soar_idm 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +11 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +21 -0
- data/README.md +107 -0
- data/Rakefile +6 -0
- data/lib/soar_idm/soar_idm.rb +86 -0
- data/lib/soar_idm/version.rb +3 -0
- data/soar_idm.gemspec +28 -0
- metadata +123 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 2c3e1d7bd6ab36b070516c7df38c6aa35c24dee4
|
4
|
+
data.tar.gz: d027699c55c43b626d92af3d813c4a47ea42ed5c
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 6e31cdd4fa2e554a3cb73bf94693b059f5431d78a264e43eec377fb7b21628be0d9fab88e705af809b0ff73797f9a64cf4e0e2d2a2f8ae06e9d759024deef8ea
|
7
|
+
data.tar.gz: 9aaf7a5deba6a3f813a01b5652becf5d6cffc45a24aebc41ef4ff0f48c9a94d4678b9f2beaabe7090f35a024b17bd74dccceb6671ca43c4f3fb43fd9e389f6c6
|
data/.gitignore
ADDED
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2015 Ernst van Graan
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,107 @@
|
|
1
|
+
# SoarIDM
|
2
|
+
|
3
|
+
SoarIDM is a generic API for Identity Registries to adhere to when playing an active role in accomplishing Identity Management. It was designed for use in the SOAR architecture. Extend the IdmApi class with your own, and provide the needed IDM functionality.
|
4
|
+
|
5
|
+
An IDM can be given an entity identifier, and asked to enumerate the roles associated with the entity. When given an entity identifier and a role, the IDM can provide attributes configured for the entity when acting as that role.
|
6
|
+
|
7
|
+
# Features
|
8
|
+
|
9
|
+
All functionality of the identity registry requires an entity identifier (non-empty string). When requesting attributes for a role, the role is optional (non-empty string).
|
10
|
+
|
11
|
+
If an invalid, non-string or empty entity identifier is provided, nil is returned for get_roles().
|
12
|
+
If a valid entity identifier is provided, the roles for than entity are returned in a dictionary.
|
13
|
+
|
14
|
+
If an invalid, non-string or empty entity identifier is provided, nil is returned for get_attributes().
|
15
|
+
If a valid entity identifier is provided, but no role is provided, all attributes for the entity are returned.
|
16
|
+
If a valid entity identifier is provided, and a valid role is provided, all attributes associated with that role for the entity are returned, provided the entity has that role. If the entity does not have that role, nil is returned.
|
17
|
+
|
18
|
+
If an invalid, non-string or empty entity identifier is provided, nil is returned for get_identifiers().
|
19
|
+
If a valid entity identifier is provided, all identifiers known for the entity *by this identity registry* are returned.
|
20
|
+
|
21
|
+
For all functions, the entity identifier provided is used to look up the entity identity. The following errors may occur, and result in a SoarIdm::IdentityError being raised:
|
22
|
+
|
23
|
+
If a programmatic error results in identities looked up being nil:
|
24
|
+
- Error looking up identity for identifier entity_identifier
|
25
|
+
|
26
|
+
If more than one identity is found for the entity identifier:
|
27
|
+
- Multiple identities found for identifier entity_identifier
|
28
|
+
|
29
|
+
If no identities are found for the entity identifier:
|
30
|
+
- Identities not found for identifier entity_identifier
|
31
|
+
|
32
|
+
## Installation
|
33
|
+
|
34
|
+
Add this line to your application's Gemfile:
|
35
|
+
|
36
|
+
gem 'soar_idm'
|
37
|
+
|
38
|
+
And then execute:
|
39
|
+
|
40
|
+
bundle
|
41
|
+
|
42
|
+
Or install it yourself as:
|
43
|
+
|
44
|
+
gem install soar_idm
|
45
|
+
|
46
|
+
## Usage (provider)
|
47
|
+
|
48
|
+
When providing your own identity registry, extend the SoarIDM::IdmApi class and implement the inversion of control methods. These methods will receive the identity you provide on lookup of the identifier in calculate_identifiers().
|
49
|
+
|
50
|
+
def calculate_roles(identity)
|
51
|
+
# use your source of truth to match roles to the identity
|
52
|
+
[]
|
53
|
+
end
|
54
|
+
|
55
|
+
def calculate_all_attributes(identity)
|
56
|
+
# walk the identity tree for your source of truth and extract all attributes
|
57
|
+
{}
|
58
|
+
end
|
59
|
+
|
60
|
+
def calculate_attributes(identity, role)
|
61
|
+
# extract all attributes for the role from your source of truth, given the identity
|
62
|
+
{ role => {} }
|
63
|
+
end
|
64
|
+
|
65
|
+
def calculate_identifiers(entity_identifier)
|
66
|
+
# walk the identity in your source of truth and extract all identifiers
|
67
|
+
[entity_identifier]
|
68
|
+
end
|
69
|
+
|
70
|
+
def calculate_identities(entity_identifier)
|
71
|
+
# find the UUID in your source of truth for the identity. The base IDM API generates one. For a simplified, shallow registry (not recommended,) simply return the entity identifier. Note though that the SOAR IDMs guarantee global uniqueness for identity UUIDs!
|
72
|
+
[SecureRandom.uuid]
|
73
|
+
end
|
74
|
+
|
75
|
+
|
76
|
+
Over-ride the public and private methods at your own risk and at the risk of non-compliance with the SOAR architecture.
|
77
|
+
|
78
|
+
## Usage (client)
|
79
|
+
spec.add_development_dependency 'soar_idm'
|
80
|
+
bundle exec irb
|
81
|
+
|
82
|
+
In the examples that follow, @iut refers to 'implementation under test' a.k.a 'item under test'
|
83
|
+
Extend the {SoarIDM::IdmApi IDM API} class to create an identity registry.
|
84
|
+
|
85
|
+
Consumers of your identity registry will expect to use it so:
|
86
|
+
|
87
|
+
entity_identifier = "entity identifier"
|
88
|
+
entity_roles = @iut.get_roles(entity_identifier)
|
89
|
+
# [ 'role1', 'role2']
|
90
|
+
|
91
|
+
attributes = @iut.get_attributes(entity_identifier, role)
|
92
|
+
# { 'role1' => {'attribute1' => 'value1', 'attribute2' => 'value2'}, 'role2' => {'attribute3' => 'value3', 'attribute4' => 'value4'}}
|
93
|
+
|
94
|
+
identifiers = @iut.get_identifiers(entity_identifier)
|
95
|
+
# [ 'entity identifier', 'another identifier']
|
96
|
+
|
97
|
+
## Deploying
|
98
|
+
|
99
|
+
This identity management framework can be deployed in-process in any ruby application or application server. It was intended as a library in support of identity registries as SOA services in the SOAR architecture, to be deployed on soar_sc service components.
|
100
|
+
|
101
|
+
## Contributing
|
102
|
+
|
103
|
+
Bug reports and feature requests are welcome by email to ernst dot van dot graan at hetzner dot co dot za. This gem is sponsored by Hetzner (Pty) Ltd (http://hetzner.co.za)
|
104
|
+
|
105
|
+
## License
|
106
|
+
|
107
|
+
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
data/Rakefile
ADDED
@@ -0,0 +1,86 @@
|
|
1
|
+
require 'securerandom'
|
2
|
+
require "soar_idm/version"
|
3
|
+
require 'jsender'
|
4
|
+
|
5
|
+
module SoarIdm
|
6
|
+
class IdentityError < StandardError
|
7
|
+
end
|
8
|
+
|
9
|
+
class IdmApi
|
10
|
+
def get_roles(entity_identifier)
|
11
|
+
return nil if invalid_entity_identifier?(entity_identifier) or no_entity_identifier?(entity_identifier)
|
12
|
+
identity = get_identity(entity_identifier)
|
13
|
+
calculate_roles(identity)
|
14
|
+
end
|
15
|
+
|
16
|
+
def get_attributes(entity_identifier, role = nil)
|
17
|
+
return nil if invalid_entity_identifier?(entity_identifier) or no_entity_identifier?(entity_identifier)
|
18
|
+
identity = get_identity(entity_identifier)
|
19
|
+
return calculate_all_attributes(identity) if role_missing?(role) or no_role?(role)
|
20
|
+
roles = get_roles(entity_identifier)
|
21
|
+
return nil if roles.nil? or not(roles.include?(role))
|
22
|
+
calculate_attributes(identity, role)
|
23
|
+
end
|
24
|
+
|
25
|
+
def get_identifiers(entity_identifier)
|
26
|
+
return nil if invalid_entity_identifier?(entity_identifier) or no_entity_identifier?(entity_identifier)
|
27
|
+
identity = get_identity(entity_identifier)
|
28
|
+
calculate_identifiers(identity)
|
29
|
+
end
|
30
|
+
|
31
|
+
protected
|
32
|
+
|
33
|
+
def calculate_roles(identity)
|
34
|
+
[]
|
35
|
+
end
|
36
|
+
|
37
|
+
def calculate_all_attributes(identity)
|
38
|
+
{}
|
39
|
+
end
|
40
|
+
|
41
|
+
def calculate_attributes(identity, role)
|
42
|
+
{ role => {}}
|
43
|
+
end
|
44
|
+
|
45
|
+
def calculate_identifiers(identity)
|
46
|
+
[entity_identifier]
|
47
|
+
end
|
48
|
+
|
49
|
+
def calculate_identities(entity_identifier)
|
50
|
+
[SecureRandom.uuid]
|
51
|
+
end
|
52
|
+
|
53
|
+
def get_identity(entity_identifier)
|
54
|
+
identities = calculate_identities(entity_identifier)
|
55
|
+
raise IdentityError.new("Error looking up identity for identifier #{entity_identifier}") if identities.nil?
|
56
|
+
raise IdentityError.new("Multiple identities found for identifier #{entity_identifier}") if identities.size > 1
|
57
|
+
raise IdentityError.new("Identities not found for identifier #{entity_identifier}") if identities.size == 0
|
58
|
+
identities.first
|
59
|
+
|
60
|
+
rescue => ex
|
61
|
+
raise IdentityError.new("Failure looking up identity for #{entity_identifier}: #{ex}")
|
62
|
+
end
|
63
|
+
|
64
|
+
private
|
65
|
+
|
66
|
+
def invalid_entity_identifier?(entity_identifier)
|
67
|
+
entity_identifier.nil? or not(entity_identifier.is_a?(String))
|
68
|
+
end
|
69
|
+
|
70
|
+
def no_entity_identifier?(entity_identifier)
|
71
|
+
entity_identifier.strip == ""
|
72
|
+
end
|
73
|
+
|
74
|
+
def invalid_role?(role)
|
75
|
+
role_missing?(role) or not(role.is_a?(String))
|
76
|
+
end
|
77
|
+
|
78
|
+
def role_missing?(role)
|
79
|
+
role.nil?
|
80
|
+
end
|
81
|
+
|
82
|
+
def no_role?(role)
|
83
|
+
role.strip == ""
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
data/soar_idm.gemspec
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'soar_idm/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "soar_idm"
|
8
|
+
spec.version = SoarIDM::VERSION
|
9
|
+
spec.authors = ["Ernst van Graan"]
|
10
|
+
spec.email = ["ernst.van.graan@hetzner.co.za"]
|
11
|
+
|
12
|
+
spec.summary = %q{Generic implementation of a SOAR Identity management API}
|
13
|
+
spec.description = %q{Generic implementation of a SOAR Identity management API}
|
14
|
+
# spec.homepage = "TODO: Put your gem's website or public repo URL here."
|
15
|
+
spec.license = "MIT"
|
16
|
+
|
17
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
18
|
+
spec.bindir = "exe"
|
19
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
20
|
+
spec.require_paths = ["lib"]
|
21
|
+
# spec.required_ruby_version = ['>=2.0.0']
|
22
|
+
|
23
|
+
spec.add_development_dependency "bundler", "~> 1.10"
|
24
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
25
|
+
spec.add_development_dependency "rspec"
|
26
|
+
spec.add_development_dependency "byebug"
|
27
|
+
spec.add_dependency "jsender"
|
28
|
+
end
|
metadata
ADDED
@@ -0,0 +1,123 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: soar_idm
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Ernst van Graan
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2016-03-02 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.10'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.10'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rake
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '10.0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '10.0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rspec
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: byebug
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: jsender
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
type: :runtime
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
83
|
+
description: Generic implementation of a SOAR Identity management API
|
84
|
+
email:
|
85
|
+
- ernst.van.graan@hetzner.co.za
|
86
|
+
executables: []
|
87
|
+
extensions: []
|
88
|
+
extra_rdoc_files: []
|
89
|
+
files:
|
90
|
+
- ".gitignore"
|
91
|
+
- Gemfile
|
92
|
+
- LICENSE.txt
|
93
|
+
- README.md
|
94
|
+
- Rakefile
|
95
|
+
- lib/soar_idm/soar_idm.rb
|
96
|
+
- lib/soar_idm/version.rb
|
97
|
+
- soar_idm.gemspec
|
98
|
+
homepage:
|
99
|
+
licenses:
|
100
|
+
- MIT
|
101
|
+
metadata: {}
|
102
|
+
post_install_message:
|
103
|
+
rdoc_options: []
|
104
|
+
require_paths:
|
105
|
+
- lib
|
106
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - ">="
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '0'
|
111
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
112
|
+
requirements:
|
113
|
+
- - ">="
|
114
|
+
- !ruby/object:Gem::Version
|
115
|
+
version: '0'
|
116
|
+
requirements: []
|
117
|
+
rubyforge_project:
|
118
|
+
rubygems_version: 2.4.8
|
119
|
+
signing_key:
|
120
|
+
specification_version: 4
|
121
|
+
summary: Generic implementation of a SOAR Identity management API
|
122
|
+
test_files: []
|
123
|
+
has_rdoc:
|