Return path of secret file

Prefer easier to remember bin name

.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec/spec_helper

.travis.yml

@@ -0,0 +1,16 @@
+language: ruby
+rvm:
+  - 1.9.3
+  - 2.0.0
+addons:
+  code_climate:
+    repo_token:
+      secure: "XbKXMtcF/NnFr9JMuJNRzgsUcDcHxGi5jVc2B4HGT4EHDUnOV/06SfTTJMiLz3hgIgH1dpEgt+4cjAzAmZrmZrViY3rOH0MU1f6eAF4+BPMb0JwKYnPxTyPF5RjsWf0aFe6JdYM1S1T7EpP2XUAlV9ppmCYKrYUEa/OAXsz4ruU="
+deploy:
+  provider: rubygems
+  api_key:
+    secure: "CFXaOgtLypVc3/Nn3NFyeTYJ3rR/KNua2FPFHc02h5K/TPm8PMlHsYEB3e9OpithnC5cLqPUUlyZL4Gz7QC4zxX0G4luNVz+ZXdueMk1GBstK9QMsrjOQMKnQTCPaK/3x2/53kuPWMjYSyn5+ICkf/Omq1EVD4YEplhSvIRA9QQ="
+  gem: zanzibar
+  on:
+    tags: true
+    all_branches: true

Gemfile

@@ -1,9 +1,16 @@
 source 'https://rubygems.org'
 
 gem 'savon'
-gem 'savon_spec'
+
-gem 'rspec'
+group :test do
-gem 'webmock'
+  gem 'rake'
+  gem 'savon_spec'
+  gem 'rspec'
+  gem 'webmock'
+  gem 'codeclimate-test-reporter'
+  gem 'zanzibar', path: '.'
+  gem 'rubocop'
+end
 
 # Specify your gem's dependencies in zanzibar.gemspec
 gemspec

README.md

@@ -1,5 +1,5 @@
 # Zanzibar
-
+[![Gem Version](https://badge.fury.io/rb/zanzibar.svg)](http://badge.fury.io/rb/zanzibar)
 
 Zanzibar is a utility to retrieve secrets from a Secret Server installation. It supports retrieval of a password, public/private key, or secret attachment.
 
@@ -38,19 +38,33 @@ secrets = Zanzibar::Zanzibar.new(:domain => 'mydomain.net', :wsdl => "https://my
 # Zanzibar::Zanzibar.new(:domain => 'mydomain.net', :wsdl => "https://my.scrt.server/webservices/sswebservice.asmx?wsdl", :globals => {:ssl_verify_mode => :none})
 
 ## Simple password -> takes secret id as argument
-secrets.get_secret(1234)
+secrets.get_password(1234)
 
-## Private Key -> takes hash as argument, requires :scrt_id, optional :scrt_item_id, :path
+## Private Key -> takes hash as argument, requires :scrt_id, :type, optional :scrt_item_id, :path
-secrets.download_private_key(:scrt_id => 2345, :path => 'secrets/')
+secrets.download_secret_file(:scrt_id => 2345, :path => 'secrets/', :type => "Private Key")
 
-## Public Key -> takes hash as argument, requires :scrt_id, optional :scrt_item_id, :path
+## Public Key -> takes hash as argument, requires :scrt_id, :type, optional :scrt_item_id, :path
-secrets.download_public_key(:scrt_id => 2345, :path => 'secrets/')
+secrets.download_secret_file(:scrt_id => 2345, :path => 'secrets/', :type => "Public Key")
 
-## Attachment; only supports secrets with single attachment -> takes hash as argument, requires :scrt_id, optional :scrt_item_id, :path
+## Attachment; only supports secrets with single attachment -> takes hash as argument, requires :scrt_id, :path, optional :scrt_item_id, :path
-secrets.download_attachment(:scrt_id => 3456, :path => 'secrets/')
+secrets.download_secret_file(:scrt_id => 2345, :path => 'secrets/', :type => "Attachment")
 
 ```
 
+### Command Line
+
+Zanzibar comes bundled with the `zanzibar` command-line utility that can be used for fetching passwords and downloading keys from outside of Ruby.
+
+`zanzibar` supports most actions provided by Zanzibar itself. Because it operates on the command-line, it can be used as part of a pipeline or within a bash script.
+
+```bash
+# if you don't pipe in a password, you will be prompted to enter one.
+# this will download the private key from secret 1984 to the current directory
+cat ./local-password | zanzibar 1984 -s server.example.com -d example.com -t privatekey
+
+ssh user@someremote -i ./private_key
+```
+
 ## Contributing
 
 1. Fork it ( https://github.com/Cimpress-MCP/zanzibar/fork )

Rakefile

@@ -1,10 +1,11 @@
-require "bundler/gem_tasks"
+require 'bundler/gem_tasks'
+require 'bundler/setup' # load up our gem environment (incl. local zanzibar)
+require 'rspec/core/rake_task'
+require 'zanzibar/version'
+require 'rubocop/rake_task'
 
-task 'test' do
+task default: [:test]
-  Dir.chdir('test')
-  system("rspec zanzibar_spec.rb")
-end
 
-task 'install_dependencies' do
+RSpec::Core::RakeTask.new(:test)
-  system('bundle install')
+
-end
+RuboCop::RakeTask.new

bin/zamioculcas

@@ -0,0 +1,2 @@
+#! ruby
+system("zanzibar #{ARGV.join(" ")}")

bin/zanzibar

@@ -0,0 +1,70 @@
+#! ruby
+
+require 'zanzibar'
+require 'optparse'
+
+options = {
+  :domain => 'local'
+}
+
+OptionParser.new do |opts|
+  opts.banner = "Usage: zamioculcas -d domain [-w wsdl] [-k] [-p] [secret_id]"
+
+  opts.on("-d", "--domain DOMAIN", "Specify domain") do |v|
+    options[:domain] = v
+  end
+
+  opts.on("-w", "--wsdl WSDL", "Specify WSDL location") do |v|
+    options[:wsdl] = v
+  end
+
+  opts.on("-s", "--server SERVER", "Secret server hostname or IP") do |v|
+    options[:server] = v
+  end
+
+  opts.on("-k", "--no-check-certificate", "Don't run SSL certificate checks") do |v|
+    options[:globals] = {:ssl_verify_mode => :none}
+  end
+
+  opts.on("-p", "--password PASSWORD", "Specify password") do |v|
+    options[:pwd] = v
+  end
+
+  opts.on("-t", "--type TYPE", "Specify the type of secret") do |v|
+    options[:type] = v
+  end
+
+  opts.on("-u", "--user USER", "Specify the username") do |v|
+    options[:username] = v
+  end
+  
+end.parse!
+
+raise OptionParser::MissingArgument if options[:server].nil?
+options[:type] = "password" if options[:type].nil?
+
+unless STDIN.tty? || options[:pwd]
+  options[:pwd] = $stdin.read.strip
+end
+
+secret_id = Integer(ARGV.pop)
+if(!secret_id)
+  fail "no secret!"
+end
+
+unless options[:wsdl] || options[:server].nil?
+  options[:wsdl] = "https://#{options[:server]}/webservices/sswebservice.asmx?wsdl"
+end
+
+scrt = Zanzibar::Zanzibar.new(options)
+
+case options[:type]
+when "password"
+  $stdout.write "#{scrt.get_password(secret_id)}\n"
+when "privatekey"
+  scrt.download_private_key(:scrt_id=>secret_id)
+when "publickey"
+  scrt.download_public_key(:scrt_id=>secret_id)
+else
+  $stderr.write "#{options[:type]} is not a known type."
+end

lib/zanzibar.rb

@@ -1,18 +1,22 @@
-require "zanzibar/version"
+require 'zanzibar/version'
 require 'savon'
 require 'io/console'
 require 'fileutils'
 
 module Zanzibar
-
   ##
   # Class for interacting with Secret Server
   class Zanzibar
-
     ##
-    # @param args{:domain, :wsdl, :pwd, :globals{}}
+    # @param args{:domain, :wsdl, :pwd, :username, :globals{}}
 
     def initialize(args = {})
+      if args[:username]
+        @@username = args[:username]
+      else
+        @@username = ENV['USER']
+      end
+
       if args[:wsdl]
         @@wsdl = args[:wsdl]
       else
@@ -36,7 +40,7 @@ module Zanzibar
     # @param globals{}, optional
 
     def init_client(globals = {})
-      globals = {} if globals == nil
+      globals = {} if globals.nil?
       @@client = Savon.client(globals) do
         wsdl @@wsdl
       end
@@ -46,41 +50,37 @@ module Zanzibar
     # @return [String] the password for the current user
 
     def prompt_for_password
-      puts "Please enter password for #{ENV['USER']}:"
+      puts "Please enter password for #{@@username}:"
-      return STDIN.noecho(&:gets).chomp
+      STDIN.noecho(&:gets).chomp
     end
 
     ## Gets the wsdl document location if none is provided in the constructor
     # @return [String] the location of the WDSL document
 
-    def get_wsdl_location
+    def prompt_for_wsdl_location
-      puts "Enter the URL of the Secret Server WSDL:"
+      puts 'Enter the URL of the Secret Server WSDL:'
-      return STDIN.gets.chomp
+      STDIN.gets.chomp
     end
 
     ## Gets the domain of the Secret Server installation if none is provided in the constructor
     # @return [String] the domain of the secret server installation
 
     def prompt_for_domain
-      puts "Enter the domain of your Secret Server:"
+      puts 'Enter the domain of your Secret Server:'
-      return STDIN.gets.chomp
+      STDIN.gets.chomp
     end
 
-
     ## Get an authentication token for interacting with Secret Server. These are only good for about 10 minutes so just get a new one each time.
     # Will raise an error if there is an issue with the authentication.
     # @return the authentication token for the current user.
 
     def get_token
-      begin
+      response = @@client.call(:authenticate, message: { username: @@username, password: @@password, organization: '', domain: @@domain })
-        response = @@client.call(:authenticate, message: { username: ENV['USER'], password: @@password, organization: "", domain: @@domain }).hash
+                 .hash[:envelope][:body][:authenticate_response][:authenticate_result]
-        if response[:envelope][:body][:authenticate_response][:authenticate_result][:errors]
+      fail "Error generating the authentication token for user #{@@username}: #{response[:errors][:string]}"  if response[:errors]
-          raise "Error generating the authentication token for user #{ENV['USER']}: #{response[:envelope][:body][:authenticate_response][:authenticate_result][:errors][:string]}"
+      response[:token]
-        end
-        response[:envelope][:body][:authenticate_response][:authenticate_result][:token]
     rescue Savon::Error => err
-        raise "There was an error generating the authentiaton token for user #{ENV['USER']}: #{err}"
+      raise "There was an error generating the authentiaton token for user #{@@username}: #{err}"
-      end
     end
 
     ## Get a secret returned as a hash
@@ -89,16 +89,12 @@ module Zanzibar
     # @return [Hash] the secret hash retrieved from the wsdl
 
     def get_secret(scrt_id, token = nil)
-      begin
+      secret = @@client.call(:get_secret, message: { token: token || get_token, secretId: scrt_id }).hash[:envelope][:body][:get_secret_response][:get_secret_result]
-        secret = @@client.call(:get_secret, message: { token: token || get_token, secretId: scrt_id}).hash
+      fail "There was an error getting secret #{scrt_id}: #{secret[:errors][:string]}" if secret[:errors]
-        if secret[:envelope][:body][:get_secret_response][:get_secret_result][:errors]
-          raise "There was an error getting secret #{scrt_id}: #{secret[:envelope][:body][:get_secret_response][:get_secret_result][:errors][:string]}"
-        end
       return secret
     rescue Savon::Error => err
       raise "There was an error getting the secret with id #{scrt_id}: #{err}"
     end
-    end
 
     ## Retrieve a simple password from a secret
     # Will raise an error if there are any issues
@@ -106,12 +102,23 @@ module Zanzibar
     # @return [String] the password for the given secret
 
     def get_password(scrt_id)
-      begin
       secret = get_secret(scrt_id)
-        return secret[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:items][:secret_item][1][:value]
+      secret_items = secret[:secret][:items][:secret_item]
+      return get_secret_item_by_field_name(secret_items, 'Password')[:value]
     rescue Savon::Error => err
       raise "There was an error getting the password for secret #{scrt_id}: #{err}"
     end
+
+    def write_secret_to_file(path, secret_response)
+      File.open(File.join(path, secret_response[:file_name]), 'wb') do |file|
+        file.puts Base64.decode64(secret_response[:file_attachment])
+      end
+    end
+
+    def get_secret_item_by_field_name(secret_items, field_name)
+      secret_items.each do |item|
+        return item if item[:field_name] == field_name
+      end
     end
 
     ## Get the secret item id that relates to a key file or attachment.
@@ -122,88 +129,48 @@ module Zanzibar
 
     def get_scrt_item_id(scrt_id, type, token)
       secret = get_secret(scrt_id, token)
-      case type
+      secret_items = secret[:secret][:items][:secret_item]
-        when 'privatekey'
+      begin
-          ## Get private key item id
+        return get_secret_item_by_field_name(secret_items, type)[:id]
-          secret[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:items][:secret_item].each do |item|
+      rescue
-            return item[:id] if item[:field_name] == 'Private Key'
-          end
-        when 'publickey'
-          ## Get public key item id
-          secret[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:items][:secret_item].each do |item|
-            return item[:id] if item[:field_name] == 'Public Key'
-          end
-        when 'attachment'
-          ## Get attachment item id. This currently only supports secrets with one attachment.
-          secret[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:items][:secret_item].each do |item|
-            return item[:id] if item[:field_name] == 'Attachment'
-          end
-        else
         raise "Unknown type, #{type}."
       end
     end
 
-    ## Downloads the private key for a secret and places it where Zanzibar is running, or :path if specified
+    ## Downloads a file for a secret and places it where Zanzibar is running, or :path if specified
     # Raise on error
-    # @param [Hash] args, :scrt_id, :scrt_item_id - optional, :path - optional
+    # @param [Hash] args, :scrt_id, :type (one of "Private Key", "Public Key", "Attachment"), :scrt_item_id - optional, :path - optional
 
-    def download_private_key(args = {})
+    def download_secret_file(args = {})
       token = get_token
       FileUtils.mkdir_p(args[:path]) if args[:path]
       path = args[:path] ? args[:path] : '.' ## The File.join below doesn't handle nils well, so let's take that possibility away.
       begin
-        response = @@client.call(:download_file_attachment_by_item_id, message: { token: token, secretId: args[:scrt_id], secretItemId: args[:scrt_item_id] || get_scrt_item_id(args[:scrt_id], 'privatekey', token)}).hash
+        response = @@client.call(:download_file_attachment_by_item_id, message:
-        if response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:errors]
+          { token: token, secretId: args[:scrt_id], secretItemId: args[:scrt_item_id] || get_scrt_item_id(args[:scrt_id], args[:type], token) })
-          raise "There was an error getting the private key for secret #{args[:scrt_id]}: #{response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:string]}"
+                   .hash[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result]
-        end
+        fail "There was an error getting the #{args[:type]} for secret #{args[:scrt_id]}: #{response[:errors][:string]}"  if response[:errors]
-        File.open(File.join(path, response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_name]), 'wb') do |file|
+        write_secret_to_file(path, response)
-          file.puts Base64.decode64(response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_attachment])
+        return File.join(path, response[:file_name])
-        end
       rescue Savon::Error => err
-        raise "There was an error getting the private key for secret #{args[:scrt_id]}: #{err}"
+        raise "There was an error getting the #{args[:type]} for secret #{args[:scrt_id]}: #{err}"
       end
     end
 
-    ## Downloads the public key for a secret and places it where Zanzibar is running, or :path if specified
+    ## Methods to maintain backwards compatibility
-    # Raise on error
+    def download_private_key(args = {})
-    # @param [Hash] args, :scrt_id, :scrt_item_id - optional, :path - optional
+      args[:type] = 'Private Key'
+      download_secret_file(args)
+    end
 
     def download_public_key(args = {})
-      token = get_token
+      args[:type] = 'Public Key'
-      FileUtils.mkdir_p(args[:path]) if args[:path]
+      download_secret_file(args)
-      path = args[:path] ? args[:path] : '.' ## The File.join below doesn't handle nils well, so let's take that possibility away.
-      begin
-        response = @@client.call(:download_file_attachment_by_item_id, message: { token: token, secretId: args[:scrt_id], secretItemId: args[:scrt_item_id] || get_scrt_item_id(args[:scrt_id], 'publickey', token)}).hash
-        if response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:errors]
-          raise "There was an error getting the public key for secret #{args[:scrt_id]}: #{response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:string]}"
     end
-        File.open(File.join(path, response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_name]), 'wb') do |file|
-          file.puts Base64.decode64(response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_attachment])
-        end
-      rescue Savon::Error => err
-        raise "There was an error getting the public key for secret #{args[:scrt_id]}: #{err}"
-      end
-    end
-
-    ## Downloads an attachment for a secret and places it where Zanzibar is running, or :path if specified
-    # Raise on error
-    # @param [Hash] args, :scrt_id, :scrt_item_id - optional, :path - optional
 
     def download_attachment(args = {})
-      token = get_token
+      args[:type] = 'Attachment'
-      FileUtils.mkdir_p(args[:path]) if args[:path]
+      download_secret_file(args)
-      path = args[:path] ? args[:path] : '.' ## The File.join below doesn't handle nils well, so let's take that possibility away.
-      begin
-        response = @@client.call(:download_file_attachment_by_item_id, message: { token: token, secretId: args[:scrt_id], secretItemId: args[:scrt_item_id] || get_scrt_item_id(args[:scrt_id], 'attachment', token)}).hash
-        if response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:errors]
-          raise "There was an error getting the attachment for secret #{args[:scrt_id]}: #{response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:string]}"
-      end
-        File.open(File.join(path, response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_name]), 'wb') do |file|
-          file.puts Base64.decode64(response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_attachment])
-        end
-      rescue Savon::Error => err
-        raise "There was an error getting the attachment from secret #{args[:scrt_id]}: #{err}"
-      end
     end
   end
 end

lib/zanzibar/version.rb

@@ -1,3 +1,3 @@
 module Zanzibar
-  VERSION = "0.0.8"
+  VERSION = '0.1.12'
 end

spec/spec/spec_helper.rb

@@ -0,0 +1,95 @@
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# The generated `.rspec` file contains `--require spec_helper` which will cause this
+# file to always be loaded, without a need to explicitly require it in any files.
+#
+# Given that it is always loaded, you are encouraged to keep this file as
+# light-weight as possible. Requiring heavyweight dependencies from this file
+# will add to the boot time of your test suite on EVERY test run, even for an
+# individual file that may not need all of that loaded. Instead, consider making
+# a separate helper file that requires the additional dependencies and performs
+# the additional setup, and require it from the spec files that actually need it.
+#
+# The `.rspec` file also contains a few flags that are not defaults but that
+# users commonly want.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+require 'webmock/rspec'
+require 'codeclimate-test-reporter'
+CodeClimate::TestReporter.start
+
+RSpec.configure do |config|
+  # rspec-expectations config goes here. You can use an alternate
+  # assertion/expectation library such as wrong or the stdlib/minitest
+  # assertions if you prefer.
+  config.expect_with :rspec do |expectations|
+    # This option will default to `true` in RSpec 4. It makes the `description`
+    # and `failure_message` of custom matchers include text for helper methods
+    # defined using `chain`, e.g.:
+    # be_bigger_than(2).and_smaller_than(4).description
+    #   # => "be bigger than 2 and smaller than 4"
+    # ...rather than:
+    #   # => "be bigger than 2"
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+
+  # rspec-mocks config goes here. You can use an alternate test double
+  # library (such as bogus or mocha) by changing the `mock_with` option here.
+  config.mock_with :rspec do |mocks|
+    # Prevents you from mocking or stubbing a method that does not exist on
+    # a real object. This is generally recommended, and will default to
+    # `true` in RSpec 4.
+    mocks.verify_partial_doubles = true
+  end
+
+  config.after(:suite) do
+    WebMock.disable_net_connect!(allow: 'codeclimate.com')
+  end
+
+  # The settings below are suggested to provide a good initial experience
+  # with RSpec, but feel free to customize to your heart's content.
+  #   # These two settings work together to allow you to limit a spec run
+  #   # to individual examples or groups you care about by tagging them with
+  #   # `:focus` metadata. When nothing is tagged with `:focus`, all examples
+  #   # get run.
+  #   config.filter_run :focus
+  #   config.run_all_when_everything_filtered = true
+  #
+  #   # Limits the available syntax to the non-monkey patched syntax that is recommended.
+  #   # For more details, see:
+  #   #   - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
+  #   #   - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
+  #   #   - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
+  #   config.disable_monkey_patching!
+  #
+  #   # This setting enables warnings. It's recommended, but in some cases may
+  #   # be too noisy due to issues in dependencies.
+  #   config.warnings = true
+  #
+  #   # Many RSpec users commonly either run the entire suite or an individual
+  #   # file, and it's useful to allow more verbose output when running an
+  #   # individual spec file.
+  #   if config.files_to_run.one?
+  #     # Use the documentation formatter for detailed output,
+  #     # unless a formatter has already been configured
+  #     # (e.g. via a command-line flag).
+  #     config.default_formatter = 'doc'
+  #   end
+  #
+  #   # Print the 10 slowest examples and example groups at the
+  #   # end of the spec run, to help surface which specs are running
+  #   # particularly slow.
+  #   config.profile_examples = 10
+  #
+  #   # Run specs in random order to surface order dependencies. If you find an
+  #   # order dependency and want to debug it, you can fix the order by providing
+  #   # the seed, which is printed after each run.
+  #   #     --seed 1234
+  #   config.order = :random
+  #
+  #   # Seed global randomization in this process using the `--seed` CLI option.
+  #   # Setting this allows you to use `--seed` to deterministically reproduce
+  #   # test failures related to randomization by passing the same `--seed` value
+  #   # as the one that triggered the failure.
+  #   Kernel.srand config.seed
+end

spec/zanzibar_spec.rb

@@ -0,0 +1,113 @@
+require 'zanzibar'
+require 'savon'
+require 'webmock'
+require 'rspec'
+require 'webmock/rspec'
+
+include WebMock::API
+
+describe 'Zanzibar Test' do
+  client = Zanzibar::Zanzibar.new(domain: 'zanzitest.net', pwd: 'password', wsdl: 'spec/scrt.wsdl')
+  auth_xml = File.read('spec/responses/authenticate_response.xml')
+  secret_xml = File.read('spec/responses/get_secret_response.xml')
+  secret_with_key_xml = File.read('spec/responses/get_secret_with_keys_response.xml')
+  secret_with_attachment_xml = File.read('spec/responses/get_secret_with_attachment_response.xml')
+  private_key_xml = File.read('spec/responses/download_private_key_response.xml')
+  public_key_xml = File.read('spec/responses/download_public_key_response.xml')
+  attachment_xml = File.read('spec/responses/attachment_response.xml')
+
+  it 'should return an auth token' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: auth_xml, status: 200)
+
+    expect(client.get_token).to eq('imatoken')
+  end
+
+  it 'should get a secret' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: auth_xml, status: 200).then
+      .to_return(body: secret_xml, status: 200)
+
+    expect(client.get_secret(1234)[:secret][:name]).to eq('Zanzi Test Secret')
+  end
+
+  it 'should get a password' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: auth_xml, status: 200).then
+      .to_return(body: secret_xml, status: 200)
+
+    expect(client.get_password(1234)).to eq('zanziUserPassword')
+  end
+
+  it 'should download a private key' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: auth_xml, status: 200).then
+      .to_return(body: secret_with_key_xml, status: 200).then
+      .to_return(body: private_key_xml, status: 200)
+
+    client.download_secret_file(scrt_id: 2345, type: 'Private Key')
+    expect(File.exist? 'zanzi_key')
+    expect(File.read('zanzi_key')).to eq("-----BEGIN RSA PRIVATE KEY -----\nzanzibarTestPassword\n-----END RSA PRIVATE KEY-----\n")
+    File.delete('zanzi_key')
+  end
+
+  it 'should download a private key legacy' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: auth_xml, status: 200).then
+      .to_return(body: secret_with_key_xml, status: 200).then
+      .to_return(body: private_key_xml, status: 200)
+
+    client.download_private_key(scrt_id: 2345)
+    expect(File.exist? 'zanzi_key')
+    expect(File.read('zanzi_key')).to eq("-----BEGIN RSA PRIVATE KEY -----\nzanzibarTestPassword\n-----END RSA PRIVATE KEY-----\n")
+    File.delete('zanzi_key')
+  end
+
+  it 'should download a public key' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: auth_xml, status: 200).then
+      .to_return(body: secret_with_key_xml, status: 200).then
+      .to_return(body: public_key_xml, status: 200)
+
+    client.download_secret_file(scrt_id: 2345, type: 'Public Key')
+    expect(File.exist? 'zanzi_key.pub')
+    expect(File.read('zanzi_key.pub')).to eq("1234PublicKey5678==\n")
+    File.delete('zanzi_key.pub')
+  end
+
+  it 'should download a public key legacy' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: auth_xml, status: 200).then
+      .to_return(body: secret_with_key_xml, status: 200).then
+      .to_return(body: public_key_xml, status: 200)
+
+    client.download_public_key(scrt_id: 2345)
+    expect(File.exist? 'zanzi_key.pub')
+    expect(File.read('zanzi_key.pub')).to eq("1234PublicKey5678==\n")
+    File.delete('zanzi_key.pub')
+  end
+
+  it 'should download an attachment' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: auth_xml, status: 200).then
+      .to_return(body: secret_with_attachment_xml, status: 200).then
+      .to_return(body: attachment_xml, status: 200)
+
+    client.download_secret_file(scrt_id: 3456, type: 'Attachment')
+    expect(File.exist? 'attachment.txt')
+    expect(File.read('attachment.txt')).to eq("I am a secret attachment\n")
+    File.delete('attachment.txt')
+  end
+
+  it 'should download an attachment legacy' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: auth_xml, status: 200).then
+      .to_return(body: secret_with_attachment_xml, status: 200).then
+      .to_return(body: attachment_xml, status: 200)
+
+    client.download_attachment(scrt_id: 3456)
+    expect(File.exist? 'attachment.txt')
+    expect(File.read('attachment.txt')).to eq("I am a secret attachment\n")
+    File.delete('attachment.txt')
+  end
+end

test/.rspec

@@ -1,2 +0,0 @@
---color
---require spec_helper

test/spec/spec_helper.rb

@@ -1,90 +0,0 @@
-# This file was generated by the `rspec --init` command. Conventionally, all
-# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
-# The generated `.rspec` file contains `--require spec_helper` which will cause this
-# file to always be loaded, without a need to explicitly require it in any files.
-#
-# Given that it is always loaded, you are encouraged to keep this file as
-# light-weight as possible. Requiring heavyweight dependencies from this file
-# will add to the boot time of your test suite on EVERY test run, even for an
-# individual file that may not need all of that loaded. Instead, consider making
-# a separate helper file that requires the additional dependencies and performs
-# the additional setup, and require it from the spec files that actually need it.
-#
-# The `.rspec` file also contains a few flags that are not defaults but that
-# users commonly want.
-#
-# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
-require 'webmock/rspec'
-RSpec.configure do |config|
-  # rspec-expectations config goes here. You can use an alternate
-  # assertion/expectation library such as wrong or the stdlib/minitest
-  # assertions if you prefer.
-  config.expect_with :rspec do |expectations|
-    # This option will default to `true` in RSpec 4. It makes the `description`
-    # and `failure_message` of custom matchers include text for helper methods
-    # defined using `chain`, e.g.:
-    # be_bigger_than(2).and_smaller_than(4).description
-    #   # => "be bigger than 2 and smaller than 4"
-    # ...rather than:
-    #   # => "be bigger than 2"
-    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
-  end
-
-  # rspec-mocks config goes here. You can use an alternate test double
-  # library (such as bogus or mocha) by changing the `mock_with` option here.
-  config.mock_with :rspec do |mocks|
-    # Prevents you from mocking or stubbing a method that does not exist on
-    # a real object. This is generally recommended, and will default to
-    # `true` in RSpec 4.
-    mocks.verify_partial_doubles = true
-  end
-
-# The settings below are suggested to provide a good initial experience
-# with RSpec, but feel free to customize to your heart's content.
-=begin
-  # These two settings work together to allow you to limit a spec run
-  # to individual examples or groups you care about by tagging them with
-  # `:focus` metadata. When nothing is tagged with `:focus`, all examples
-  # get run.
-  config.filter_run :focus
-  config.run_all_when_everything_filtered = true
-
-  # Limits the available syntax to the non-monkey patched syntax that is recommended.
-  # For more details, see:
-  #   - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
-  #   - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
-  #   - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
-  config.disable_monkey_patching!
-
-  # This setting enables warnings. It's recommended, but in some cases may
-  # be too noisy due to issues in dependencies.
-  config.warnings = true
-
-  # Many RSpec users commonly either run the entire suite or an individual
-  # file, and it's useful to allow more verbose output when running an
-  # individual spec file.
-  if config.files_to_run.one?
-    # Use the documentation formatter for detailed output,
-    # unless a formatter has already been configured
-    # (e.g. via a command-line flag).
-    config.default_formatter = 'doc'
-  end
-
-  # Print the 10 slowest examples and example groups at the
-  # end of the spec run, to help surface which specs are running
-  # particularly slow.
-  config.profile_examples = 10
-
-  # Run specs in random order to surface order dependencies. If you find an
-  # order dependency and want to debug it, you can fix the order by providing
-  # the seed, which is printed after each run.
-  #     --seed 1234
-  config.order = :random
-
-  # Seed global randomization in this process using the `--seed` CLI option.
-  # Setting this allows you to use `--seed` to deterministically reproduce
-  # test failures related to randomization by passing the same `--seed` value
-  # as the one that triggered the failure.
-  Kernel.srand config.seed
-=end
-end

test/zanzibar_spec.rb

@@ -1,80 +0,0 @@
-require '../lib/zanzibar.rb'
-require 'savon'
-require 'webmock'
-require 'rspec'
-require 'webmock/rspec'
-
-include WebMock::API
-
-describe "Zanzibar Test" do
-
-  client = Zanzibar::Zanzibar.new(:domain => "zanzitest.net", :pwd=>'password', :wsdl => "scrt.wsdl")
-  auth_xml = File.read('responses/authenticate_response.xml')
-  secret_xml = File.read('responses/get_secret_response.xml')
-  secret_with_key_xml = File.read('responses/get_secret_with_keys_response.xml')
-  secret_with_attachment_xml = File.read('responses/get_secret_with_attachment_response.xml')
-  private_key_xml = File.read('responses/download_private_key_response.xml')
-  public_key_xml = File.read('responses/download_public_key_response.xml')
-  attachment_xml = File.read('responses/attachment_response.xml')
-
-
-  it 'should return an auth token' do
-    stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
-      to_return(:body => auth_xml, :status => 200)
-
-    expect(client.get_token).to eq("imatoken")
-  end
-
-  it 'should get a secret' do
-    stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
-      to_return(:body => auth_xml, :status => 200).then.
-        to_return(:body => secret_xml, :status => 200)
-
-    expect(client.get_secret(1234)[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:name]).to eq("Zanzi Test Secret")
-  end
-
-  it 'should get a password' do
-    stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
-      to_return(:body => auth_xml, :status => 200).then.
-        to_return(:body => secret_xml, :status => 200)
-
-    expect(client.get_password(1234)).to eq("zanziUserPassword")
-  end
-
-  it 'should download a private key' do
-    stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
-      to_return(:body => auth_xml, :status => 200).then.
-          to_return(:body => secret_with_key_xml, :status => 200).then.
-            to_return(:body => private_key_xml, :status => 200)
-
-      client.download_private_key(:scrt_id => 2345)
-      expect(File.exist? 'zanzi_key')
-      expect(File.read('zanzi_key')).to eq("-----BEGIN RSA PRIVATE KEY -----\nzanzibarTestPassword\n-----END RSA PRIVATE KEY-----\n")
-      File.delete('zanzi_key')
-    end
-
-
-  it 'should download a public key' do
-    stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
-      to_return(:body => auth_xml, :status => 200).then.
-          to_return(:body => secret_with_key_xml, :status => 200).then.
-            to_return(:body => public_key_xml, :status => 200)
-
-      client.download_public_key(:scrt_id => 2345)
-      expect(File.exist? 'zanzi_key.pub')
-      expect(File.read('zanzi_key.pub')).to eq("1234PublicKey5678==\n")
-      File.delete('zanzi_key.pub')
-    end
-
-  it 'should download an attachment' do
-    stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
-      to_return(:body => auth_xml, :status => 200).then.
-          to_return(:body => secret_with_attachment_xml, :status => 200).then.
-            to_return(:body => attachment_xml, :status => 200)
-
-    client.download_attachment(:scrt_id => 3456)
-    expect(File.exist? 'attachment.txt')
-    expect(File.read('attachment.txt')).to eq("I am a secret attachment\n")
-    File.delete('attachment.txt')
-  end
-end

zanzibar.gemspec

@@ -4,21 +4,23 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'zanzibar/version'
 
 Gem::Specification.new do |spec|
-  spec.name          = "zanzibar"
+  spec.name          = 'zanzibar'
   spec.version       = Zanzibar::VERSION
-  spec.authors       = ["Jason Davis-Cooke"]
+  spec.authors       = ['Jason Davis-Cooke']
-  spec.email         = ["jdaviscooke@cimpress.com"]
+  spec.email         = ['jdaviscooke@cimpress.com']
-  spec.summary       = "Retrieve secrets from Secret Server"
+  spec.summary       = 'Retrieve secrets from Secret Server'
-  spec.description   = "Programatically get secrets from Secret Server via the Web Service API"
+  spec.description   = 'Programatically get secrets from Secret Server via the Web Service API'
-  spec.homepage      = "https://github.com/Cimpress-MCP/zanzibar"
+  spec.homepage      = 'https://github.com/Cimpress-MCP/zanzibar'
-  spec.license       = "Apache 2.0"
+  spec.license       = 'Apache 2.0'
 
   spec.files         = `git ls-files -z`.split("\x0")
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-  spec.require_paths = ["lib"]
+  spec.require_paths = ['lib']
 
-  spec.add_development_dependency "bundler", "~> 1.7"
+  spec.add_dependency 'rubyntlm', '~> 0.4.0'
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency 'bundler', '~> 1.7'
-  spec.add_runtime_dependency "savon", "~> 2.8.0"
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rubocop', '~>0.18.1'
+  spec.add_runtime_dependency 'savon', '~> 2.8.0'
 end