soar-registry-staff 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b870c2449a793ab6ce47a3b265be8eecd6f7d688
-  data.tar.gz: dcab46f89e3425a949580f83a78f00ab240953fc
+  metadata.gz: 7f6b422c48fd608fa4d16edd4393b0a8113eed41
+  data.tar.gz: 9b63627ed150163f5862a36308068766d3e8c992
 SHA512:
-  metadata.gz: 152fa38f09839258442d7e73b4f2a18124786d40f8770d4bc174c690e8efeb20afc386eca7851d4d2e92cf5e5eef4aaa2514edf4749ca63f334cbecca626b13e
-  data.tar.gz: d8f7afdcbdf5607a9997d58a3b539e39e04a99afe144d5adaa0f4d9da5a8500b598147af83b458e4a05a05a17e0c8af477b48fde474620087755a73ce4b51c11
+  metadata.gz: 3cb61fbda6f6f42a5b3a3341ff6b9bd639cd7e4e37dc6cc1de1e8a3b997ecae65ed122b60dcf359caa6b1e0767469e25ace0cec7925cf45d871e87527c656d2a
+  data.tar.gz: 6aa66da6cd94c508c16552f36bab9c179e69ef32ba5bf74479d66f6ee69ab0302d52763f8d46873a560d4aa448e928d5a65924ea4c16b34c5227b9ed9f6b1b8e

data/README.md

@@ -1,7 +1,5 @@
 # Registry of staff identities
-Allows you to query staff identities using the idm api.
-
-*Please note:* Querying staff entities requires a different idr just for entities.
+Allows you to find staff identities by id using *Soar::Registry::Staff::Identity::Id* or email *Soar::Registry::Staff::Identity::Email*
 
 ## Quickstart
 
@@ -21,26 +19,31 @@ provider:
     password: 'secret'
 ```
 
-### Create an instance of the staff identity registry
+### Create an instance of the chosen staff identity registry
+
+#### Find by id
+```ruby
+require 'soar/registry/staff/identity/id'
+@id_idr = Soar::Registry::Staff::Identity::Id.new(configuration)
+```
+#### Find by email
 ```ruby
-require 'soar/registry/staff/identity'
-@idr = Soar::Registry::Staff::Identity.new(configuration)
+require 'soar/registry/staff/identity/email'
+@email_idr = Soar::Registry::Staff::Identity::Email.new(configuration)
 ```
 
 ### Getting a list of identifiers
 ```ruby
-> identifiers = @idr.get_identifiers("identity-820d5660-2204-4f7d-8c04-746313439b81") 
-> identifiers = @idr.get_identifiers({"email" => "admin@hetzner.co.za"}.to_json) 
-> identifiers = @idr.get_identifiers({"identity_id" => "identity-820d5660-2204-4f7d-8c04-746313439b81"}.to_json) 
+> identifiers = @id_idr.get_identifiers("identity-820d5660-2204-4f7d-8c04-746313439b81") 
+> identifiers = @email_idr.get_identifiers("admin@hetzner.co.za") 
 > puts identifiers.inspect
 ["admin@hetzner.co.za", "identity-820d5660-2204-4f7d-8c04-746313439b81"]
 ```
 
 ### Getting a list of roles
 ```ruby
-> roles = @idr.get_roles("identity-820d5660-2204-4f7d-8c04-746313439b81")
-> roles = @idr.get_roles({"email" => "admin@hetzner.co.za"}.to_json)
-> roles = @idr.get_roles({"identity_id" => "identity-820d5660-2204-4f7d-8c04-746313439b81"}.to_json)
+> roles = @id_idr.get_roles("identity-820d5660-2204-4f7d-8c04-746313439b81")
+> roles = @email_idr.get_roles("admin@hetzner.co.za")
 > puts roles.inspect
 ["staff", "configuration_publisher", "configuration_consumer"]
 ```
@@ -48,9 +51,8 @@ require 'soar/registry/staff/identity'
 ### Getting a hash of attributes for a role 
 ```ruby
 > role = 'staff'
-> attributes = @idr.get_attributes("identity-820d5660-2204-4f7d-8c04-746313439b81", role)
-> attributes = @idr.get_attributes({"email" => "admin@hetzner.co.za"}.to_json, role)
-> attributes = @idr.get_attributes({"identity_id" => "identity-820d5660-2204-4f7d-8c04-746313439b81"}.to_json, role)
+> attributes = @id_idr.get_attributes("identity-820d5660-2204-4f7d-8c04-746313439b81", role)
+> attributes = @email_idr.get_attributes("admin@hetzner.co.za", role)
 > puts attributes.inspect
 {
     "staff": {
@@ -62,9 +64,8 @@ require 'soar/registry/staff/identity'
 
 ### Getting a hash of all attributes
 ```ruby
-> attributes = @idr.get_attributes("identity-820d5660-2204-4f7d-8c04-746313439b81")
-> attributes = @idr.get_attributes({"email" => "admin@hetzner.co.za"}.to_json)
-> attributes = @idr.get_attributes({"identity_id" => "identity-820d5660-2204-4f7d-8c04-746313439b81"}.to_json)
+> attributes = @id_idr.get_attributes("identity-820d5660-2204-4f7d-8c04-746313439b81")
+> attributes = @email_idr.get_attributes("admin@hetzner.co.za")
 > puts attributes.inspect
 {
     "identity_id" => "identity-820d5660-2204-4f7d-8c04-746313439b81",
@@ -89,38 +90,30 @@ require 'soar/registry/staff/identity'
 }
 ```
 
-## Tests
 
-### Quicktest
+## Quicktest
+
+### Local Stub 
+```bash
+TEST_ORCHESTRATION_PROVIDER=Stub rspec
+```
+
+### DynamoDb
 ```
-$ docker-compose --file docker-compose.test.yml  up --abort-on-container-exit --remove-orphans 
+$ TEST_ORCHESTRATION_PROVIDER=DynamoDb docker-compose --file docker-compose.test.yml  up --abort-on-container-exit --remove-orphans 
 ```
 
 ### CI
 *NB:* container_name in docker-compose.ci.yml corresponds with name parameter of docker ps command in below bash script.
 ```bash
 #!/bin/bash
-docker-compose --file docker-compose.test.yml up --build --abort-on-container-exit --remove-orphans --force-recreate;
+TEST_ORCHESTRATION_PROVIDER=DynamoDb docker-compose --file docker-compose.test.yml up --build --abort-on-container-exit --remove-orphans --force-recreate;
 EXIT_CODE=$(docker ps -a -f "name=soar-registry-staff" -q | xargs docker inspect -f "{{ .State.ExitCode }}");
 exit $EXIT_CODE;
 ```
 
-### Unit tests
-
-#### Run dynamodb
-```
-$ docker-compose up 
-```
-
-#### Open another terminal and run:
-```
-$ sudo -H pip install awscli
-$ aws configure
-$ bundle
-$ rspec
-```
 
-### Useful commands:
+## Useful commands:
 ```
 $ aws dynamodb list-tables --endpoint-url http://localhost:8000
 $ aws dynamodb delete-table --table-name identities --endpoint-url http://localhost:8000

data/lib/soar/registry/staff/directory/dynamo_db.rb

@@ -0,0 +1,151 @@
+require 'soar_idm/directory_provider'
+require 'aws-sdk'
+require 'hashie'
+
+module Soar
+  module Registry
+    module Staff
+      module Directory
+        class DynamoDb < SoarIdm::DirectoryProvider
+
+          LIMIT = 10
+          INDEXED_ATTRIBUTES = ['email', 'entity_id']
+
+          attr_reader :configuration, :credentials, :client
+
+          ##
+          # @param [Hash] configuration for the directory provider
+          # @return [Nil]
+          # @raise [Soar::Registry::Staff::Directory::Error::BootstrapError] if required configuration is missing
+          ##
+          def bootstrap(configuration)
+            @configuration = Hashie.stringify_keys(configuration)
+            raise Soar::Registry::Staff::Directory::Error::BootstrapError, 'Missing region' if not @configuration.has_key?('region')
+            raise Soar::Registry::Staff::Directory::Error::BootstrapError, 'Missing endpoint' if not @configuration.has_key?('endpoint')
+            @table_name = @configuration.delete('table')
+            raise Soar::Registry::Staff::Directory::Error::BootstrapError, 'Missing table name' if not @table_name
+          end
+
+          ##
+          # @return [Bool] whether directory provider received minimum required configuration
+          ##
+          def bootstrapped?
+            @configuration.has_key?('region') and @configuration.has_key?('endpoint') 
+          end
+
+          def uri
+            @configuration['endpoint']
+          end
+
+          def authenticate(credentials)
+            raise Soar::Registry::Staff::Directory::Error::AuthenticationError, 'missing username' if not credentials.key?('username')
+            raise Soar::Registry::Staff::Directory::Error::AuthenticationError, 'missing password' if not credentials.key?('password')
+            @credentials = {
+              "access_key_id" => credentials['username'],
+              "secret_access_key" => credentials['password']
+            }
+          end
+
+          def connect
+            begin
+              options = @configuration
+              options['credentials'] = Aws::Credentials.new(@credentials['access_key_id'], @credentials['secret_access_key'])
+              @client = Aws::DynamoDB::Client.new(Hashie.symbolize_keys(options))
+              true
+            rescue ArgumentError => e
+              raise Soar::Registry::Staff::Directory::Error::ConnectionError, e.message 
+            rescue 
+              raise Soar::Registry::Staff::Directory::Error::ConnectionError, 'error creating client'
+            end
+          end
+
+          def connected?
+            return @client.class.name == 'Aws::DynamoDB::Client'
+          end
+
+          def ready?
+            begin
+              #return @client.list_tables.table_names.class.name == 'Array'
+              resp = @client.describe_table({
+                table_name: @table_name
+              })
+              return resp.table.table_name == @table_name
+            rescue Aws::DynamoDB::Errors::ResourceNotFoundException, Seahorse::Client::NetworkingError
+              return false
+            end
+          end
+
+          def put_identity(entity)
+            @client.put_item({
+              table_name: @table_name,
+              item: Hashie.symbolize_keys(entity)
+            })
+          end
+
+          ##
+          # @param [String] identity_id primary key of the identity
+          # @return [Hash] the identity
+          # @raise [Soar::Registry::Staff::Directory::DynamoDb::Error::UniqueIdentifierNotFoundError] if primary key not found
+          ##
+          def fetch_identity(identity_id)
+            options = {
+              table_name: @table_name,
+              key: {
+                identity_id: identity_id
+              }
+            }
+            identity = @client.get_item(options)
+            raise Soar::Registry::Staff::Directory::Error::UniqueIdentifierNotFoundError, 'Unable to find identity' if identity.item.nil?
+            identity.item
+          end
+
+          ##
+          # @param [String] identifier_attribute 
+          # @param [String] identifier_value
+          # @return [Array] list of identities
+          # @raise [ArgumentError] if query or index is not specified
+          ##
+          def search_identities(identifier_attribute, identifier_value)
+            raise ArgumentError, "Attribute is required" if identifier_attribute.nil?
+            raise ArgumentError, 'Value is required' if identifier_value.nil?
+            options = {
+              table_name: @table_name,
+              select: 'ALL_ATTRIBUTES',
+              limit: LIMIT,
+              key_condition_expression: "#{identifier_attribute} = :value",
+              expression_attribute_values: {
+                ":value": identifier_value 
+              }
+            }
+
+            options.merge!({index_name: "#{identifier_attribute}_index"}) if INDEXED_ATTRIBUTES.include?(identifier_attribute)
+            identity = @client.query(options)
+            identity.items.map { |item| 
+              Hashie.stringify_keys(item)
+            }
+          end
+
+          ##
+          # @return [Array] a list of primary keys and global secondary indexes
+          ##
+          def indexed_attributes
+            resp = @client.describe_table({
+              table_name: @table_name
+            })
+            indexed_attributes = []
+            resp['table']['key_schema'].each { |key_schema|
+              indexed_attributes << key_schema['attribute_name']
+            }
+            resp['table']['global_secondary_indexes'].each { |index| 
+              index['key_schema'].each { |key_schema| 
+                indexed_attributes << key_schema['attribute_name']
+              }
+            }
+            indexed_attributes
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/soar/registry/staff/directory/stub.rb

@@ -0,0 +1,107 @@
+require 'soar_idm/directory_provider'
+require 'soar/registry/staff/directory/error'
+require 'aws-sdk'
+require 'hashie'
+require 'mince'
+require 'hashy_db'
+
+module Soar
+  module Registry
+    module Staff
+      module Directory
+        class Stub < SoarIdm::DirectoryProvider
+
+          attr_accessor :interface
+          attr_writer :network
+          attr_writer :connection
+
+          def initialize
+            @interface = Mince::HashyDb::Interface
+            @network = true
+            @connection = true
+          end
+
+          ##
+          # @param [Hash] configuration for the directory provider
+          # @return [Nil]
+          # @raise [Soar::Registry::Staff::Directory::Error::BootstrapError] if required configuration is missing
+          ##
+          def bootstrap(configuration)
+            @configuration = configuration
+            raise Soar::Registry::Staff::Directory::Error::BootstrapError if configuration.empty?
+          end
+
+          ##
+          # @return [Bool] whether directory provider received minimum required configuration
+          ##
+          def bootstrapped?
+            true
+          end
+
+          def uri
+            @configuration['endpoint']
+          end
+
+          def authenticate(credentials)
+            raise Soar::Registry::Staff::Directory::Error::AuthenticationError, 'missing username' if not credentials.key?('username')
+            raise Soar::Registry::Staff::Directory::Error::AuthenticationError, 'missing password' if not credentials.key?('password')
+          end
+
+          def connect
+            raise Soar::Registry::Staff::Directory::Error::ConnectionError if not @connection
+            true
+          end
+
+          def connected?
+            true
+          end
+
+          def ready?
+            @network
+          end
+
+          def put_identity(entity)
+            @interface.add('identities', entity)
+          end
+
+          ##
+          # @param [String] identity_id primary key of the identity
+          # @return [Hash] the identity
+          # @raise [Soar::Registry::Staff::Directory::DynamoDb::Error::UniqueIdentifierNotFoundError] if primary key not found
+          ##
+          def fetch_identity(identity_id)
+            identity = @interface.get_for_key_with_value('identities', "identity_id", identity_id)
+            raise Soar::Registry::Staff::Directory::Error::UniqueIdentifierNotFoundError if identity.nil?
+            identity
+          end
+
+          ##
+          # @param [String] identifier_attribute 
+          # @param [String] identifier_value
+          # @return [Array] list of identities
+          # @raise [ArgumentError] if query or index is not specified
+          ##
+          def search_identities(identifier_attribute, identifier_value)
+            identities = []
+            @interface.find_all('identities').each { |identity| 
+              if identity[identifier_attribute] == identifier_value
+                identities << identity
+              else
+                next
+              end
+            }
+            identities
+          end
+
+          ##
+          # @return [Array] a list of primary keys and global secondary indexes
+          ##
+          def indexed_attributes
+            ["identity_id", "email", "entity_id"]
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/soar/registry/staff/identity/base.rb

@@ -0,0 +1,84 @@
+require 'soar_idm/soar_idm'
+require 'soar/registry/staff/translator/dynamo_db'
+require 'soar/registry/staff/directory/dynamo_db'
+
+module Soar
+  module Registry
+    module Staff
+      module Identity
+        class Base < SoarIdm::IdmApi
+
+          attr_reader :directory
+          attr_reader :translator
+          attr_reader :client
+
+          PRIMARY_KEY = 'identity_id'
+
+          ##
+          # @param [Hash] configuration
+          #   for example see config/config.yml
+          ##
+          def initialize(configuration)
+            @translator = Object.const_get(configuration['rule_set']['adaptor']).new
+            @directory = Object::const_get(configuration['provider']['adaptor']).new()
+            @directory.bootstrap(configuration['provider']['config'])
+            @directory.authenticate(configuration['provider']['credentials'])
+            @client = @directory.connect
+            raise Soar::Registry::Staff::Directory::Error::BootstrapError if not @directory.bootstrapped? 
+            raise Soar::Registry::Staff::Directory::Error::ConnectionError if not @directory.connected?
+            raise Soar::Registry::Staff::Directory::Error::NotReadyError if not @directory.ready?
+          end
+
+          ##
+          # @param [Hash] identity
+          # @return [Array] list of roles
+          def calculate_roles(identity)
+            entry = @directory.fetch_identity(identity[PRIMARY_KEY])
+            return nil if not entry
+            identity = @translator.get_identity(entry)
+            roles = []
+            identity['roles'].each do |role, attributes|
+              roles << role
+            end
+            roles
+          end
+
+          ##
+          # @param [Hash] identity
+          # @return [Array] list of identifiers
+          ##
+          def calculate_identifiers(identity)
+            indexes = @directory.indexed_attributes
+            entry = @directory.fetch_identity(identity[PRIMARY_KEY])
+            identity = @translator.get_identity(entry)
+            identifiers = []
+            indexes.each { |index| 
+              identifiers << identity[index]
+            }
+            identifiers
+          end
+
+          ## 
+          # @param [Hash] identity
+          # @param [String] role
+          # @return [Hash] A hash of attributes 
+          def calculate_attributes(identity, role)
+            entry = @directory.fetch_identity(identity[PRIMARY_KEY])
+            return nil if not entry
+            identity = @translator.get_identity(entry)
+            { role => identity['roles'][role] }
+          end 
+
+          ##
+          # @param [Hash] identity
+          # @return [Hash] Hash of attributes keyed by role
+          def calculate_all_attributes(identity)
+            entry = @directory.fetch_identity(identity[PRIMARY_KEY])
+            @translator.get_identity(entry)
+          end
+
+        end
+      end
+    end
+  end
+end