TerribleDev/zanzibar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: TerribleDev:v0.0.8
Branches Tags
TerribleDev:master
TerribleDev:v0.2.0 TerribleDev:v0.1.27 TerribleDev:v0.1.24 TerribleDev:v0.1.23 TerribleDev:v0.1.22 TerribleDev:v0.1.21 TerribleDev:0.1.20 TerribleDev:0.1.19 TerribleDev:0.1.18 TerribleDev:0.1.17 TerribleDev:0.1.16 TerribleDev:0.1.15 TerribleDev:0.1.13 TerribleDev:0.1.12 TerribleDev:0.1.11 TerribleDev:0.1.10 TerribleDev:0.1.9 TerribleDev:v0.0.8
...
compare: TerribleDev:master
Branches Tags
TerribleDev:master
TerribleDev:v0.2.0 TerribleDev:v0.1.27 TerribleDev:v0.1.24 TerribleDev:v0.1.23 TerribleDev:v0.1.22 TerribleDev:v0.1.21 TerribleDev:0.1.20 TerribleDev:0.1.19 TerribleDev:0.1.18 TerribleDev:0.1.17 TerribleDev:0.1.16 TerribleDev:0.1.15 TerribleDev:0.1.13 TerribleDev:0.1.12 TerribleDev:0.1.11 TerribleDev:0.1.10 TerribleDev:0.1.9 TerribleDev:v0.0.8

87 Commits
v0.0.8 ... master

Author SHA1 Message Date
Norm MacLennan
49dc6c8039 preparing release 2016-05-18 10:01:22 -04:00
Norm MacLennan
a2bdd99eb0 cache-busting 2016-05-18 09:55:34 -04:00
Norm MacLennan
46051e0a15 inch-ci and changelog 2016-05-18 09:35:36 -04:00
Norm MacLennan
0f8b19f38b disabling bundler-audit since we aren't locked 2016-05-18 09:29:19 -04:00
Norm MacLennan
4b4179fba9 Merge pull request #21 from maclennann/master 
Cleaning up code. Rubocopping and documenting
 2016-05-18 09:17:16 -04:00
Norm MacLennan
245499196c rdocing things 2016-05-18 08:54:47 -04:00
Norm MacLennan
664ca88d41 more rubocopping 2016-05-18 07:45:47 -04:00
Norm MacLennan
ac5b935b89 rubocoppy refactor 2016-05-17 21:21:59 -04:00
Norm MacLennan
ee3b907320 construct additional badges 2016-04-15 08:21:20 -04:00
Norm MacLennan
7433099409 Dependency updates and rubocop fixes 2016-04-15 08:16:40 -04:00
Norm MacLennan
fe6a319b43 cc badges 2016-04-15 07:32:56 -04:00
Norm MacLennan
a98319aebe version 2016-04-15 07:01:46 -04:00
Norm MacLennan
7c154f5bc8 Merge pull request #20 from Cimpress-MCP/get_fieldlabel_value 
Get fieldlabel value
 2016-04-14 13:46:32 -04:00
Calvin Leung Huang
9fc219d98a Remove extra newline 2016-04-14 13:37:38 -04:00
Calvin Leung Huang
561a523261 Set and use fieldlabel value in zanzibar_options instead 2016-04-14 13:29:43 -04:00
Calvin Leung Huang
ca55a4de57 Set fieldlabel default to Password 2016-04-14 11:30:55 -04:00
Calvin Leung Huang
0da43c9fd3 Uncomment spec test 2016-04-13 14:59:05 -04:00
Calvin Leung Huang
ddb2931f6c Fix case on download_secret_file 2016-04-13 14:55:43 -04:00
Calvin Leung Huang
7cec3f7461 Add spec test 2016-04-13 14:51:43 -04:00
Calvin Leung Huang
7f357ef60d Add get_fieldlabel_value 2016-04-13 14:38:21 -04:00
Norm MacLennan
64d2b7101a version bump 2015-12-02 08:49:05 -05:00
Norm MacLennan
01a1be8084 Merge pull request #18 from ballou88/bump-savon-for-rails-compat 
Bumped savon gem version to fix depencency issue with rails 4.2+
 2015-12-02 08:48:37 -05:00
Mike Ballou
378dd0e39d Bumped savon gem version to fix depencency issue with rails 4.2+ 2015-12-01 10:45:03 -08:00
Norm MacLennan
20c5d0e34d bump version 2015-11-20 08:55:43 -05:00
Norm MacLennan
b7558d64f5 Merge pull request #17 from ballou88/fix-for-broken-prompt-for-password 
Fix for prompt_for_password
 2015-11-20 08:54:56 -05:00
Mike Ballou
293abdacde this is a fix for commit 813b171d26 which 
broke the prompt_for_password method and resulted a nil password.
 2015-11-19 10:55:42 -08:00
Jason Davis-Cooke
804d044632 Merge pull request #16 from Cimpress-MCP/print-feedback 
Print response to indicate when cli is no longer interactive
 2015-10-12 08:48:30 -04:00
Theodore X. Pak
813b171d26 Print response to indicate when cli is no longer interactive 2015-10-07 16:04:56 -04:00
Norm MacLennan
7a0ce1c04d Build and test on more rubies 
Build and test on 1.9.x, 2.0.x, 2.1.x, 2.2.x. I'd be comfortable-ish dropping 1.9.x and 2.0.x, but it's low effort/high value to just keep them there.

Also, build on containers for speed.
 2015-09-18 12:42:39 -04:00
Norm MacLennan
49ea9ab9fa version bump 2015-07-28 10:22:00 -04:00
Norm MacLennan
60e0d52ab4 Merge pull request #12 from thedillonb/patch-1 
Update get.rb to remove 'puts'
 2015-07-28 10:21:34 -04:00
Dillon Buchanan
e3ec56210b Update get.rb to remove 'puts' 
Remove the 'puts' dump of the options as it makes piping the output more difficult. Maybe better to add a verbosity flag and debug prints?
 2015-07-28 08:55:54 -04:00
Jason Davis-Cooke
315d3d6499 don't write gitignore if one exists already 2015-06-29 08:50:13 -04:00
Calvin Leung Huang
0763265be1 Update README.md 2015-06-05 11:19:08 -04:00
Jason Davis-Cooke
8126deded5 Version bump 2015-06-05 10:00:37 -04:00
Jason Davis-Cooke
60545c5b7b Merge pull request #10 from Cimpress-MCP/feature/prefix_dir 
Feature/prefix dir
 2015-06-05 09:59:28 -04:00
Calvin Leung Huang
8b06192aa1 Update test 2015-06-04 14:55:00 -04:00
Calvin Leung Huang
244b9178b8 Add optional prefix option 2015-06-04 13:05:22 -04:00
Jason Davis-Cooke
4951f13e4f version bump 2015-06-03 16:42:16 -04:00
Ryan Breen
3e2c07defc Merge pull request #8 from Cimpress-MCP/addgitignore 
Add a gitignore to secrets_dir
 2015-06-03 16:33:29 -04:00
Jason Davis-Cooke
73b939808e Update bundle.rb 
we need to puts so we get the requisite newlines
 2015-06-03 16:27:03 -04:00
Jason Davis-Cooke
867e14214c Update bundle.rb 
*, not .
 2015-06-03 16:26:19 -04:00
Jason Davis-Cooke
ff99246b46 Update bundle.rb 
Don't gitignore the gitignore
 2015-06-03 16:24:40 -04:00
Jason Davis-Cooke
e6ec5e6dbd Add a gitignore to secrets_dir 2015-06-03 16:16:56 -04:00
Norm MacLennan
85b8c66d3d readme - wdsl->wsdl 2015-05-19 21:53:45 -04:00
Jason Davis-Cooke
e0e5bfd276 Merge pull request #6 from Cimpress-MCP/savepasswords 
Savepasswords
 2015-02-26 19:00:35 +00:00
Jason Davis-Cooke
3969d508f8 version bump 2015-02-26 13:46:32 -05:00
Jason Davis-Cooke
2ee47c2210 Save username and password to a Normariffic yaml file 2015-02-26 11:53:48 -05:00
Jason Davis-Cooke
8778c7b27d remove base64 encoding 2015-02-26 09:35:09 -05:00
Jason Davis-Cooke
431c86bb0e remove incorrect code documentation 2015-02-26 08:57:47 -05:00
Jason Davis-Cooke
179fa24ab9 Save zanzifile passwords to disk 2015-02-26 08:56:43 -05:00
Jason Davis-Cooke
ed496bd416 Save zanzifile passwords to file 2015-02-25 14:28:43 -05:00
Jason Davis-Cooke
4b4549c9c5 require. not include. 2015-02-06 14:56:20 -05:00
Jason Davis-Cooke
9d7b150712 Require pathname 2015-02-06 14:47:42 -05:00
Jason Davis-Cooke
8e323f76e7 Merge branch 'maclennann-zanzibar_bundle_thor_app' 2015-02-01 13:50:40 -05:00
Norm MacLennan
c050e21339 aliasing install to bundle 2015-02-01 13:35:28 -05:00
Norm MacLennan
2bd8beb6c3 adding hidden alias command 2015-02-01 13:26:55 -05:00
Norm MacLennan
c416f90ea7 un-ignoring required test file 2015-02-01 12:13:01 -05:00
Norm MacLennan
0fdf747de5 maybe fix tests for travis 2015-02-01 12:04:25 -05:00
Norm MacLennan
184b0b443c making zanzibar bin a thor app with bundler/librarian type capability 2015-02-01 11:43:42 -05:00
Jason Davis-Cooke
d91b418963 Bump version 2015-01-28 15:17:24 -05:00
Jason Davis-Cooke
dfb897a088 Merge pull request #4 from maclennann/feature/support_env_vars 
support well-known env-vars for setting username and password
 2015-01-28 15:15:20 -05:00
Norm MacLennan
9f7898cc0b support well-known env-vars for setting username and password 2015-01-28 15:01:50 -05:00
Jason Davis-Cooke
4902299cd4 Return path of secret file 2015-01-27 09:12:55 -05:00
Jason Davis-Cooke
fa900bc4f4 Bump version due to new bin name 2015-01-19 07:34:13 -05:00
Jason Davis-Cooke
73b5ec2ab9 Fix merge conflict 2015-01-19 07:32:58 -05:00
Jason Davis-Cooke
b0efb7e27f Rubocop cleanup 2015-01-19 07:31:47 -05:00
Jason Davis-Cooke
4e12940430 Merge pull request #3 from chrisbaldauf/master 
Prefer easier to remember bin name
 2015-01-17 09:58:09 -05:00
Chris Baldauf
f107e4fee1 Update readme 2015-01-17 09:04:23 -05:00
Chris Baldauf
f96384543c Rename zamioculcas to zanzibar and leave the alias for backward compatibility. 2015-01-17 09:03:02 -05:00
Jason Davis-Cooke
a084709176 Update readme to the new refactored methods 2015-01-16 10:25:14 -05:00
Jason Davis-Cooke
b2e4aaa5e1 Merge pull request #2 from Cimpress-MCP/refactoring 
Refactoring
 2015-01-15 14:33:54 -05:00
Jason Davis-Cooke
fce5fc4d08 Maintain backwards compatibility, add legacy tests, some readability improvements 2015-01-15 14:08:50 -05:00
Jason Davis-Cooke
10cfad0a5d Reduce duplication 2015-01-15 13:41:19 -05:00
Jason Davis-Cooke
8b889dfd96 version bump 2015-01-15 13:08:31 -05:00
Jason Davis-Cooke
c542b56a5a Refactoring 2015-01-15 13:03:22 -05:00
Jason Davis-Cooke
d69123471b Update travis to publish on tags 2015-01-15 09:56:55 -05:00
Jason Davis-Cooke
44d9c34e91 Update version number after merging PR, update repo token 2015-01-15 09:50:01 -05:00
Jason Davis-Cooke
03e60e3206 Merge pull request #1 from maclennann/master 
Zamioculcas bin + project structure stuff
 2015-01-15 09:21:32 -05:00
Norm MacLennan
60f987718a zamioculcas readme 2015-01-15 09:09:09 -05:00
Norm MacLennan
a7ab8e3c02 removing redundant rake task 2015-01-15 08:28:13 -05:00
Norm MacLennan
06fac7ffb6 whitelist code climate 2015-01-15 08:02:17 -05:00
Norm MacLennan
c6ca1d6cb8 code climate setup 2015-01-15 07:57:50 -05:00
Norm MacLennan
10601fc927 test fewer rubies 2015-01-15 07:36:25 -05:00
Norm MacLennan
da0c27da54 make test the default rake task 2015-01-15 07:28:00 -05:00
Norm MacLennan
adae2dcdcc bit of refactoring and adding zamioculcas bin 2015-01-15 07:24:14 -05:00
Jason Davis-Cooke
0328ebd878 Update README.md 2015-01-13 13:28:04 -05:00
44 changed files with 2830 additions and 1131 deletions
Expand all files Collapse all files

21
.codeclimate.yml Normal file
View File

@@ -0,0 +1,21 @@
---
engines:
bundler-audit:
enabled: false
duplication:
enabled: true
config:
languages:
- ruby
fixme:
enabled: true
rubocop:
enabled: true
ratings:
paths:
- Gemfile.lock
- "**.rb"
exclude_paths:
- spec/
- templates/
- doc/

3
.gitignore vendored
View File

@@ -12,3 +12,6 @@
*.o *.o
*.a *.a
mkmf.log mkmf.log
secrets/
Zanzifile
Zanzifile.resolved

0
test/.rspec → .rspec
View File

9
.rubocop.yml Normal file
View File

@@ -0,0 +1,9 @@
Metrics/ClassLength:
Max: 150
Metrics/LineLength:
Max: 175
AllCops:
Exclude:
- 'spec/**/*'

19
.travis.yml Normal file
View File

@@ -0,0 +1,19 @@
sudo: false
language: ruby
rvm:
- 1.9.3
- 2.0.0
- 2.1.7
- 2.2.3
addons:
code_climate:
repo_token:
secure: "XbKXMtcF/NnFr9JMuJNRzgsUcDcHxGi5jVc2B4HGT4EHDUnOV/06SfTTJMiLz3hgIgH1dpEgt+4cjAzAmZrmZrViY3rOH0MU1f6eAF4+BPMb0JwKYnPxTyPF5RjsWf0aFe6JdYM1S1T7EpP2XUAlV9ppmCYKrYUEa/OAXsz4ruU="
deploy:
provider: rubygems
api_key:
secure: "CFXaOgtLypVc3/Nn3NFyeTYJ3rR/KNua2FPFHc02h5K/TPm8PMlHsYEB3e9OpithnC5cLqPUUlyZL4Gz7QC4zxX0G4luNVz+ZXdueMk1GBstK9QMsrjOQMKnQTCPaK/3x2/53kuPWMjYSyn5+ICkf/Omq1EVD4YEplhSvIRA9QQ="
gem: zanzibar
on:
tags: true
all_branches: true

24
CHANGELOG.md Normal file
View File

@@ -0,0 +1,24 @@
# Change Log
All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/).
## [Unreleased]
## [0.2.0] - 2016-05-18
### Changed
- Upgraded dependencies
- `rubyntlm`: ~>0.4.0 to ~>0.6.0
- `savon`: ~>2.10.0 to ~>2.11.0
- `rubocop`: ~>0.28.0 to ~>0.39.0
- Lots of rubocop-y code cleanup
- Converted from code climate classic to code climate platform
- Added rake task to run code climate platform locally
- Broke low-level secret server operations into `zanzibar/client`
## [0.1.27] - 2016-04-15
### Added
- `zanzibar get` can fetch field values for fields other than password
- This ability has not been added to Zanzifiles yet.
[0.2.0]: https://github.com/Cimpress-MCP/Zanzibar/compare/v0.1.27...v0.2.0
[Unreleased]: https://github.com/Cimpress-MCP/Zanzibar/compare/v0.2.0...HEAD

6
Gemfile
View File

@@ -1,9 +1,3 @@
source 'https://rubygems.org' source 'https://rubygems.org'
gem 'savon'
gem 'savon_spec'
gem 'rspec'
gem 'webmock'
# Specify your gem's dependencies in zanzibar.gemspec
gemspec gemspec

101
README.md
View File

@@ -1,5 +1,9 @@
# Zanzibar # Zanzibar
[![Gem Version](https://badge.fury.io/rb/zanzibar.svg)](http://badge.fury.io/rb/zanzibar)
[![Code Climate](https://codeclimate.com/github/Cimpress-MCP/zanzibar/badges/gpa.svg?1=1)](https://codeclimate.com/github/Cimpress-MCP/zanzibar)
[![Test Coverage](https://codeclimate.com/github/Cimpress-MCP/zanzibar/badges/coverage.svg)](https://codeclimate.com/github/Cimpress-MCP/zanzibar/coverage)
[![Dependency Status](https://gemnasium.com/badges/github.com/Cimpress-MCP/zanzibar.svg)](https://gemnasium.com/github.com/Cimpress-MCP/zanzibar)
[![Inline docs](http://inch-ci.org/github/cimpress-mcp/zanzibar.svg?branch=master)](http://inch-ci.org/github/cimpress-mcp/zanzibar)
Zanzibar is a utility to retrieve secrets from a Secret Server installation. It supports retrieval of a password, public/private key, or secret attachment. Zanzibar is a utility to retrieve secrets from a Secret Server installation. It supports retrieval of a password, public/private key, or secret attachment.
@@ -21,7 +25,11 @@ Or install it yourself as:
## Usage ## Usage
In your ruby project, rakefile, etc., create a new Zanzibar object. The constructor takes a hash of optional parameters for the WSDL location, the domain of the Secret Server, a hash of global variables to pass to savon (necessary for windows environments with self-signed certs) and a password for the current user (intended to be passed in through some encryption method, unless you really want a plaintext password there.). All of these parameters are optional and the user will be prompted to enter them if they are missing. In your ruby project, rakefile, etc., create a new Zanzibar object.
The constructor takes a hash of optional parameters for the WSDL location, the domain of the Secret Server, a hash of global variables to pass to savon (necessary for windows environments with self-signed certs) and a password for the current user (intended to be passed in through some encryption method, unless you really want a plaintext password there).
All of these parameters are optional and the user will be prompted to enter them if they are missing.
```ruby ```ruby
my_object = Zanzibar::Zanzibar.new(:domain => 'my.domain.net', :wsdl => 'my.scrt.srvr.com/webservices/sswebservice.asmx?wdsl', :pwd => get_encrypted_password_from_somewhere) my_object = Zanzibar::Zanzibar.new(:domain => 'my.domain.net', :wsdl => 'my.scrt.srvr.com/webservices/sswebservice.asmx?wdsl', :pwd => get_encrypted_password_from_somewhere)
@@ -38,19 +46,94 @@ secrets = Zanzibar::Zanzibar.new(:domain => 'mydomain.net', :wsdl => "https://my
# Zanzibar::Zanzibar.new(:domain => 'mydomain.net', :wsdl => "https://my.scrt.server/webservices/sswebservice.asmx?wsdl", :globals => {:ssl_verify_mode => :none}) # Zanzibar::Zanzibar.new(:domain => 'mydomain.net', :wsdl => "https://my.scrt.server/webservices/sswebservice.asmx?wsdl", :globals => {:ssl_verify_mode => :none})
## Simple password -> takes secret id as argument ## Simple password -> takes secret id as argument
secrets.get_secret(1234) secrets.get_password(1234)
## Private Key -> takes hash as argument, requires :scrt_id, optional :scrt_item_id, :path ## Private Key -> takes hash as argument, requires :scrt_id, :type, optional :scrt_item_id, :path
secrets.download_private_key(:scrt_id => 2345, :path => 'secrets/') secrets.download_secret_file(:scrt_id => 2345, :path => 'secrets/', :type => "Private Key")
## Public Key -> takes hash as argument, requires :scrt_id, optional :scrt_item_id, :path ## Public Key -> takes hash as argument, requires :scrt_id, :type, optional :scrt_item_id, :path
secrets.download_public_key(:scrt_id => 2345, :path => 'secrets/') secrets.download_secret_file(:scrt_id => 2345, :path => 'secrets/', :type => "Public Key")
## Attachment; only supports secrets with single attachment -> takes hash as argument, requires :scrt_id, optional :scrt_item_id, :path ## Attachment; only supports secrets with single attachment -> takes hash as argument, requires :scrt_id, :path, optional :scrt_item_id, :path
secrets.download_attachment(:scrt_id => 3456, :path => 'secrets/') secrets.download_secret_file(:scrt_id => 2345, :path => 'secrets/', :type => "Attachment")
``` ```
### Providing Credentials
Zanzibar has several ways of finding Secret Server credentials. It will use credentials
discovered in this order:
* Credentials passed to the initializer
* `Zanzibar::Zanzibar.new(:username=>'auser', :password=>'itsmyPassword')`
* Credentials discovered via the environment
* If `ZANZIBAR_USER` exists, it will use that.
* If not, it will try `USER`
* If `ZANZIBAR_PASSWORD` exists, it will use that.
* Credentials entered by the user
* Zanzibar will prompt the user to enter their password on STDIN
### Command Line
Zanzibar comes bundled with the `zanzibar` command-line utility that can be used
for fetching passwords and downloading keys from outside of Ruby scripts.
`zanzibar` supports most actions provided by Zanzibar itself. Because it operates
on the command-line, it can be used as part of a pipeline or within a bash script.
```bash
# if ZANZIBAR_PASSWORD is not set, you will be prompted to enter your password.
# this will download the private key from secret 1984 to the current directory
$ ZANZIBAR_PASSWORD=`gpg -d secretpasswd.txt.gpg` zanzibar get 1984 -s server.example.com -d example.com -f "Private Key"
$ ssh user@someremote -i ./private_key
```
#### Zanzifiles
The `zanzibar` command can also perform [bundler](http://bundler.io)-like actions.
Running `zanzibar init` will generate a `Zanzifile` in the current directory.
Information about Secret Server and the necessary secret files to be downloaded
can be added here.
Then `zanzibar bundle` will try to download the secrets named in the file.
When it downloads a file, it gets added to `Zanzifile.resolved`. And next time
`zanzibar bundle` is run, if the file exists and the hash matches the one in the
`resolved` file, it will not attempt to re-download. `zanzibar update` will attempt
to re-download all secrets.
Subdirectories under the root directory `secret_dir` can be created for individual keys by specifying a `prefix` path for that secret. Secrets will default to be downloaded to the root `secret_dir` directory otherwise.
Note: `zanzibar get` can fetch passwords or files, but `zanzibar bundle` can
only operate on secret files.
Sample `Zanzifile`:
```yaml
---
settings:
wsdl: my.scrt.srvr.com/webservices/sswebservice.asmx?wsdl
domain: my.domain.net
secret_dir: secrets/
ignore_ssl: true
secrets:
ssh_key:
id: 249
label: Private Key
prefix: ssh/
encryption_key:
id: 483
label: Attachment
cert_pem:
id: 123
label: Certificate
cert_key:
id: 986
label: Misc Attachment
```
Run `zanzibar help` or `zanzibar help [command]` for more information.
## Contributing ## Contributing
1. Fork it ( https://github.com/Cimpress-MCP/zanzibar/fork ) 1. Fork it ( https://github.com/Cimpress-MCP/zanzibar/fork )

25
Rakefile
View File

@@ -1,10 +1,21 @@
require "bundler/gem_tasks" require 'bundler/gem_tasks'
require 'bundler/setup' # load up our gem environment (incl. local zanzibar)
require 'rspec/core/rake_task'
require 'zanzibar/version'
require 'rubocop/rake_task'
task 'test' do task default: [:test]
Dir.chdir('test')
system("rspec zanzibar_spec.rb")
end
task 'install_dependencies' do RSpec::Core::RakeTask.new(:test)
system('bundle install') RuboCop::RakeTask.new
task :cc_local do
command = 'docker run '
command << '--interactive --tty --rm '
command << '--env CODECLIMATE_CODE="$PWD" '
command << '--volume "$PWD":/code '
command << '--volume /var/run/docker.sock:/var/run/docker.sock '
command << '--volume /tmp/cc:/tmp/cc '
command << 'codeclimate/codeclimate analyze'
sh command
end end

4
bin/zamioculcas Executable file
View File

@@ -0,0 +1,4 @@
#! ruby
require 'zanzibar/cli'
Zanzibar::Cli.start(ARGV)

4
bin/zanzibar Executable file
View File

@@ -0,0 +1,4 @@
#! ruby
require 'zanzibar/cli'
Zanzibar::Cli.start(ARGV)

304
lib/zanzibar.rb
View File

@@ -1,209 +1,177 @@
require "zanzibar/version" require 'zanzibar/version'
require 'savon' require 'savon'
require 'io/console' require 'io/console'
require 'fileutils' require 'fileutils'
require 'yaml'
require 'zanzibar/client'
module Zanzibar module Zanzibar
## ##
# Class for interacting with Secret Server # High-level operations for downloading things from Secret Server
class Zanzibar class Zanzibar
##
# @param args{:domain, :wsdl, :pwd, :username, :globals{}}
def initialize(args = {})
@username = resolve_username(args)
@wsdl = resolve_wsdl(args)
@password = resolve_password(args)
@domain = resolve_domain(args)
args[:globals] = {} unless args[:globals]
@client = Client.new(@username, @password, @domain, @wsdl, args[:globals])
end
## ##
# @param args{:domain, :wsdl, :pwd, :globals{}} # Gets the user's password if none is provided in the constructor.
def initialize(args = {})
if args[:wsdl]
@@wsdl = args[:wsdl]
else
@@wsdl = get_wsdl_location
end
if args[:pwd]
@@password = args[:pwd]
else
@@password = prompt_for_password
end
if args[:domain]
@@domain = args[:domain]
else
@@domain = prompt_for_domain
end
args[:globals] = {} unless args[:globals]
init_client(args[:globals])
end
## Initializes the Savon client class variable with the wdsl document location and optional global variables
# @param globals{}, optional
def init_client(globals = {})
globals = {} if globals == nil
@@client = Savon.client(globals) do
wsdl @@wsdl
end
end
## Gets the user's password if none is provided in the constructor.
# @return [String] the password for the current user # @return [String] the password for the current user
def prompt_for_password def prompt_for_password
puts "Please enter password for #{ENV['USER']}:" puts "Please enter password for #{@username}:"
return STDIN.noecho(&:gets).chomp STDIN.noecho(&:gets).chomp.tap do
puts 'Using password to login...'
end
end end
## Gets the wsdl document location if none is provided in the constructor ##
# Gets the wsdl document location if none is provided in the constructor
# @return [String] the location of the WDSL document # @return [String] the location of the WDSL document
def prompt_for_wsdl_location
def get_wsdl_location puts 'Enter the URL of the Secret Server WSDL:'
puts "Enter the URL of the Secret Server WSDL:" STDIN.gets.chomp
return STDIN.gets.chomp
end end
## Gets the domain of the Secret Server installation if none is provided in the constructor ##
# Gets the domain of the Secret Server installation if none is provided in the constructor
# @return [String] the domain of the secret server installation # @return [String] the domain of the secret server installation
def prompt_for_domain def prompt_for_domain
puts "Enter the domain of your Secret Server:" puts 'Enter the domain of your Secret Server:'
return STDIN.gets.chomp STDIN.gets.chomp
end end
##
## Get an authentication token for interacting with Secret Server. These are only good for about 10 minutes so just get a new one each time. # Retrieve the value from a field label of a secret
# Will raise an error if there is an issue with the authentication.
# @return the authentication token for the current user.
def get_token
begin
response = @@client.call(:authenticate, message: { username: ENV['USER'], password: @@password, organization: "", domain: @@domain }).hash
if response[:envelope][:body][:authenticate_response][:authenticate_result][:errors]
raise "Error generating the authentication token for user #{ENV['USER']}: #{response[:envelope][:body][:authenticate_response][:authenticate_result][:errors][:string]}"
end
response[:envelope][:body][:authenticate_response][:authenticate_result][:token]
rescue Savon::Error => err
raise "There was an error generating the authentiaton token for user #{ENV['USER']}: #{err}"
end
end
## Get a secret returned as a hash
# Will raise an error if there was an issue getting the secret
# @param [Integer] the secret id
# @return [Hash] the secret hash retrieved from the wsdl
def get_secret(scrt_id, token = nil)
begin
secret = @@client.call(:get_secret, message: { token: token || get_token, secretId: scrt_id}).hash
if secret[:envelope][:body][:get_secret_response][:get_secret_result][:errors]
raise "There was an error getting secret #{scrt_id}: #{secret[:envelope][:body][:get_secret_response][:get_secret_result][:errors][:string]}"
end
return secret
rescue Savon::Error => err
raise "There was an error getting the secret with id #{scrt_id}: #{err}"
end
end
## Retrieve a simple password from a secret
# Will raise an error if there are any issues # Will raise an error if there are any issues
# @param [Integer] the secret id # @param [Integer] the secret id
# @return [String] the password for the given secret # @param [String] the field label to get, defaults to Password
# @return [String] the value for the given field label
def get_password(scrt_id) def get_fieldlabel_value(scrt_id, fieldlabel = 'Password')
begin secret = @client.get_secret(scrt_id)
secret = get_secret(scrt_id) secret_items = secret[:secret][:items][:secret_item]
return secret[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:items][:secret_item][1][:value] return @client.get_secret_item_by_field_name(secret_items, fieldlabel)[:value]
rescue Savon::Error => err rescue Savon::Error => err
raise "There was an error getting the password for secret #{scrt_id}: #{err}" raise "There was an error getting '#{fieldlabel}' for secret #{scrt_id}: #{err}"
end
end end
## Get the secret item id that relates to a key file or attachment. ##
# Will raise on error # Retrieve a simple password from a secret
# Calls get get_fieldlabel_value()
# @param [Integer] the secret id # @param [Integer] the secret id
# @param [String] the type of secret item to get, one of privatekey, publickey, attachment # @return [String] the password for the given secret
# @return [Integer] the secret item id def get_password(scrt_id)
get_fieldlabel_value(scrt_id)
def get_scrt_item_id(scrt_id, type, token)
secret = get_secret(scrt_id, token)
case type
when 'privatekey'
## Get private key item id
secret[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:items][:secret_item].each do |item|
return item[:id] if item[:field_name] == 'Private Key'
end
when 'publickey'
## Get public key item id
secret[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:items][:secret_item].each do |item|
return item[:id] if item[:field_name] == 'Public Key'
end
when 'attachment'
## Get attachment item id. This currently only supports secrets with one attachment.
secret[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:items][:secret_item].each do |item|
return item[:id] if item[:field_name] == 'Attachment'
end
else
raise "Unknown type, #{type}."
end
end end
## Downloads the private key for a secret and places it where Zanzibar is running, or :path if specified ##
# Raise on error # Get the password, save it to a file, and return the path to the file.
# @param [Hash] args, :scrt_id, :scrt_item_id - optional, :path - optional def get_username_and_password_and_save(scrt_id, path, name)
secret_items = @client.get_secret(scrt_id)[:secret][:items][:secret_item]
password = @client.get_secret_item_by_field_name(secret_items, 'Password')[:value]
username = @client.get_secret_item_by_field_name(secret_items, 'Username')[:value]
save_username_and_password_to_file(password, username, path, name)
File.join(path, name)
end
##
# Write the password to a file. Intended for use with a Zanzifile
def save_username_and_password_to_file(password, username, path, name)
user_pass = { 'username' => username.to_s, 'password' => password.to_s }.to_yaml
File.open(File.join(path, name), 'wb') do |file|
file.print user_pass
end
end
##
# Downloads a file for a secret and places it where Zanzibar is running, or :path if specified
# Raise on error
# @param [Hash] args, :scrt_id, :type (one of "Private Key", "Public Key", "Attachment"), :scrt_item_id - optional, :path - optional
def download_secret_file(args = {})
response = @client.download_file_attachment_by_item_id(args[:scrt_id], args[:scrt_item_id], args[:type])
raise "There was an error getting the #{args[:type]} for secret #{args[:scrt_id]}: #{response[:errors][:string]}" if response[:errors]
return write_secret_to_file(args[:path], response)
rescue Savon::Error => err
raise "There was an error getting the #{args[:type]} for secret #{args[:scrt_id]}: #{err}"
end
##
# Download a private key secret
# @deprecated
def download_private_key(args = {}) def download_private_key(args = {})
token = get_token args[:type] = 'Private Key'
FileUtils.mkdir_p(args[:path]) if args[:path] download_secret_file(args)
path = args[:path] ? args[:path] : '.' ## The File.join below doesn't handle nils well, so let's take that possibility away.
begin
response = @@client.call(:download_file_attachment_by_item_id, message: { token: token, secretId: args[:scrt_id], secretItemId: args[:scrt_item_id] || get_scrt_item_id(args[:scrt_id], 'privatekey', token)}).hash
if response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:errors]
raise "There was an error getting the private key for secret #{args[:scrt_id]}: #{response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:string]}"
end
File.open(File.join(path, response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_name]), 'wb') do |file|
file.puts Base64.decode64(response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_attachment])
end
rescue Savon::Error => err
raise "There was an error getting the private key for secret #{args[:scrt_id]}: #{err}"
end
end end
## Downloads the public key for a secret and places it where Zanzibar is running, or :path if specified ##
# Raise on error # Download a public key secret
# @param [Hash] args, :scrt_id, :scrt_item_id - optional, :path - optional # @deprecated
def download_public_key(args = {}) def download_public_key(args = {})
token = get_token args[:type] = 'Public Key'
FileUtils.mkdir_p(args[:path]) if args[:path] download_secret_file(args)
path = args[:path] ? args[:path] : '.' ## The File.join below doesn't handle nils well, so let's take that possibility away. end
begin
response = @@client.call(:download_file_attachment_by_item_id, message: { token: token, secretId: args[:scrt_id], secretItemId: args[:scrt_item_id] || get_scrt_item_id(args[:scrt_id], 'publickey', token)}).hash ##
if response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:errors] # Download an arbitrary secret attachment
raise "There was an error getting the public key for secret #{args[:scrt_id]}: #{response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:string]}" # @deprecated
end def download_attachment(args = {})
File.open(File.join(path, response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_name]), 'wb') do |file| args[:type] = 'Attachment'
file.puts Base64.decode64(response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_attachment]) download_secret_file(args)
end end
rescue Savon::Error => err
raise "There was an error getting the public key for secret #{args[:scrt_id]}: #{err}" private
def make_or_find_path(path = nil)
FileUtils.mkdir_p(path) if path
path || '.'
end
def resolve_username(args = {})
if args[:username]
args[:username]
elsif ENV['ZANZIBAR_USER']
ENV['ZANZIBAR_USER']
else
ENV['USER']
end end
end end
## Downloads an attachment for a secret and places it where Zanzibar is running, or :path if specified def resolve_wsdl(args = {})
# Raise on error args[:wsdl]
# @param [Hash] args, :scrt_id, :scrt_item_id - optional, :path - optional end
def download_attachment(args = {}) def resolve_password(args = {})
token = get_token if args[:pwd]
FileUtils.mkdir_p(args[:path]) if args[:path] args[:pwd]
path = args[:path] ? args[:path] : '.' ## The File.join below doesn't handle nils well, so let's take that possibility away. elsif ENV['ZANZIBAR_PASSWORD']
begin ENV['ZANZIBAR_PASSWORD']
response = @@client.call(:download_file_attachment_by_item_id, message: { token: token, secretId: args[:scrt_id], secretItemId: args[:scrt_item_id] || get_scrt_item_id(args[:scrt_id], 'attachment', token)}).hash else
if response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:errors] prompt_for_password
raise "There was an error getting the attachment for secret #{args[:scrt_id]}: #{response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:string]}"
end end
File.open(File.join(path, response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_name]), 'wb') do |file| end
file.puts Base64.decode64(response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_attachment])
end def resolve_domain(args = {})
rescue Savon::Error => err if args[:domain]
raise "There was an error getting the attachment from secret #{args[:scrt_id]}: #{err}" args[:domain]
else
prompt_for_domain
end end
end end
def write_secret_to_file(path, secret_response)
path = make_or_find_path(path)
filepath = File.join(path, secret_response[:file_name])
File.open(filepath, 'wb') do |file|
file.puts Base64.decode64(secret_response[:file_attachment])
end
filepath
end
end end
end end

3
lib/zanzibar/actions.rb Normal file
View File

@@ -0,0 +1,3 @@
require 'zanzibar/actions/init'
require 'zanzibar/actions/bundle'
require 'zanzibar/actions/get'

33
lib/zanzibar/actions/base.rb Normal file
View File

@@ -0,0 +1,33 @@
module Zanzibar
module Actions
# Basic plumbing for all actions
class Base
##
# The options passed in from the Thor action
attr_accessor :options
private :options=
##
# The logger that Thor is using for this run
attr_accessor :logger
private :logger=
##
# Initialize the basic components used by all actions
def initialize(logger, options = {})
self.logger = logger
self.options = options
end
private
def debug(*args, &block)
logger.debug(*args, &block)
end
def source_root
@source_root ||= Pathname.new(File.expand_path('../../../../', __FILE__))
end
end
end
end

158
lib/zanzibar/actions/bundle.rb Normal file
View File

@@ -0,0 +1,158 @@
require 'zanzibar/actions/base'
require 'zanzibar/error'
require 'zanzibar'
module Zanzibar
module Actions
# Download or verify the secrets in a Zanzifile
class Bundle < Base
##
# The settings defined in the Zanzifile
attr_accessor :settings
##
# The unresolved secrets from the Zanzifile
attr_accessor :remote_secrets
##
# The resolved secrets from the Zanzifile.resolved
attr_accessor :local_secrets
##
# Whether to disregard local secrets and re-download regardness
attr_accessor :update
##
# Our Zanzibar client
attr_accessor :zanzibar
##
# An action that will fetch secrets defined in a Zanzifile
def initialize(ui, options, args = {})
super(ui, options)
@update = args[:update]
end
##
# Coordinate downloading to secrets (or skipping ones we already have)
def run
ensure_zanzifile
load_required_secrets
ensure_secrets_path
validate_environment
load_resolved_secrets if resolved_file?
validate_local_secrets unless @update
run!
end
private
def run!
if need_secrets?
new_secrets = download_remote_secrets
update_resolved_file new_secrets
else
debug { 'No secrets to download...' }
end
end
def ensure_zanzifile
raise Error, NO_ZANZIFILE_ERROR unless File.exist? ZANZIFILE_NAME
debug { "#{ZANZIFILE_NAME} located..." }
end
def ensure_secrets_path
## Make sure the directory exists and that a .gitignore is there to ignore it
if @settings['secret_dir']
FileUtils.mkdir_p(@settings['secret_dir'])
unless File.exist? "#{@settings['secret_dir']}/.gitignore"
File.open("#{@settings['secret_dir']}/.gitignore", 'w') do |file|
file.puts '*'
file.puts '!.gitignore'
end
end
end
end
def resolved_file?
File.exist? RESOLVED_NAME
end
def load_required_secrets
zanzifile = YAML.load_file(ZANZIFILE_NAME)
@settings = zanzifile['settings'] || {}
@remote_secrets = zanzifile['secrets'] || {}
@local_secrets = {}
end
def validate_environment
return unless @settings.empty? || @remote_secrets.empty?
raise Error, INVALID_ZANZIFILE_ERROR
end
def load_resolved_secrets
@local_secrets = YAML.load_file RESOLVED_NAME
end
def need_secrets?
!@remote_secrets.empty?
end
def validate_local_secrets
@local_secrets.each do |key, secret|
if File.exist?(secret[:path]) && secret[:hash] == Digest::MD5.file(secret[:path]).hexdigest
debug { "#{key} found locally, skipping download..." }
@remote_secrets.delete key
end
end
end
def download_remote_secrets
args = @settings['ignore_ssl'] ? { ssl_verify_mode: :none } : {}
downloaded_secrets = {}
remote_secrets.each do |key, secret|
full_path = secret.key?('prefix') ? File.join(@settings['secret_dir'], secret['prefix']) : @settings['secret_dir']
downloaded_secrets[key] = download_one_secret(secret['id'], secret['label'], full_path,
args, secret_filename(secret))
debug { "Downloaded secret: #{key} to #{@settings['secret_dir']}..." }
end
downloaded_secrets
end
def download_one_secret(scrt_id, label, path, args, name = nil)
if label == 'Password'
path = zanzibar(args).get_username_and_password_and_save(scrt_id, path, name)
else
path = zanzibar(args).download_secret_file(scrt_id: scrt_id,
type: label,
path: path)
end
{ path: path, hash: Digest::MD5.file(path).hexdigest }
end
def update_resolved_file(new_secrets)
@local_secrets.merge! new_secrets
File.open(RESOLVED_NAME, 'w') do |out|
YAML.dump(@local_secrets, out)
end
debug { 'Updated resolved file...' }
end
def zanzibar(args)
@zanzibar ||= ::Zanzibar::Zanzibar.new(wsdl: @settings['wsdl'],
domain: @settings['domain'],
globals: args)
end
def secret_filename(secret)
secret['name'] || "#{secret['id']}_password"
end
end
end
end

78
lib/zanzibar/actions/get.rb Normal file
View File

@@ -0,0 +1,78 @@
require 'zanzibar/actions/base'
require 'zanzibar/error'
require 'zanzibar'
require 'zanzibar/defaults'
module Zanzibar
module Actions
# Fetch a single secret
class Get < Base
##
# The options to use when initializing our Zanzibar client
attr_accessor :zanibar_options
##
# The id of the secret to download
attr_accessor :scrt_id
##
# Initialize the action
def initialize(ui, options, scrt_id)
super(ui, options)
@scrt_id = scrt_id
@zanzibar_options = {}
end
##
# Ensure we have the options we need and download the secret
def run
construct_options
ensure_options
fetch_secret(@scrt_id)
end
##
# Actually download the secret
def fetch_secret(scrt_id)
scrt = ::Zanzibar::Zanzibar.new(@zanzibar_options)
if @zanzibar_options[:filelabel]
scrt.download_secret_file(scrt_id: scrt_id,
type: @zanzibar_options[:filelabel])
else
scrt.get_fieldlabel_value(scrt_id, @zanzibar_options[:fieldlabel])
end
end
##
# Coalesce our options and some defaults to ensure we are ready to run
def construct_options
@zanzibar_options[:wsdl] = construct_wsdl
@zanzibar_options[:globals] = { ssl_verify_mode: :none } if options['ignoressl']
@zanzibar_options[:domain] = options['domain']
@zanzibar_options[:username] = options['username'] unless options['username'].nil?
@zanzibar_options[:domain] = options['domain'] ? options['domain'] : 'local'
@zanzibar_options[:fieldlabel] = options['fieldlabel'] || 'Password'
@zanzibar_options[:filelabel] = options['filelabel'] if options['filelabel']
end
##
# Construct a WSDL URL from the server hostname if necessary
def construct_wsdl
if options['wsdl'].nil? && options['server']
DEFAULT_WSDL % options['server']
else
options['wsdl']
end
end
##
# Make sure a proper WSDL was constructed
def ensure_options
return if @zanzibar_options[:wsdl]
raise Error, NO_WSDL_ERROR
end
end
end
end

45
lib/zanzibar/actions/init.rb Normal file
View File

@@ -0,0 +1,45 @@
require 'zanzibar/actions/base'
require 'zanzibar/error'
require 'ostruct'
require 'erb'
require 'zanzibar/defaults'
module Zanzibar
module Actions
# Create a new Zanzifile
class Init < Base
##
# Make sure we don't already have a Zanzifile, then template one
def run
check_for_zanzifile
write_template
end
private
def check_for_zanzifile
return unless File.exist?(ZANZIFILE_NAME) && !options['force']
raise Error, ALREADY_EXISTS_ERROR
end
def write_template
template = TemplateRenderer.new(options)
File.open(ZANZIFILE_NAME, 'w') do |f|
f.write template.render(File.read(source_root.join(TEMPLATE_NAME)))
end
end
##
# Allows us to easily feed our options hash
# to an ERB
class TemplateRenderer < OpenStruct
##
# Render an ERB template to a string
def render(template)
ERB.new(template).result(binding)
end
end
end
end
end

150
lib/zanzibar/cli.rb Normal file
View File

@@ -0,0 +1,150 @@
require 'thor'
require 'thor/actions'
require 'zanzibar/version'
require 'zanzibar/cli'
require 'zanzibar/ui'
require 'zanzibar/actions'
require 'zanzibar/error'
require 'zanzibar/defaults'
module Zanzibar
##
# The `zanzibar` binary/thor application main class.
# See http://whatisthor.com/ for information on syntax.
class Cli < Thor
include Thor::Actions
##
# The stream to which we are writing messages (usually stdout)
attr_accessor :ui
##
# Initialize the application and set some logging defaults
def initialize(*)
super
the_shell = (options['no-color'] ? Thor::Shell::Basic.new : shell)
@ui = Shell.new(the_shell)
@ui.be_quiet! if options['quiet']
@ui.debug! if options['verbose']
debug_header
end
##
# Print the version of the application
desc 'version', 'Display your Zanzibar verion'
def version
say "#{APPLICATION_NAME} Version: #{VERSION}"
end
##
# Generate a new blank Zanzifile
desc 'init', "Create an empty #{ZANZIFILE_NAME} in the current directory."
option 'verbose', type: :boolean, default: false, aliases: :v
option 'wsdl', type: :string, aliases: :w,
default: DEFAULT_WSDL % DEFAULT_SERVER,
desc: 'The URI of the WSDL file for your Secret Server instance'
option 'domain', type: :string, default: 'local', aliases: :d,
desc: 'The logon domain for your Secret Server account'
option 'force', type: :boolean, default: false, aliases: :f,
desc: 'Recreate the Zanzifile if one already exists.'
option 'secretdir', type: :string, default: 'secrets/', aliases: :s,
desc: 'The directory to which secrets should be downloaded.'
option 'ignoressl', type: :boolean, default: 'false', aliases: :k,
desc: 'Don\'t check the SSL certificate of Secret Server'
def init
run_action { init! }
end
##
# Fetch secrets declared in a local Zanzifle
desc 'bundle', "Fetch secrets declared in your #{ZANZIFILE_NAME}"
option 'verbose', type: :boolean, default: false, aliases: :v
def bundle
run_action { bundle! }
end
desc 'plunder', "Alias to `#{APPLICATION_NAME} bundle`", hide: true
option 'verbose', type: :boolean, default: false, aliases: :v
alias plunder bundle
desc 'install', "Alias to `#{APPLICATION_NAME} bundle`"
alias install bundle
##
# Redownload Zazifile secrets
desc 'update', "Redownload all secrets in your #{ZANZIFILE_NAME}"
option 'verbose', type: :boolean, default: false, aliases: :v
def update
run_action { update! }
end
desc 'get SECRETID', 'Fetch a single SECRETID from Secret Server'
option 'domain', type: :string, aliases: :d,
desc: 'The logon domain to use when logging in.'
option 'server', type: :string, aliases: :s,
desc: 'The Secret Server hostname or IP'
option 'wsdl', type: :string, aliases: :w,
desc: 'Full path to the Secret Server WSDL'
option 'ignoressl', type: :boolean, aliases: :k,
desc: 'Don\'t verify Secret Server\'s SSL certificate'
option 'filelabel', type: :string, aliases: :f,
desc: 'Specify a file (by label) to download'
option 'fieldlabel', type: :string, aliases: :l,
desc: 'Specify a field (by label) to get'
option 'username', type: :string, aliases: :u
option 'password', type: :string, aliases: :p
##
# Fetch a single secret specified on the commandline
def get(scrt_id)
run_action { get! scrt_id }
end
private
def debug_header
@ui.debug { "Running #{APPLICATION_NAME} in debug mode..." }
@ui.debug { "Ruby Version: #{RUBY_VERSION}" }
@ui.debug { "Ruby Platform: #{RUBY_PLATFORM}" }
@ui.debug { "#{APPLICATION_NAME} Version: #{VERSION}" }
end
##
# Run the specified action and rescue errors we
# explicitly send back to format them
def run_action(&_block)
yield
rescue ::Zanzibar::Error => e
@ui.error e
abort "Fatal error: #{e.message}"
end
def init!
say "Initializing a new #{ZANZIFILE_NAME} in the current directory..."
Actions::Init.new(@ui, options).run
say "Your #{ZANZIFILE_NAME} has been created!"
say 'You should check the settings and add your secrets.'
say 'Then run `zanzibar bundle` to fetch them.'
end
def bundle!
say "Checking for secrets declared in your #{ZANZIFILE_NAME}..."
Actions::Bundle.new(@ui, options).run
say 'Finished downloading secrets!'
end
def update!
say "Redownloading all secrets declared in your #{ZANZIFILE_NAME}..."
Actions::Bundle.new(@ui, options, update: true).run
say 'Finished downloading secrets!'
end
def get!(scrt_id)
say Actions::Get.new(@ui, options, scrt_id).run
end
end
end

91
lib/zanzibar/client.rb Normal file
View File

@@ -0,0 +1,91 @@
require 'zanzibar/version'
require 'savon'
require 'io/console'
require 'fileutils'
require 'yaml'
module Zanzibar
##
# Class for performing low-level WSDL actions against Secret Server
class Client
##
# Initializes the Savon client class variable with the wdsl document location and optional global variables
# @param globals{}, optional
def initialize(username, password, domain, wsdl, globals = {})
@username = username
@password = password
@domain = domain
globals = {} if globals.nil?
wsdl_loc = wsdl
@client = Savon.client(globals) do
wsdl wsdl_loc
end
end
##
# Get an authentication token for interacting with Secret Server. These are only good for about 10 minutes so just get a new one each time.
# Will raise an error if there is an issue with the authentication.
# @return the authentication token for the current user.
def generate_token
response = @client.call(:authenticate, message: { username: @username, password: @password, organization: '', domain: @domain })
.hash[:envelope][:body][:authenticate_response][:authenticate_result]
raise "Error generating the authentication token for user #{@username}: #{response[:errors][:string]}" if response[:errors]
response[:token]
rescue Savon::Error => err
raise "There was an error generating the authentiaton token for user #{@username}: #{err}"
end
##
# Get a secret returned as a hash
# Will raise an error if there was an issue getting the secret
# @param [Integer] the secret id
# @return [Hash] the secret hash retrieved from the wsdl
def get_secret(scrt_id, token = nil)
secret = @client.call(:get_secret, message: { token: token || generate_token, secretId: scrt_id }).hash[:envelope][:body][:get_secret_response][:get_secret_result]
raise "There was an error getting secret #{scrt_id}: #{secret[:errors][:string]}" if secret[:errors]
return secret
rescue Savon::Error => err
raise "There was an error getting the secret with id #{scrt_id}: #{err}"
end
##
# Get the secret item id that relates to a key file or attachment.
# Will raise on error
# @param [Integer] the secret id
# @param [String] the type of secret item to get, one of privatekey, publickey, attachment
# @return [Integer] the secret item id
def get_scrt_item_id(scrt_id, type, token)
secret = get_secret(scrt_id, token)
secret_items = secret[:secret][:items][:secret_item]
begin
return get_secret_item_by_field_name(secret_items, type)[:id]
rescue => e
raise "Unknown type, #{type}. #{e}"
end
end
##
# Get an "Attachment"-type file from a secret
# @param [Integer] the id of the secret
# @param [Integer] the id of the attachment on the secret
# @param [String] the type of the item being downloaded
# @return [Hash] contents and metadata of the downloaded file
def download_file_attachment_by_item_id(scrt_id, secret_item_id, item_type, token = nil)
token = generate_token unless token
@client.call(:download_file_attachment_by_item_id, message:
{ token: token, secretId: scrt_id, secretItemId: secret_item_id || get_scrt_item_id(scrt_id, item_type, token) })
.hash[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result]
end
##
# Extract an item from a secret based on field name
def get_secret_item_by_field_name(secret_items, field_name)
secret_items.each do |item|
return item if item[:field_name] == field_name
end
end
end
end

26
lib/zanzibar/defaults.rb Normal file
View File

@@ -0,0 +1,26 @@
require 'pathname'
# Definitions for various strings used throughout the gem
module Zanzibar
# The name of the binstub that invoked this code
APPLICATION_NAME = Pathname.new($PROGRAM_NAME).basename
# The filename of the Zanzifile
ZANZIFILE_NAME = 'Zanzifile'.freeze
# The filename of the resolved Zanzifile
RESOLVED_NAME = 'Zanzifile.resolved'.freeze
# The template to use when writing the Zanzifile
TEMPLATE_NAME = 'templates/Zanzifile.erb'.freeze
# The default value of the server when writing the Zanzifile
DEFAULT_SERVER = 'secret.example.com'.freeze
# The default WSDL location for the Zanzifile template
DEFAULT_WSDL = 'https://%s/webservices/sswebservice.asmx?wsdl'.freeze
# Error thrown when trying to overwrite an existing Zanzifile
ALREADY_EXISTS_ERROR = "#{ZANZIFILE_NAME} already exists! Aborting...".freeze
# Error thrown when unable to construct the WSDL location
NO_WSDL_ERROR = 'Could not construct WSDL URL. Please provide either --server or --wsdl'.freeze
# Error thrown when trying to download secrets from a Zanzifile that doesn't exist
NO_ZANZIFILE_ERROR = "You don't have a #{ZANZIFILE_NAME}! Run `#{APPLICATION_NAME} init` first!".freeze
# Error thrown when a Zanzifile is missing necessary information
INVALID_ZANZIFILE_ERROR = "Unable to load your #{ZANZIFILE_NAME}. Please ensure it is valid YAML.".freeze
end

6
lib/zanzibar/error.rb Normal file
View File

@@ -0,0 +1,6 @@
module Zanzibar
# A standard error with a different name
# for identifying errors internal to zanzibar
class Error < StandardError
end
end

61
lib/zanzibar/ui.rb Normal file
View File

@@ -0,0 +1,61 @@
require 'rubygems/user_interaction'
module Zanzibar
##
# Prints messages out to stdout
class Shell
##
# The stream to write log messages (usually stdout)
attr_writer :shell
##
# Logging options and initializing stream
def initialize(shell)
@shell = shell
@quiet = false
@debug = ENV['DEBUG']
end
##
# Write a debug message if debug is enabled
def debug(message = nil)
@shell.say(message || yield) if @debug && !@quiet
end
##
# Write an info message unless we have silenced output
def info(message = nil)
@shell.say(message || yield) unless @quiet
end
##
# Ask the user for confirmation unless we have silenced output
def confirm(message = nil)
@shell.say(message || yield, :green) unless @quiet
end
##
# Print a warning
def warn(message = nil)
@shell.say(message || yield, :yellow)
end
##
# Print an error
def error(message = nil)
@shell.say(message || yield, :red)
end
##
# Enable silent mode
def be_quiet!
@quiet = true
end
##
# Enable debug mode
def debug!
@debug = true
end
end
end

4
lib/zanzibar/version.rb
View File

@@ -1,3 +1,5 @@
# The version of the gem
module Zanzibar module Zanzibar
VERSION = "0.0.8" # The Version of the application
VERSION = '0.2.0'.freeze
end end

1
spec/files/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
!Zanzifile

14
spec/files/Zanzifile Normal file
View File

@@ -0,0 +1,14 @@
---
settings:
wsdl: scrt.wsdl
domain: zanzitest.net
secret_dir: secrets/
ignore_ssl: true
secrets:
ssh_key:
id: 2345
label: Private Key
prefix_ssh_key:
id: 2345
label: Private Key
prefix: ssh/

1258
test/scrt.wsdl → spec/files/scrt.wsdl
View File

File diff suppressed because it is too large Load Diff

113
spec/lib/zanzibar/actions/bundle_spec.rb Normal file
View File

@@ -0,0 +1,113 @@
require 'zanzibar/cli'
require 'zanzibar/defaults'
require 'rspec'
require 'fakefs/spec_helpers'
require 'webmock'
require 'rspec'
require 'webmock/rspec'
include WebMock::API
describe Zanzibar::Cli do
include FakeFS::SpecHelpers
describe '#bundle' do
context 'when Zanzifile already exists' do
before(:each) do
spec_root = File.join(source_root, 'spec')
response_root = File.join(spec_root, 'responses')
wsdl = File.join(spec_root, 'scrt.wsdl')
files = File.join(spec_root, 'files')
FakeFS::FileSystem.clone response_root
FakeFS::FileSystem.clone wsdl
FakeFS::FileSystem.clone files
stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
.to_return(body: AUTH_XML, status: 200).then
.to_return(body: SECRET_WITH_KEY_XML, status: 200).then
.to_return(body: PRIVATE_KEY_XML, status: 200).then
.to_return(body: AUTH_XML, status: 200).then
.to_return(body: SECRET_WITH_KEY_XML, status: 200).then
.to_return(body: PRIVATE_KEY_XML, status: 200)
Dir.chdir File.join(source_root, 'spec', 'files')
end
before(:all) do
ENV['ZANZIBAR_PASSWORD'] = 'password'
end
after(:all) do
ENV.delete 'ZANZIBAR_PASSWORD'
end
it 'should have a Zanzifile' do
expect(FakeFS::FileTest.file? Zanzibar::ZANZIFILE_NAME).to be(true)
expect(File.read(Zanzibar::ZANZIFILE_NAME)).to include('zanzitest')
end
it 'should download a file' do
expect(FakeFS::FileTest.file? File.join('secrets', 'zanzi_key')).to be(false)
expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
expect(FakeFS::FileTest.file? File.join('secrets', 'zanzi_key')).to be(true)
end
it 'should download a file to a prefix' do
expect(FakeFS::FileTest.file? File.join('secrets/ssh', 'zanzi_key')).to be(false)
expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
expect(FakeFS::FileTest.file? File.join('secrets/ssh', 'zanzi_key')).to be(true)
end
it 'should create a .gitignore' do
expect(FakeFS::FileTest.file? File.join('secrets', '.gitignore')).to be(false)
expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
expect(FakeFS::FileTest.file? File.join('secrets', '.gitignore')).to be(true)
end
it 'should create a resolved file' do
expect(FakeFS::FileTest.file? Zanzibar::RESOLVED_NAME).to be(false)
expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
expect(FakeFS::FileTest.file? Zanzibar::RESOLVED_NAME).to be(true)
end
it 'should not redownload files it already has' do
expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
expect(WebMock).to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx').times(6)
WebMock.reset!
expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
expect(WebMock).not_to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
end
it 'should redownload on update action' do
expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
expect(WebMock).to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx').times(6)
WebMock.reset!
stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
.to_return(body: AUTH_XML, status: 200).then
.to_return(body: SECRET_WITH_KEY_XML, status: 200).then
.to_return(body: PRIVATE_KEY_XML, status: 200).then
.to_return(body: AUTH_XML, status: 200).then
.to_return(body: SECRET_WITH_KEY_XML, status: 200).then
.to_return(body: PRIVATE_KEY_XML, status: 200)
expect { subject.update }.to output(/Finished downloading secrets/).to_stdout
expect(WebMock).to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx').times(6)
end
it 'should reject a malformed Zanzifile' do
File.write('Zanzifile', 'broken YAML')
expect { subject.bundle }.to raise_error.with_message(/#{Zanzibar::INVALID_ZANZIFILE_ERROR}/)
end
end
context 'when Zanzifile does not exist' do
it 'should return an error' do
expect { subject.bundle }.to raise_error.with_message(/#{Zanzibar::NO_ZANZIFILE_ERROR}/)
end
end
end
end

69
spec/lib/zanzibar/actions/get_spec.rb Normal file
View File

@@ -0,0 +1,69 @@
require 'zanzibar/cli'
require 'rspec'
require 'fakefs/spec_helpers'
require 'webmock'
require 'rspec'
require 'webmock/rspec'
require 'zanzibar/defaults'
include WebMock::API
describe Zanzibar::Cli do
include FakeFS::SpecHelpers
describe '#get' do
before(:each) do
spec_root = File.join(source_root, 'spec')
response_root = File.join(spec_root, 'responses')
wsdl = File.join(spec_root, 'scrt.wsdl')
files = File.join(spec_root, 'files')
FakeFS::FileSystem.clone response_root
FakeFS::FileSystem.clone wsdl
FakeFS::FileSystem.clone files
stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
.to_return(body: AUTH_XML, status: 200).then
.to_return(body: SECRET_XML, status: 200)
Dir.chdir File.join(source_root, 'spec', 'files')
end
before(:all) do
ENV['ZANZIBAR_PASSWORD'] = 'password'
end
after(:all) do
ENV.delete 'ZANZIBAR_PASSWORD'
WebMock.reset!
end
it 'should print a password to stdout' do
subject.options = { 'domain' => 'zanzitest.net', 'wsdl' => 'scrt.wsdl' }
expect { subject.get(1234) }.to output(/zanziUserPassword/).to_stdout
end
it 'should require a wsdl' do
expect { subject.get(1234) }.to raise_error.with_message(/#{Zanzibar::NO_WSDL_ERROR}/)
end
it 'should be able to get a field value' do
subject.options = { 'domain' => 'zanzitest.net', 'wsdl' => 'scrt.wsdl', 'fieldlabel' => 'Username' }
expect { subject.get(1234) }.to output(/ZanziUser/).to_stdout
end
it 'should be able to download files' do
WebMock.reset!
stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
.to_return(body: AUTH_XML, status: 200).then
.to_return(body: SECRET_WITH_KEY_XML, status: 200).then
.to_return(body: PRIVATE_KEY_XML, status: 200)
subject.options = { 'domain' => 'zanzitest.net', 'wsdl' => 'scrt.wsdl', 'filelabel' => 'Private Key' }
expect(FakeFS::FileTest.file? 'zanzi_key').to be(false)
expect { subject.get(2345) }.to output(/zanzi_key/).to_stdout
expect(FakeFS::FileTest.file? 'zanzi_key')
end
end
end

53
spec/lib/zanzibar/actions/init_spec.rb Normal file
View File

@@ -0,0 +1,53 @@
require 'zanzibar/cli'
require 'zanzibar/defaults'
require 'rspec'
require 'fakefs/spec_helpers'
describe Zanzibar::Cli do
include FakeFS::SpecHelpers
describe '#init' do
before(:each) do
templates_root = File.join(source_root, 'templates')
FakeFS::FileSystem.clone templates_root
end
context 'when a file does not yet exist' do
it 'should create a template file' do
expect { subject.init }.to output(/has been created/).to_stdout
expect(FakeFS::FileTest.file? Zanzibar::ZANZIFILE_NAME).to be(true)
expect(File.read Zanzibar::ZANZIFILE_NAME).to match(/fill in your secrets/)
end
it 'should accept settings as options' do
subject.options = { 'wsdl' => 'http://example.com/ss?wsdl',
'domain' => 'example.com',
'secretdir' => 'testfolderplzignore',
'ignoressl' => true }
expect { subject.init }.to output(/has been created/).to_stdout
contents = File.read Zanzibar::ZANZIFILE_NAME
expect(contents).to include('wsdl: http://example.com/ss?wsdl')
expect(contents).to include('domain: example.com')
expect(contents).to include('secret_dir: testfolderplzignore')
expect(contents).to include('ignore_ssl: true')
end
end
context 'when a file already exists' do
before(:each) { File.write(Zanzibar::ZANZIFILE_NAME, 'test value') }
it 'should not overwrite an existing file' do
expect { subject.init }.to raise_error.with_message(/#{Zanzibar::ALREADY_EXISTS_ERROR}/)
expect(File.read Zanzibar::ZANZIFILE_NAME).to eq('test value')
end
it 'should obey the force flag' do
subject.options = { 'force' => true }
expect { subject.init }.to output(/has been created/).to_stdout
expect(File.read Zanzibar::ZANZIFILE_NAME).to match('fill in your secrets')
end
end
end
end

12
spec/lib/zanzibar/version_spec.rb Normal file
View File

@@ -0,0 +1,12 @@
require 'zanzibar/cli'
require 'zanzibar/version'
require 'zanzibar/defaults'
require 'rspec'
describe Zanzibar::Cli do
describe '#version' do
it 'should print the gem version' do
expect { subject.version }.to output(/#{Zanzibar::APPLICATION_NAME} Version/).to_stdout
end
end
end

127
spec/lib/zanzibar_spec.rb Normal file
View File

@@ -0,0 +1,127 @@
require 'zanzibar'
require 'savon'
require 'webmock'
require 'rspec'
require 'webmock/rspec'
include WebMock::API
describe 'Zanzibar Test' do
client = Zanzibar::Zanzibar.new(domain: 'zanzitest.net', pwd: 'password', wsdl: 'spec/scrt.wsdl')
it 'should return an auth token' do
stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
.to_return(body: AUTH_XML, status: 200)
expect(client.instance_variable_get(:@client).generate_token).to eq('imatoken')
end
it 'should get a secret' do
stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
.to_return(body: AUTH_XML, status: 200).then
.to_return(body: SECRET_XML, status: 200)
expect(client.instance_variable_get(:@client).get_secret(1234)[:secret][:name]).to eq('Zanzi Test Secret')
end
it 'should get a password' do
stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
.to_return(body: AUTH_XML, status: 200).then
.to_return(body: SECRET_XML, status: 200)
expect(client.get_password(1234)).to eq('zanziUserPassword')
end
it 'should download a private key' do
stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
.to_return(body: AUTH_XML, status: 200).then
.to_return(body: SECRET_WITH_KEY_XML, status: 200).then
.to_return(body: PRIVATE_KEY_XML, status: 200)
client.download_secret_file(scrt_id: 2345, type: 'Private Key')
expect(File.exist? 'zanzi_key')
expect(File.read('zanzi_key')).to eq("-----BEGIN RSA PRIVATE KEY -----\nzanzibarTestPassword\n-----END RSA PRIVATE KEY-----\n")
File.delete('zanzi_key')
end
it 'should download a private key legacy' do
stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
.to_return(body: AUTH_XML, status: 200).then
.to_return(body: SECRET_WITH_KEY_XML, status: 200).then
.to_return(body: PRIVATE_KEY_XML, status: 200)
client.download_private_key(scrt_id: 2345)
expect(File.exist? 'zanzi_key')
expect(File.read('zanzi_key')).to eq("-----BEGIN RSA PRIVATE KEY -----\nzanzibarTestPassword\n-----END RSA PRIVATE KEY-----\n")
File.delete('zanzi_key')
end
it 'should download a public key' do
stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
.to_return(body: AUTH_XML, status: 200).then
.to_return(body: SECRET_WITH_KEY_XML, status: 200).then
.to_return(body: PUBLIC_KEY_XML, status: 200)
client.download_secret_file(scrt_id: 2345, type: 'Public Key')
expect(File.exist? 'zanzi_key.pub')
expect(File.read('zanzi_key.pub')).to eq("1234PublicKey5678==\n")
File.delete('zanzi_key.pub')
end
it 'should download a public key legacy' do
stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
.to_return(body: AUTH_XML, status: 200).then
.to_return(body: SECRET_WITH_KEY_XML, status: 200).then
.to_return(body: PUBLIC_KEY_XML, status: 200)
client.download_public_key(scrt_id: 2345)
expect(File.exist? 'zanzi_key.pub')
expect(File.read('zanzi_key.pub')).to eq("1234PublicKey5678==\n")
File.delete('zanzi_key.pub')
end
it 'should download an attachment' do
stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
.to_return(body: AUTH_XML, status: 200).then
.to_return(body: SECRET_WITH_ATTACHMENT_XML, status: 200).then
.to_return(body: ATTACHMENT_XML, status: 200)
client.download_secret_file(scrt_id: 3456, type: 'Attachment')
expect(File.exist? 'attachment.txt')
expect(File.read('attachment.txt')).to eq("I am a secret attachment\n")
File.delete('attachment.txt')
end
it 'should download an attachment legacy' do
stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
.to_return(body: AUTH_XML, status: 200).then
.to_return(body: SECRET_WITH_ATTACHMENT_XML, status: 200).then
.to_return(body: ATTACHMENT_XML, status: 200)
client.download_attachment(scrt_id: 3456)
expect(File.exist? 'attachment.txt')
expect(File.read('attachment.txt')).to eq("I am a secret attachment\n")
File.delete('attachment.txt')
end
it 'should save credentials to a file' do
stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
.to_return(body: AUTH_XML, status: 200).then
.to_return(body: SECRET_XML, status: 200)
client.get_username_and_password_and_save(1234, '.', 'zanziTestCreds')
expect(File.exist? 'zanziTestCreds')
expect(File.read('zanziTestCreds')).to eq({ 'username' => 'ZanziUser', 'password' => 'zanziUserPassword' }.to_yaml)
File.delete('zanziTestCreds')
end
it 'should use environment variables for credentials' do
ENV['ZANZIBAR_USER'] = 'environment_user'
ENV['ZANZIBAR_PASSWORD'] = 'environment_password'
client = Zanzibar::Zanzibar.new(domain: 'zanzitest.net', wsdl: 'spec/scrt.wsdl')
expect(client.instance_variable_get(:@username)).to eq(ENV['ZANZIBAR_USER'])
expect(client.instance_variable_get(:@password)).to eq(ENV['ZANZIBAR_PASSWORD'])
ENV.delete 'ZANZIBAR_PASSWORD'
ENV.delete 'ZANZIBAR_USER'
end
end

24
test/responses/attachment_response.xml → spec/responses/attachment_response.xml
View File

@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body> <soap:Body>
<DownloadFileAttachmentByItemIdResponse xmlns="urn:thesecretserver.com"> <DownloadFileAttachmentByItemIdResponse xmlns="urn:thesecretserver.com">
<DownloadFileAttachmentByItemIdResult> <DownloadFileAttachmentByItemIdResult>
<Errors /> <Errors />
<FileAttachment>SSBhbSBhIHNlY3JldCBhdHRhY2htZW50</FileAttachment> <FileAttachment>SSBhbSBhIHNlY3JldCBhdHRhY2htZW50</FileAttachment>
<FileName>attachment.txt</FileName> <FileName>attachment.txt</FileName>
</DownloadFileAttachmentByItemIdResult> </DownloadFileAttachmentByItemIdResult>
</DownloadFileAttachmentByItemIdResponse> </DownloadFileAttachmentByItemIdResponse>
</soap:Body> </soap:Body>
</soap:Envelope> </soap:Envelope>

0
test/responses/authenticate_response.xml → spec/responses/authenticate_response.xml
View File

24
test/responses/download_private_key_response.xml → spec/responses/download_private_key_response.xml
View File

@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body> <soap:Body>
<DownloadFileAttachmentByItemIdResponse xmlns="urn:thesecretserver.com"> <DownloadFileAttachmentByItemIdResponse xmlns="urn:thesecretserver.com">
<DownloadFileAttachmentByItemIdResult> <DownloadFileAttachmentByItemIdResult>
<Errors /> <Errors />
<FileAttachment>LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVkgLS0tLS0KemFuemliYXJUZXN0UGFzc3dvcmQKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0=</FileAttachment> <FileAttachment>LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVkgLS0tLS0KemFuemliYXJUZXN0UGFzc3dvcmQKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0=</FileAttachment>
<FileName>zanzi_key</FileName> <FileName>zanzi_key</FileName>
</DownloadFileAttachmentByItemIdResult> </DownloadFileAttachmentByItemIdResult>
</DownloadFileAttachmentByItemIdResponse> </DownloadFileAttachmentByItemIdResponse>
</soap:Body> </soap:Body>
</soap:Envelope> </soap:Envelope>

0
test/responses/download_public_key_response.xml → spec/responses/download_public_key_response.xml
View File

0
test/responses/get_secret_response.xml → spec/responses/get_secret_response.xml
View File

114
test/responses/get_secret_with_attachment_response.xml → spec/responses/get_secret_with_attachment_response.xml
View File

@@ -1,57 +1,57 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body> <soap:Body>
<GetSecretResponse xmlns="urn:thesecretserver.com"> <GetSecretResponse xmlns="urn:thesecretserver.com">
<GetSecretResult> <GetSecretResult>
<Errors /> <Errors />
<Secret> <Secret>
<Name>Zanzi Secret Attachment</Name> <Name>Zanzi Secret Attachment</Name>
<Items> <Items>
<SecretItem> <SecretItem>
<Value>N/A</Value> <Value>N/A</Value>
<Id>20144</Id> <Id>20144</Id>
<FieldId>284</FieldId> <FieldId>284</FieldId>
<FieldName>Username</FieldName> <FieldName>Username</FieldName>
<IsFile>false</IsFile> <IsFile>false</IsFile>
<IsNotes>false</IsNotes> <IsNotes>false</IsNotes>
<IsPassword>false</IsPassword> <IsPassword>false</IsPassword>
<FieldDisplayName>Username</FieldDisplayName> <FieldDisplayName>Username</FieldDisplayName>
</SecretItem> </SecretItem>
<SecretItem> <SecretItem>
<Value>N/A</Value> <Value>N/A</Value>
<Id>20145</Id> <Id>20145</Id>
<FieldId>285</FieldId> <FieldId>285</FieldId>
<FieldName>Password</FieldName> <FieldName>Password</FieldName>
<IsFile>false</IsFile> <IsFile>false</IsFile>
<IsNotes>false</IsNotes> <IsNotes>false</IsNotes>
<IsPassword>true</IsPassword> <IsPassword>true</IsPassword>
<FieldDisplayName>Password</FieldDisplayName> <FieldDisplayName>Password</FieldDisplayName>
</SecretItem> </SecretItem>
<SecretItem> <SecretItem>
<Value /> <Value />
<Id>20148</Id> <Id>20148</Id>
<FieldId>287</FieldId> <FieldId>287</FieldId>
<FieldName>Attachment</FieldName> <FieldName>Attachment</FieldName>
<IsFile>true</IsFile> <IsFile>true</IsFile>
<IsNotes>false</IsNotes> <IsNotes>false</IsNotes>
<IsPassword>false</IsPassword> <IsPassword>false</IsPassword>
<FieldDisplayName>Attachment</FieldDisplayName> <FieldDisplayName>Attachment</FieldDisplayName>
</SecretItem> </SecretItem>
</Items> </Items>
<Id>3456</Id> <Id>3456</Id>
<SecretTypeId>6028</SecretTypeId> <SecretTypeId>6028</SecretTypeId>
<FolderId>85</FolderId> <FolderId>85</FolderId>
<IsWebLauncher>false</IsWebLauncher> <IsWebLauncher>false</IsWebLauncher>
<Active>true</Active> <Active>true</Active>
<CheckOutMinutesRemaining xsi:nil="true" /> <CheckOutMinutesRemaining xsi:nil="true" />
<IsCheckedOut xsi:nil="true" /> <IsCheckedOut xsi:nil="true" />
<CheckOutUserDisplayName /> <CheckOutUserDisplayName />
<CheckOutUserId xsi:nil="true" /> <CheckOutUserId xsi:nil="true" />
<IsOutOfSync xsi:nil="true" /> <IsOutOfSync xsi:nil="true" />
<IsRestricted>false</IsRestricted> <IsRestricted>false</IsRestricted>
<OutOfSyncReason /> <OutOfSyncReason />
</Secret> </Secret>
</GetSecretResult> </GetSecretResult>
</GetSecretResponse> </GetSecretResponse>
</soap:Body> </soap:Body>
</soap:Envelope> </soap:Envelope>

94
test/responses/get_secret_with_keys_response.xml → spec/responses/get_secret_with_keys_response.xml
View File

@@ -1,47 +1,47 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body> <soap:Body>
<GetSecretResponse xmlns="urn:thesecretserver.com"> <GetSecretResponse xmlns="urn:thesecretserver.com">
<GetSecretResult> <GetSecretResult>
<Errors /> <Errors />
<Secret> <Secret>
<Name>Zanzibar Test Keys</Name> <Name>Zanzibar Test Keys</Name>
<Items> <Items>
<SecretItem> <SecretItem>
<Value /> <Value />
<Id>15214</Id> <Id>15214</Id>
<FieldId>486</FieldId> <FieldId>486</FieldId>
<FieldName>Private Key</FieldName> <FieldName>Private Key</FieldName>
<IsFile>true</IsFile> <IsFile>true</IsFile>
<IsNotes>false</IsNotes> <IsNotes>false</IsNotes>
<IsPassword>false</IsPassword> <IsPassword>false</IsPassword>
<FieldDisplayName>Private Key</FieldDisplayName> <FieldDisplayName>Private Key</FieldDisplayName>
</SecretItem> </SecretItem>
<SecretItem> <SecretItem>
<Value /> <Value />
<Id>15215</Id> <Id>15215</Id>
<FieldId>487</FieldId> <FieldId>487</FieldId>
<FieldName>Public Key</FieldName> <FieldName>Public Key</FieldName>
<IsFile>true</IsFile> <IsFile>true</IsFile>
<IsNotes>false</IsNotes> <IsNotes>false</IsNotes>
<IsPassword>false</IsPassword> <IsPassword>false</IsPassword>
<FieldDisplayName>Public Key</FieldDisplayName> <FieldDisplayName>Public Key</FieldDisplayName>
</SecretItem> </SecretItem>
</Items> </Items>
<Id>2345</Id> <Id>2345</Id>
<SecretTypeId>6054</SecretTypeId> <SecretTypeId>6054</SecretTypeId>
<FolderId>85</FolderId> <FolderId>85</FolderId>
<IsWebLauncher>false</IsWebLauncher> <IsWebLauncher>false</IsWebLauncher>
<Active>true</Active> <Active>true</Active>
<CheckOutMinutesRemaining xsi:nil="true" /> <CheckOutMinutesRemaining xsi:nil="true" />
<IsCheckedOut xsi:nil="true" /> <IsCheckedOut xsi:nil="true" />
<CheckOutUserDisplayName /> <CheckOutUserDisplayName />
<CheckOutUserId xsi:nil="true" /> <CheckOutUserId xsi:nil="true" />
<IsOutOfSync xsi:nil="true" /> <IsOutOfSync xsi:nil="true" />
<IsRestricted>false</IsRestricted> <IsRestricted>false</IsRestricted>
<OutOfSyncReason /> <OutOfSyncReason />
</Secret> </Secret>
</GetSecretResult> </GetSecretResult>
</GetSecretResponse> </GetSecretResponse>
</soap:Body> </soap:Body>
</soap:Envelope> </soap:Envelope>

629
spec/scrt.wsdl Normal file
View File

@@ -0,0 +1,629 @@
<?xml version="1.0" encoding="utf-8"?>
<wsdl:definitions xmlns:s="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" xmlns:tns="urn:thesecretserver.com" xmlns:s1="urn:thesecretserver.com/AbstractTypes" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tm="http://microsoft.com/wsdl/mime/textMatching/" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" targetNamespace="urn:thesecretserver.com" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Webservice for standard integration.</wsdl:documentation>
<wsdl:types>
<s:schema elementFormDefault="qualified" targetNamespace="urn:thesecretserver.com">
<s:complexType name="GenericResult">
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="ErrorMessage" type="s:string" />
</s:sequence>
</s:complexType>
<s:element name="Authenticate">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="username" type="s:string" />
<s:element minOccurs="0" maxOccurs="1" name="password" type="s:string" />
<s:element minOccurs="0" maxOccurs="1" name="organization" type="s:string" />
<s:element minOccurs="0" maxOccurs="1" name="domain" type="s:string" />
</s:sequence>
</s:complexType>
</s:element>
<s:element name="AuthenticateResponse">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="AuthenticateResult" type="tns:AuthenticateResult" />
</s:sequence>
</s:complexType>
</s:element>
<s:complexType name="AuthenticateResult">
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="Errors" type="tns:ArrayOfString" />
<s:element minOccurs="0" maxOccurs="1" name="Token" type="s:string" />
</s:sequence>
</s:complexType>
<s:complexType name="ArrayOfString">
<s:sequence>
<s:element minOccurs="0" maxOccurs="unbounded" name="string" nillable="true" type="s:string" />
</s:sequence>
</s:complexType>
<s:complexType name="GetSecretResult">
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="Errors" type="tns:ArrayOfString" />
<s:element minOccurs="0" maxOccurs="1" name="SecretError" type="tns:SecretError" />
<s:element minOccurs="0" maxOccurs="1" name="Secret" type="tns:Secret" />
</s:sequence>
</s:complexType>
<s:complexType name="SecretError">
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="ErrorCode" type="s:string" />
<s:element minOccurs="0" maxOccurs="1" name="ErrorMessage" type="s:string" />
<s:element minOccurs="1" maxOccurs="1" name="AllowsResponse" type="s:boolean" />
<s:element minOccurs="0" maxOccurs="1" name="CommentTitle" type="s:string" />
<s:element minOccurs="0" maxOccurs="1" name="AdditionalCommentTitle" type="s:string" />
</s:sequence>
</s:complexType>
<s:complexType name="Secret">
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="Name" type="s:string" />
<s:element minOccurs="0" maxOccurs="1" name="Items" type="tns:ArrayOfSecretItem" />
<s:element minOccurs="1" maxOccurs="1" name="Id" type="s:int" />
<s:element minOccurs="1" maxOccurs="1" name="SecretTypeId" type="s:int" />
<s:element minOccurs="1" maxOccurs="1" name="FolderId" type="s:int" />
<s:element minOccurs="1" maxOccurs="1" name="IsWebLauncher" type="s:boolean" />
<s:element minOccurs="1" maxOccurs="1" name="Active" type="s:boolean" />
<s:element minOccurs="1" maxOccurs="1" name="CheckOutMinutesRemaining" nillable="true" type="s:int" />
<s:element minOccurs="1" maxOccurs="1" name="IsCheckedOut" nillable="true" type="s:boolean" />
<s:element minOccurs="0" maxOccurs="1" name="CheckOutUserDisplayName" type="s:string" />
<s:element minOccurs="1" maxOccurs="1" name="CheckOutUserId" nillable="true" type="s:int" />
<s:element minOccurs="1" maxOccurs="1" name="IsOutOfSync" nillable="true" type="s:boolean" />
<s:element minOccurs="1" maxOccurs="1" name="IsRestricted" nillable="true" type="s:boolean" />
<s:element minOccurs="0" maxOccurs="1" name="OutOfSyncReason" type="s:string" />
<s:element minOccurs="0" maxOccurs="1" name="SecretSettings" type="tns:SecretSettings" />
<s:element minOccurs="0" maxOccurs="1" name="SecretPermissions" type="tns:SecretPermissions" />
</s:sequence>
</s:complexType>
<s:complexType name="ArrayOfSecretItem">
<s:sequence>
<s:element minOccurs="0" maxOccurs="unbounded" name="SecretItem" nillable="true" type="tns:SecretItem" />
</s:sequence>
</s:complexType>
<s:complexType name="SecretItem">
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="Value" type="s:string" />
<s:element minOccurs="1" maxOccurs="1" name="Id" nillable="true" type="s:int" />
<s:element minOccurs="1" maxOccurs="1" name="FieldId" nillable="true" type="s:int" />
<s:element minOccurs="0" maxOccurs="1" name="FieldName" type="s:string" />
<s:element minOccurs="1" maxOccurs="1" name="IsFile" type="s:boolean" />
<s:element minOccurs="1" maxOccurs="1" name="IsNotes" type="s:boolean" />
<s:element minOccurs="1" maxOccurs="1" name="IsPassword" type="s:boolean" />
<s:element minOccurs="0" maxOccurs="1" name="FieldDisplayName" type="s:string" />
</s:sequence>
</s:complexType>
<s:complexType name="SecretSettings">
<s:sequence>
<s:element minOccurs="1" maxOccurs="1" name="AutoChangeEnabled" nillable="true" type="s:boolean" />
<s:element minOccurs="1" maxOccurs="1" name="RequiresApprovalForAccess" nillable="true" type="s:boolean" />
<s:element minOccurs="1" maxOccurs="1" name="RequiresComment" nillable="true" type="s:boolean" />
<s:element minOccurs="1" maxOccurs="1" name="CheckOutEnabled" nillable="true" type="s:boolean" />
<s:element minOccurs="1" maxOccurs="1" name="CheckOutChangePasswordEnabled" nillable="true" type="s:boolean" />
<s:element minOccurs="1" maxOccurs="1" name="PrivilegedSecretId" nillable="true" type="s:int" />
<s:element minOccurs="0" maxOccurs="1" name="AssociatedSecretIds" type="tns:ArrayOfInt" />
<s:element minOccurs="0" maxOccurs="1" name="Approvers" type="tns:ArrayOfGroupOrUserRecord" />
<s:element minOccurs="1" maxOccurs="1" name="IsChangeToSettings" type="s:boolean" />
</s:sequence>
</s:complexType>
<s:complexType name="ArrayOfInt">
<s:sequence>
<s:element minOccurs="0" maxOccurs="unbounded" name="int" type="s:int" />
</s:sequence>
</s:complexType>
<s:complexType name="ArrayOfGroupOrUserRecord">
<s:sequence>
<s:element minOccurs="0" maxOccurs="unbounded" name="GroupOrUserRecord" nillable="true" type="tns:GroupOrUserRecord" />
</s:sequence>
</s:complexType>
<s:complexType name="GroupOrUserRecord">
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="Name" type="s:string" />
<s:element minOccurs="0" maxOccurs="1" name="DomainName" type="s:string" />
<s:element minOccurs="1" maxOccurs="1" name="IsUser" type="s:boolean" />
<s:element minOccurs="1" maxOccurs="1" name="GroupId" nillable="true" type="s:int" />
<s:element minOccurs="1" maxOccurs="1" name="UserId" nillable="true" type="s:int" />
</s:sequence>
</s:complexType>
<s:complexType name="SecretPermissions">
<s:sequence>
<s:element minOccurs="1" maxOccurs="1" name="CurrentUserHasView" type="s:boolean" />
<s:element minOccurs="1" maxOccurs="1" name="CurrentUserHasEdit" type="s:boolean" />
<s:element minOccurs="1" maxOccurs="1" name="CurrentUserHasOwner" type="s:boolean" />
<s:element minOccurs="1" maxOccurs="1" name="InheritPermissionsEnabled" nillable="true" type="s:boolean" />
<s:element minOccurs="1" maxOccurs="1" name="IsChangeToPermissions" type="s:boolean" />
<s:element minOccurs="0" maxOccurs="1" name="Permissions" type="tns:ArrayOfPermission" />
</s:sequence>
</s:complexType>
<s:complexType name="ArrayOfPermission">
<s:sequence>
<s:element minOccurs="0" maxOccurs="unbounded" name="Permission" nillable="true" type="tns:Permission" />
</s:sequence>
</s:complexType>
<s:complexType name="Permission">
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="UserOrGroup" type="tns:GroupOrUserRecord" />
<s:element minOccurs="1" maxOccurs="1" name="View" type="s:boolean" />
<s:element minOccurs="1" maxOccurs="1" name="Edit" type="s:boolean" />
<s:element minOccurs="1" maxOccurs="1" name="Owner" type="s:boolean" />
</s:sequence>
</s:complexType>
<s:element name="GetSecret">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="token" type="s:string" />
<s:element minOccurs="1" maxOccurs="1" name="secretId" type="s:int" />
<s:element minOccurs="1" maxOccurs="1" name="loadSettingsAndPermissions" nillable="true" type="s:boolean" />
<s:element minOccurs="0" maxOccurs="1" name="codeResponses" type="tns:ArrayOfCodeResponse" />
</s:sequence>
</s:complexType>
</s:element>
<s:complexType name="ArrayOfCodeResponse">
<s:sequence>
<s:element minOccurs="0" maxOccurs="unbounded" name="CodeResponse" nillable="true" type="tns:CodeResponse" />
</s:sequence>
</s:complexType>
<s:complexType name="CodeResponse">
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="ErrorCode" type="s:string" />
<s:element minOccurs="0" maxOccurs="1" name="Comment" type="s:string" />
<s:element minOccurs="0" maxOccurs="1" name="AdditionalComment" type="s:string" />
</s:sequence>
</s:complexType>
<s:element name="GetSecretResponse">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="GetSecretResult" type="tns:GetSecretResult" />
</s:sequence>
</s:complexType>
</s:element>
<s:complexType name="WebServiceResult">
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="Errors" type="tns:ArrayOfString" />
</s:sequence>
</s:complexType>
<s:element name="GetSecretsByFieldValue">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="token" type="s:string" />
<s:element minOccurs="0" maxOccurs="1" name="fieldName" type="s:string" />
<s:element minOccurs="0" maxOccurs="1" name="searchTerm" type="s:string" />
<s:element minOccurs="1" maxOccurs="1" name="showDeleted" type="s:boolean" />
</s:sequence>
</s:complexType>
</s:element>
<s:element name="GetSecretsByFieldValueResponse">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="GetSecretsByFieldValueResult" type="tns:GetSecretsByFieldValueResult" />
</s:sequence>
</s:complexType>
</s:element>
<s:complexType name="GetSecretsByFieldValueResult">
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="Errors" type="tns:ArrayOfString" />
<s:element minOccurs="0" maxOccurs="1" name="Secrets" type="tns:ArrayOfSecret" />
</s:sequence>
</s:complexType>
<s:complexType name="ArrayOfSecret">
<s:sequence>
<s:element minOccurs="0" maxOccurs="unbounded" name="Secret" nillable="true" type="tns:Secret" />
</s:sequence>
</s:complexType>
<s:element name="DownloadFileAttachment">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="token" type="s:string" />
<s:element minOccurs="1" maxOccurs="1" name="secretId" type="s:int" />
</s:sequence>
</s:complexType>
</s:element>
<s:element name="DownloadFileAttachmentResponse">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="DownloadFileAttachmentResult" type="tns:FileDownloadResult" />
</s:sequence>
</s:complexType>
</s:element>
<s:complexType name="FileDownloadResult">
<s:complexContent mixed="false">
<s:extension base="tns:WebServiceResult">
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="FileAttachment" type="s:base64Binary" />
<s:element minOccurs="0" maxOccurs="1" name="FileName" type="s:string" />
</s:sequence>
</s:extension>
</s:complexContent>
</s:complexType>
<s:element name="DownloadFileAttachmentByItemId">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="token" type="s:string" />
<s:element minOccurs="1" maxOccurs="1" name="secretId" type="s:int" />
<s:element minOccurs="1" maxOccurs="1" name="secretItemId" type="s:int" />
</s:sequence>
</s:complexType>
</s:element>
<s:element name="DownloadFileAttachmentByItemIdResponse">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="DownloadFileAttachmentByItemIdResult" type="tns:FileDownloadResult" />
</s:sequence>
</s:complexType>
</s:element>
<s:element name="AuthenticateResult" nillable="true" type="tns:AuthenticateResult" />
<s:element name="GetSecretResult" nillable="true" type="tns:GetSecretResult" />
<s:element name="GetSecretsByFieldValueResult" nillable="true" type="tns:GetSecretsByFieldValueResult" />
<s:element name="FileDownloadResult" nillable="true" type="tns:FileDownloadResult" />
</s:schema>
<s:schema targetNamespace="urn:thesecretserver.com/AbstractTypes">
<s:import namespace="http://schemas.xmlsoap.org/soap/encoding/" />
<s:complexType name="StringArray">
<s:complexContent mixed="false">
<s:restriction base="soapenc:Array">
<s:sequence>
<s:element minOccurs="0" maxOccurs="unbounded" name="String" type="s:string" />
</s:sequence>
</s:restriction>
</s:complexContent>
</s:complexType>
</s:schema>
</wsdl:types>
<wsdl:message name="AuthenticateSoapIn">
<wsdl:part name="parameters" element="tns:Authenticate" />
</wsdl:message>
<wsdl:message name="AuthenticateSoapOut">
<wsdl:part name="parameters" element="tns:AuthenticateResponse" />
</wsdl:message>
<wsdl:message name="GetSecretSoapIn">
<wsdl:part name="parameters" element="tns:GetSecret" />
</wsdl:message>
<wsdl:message name="GetSecretSoapOut">
<wsdl:part name="parameters" element="tns:GetSecretResponse" />
</wsdl:message>
<wsdl:message name="GetSecretsByFieldValueSoapIn">
<wsdl:part name="parameters" element="tns:GetSecretsByFieldValue" />
</wsdl:message>
<wsdl:message name="GetSecretsByFieldValueSoapOut">
<wsdl:part name="parameters" element="tns:GetSecretsByFieldValueResponse" />
</wsdl:message>
<wsdl:message name="DownloadFileAttachmentSoapIn">
<wsdl:part name="parameters" element="tns:DownloadFileAttachment" />
</wsdl:message>
<wsdl:message name="DownloadFileAttachmentSoapOut">
<wsdl:part name="parameters" element="tns:DownloadFileAttachmentResponse" />
</wsdl:message>
<wsdl:message name="DownloadFileAttachmentByItemIdSoapIn">
<wsdl:part name="parameters" element="tns:DownloadFileAttachmentByItemId" />
</wsdl:message>
<wsdl:message name="DownloadFileAttachmentByItemIdSoapOut">
<wsdl:part name="parameters" element="tns:DownloadFileAttachmentByItemIdResponse" />
</wsdl:message>
<wsdl:message name="UploadFileAttachmentSoapIn">
<wsdl:part name="parameters" element="tns:UploadFileAttachment" />
</wsdl:message>
<wsdl:message name="UploadFileAttachmentSoapOut">
<wsdl:part name="parameters" element="tns:UploadFileAttachmentResponse" />
</wsdl:message>
<wsdl:message name="UploadFileAttachmentByItemIdSoapIn">
<wsdl:part name="parameters" element="tns:UploadFileAttachmentByItemId" />
</wsdl:message>
<wsdl:message name="UploadFileAttachmentByItemIdSoapOut">
<wsdl:part name="parameters" element="tns:UploadFileAttachmentByItemIdResponse" />
</wsdl:message>
<wsdl:message name="AuthenticateHttpGetIn">
<wsdl:part name="username" type="s:string" />
<wsdl:part name="password" type="s:string" />
<wsdl:part name="organization" type="s:string" />
<wsdl:part name="domain" type="s:string" />
</wsdl:message>
<wsdl:message name="AuthenticateHttpGetOut">
<wsdl:part name="Body" element="tns:AuthenticateResult" />
</wsdl:message>
<wsdl:message name="GetSecretsByFieldValueHttpGetIn">
<wsdl:part name="token" type="s:string" />
<wsdl:part name="fieldName" type="s:string" />
<wsdl:part name="searchTerm" type="s:string" />
<wsdl:part name="showDeleted" type="s:string" />
</wsdl:message>
<wsdl:message name="GetSecretsByFieldValueHttpGetOut">
<wsdl:part name="Body" element="tns:GetSecretsByFieldValueResult" />
</wsdl:message>
<wsdl:message name="DownloadFileAttachmentHttpGetIn">
<wsdl:part name="token" type="s:string" />
<wsdl:part name="secretId" type="s:string" />
</wsdl:message>
<wsdl:message name="DownloadFileAttachmentHttpGetOut">
<wsdl:part name="Body" element="tns:FileDownloadResult" />
</wsdl:message>
<wsdl:message name="DownloadFileAttachmentByItemIdHttpGetIn">
<wsdl:part name="token" type="s:string" />
<wsdl:part name="secretId" type="s:string" />
<wsdl:part name="secretItemId" type="s:string" />
</wsdl:message>
<wsdl:message name="DownloadFileAttachmentByItemIdHttpGetOut">
<wsdl:part name="Body" element="tns:FileDownloadResult" />
</wsdl:message>
<wsdl:message name="UploadFileAttachmentHttpGetIn">
<wsdl:part name="token" type="s:string" />
<wsdl:part name="secretId" type="s:string" />
<wsdl:part name="fileData" type="s1:StringArray" />
<wsdl:part name="fileName" type="s:string" />
</wsdl:message>
<wsdl:message name="AuthenticateHttpPostIn">
<wsdl:part name="username" type="s:string" />
<wsdl:part name="password" type="s:string" />
<wsdl:part name="organization" type="s:string" />
<wsdl:part name="domain" type="s:string" />
</wsdl:message>
<wsdl:message name="AuthenticateHttpPostOut">
<wsdl:part name="Body" element="tns:AuthenticateResult" />
</wsdl:message>
<wsdl:message name="GetSecretsByFieldValueHttpPostIn">
<wsdl:part name="token" type="s:string" />
<wsdl:part name="fieldName" type="s:string" />
<wsdl:part name="searchTerm" type="s:string" />
<wsdl:part name="showDeleted" type="s:string" />
</wsdl:message>
<wsdl:message name="GetSecretsByFieldValueHttpPostOut">
<wsdl:part name="Body" element="tns:GetSecretsByFieldValueResult" />
</wsdl:message>
<wsdl:message name="DownloadFileAttachmentHttpPostIn">
<wsdl:part name="token" type="s:string" />
<wsdl:part name="secretId" type="s:string" />
</wsdl:message>
<wsdl:message name="DownloadFileAttachmentHttpPostOut">
<wsdl:part name="Body" element="tns:FileDownloadResult" />
</wsdl:message>
<wsdl:message name="DownloadFileAttachmentByItemIdHttpPostIn">
<wsdl:part name="token" type="s:string" />
<wsdl:part name="secretId" type="s:string" />
<wsdl:part name="secretItemId" type="s:string" />
</wsdl:message>
<wsdl:message name="DownloadFileAttachmentByItemIdHttpPostOut">
<wsdl:part name="Body" element="tns:FileDownloadResult" />
</wsdl:message>
<wsdl:portType name="SSWebServiceSoap">
<wsdl:operation name="Authenticate">
<wsdl:input message="tns:AuthenticateSoapIn" />
<wsdl:output message="tns:AuthenticateSoapOut" />
</wsdl:operation>
<wsdl:operation name="GetSecret">
<wsdl:input message="tns:GetSecretSoapIn" />
<wsdl:output message="tns:GetSecretSoapOut" />
</wsdl:operation>
<wsdl:operation name="GetSecretsByFieldValue">
<wsdl:input message="tns:GetSecretsByFieldValueSoapIn" />
<wsdl:output message="tns:GetSecretsByFieldValueSoapOut" />
</wsdl:operation>
<wsdl:operation name="DownloadFileAttachment">
<wsdl:input message="tns:DownloadFileAttachmentSoapIn" />
<wsdl:output message="tns:DownloadFileAttachmentSoapOut" />
</wsdl:operation>
<wsdl:operation name="DownloadFileAttachmentByItemId">
<wsdl:input message="tns:DownloadFileAttachmentByItemIdSoapIn" />
<wsdl:output message="tns:DownloadFileAttachmentByItemIdSoapOut" />
</wsdl:operation>
</wsdl:portType>
<wsdl:portType name="SSWebServiceHttpGet">
<wsdl:operation name="Authenticate">
<wsdl:input message="tns:AuthenticateHttpGetIn" />
<wsdl:output message="tns:AuthenticateHttpGetOut" />
</wsdl:operation>
<wsdl:operation name="GetSecretsByFieldValue">
<wsdl:input message="tns:GetSecretsByFieldValueHttpGetIn" />
<wsdl:output message="tns:GetSecretsByFieldValueHttpGetOut" />
</wsdl:operation>
<wsdl:operation name="DownloadFileAttachment">
<wsdl:input message="tns:DownloadFileAttachmentHttpGetIn" />
<wsdl:output message="tns:DownloadFileAttachmentHttpGetOut" />
</wsdl:operation>
<wsdl:operation name="DownloadFileAttachmentByItemId">
<wsdl:input message="tns:DownloadFileAttachmentByItemIdHttpGetIn" />
<wsdl:output message="tns:DownloadFileAttachmentByItemIdHttpGetOut" />
</wsdl:operation>
</wsdl:portType>
<wsdl:portType name="SSWebServiceHttpPost">
<wsdl:operation name="Authenticate">
<wsdl:input message="tns:AuthenticateHttpPostIn" />
<wsdl:output message="tns:AuthenticateHttpPostOut" />
</wsdl:operation>
<wsdl:operation name="GetSecretsByFieldValue">
<wsdl:input message="tns:GetSecretsByFieldValueHttpPostIn" />
<wsdl:output message="tns:GetSecretsByFieldValueHttpPostOut" />
</wsdl:operation>
<wsdl:operation name="DownloadFileAttachment">
<wsdl:input message="tns:DownloadFileAttachmentHttpPostIn" />
<wsdl:output message="tns:DownloadFileAttachmentHttpPostOut" />
</wsdl:operation>
<wsdl:operation name="DownloadFileAttachmentByItemId">
<wsdl:input message="tns:DownloadFileAttachmentByItemIdHttpPostIn" />
<wsdl:output message="tns:DownloadFileAttachmentByItemIdHttpPostOut" />
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="SSWebServiceSoap" type="tns:SSWebServiceSoap">
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" />
<wsdl:operation name="Authenticate">
<soap:operation soapAction="urn:thesecretserver.com/Authenticate" style="document" />
<wsdl:input>
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="GetSecret">
<soap:operation soapAction="urn:thesecretserver.com/GetSecret" style="document" />
<wsdl:input>
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="GetSecretsByFieldValue">
<soap:operation soapAction="urn:thesecretserver.com/GetSecretsByFieldValue" style="document" />
<wsdl:input>
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="DownloadFileAttachment">
<soap:operation soapAction="urn:thesecretserver.com/DownloadFileAttachment" style="document" />
<wsdl:input>
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="DownloadFileAttachmentByItemId">
<soap:operation soapAction="urn:thesecretserver.com/DownloadFileAttachmentByItemId" style="document" />
<wsdl:input>
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="SSWebServiceSoap12" type="tns:SSWebServiceSoap">
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http" />
<wsdl:operation name="Authenticate">
<soap12:operation soapAction="urn:thesecretserver.com/Authenticate" style="document" />
<wsdl:input>
<soap12:body use="literal" />
</wsdl:input>
<wsdl:output>
<soap12:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="GetSecret">
<soap12:operation soapAction="urn:thesecretserver.com/GetSecret" style="document" />
<wsdl:input>
<soap12:body use="literal" />
</wsdl:input>
<wsdl:output>
<soap12:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="GetSecretsByFieldValue">
<soap12:operation soapAction="urn:thesecretserver.com/GetSecretsByFieldValue" style="document" />
<wsdl:input>
<soap12:body use="literal" />
</wsdl:input>
<wsdl:output>
<soap12:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="DownloadFileAttachment">
<soap12:operation soapAction="urn:thesecretserver.com/DownloadFileAttachment" style="document" />
<wsdl:input>
<soap12:body use="literal" />
</wsdl:input>
<wsdl:output>
<soap12:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="DownloadFileAttachmentByItemId">
<soap12:operation soapAction="urn:thesecretserver.com/DownloadFileAttachmentByItemId" style="document" />
<wsdl:input>
<soap12:body use="literal" />
</wsdl:input>
<wsdl:output>
<soap12:body use="literal" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="SSWebServiceHttpGet" type="tns:SSWebServiceHttpGet">
<http:binding verb="GET" />
<wsdl:operation name="Authenticate">
<http:operation location="/Authenticate" />
<wsdl:input>
<http:urlEncoded />
</wsdl:input>
<wsdl:output>
<mime:mimeXml part="Body" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="GetSecretsByFieldValue">
<http:operation location="/GetSecretsByFieldValue" />
<wsdl:input>
<http:urlEncoded />
</wsdl:input>
<wsdl:output>
<mime:mimeXml part="Body" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="DownloadFileAttachment">
<http:operation location="/DownloadFileAttachment" />
<wsdl:input>
<http:urlEncoded />
</wsdl:input>
<wsdl:output>
<mime:mimeXml part="Body" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="DownloadFileAttachmentByItemId">
<http:operation location="/DownloadFileAttachmentByItemId" />
<wsdl:input>
<http:urlEncoded />
</wsdl:input>
<wsdl:output>
<mime:mimeXml part="Body" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="SSWebServiceHttpPost" type="tns:SSWebServiceHttpPost">
<http:binding verb="POST" />
<wsdl:operation name="Authenticate">
<http:operation location="/Authenticate" />
<wsdl:input>
<mime:content type="application/x-www-form-urlencoded" />
</wsdl:input>
<wsdl:output>
<mime:mimeXml part="Body" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="GetSecretsByFieldValue">
<http:operation location="/GetSecretsByFieldValue" />
<wsdl:input>
<mime:content type="application/x-www-form-urlencoded" />
</wsdl:input>
<wsdl:output>
<mime:mimeXml part="Body" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="DownloadFileAttachment">
<http:operation location="/DownloadFileAttachment" />
<wsdl:input>
<mime:content type="application/x-www-form-urlencoded" />
</wsdl:input>
<wsdl:output>
<mime:mimeXml part="Body" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="DownloadFileAttachmentByItemId">
<http:operation location="/DownloadFileAttachmentByItemId" />
<wsdl:input>
<mime:content type="application/x-www-form-urlencoded" />
</wsdl:input>
<wsdl:output>
<mime:mimeXml part="Body" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="SSWebService">
<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Webservice for standard integration.</wsdl:documentation>
<wsdl:port name="SSWebServiceSoap" binding="tns:SSWebServiceSoap">
<soap:address location="https://www.zanzitest.net/webservices/sswebservice.asmx" />
</wsdl:port>
<wsdl:port name="SSWebServiceSoap12" binding="tns:SSWebServiceSoap12">
<soap12:address location="https://www.zanzitest.net/webservices/sswebservice.asmx" />
</wsdl:port>
<wsdl:port name="SSWebServiceHttpGet" binding="tns:SSWebServiceHttpGet">
<http:address location="https://www.zanzitest.net/webservices/sswebservice.asmx" />
</wsdl:port>
<wsdl:port name="SSWebServiceHttpPost" binding="tns:SSWebServiceHttpPost">
<http:address location="https://www.zanzitest.net/webservices/sswebservice.asmx" />
</wsdl:port>
</wsdl:service>
</wsdl:definitions>

37
spec/spec_helper.rb Normal file
View File

@@ -0,0 +1,37 @@
# This file was generated by the `rspec --init` command. Conventionally, all
# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
# The generated `.rspec` file contains `--require spec_helper` which will cause this
# file to always be loaded, without a need to explicitly require it in any files.
#
# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
require 'webmock/rspec'
require 'codeclimate-test-reporter'
require 'simplecov'
CodeClimate::TestReporter.start
SimpleCov.start
RSpec.configure do |config|
config.expect_with :rspec do |expectations|
expectations.include_chain_clauses_in_custom_matcher_descriptions = true
end
config.mock_with :rspec do |mocks|
mocks.verify_partial_doubles = true
end
config.after(:suite) do
WebMock.disable_net_connect!(allow: 'codeclimate.com')
end
end
def source_root
File.expand_path('../../', __FILE__)
end
AUTH_XML = File.read('spec/responses/authenticate_response.xml')
SECRET_XML = File.read('spec/responses/get_secret_response.xml')
SECRET_WITH_KEY_XML = File.read('spec/responses/get_secret_with_keys_response.xml')
SECRET_WITH_ATTACHMENT_XML = File.read('spec/responses/get_secret_with_attachment_response.xml')
PRIVATE_KEY_XML = File.read('spec/responses/download_private_key_response.xml')
PUBLIC_KEY_XML = File.read('spec/responses/download_public_key_response.xml')
ATTACHMENT_XML = File.read('spec/responses/attachment_response.xml')

11
templates/Zanzifile.erb Normal file
View File

@@ -0,0 +1,11 @@
---
settings:
wsdl: <%= wsdl %>
domain: <%= domain %>
secret_dir: <%= secretdir %>
ignore_ssl: <%= ignoressl %>
secrets:
# TODO fill in your secrets like so:
# ssh_key:
# id: 1
# label: Private Key

90
test/spec/spec_helper.rb
View File

@@ -1,90 +0,0 @@
# This file was generated by the `rspec --init` command. Conventionally, all
# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
# The generated `.rspec` file contains `--require spec_helper` which will cause this
# file to always be loaded, without a need to explicitly require it in any files.
#
# Given that it is always loaded, you are encouraged to keep this file as
# light-weight as possible. Requiring heavyweight dependencies from this file
# will add to the boot time of your test suite on EVERY test run, even for an
# individual file that may not need all of that loaded. Instead, consider making
# a separate helper file that requires the additional dependencies and performs
# the additional setup, and require it from the spec files that actually need it.
#
# The `.rspec` file also contains a few flags that are not defaults but that
# users commonly want.
#
# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
require 'webmock/rspec'
RSpec.configure do |config|
# rspec-expectations config goes here. You can use an alternate
# assertion/expectation library such as wrong or the stdlib/minitest
# assertions if you prefer.
config.expect_with :rspec do |expectations|
# This option will default to `true` in RSpec 4. It makes the `description`
# and `failure_message` of custom matchers include text for helper methods
# defined using `chain`, e.g.:
# be_bigger_than(2).and_smaller_than(4).description
# # => "be bigger than 2 and smaller than 4"
# ...rather than:
# # => "be bigger than 2"
expectations.include_chain_clauses_in_custom_matcher_descriptions = true
end
# rspec-mocks config goes here. You can use an alternate test double
# library (such as bogus or mocha) by changing the `mock_with` option here.
config.mock_with :rspec do |mocks|
# Prevents you from mocking or stubbing a method that does not exist on
# a real object. This is generally recommended, and will default to
# `true` in RSpec 4.
mocks.verify_partial_doubles = true
end
# The settings below are suggested to provide a good initial experience
# with RSpec, but feel free to customize to your heart's content.
=begin
# These two settings work together to allow you to limit a spec run
# to individual examples or groups you care about by tagging them with
# `:focus` metadata. When nothing is tagged with `:focus`, all examples
# get run.
config.filter_run :focus
config.run_all_when_everything_filtered = true
# Limits the available syntax to the non-monkey patched syntax that is recommended.
# For more details, see:
# - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
# - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
# - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
config.disable_monkey_patching!
# This setting enables warnings. It's recommended, but in some cases may
# be too noisy due to issues in dependencies.
config.warnings = true
# Many RSpec users commonly either run the entire suite or an individual
# file, and it's useful to allow more verbose output when running an
# individual spec file.
if config.files_to_run.one?
# Use the documentation formatter for detailed output,
# unless a formatter has already been configured
# (e.g. via a command-line flag).
config.default_formatter = 'doc'
end
# Print the 10 slowest examples and example groups at the
# end of the spec run, to help surface which specs are running
# particularly slow.
config.profile_examples = 10
# Run specs in random order to surface order dependencies. If you find an
# order dependency and want to debug it, you can fix the order by providing
# the seed, which is printed after each run.
# --seed 1234
config.order = :random
# Seed global randomization in this process using the `--seed` CLI option.
# Setting this allows you to use `--seed` to deterministically reproduce
# test failures related to randomization by passing the same `--seed` value
# as the one that triggered the failure.
Kernel.srand config.seed
=end
end

80
test/zanzibar_spec.rb
View File

@@ -1,80 +0,0 @@
require '../lib/zanzibar.rb'
require 'savon'
require 'webmock'
require 'rspec'
require 'webmock/rspec'
include WebMock::API
describe "Zanzibar Test" do
client = Zanzibar::Zanzibar.new(:domain => "zanzitest.net", :pwd=>'password', :wsdl => "scrt.wsdl")
auth_xml = File.read('responses/authenticate_response.xml')
secret_xml = File.read('responses/get_secret_response.xml')
secret_with_key_xml = File.read('responses/get_secret_with_keys_response.xml')
secret_with_attachment_xml = File.read('responses/get_secret_with_attachment_response.xml')
private_key_xml = File.read('responses/download_private_key_response.xml')
public_key_xml = File.read('responses/download_public_key_response.xml')
attachment_xml = File.read('responses/attachment_response.xml')
it 'should return an auth token' do
stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
to_return(:body => auth_xml, :status => 200)
expect(client.get_token).to eq("imatoken")
end
it 'should get a secret' do
stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
to_return(:body => auth_xml, :status => 200).then.
to_return(:body => secret_xml, :status => 200)
expect(client.get_secret(1234)[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:name]).to eq("Zanzi Test Secret")
end
it 'should get a password' do
stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
to_return(:body => auth_xml, :status => 200).then.
to_return(:body => secret_xml, :status => 200)
expect(client.get_password(1234)).to eq("zanziUserPassword")
end
it 'should download a private key' do
stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
to_return(:body => auth_xml, :status => 200).then.
to_return(:body => secret_with_key_xml, :status => 200).then.
to_return(:body => private_key_xml, :status => 200)
client.download_private_key(:scrt_id => 2345)
expect(File.exist? 'zanzi_key')
expect(File.read('zanzi_key')).to eq("-----BEGIN RSA PRIVATE KEY -----\nzanzibarTestPassword\n-----END RSA PRIVATE KEY-----\n")
File.delete('zanzi_key')
end
it 'should download a public key' do
stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
to_return(:body => auth_xml, :status => 200).then.
to_return(:body => secret_with_key_xml, :status => 200).then.
to_return(:body => public_key_xml, :status => 200)
client.download_public_key(:scrt_id => 2345)
expect(File.exist? 'zanzi_key.pub')
expect(File.read('zanzi_key.pub')).to eq("1234PublicKey5678==\n")
File.delete('zanzi_key.pub')
end
it 'should download an attachment' do
stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
to_return(:body => auth_xml, :status => 200).then.
to_return(:body => secret_with_attachment_xml, :status => 200).then.
to_return(:body => attachment_xml, :status => 200)
client.download_attachment(:scrt_id => 3456)
expect(File.exist? 'attachment.txt')
expect(File.read('attachment.txt')).to eq("I am a secret attachment\n")
File.delete('attachment.txt')
end
end

36
zanzibar.gemspec
View File

@@ -4,21 +4,31 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
require 'zanzibar/version' require 'zanzibar/version'
Gem::Specification.new do |spec| Gem::Specification.new do |spec|
spec.name = "zanzibar" spec.name = 'zanzibar'
spec.version = Zanzibar::VERSION spec.version = Zanzibar::VERSION
spec.authors = ["Jason Davis-Cooke"] spec.authors = ['Jason Davis-Cooke']
spec.email = ["jdaviscooke@cimpress.com"] spec.email = ['jdaviscooke@cimpress.com']
spec.summary = "Retrieve secrets from Secret Server" spec.summary = 'Retrieve secrets from Secret Server'
spec.description = "Programatically get secrets from Secret Server via the Web Service API" spec.description = 'Programatically get secrets from Secret Server via the Web Service API'
spec.homepage = "https://github.com/Cimpress-MCP/zanzibar" spec.homepage = 'https://github.com/Cimpress-MCP/zanzibar'
spec.license = "Apache 2.0" spec.license = 'Apache 2.0'
spec.files = `git ls-files -z`.split("\x0") spec.files = `git ls-files -z`.split("\x0")
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) } spec.executables = spec.files.grep(%r{^bin\/}) { |f| File.basename(f) }
spec.test_files = spec.files.grep(%r{^(test|spec|features)/}) spec.test_files = spec.files.grep(%r{^(test|spec|features)\/})
spec.require_paths = ["lib"] spec.require_paths = ['lib']
spec.add_development_dependency "bundler", "~> 1.7" spec.add_development_dependency 'bundler', '~> 1.7'
spec.add_development_dependency "rake", "~> 10.0" spec.add_development_dependency 'rake', '~> 10.0'
spec.add_runtime_dependency "savon", "~> 2.8.0" spec.add_development_dependency 'rubocop', '~> 0.39.0'
spec.add_development_dependency 'savon_spec', '~> 0.1.6'
spec.add_development_dependency 'rspec', '~> 3.1.0'
spec.add_development_dependency 'webmock', '~> 1.20.4'
spec.add_development_dependency 'codeclimate-test-reporter'
spec.add_development_dependency 'fakefs', '~> 0.6.4'
spec.add_development_dependency 'simplecov', '~> 0.9.1'
spec.add_runtime_dependency 'savon', '~> 2.11.0'
spec.add_runtime_dependency 'rubyntlm', '~> 0.6.0'
spec.add_runtime_dependency 'thor', '~> 0.19.0'
end end