Class: HybridPlatformsConductor::Credentials

Inherits:

Object

Object
HybridPlatformsConductor::Credentials

Includes:: LoggerHelpers

Defined in:: lib/hybrid_platforms_conductor/credentials.rb

Overview

Give a secured and harmonized way to access credentials for a given service. It makes sure to remove passwords from memory for hardened security (this way if a vulnerability allows an attacker to dump the memory it won’t get passwords). It gets credentials from the following sources:

Environment variables
Netrc file

Constant Summary

Constants included from LoggerHelpers

LoggerHelpers::LEVELS_MODIFIERS, LoggerHelpers::LEVELS_TO_STDERR

Class Method Summary collapse

.with_credentials_for(id, logger, logger_stderr, url: nil) ⇒ Object

Get access to credentials and make sure they are wiped out from memory when client code ends.

Instance Method Summary collapse

#clear_password ⇒ Object

Provide a helper to clear password from memory for security.
#initialize(id, url: nil, logger: Logger.new(STDOUT), logger_stderr: Logger.new(STDERR)) ⇒ Credentials constructor

Constructor.
#password ⇒ Object

Get the associated password.
#user ⇒ Object

Get the associated user.

Methods included from LoggerHelpers

#err, #init_loggers, #log_component=, #log_debug?, #log_level=, #out, #section, #set_loggers_format, #stderr_device, #stderr_device=, #stderr_displayed?, #stdout_device, #stdout_device=, #stdout_displayed?, #stdouts_to_s, #with_progress_bar

Constructor Details

#initialize(id, url: nil, logger: Logger.new(STDOUT), logger_stderr: Logger.new(STDERR)) ⇒ `Credentials`

Constructor

Parameters

id (Symbol): Credential ID
url (String or nil): The URL for which we want the credentials, or nil if not associated to a URL [default: nil]
logger (Logger): Logger to be used [default = Logger.new(STDOUT)]
logger_stderr (Logger): Logger to be used for stderr [default = Logger.new(STDERR)]

# File 'lib/hybrid_platforms_conductor/credentials.rb', line 45

def initialize(id, url: nil, logger: Logger.new(STDOUT), logger_stderr: Logger.new(STDERR))
  init_loggers(logger, logger_stderr)
  @id = id
  @url = url
  @user = nil
  @password = nil
  @retrieved = false
end

Class Method Details

.with_credentials_for(id, logger, logger_stderr, url: nil) ⇒ `Object`

Get access to credentials and make sure they are wiped out from memory when client code ends. To ensure password safety, never store the password in a scope beyond the client code’s Proc.

Parameters

id (Symbol): Credential ID
logger (Logger): Logger to be used
logger_stderr (Logger): Logger to be used for stderr
url (String or nil): The URL for which we want the credentials, or nil if not associated to a URL [default: nil]
Proc: Client code called with credentials provided
- Parameters
  - user (String or nil): User name, or nil if none
  - password (String or nil): Password, or nil if none. !!! Never store this password in a scope broader than the client code itself !!!

# File 'lib/hybrid_platforms_conductor/credentials.rb', line 29

def self.with_credentials_for(id, logger, logger_stderr, url: nil)
  credentials = Credentials.new(id, url: url, logger: logger, logger_stderr: logger_stderr)
  begin
    yield credentials.user, credentials.password
  ensure
    credentials.clear_password
  end
end

Instance Method Details

#clear_password ⇒ `Object`

Provide a helper to clear password from memory for security. To be used when the client knows it won’t use the password anymore.

# File 'lib/hybrid_platforms_conductor/credentials.rb', line 56

def clear_password
  @password.replace('gotyou!' * 100) unless @password.nil?
  GC.start
end

#password ⇒ `Object`

Get the associated password

Result

String or nil: The password, or nil if none

# File 'lib/hybrid_platforms_conductor/credentials.rb', line 74

def password
  retrieve_credentials
  @password
end

#user ⇒ `Object`

Get the associated user

Result

String or nil: The user name, or nil if none

# File 'lib/hybrid_platforms_conductor/credentials.rb', line 65

def user
  retrieve_credentials
  @user
end