train 1.4.31 → 1.4.35

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 41dd0a819427f0fdb0394992ca48fd80d9d67dd45d7a6c666472f48cb79cacb0
-  data.tar.gz: 8c05af271415f0165a1a68b2495832ba89f84864dcb5c26e498fd48e2cc4d43f
+  metadata.gz: 893a9b5ce2710681b1d4bd795661244d5a7148bbd4ec265b607fc4241394e999
+  data.tar.gz: 0500f6af3195b846c025afb818ad939cbf9592e28002a6093c0ced0e75851604
 SHA512:
-  metadata.gz: 55719a930b672cab82cfeb76aebf0fa26643a75de1c61d618f65236d291682786a786376679a61c5533940c34391cb10d400f85852cd07b1e8d01b29f682b3f4
-  data.tar.gz: ab0665695a28b1e86b21fb83d2093907bb7850870603bba2fd35efb21b1b37c7e101a39dd6b4814cfea8d518ac762931275a9f578dad60c577fefc504f4ec1c0
+  metadata.gz: f5bfe0c9737ad2db256d5e7b9434afa0eb8013e47417bfe2d9feaf858c8518f06592f3eab7081d47beb64847c0f876727fd83935cac5eeb2f804a142112d8ed0
+  data.tar.gz: 2da5c3b0c40fb01b7f999cc56a2f5f0c0c15afc5db513f6574421197dbe5ec26d2ab7f69f13d2107f785421a89d80fefb35aeee3d26747d3f7bc0e8bbc93f521

data/CHANGELOG.md

@@ -1,19 +1,28 @@
-<!-- latest_release 1.4.31 -->
-## [v1.4.31](https://github.com/inspec/train/tree/v1.4.31) (2018-08-16)
+<!-- latest_release 1.4.35 -->
+## [v1.4.35](https://github.com/inspec/train/tree/v1.4.35) (2018-08-23)
 
 #### Merged Pull Requests
-- Enable using rubygems as plugins [#335](https://github.com/inspec/train/pull/335) ([clintoncwolfe](https://github.com/clintoncwolfe))
+- Adds connection to Graph RBAC API  [#327](https://github.com/inspec/train/pull/327) ([r-fennell](https://github.com/r-fennell))
 <!-- latest_release -->
 
-<!-- release_rollup since=1.4.29 -->
-### Changes since 1.4.29 release
+<!-- release_rollup since=1.4.31 -->
+### Changes since 1.4.31 release
 
 #### Merged Pull Requests
-- Enable using rubygems as plugins [#335](https://github.com/inspec/train/pull/335) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 1.4.31 -->
-- Fixes an issue where the credential file was nil [#337](https://github.com/inspec/train/pull/337) ([dmccown](https://github.com/dmccown)) <!-- 1.4.30 -->
+- Adds connection to Graph RBAC API  [#327](https://github.com/inspec/train/pull/327) ([r-fennell](https://github.com/r-fennell)) <!-- 1.4.35 -->
+- Fixes failing test when you have a cred file [#343](https://github.com/inspec/train/pull/343) ([dmccown](https://github.com/dmccown)) <!-- 1.4.34 -->
+- Modify Cisco UUID detection to use processor ID [#342](https://github.com/inspec/train/pull/342) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.4.33 -->
+- Ensure unique_identifier returns something meaningful for service acc… [#338](https://github.com/inspec/train/pull/338) ([skpaterson](https://github.com/skpaterson)) <!-- 1.4.32 -->
 <!-- release_rollup -->
 
 <!-- latest_stable_release -->
+## [v1.4.31](https://github.com/inspec/train/tree/v1.4.31) (2018-08-17)
+
+#### Merged Pull Requests
+- Fixes an issue where the credential file was nil [#337](https://github.com/inspec/train/pull/337) ([dmccown](https://github.com/dmccown))
+- Enable using rubygems as plugins [#335](https://github.com/inspec/train/pull/335) ([clintoncwolfe](https://github.com/clintoncwolfe))
+<!-- latest_stable_release -->
+
 ## [v1.4.29](https://github.com/inspec/train/tree/v1.4.29) (2018-08-15)
 
 #### Features & Enhancements
@@ -23,7 +32,6 @@
 - Modify checksum logic to use system binaries [#251](https://github.com/inspec/train/pull/251) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
 - Require Ruby 2.0 and allow net-ssh 5.0 [#334](https://github.com/inspec/train/pull/334) ([tas50](https://github.com/tas50))
 - Add non_interactive support for SSH [#336](https://github.com/inspec/train/pull/336) ([marcparadise](https://github.com/marcparadise))
-<!-- latest_stable_release -->
 
 ## [v1.4.25](https://github.com/inspec/train/tree/v1.4.25) (2018-08-01)
 

data/lib/train/platforms/detect/specifications/os.rb

@@ -555,7 +555,7 @@ module Train::Platforms::Detect::Specifications
             next unless v[:type] == 'nexus'
             @platform[:release] = v[:version]
             @platform[:arch] = nil
-            @platform[:uuid_command] = 'show inventory chassis | include SN'
+            @platform[:uuid_command] = 'show version | include Processor'
             true
           }
 

data/lib/train/transports/azure.rb

@@ -3,9 +3,11 @@
 require 'train/plugins'
 require 'ms_rest_azure'
 require 'azure_mgmt_resources'
+require 'azure_graph_rbac'
 require 'socket'
 require 'timeout'
 require 'train/transports/helpers/azure/file_credentials'
+require 'train/transports/clients/azure/graph_rbac'
 
 module Train::Transports
   class Azure < Train.plugin(1)
@@ -26,6 +28,8 @@ module Train::Transports
     class Connection < BaseConnection
       attr_reader :options
 
+      DEFAULT_FILE = ::File.join(Dir.home, '.azure', 'credentials')
+
       def initialize(options)
         @apis = {}
 
@@ -38,6 +42,7 @@ module Train::Transports
         @cache[:api_call] = {}
 
         if @options[:client_secret].nil? && @options[:client_id].nil?
+          options[:credentials_file] = DEFAULT_FILE if options[:credentials_file].nil?
           @options.merge!(Helpers::Azure::FileCredentials.parse(@options))
         end
 
@@ -55,13 +60,26 @@ module Train::Transports
       end
 
       def azure_client(klass = ::Azure::Resources::Profiles::Latest::Mgmt::Client)
-        return klass.new(@credentials) unless cache_enabled?(:api_call)
+        if cache_enabled?(:api_call)
+          return @cache[:api_call][klass.to_s.to_sym] unless @cache[:api_call][klass.to_s.to_sym].nil?
+        end
+
+        if klass == ::Azure::Resources::Profiles::Latest::Mgmt::Client
+          @credentials[:base_url] = MsRestAzure::AzureEnvironments::AzureCloud.resource_manager_endpoint_url
+        elsif klass == ::Azure::GraphRbac::Profiles::Latest::Client
+          client =  GraphRbac.client(@credentials)
+        end
 
-        @cache[:api_call][klass.to_s.to_sym] ||= klass.new(@credentials)
+        client ||= klass.new(@credentials)
+
+        # Cache if enabled
+        @cache[:api_call][klass.to_s.to_sym] ||= client if cache_enabled?(:api_call)
+
+        client
       end
 
       def connect
-        if @options[:client_id].nil? && @options[:client_secret].nil? && port_open?(@options[:msi_port])
+        if msi_auth?
           # this needs set for azure cloud to authenticate
           ENV['MSI_VM'] = 'true'
           provider = ::MsRestAzure::MSITokenProvider.new(@options[:msi_port])
@@ -135,9 +153,13 @@ module Train::Transports
         options[:subscription_id] || options[:tenant_id]
       end
 
+      def msi_auth?
+        @options[:client_id].nil? && @options[:client_secret].nil? && port_open?(@options[:msi_port])
+      end
+
       private
 
-      def port_open?(port, seconds = 1)
+      def port_open?(port, seconds = 3)
         Timeout.timeout(seconds) do
           begin
             TCPSocket.new('localhost', port).close

data/lib/train/transports/cisco_ios_connection.rb

@@ -26,10 +26,8 @@ class Train::Transports::SSH
     end
 
     def unique_identifier
-      result = run_command_via_connection('show inventory').stdout
-      result.split("\r\n\r\n").each do |section|
-        return section.split('SN: ')[1].strip if section.include?('Chassis')
-      end
+      result = run_command_via_connection('show version | include Processor')
+      result.stdout.split(' ')[-1]
     end
 
     private

data/lib/train/transports/clients/azure/graph_rbac.rb

@@ -0,0 +1,28 @@
+# encoding: utf-8
+require 'azure_graph_rbac'
+
+# Wrapper class for ::Azure::GraphRbac::Profiles::Latest::Client allowing custom configuration,
+# for example, defining additional settings for the ::MsRestAzure::ApplicationTokenProvider.
+class GraphRbac
+  AUTH_ENDPOINT = MsRestAzure::AzureEnvironments::AzureCloud.active_directory_endpoint_url
+  API_ENDPOINT = MsRestAzure::AzureEnvironments::AzureCloud.active_directory_graph_resource_id
+
+  def self.client(credentials)
+    provider = ::MsRestAzure::ApplicationTokenProvider.new(
+      credentials[:tenant_id],
+      credentials[:client_id],
+      credentials[:client_secret],
+      settings,
+    )
+    credentials[:credentials] = ::MsRest::TokenCredentials.new(provider)
+    credentials[:base_url] = API_ENDPOINT
+    ::Azure::GraphRbac::Profiles::Latest::Client.new(credentials)
+  end
+
+  def self.settings
+    client_settings = MsRestAzure::ActiveDirectoryServiceSettings.get_azure_settings
+    client_settings.authentication_endpoint = AUTH_ENDPOINT
+    client_settings.token_audience = API_ENDPOINT
+    client_settings
+  end
+end

data/lib/train/transports/gcp.rb

@@ -84,8 +84,12 @@ module Train::Transports
       end
 
       def unique_identifier
-        # use auth client_id - same to retrieve for any of the clients but use IAM
-        gcp_iam_client.request_options.authorization.client_id
+        unique_id = 'default'
+        # use auth client_id for users (issuer is nil)
+        unique_id=gcp_iam_client.request_options.authorization.client_id unless gcp_iam_client.request_options.authorization.client_id.nil?
+        # for service account credentials (client_id is nil)
+        unique_id=gcp_iam_client.request_options.authorization.issuer unless gcp_iam_client.request_options.authorization.issuer.nil?
+        unique_id
       end
     end
   end

data/lib/train/transports/helpers/azure/file_credentials.rb

@@ -9,10 +9,8 @@ module Train::Transports
   module Helpers
     module Azure
       class FileCredentials
-        DEFAULT_FILE = ::File.join(Dir.home, '.azure', 'credentials')
-
-        def self.parse(subscription_id: nil, credentials_file: DEFAULT_FILE, **_)
-          credentials_file = DEFAULT_FILE if credentials_file.nil?
+        def self.parse(subscription_id: nil, credentials_file: nil, **_)
+          return {} if credentials_file.nil?
           return {} unless ::File.readable?(credentials_file)
           credentials     = IniFile.load(::File.expand_path(credentials_file))
           subscription_id = parser(subscription_id, ENV['AZURE_SUBSCRIPTION_NUMBER'], credentials).subscription_id

data/lib/train/version.rb

@@ -3,5 +3,5 @@
 # Author:: Dominik Richter (<dominik.richter@gmail.com>)
 
 module Train
-  VERSION = '1.4.31'.freeze
+  VERSION = '1.4.35'.freeze
 end

data/test/unit/transports/azure_test.rb

@@ -75,8 +75,15 @@ describe 'azure transport' do
     end
 
     it 'can use azure_client default client' do
+      MANAGEMENT_API_CLIENT = Azure::Resources::Profiles::Latest::Mgmt::Client
       client = connection.azure_client
-      client.class.must_equal Azure::Resources::Profiles::Latest::Mgmt::Client
+      client.class.must_equal MANAGEMENT_API_CLIENT
+    end
+
+    it 'can use azure_client graph client' do
+      GRAPH_API_CLIENT      = Azure::GraphRbac::Profiles::Latest::Client
+      client = connection.azure_client(GRAPH_API_CLIENT)
+      client.class.must_equal GRAPH_API_CLIENT
     end
   end
 

data/test/unit/transports/cisco_ios_connection.rb

@@ -33,11 +33,12 @@ describe 'CiscoIOSConnection' do
 
   describe '#unique_identifier' do
     it 'returns the correct identifier' do
-      output = "NAME: \"Chassis\", DESCR: \"Cisco 7206VXR, 6-slot chassis\"\r\nPID: CISCO7206VXR      , VID:    , SN: 4279256517 \r\n\r\nNAME: \"NPE400 0\", DESCR: \"Cisco 7200VXR Network Processing Engine NPE-400\"\r\nPID: NPE-400           , VID:    , SN: 11111111   \r\n\r\nNAME: \"module 0\", DESCR: \"I/O FastEthernet (TX-ISL)\"\r\nPID: C7200-IO-FE-MII/RJ45=, VID:    , SN: 4294967295 \r\n\r\nNAME: \"Power Supply 1\", DESCR: \"Cisco 7200 AC Power Supply\"\r\nPID: PWR-7200-AC       , VID:    , SN:            \r\n\r\nNAME: \"Power Supply 2\", DESCR: \"Cisco 7200 AC Power Supply\"\r\nPID: PWR-7200-AC       , VID:    , SN:            "
+      output = "\r\nProcessor board ID 1111111111\r\n"
       Train::Transports::SSH::CiscoIOSConnection.any_instance
-        .expects(:run_command_via_connection).with('show inventory')
+        .expects(:run_command_via_connection)
+        .with('show version | include Processor')
         .returns(OpenStruct.new(stdout: output))
-      connection.unique_identifier.must_equal('4279256517')
+      connection.unique_identifier.must_equal('1111111111')
     end
   end
 

data/train.gemspec

@@ -35,6 +35,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'docker-api', '~> 1.26'
   spec.add_dependency 'aws-sdk', '~> 2'
   spec.add_dependency 'azure_mgmt_resources', '~> 0.15'
+  spec.add_dependency 'azure_graph_rbac', '~> 0.16'
   spec.add_dependency 'google-api-client', '~> 0.19.8'
   spec.add_dependency 'googleauth', '~> 0.6.2'
   spec.add_dependency 'inifile'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: train
 version: !ruby/object:Gem::Version
-  version: 1.4.31
+  version: 1.4.35
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-16 00:00:00.000000000 Z
+date: 2018-08-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -148,6 +148,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.15'
+- !ruby/object:Gem::Dependency
+  name: azure_graph_rbac
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
 - !ruby/object:Gem::Dependency
   name: google-api-client
   requirement: !ruby/object:Gem::Requirement
@@ -251,6 +265,7 @@ files:
 - lib/train/transports/aws.rb
 - lib/train/transports/azure.rb
 - lib/train/transports/cisco_ios_connection.rb
+- lib/train/transports/clients/azure/graph_rbac.rb
 - lib/train/transports/docker.rb
 - lib/train/transports/gcp.rb
 - lib/train/transports/helpers/azure/file_credentials.rb