cerberus_client 1.3.1 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +34 -9
- data/lib/cerberus/aws_role_credentials_provider.rb +3 -2
- data/lib/cerberus/vault_client.rb +3 -3
- data/lib/cerberus_client/http.rb +3 -1
- data/lib/cerberus_client/version.rb +1 -1
- metadata +14 -14
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ccb02d6f202ae5383140498f5bb9654e3efb0ea0
|
4
|
+
data.tar.gz: f639c3ad2c68c3af46ba48d28cd0668f0c213820
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3c68b365555fe8e84d9eaea409f9694605580698a4bdefd79add1759c588eab6ffdc42c89b2885ce03aa23a4c66b68f2180c2e833384c28664f38c0425aedd41
|
7
|
+
data.tar.gz: 1f549a900c19e7c23f813520d672d4f3b961ebfe82721fbf29137bdb63d27932bff81b146ca5cf6862efea2b0b2420d8abaaf992a7ba30f65e757339822256ef
|
data/README.md
CHANGED
@@ -21,17 +21,17 @@ Add this to your application's Gemfile:
|
|
21
21
|
|
22
22
|
```ruby
|
23
23
|
source 'https://rubygems.org'
|
24
|
-
gem 'cerberus_client'
|
24
|
+
gem 'cerberus_client'
|
25
25
|
```
|
26
26
|
|
27
27
|
And then install it:
|
28
28
|
```bash
|
29
29
|
$ bundle
|
30
30
|
```
|
31
|
-
|
31
|
+
|
32
32
|
Or do it yourself:
|
33
|
-
```bash
|
34
|
-
$ gem install cerberus_client
|
33
|
+
```bash
|
34
|
+
$ gem install cerberus_client
|
35
35
|
```
|
36
36
|
|
37
37
|
## Usage
|
@@ -54,13 +54,42 @@ environment variable, CERBERUS_ADDR, must be set:
|
|
54
54
|
```bash
|
55
55
|
export CERBERUS_ADDR=https://cerberus.example.com
|
56
56
|
```
|
57
|
+
OR
|
58
|
+
```bash
|
59
|
+
export CERBERUS_ADDR=https://localhost:9001
|
60
|
+
```
|
57
61
|
|
58
|
-
The example above also use the DefaultCredentialsProviderChain which is used to resolve the token needed to interact
|
62
|
+
The example above also use the DefaultCredentialsProviderChain which is used to resolve the token needed to interact
|
59
63
|
with Vault. This chain will first look to see if an environemnt variable has been set with a vault token, e.g.
|
60
64
|
```bash
|
61
65
|
export CERBERUS_TOKEN=9cfced14-91ae-e3ad-5b9d-1cae6c82362d
|
62
66
|
```
|
63
67
|
|
68
|
+
Increment the version and add `.rc.1` to the end in the `lib/cerberus_client/version.rb` file.
|
69
|
+
|
70
|
+
Then build and install the gem locally:
|
71
|
+
|
72
|
+
```bash
|
73
|
+
% gem build cerberus_client.gemspec
|
74
|
+
Successfully built RubyGem
|
75
|
+
Name: cerberus_client
|
76
|
+
Version: 0.0.0.rc.1
|
77
|
+
File: cerberus_client-0.0.0.rc.1
|
78
|
+
|
79
|
+
% gem install ./cerberus_client-0.0.0.rc.1.gem
|
80
|
+
Successfully installed cerberus_client-0.0.0.rc.1
|
81
|
+
1 gem installed
|
82
|
+
```
|
83
|
+
|
84
|
+
Then open Interactive Ruby:
|
85
|
+
```bash
|
86
|
+
% irb
|
87
|
+
|
88
|
+
2.2.2 :001 > require 'cerberus_client'
|
89
|
+
2.2.2 :001 > vaultClient = CerberusClient::getDefaultVaultClient()
|
90
|
+
2.2.2 :001 > vaultClient.read("app/example/test")
|
91
|
+
```
|
92
|
+
|
64
93
|
### Running in AWS
|
65
94
|
|
66
95
|
If the environment variables used in local development are not found, the client will try to use the AWS metadata
|
@@ -70,7 +99,3 @@ are available in the [Cerberus quick start guide](http://engineering.nike.com/ce
|
|
70
99
|
Optionally, UrlResolver and/or CredentialsProviderChain can be provided to customize how those values are used in
|
71
100
|
your system. See lib/cerberus_client for alternative factory methods and the functions your custom objects should
|
72
101
|
support.
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
@@ -228,11 +228,12 @@ module Cerberus
|
|
228
228
|
def doAuthWithCerberus(accountId, roleName, region)
|
229
229
|
postJsonData = JSON.generate({:account_id => accountId, :role_name => roleName, :region => region})
|
230
230
|
authUrl = URI(@vaultBaseUrl + ROLE_AUTH_REL_URI)
|
231
|
-
|
231
|
+
useSSL = ! ("#{@vaultBaseUrl}".include? "localhost")
|
232
|
+
authResponse = CerberusClient::Http.new.doHttp(authUrl, 'POST', useSSL, postJsonData)
|
232
233
|
# if we got this far, we should have a valid response with encrypted data
|
233
234
|
# send back the encrypted data
|
234
235
|
JSON.parse(authResponse.body)['auth_data']
|
235
236
|
end
|
236
237
|
|
237
238
|
end
|
238
|
-
end
|
239
|
+
end
|
@@ -42,7 +42,6 @@ module Cerberus
|
|
42
42
|
# Read operation for a specified path.
|
43
43
|
##
|
44
44
|
def read(path)
|
45
|
-
|
46
45
|
begin
|
47
46
|
response = doVaultHttpGet(SECRET_PATH_PREFIX + path)
|
48
47
|
CerberusClient::Log.instance.debug("VaultClient::read(path) HTTP response: #{response.code}, #{response.message}")
|
@@ -157,10 +156,11 @@ module Cerberus
|
|
157
156
|
def doVaultHttpGet(relativeUri)
|
158
157
|
|
159
158
|
url = URI(@vaultBaseUrl + relativeUri)
|
159
|
+
useSSL = ! ("#{@vaultBaseUrl}".include? "localhost")
|
160
160
|
|
161
161
|
begin
|
162
162
|
response = CerberusClient::Http.new.doHttp(url,
|
163
|
-
'GET',
|
163
|
+
'GET', useSSL, nil,
|
164
164
|
{VAULT_TOKEN_HEADER_KEY =>
|
165
165
|
CerberusClient.getCredentialsFromProvider(@credentialsProvider)})
|
166
166
|
|
@@ -204,4 +204,4 @@ module Cerberus
|
|
204
204
|
end
|
205
205
|
|
206
206
|
end
|
207
|
-
end
|
207
|
+
end
|
data/lib/cerberus_client/http.rb
CHANGED
@@ -4,6 +4,7 @@ module CerberusClient
|
|
4
4
|
require_relative('../cerberus/exception/http_error')
|
5
5
|
require('net/http')
|
6
6
|
require_relative('log')
|
7
|
+
require_relative('version')
|
7
8
|
|
8
9
|
##
|
9
10
|
#
|
@@ -38,6 +39,7 @@ module CerberusClient
|
|
38
39
|
if(jsonData != nil); request.body = "#{jsonData}"; request['Content-Type'] = "application/json"; end
|
39
40
|
|
40
41
|
if(headersMap != nil); headersMap.each{ |headerKey, headerValue| request[headerKey] = headerValue } end
|
42
|
+
request['X-Cerberus-Client'] = "CerberusRubyClient/#{CerberusClient::VERSION}"
|
41
43
|
|
42
44
|
http.use_ssl = useSSL
|
43
45
|
response = http.request(request)
|
@@ -64,4 +66,4 @@ module CerberusClient
|
|
64
66
|
end
|
65
67
|
|
66
68
|
end
|
67
|
-
end
|
69
|
+
end
|
metadata
CHANGED
@@ -1,55 +1,55 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cerberus_client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Joe Teibel
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-08-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- -
|
17
|
+
- - ~>
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: '2'
|
20
20
|
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- -
|
24
|
+
- - ~>
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '2'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rspec
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- -
|
31
|
+
- - ~>
|
32
32
|
- !ruby/object:Gem::Version
|
33
33
|
version: '3.0'
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- -
|
38
|
+
- - ~>
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '3.0'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: bundler
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- -
|
45
|
+
- - ~>
|
46
46
|
- !ruby/object:Gem::Version
|
47
47
|
version: '1.13'
|
48
48
|
type: :development
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- -
|
52
|
+
- - ~>
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '1.13'
|
55
55
|
description: This is a Ruby based client library for communicating with Vault via
|
@@ -63,9 +63,9 @@ executables: []
|
|
63
63
|
extensions: []
|
64
64
|
extra_rdoc_files: []
|
65
65
|
files:
|
66
|
-
-
|
67
|
-
-
|
68
|
-
-
|
66
|
+
- .gitignore
|
67
|
+
- .rspec
|
68
|
+
- .travis.yml
|
69
69
|
- CHANGELOG.md
|
70
70
|
- CONTRIBUTING.md
|
71
71
|
- Gemfile
|
@@ -100,17 +100,17 @@ require_paths:
|
|
100
100
|
- lib
|
101
101
|
required_ruby_version: !ruby/object:Gem::Requirement
|
102
102
|
requirements:
|
103
|
-
- -
|
103
|
+
- - '>='
|
104
104
|
- !ruby/object:Gem::Version
|
105
105
|
version: '0'
|
106
106
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
|
-
- -
|
108
|
+
- - '>='
|
109
109
|
- !ruby/object:Gem::Version
|
110
110
|
version: '0'
|
111
111
|
requirements: []
|
112
112
|
rubyforge_project:
|
113
|
-
rubygems_version: 2.
|
113
|
+
rubygems_version: 2.2.2
|
114
114
|
signing_key:
|
115
115
|
specification_version: 4
|
116
116
|
summary: '["A Ruby Client for Cerberus, a secure property store for cloud applications"]'
|