,7 @@ module SkullIsland
       property :connect_timeout,    validate: true
       property :write_timeout,      validate: true
       property :read_timeout,       validate: true
+      property :client_certificate, validate: true, preprocess: true, postprocess: true
       property :created_at, read_only: true, postprocess: true
       property :updated_at, read_only: true, postprocess: true
       property :tags, validate: true, preprocess: true, postprocess: true
@@ -35,12 +36,13 @@ module SkullIsland
           resource.name = rdata['name']
           resource.retries = rdata['retries'] if rdata['retries']
           resource.protocol = rdata['protocol']
-          resource.delayed_set(:host, rdata, 'host')
-          resource.delayed_set(:port, rdata, 'port')
+          resource.delayed_set(:host, rdata)
+          resource.delayed_set(:port, rdata)
           resource.path = rdata['path'] if rdata['path']
           resource.connect_timeout = rdata['connect_timeout'] if rdata['connect_timeout']
           resource.write_timeout = rdata['write_timeout'] if rdata['write_timeout']
           resource.read_timeout = rdata['read_timeout'] if rdata['read_timeout']
+          resource.delayed_set(:client_certificate, rdata) if rdata['client_certificate']
           resource.tags = rdata['tags'] if rdata['tags']
           resource.project = project if project
           resource.import_time = (time || Time.now.utc.to_i) if project
@@ -50,7 +52,9 @@ module SkullIsland
           Route.batch_import(
             (rdata['routes'] || []).map { |r| r.merge('service' => { 'id' => resource.id }) },
             verbose: verbose,
-            test: test
+            test: test,
+            project: project,
+            time: time
           )
         end
 
@@ -83,6 +87,7 @@ module SkullIsland
         Plugin.where(:service, self, api_client: api_client)
       end
 
+      # rubocop:disable Metrics/AbcSize
       def export(options = {})
         hash = {
           'name' => name,
@@ -97,6 +102,7 @@ module SkullIsland
         }
         hash['routes'] = routes.collect { |route| route.export(exclude: 'service') }
         hash['tags'] = tags unless tags.empty?
+        hash['client_certificate'] = client_certificate if client_certificate
         [*options[:exclude]].each do |exclude|
           hash.delete(exclude.to_s)
         end
@@ -105,6 +111,7 @@ module SkullIsland
         end
         hash.reject { |_, value| value.nil? }
       end
+      # rubocop:enable Metrics/AbcSize
 
       def modified_existing?
         return false unless new?
@@ -139,6 +146,27 @@ module SkullIsland
 
       private
 
+      def postprocess_client_certificate(value)
+        if value.is_a?(Hash)
+          Certificate.new(
+            entity: value,
+            lazy: true,
+            tainted: false,
+            api_client: api_client
+          )
+        else
+          value
+        end
+      end
+
+      def preprocess_client_certificate(input)
+        if input.is_a?(Hash)
+          input
+        else
+          { 'id' => input.id }
+        end
+      end
+
       # Used to validate {#protocol} on set
       def validate_protocol(value)
         # only HTTP and HTTPS are allowed

data/lib/skull_island/resources/upstream.rb

@@ -10,6 +10,7 @@ module SkullIsland
       include Helpers::Meta
 
       property :name, required: true, validate: true
+      property :algorithm, validate: true
       property :slots, validate: true
       property :hash_on, validate: true
       property :hash_fallback, validate: true
@@ -18,6 +19,7 @@ module SkullIsland
       property :hash_on_cookie, validate: true
       property :hash_on_cookie_path, validate: true
       property :healthchecks, validate: true
+      property :host_header, validate: true
       property :created_at, read_only: true, postprocess: true
       property :tags, validate: true, preprocess: true, postprocess: true
 
@@ -32,6 +34,7 @@ module SkullIsland
         data.each_with_index do |rdata, index|
           resource = new
           resource.name = rdata['name']
+          resource.algorithm = rdata['algorithm'] if rdata['algorithm']
           resource.slots = rdata['slots'] if rdata['slots']
           resource.hash_on = rdata['hash_on']
           resource.hash_fallback = rdata['hash_fallback'] if rdata['hash_fallback']
@@ -44,6 +47,7 @@ module SkullIsland
             resource.hash_on_cookie_path = rdata['hash_on_cookie_path']
           end
           resource.healthchecks = rdata['healthchecks'] if rdata['healthchecks']
+          resource.host_header = rdata['host_header'] if rdata['host_header']
           resource.tags = rdata['tags'] if rdata['tags']
           resource.project = project if project
           resource.import_time = (time || Time.now.utc.to_i) if project
@@ -111,6 +115,7 @@ module SkullIsland
         )
       end
 
+      # rubocop:disable Metrics/AbcSize
       def export(options = {})
         hash = {
           'name' => name,
@@ -123,7 +128,9 @@ module SkullIsland
           'hash_on_cookie_path' => hash_on_cookie_path,
           'healthchecks' => healthchecks
         }
+        hash['algorithm'] = algorithm if algorithm
         hash['targets'] = targets.collect { |target| target.export(exclude: 'upstream') }
+        hash['host_header'] = host_header if host_header
         hash['tags'] = tags unless tags.empty?
         [*options[:exclude]].each do |exclude|
           hash.delete(exclude.to_s)
@@ -133,6 +140,7 @@ module SkullIsland
         end
         hash.reject { |_, value| value.nil? }
       end
+      # rubocop:enable Metrics/AbcSize
 
       def modified_existing?
         return false unless new?
@@ -152,6 +160,11 @@ module SkullIsland
 
       private
 
+      # Validates the upstream balancing {#algorithm}
+      def validate_algorithm(value)
+        %w[round-robin consistent-hashing least-connections].include?(value)
+      end
+
       # Used to validate {#hash_on} on set
       def validate_hash_on(value)
         # only String of an acceptable value are allowed
@@ -206,6 +219,12 @@ module SkullIsland
         # only Hash is allowed
         value.is_a?(Hash)
       end
+
+      # Enforces valid host headers for upstreams
+      def validate_host_header(value)
+        # allow only valid hostnames
+        value.match?(host_regex) && !value.match?(/_/)
+      end
     end
   end
 end

data/lib/skull_island/resources/upstream_target.rb

@@ -27,8 +27,8 @@ module SkullIsland
 
         data.each_with_index do |resource_data, index|
           resource = new
-          resource.delayed_set(:target, resource_data, 'target')
-          resource.delayed_set(:upstream, resource_data, 'upstream')
+          resource.delayed_set(:target, resource_data)
+          resource.delayed_set(:upstream, resource_data)
           resource.weight = resource_data['weight'] if resource_data['weight']
           resource.tags = resource_data['tags'] if resource_data['tags']
           resource.project = project if project

data/lib/skull_island/version.rb

@@ -3,7 +3,7 @@
 module SkullIsland
   VERSION = [
     1, # Major
-    2, # Minor
-    13 # Patch
+    4, # Minor
+    0  # Patch
   ].join('.')
 end

data/lib/skull_island.rb

@@ -39,6 +39,7 @@ require 'skull_island/api_client_base'
 require 'skull_island/api_client'
 require 'skull_island/simple_api_client'
 require 'skull_island/resource_collection'
+require 'skull_island/helpers/cli_erb'
 require 'skull_island/helpers/meta'
 require 'skull_island/helpers/resource'
 require 'skull_island/helpers/resource_class'
@@ -46,6 +47,7 @@ require 'skull_island/helpers/migration'
 require 'skull_island/validations/resource'
 require 'skull_island/resource'
 require 'skull_island/resources/access_control_list'
+require 'skull_island/resources/ca_certificate'
 require 'skull_island/resources/certificate'
 require 'skull_island/resources/basicauth_credential'
 require 'skull_island/resources/jwt_credential'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: skull_island
 version: !ruby/object:Gem::Version
-  version: 1.2.13
+  version: 1.4.0
 platform: ruby
 authors:
 - Jonathan Gnagy
@@ -257,6 +257,7 @@ files:
 - lib/skull_island/exceptions/invalid_where_query.rb
 - lib/skull_island/exceptions/new_instance_with_id.rb
 - lib/skull_island/helpers/api_client.rb
+- lib/skull_island/helpers/cli_erb.rb
 - lib/skull_island/helpers/meta.rb
 - lib/skull_island/helpers/migration.rb
 - lib/skull_island/helpers/resource.rb
@@ -266,6 +267,7 @@ files:
 - lib/skull_island/resource_collection.rb
 - lib/skull_island/resources/access_control_list.rb
 - lib/skull_island/resources/basicauth_credential.rb
+- lib/skull_island/resources/ca_certificate.rb
 - lib/skull_island/resources/certificate.rb
 - lib/skull_island/resources/consumer.rb
 - lib/skull_island/resources/jwt_credential.rb