dd-vault 0.12.0

data/lib/vault/request.rb

@@ -0,0 +1,43 @@
+module Vault
+  class Request
+    attr_reader :client
+
+    def initialize(client)
+      @client = client
+    end
+
+    # @return [String]
+    def to_s
+      "#<#{self.class.name}>"
+    end
+
+    # @return [String]
+    def inspect
+      "#<#{self.class.name}:0x#{"%x" % (self.object_id << 1)}>"
+    end
+
+    private
+
+    include EncodePath
+
+    # Removes the given header fields from options and returns the result. This
+    # modifies the given options in place.
+    #
+    # @param [Hash] options
+    #
+    # @return [Hash]
+    def extract_headers!(options = {})
+      extract = {
+        wrap_ttl: Vault::Client::WRAP_TTL_HEADER,
+      }
+
+      {}.tap do |h|
+        extract.each do |k,v|
+          if options[k]
+            h[v] = options.delete(k)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/vault/response.rb

@@ -0,0 +1,89 @@
+module Vault
+  class Response
+    # Defines a new field. This is designed to be used by the subclass as a
+    # mini-DSL.
+    #
+    # @example Default
+    #   field :data
+    #
+    # @example With a mutator
+    #   field :present, as: :present?
+    #
+    # @param n [Symbol] the name of the field
+    # @option opts [Symbol] :as alias for method name
+    #
+    # @!visibility private
+    def self.field(n, opts = {})
+      self.fields[n] = opts
+
+      if opts[:as].nil?
+        attr_reader n
+      else
+        define_method(opts[:as]) do
+          instance_variable_get(:"@#{n}")
+        end
+      end
+    end
+
+    # Returns the list of fields defined on this subclass.
+    # @!visibility private
+    def self.fields
+      @fields ||= {}
+    end
+
+    # Decodes the given object (usually a Hash) into an instance of this class.
+    #
+    # @param object [Hash<Symbol, Object>]
+    def self.decode(object)
+      self.new(object)
+    end
+
+    def initialize(opts = {})
+      # Initialize all fields as nil to start
+      self.class.fields.each do |k, _|
+        instance_variable_set(:"@#{k}", nil)
+      end
+
+      # For each supplied option, set the instance variable if it was defined
+      # as a field.
+      opts.each do |k, v|
+        if self.class.fields.key?(k)
+          opts = self.class.fields[k]
+
+          if (m = opts[:load]) && !v.nil?
+            v = m.call(v)
+          end
+
+          if opts[:freeze]
+            v = v.freeze
+          end
+
+          instance_variable_set(:"@#{k}", v)
+        end
+      end
+    end
+
+    # Create a hash-bashed representation of this response.
+    #
+    # @return [Hash]
+    def to_h
+      self.class.fields.inject({}) do |h, (k, opts)|
+        if opts[:as].nil?
+          h[k] = self.public_send(k)
+        else
+          h[k] = self.public_send(opts[:as])
+        end
+
+        if !h[k].nil? && !h[k].is_a?(Array) && h[k].respond_to?(:to_h)
+          h[k] = h[k].to_h
+        end
+
+        h
+      end
+    end
+
+    def ==(other)
+      self.to_h == other.to_h
+    end
+  end
+end

data/lib/vault/vendor/connection_pool/timed_stack.rb

@@ -0,0 +1,178 @@
+require 'thread'
+require 'timeout'
+
+module Vault; end
+
+##
+# Raised when you attempt to retrieve a connection from a pool that has been
+# shut down.
+
+class Vault::ConnectionPool::PoolShuttingDownError < RuntimeError; end
+
+##
+# The TimedStack manages a pool of homogeneous connections (or any resource
+# you wish to manage).  Connections are created lazily up to a given maximum
+# number.
+
+# Examples:
+#
+#    ts = TimedStack.new(1) { MyConnection.new }
+#
+#    # fetch a connection
+#    conn = ts.pop
+#
+#    # return a connection
+#    ts.push conn
+#
+#    conn = ts.pop
+#    ts.pop timeout: 5
+#    #=> raises Timeout::Error after 5 seconds
+
+module Vault
+class ConnectionPool::TimedStack
+
+  ##
+  # Creates a new pool with +size+ connections that are created from the given
+  # +block+.
+
+  def initialize(size = 0, &block)
+    @create_block = block
+    @created = 0
+    @que = []
+    @max = size
+    @mutex = Mutex.new
+    @resource = ConditionVariable.new
+    @shutdown_block = nil
+  end
+
+  ##
+  # Returns +obj+ to the stack.  +options+ is ignored in TimedStack but may be
+  # used by subclasses that extend TimedStack.
+
+  def push(obj, options = {})
+    @mutex.synchronize do
+      if @shutdown_block
+        @shutdown_block.call(obj)
+      else
+        store_connection obj, options
+      end
+
+      @resource.broadcast
+    end
+  end
+  alias_method :<<, :push
+
+  ##
+  # Retrieves a connection from the stack.  If a connection is available it is
+  # immediately returned.  If no connection is available within the given
+  # timeout a Timeout::Error is raised.
+  #
+  # +:timeout+ is the only checked entry in +options+ and is preferred over
+  # the +timeout+ argument (which will be removed in a future release).  Other
+  # options may be used by subclasses that extend TimedStack.
+
+  def pop(timeout = 0.5, options = {})
+    options, timeout = timeout, 0.5 if Hash === timeout
+    timeout = options.fetch :timeout, timeout
+
+    deadline = Time.now + timeout
+    @mutex.synchronize do
+      loop do
+        raise ConnectionPool::PoolShuttingDownError if @shutdown_block
+        return fetch_connection(options) if connection_stored?(options)
+
+        connection = try_create(options)
+        return connection if connection
+
+        to_wait = deadline - Time.now
+        raise Timeout::Error, "Waited #{timeout} sec" if to_wait <= 0
+        @resource.wait(@mutex, to_wait)
+      end
+    end
+  end
+
+  ##
+  # Shuts down the TimedStack which prevents connections from being checked
+  # out.  The +block+ is called once for each connection on the stack.
+
+  def shutdown(&block)
+    raise ArgumentError, "shutdown must receive a block" unless block_given?
+
+    @mutex.synchronize do
+      @shutdown_block = block
+      @resource.broadcast
+
+      shutdown_connections
+    end
+  end
+
+  ##
+  # Returns +true+ if there are no available connections.
+
+  def empty?
+    (@created - @que.length) >= @max
+  end
+
+  ##
+  # The number of connections available on the stack.
+
+  def length
+    @max - @created + @que.length
+  end
+
+  private
+
+  ##
+  # This is an extension point for TimedStack and is called with a mutex.
+  #
+  # This method must returns true if a connection is available on the stack.
+
+  def connection_stored?(options = nil)
+    !@que.empty?
+  end
+
+  ##
+  # This is an extension point for TimedStack and is called with a mutex.
+  #
+  # This method must return a connection from the stack.
+
+  def fetch_connection(options = nil)
+    @que.pop
+  end
+
+  ##
+  # This is an extension point for TimedStack and is called with a mutex.
+  #
+  # This method must shut down all connections on the stack.
+
+  def shutdown_connections(options = nil)
+    while connection_stored?(options)
+      conn = fetch_connection(options)
+      @shutdown_block.call(conn)
+    end
+  end
+
+  ##
+  # This is an extension point for TimedStack and is called with a mutex.
+  #
+  # This method must return +obj+ to the stack.
+
+  def store_connection(obj, options = nil)
+    @que.push obj
+  end
+
+  ##
+  # This is an extension point for TimedStack and is called with a mutex.
+  #
+  # This method must create a connection if and only if the total number of
+  # connections allowed has not been met.
+
+  def try_create(options = nil)
+    unless @created == @max
+      object = @create_block.call
+      @created += 1
+      object
+    end
+  end
+end
+end

data/lib/vault/vendor/connection_pool/version.rb

@@ -0,0 +1,5 @@
+module Vault
+class ConnectionPool
+  VERSION = "2.2.0"
+end
+end

data/lib/vault/vendor/connection_pool.rb

@@ -0,0 +1,150 @@
+require_relative 'connection_pool/version'
+require_relative 'connection_pool/timed_stack'
+
+
+# Generic connection pool class for e.g. sharing a limited number of network connections
+# among many threads.  Note: Connections are lazily created.
+#
+# Example usage with block (faster):
+#
+#    @pool = ConnectionPool.new { Redis.new }
+#
+#    @pool.with do |redis|
+#      redis.lpop('my-list') if redis.llen('my-list') > 0
+#    end
+#
+# Using optional timeout override (for that single invocation)
+#
+#    @pool.with(:timeout => 2.0) do |redis|
+#      redis.lpop('my-list') if redis.llen('my-list') > 0
+#    end
+#
+# Example usage replacing an existing connection (slower):
+#
+#    $redis = ConnectionPool.wrap { Redis.new }
+#
+#    def do_work
+#      $redis.lpop('my-list') if $redis.llen('my-list') > 0
+#    end
+#
+# Accepts the following options:
+# - :size - number of connections to pool, defaults to 5
+# - :timeout - amount of time to wait for a connection if none currently available, defaults to 5 seconds
+#
+module Vault
+class ConnectionPool
+  DEFAULTS = {size: 5, timeout: 5}
+
+  class Error < RuntimeError
+  end
+
+  def self.wrap(options, &block)
+    Wrapper.new(options, &block)
+  end
+
+  def initialize(options = {}, &block)
+    raise ArgumentError, 'Connection pool requires a block' unless block
+
+    options = DEFAULTS.merge(options)
+
+    @size = options.fetch(:size)
+    @timeout = options.fetch(:timeout)
+
+    @available = TimedStack.new(@size, &block)
+    @key = :"current-#{@available.object_id}"
+  end
+
+if Thread.respond_to?(:handle_interrupt)
+
+  # MRI
+  def with(options = {})
+    Thread.handle_interrupt(Exception => :never) do
+      conn = checkout(options)
+      begin
+        Thread.handle_interrupt(Exception => :immediate) do
+          yield conn
+        end
+      ensure
+        checkin
+      end
+    end
+  end
+
+else
+
+  # jruby 1.7.x
+  def with(options = {})
+    conn = checkout(options)
+    begin
+      yield conn
+    ensure
+      checkin
+    end
+  end
+
+end
+
+  def checkout(options = {})
+    conn = if stack.empty?
+      timeout = options[:timeout] || @timeout
+      @available.pop(timeout: timeout)
+    else
+      stack.last
+    end
+
+    stack.push conn
+    conn
+  end
+
+  def checkin
+    conn = pop_connection # mutates stack, must be on its own line
+    @available.push(conn) if stack.empty?
+
+    nil
+  end
+
+  def shutdown(&block)
+    @available.shutdown(&block)
+  end
+
+  private
+
+  def pop_connection
+    if stack.empty?
+      raise ConnectionPool::Error, 'no connections are checked out'
+    else
+      stack.pop
+    end
+  end
+
+  def stack
+    ::Thread.current[@key] ||= []
+  end
+
+  class Wrapper < ::BasicObject
+    METHODS = [:with, :pool_shutdown]
+
+    def initialize(options = {}, &block)
+      @pool = ::ConnectionPool.new(options, &block)
+    end
+
+    def with(&block)
+      @pool.with(&block)
+    end
+
+    def pool_shutdown(&block)
+      @pool.shutdown(&block)
+    end
+
+    def respond_to?(id, *args)
+      METHODS.include?(id) || with { |c| c.respond_to?(id, *args) }
+    end
+
+    def method_missing(name, *args, &block)
+      with do |connection|
+        connection.send(name, *args, &block)
+      end
+    end
+  end
+end
+end

data/lib/vault/version.rb

@@ -0,0 +1,3 @@
+module Vault
+  VERSION = "0.12.0"
+end

data/lib/vault.rb

@@ -0,0 +1,49 @@
+module Vault
+  require_relative "vault/errors"
+  require_relative "vault/client"
+  require_relative "vault/configurable"
+  require_relative "vault/defaults"
+  require_relative "vault/response"
+  require_relative "vault/version"
+
+  require_relative "vault/api"
+
+  class << self
+    # API client object based off the configured options in {Configurable}.
+    #
+    # @return [Vault::Client]
+    attr_reader :client
+
+    def setup!
+      @client = Vault::Client.new
+
+      # Set secure SSL options
+      OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options].tap do |opts|
+        opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
+        opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
+        opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
+        opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
+      end
+
+      self
+    end
+
+    # Delegate all methods to the client object, essentially making the module
+    # object behave like a {Client}.
+    def method_missing(m, *args, &block)
+      if @client.respond_to?(m)
+        @client.send(m, *args, &block)
+      else
+        super
+      end
+    end
+
+    # Delegating +respond_to+ to the {Client}.
+    def respond_to_missing?(m, include_private = false)
+      @client.respond_to?(m, include_private) || super
+    end
+  end
+end
+
+# Load the initial default values
+Vault.setup!

data/vault.gemspec

@@ -0,0 +1,30 @@
+# coding: utf-8
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "vault/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "dd-vault"
+  spec.version       = Vault::VERSION
+  spec.authors       = ["Seth Vargo"]
+  spec.email         = ["sethvargo@gmail.com"]
+  spec.licenses      = ["MPL-2.0"]
+
+  spec.summary       = "Vault is a Ruby API client for interacting with a Vault server."
+  spec.description   = spec.summary
+  spec.homepage      = "https://github.com/hashicorp/vault-ruby"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency "aws-sigv4"
+
+  spec.add_development_dependency "bundler"
+  spec.add_development_dependency "pry"
+  spec.add_development_dependency "rake",    "~> 12.0"
+  spec.add_development_dependency "rspec",   "~> 3.5"
+  spec.add_development_dependency "yard"
+  spec.add_development_dependency "webmock", "~> 2.3"
+end