skull_island 2.0.5 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ace4a2181bc52769f759dc35b0a3798e46c6d91ac1c1ea47e84e61e8bd4d3b93
-  data.tar.gz: 5c44345918531e4d74301643266014fb9e09cf1c8d3edf34e8cea138de667c22
+  metadata.gz: 17234eaf013609bf69fd1bb6be226d2da41c5c2d720fcf7c8aab6320bed7be49
+  data.tar.gz: bb19cf537906e3fce0b577e75261eb9ca5cba7039086b89b07dbdb69d1b4cd61
 SHA512:
-  metadata.gz: a6567a75f0a9f0348468457f367cbc172d108d94c2f0e19be5006346e6877c6fd75f95b0e3a46830c7756edbc0f309bfc6857e629242f076ae6e1cb42b6f4bf8
-  data.tar.gz: 374cdb852610fc7409554ca6e1fecaf161702f68cbb1eef3076da798cfb9e70ece3e3811525b72a8f990adfc5f079e7ce8875f102f6ee0c293cf355e9f4b0496
+  metadata.gz: 481f50743c1f3dad36f04426c2bb791484d11503df91744233f6da4789429f7b0c469ad919a25402de17da33ad03c744afb5aa60f04d11f89e96d3410e31982e
+  data.tar.gz: c2e8109e0ae1bdb10f0a8fa707ef8a0fac48266a4cb034d8092f86215d583fe164e57cef4b343a09cd6b0fc5a2241bd8a191e809b860f18712b5b03ae04544d2

data/.rubocop.yml

@@ -1,5 +1,6 @@
 AllCops:
   TargetRubyVersion: 2.5
+  NewCops: enable
 
 Metrics/MethodLength:
   Max: 50
@@ -13,6 +14,14 @@ Layout/LineLength:
 Layout/SpaceAroundMethodCallOperator:
   Enabled: true
 
+Lint/ConstantDefinitionInBlock:
+  Exclude:
+    - 'spec/**/*_spec.rb'
+    - 'spec/spec_helper.rb'
+
+Lint/MissingSuper:
+  Enabled: false
+
 Lint/RaiseException:
   Enabled: true
 
@@ -20,7 +29,7 @@ Lint/StructNewOverride:
   Enabled: true
 
 Metrics/ClassLength:
-  Max: 190
+  Max: 200
 
 Metrics/ModuleLength:
   Max: 175
@@ -28,12 +37,13 @@ Metrics/ModuleLength:
     - 'lib/skull_island/helpers/resource.rb'
 
 Metrics/CyclomaticComplexity:
-  Max: 7
+  Max: 8
 
 Metrics/ParameterLists:
   Max: 6
 
 Metrics/PerceivedComplexity:
+  Max: 8
   Exclude:
     - 'lib/skull_island/cli.rb'
 
@@ -71,5 +81,8 @@ Style/NumericLiterals:
   Exclude:
     - 'spec/**/*_spec.rb'
 
+Style/OptionalBooleanParameter:
+  Enabled: false
+
 Style/SlicingWithRange:
   Enabled: true

data/.travis.yml

@@ -11,4 +11,5 @@ deploy:
   gem: skull_island
   on:
     tags: true
+    rvm: 2.6
     repo: jgnagy/skull_island

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    skull_island (2.0.5)
+    skull_island (2.2.0)
       deepsort (~> 0.4)
       erubi (~> 1.8)
       json (~> 2.1)
@@ -13,15 +13,15 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (5.2.4.3)
+    activesupport (5.2.4.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
-    ast (2.4.0)
-    concurrent-ruby (1.1.6)
+    ast (2.4.1)
+    concurrent-ruby (1.1.7)
     coveralls (0.7.1)
       multi_json (~> 1.3)
       rest-client
@@ -29,19 +29,17 @@ GEM
       term-ansicolor
       thor
     deepsort (0.4.5)
-    diff-lcs (1.3)
-    docile (1.3.2)
+    diff-lcs (1.4.4)
+    docile (1.3.3)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
     erubi (1.10.0)
-    ethon (0.12.0)
-      ffi (>= 1.3.0)
-    faraday (1.0.1)
+    faraday (1.1.0)
       multipart-post (>= 1.2, < 3)
+      ruby2_keywords
     faraday_middleware (1.0.0)
       faraday (~> 1.0)
-    ffi (1.12.2)
-    gh (0.17.0)
+    gh (0.18.0)
       activesupport (~> 5.0)
       addressable (~> 2.4)
       faraday (~> 1.0)
@@ -53,9 +51,10 @@ GEM
     http-accept (1.7.0)
     http-cookie (1.0.3)
       domain_name (~> 0.5)
-    i18n (1.8.2)
+    i18n (1.8.5)
       concurrent-ruby (~> 1.0)
-    json (2.3.0)
+    json (2.4.1)
+    json_pure (2.4.1)
     launchy (2.4.3)
       addressable (~> 2.3)
     linguistics (2.1.0)
@@ -63,78 +62,83 @@ GEM
     loggability (0.17.0)
     mime-types (3.3.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2020.0512)
-    minitest (5.14.1)
-    multi_json (1.14.1)
+    mime-types-data (3.2020.1104)
+    minitest (5.14.2)
+    multi_json (1.15.0)
     multipart-post (2.1.1)
     net-http-persistent (2.9.4)
     net-http-pipeline (1.0.1)
     netrc (0.11.0)
-    parallel (1.19.1)
-    parser (2.7.1.2)
-      ast (~> 2.4.0)
-    public_suffix (4.0.5)
+    parallel (1.20.1)
+    parser (2.7.2.0)
+      ast (~> 2.4.1)
+    public_suffix (4.0.6)
     pusher-client (0.6.2)
       json
       websocket (~> 1.0)
     rainbow (3.0.0)
     rake (13.0.1)
+    regexp_parser (2.0.0)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
     rexml (3.2.4)
-    rspec (3.9.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-    rspec-core (3.9.2)
-      rspec-support (~> 3.9.3)
-    rspec-expectations (3.9.2)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.0)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-mocks (3.9.1)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-support (3.9.3)
-    rubocop (0.83.0)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.0)
+    rubocop (0.93.1)
       parallel (~> 1.10)
-      parser (>= 2.7.0.1)
+      parser (>= 2.7.1.5)
       rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8)
       rexml
+      rubocop-ast (>= 0.6.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 2.0)
+    rubocop-ast (1.3.0)
+      parser (>= 2.7.1.5)
     ruby-progressbar (1.10.1)
-    simplecov (0.18.5)
+    ruby2_keywords (0.0.2)
+    simplecov (0.20.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
-    simplecov-html (0.12.2)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.2)
     sync (0.5.0)
     term-ansicolor (1.7.1)
       tins (~> 1.0)
     thor (0.20.3)
     thread_safe (0.3.6)
-    tins (1.25.0)
+    tins (1.26.0)
       sync
-    travis (1.9.1)
+    travis (1.10.0)
       faraday (~> 1.0)
       faraday_middleware (~> 1.0)
       gh (~> 0.13)
       highline (~> 2.0)
-      json (~> 2.3)
+      json_pure (~> 2.3)
       launchy (~> 2.1, < 2.5.0)
       pusher-client (~> 0.4)
-      typhoeus (~> 0.6, >= 0.6.8)
-    typhoeus (0.8.0)
-      ethon (>= 0.8.0)
-    tzinfo (1.2.7)
+    tzinfo (1.2.9)
       thread_safe (~> 0.1)
     unf (0.1.4)
       unf_ext
     unf_ext (0.0.7.7)
     unicode-display_width (1.7.0)
-    websocket (1.2.8)
+    websocket (1.2.9)
     will_paginate (3.3.0)
     yard (0.9.25)
 

data/lib/skull_island/cli.rb

@@ -30,7 +30,7 @@ module SkullIsland
 
       validate_server_version
 
-      output = { 'version' => '2.0' }
+      output = { 'version' => '2.2' }
       output['project'] = options['project'] if options['project']
 
       [
@@ -43,7 +43,7 @@ module SkullIsland
       ].each { |clname| export_class(clname, output) }
 
       if output_file == '-'
-        STDOUT.puts output.to_yaml
+        $stdout.puts output.to_yaml
       else
         File.write(full_filename, output.to_yaml)
       end
@@ -96,7 +96,7 @@ module SkullIsland
 
       if output_file == '-'
         warn '[INFO] Outputting to STDOUT' if options['verbose']
-        STDOUT.puts output.to_yaml
+        $stdout.puts output.to_yaml
       else
         full_filename = File.expand_path(output_file)
         dirname = File.dirname(full_filename)
@@ -175,7 +175,7 @@ module SkullIsland
     def acquire_input(input_file, verbose = false)
       if input_file == '-'
         warn '[INFO] Reading from STDIN' if verbose
-        STDIN.read
+        $stdin.read
       else
         full_filename = File.expand_path(input_file)
         unless File.exist?(full_filename) && File.ftype(full_filename) == 'file'
@@ -191,7 +191,7 @@ module SkullIsland
     end
 
     def validate_config_version(version)
-      if version && ['1.1', '1.2', '1.4', '1.5', '2.0'].include?(version)
+      if version && ['1.1', '1.2', '1.4', '1.5', '2.0', '2.1', '2.2'].include?(version)
         validate_server_version
       elsif version && ['0.14', '1.0'].include?(version)
         warn '[CRITICAL] Config version is too old. Try `migrate` instead of `import`.'
@@ -213,8 +213,12 @@ module SkullIsland
 
     def validate_server_version
       server_version = SkullIsland::APIClient.about_service['version']
-      if server_version.match?(/^2.0/)
+      case server_version
+      when /^2.[12]/
         true
+      when /^2.0/
+        warn "[WARN] Older server version #{server_version} detected! " \
+             'You may encounter Service resource API exceptions.'
       else
         warn '[CRITICAL] Server version mismatch!'
         exit 1

data/lib/skull_island/helpers/meta.rb

@@ -44,7 +44,7 @@ module SkullIsland
       end
 
       def project=(project_id)
-        unless project_id.is_a?(String) && project_id.match?(/^[\w_\-\.~]+$/)
+        unless project_id.is_a?(String) && project_id.match?(/^[\w_\-.~]+$/)
           raise Exceptions::InvalidArguments, 'project'
         end
 

data/lib/skull_island/helpers/resource.rb

@@ -16,6 +16,8 @@ module SkullIsland
 
       # rubocop:disable Style/GuardClause
       # rubocop:disable Security/Eval
+      # The delayed_set method allows a second phase of Erb templating immediately
+      # before sending data to the API. This allows the `lookup` function to work dynamically
       def delayed_set(property, data, key = property.to_s)
         if data[key]
           value = recursive_erubi(data[key])
@@ -27,11 +29,12 @@ module SkullIsland
       end
 
       def recursive_erubi(data)
-        if data.is_a?(String)
+        case data
+        when String
           eval(Erubi::Engine.new(data).src)
-        elsif data.is_a?(Array)
+        when Array
           data.map { |item| recursive_erubi(item) }
-        elsif data.is_a?(Hash)
+        when Hash
           data.map { |k, v| [k, recursive_erubi(v)] }.to_h
         else
           data
@@ -72,7 +75,7 @@ module SkullIsland
       end
 
       def host_regex
-        /^(([\w]|[\w][\w\-]*[\w])\.)*([\w]|[\w][\w\-]*[\w])$/
+        /^((\w|\w[\w\-]*\w)\.)*(\w|\w[\w\-]*\w)$/
       end
 
       def id_property
@@ -87,9 +90,8 @@ module SkullIsland
         self.class.immutable?
       end
 
-      # rubocop:disable Metrics/CyclomaticComplexity
       # rubocop:disable Metrics/PerceivedComplexity
-      def import_update_or_skip(verbose: false, test: false, index:)
+      def import_update_or_skip(index:, verbose: false, test: false)
         if find_by_digest
           puts "[INFO] Skipping #{self.class} index #{index} (#{id})" if verbose
         elsif test
@@ -102,12 +104,16 @@ module SkullIsland
           puts "[ERR] Failed to save #{self.class} index #{index}"
         end
       end
-      # rubocop:enable Metrics/CyclomaticComplexity
+
       # rubocop:enable Metrics/PerceivedComplexity
 
       # Looks up IDs (and usually wraps them in a Hash)
       def lookup(type, value, raw = false)
         id_value = case type
+                   when :ca_certificate
+                     Resources::CACertificate.find(:name, value).id
+                   when :certificate
+                     Resources::Certificate.find(:name, value).id
                    when :consumer
                      Resources::Consumer.find(:username, value).id
                    when :route

data/lib/skull_island/resource.rb

@@ -57,9 +57,10 @@ module SkullIsland
         define_method(method_name) do |value|
           raise Exceptions::ImmutableModification if immutable?
 
-          if opts[:validate]
-            raise Exceptions::InvalidArguments, name unless send("validate_#{name}".to_sym, value)
+          if opts[:validate] && !send("validate_#{name}".to_sym, value)
+            raise Exceptions::InvalidArguments, name
           end
+
           @entity[name.to_s] = if opts[:preprocess]
                                  send("preprocess_#{name}".to_sym, value)
                                else

data/lib/skull_island/resource_collection.rb

@@ -161,9 +161,10 @@ module SkullIsland
     #   use #merge
     # @return [ResourceCollection]
     def +(other)
-      if other.is_a?(self.class)
+      case other
+      when self.class
         self.class.new(@list + other.to_a, type: @type, api_client: @api_client)
-      elsif other.is_a?(@type)
+      when @type
         self.class.new(@list + [other], type: @type, api_client: @api_client)
       else
         raise Exceptions::InvalidArguments
@@ -171,7 +172,7 @@ module SkullIsland
     end
 
     def <<(other)
-      raise Exceptions::InvalidArguments, 'Resource Type Mismatch' unless other.class == @type
+      raise Exceptions::InvalidArguments, 'Resource Type Mismatch' unless other.instance_of?(@type)
 
       @list << other
     end

data/lib/skull_island/resources/ca_certificate.rb

@@ -12,7 +12,10 @@ module SkullIsland
       property :cert, required: true, validate: true
       property :created_at, read_only: true, postprocess: true
       property :tags, validate: true, preprocess: true, postprocess: true
+      # property :name
 
+      # rubocop:disable Metrics/CyclomaticComplexity
+      # rubocop:disable Metrics/PerceivedComplexity
       def self.batch_import(data, verbose: false, test: false, project: nil, time: nil)
         raise(Exceptions::InvalidArguments) unless data.is_a?(Array)
 
@@ -22,6 +25,7 @@ module SkullIsland
           resource = new
           resource.delayed_set(:cert, resource_data)
           resource.tags = resource_data['tags'] if resource_data['tags']
+          resource.name = resource_data['name'] if resource_data['name']
           resource.project = project if project
           resource.import_time = (time || Time.now.utc.to_i) if project
           resource.import_update_or_skip(index: index, verbose: verbose, test: test)
@@ -32,10 +36,13 @@ module SkullIsland
 
         known_ids
       end
+      # rubocop:enable Metrics/CyclomaticComplexity
+      # rubocop:enable Metrics/PerceivedComplexity
 
       def export(options = {})
         hash = { 'cert' => cert }
         hash['tags'] = tags unless tags.empty?
+        hash['name'] = name if name
         [*options[:exclude]].each do |exclude|
           hash.delete(exclude.to_s)
         end
@@ -48,10 +55,19 @@ module SkullIsland
       def modified_existing?
         return false unless new?
 
-        # Find CA certs of the same cert
-        same_cert = self.class.where(:cert, cert)
+        # Find CA certs of the same "name"
+        if name
+          same_name = self.class.where(:name, name)
 
-        existing = same_cert.size == 1 ? same_cert.first : nil
+          existing = same_name.size == 1 ? same_name.first : nil
+        end
+
+        unless existing
+          # Find CA certs of the same cert
+          same_cert = self.class.where(:cert, cert)
+
+          existing = same_cert.size == 1 ? same_cert.first : nil
+        end
 
         if existing
           @entity['id'] = existing.id
@@ -61,6 +77,16 @@ module SkullIsland
         end
       end
 
+      # Simulates retrieving a #name property via a tag
+      def name
+        metatags['name']
+      end
+
+      # Simulates setting a #name property via a tag
+      def name=(value)
+        add_meta('name', value.to_s)
+      end
+
       private
 
       # Used to validate {#cert} on set

data/lib/skull_island/resources/certificate.rb

@@ -12,11 +12,12 @@ module SkullIsland
       property :cert, required: true, validate: true
       property :key, required: true, validate: true
       property :snis, validate: true
+      # property :name
       property :created_at, read_only: true, postprocess: true
       property :tags, validate: true, preprocess: true, postprocess: true
 
-      # rubocop:disable Metrics/CyclomaticComplexity
       # rubocop:disable Metrics/PerceivedComplexity
+      # rubocop:disable Metrics/CyclomaticComplexity
       def self.batch_import(data, verbose: false, test: false, project: nil, time: nil)
         raise(Exceptions::InvalidArguments) unless data.is_a?(Array)
 
@@ -28,6 +29,7 @@ module SkullIsland
           resource.delayed_set(:key, resource_data)
           resource.snis = resource_data['snis'] if resource_data['snis']
           resource.tags = resource_data['tags'] if resource_data['tags']
+          resource.name = resource_data['name'] if resource_data['name']
           resource.project = project if project
           resource.import_time = (time || Time.now.utc.to_i) if project
           resource.import_update_or_skip(index: index, verbose: verbose, test: test)
@@ -38,13 +40,15 @@ module SkullIsland
 
         known_ids
       end
-      # rubocop:enable Metrics/CyclomaticComplexity
       # rubocop:enable Metrics/PerceivedComplexity
+      # rubocop:enable Metrics/CyclomaticComplexity
 
+      # rubocop:disable Metrics/AbcSize
       def export(options = {})
         hash = { 'cert' => cert, 'key' => key }
         hash['snis'] = snis if snis && !snis.empty?
         hash['tags'] = tags unless tags.empty?
+        hash['name'] = name if name
         [*options[:exclude]].each do |exclude|
           hash.delete(exclude.to_s)
         end
@@ -53,14 +57,24 @@ module SkullIsland
         end
         hash.reject { |_, value| value.nil? }
       end
+      # rubocop:enable Metrics/AbcSize
 
       def modified_existing?
         return false unless new?
 
-        # Find certs of the same cert and key
-        same_key = self.class.where(:key, key)
+        # Find certs of the same "name"
+        if name
+          same_name = self.class.where(:name, name)
+
+          existing = same_name.size == 1 ? same_name.first : nil
+        end
+
+        unless existing
+          # Find certs of the same cert and key
+          same_key = self.class.where(:key, key)
 
-        existing = same_key.size == 1 ? same_key.first : nil
+          existing = same_key.size == 1 ? same_key.first : nil
+        end
 
         if existing
           @entity['id'] = existing.id
@@ -70,6 +84,16 @@ module SkullIsland
         end
       end
 
+      # Simulates retrieving a #name property via a tag
+      def name
+        metatags['name']
+      end
+
+      # Simulates setting a #name property via a tag
+      def name=(value)
+        add_meta('name', value.to_s)
+      end
+
       private
 
       # Used to validate {#cert} on set

data/lib/skull_island/resources/consumer.rb

@@ -60,7 +60,7 @@ module SkullIsland
 
           known_acls = AccessControlList.batch_import(
             (
-              resource_data.dig('acls') || []
+              resource_data['acls'] || []
             ).map { |t| t.merge('consumer' => { 'id' => resource.id }) },
             verbose: verbose,
             test: test
@@ -105,9 +105,10 @@ module SkullIsland
       end
 
       def add_acl!(details)
-        r = if details.is_a?(AccessControlList)
+        r = case details
+            when AccessControlList
               details
-            elsif details.is_a?(String)
+            when String
               resource = AccessControlList.new(api_client: api_client)
               resource.group = details
               resource
@@ -164,6 +165,7 @@ module SkullIsland
         Plugin.where(:consumer, self, api_client: api_client)
       end
 
+      # rubocop:disable Metrics/AbcSize
       def export(options = {})
         hash = { 'username' => username, 'custom_id' => custom_id }
         creds = credentials_for_export
@@ -178,6 +180,7 @@ module SkullIsland
         end
         hash.reject { |_, value| value.nil? }
       end
+      # rubocop:enable Metrics/AbcSize
 
       def modified_existing?
         return false unless new?

data/lib/skull_island/resources/jwt_credential.rb

@@ -48,6 +48,7 @@ module SkullIsland
         consumer ? "#{consumer.relative_uri}/jwt" : nil
       end
 
+      # rubocop:disable Metrics/AbcSize
       def export(options = {})
         hash = { 'algorithm' => algorithm }
         hash['key'] = key if key
@@ -62,6 +63,7 @@ module SkullIsland
         end
         hash.reject { |_, value| value.nil? }
       end
+      # rubocop:enable Metrics/AbcSize
 
       # Keys can't be updated, only created or deleted
       def modified_existing?

data/lib/skull_island/resources/plugin.rb

@@ -21,6 +21,7 @@ module SkullIsland
 
       # rubocop:disable Metrics/CyclomaticComplexity
       # rubocop:disable Metrics/PerceivedComplexity
+      # rubocop:disable Metrics/AbcSize
       def self.batch_import(data, verbose: false, test: false, project: nil, time: nil)
         raise(Exceptions::InvalidArguments) unless data.is_a?(Array)
 
@@ -48,6 +49,7 @@ module SkullIsland
       end
       # rubocop:enable Metrics/CyclomaticComplexity
       # rubocop:enable Metrics/PerceivedComplexity
+      # rubocop:enable Metrics/AbcSize
 
       def self.enabled_names(api_client: APIClient.instance)
         api_client.get("#{relative_uri}/enabled")['enabled_plugins']
@@ -123,14 +125,15 @@ module SkullIsland
       end
 
       def postprocess_consumer(value)
-        if value.is_a?(Hash)
+        case value
+        when Hash
           Consumer.new(
             entity: value,
             lazy: true,
             tainted: false,
             api_client: api_client
           )
-        elsif value.is_a?(String)
+        when String
           Consumer.new(
             entity: { 'id' => value },
             lazy: true,
@@ -143,9 +146,10 @@ module SkullIsland
       end
 
       def preprocess_consumer(input)
-        if input.is_a?(Hash)
+        case input
+        when Hash
           input
-        elsif input.is_a?(Consumer)
+        when Consumer
           { 'id' => input.id }
         else
           input
@@ -153,14 +157,15 @@ module SkullIsland
       end
 
       def postprocess_route(value)
-        if value.is_a?(Hash)
+        case value
+        when Hash
           Route.new(
             entity: value,
             lazy: true,
             tainted: false,
             api_client: api_client
           )
-        elsif value.is_a?(String)
+        when String
           Route.new(
             entity: { 'id' => value },
             lazy: true,
@@ -173,9 +178,10 @@ module SkullIsland
       end
 
       def preprocess_route(input)
-        if input.is_a?(Hash)
+        case input
+        when Hash
           input
-        elsif input.is_a?(Route)
+        when Route
           { 'id' => input.id }
         else
           input
@@ -183,14 +189,15 @@ module SkullIsland
       end
 
       def postprocess_service(value)
-        if value.is_a?(Hash)
+        case value
+        when Hash
           Service.new(
             entity: value,
             lazy: true,
             tainted: false,
             api_client: api_client
           )
-        elsif value.is_a?(String)
+        when String
           Service.new(
             entity: { 'id' => value },
             lazy: true,
@@ -203,9 +210,10 @@ module SkullIsland
       end
 
       def preprocess_service(input)
-        if input.is_a?(Hash)
+        case input
+        when Hash
           input
-        elsif input.is_a?(Service)
+        when Service
           { 'id' => input.id }
         else
           input

data/lib/skull_island/resources/route.rb

@@ -74,6 +74,8 @@ module SkullIsland
         Plugin.where(:route, self, api_client: api_client)
       end
 
+      # rubocop:disable Metrics/CyclomaticComplexity
+      # rubocop:disable Metrics/PerceivedComplexity
       # rubocop:disable Metrics/AbcSize
       def export(options = {})
         hash = {
@@ -99,6 +101,8 @@ module SkullIsland
         end
         hash.reject { |_, value| value.nil? }
       end
+      # rubocop:enable Metrics/CyclomaticComplexity
+      # rubocop:enable Metrics/PerceivedComplexity
       # rubocop:enable Metrics/AbcSize
 
       def modified_existing?

data/lib/skull_island/resources/service.rb

@@ -10,14 +10,16 @@ module SkullIsland
       include Helpers::Meta
 
       property :name
-      property :retries
+      property :retries,            validate: true
       property :protocol,           validate: true, required: true
       property :host,               validate: true, required: true
       property :port,               validate: true, required: true
+      property :tls_verify,         type: :boolean
       property :path
       property :connect_timeout,    validate: true
       property :write_timeout,      validate: true
       property :read_timeout,       validate: true
+      property :ca_certificates,    validate: true, preprocess: true, postprocess: true
       property :client_certificate, validate: true, preprocess: true, postprocess: true
       property :created_at, read_only: true, postprocess: true
       property :updated_at, read_only: true, postprocess: true
@@ -42,7 +44,9 @@ module SkullIsland
           resource.connect_timeout = rdata['connect_timeout'] if rdata['connect_timeout']
           resource.write_timeout = rdata['write_timeout'] if rdata['write_timeout']
           resource.read_timeout = rdata['read_timeout'] if rdata['read_timeout']
+          resource.tls_verify = rdata['tls_verify'] if rdata['tls_verify']
           resource.delayed_set(:client_certificate, rdata) if rdata['client_certificate']
+          resource.delayed_set(:ca_certificates, rdata) if rdata['ca_certificates']
           resource.tags = rdata['tags'] if rdata['tags']
           resource.project = project if project
           resource.import_time = (time || Time.now.utc.to_i) if project
@@ -94,6 +98,8 @@ module SkullIsland
         Plugin.where(:service, self, api_client: api_client)
       end
 
+      # rubocop:disable Metrics/CyclomaticComplexity
+      # rubocop:disable Metrics/PerceivedComplexity
       # rubocop:disable Metrics/AbcSize
       def export(options = {})
         hash = {
@@ -109,7 +115,15 @@ module SkullIsland
         }
         hash['routes'] = routes.collect { |route| route.export(exclude: 'service') }
         hash['tags'] = tags unless tags.empty?
-        hash['client_certificate'] = client_certificate if client_certificate
+        if client_certificate&.name
+          hash['client_certificate'] = "<%= lookup :certificate, '#{client_certificate.name}' %>"
+        elsif client_certificate
+          hash['client_certificate'] = { 'id' => client_certificate.id }
+        end
+        if ca_certificates && !ca_certificates.empty?
+          hash['ca_certificates'] = export_ca_certificates
+        end
+        hash['tls_verify'] = tls_verify if [true, false].include?(tls_verify)
         [*options[:exclude]].each do |exclude|
           hash.delete(exclude.to_s)
         end
@@ -118,6 +132,8 @@ module SkullIsland
         end
         hash.reject { |_, value| value.nil? }
       end
+      # rubocop:enable Metrics/CyclomaticComplexity
+      # rubocop:enable Metrics/PerceivedComplexity
       # rubocop:enable Metrics/AbcSize
 
       def modified_existing?
@@ -153,6 +169,33 @@ module SkullIsland
 
       private
 
+      def export_ca_certificates
+        ca_certificates.map do |cacert|
+          cacert.name ? "<%= lookup :ca_certificate, '#{cacert.name}', raw: true %>" : cacert.id
+        end
+      end
+
+      def postprocess_ca_certificates(value)
+        if value.respond_to?(:to_a)
+          value.to_a.map do |cacert|
+            CACertificate.new(
+              entity: { 'id' => cacert },
+              lazy: true,
+              tainted: false,
+              api_client: api_client
+            )
+          end
+        else
+          value
+        end
+      end
+
+      def preprocess_ca_certificates(input)
+        input.to_a.map do |cacert|
+          cacert.is_a?(String) ? cacert : cacert.id
+        end
+      end
+
       def postprocess_client_certificate(value)
         if value.is_a?(Hash)
           Certificate.new(
@@ -167,13 +210,31 @@ module SkullIsland
       end
 
       def preprocess_client_certificate(input)
-        if input.is_a?(Hash)
+        case input
+        when Hash
           input
+        when String
+          { 'id' => input }
         else
           { 'id' => input.id }
         end
       end
 
+      # Validates {#ca_certificates} on set
+      def validate_ca_certificates(value)
+        # only Arrays (or Enumarables) are supported
+        return false unless value.is_a?(Array) || value.respond_to?(:to_a)
+
+        # Can only contain a array of Strings or CACertificates
+        value.to_a.reject { |v| v.is_a?(String) || v.is_a?(CACertificate) }.empty?
+      end
+
+      # Used to validate {#client_certificate} on set
+      def validate_client_certificate(value)
+        # only Strings, Hashes, or Certificates are allowed
+        value.is_a?(String) || value.is_a?(Hash) || value.is_a?(Certificate)
+      end
+
       # Used to validate {#protocol} on set
       def validate_protocol(value)
         # only HTTP and HTTPS are allowed
@@ -192,6 +253,12 @@ module SkullIsland
         value.is_a?(Integer) && value.positive? && (1...65_535).cover?(value)
       end
 
+      # Used to validate {#retries} on set
+      def validate_retries(value)
+        # only positive Integers of the right value are allowed
+        value.is_a?(Integer) && value.positive? && (1...65_535).cover?(value)
+      end
+
       # Used to validate {#connect_timeout} on set
       def validate_connect_timeout(value)
         # only positive Integers are allowed

data/lib/skull_island/resources/upstream_target.rb

@@ -51,7 +51,7 @@ module SkullIsland
       end
 
       def self.get(id, options = {})
-        if options[:upstream]&.is_a?(Upstream)
+        if options[:upstream].is_a?(Upstream)
           options[:upstream].target(id)
         elsif options[:upstream]
           upstream_opts = options.merge(lazy: true)
@@ -108,9 +108,10 @@ module SkullIsland
       end
 
       def preprocess_upstream(input)
-        if input.is_a?(Hash)
+        case input
+        when Hash
           input
-        elsif input.is_a?(String)
+        when String
           { 'id' => input }
         else
           { 'id' => input.id }

data/lib/skull_island/validations/api_client.rb

@@ -34,7 +34,7 @@ module SkullIsland
         valid = name.is_a? String
         begin
           u = URI.parse(name)
-          valid = false unless u.class == URI::HTTP || u.class == URI::HTTPS
+          valid = false unless u.is_a?(URI::HTTP) || u.is_a?(URI::HTTPS)
         rescue URI::InvalidURIError
           valid = false
         end

data/lib/skull_island/validations/resource.rb

@@ -24,7 +24,7 @@ module SkullIsland
       def validate_tags(value)
         # allow only valid hostnames
         value.each do |tag|
-          return false unless tag.is_a?(String) && tag.match?(/^[\w_\-\.~]+$/)
+          return false unless tag.is_a?(String) && tag.match?(/^[\w_\-.~]+$/)
         end
         true
       end

data/lib/skull_island/version.rb

@@ -3,7 +3,7 @@
 module SkullIsland
   VERSION = [
     2, # Major
-    0, # Minor
-    5  # Patch
+    2, # Minor
+    0  # Patch
   ].join('.')
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: skull_island
 version: !ruby/object:Gem::Version
-  version: 2.0.5
+  version: 2.2.0
 platform: ruby
 authors:
 - Jonathan Gnagy
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-12-02 00:00:00.000000000 Z
+date: 2020-12-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: deepsort