tss-sdk 0.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c4ed8a314a6339abf161455030a68b95b5acdf89c6b776874b49eaa96f27c07c
+  data.tar.gz: 8fb041e5ead5023d94ecb87ef7707a171c9801de3b3efb1b7bfe1355f4439385
+SHA512:
+  metadata.gz: c06b5b42b1da8a583a0e8c92475e95c574ee8ca5ac4ab88ae5f1abd71ae8bfc9cca50d333fc2b2ee6d01cc6f1f802ec9a6f966880f246d8a0a6d8297d0be857b
+  data.tar.gz: 0be9bab6d50434b47a9c5fe1c182bb93bb2ceba248275c698d25f06cba14072d0efba5225ca2ba5b280e7e6ec81da1799711b27427f72b479503638d251ea37a

data/lib/server.rb

@@ -0,0 +1,4 @@
+class Server
+  require 'server/server'
+  require 'server/secret'
+end

data/lib/server/secret.rb

@@ -0,0 +1,38 @@
+
+class InvalidSecretException < StandardError; end;
+
+# Utilized to fetch secrets from an initialzed +Server+
+class Server::Secret
+    SECRETS_RESOURCE = "secrets".freeze
+  
+    # Fetch secrets from the server
+    #
+    # @param server [Server]
+    #
+    # @return [Hash] of the secret and associated file contents
+    def self.fetch(server, id)
+      @server = server
+  
+      begin
+        @secret = @server.accessResource("GET", SECRETS_RESOURCE, id.to_s)
+      rescue Exception => e
+        $logger.error "Error accessing resource: #{e.to_s}"
+        raise InvalidSecretException
+      end
+
+      raise InvalidSecretException if @secret.nil?
+
+      #	automatically download file attachments and substitute them for the
+      @secret['items'].each do |item|
+        next if item['fileAttachmentId'].nil?
+
+        path = sprintf("%d/fields/%s", id, item['slug'])
+        
+        item_data = @server.accessResource("GET", SECRETS_RESOURCE, path, false)
+
+        item['itemValue'] = item_data
+      end
+
+      return @secret
+    end
+  end

data/lib/server/server.rb

@@ -0,0 +1,184 @@
+require 'json'
+require 'faraday'
+require 'logger'
+
+##
+# If we're in the +test+ environment just dump logs to Null
+# Otherwise, use stdout
+if ENV['test']
+  $logger = Logger.new(IO::NULL)
+else
+  $logger = Logger.new(STDOUT)
+end
+
+##
+# Invoked when the API returns an +API_AccessDenied+ error
+class AccessDeniedException < StandardError; end;
+
+class InvalidConfigurationException < StandardError; end;
+class InvalidCredentialsException < StandardError; end;
+class InvalidMethodTypeException < StandardError; end;
+class UnrecognizedResourceException < StandardError; end;
+
+class Server
+  DEFAULT_URL_TEMPLATE = "https://%s.secretservercloud.%s/"
+  DEFAULT_TLD = "com"
+  DEFAULT_API_PATH_URI = "/api/v1"
+  DEFAULT_TOKEN_PATH_URI = "/oauth2/token"
+
+  # Initialize a +Server+ object with provided configuration.
+  #
+  # @param config [Hash]
+  #   - username: ''
+  #   - password: ''
+  #   - tld: 'com'
+  #   - api_path_uri: '/api/v1'
+  #   - token_path_uri: '/oauth2/token'
+  #   - tenant: ''
+  #   - server_url: ''
+  def initialize(config)
+    @configuration = config.collect{|k,v| [k.to_s, v]}.to_h
+    if @configuration['server_url'] == "" && @configuration['tenant'] == ""
+      $logger.error("Either ServerURL or Tenant must be set")
+      raise InvalidConfigurationException
+    end
+
+    if @configuration['username'].nil? || @configuration['password'].nil?
+      $logger.error("Must provide username and password")
+      raise InvalidConfigurationException
+    end
+
+    if @configuration['tld'].nil?
+      @configuration['tld'] = DEFAULT_TLD
+    end
+
+    if @configuration['api_path_uri'].nil?
+      @configuration['api_path_uri'] = DEFAULT_API_PATH_URI
+    end
+    @configuration['api_path_uri'].delete_suffix!("/")
+
+    if @configuration['token_path_uri'].nil?
+      @configuration['token_path_uri'] = DEFAULT_TOKEN_PATH_URI
+    end
+    @configuration['token_path_uri'].delete_suffix!("/")
+  end
+
+  # Helper method to access a resource via API
+  #
+  # @param method [String] HTTP Request Method
+  # @param resource [String] The resource type to invoke
+  # @param path [String] The API Path to request
+  # @param parse_json [Boolean] Determine whether we want to return a hash, or raw output
+  #
+  # @return [Hash] - If +parse_json+, return Hash of JSON contents
+  # @return [String] - Otherwise, return raw HTTP Response Body
+  #
+  # - +AccessDeniedException+ is raised if the server responds with an +API_AccessDenied+ error
+  # - +InvalidMethodTypeException+ is raised if a method other than +["GET", "POST", "PUT", "DELETE"]+ is provided
+  # - +UnrecognizedResourceException+ is raised if a resource other than +["secrets"]+ is requested
+  def accessResource(method, resource, path, parse_json = true)
+    unless ["GET", "POST", "PUT", "DELETE"].include?(method.upcase)
+      $logger.error "Invalid request method: #{method}"
+      raise InvalidMethodTypeException
+    end
+
+    unless ["secrets"].include? resource
+      $logger.debug "unrecognized resource: #{resource}"
+      raise UnrecognizedResourceException
+    end
+
+    accessToken = getAccessToken
+
+    url = urlFor(resource, path)
+    $logger.debug "Sending request to: #{url}"
+    resp = Faraday.send(method.downcase, url) do | req |
+      req.headers['Authorization'] = "Bearer #{accessToken}"
+
+      if ["POST", "PUT"].include?(method.upcase)
+        req.headers['Content-Type'] = 'application/json'
+      end
+    end
+
+    data = resp.body
+
+    return data unless parse_json
+
+    begin
+      hash = JSON.parse(data)
+
+      if hash['errorCode'] == "API_AccessDenied"
+        raise AccessDeniedException
+      end
+    rescue JSON::ParserError => e
+      $logger.error "Error parsing JSON: #{e.to_s}"
+      raise e
+    end
+
+    return hash
+  end
+
+  # Query API for OAuth token
+  #
+  # - +InvalidCredentialsException+ is returned if the provided credentials are not valid
+  # 
+  # @return [String]
+  def getAccessToken
+    grantRequest = {
+      grant_type: 'password',
+      username: @configuration['username'],
+      password: @configuration['password']
+    }
+
+    url = urlFor("token")
+
+    response = Faraday.post(
+      url, 
+      grantRequest
+    )
+
+    unless response.status == 200
+      $logger.error "Unable to retrive credentials for username: #{@configuration['username']}"
+      $logger.error "\t #{response.body}"
+      raise InvalidCredentialsException
+    end
+
+    begin
+      grant = JSON.parse(response.body)
+      return grant['access_token']
+    rescue JSON::ParserError => e
+      $logger.error "Error parsing JSON: #{e.to_s}"
+      raise e
+    end
+  end
+
+  # Generate the URL for a specific request.
+  # This factors in several configuration options including:
+  # - +tenant+
+  # - +server_url+
+  # - +token_path_uri+
+  # - +api_path_uri+
+  #
+  # @param resource [String] The specific API resource to request
+  # @param path [String] The path to the resource
+  #
+  # @return [String] The generated URL for the request
+  def urlFor(resource, path=nil)
+
+    if @configuration['server_url'].nil? || @configuration['server_url'] == ""
+      baseURL = sprintf(DEFAULT_URL_TEMPLATE, @configuration['tenant'], @configuration['tld']).delete_suffix("/")
+    else
+      baseURL = @configuration['server_url'].delete_suffix("/")
+    end
+
+    if resource == "token"
+      return sprintf("%s/%s", baseURL, @configuration['token_path_uri'].delete_prefix("/"))
+    end
+
+    if path != "/"
+      path = path.delete_prefix("/")
+    end
+
+    sprintf("%s/%s/%s/%s", baseURL, @configuration['api_path_uri'].delete_prefix("/"), resource.delete_suffix("/").delete_prefix("/"), path)
+  end
+  
+end

metadata

@@ -0,0 +1,59 @@
+--- !ruby/object:Gem::Specification
+name: tss-sdk
+version: !ruby/object:Gem::Version
+  version: 0.0.0
+platform: ruby
+authors:
+- John Poulin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-04-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+description: The Thycotic TSS SDK for Ruby
+email: john.m.poulin@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/server.rb
+- lib/server/secret.rb
+- lib/server/server.rb
+homepage: https://rubygems.org/gems/hola
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: tss-sdk
+test_files: []