Return path of secret file

Prefer easier to remember bin name

.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec/spec_helper

.travis.yml

@@ -0,0 +1,16 @@
+language: ruby
+rvm:
+  - 1.9.3
+  - 2.0.0
+addons:
+  code_climate:
+    repo_token:
+      secure: "XbKXMtcF/NnFr9JMuJNRzgsUcDcHxGi5jVc2B4HGT4EHDUnOV/06SfTTJMiLz3hgIgH1dpEgt+4cjAzAmZrmZrViY3rOH0MU1f6eAF4+BPMb0JwKYnPxTyPF5RjsWf0aFe6JdYM1S1T7EpP2XUAlV9ppmCYKrYUEa/OAXsz4ruU="
+deploy:
+  provider: rubygems
+  api_key:
+    secure: "CFXaOgtLypVc3/Nn3NFyeTYJ3rR/KNua2FPFHc02h5K/TPm8PMlHsYEB3e9OpithnC5cLqPUUlyZL4Gz7QC4zxX0G4luNVz+ZXdueMk1GBstK9QMsrjOQMKnQTCPaK/3x2/53kuPWMjYSyn5+ICkf/Omq1EVD4YEplhSvIRA9QQ="
+  gem: zanzibar
+  on:
+    tags: true
+    all_branches: true

Gemfile

@@ -1,9 +1,16 @@
 source 'https://rubygems.org'
 
 gem 'savon'
-gem 'savon_spec'
-gem 'rspec'
-gem 'webmock'
+
+group :test do
+  gem 'rake'
+  gem 'savon_spec'
+  gem 'rspec'
+  gem 'webmock'
+  gem 'codeclimate-test-reporter'
+  gem 'zanzibar', path: '.'
+  gem 'rubocop'
+end
 
 # Specify your gem's dependencies in zanzibar.gemspec
 gemspec

README.md

@@ -1,5 +1,5 @@
 # Zanzibar
-
+[![Gem Version](https://badge.fury.io/rb/zanzibar.svg)](http://badge.fury.io/rb/zanzibar)
 
 Zanzibar is a utility to retrieve secrets from a Secret Server installation. It supports retrieval of a password, public/private key, or secret attachment.
 
@@ -38,19 +38,33 @@ secrets = Zanzibar::Zanzibar.new(:domain => 'mydomain.net', :wsdl => "https://my
 # Zanzibar::Zanzibar.new(:domain => 'mydomain.net', :wsdl => "https://my.scrt.server/webservices/sswebservice.asmx?wsdl", :globals => {:ssl_verify_mode => :none})
 
 ## Simple password -> takes secret id as argument
-secrets.get_secret(1234)
+secrets.get_password(1234)
 
-## Private Key -> takes hash as argument, requires :scrt_id, optional :scrt_item_id, :path
-secrets.download_private_key(:scrt_id => 2345, :path => 'secrets/')
+## Private Key -> takes hash as argument, requires :scrt_id, :type, optional :scrt_item_id, :path
+secrets.download_secret_file(:scrt_id => 2345, :path => 'secrets/', :type => "Private Key")
 
-## Public Key -> takes hash as argument, requires :scrt_id, optional :scrt_item_id, :path
-secrets.download_public_key(:scrt_id => 2345, :path => 'secrets/')
+## Public Key -> takes hash as argument, requires :scrt_id, :type, optional :scrt_item_id, :path
+secrets.download_secret_file(:scrt_id => 2345, :path => 'secrets/', :type => "Public Key")
 
-## Attachment; only supports secrets with single attachment -> takes hash as argument, requires :scrt_id, optional :scrt_item_id, :path
-secrets.download_attachment(:scrt_id => 3456, :path => 'secrets/')
+## Attachment; only supports secrets with single attachment -> takes hash as argument, requires :scrt_id, :path, optional :scrt_item_id, :path
+secrets.download_secret_file(:scrt_id => 2345, :path => 'secrets/', :type => "Attachment")
 
 ```
 
+### Command Line
+
+Zanzibar comes bundled with the `zanzibar` command-line utility that can be used for fetching passwords and downloading keys from outside of Ruby.
+
+`zanzibar` supports most actions provided by Zanzibar itself. Because it operates on the command-line, it can be used as part of a pipeline or within a bash script.
+
+```bash
+# if you don't pipe in a password, you will be prompted to enter one.
+# this will download the private key from secret 1984 to the current directory
+cat ./local-password | zanzibar 1984 -s server.example.com -d example.com -t privatekey
+
+ssh user@someremote -i ./private_key
+```
+
 ## Contributing
 
 1. Fork it ( https://github.com/Cimpress-MCP/zanzibar/fork )

Rakefile

@@ -1,10 +1,11 @@
-require "bundler/gem_tasks"
-
-task 'test' do
-  Dir.chdir('test')
-  system("rspec zanzibar_spec.rb")
-end
-
-task 'install_dependencies' do
-  system('bundle install')
-end
+require 'bundler/gem_tasks'
+require 'bundler/setup' # load up our gem environment (incl. local zanzibar)
+require 'rspec/core/rake_task'
+require 'zanzibar/version'
+require 'rubocop/rake_task'
+
+task default: [:test]
+
+RSpec::Core::RakeTask.new(:test)
+
+RuboCop::RakeTask.new

bin/zamioculcas

@@ -0,0 +1,2 @@
+#! ruby
+system("zanzibar #{ARGV.join(" ")}")

bin/zanzibar

@@ -0,0 +1,70 @@
+#! ruby
+
+require 'zanzibar'
+require 'optparse'
+
+options = {
+  :domain => 'local'
+}
+
+OptionParser.new do |opts|
+  opts.banner = "Usage: zamioculcas -d domain [-w wsdl] [-k] [-p] [secret_id]"
+
+  opts.on("-d", "--domain DOMAIN", "Specify domain") do |v|
+    options[:domain] = v
+  end
+
+  opts.on("-w", "--wsdl WSDL", "Specify WSDL location") do |v|
+    options[:wsdl] = v
+  end
+
+  opts.on("-s", "--server SERVER", "Secret server hostname or IP") do |v|
+    options[:server] = v
+  end
+
+  opts.on("-k", "--no-check-certificate", "Don't run SSL certificate checks") do |v|
+    options[:globals] = {:ssl_verify_mode => :none}
+  end
+
+  opts.on("-p", "--password PASSWORD", "Specify password") do |v|
+    options[:pwd] = v
+  end
+
+  opts.on("-t", "--type TYPE", "Specify the type of secret") do |v|
+    options[:type] = v
+  end
+
+  opts.on("-u", "--user USER", "Specify the username") do |v|
+    options[:username] = v
+  end
+  
+end.parse!
+
+raise OptionParser::MissingArgument if options[:server].nil?
+options[:type] = "password" if options[:type].nil?
+
+unless STDIN.tty? || options[:pwd]
+  options[:pwd] = $stdin.read.strip
+end
+
+secret_id = Integer(ARGV.pop)
+if(!secret_id)
+  fail "no secret!"
+end
+
+unless options[:wsdl] || options[:server].nil?
+  options[:wsdl] = "https://#{options[:server]}/webservices/sswebservice.asmx?wsdl"
+end
+
+scrt = Zanzibar::Zanzibar.new(options)
+
+case options[:type]
+when "password"
+  $stdout.write "#{scrt.get_password(secret_id)}\n"
+when "privatekey"
+  scrt.download_private_key(:scrt_id=>secret_id)
+when "publickey"
+  scrt.download_public_key(:scrt_id=>secret_id)
+else
+  $stderr.write "#{options[:type]} is not a known type."
+end

lib/zanzibar.rb

@@ -1,209 +1,176 @@
-require "zanzibar/version"
-require 'savon'
-require 'io/console'
-require 'fileutils'
-
-module Zanzibar
-
-  ##
-  # Class for interacting with Secret Server
-  class Zanzibar
-
-    ##
-    # @param args{:domain, :wsdl, :pwd, :globals{}}
-
-    def initialize(args = {})
-      if args[:wsdl]
-        @@wsdl = args[:wsdl]
-      else
-        @@wsdl = get_wsdl_location
-      end
-      if args[:pwd]
-          @@password = args[:pwd]
-      else
-        @@password = prompt_for_password
-      end
-      if args[:domain]
-        @@domain = args[:domain]
-      else
-        @@domain = prompt_for_domain
-      end
-      args[:globals] = {} unless args[:globals]
-      init_client(args[:globals])
-    end
-
-    ## Initializes the Savon client class variable with the wdsl document location and optional global variables
-    # @param globals{}, optional
-
-    def init_client(globals = {})
-      globals = {} if globals == nil
-      @@client = Savon.client(globals) do
-        wsdl @@wsdl
-      end
-    end
-
-    ## Gets the user's password if none is provided in the constructor.
-    # @return [String] the password for the current user
-
-    def prompt_for_password
-      puts "Please enter password for #{ENV['USER']}:"
-      return STDIN.noecho(&:gets).chomp
-    end
-
-    ## Gets the wsdl document location if none is provided in the constructor
-    # @return [String] the location of the WDSL document
-
-    def get_wsdl_location
-      puts "Enter the URL of the Secret Server WSDL:"
-      return STDIN.gets.chomp
-    end
-
-    ## Gets the domain of the Secret Server installation if none is provided in the constructor
-    # @return [String] the domain of the secret server installation
-
-    def prompt_for_domain
-      puts "Enter the domain of your Secret Server:"
-      return STDIN.gets.chomp
-    end
-
-
-    ## Get an authentication token for interacting with Secret Server. These are only good for about 10 minutes so just get a new one each time.
-    # Will raise an error if there is an issue with the authentication.
-    # @return the authentication token for the current user.
-
-    def get_token
-      begin
-        response = @@client.call(:authenticate, message: { username: ENV['USER'], password: @@password, organization: "", domain: @@domain }).hash
-        if response[:envelope][:body][:authenticate_response][:authenticate_result][:errors]
-          raise "Error generating the authentication token for user #{ENV['USER']}: #{response[:envelope][:body][:authenticate_response][:authenticate_result][:errors][:string]}"
-        end
-        response[:envelope][:body][:authenticate_response][:authenticate_result][:token]
-      rescue Savon::Error => err
-        raise "There was an error generating the authentiaton token for user #{ENV['USER']}: #{err}"
-      end
-    end
-
-    ## Get a secret returned as a hash
-    # Will raise an error if there was an issue getting the secret
-    # @param [Integer] the secret id
-    # @return [Hash] the secret hash retrieved from the wsdl
-
-    def get_secret(scrt_id, token = nil)
-      begin
-        secret = @@client.call(:get_secret, message: { token: token || get_token, secretId: scrt_id}).hash
-        if secret[:envelope][:body][:get_secret_response][:get_secret_result][:errors]
-          raise "There was an error getting secret #{scrt_id}: #{secret[:envelope][:body][:get_secret_response][:get_secret_result][:errors][:string]}"
-        end
-        return secret
-      rescue Savon::Error => err
-        raise "There was an error getting the secret with id #{scrt_id}: #{err}"
-      end
-    end
-
-    ## Retrieve a simple password from a secret
-    # Will raise an error if there are any issues
-    # @param [Integer] the secret id
-    # @return [String] the password for the given secret
-
-    def get_password(scrt_id)
-      begin
-        secret = get_secret(scrt_id)
-        return secret[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:items][:secret_item][1][:value]
-      rescue Savon::Error => err
-        raise "There was an error getting the password for secret #{scrt_id}: #{err}"
-      end
-    end
-
-    ## Get the secret item id that relates to a key file or attachment.
-    # Will raise on error
-    # @param [Integer] the secret id
-    # @param [String] the type of secret item to get, one of privatekey, publickey, attachment
-    # @return [Integer] the secret item id
-
-    def get_scrt_item_id(scrt_id, type, token)
-      secret = get_secret(scrt_id, token)
-      case type
-        when 'privatekey'
-          ## Get private key item id
-          secret[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:items][:secret_item].each do |item|
-            return item[:id] if item[:field_name] == 'Private Key'
-          end
-        when 'publickey'
-          ## Get public key item id
-          secret[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:items][:secret_item].each do |item|
-            return item[:id] if item[:field_name] == 'Public Key'
-          end
-        when 'attachment'
-          ## Get attachment item id. This currently only supports secrets with one attachment.
-          secret[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:items][:secret_item].each do |item|
-            return item[:id] if item[:field_name] == 'Attachment'
-          end
-        else
-          raise "Unknown type, #{type}."
-        end
-    end
-
-    ## Downloads the private key for a secret and places it where Zanzibar is running, or :path if specified
-    # Raise on error
-    # @param [Hash] args, :scrt_id, :scrt_item_id - optional, :path - optional
-
-    def download_private_key(args = {})
-      token = get_token
-      FileUtils.mkdir_p(args[:path]) if args[:path]
-      path = args[:path] ? args[:path] : '.' ## The File.join below doesn't handle nils well, so let's take that possibility away.
-      begin
-        response = @@client.call(:download_file_attachment_by_item_id, message: { token: token, secretId: args[:scrt_id], secretItemId: args[:scrt_item_id] || get_scrt_item_id(args[:scrt_id], 'privatekey', token)}).hash
-        if response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:errors]
-          raise "There was an error getting the private key for secret #{args[:scrt_id]}: #{response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:string]}"
-        end
-        File.open(File.join(path, response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_name]), 'wb') do |file|
-          file.puts Base64.decode64(response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_attachment])
-        end
-      rescue Savon::Error => err
-        raise "There was an error getting the private key for secret #{args[:scrt_id]}: #{err}"
-      end
-    end
-
-    ## Downloads the public key for a secret and places it where Zanzibar is running, or :path if specified
-    # Raise on error
-    # @param [Hash] args, :scrt_id, :scrt_item_id - optional, :path - optional
-
-    def download_public_key(args = {})
-      token = get_token
-      FileUtils.mkdir_p(args[:path]) if args[:path]
-      path = args[:path] ? args[:path] : '.' ## The File.join below doesn't handle nils well, so let's take that possibility away.
-      begin
-        response = @@client.call(:download_file_attachment_by_item_id, message: { token: token, secretId: args[:scrt_id], secretItemId: args[:scrt_item_id] || get_scrt_item_id(args[:scrt_id], 'publickey', token)}).hash
-        if response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:errors]
-          raise "There was an error getting the public key for secret #{args[:scrt_id]}: #{response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:string]}"
-      end
-        File.open(File.join(path, response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_name]), 'wb') do |file|
-          file.puts Base64.decode64(response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_attachment])
-        end
-      rescue Savon::Error => err
-        raise "There was an error getting the public key for secret #{args[:scrt_id]}: #{err}"
-      end
-    end
-
-    ## Downloads an attachment for a secret and places it where Zanzibar is running, or :path if specified
-    # Raise on error
-    # @param [Hash] args, :scrt_id, :scrt_item_id - optional, :path - optional
-
-    def download_attachment(args = {})
-      token = get_token
-      FileUtils.mkdir_p(args[:path]) if args[:path]
-      path = args[:path] ? args[:path] : '.' ## The File.join below doesn't handle nils well, so let's take that possibility away.
-      begin
-        response = @@client.call(:download_file_attachment_by_item_id, message: { token: token, secretId: args[:scrt_id], secretItemId: args[:scrt_item_id] || get_scrt_item_id(args[:scrt_id], 'attachment', token)}).hash
-        if response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:errors]
-          raise "There was an error getting the attachment for secret #{args[:scrt_id]}: #{response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:string]}"
-      end
-        File.open(File.join(path, response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_name]), 'wb') do |file|
-          file.puts Base64.decode64(response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_attachment])
-        end
-      rescue Savon::Error => err
-        raise "There was an error getting the attachment from secret #{args[:scrt_id]}: #{err}"
-      end
-    end
-  end
-end
+require 'zanzibar/version'
+require 'savon'
+require 'io/console'
+require 'fileutils'
+
+module Zanzibar
+  ##
+  # Class for interacting with Secret Server
+  class Zanzibar
+    ##
+    # @param args{:domain, :wsdl, :pwd, :username, :globals{}}
+
+    def initialize(args = {})
+      if args[:username]
+        @@username = args[:username]
+      else
+        @@username = ENV['USER']
+      end
+
+      if args[:wsdl]
+        @@wsdl = args[:wsdl]
+      else
+        @@wsdl = get_wsdl_location
+      end
+      if args[:pwd]
+        @@password = args[:pwd]
+      else
+        @@password = prompt_for_password
+      end
+      if args[:domain]
+        @@domain = args[:domain]
+      else
+        @@domain = prompt_for_domain
+      end
+      args[:globals] = {} unless args[:globals]
+      init_client(args[:globals])
+    end
+
+    ## Initializes the Savon client class variable with the wdsl document location and optional global variables
+    # @param globals{}, optional
+
+    def init_client(globals = {})
+      globals = {} if globals.nil?
+      @@client = Savon.client(globals) do
+        wsdl @@wsdl
+      end
+    end
+
+    ## Gets the user's password if none is provided in the constructor.
+    # @return [String] the password for the current user
+
+    def prompt_for_password
+      puts "Please enter password for #{@@username}:"
+      STDIN.noecho(&:gets).chomp
+    end
+
+    ## Gets the wsdl document location if none is provided in the constructor
+    # @return [String] the location of the WDSL document
+
+    def prompt_for_wsdl_location
+      puts 'Enter the URL of the Secret Server WSDL:'
+      STDIN.gets.chomp
+    end
+
+    ## Gets the domain of the Secret Server installation if none is provided in the constructor
+    # @return [String] the domain of the secret server installation
+
+    def prompt_for_domain
+      puts 'Enter the domain of your Secret Server:'
+      STDIN.gets.chomp
+    end
+
+    ## Get an authentication token for interacting with Secret Server. These are only good for about 10 minutes so just get a new one each time.
+    # Will raise an error if there is an issue with the authentication.
+    # @return the authentication token for the current user.
+
+    def get_token
+      response = @@client.call(:authenticate, message: { username: @@username, password: @@password, organization: '', domain: @@domain })
+                 .hash[:envelope][:body][:authenticate_response][:authenticate_result]
+      fail "Error generating the authentication token for user #{@@username}: #{response[:errors][:string]}"  if response[:errors]
+      response[:token]
+    rescue Savon::Error => err
+      raise "There was an error generating the authentiaton token for user #{@@username}: #{err}"
+    end
+
+    ## Get a secret returned as a hash
+    # Will raise an error if there was an issue getting the secret
+    # @param [Integer] the secret id
+    # @return [Hash] the secret hash retrieved from the wsdl
+
+    def get_secret(scrt_id, token = nil)
+      secret = @@client.call(:get_secret, message: { token: token || get_token, secretId: scrt_id }).hash[:envelope][:body][:get_secret_response][:get_secret_result]
+      fail "There was an error getting secret #{scrt_id}: #{secret[:errors][:string]}" if secret[:errors]
+      return secret
+    rescue Savon::Error => err
+      raise "There was an error getting the secret with id #{scrt_id}: #{err}"
+    end
+
+    ## Retrieve a simple password from a secret
+    # Will raise an error if there are any issues
+    # @param [Integer] the secret id
+    # @return [String] the password for the given secret
+
+    def get_password(scrt_id)
+      secret = get_secret(scrt_id)
+      secret_items = secret[:secret][:items][:secret_item]
+      return get_secret_item_by_field_name(secret_items, 'Password')[:value]
+    rescue Savon::Error => err
+      raise "There was an error getting the password for secret #{scrt_id}: #{err}"
+    end
+
+    def write_secret_to_file(path, secret_response)
+      File.open(File.join(path, secret_response[:file_name]), 'wb') do |file|
+        file.puts Base64.decode64(secret_response[:file_attachment])
+      end
+    end
+
+    def get_secret_item_by_field_name(secret_items, field_name)
+      secret_items.each do |item|
+        return item if item[:field_name] == field_name
+      end
+    end
+
+    ## Get the secret item id that relates to a key file or attachment.
+    # Will raise on error
+    # @param [Integer] the secret id
+    # @param [String] the type of secret item to get, one of privatekey, publickey, attachment
+    # @return [Integer] the secret item id
+
+    def get_scrt_item_id(scrt_id, type, token)
+      secret = get_secret(scrt_id, token)
+      secret_items = secret[:secret][:items][:secret_item]
+      begin
+        return get_secret_item_by_field_name(secret_items, type)[:id]
+      rescue
+        raise "Unknown type, #{type}."
+      end
+    end
+
+    ## Downloads a file for a secret and places it where Zanzibar is running, or :path if specified
+    # Raise on error
+    # @param [Hash] args, :scrt_id, :type (one of "Private Key", "Public Key", "Attachment"), :scrt_item_id - optional, :path - optional
+
+    def download_secret_file(args = {})
+      token = get_token
+      FileUtils.mkdir_p(args[:path]) if args[:path]
+      path = args[:path] ? args[:path] : '.' ## The File.join below doesn't handle nils well, so let's take that possibility away.
+      begin
+        response = @@client.call(:download_file_attachment_by_item_id, message:
+          { token: token, secretId: args[:scrt_id], secretItemId: args[:scrt_item_id] || get_scrt_item_id(args[:scrt_id], args[:type], token) })
+                   .hash[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result]
+        fail "There was an error getting the #{args[:type]} for secret #{args[:scrt_id]}: #{response[:errors][:string]}"  if response[:errors]
+        write_secret_to_file(path, response)
+        return File.join(path, response[:file_name])
+      rescue Savon::Error => err
+        raise "There was an error getting the #{args[:type]} for secret #{args[:scrt_id]}: #{err}"
+      end
+    end
+
+    ## Methods to maintain backwards compatibility
+    def download_private_key(args = {})
+      args[:type] = 'Private Key'
+      download_secret_file(args)
+    end
+
+    def download_public_key(args = {})
+      args[:type] = 'Public Key'
+      download_secret_file(args)
+    end
+
+    def download_attachment(args = {})
+      args[:type] = 'Attachment'
+      download_secret_file(args)
+    end
+  end
+end

lib/zanzibar/version.rb

@@ -1,3 +1,3 @@
-module Zanzibar
-  VERSION = "0.0.8"
-end
+module Zanzibar
+  VERSION = '0.1.12'
+end

spec/responses/attachment_response.xml

@@ -1,12 +1,12 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
-  <soap:Body>
-    <DownloadFileAttachmentByItemIdResponse xmlns="urn:thesecretserver.com">
-      <DownloadFileAttachmentByItemIdResult>
-        <Errors />
-        <FileAttachment>SSBhbSBhIHNlY3JldCBhdHRhY2htZW50</FileAttachment>
-        <FileName>attachment.txt</FileName>
-      </DownloadFileAttachmentByItemIdResult>
-    </DownloadFileAttachmentByItemIdResponse>
-  </soap:Body>
-</soap:Envelope>
+<?xml version="1.0" encoding="UTF-8"?>
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  <soap:Body>
+    <DownloadFileAttachmentByItemIdResponse xmlns="urn:thesecretserver.com">
+      <DownloadFileAttachmentByItemIdResult>
+        <Errors />
+        <FileAttachment>SSBhbSBhIHNlY3JldCBhdHRhY2htZW50</FileAttachment>
+        <FileName>attachment.txt</FileName>
+      </DownloadFileAttachmentByItemIdResult>
+    </DownloadFileAttachmentByItemIdResponse>
+  </soap:Body>
+</soap:Envelope>

spec/responses/download_private_key_response.xml

@@ -1,12 +1,12 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
-  <soap:Body>
-    <DownloadFileAttachmentByItemIdResponse xmlns="urn:thesecretserver.com">
-      <DownloadFileAttachmentByItemIdResult>
-        <Errors />
-        <FileAttachment>LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVkgLS0tLS0KemFuemliYXJUZXN0UGFzc3dvcmQKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0=</FileAttachment>
-        <FileName>zanzi_key</FileName>
-      </DownloadFileAttachmentByItemIdResult>
-    </DownloadFileAttachmentByItemIdResponse>
-  </soap:Body>
-</soap:Envelope>
+<?xml version="1.0" encoding="UTF-8"?>
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  <soap:Body>
+    <DownloadFileAttachmentByItemIdResponse xmlns="urn:thesecretserver.com">
+      <DownloadFileAttachmentByItemIdResult>
+        <Errors />
+        <FileAttachment>LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVkgLS0tLS0KemFuemliYXJUZXN0UGFzc3dvcmQKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0=</FileAttachment>
+        <FileName>zanzi_key</FileName>
+      </DownloadFileAttachmentByItemIdResult>
+    </DownloadFileAttachmentByItemIdResponse>
+  </soap:Body>
+</soap:Envelope>

spec/responses/get_secret_with_attachment_response.xml

@@ -1,57 +1,57 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
-  <soap:Body>
-    <GetSecretResponse xmlns="urn:thesecretserver.com">
-      <GetSecretResult>
-        <Errors />
-        <Secret>
-          <Name>Zanzi Secret Attachment</Name>
-          <Items>
-            <SecretItem>
-              <Value>N/A</Value>
-              <Id>20144</Id>
-              <FieldId>284</FieldId>
-              <FieldName>Username</FieldName>
-              <IsFile>false</IsFile>
-              <IsNotes>false</IsNotes>
-              <IsPassword>false</IsPassword>
-              <FieldDisplayName>Username</FieldDisplayName>
-            </SecretItem>
-            <SecretItem>
-              <Value>N/A</Value>
-              <Id>20145</Id>
-              <FieldId>285</FieldId>
-              <FieldName>Password</FieldName>
-              <IsFile>false</IsFile>
-              <IsNotes>false</IsNotes>
-              <IsPassword>true</IsPassword>
-              <FieldDisplayName>Password</FieldDisplayName>
-            </SecretItem>
-            <SecretItem>
-              <Value />
-              <Id>20148</Id>
-              <FieldId>287</FieldId>
-              <FieldName>Attachment</FieldName>
-              <IsFile>true</IsFile>
-              <IsNotes>false</IsNotes>
-              <IsPassword>false</IsPassword>
-              <FieldDisplayName>Attachment</FieldDisplayName>
-            </SecretItem>
-          </Items>
-          <Id>3456</Id>
-          <SecretTypeId>6028</SecretTypeId>
-          <FolderId>85</FolderId>
-          <IsWebLauncher>false</IsWebLauncher>
-          <Active>true</Active>
-          <CheckOutMinutesRemaining xsi:nil="true" />
-          <IsCheckedOut xsi:nil="true" />
-          <CheckOutUserDisplayName />
-          <CheckOutUserId xsi:nil="true" />
-          <IsOutOfSync xsi:nil="true" />
-          <IsRestricted>false</IsRestricted>
-          <OutOfSyncReason />
-        </Secret>
-      </GetSecretResult>
-    </GetSecretResponse>
-  </soap:Body>
-</soap:Envelope>
+<?xml version="1.0" encoding="UTF-8"?>
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  <soap:Body>
+    <GetSecretResponse xmlns="urn:thesecretserver.com">
+      <GetSecretResult>
+        <Errors />
+        <Secret>
+          <Name>Zanzi Secret Attachment</Name>
+          <Items>
+            <SecretItem>
+              <Value>N/A</Value>
+              <Id>20144</Id>
+              <FieldId>284</FieldId>
+              <FieldName>Username</FieldName>
+              <IsFile>false</IsFile>
+              <IsNotes>false</IsNotes>
+              <IsPassword>false</IsPassword>
+              <FieldDisplayName>Username</FieldDisplayName>
+            </SecretItem>
+            <SecretItem>
+              <Value>N/A</Value>
+              <Id>20145</Id>
+              <FieldId>285</FieldId>
+              <FieldName>Password</FieldName>
+              <IsFile>false</IsFile>
+              <IsNotes>false</IsNotes>
+              <IsPassword>true</IsPassword>
+              <FieldDisplayName>Password</FieldDisplayName>
+            </SecretItem>
+            <SecretItem>
+              <Value />
+              <Id>20148</Id>
+              <FieldId>287</FieldId>
+              <FieldName>Attachment</FieldName>
+              <IsFile>true</IsFile>
+              <IsNotes>false</IsNotes>
+              <IsPassword>false</IsPassword>
+              <FieldDisplayName>Attachment</FieldDisplayName>
+            </SecretItem>
+          </Items>
+          <Id>3456</Id>
+          <SecretTypeId>6028</SecretTypeId>
+          <FolderId>85</FolderId>
+          <IsWebLauncher>false</IsWebLauncher>
+          <Active>true</Active>
+          <CheckOutMinutesRemaining xsi:nil="true" />
+          <IsCheckedOut xsi:nil="true" />
+          <CheckOutUserDisplayName />
+          <CheckOutUserId xsi:nil="true" />
+          <IsOutOfSync xsi:nil="true" />
+          <IsRestricted>false</IsRestricted>
+          <OutOfSyncReason />
+        </Secret>
+      </GetSecretResult>
+    </GetSecretResponse>
+  </soap:Body>
+</soap:Envelope>

spec/responses/get_secret_with_keys_response.xml

@@ -1,47 +1,47 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
-  <soap:Body>
-    <GetSecretResponse xmlns="urn:thesecretserver.com">
-      <GetSecretResult>
-        <Errors />
-        <Secret>
-          <Name>Zanzibar Test Keys</Name>
-          <Items>
-            <SecretItem>
-              <Value />
-              <Id>15214</Id>
-              <FieldId>486</FieldId>
-              <FieldName>Private Key</FieldName>
-              <IsFile>true</IsFile>
-              <IsNotes>false</IsNotes>
-              <IsPassword>false</IsPassword>
-              <FieldDisplayName>Private Key</FieldDisplayName>
-            </SecretItem>
-            <SecretItem>
-              <Value />
-              <Id>15215</Id>
-              <FieldId>487</FieldId>
-              <FieldName>Public Key</FieldName>
-              <IsFile>true</IsFile>
-              <IsNotes>false</IsNotes>
-              <IsPassword>false</IsPassword>
-              <FieldDisplayName>Public Key</FieldDisplayName>
-            </SecretItem>
-          </Items>
-          <Id>2345</Id>
-          <SecretTypeId>6054</SecretTypeId>
-          <FolderId>85</FolderId>
-          <IsWebLauncher>false</IsWebLauncher>
-          <Active>true</Active>
-          <CheckOutMinutesRemaining xsi:nil="true" />
-          <IsCheckedOut xsi:nil="true" />
-          <CheckOutUserDisplayName />
-          <CheckOutUserId xsi:nil="true" />
-          <IsOutOfSync xsi:nil="true" />
-          <IsRestricted>false</IsRestricted>
-          <OutOfSyncReason />
-        </Secret>
-      </GetSecretResult>
-    </GetSecretResponse>
-  </soap:Body>
-</soap:Envelope>
+<?xml version="1.0" encoding="UTF-8"?>
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  <soap:Body>
+    <GetSecretResponse xmlns="urn:thesecretserver.com">
+      <GetSecretResult>
+        <Errors />
+        <Secret>
+          <Name>Zanzibar Test Keys</Name>
+          <Items>
+            <SecretItem>
+              <Value />
+              <Id>15214</Id>
+              <FieldId>486</FieldId>
+              <FieldName>Private Key</FieldName>
+              <IsFile>true</IsFile>
+              <IsNotes>false</IsNotes>
+              <IsPassword>false</IsPassword>
+              <FieldDisplayName>Private Key</FieldDisplayName>
+            </SecretItem>
+            <SecretItem>
+              <Value />
+              <Id>15215</Id>
+              <FieldId>487</FieldId>
+              <FieldName>Public Key</FieldName>
+              <IsFile>true</IsFile>
+              <IsNotes>false</IsNotes>
+              <IsPassword>false</IsPassword>
+              <FieldDisplayName>Public Key</FieldDisplayName>
+            </SecretItem>
+          </Items>
+          <Id>2345</Id>
+          <SecretTypeId>6054</SecretTypeId>
+          <FolderId>85</FolderId>
+          <IsWebLauncher>false</IsWebLauncher>
+          <Active>true</Active>
+          <CheckOutMinutesRemaining xsi:nil="true" />
+          <IsCheckedOut xsi:nil="true" />
+          <CheckOutUserDisplayName />
+          <CheckOutUserId xsi:nil="true" />
+          <IsOutOfSync xsi:nil="true" />
+          <IsRestricted>false</IsRestricted>
+          <OutOfSyncReason />
+        </Secret>
+      </GetSecretResult>
+    </GetSecretResponse>
+  </soap:Body>
+</soap:Envelope>

spec/spec/spec_helper.rb

@@ -0,0 +1,95 @@
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# The generated `.rspec` file contains `--require spec_helper` which will cause this
+# file to always be loaded, without a need to explicitly require it in any files.
+#
+# Given that it is always loaded, you are encouraged to keep this file as
+# light-weight as possible. Requiring heavyweight dependencies from this file
+# will add to the boot time of your test suite on EVERY test run, even for an
+# individual file that may not need all of that loaded. Instead, consider making
+# a separate helper file that requires the additional dependencies and performs
+# the additional setup, and require it from the spec files that actually need it.
+#
+# The `.rspec` file also contains a few flags that are not defaults but that
+# users commonly want.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+require 'webmock/rspec'
+require 'codeclimate-test-reporter'
+CodeClimate::TestReporter.start
+
+RSpec.configure do |config|
+  # rspec-expectations config goes here. You can use an alternate
+  # assertion/expectation library such as wrong or the stdlib/minitest
+  # assertions if you prefer.
+  config.expect_with :rspec do |expectations|
+    # This option will default to `true` in RSpec 4. It makes the `description`
+    # and `failure_message` of custom matchers include text for helper methods
+    # defined using `chain`, e.g.:
+    # be_bigger_than(2).and_smaller_than(4).description
+    #   # => "be bigger than 2 and smaller than 4"
+    # ...rather than:
+    #   # => "be bigger than 2"
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+
+  # rspec-mocks config goes here. You can use an alternate test double
+  # library (such as bogus or mocha) by changing the `mock_with` option here.
+  config.mock_with :rspec do |mocks|
+    # Prevents you from mocking or stubbing a method that does not exist on
+    # a real object. This is generally recommended, and will default to
+    # `true` in RSpec 4.
+    mocks.verify_partial_doubles = true
+  end
+
+  config.after(:suite) do
+    WebMock.disable_net_connect!(allow: 'codeclimate.com')
+  end
+
+  # The settings below are suggested to provide a good initial experience
+  # with RSpec, but feel free to customize to your heart's content.
+  #   # These two settings work together to allow you to limit a spec run
+  #   # to individual examples or groups you care about by tagging them with
+  #   # `:focus` metadata. When nothing is tagged with `:focus`, all examples
+  #   # get run.
+  #   config.filter_run :focus
+  #   config.run_all_when_everything_filtered = true
+  #
+  #   # Limits the available syntax to the non-monkey patched syntax that is recommended.
+  #   # For more details, see:
+  #   #   - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
+  #   #   - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
+  #   #   - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
+  #   config.disable_monkey_patching!
+  #
+  #   # This setting enables warnings. It's recommended, but in some cases may
+  #   # be too noisy due to issues in dependencies.
+  #   config.warnings = true
+  #
+  #   # Many RSpec users commonly either run the entire suite or an individual
+  #   # file, and it's useful to allow more verbose output when running an
+  #   # individual spec file.
+  #   if config.files_to_run.one?
+  #     # Use the documentation formatter for detailed output,
+  #     # unless a formatter has already been configured
+  #     # (e.g. via a command-line flag).
+  #     config.default_formatter = 'doc'
+  #   end
+  #
+  #   # Print the 10 slowest examples and example groups at the
+  #   # end of the spec run, to help surface which specs are running
+  #   # particularly slow.
+  #   config.profile_examples = 10
+  #
+  #   # Run specs in random order to surface order dependencies. If you find an
+  #   # order dependency and want to debug it, you can fix the order by providing
+  #   # the seed, which is printed after each run.
+  #   #     --seed 1234
+  #   config.order = :random
+  #
+  #   # Seed global randomization in this process using the `--seed` CLI option.
+  #   # Setting this allows you to use `--seed` to deterministically reproduce
+  #   # test failures related to randomization by passing the same `--seed` value
+  #   # as the one that triggered the failure.
+  #   Kernel.srand config.seed
+end

spec/zanzibar_spec.rb

@@ -0,0 +1,113 @@
+require 'zanzibar'
+require 'savon'
+require 'webmock'
+require 'rspec'
+require 'webmock/rspec'
+
+include WebMock::API
+
+describe 'Zanzibar Test' do
+  client = Zanzibar::Zanzibar.new(domain: 'zanzitest.net', pwd: 'password', wsdl: 'spec/scrt.wsdl')
+  auth_xml = File.read('spec/responses/authenticate_response.xml')
+  secret_xml = File.read('spec/responses/get_secret_response.xml')
+  secret_with_key_xml = File.read('spec/responses/get_secret_with_keys_response.xml')
+  secret_with_attachment_xml = File.read('spec/responses/get_secret_with_attachment_response.xml')
+  private_key_xml = File.read('spec/responses/download_private_key_response.xml')
+  public_key_xml = File.read('spec/responses/download_public_key_response.xml')
+  attachment_xml = File.read('spec/responses/attachment_response.xml')
+
+  it 'should return an auth token' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: auth_xml, status: 200)
+
+    expect(client.get_token).to eq('imatoken')
+  end
+
+  it 'should get a secret' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: auth_xml, status: 200).then
+      .to_return(body: secret_xml, status: 200)
+
+    expect(client.get_secret(1234)[:secret][:name]).to eq('Zanzi Test Secret')
+  end
+
+  it 'should get a password' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: auth_xml, status: 200).then
+      .to_return(body: secret_xml, status: 200)
+
+    expect(client.get_password(1234)).to eq('zanziUserPassword')
+  end
+
+  it 'should download a private key' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: auth_xml, status: 200).then
+      .to_return(body: secret_with_key_xml, status: 200).then
+      .to_return(body: private_key_xml, status: 200)
+
+    client.download_secret_file(scrt_id: 2345, type: 'Private Key')
+    expect(File.exist? 'zanzi_key')
+    expect(File.read('zanzi_key')).to eq("-----BEGIN RSA PRIVATE KEY -----\nzanzibarTestPassword\n-----END RSA PRIVATE KEY-----\n")
+    File.delete('zanzi_key')
+  end
+
+  it 'should download a private key legacy' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: auth_xml, status: 200).then
+      .to_return(body: secret_with_key_xml, status: 200).then
+      .to_return(body: private_key_xml, status: 200)
+
+    client.download_private_key(scrt_id: 2345)
+    expect(File.exist? 'zanzi_key')
+    expect(File.read('zanzi_key')).to eq("-----BEGIN RSA PRIVATE KEY -----\nzanzibarTestPassword\n-----END RSA PRIVATE KEY-----\n")
+    File.delete('zanzi_key')
+  end
+
+  it 'should download a public key' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: auth_xml, status: 200).then
+      .to_return(body: secret_with_key_xml, status: 200).then
+      .to_return(body: public_key_xml, status: 200)
+
+    client.download_secret_file(scrt_id: 2345, type: 'Public Key')
+    expect(File.exist? 'zanzi_key.pub')
+    expect(File.read('zanzi_key.pub')).to eq("1234PublicKey5678==\n")
+    File.delete('zanzi_key.pub')
+  end
+
+  it 'should download a public key legacy' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: auth_xml, status: 200).then
+      .to_return(body: secret_with_key_xml, status: 200).then
+      .to_return(body: public_key_xml, status: 200)
+
+    client.download_public_key(scrt_id: 2345)
+    expect(File.exist? 'zanzi_key.pub')
+    expect(File.read('zanzi_key.pub')).to eq("1234PublicKey5678==\n")
+    File.delete('zanzi_key.pub')
+  end
+
+  it 'should download an attachment' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: auth_xml, status: 200).then
+      .to_return(body: secret_with_attachment_xml, status: 200).then
+      .to_return(body: attachment_xml, status: 200)
+
+    client.download_secret_file(scrt_id: 3456, type: 'Attachment')
+    expect(File.exist? 'attachment.txt')
+    expect(File.read('attachment.txt')).to eq("I am a secret attachment\n")
+    File.delete('attachment.txt')
+  end
+
+  it 'should download an attachment legacy' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: auth_xml, status: 200).then
+      .to_return(body: secret_with_attachment_xml, status: 200).then
+      .to_return(body: attachment_xml, status: 200)
+
+    client.download_attachment(scrt_id: 3456)
+    expect(File.exist? 'attachment.txt')
+    expect(File.read('attachment.txt')).to eq("I am a secret attachment\n")
+    File.delete('attachment.txt')
+  end
+end

test/.rspec

@@ -1,2 +0,0 @@
---color
---require spec_helper

test/spec/spec_helper.rb

@@ -1,90 +0,0 @@
-# This file was generated by the `rspec --init` command. Conventionally, all
-# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
-# The generated `.rspec` file contains `--require spec_helper` which will cause this
-# file to always be loaded, without a need to explicitly require it in any files.
-#
-# Given that it is always loaded, you are encouraged to keep this file as
-# light-weight as possible. Requiring heavyweight dependencies from this file
-# will add to the boot time of your test suite on EVERY test run, even for an
-# individual file that may not need all of that loaded. Instead, consider making
-# a separate helper file that requires the additional dependencies and performs
-# the additional setup, and require it from the spec files that actually need it.
-#
-# The `.rspec` file also contains a few flags that are not defaults but that
-# users commonly want.
-#
-# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
-require 'webmock/rspec'
-RSpec.configure do |config|
-  # rspec-expectations config goes here. You can use an alternate
-  # assertion/expectation library such as wrong or the stdlib/minitest
-  # assertions if you prefer.
-  config.expect_with :rspec do |expectations|
-    # This option will default to `true` in RSpec 4. It makes the `description`
-    # and `failure_message` of custom matchers include text for helper methods
-    # defined using `chain`, e.g.:
-    # be_bigger_than(2).and_smaller_than(4).description
-    #   # => "be bigger than 2 and smaller than 4"
-    # ...rather than:
-    #   # => "be bigger than 2"
-    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
-  end
-
-  # rspec-mocks config goes here. You can use an alternate test double
-  # library (such as bogus or mocha) by changing the `mock_with` option here.
-  config.mock_with :rspec do |mocks|
-    # Prevents you from mocking or stubbing a method that does not exist on
-    # a real object. This is generally recommended, and will default to
-    # `true` in RSpec 4.
-    mocks.verify_partial_doubles = true
-  end
-
-# The settings below are suggested to provide a good initial experience
-# with RSpec, but feel free to customize to your heart's content.
-=begin
-  # These two settings work together to allow you to limit a spec run
-  # to individual examples or groups you care about by tagging them with
-  # `:focus` metadata. When nothing is tagged with `:focus`, all examples
-  # get run.
-  config.filter_run :focus
-  config.run_all_when_everything_filtered = true
-
-  # Limits the available syntax to the non-monkey patched syntax that is recommended.
-  # For more details, see:
-  #   - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
-  #   - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
-  #   - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
-  config.disable_monkey_patching!
-
-  # This setting enables warnings. It's recommended, but in some cases may
-  # be too noisy due to issues in dependencies.
-  config.warnings = true
-
-  # Many RSpec users commonly either run the entire suite or an individual
-  # file, and it's useful to allow more verbose output when running an
-  # individual spec file.
-  if config.files_to_run.one?
-    # Use the documentation formatter for detailed output,
-    # unless a formatter has already been configured
-    # (e.g. via a command-line flag).
-    config.default_formatter = 'doc'
-  end
-
-  # Print the 10 slowest examples and example groups at the
-  # end of the spec run, to help surface which specs are running
-  # particularly slow.
-  config.profile_examples = 10
-
-  # Run specs in random order to surface order dependencies. If you find an
-  # order dependency and want to debug it, you can fix the order by providing
-  # the seed, which is printed after each run.
-  #     --seed 1234
-  config.order = :random
-
-  # Seed global randomization in this process using the `--seed` CLI option.
-  # Setting this allows you to use `--seed` to deterministically reproduce
-  # test failures related to randomization by passing the same `--seed` value
-  # as the one that triggered the failure.
-  Kernel.srand config.seed
-=end
-end

test/zanzibar_spec.rb

@@ -1,80 +0,0 @@
-require '../lib/zanzibar.rb'
-require 'savon'
-require 'webmock'
-require 'rspec'
-require 'webmock/rspec'
-
-include WebMock::API
-
-describe "Zanzibar Test" do
-
-  client = Zanzibar::Zanzibar.new(:domain => "zanzitest.net", :pwd=>'password', :wsdl => "scrt.wsdl")
-  auth_xml = File.read('responses/authenticate_response.xml')
-  secret_xml = File.read('responses/get_secret_response.xml')
-  secret_with_key_xml = File.read('responses/get_secret_with_keys_response.xml')
-  secret_with_attachment_xml = File.read('responses/get_secret_with_attachment_response.xml')
-  private_key_xml = File.read('responses/download_private_key_response.xml')
-  public_key_xml = File.read('responses/download_public_key_response.xml')
-  attachment_xml = File.read('responses/attachment_response.xml')
-
-
-  it 'should return an auth token' do
-    stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
-      to_return(:body => auth_xml, :status => 200)
-
-    expect(client.get_token).to eq("imatoken")
-  end
-
-  it 'should get a secret' do
-    stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
-      to_return(:body => auth_xml, :status => 200).then.
-        to_return(:body => secret_xml, :status => 200)
-
-    expect(client.get_secret(1234)[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:name]).to eq("Zanzi Test Secret")
-  end
-
-  it 'should get a password' do
-    stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
-      to_return(:body => auth_xml, :status => 200).then.
-        to_return(:body => secret_xml, :status => 200)
-
-    expect(client.get_password(1234)).to eq("zanziUserPassword")
-  end
-
-  it 'should download a private key' do
-    stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
-      to_return(:body => auth_xml, :status => 200).then.
-          to_return(:body => secret_with_key_xml, :status => 200).then.
-            to_return(:body => private_key_xml, :status => 200)
-
-      client.download_private_key(:scrt_id => 2345)
-      expect(File.exist? 'zanzi_key')
-      expect(File.read('zanzi_key')).to eq("-----BEGIN RSA PRIVATE KEY -----\nzanzibarTestPassword\n-----END RSA PRIVATE KEY-----\n")
-      File.delete('zanzi_key')
-    end
-
-
-  it 'should download a public key' do
-    stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
-      to_return(:body => auth_xml, :status => 200).then.
-          to_return(:body => secret_with_key_xml, :status => 200).then.
-            to_return(:body => public_key_xml, :status => 200)
-
-      client.download_public_key(:scrt_id => 2345)
-      expect(File.exist? 'zanzi_key.pub')
-      expect(File.read('zanzi_key.pub')).to eq("1234PublicKey5678==\n")
-      File.delete('zanzi_key.pub')
-    end
-
-  it 'should download an attachment' do
-    stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
-      to_return(:body => auth_xml, :status => 200).then.
-          to_return(:body => secret_with_attachment_xml, :status => 200).then.
-            to_return(:body => attachment_xml, :status => 200)
-
-    client.download_attachment(:scrt_id => 3456)
-    expect(File.exist? 'attachment.txt')
-    expect(File.read('attachment.txt')).to eq("I am a secret attachment\n")
-    File.delete('attachment.txt')
-  end
-end

zanzibar.gemspec

@@ -4,21 +4,23 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'zanzibar/version'
 
 Gem::Specification.new do |spec|
-  spec.name          = "zanzibar"
+  spec.name          = 'zanzibar'
   spec.version       = Zanzibar::VERSION
-  spec.authors       = ["Jason Davis-Cooke"]
-  spec.email         = ["jdaviscooke@cimpress.com"]
-  spec.summary       = "Retrieve secrets from Secret Server"
-  spec.description   = "Programatically get secrets from Secret Server via the Web Service API"
-  spec.homepage      = "https://github.com/Cimpress-MCP/zanzibar"
-  spec.license       = "Apache 2.0"
+  spec.authors       = ['Jason Davis-Cooke']
+  spec.email         = ['jdaviscooke@cimpress.com']
+  spec.summary       = 'Retrieve secrets from Secret Server'
+  spec.description   = 'Programatically get secrets from Secret Server via the Web Service API'
+  spec.homepage      = 'https://github.com/Cimpress-MCP/zanzibar'
+  spec.license       = 'Apache 2.0'
 
   spec.files         = `git ls-files -z`.split("\x0")
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-  spec.require_paths = ["lib"]
+  spec.require_paths = ['lib']
 
-  spec.add_development_dependency "bundler", "~> 1.7"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_runtime_dependency "savon", "~> 2.8.0"
+  spec.add_dependency 'rubyntlm', '~> 0.4.0'
+  spec.add_development_dependency 'bundler', '~> 1.7'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rubocop', '~>0.18.1'
+  spec.add_runtime_dependency 'savon', '~> 2.8.0'
 end