soar-registry-staff 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d667963b213a8c1f8bfac707cd214818eb33e591
+  data.tar.gz: 3ce77a63e9ec45a7e84ecbef40891526c2557d3d
+SHA512:
+  metadata.gz: 40202401ddea924599085587392e84cdfb10263a640e3980ddd6347cd4729d9bffac46013c9a5bbd502a405eacd9f07c5f7a388708a8a0a18aa42876c8f26643
+  data.tar.gz: b345267177081bba7e8b69d3b7cf1c79b3ee5ec9853617e9b62bf94b84f6c0a8a6a5f5cf18fe05f1ffa378af30cf08ba0ff13ba320a913b00d7ec48a573dfa1b

data/README.md

@@ -0,0 +1,132 @@
+# Registry of staff identities
+Allows you to query staff identities using the idm api.
+
+*Please note:* Querying staff entities requires a different idr just for entities.
+
+## Quickstart
+
+### Required configuration
+See config/config.yml
+```yaml
+rule_set:
+  adaptor: 'Soar::Registry::Staff::Translator::DynamoDb'
+provider:
+  adaptor: 'Soar::Registry::Staff::Directory::DynamoDb::Identity'
+  config: 
+    table: 'identities'
+    region: 'us-west-2'
+    endpoint: 'http://localhost:8000'
+  credentials:
+    username: 'username'
+    password: 'secret'
+```
+
+### Create an instance of the staff identity registry
+```ruby
+@idr = Soar::Registry::Staff::Identity.new(configuration)
+```
+
+### Getting a list of identifiers
+```ruby
+> identifiers = @idr.get_identifiers( {"email" => "admin@hetzner.co.za"} ) 
+> identifiers = @idr.get_identifiers( {"identity_id" => "identity-820d5660-2204-4f7d-8c04-746313439b81"} ) 
+> puts identifiers.inspect
+["admin@hetzner.co.za", "identity-820d5660-2204-4f7d-8c04-746313439b81"]
+```
+
+### Getting a list of roles
+```ruby
+> roles = @idr.get_roles( {"email" => "admin@hetzner.co.za"} )
+> roles = @idr.get_roles( {"identity_id" => "identity-820d5660-2204-4f7d-8c04-746313439b81"} )
+> puts roles.inspect
+["staff", "configuration_publisher", "configuration_consumer"]
+```
+
+### Getting a hash of attributes for a role 
+```ruby
+> role = 'staff'
+> attributes = @idr.get_attributes( {"email" => "admin@hetzner.co.za"}, role)
+> attributes = @idr.get_attributes( {"identity_id" => "identity-820d5660-2204-4f7d-8c04-746313439b81"}, role )
+> puts attributes.inspect
+{
+    "staff": {
+        "department": "technical"
+    }
+}
+
+```
+
+### Getting a hash of all attributes
+```ruby
+> attributes = @idr.get_attributes( {"email" => "admin@hetzner.co.za"} )
+> attributes = @idr.get_attributes( {"identity_id" => "identity-820d5660-2204-4f7d-8c04-746313439b81"} )
+> puts attributes.inspect
+{
+    "identity_id" => "identity-820d5660-2204-4f7d-8c04-746313439b81",
+    "entity_id"=> "entity-bad85eb9-0713-4da7-8d36-07a8e4b00eab",
+    "email"=> "admin@hetzner.co.za",
+    "roles"=> {
+        "staff"=> {},
+        "configuration_publisher"=> {
+            "configuration_identifiers"=> ["*"]
+        },
+        "configuration_consumer"=> {
+            "configuration_identifiers"=> ["*"]
+        }
+    },
+    "address"=> {
+        "detail"=> "Belvedere Office Park, Unit F",
+        "street"=> "Bella Rosa Street",
+        "suburb"=> "Tygervalley",
+        "city"=> "Durbanville",
+        "postal"=> "7550"
+    }
+}
+```
+
+## Tests
+
+### Quicktest
+```
+$ docker-compose --file docker-compose.test.yml  up --abort-on-container-exit --remove-orphans 
+```
+
+### CI
+*NB:* container_name in docker-compose.ci.yml corresponds with name parameter of docker ps command in below bash script.
+```bash
+#!/bin/bash
+docker-compose --file docker-compose.test.yml up --build --abort-on-container-exit --remove-orphans --force-recreate;
+EXIT_CODE=$(docker ps -a -f "name=soar-registry-staff" -q | xargs docker inspect -f "{{ .State.ExitCode }}");
+exit $EXIT_CODE;
+```
+
+### Unit tests
+
+#### Run dynamodb
+```
+$ docker-compose up 
+```
+
+#### Open another terminal and run:
+```
+$ sudo -H pip install awscli
+$ aws configure
+$ bundle
+$ rspec
+```
+
+### Useful commands:
+```
+$ aws dynamodb list-tables --endpoint-url http://localhost:8000
+$ aws dynamodb delete-table --table-name identities --endpoint-url http://localhost:8000
+```
+
+## Resources
+* [DynamoDBLocal](http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DynamoDBLocal.html)
+* [Multiple AWS Credentials](https://blogs.aws.amazon.com/security/post/Tx3D6U6WSFGOK2H/A-New-and-Standardized-Way-to-Manage-Credentials-in-the-AWS-SDKs)
+* [AWS SDK for Ruby](http://docs.aws.amazon.com/amazondynamodb/latest/gettingstartedguide/GettingStarted.Ruby.html)
+
+## References
+* [soar idm](https://github.hetzner.co.za/hetznerZA/soar_idm/blob/master/lib/soar_idm/soar_idm.rb)
+* [Domain analysis](https://docs.google.com/a/hetzner.co.za/drawings/d/1vGdzjKPD3gzn1e0bsC4liFCyxY31Qjjxe3y41beVBzw/edit?usp=sharing)
+* [staff idr](https://github.hetzner.co.za/hetznerZA/idr_staff/blob/master/idr_staff/lib/idr_staff/staff_idr.rb)

data/lib/soar/registry/staff/directory/dynamo_db/base.rb

@@ -0,0 +1,86 @@
+require 'soar_idm/directory_provider'
+require 'aws-sdk'
+require 'hashie'
+require 'soar/registry/staff/directory/error'
+
+module Soar
+  module Registry
+    module Staff
+      module Directory
+        module DynamoDb
+          class Base < SoarIdm::DirectoryProvider
+
+            attr_reader :configuration, :credentials, :client
+
+            ##
+            # @param [Hash] configuration for the directory provider
+            # @return [Nil]
+            # @raise [Soar::Registry::Staff::Directory::Error::BootstrapError] if required configuration is missing
+            ##
+            def bootstrap(configuration)
+              @configuration = Hashie.stringify_keys(configuration)
+              raise Soar::Registry::Staff::Directory::Error::BootstrapError, 'Missing region' if not @configuration.has_key?('region')
+              raise Soar::Registry::Staff::Directory::Error::BootstrapError, 'Missing endpoint' if not @configuration.has_key?('endpoint')
+              @table_name = @configuration.delete('table')
+              raise Soar::Registry::Staff::Directory::Error::BootstrapError, 'Missing table name' if not @table_name
+            end
+
+            ##
+            # @return [Bool] whether directory provider received minimum required configuration
+            ##
+            def bootstrapped?
+              @configuration.has_key?('region') and @configuration.has_key?('endpoint') 
+            end
+
+            def uri
+              @configuration['endpoint']
+            end
+
+            def authenticate(credentials)
+              raise Soar::Registry::Staff::Directory::Error::AuthenticationError, 'missing username' if not credentials.key?('username')
+              raise Soar::Registry::Staff::Directory::Error::AuthenticationError, 'missing password' if not credentials.key?('password')
+              @credentials = {
+                "access_key_id" => credentials['username'],
+                "secret_access_key" => credentials['password']
+              }
+            end
+
+            def connect
+              begin
+                options = @configuration.dup
+                options['credentials'] = Aws::Credentials.new(@credentials['access_key_id'], @credentials['secret_access_key'])
+                @client = Aws::DynamoDB::Client.new(Hashie.symbolize_keys(options))
+                @client
+              rescue ArgumentError => e
+                raise Soar::Registry::Staff::Directory::Error::ConnectionError, e.message 
+              rescue 
+                raise Soar::Registry::Staff::Directory::Error::ConnectionError, 'error creating client'
+              end
+
+            end
+
+            def connected?
+              return @client.class.name == 'Aws::DynamoDB::Client'
+            end
+
+            def ready?
+              begin
+                return @client.list_tables.table_names.class.name == 'Array'
+              rescue Seahorse::Client::NetworkingError
+                return false
+              end
+            end
+
+            def put_identity(entity)
+              @client.put_item({
+                table_name: @table_name,
+                item: Hashie.symbolize_keys(entity)
+              })
+            end
+
+          end
+        end
+      end
+    end
+  end
+end

data/lib/soar/registry/staff/directory/dynamo_db/identity.rb

@@ -0,0 +1,83 @@
+require 'soar_idm/directory_provider'
+require 'soar/registry/staff/directory/dynamo_db/base'
+require 'aws-sdk'
+require 'hashie'
+
+module Soar
+  module Registry
+    module Staff
+      module Directory
+        module DynamoDb
+          class Identity < Base
+
+            LIMIT = 10
+            INDEXED_ATTRIBUTES = ['email', 'entity_id']
+
+            ##
+            # @param [String] identity_id primary key of the identity
+            # @return [Hash] the identity
+            # @raise [Soar::Registry::Staff::Directory::DynamoDb::Error::UniqueIdentifierNotFoundError] if primary key not found
+            ##
+            def fetch_identity(identifier)
+              options = {
+                table_name: @table_name,
+                key: {
+                  identity_id: identifier
+                }
+              }
+              identity = @client.get_item(options)
+              raise Soar::Registry::Staff::Directory::Error::UniqueIdentifierNotFoundError, 'Unable to find identity' if identity.item.nil?
+              identity.item
+            end
+
+            ##
+            # @param [String] identifier_attribute 
+            # @param [String] identifier_value
+            # @return [Array] list of identities
+            # @raise [ArgumentError] if query or index is not specified
+            ##
+            def search_identities(identifier_attribute, identifier_value)
+              raise ArgumentError, "Attribute is required" if identifier_attribute.nil?
+              raise ArgumentError, 'Value is required' if identifier_value.nil?
+              options = {
+                table_name: @table_name,
+                select: 'ALL_ATTRIBUTES',
+                limit: LIMIT,
+                key_condition_expression: "#{identifier_attribute} = :value",
+                expression_attribute_values: {
+                  ":value": identifier_value 
+                }
+              }
+
+              options.merge!({index_name: "#{identifier_attribute}_index"}) if INDEXED_ATTRIBUTES.include?(identifier_attribute)
+              identity = @client.query(options)
+              identity.items.map { |item| 
+                Hashie.stringify_keys(item)
+              }
+            end
+
+            ##
+            # @return [Array] a list of primary keys and global secondary indexes
+            ##
+            def indexed_attributes
+              resp = @client.describe_table({
+                table_name: @table_name
+              })
+              indexed_attributes = []
+              resp['table']['key_schema'].each { |key_schema|
+                indexed_attributes << key_schema['attribute_name']
+              }
+              resp['table']['global_secondary_indexes'].each { |index| 
+                index['key_schema'].each { |key_schema| 
+                  indexed_attributes << key_schema['attribute_name']
+                }
+              }
+              indexed_attributes
+            end
+
+          end
+        end
+      end
+    end
+  end
+end

data/lib/soar/registry/staff/directory/error.rb

@@ -0,0 +1,19 @@
+module Soar
+  module Registry
+    module Staff
+      module Directory
+        module Error
+          class BootstrapError < StandardError; end;
+          class AuthenticationError < StandardError; end;
+          class CommunicationError < StandardError; end;
+          class ConnectionError < StandardError; end;
+          class NotReadyError < StandardError; end;
+          class UniqueIdentifierNotFoundError < StandardError; end;
+          class MissingIndexError < StandardError; end;
+          class MissingQueryError < StandardError; end;
+          class UniqueIdentifierNotFound < StandardError; end;
+        end
+      end
+    end
+  end
+end

data/lib/soar/registry/staff/identity.rb

@@ -0,0 +1,90 @@
+require 'soar_idm/soar_idm'
+require 'soar/registry/staff/translator/dynamo_db'
+require 'soar/registry/staff/directory/dynamo_db/identity'
+
+module Soar
+  module Registry
+    module Staff
+
+      class Identity < SoarIdm::IdmApi
+
+        attr_reader :directory
+        attr_reader :translator
+        attr_reader :client
+
+        ##
+        # @param [Hash] configuration
+        #   for example see config/config.yml
+        ##
+        def initialize(configuration)
+          @translator = Object.const_get(configuration['rule_set']['adaptor']).new
+          @directory = Object::const_get(configuration['provider']['adaptor']).new
+          @directory.bootstrap(configuration['provider']['config'])
+          @directory.authenticate(configuration['provider']['credentials'])
+          @client = @directory.connect
+          raise Soar::Registry::Staff::Directory::Error::BootstrapError if not @directory.bootstrapped? 
+          raise Soar::Registry::Staff::Directory::Error::ConnectionError if not @directory.connected?
+          raise Soar::Registry::Staff::Directory::Error::NotReadyError if not @directory.ready?
+        end
+
+        ##
+        # @param [String] identity_id
+        # @return [Array] list of roles
+        def calculate_roles(identity_id)
+          entry = @directory.fetch_identity(identity_id)
+          return nil if not entry
+          identity = @translator.get_identity(entry)
+          roles = []
+          identity['roles'].each do |role, attributes|
+            roles << role
+          end
+          roles
+        end
+
+        ##
+        # @param [String] identity_id
+        # @return [Array] list of identifiers
+        ##
+        def calculate_identifiers(identity_id)
+          indexes = @directory.indexed_attributes
+          entry = @directory.fetch_identity(identity_id)
+          identity = @translator.get_identity(entry)
+          identifiers = []
+          indexes.each { |index| 
+            identifiers << identity[index]
+          }
+          identifiers
+        end
+
+        ## 
+        # @param [String] identity_id
+        # @param [String] role
+        # @return [Hash] A hash of attributes 
+        def calculate_attributes(identity_id, role)
+          entry = @directory.fetch_identity(identity_id)
+          return nil if not entry
+          identity = @translator.get_identity(entry)
+          { role => identity['roles'][role] }
+        end 
+
+        ##
+        # @param [String] identity_id
+        # @return [Hash] Hash of attributes keyed by role
+        def calculate_all_attributes(identity_id)
+          entry = @directory.fetch_identity(identity_id)
+          @translator.get_identity(entry)
+        end
+
+        ##
+        # @param [Hash] identifier containing attribute name and attribute value
+        # @return [Array]
+        def calculate_identities(identifier)
+          identifier = @translator.get_identifier(identifier)
+          entries = @directory.search_identities(identifier.keys[0], identifier[identifier.keys[0]] )
+          [@translator.get_identity(entries)[0]['identity_id']]
+        end
+
+      end
+    end
+  end
+end

data/lib/soar/registry/staff/translator/dynamo_db.rb

@@ -0,0 +1,34 @@
+module Soar
+  module Registry
+    module Staff
+      module Translator
+        class DynamoDb
+
+          ##
+          # @param [Hash] entry a single entry from datasource
+          # @returns [Hash] identity a single identity
+          ##
+          def get_identity(entry)
+            return entry
+          end
+
+          ##
+          # @param [Array] entries a list of entries from data source
+          # @return [Array] identities a list of identities
+          ##
+          def get_identities(entries)
+            return entries
+          end
+
+          ##
+          # @param [String|Hash] identifier could be a json string or a ruby hash
+          # @return [Hash] identifier with identifying attribute key and attribute value
+          ##
+          def get_identifier(identifier)
+            identifier.is_a?(Hash) ? identifier : JSON.parse(identifier)
+          end
+        end
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,123 @@
+--- !ruby/object:Gem::Specification
+name: soar-registry-staff
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Charles Mulder
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-10-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: soar_idm
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.2
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.6.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.6.6
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.6.11
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.6.11
+- !ruby/object:Gem::Dependency
+  name: hashie
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.4.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.4.6
+description: Registry of staff identities and entities
+email: charles.mulder@hetzner.co.za
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- lib/soar/registry/staff/directory/dynamo_db/base.rb
+- lib/soar/registry/staff/directory/dynamo_db/identity.rb
+- lib/soar/registry/staff/directory/error.rb
+- lib/soar/registry/staff/identity.rb
+- lib/soar/registry/staff/translator/dynamo_db.rb
+homepage: https://gitlab.host-h.net/registries/staff
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Staff Registry
+test_files: []