sophos-sg-rest 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 26bb2c7c244e7f80415bc403a98b8302d3ce28a4
+  data.tar.gz: 0191dd7f080ee7691a4716961bf88aa709495814
+SHA512:
+  metadata.gz: 33b41a4f63203df664153d0dfb0088ece1510170399e8ae0b1a3deb4403e58554951a79cb8ca5ff37b0cda8793b53637c51a7d97808fc17a0cfd1a3c8f4db61b
+  data.tar.gz: 3212d13c0169435c78cd839d536436c736044866b04726e38a48d0ba0f75e80cec1687dbf9178878fcc7625ebf581c123e182f0bc603e4df849ef87f0d12990e

data/.gitignore

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/rest.log
+/rspec.xml

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

data/.ruby-gemset

@@ -0,0 +1 @@
+sophos-sg-rest

data/.ruby-version

@@ -0,0 +1 @@
+2.2.6

data/Gemfile

@@ -0,0 +1,11 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in sophos-sg-rest.gemspec
+gemspec
+
+group :test do
+  gem 'rspec'
+  gem 'rspec_junit_formatter'
+  gem 'simplecov'
+  gem 'simplecov-cobertura'
+end

data/LICENSE.txt

@@ -0,0 +1,23 @@
+Copyright 2016 Sophos Limited. All rights reserved.
+
+Sophos is a registered trademark of Sophos Limited and Sophos Group. All other
+product and company names mentioned are trademarks or registered trademarks of
+their respective owners.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,45 @@
+# Sophos::SG::REST
+
+This gem implements a simple client for the REST API of SOPHOS SG UTM. The client
+will help building [Chef](https://www.chef.io/), [Puppet](https://puppet.com/)
+or other integration and provisioning scripts.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'sophos-sg-rest'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself using:
+
+    $ gem install sophos-sg-rest
+
+## Usage
+
+Simple example on how to get started:
+
+```ruby
+require 'sophos/sg/rest'
+client = described_class.new('https://<user>:<pass>@<host>/api/',
+                             fingerprint: 'F3:D3:C6:C2:01:93:4A:BC:87:C4:07:8D:10:5A:59:F3:B0:B0:3C:XX')
+hosts = client.objects('network/host')
+```
+
+More documentation can be found at [rubydoc](http://www.rubydoc.info/gems/sophos-sg-rest)
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/sophos-iaas/ruby-sophos-sg-rest.
+

data/Rakefile

@@ -0,0 +1,12 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+task :default => :spec
+
+desc "Run specs"
+RSpec::Core::RakeTask.new(:spec)
+
+desc "Run specs on jenkins"
+RSpec::Core::RakeTask.new(:jenkins) do |t|
+  t.rspec_opts = '--format RspecJunitFormatter --out rspec.xml'
+end

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "sophos/sg/rest"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/sophos/sg/rest.rb

@@ -0,0 +1,20 @@
+# Copyright 2016 Sophos Technology GmbH. All rights reserved.
+# See the LICENSE.txt file for details.
+# Authors: Vincent Landgraf
+
+require 'net/http'
+require 'json'
+require 'ostruct'
+require 'openssl'
+
+require "sophos/sg/rest/version"
+
+module Sophos
+  module SG
+    module REST
+      autoload :HTTP, "sophos/sg/rest/http"
+      autoload :Error, "sophos/sg/rest/error"
+      autoload :Client, "sophos/sg/rest/client"
+    end
+  end
+end

data/lib/sophos/sg/rest/client.rb

@@ -0,0 +1,169 @@
+# Copyright 2016 Sophos Technology GmbH. All rights reserved.
+# See the LICENSE.txt file for details.
+# Authors: Vincent Landgraf
+
+class Sophos::SG::REST::Client
+  HEADER_USER_AGENT = "#{self} (#{Sophos::SG::REST::VERSION})".freeze
+  HEADER_ACCEPT = 'application/json'.freeze
+  HEADER_CONTENT_TYPE = 'Content-Type'.freeze
+  HEADER_ERR_ACK = 'X-Restd-Err-Ack'.freeze
+  HEADER_SESSION = 'X-Restd-Session'.freeze
+  HEADER_INSERT = 'X-Restd-Insert'.freeze
+  HEADER_LOCK_OVERRIDE = 'X-Restd-Lock-Override'.freeze
+  DEFAULT_HEADERS = {
+    'Accept' => HEADER_ACCEPT,
+    'User-Agent' => HEADER_USER_AGENT
+  }.freeze
+  attr_reader :http, :url
+
+  def initialize(url, options = {})
+    @http = Sophos::SG::REST::HTTP.new(url, options)
+  end
+
+  def logger=(logger)
+    @http.set_debug_output(logger)
+  end
+
+  def objects(type)
+    get path_objects(type)
+  end
+
+  def object(type, ref)
+    get path_object(type, ref)
+  end
+
+  def create_object(type, attributes, insert = nil)
+    post path_objects(type), attributes, insert
+  end
+
+  def patch_object(type, ref, attributes)
+    patch path_object(type, ref), attributes
+  end
+
+  def update_object(type, attributes, insert = nil)
+    h = attributes.to_h
+    ref = h['_ref'] || h[:_ref]
+    raise ArgumentError, "Object _ref must be set! #{h.inspect}" if ref.nil?
+    put path_object(type, ref), h, insert
+  end
+
+  def destroy_object(type, ref = nil)
+    # if ref is not passed, assume object or hash
+    if ref.nil?
+      if type.is_a? Hash
+        ref = type['_ref'] || type[:_ref]
+        type = type['_type'] || type[:_type]
+      elsif type.respond_to?(:_type) && type.respond_to?(:_ref)
+        ref = type._ref
+        type = type._type
+      else
+        raise ArgumentError, 'type must be a string, hash or object with ' \
+          ' _ref and _type defined'
+      end
+    end
+
+    delete path_object(type, ref)
+  end
+
+  def nodes
+    get nodes_path
+  end
+
+  def update_nodes(hash)
+    patch nodes_path, hash
+  end
+
+  def node(id)
+    get nodes_path(id)
+  end
+
+  def update_node(id, value)
+    put nodes_path(id), value
+  end
+
+  def nodes_path(id = nil)
+    base = File.join(@http.url.path, 'nodes') + '/'
+    base = File.join(base, id) if id
+    base
+  end
+
+  def path_object(type, ref)
+    File.join(@http.url.path, 'objects', type, ref)
+  end
+
+  def path_objects(type)
+    File.join(@http.url.path, 'objects', type) + '/'
+  end
+
+  def get(path)
+    do_json_request('GET', path)
+  end
+
+  def post(path, data, insert = nil)
+    do_json_request('POST', path, data) do |req|
+      req[HEADER_CONTENT_TYPE] = HEADER_ACCEPT
+      req[HEADER_INSERT] = insert if insert
+    end
+  end
+
+  def put(path, data, insert = nil)
+    do_json_request('PUT', path, data) do |req|
+      req[HEADER_CONTENT_TYPE] = HEADER_ACCEPT
+      req[HEADER_INSERT] = insert if insert
+    end
+  end
+
+  def patch(path, data)
+    do_json_request('PATCH', path, data) do |req|
+      req[HEADER_CONTENT_TYPE] = HEADER_ACCEPT
+    end
+  end
+
+  def delete(path)
+    do_json_request('DELETE', path) do |req|
+      req[HEADER_ERR_ACK] = 'all'
+    end
+  end
+
+  def do_json_request(method, path, body = nil)
+    body = json_encode(body) unless body.nil?
+    req = request(method, path, body)
+    yield req if block_given?
+    response = @http.request(req)
+    decode_json(response, req)
+  end
+
+  def request(method, path, body = nil)
+    req = Net::HTTPGenericRequest.new(method, !body.nil?, true, path, DEFAULT_HEADERS)
+    req.basic_auth @http.url.user, @http.url.password
+    req.body = body
+    req
+  end
+
+  def json_encode(data)
+    data.to_json
+  end
+
+  def decode_json(response, req)
+    body = nil
+
+    if response.body && response.body != ''
+      # rubys JSON parse is unable to parse scalar values (number, string,
+      # bool, ...) directly, because of this it needs to be wrapped before
+      body = JSON.parse('[' + response.body + ']').first
+      if body.is_a?(Array) && body.any? && body.first.is_a?(Hash)
+        body = body.map { |i| OpenStruct.new(i) }
+      elsif body.is_a? Hash
+        body = OpenStruct.new(body)
+      else
+        body
+      end
+    end
+
+    if response.code.to_i >= 400
+      raise Sophos::SG::REST::Error.new(req, response, body)
+    end
+
+    body
+  end
+end

data/lib/sophos/sg/rest/error.rb

@@ -0,0 +1,23 @@
+# Copyright 2016 Sophos Technology GmbH. All rights reserved.
+# See the LICENSE.txt file for details.
+# Authors: Vincent Landgraf
+
+class Sophos::SG::REST::Error < StandardError
+  attr_reader :request, :response, :body
+
+  def initialize(request, response, body)
+    @request = request
+    @response = response
+    @body = body
+
+    message = response.message
+    message << ": #{errors.first.name}" if errors.any?
+    reqdesc = "#{request.method} #{request.path} -> #{response.code}"
+
+    super "UTM: #{message} (#{reqdesc})"
+  end
+
+  def errors
+    body.is_a?(Array) ? body : []
+  end
+end

data/lib/sophos/sg/rest/http.rb

@@ -0,0 +1,32 @@
+# Copyright 2016 Sophos Technology GmbH. All rights reserved.
+# See the LICENSE.txt file for details.
+# Authors: Vincent Landgraf
+
+class Sophos::SG::REST::HTTP < Net::HTTP
+  attr_reader :url
+
+  def initialize(url, options = {})
+    @url = URI(url)
+    super(@url.host, @url.port)
+    if @url.scheme == 'https'
+      self.use_ssl = true
+      self.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      self.verify_callback = lambda do |preverify_ok, ssl_context|
+        if options[:fingerprint]
+          # check if the fingerprint is matching (don't respect the chain)
+          fingerprint = options[:fingerprint].gsub(/\s|:/, '').downcase
+          ssl_context.chain.each do |cert|
+            if fingerprint == OpenSSL::Digest::SHA1.new(cert.to_der).to_s
+              return true
+            end
+          end
+          false
+        else
+          # if the certificate is valid and no fingerprint is passed the
+          # certificate chain result is determining
+          preverify_ok
+        end
+      end
+    end
+  end
+end

data/lib/sophos/sg/rest/version.rb

@@ -0,0 +1,11 @@
+# Copyright 2016 Sophos Technology GmbH. All rights reserved.
+# See the LICENSE.txt file for details.
+# Authors: Vincent Landgraf
+
+module Sophos
+  module SG
+    module REST
+      VERSION = "0.1.0"
+    end
+  end
+end

data/sophos-sg-rest.gemspec

@@ -0,0 +1,25 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'sophos/sg/rest/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'sophos-sg-rest'
+  spec.version       = Sophos::SG::REST::VERSION
+  spec.authors       = ['Vincent Landgraf']
+  spec.email         = ['sophos-iaas-oss@sophos.com']
+  spec.licenses      = ['MIT', 'SOPHOS proprietary']
+
+  spec.summary       = %q{SOPHOS SG UTM Series - REST API Client Library}
+  spec.homepage      = "https://github.com/sophos-iaas/ruby-sophos-sg-rest"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler', '~> 1.11'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.4'
+  spec.add_development_dependency 'simplecov', '~> 0.12'
+end

metadata

@@ -0,0 +1,117 @@
+--- !ruby/object:Gem::Specification
+name: sophos-sg-rest
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Vincent Landgraf
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2016-12-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.12'
+description: 
+email:
+- sophos-iaas-oss@sophos.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".ruby-gemset"
+- ".ruby-version"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/sophos/sg/rest.rb
+- lib/sophos/sg/rest/client.rb
+- lib/sophos/sg/rest/error.rb
+- lib/sophos/sg/rest/http.rb
+- lib/sophos/sg/rest/version.rb
+- sophos-sg-rest.gemspec
+homepage: https://github.com/sophos-iaas/ruby-sophos-sg-rest
+licenses:
+- MIT
+- SOPHOS proprietary
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: SOPHOS SG UTM Series - REST API Client Library
+test_files: []