infisical-sdk 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 76ccc0dbd846bf88995c037fca57e95d0e4bb170920fb671c5647e0fe65a4db9
+  data.tar.gz: a4af651d6824cf8978cb20f15d7ad9bf04df88a1c050d99ef4d5fb3042f12062
+SHA512:
+  metadata.gz: 6f9b107f069c6c566e9cc27da137a7565866eb18ccd7f4bd39711fe0dd0195a294361084c6131d5eb4738f1549f0f5b344e9d3762aadcad8f96875c9fb7829d3
+  data.tar.gz: 57ebffb40d22abd61c4d06ce65d4880eab45959bfdbfb1e8dfa171936a449ef77e9f436b7c8eb8715db28c77af1a09137510d9beb236725d5403c557ea7f8ed0

data/Rakefile

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rubocop/rake_task'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new
+
+RuboCop::RakeTask.new
+
+task default: :rubocop

data/Steepfile

@@ -0,0 +1,46 @@
+D = Steep::Diagnostic
+#
+# target :lib do
+#   signature "sig"
+#
+#   check "lib"                       # Directory name
+#   check "Gemfile"                   # File name
+#   check "app/models/**/*.rb"        # Glob
+#   # ignore "lib/templates/*.rb"
+#
+#   # library "pathname"              # Standard libraries
+#   # library "strong_json"           # Gems
+#
+#   # configure_code_diagnostics(D::Ruby.default)      # `default` diagnostics setting (applies by default)
+#   # configure_code_diagnostics(D::Ruby.strict)       # `strict` diagnostics setting
+#   # configure_code_diagnostics(D::Ruby.lenient)      # `lenient` diagnostics setting
+#   # configure_code_diagnostics(D::Ruby.silent)       # `silent` diagnostics setting
+#   # configure_code_diagnostics do |hash|             # You can setup everything yourself
+#   #   hash[D::Ruby::NoMethod] = :information
+#   # end
+# end
+
+# target :test do
+#   signature "sig", "sig-private"
+#
+#   check "test"
+#
+#   # library "pathname"              # Standard libraries
+# end
+
+target :app do
+  check 'lib'
+  signature 'sig'
+
+  library 'set', 'pathname'
+  ignore(
+    'lib/schemas.rb',
+    'lib/infisical_lib.rb',
+    'lib/extended_schemas/schemas.rb'
+  )
+
+  configure_code_diagnostics do |hash| # You can setup everything yourself
+
+    hash[D::Ruby::UnknownConstant] = :information
+  end
+end

data/infisical-sdk.gemspec

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+require_relative 'lib/version'
+
+Gem::Specification.new do |spec|
+  spec.name = 'infisical-sdk'
+  spec.version = InfisicalSDK::VERSION
+  spec.authors = ['Infisical Inc.']
+  spec.email = ['team@infisical.com']
+
+  spec.summary = 'Ruby SDK for interacting with the Infisical platform.'
+  spec.description = 'The official Infisical Ruby SDK.'
+  spec.homepage = 'https://infisical.com'
+  spec.required_ruby_version = '>= 2.7'
+
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = 'https://github.com/infisical/sdk'
+  spec.metadata['changelog_uri'] = 'https://infisical.com/docs/changelog/overview'
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(__dir__) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (File.expand_path(f) == __FILE__) || f.start_with?(*%w[bin/ test/ spec/ features/ .git Gemfile])
+    end
+  end
+
+  spec.files += Dir.glob('lib/linux-x64/**/*')
+  spec.files += Dir.glob('lib/linux-arm64/**/*')
+  spec.files += Dir.glob('lib/macos-x64/**/*')
+  spec.files += Dir.glob('lib/windows-x64/**/*')
+  spec.files += Dir.glob('lib/macos-arm64/**/*')
+  spec.files += Dir.glob('lib/schemas.rb')
+
+  spec.bindir = 'exe'
+  spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  # Uncomment to register a new dependency of your gem
+  # spec.add_dependency "example-gem", "~> 1.0"
+  spec.add_dependency 'dry-struct', '~> 1.6'
+  spec.add_dependency 'dry-types', '~> 1.7'
+  spec.add_dependency 'ffi', '~> 1.15'
+  spec.add_dependency 'json', '~> 2.6'
+  spec.add_dependency 'rake', '~> 13.0'
+  spec.add_dependency 'rubocop', '~> 1.21'
+
+end

data/lib/clients/auth.rb

@@ -0,0 +1,100 @@
+# frozen_string_literal: true
+
+require 'json'
+require_relative '../extended_schemas/schemas'
+
+module InfisicalSDK
+  # Manage Infisical secrets.
+  class AuthClient
+    def initialize(command_runner)
+      @command_runner = command_runner
+    end
+
+    def universal_auth(client_id:, client_secret:)
+      response = run_command(universal_auth_login: UniversalAuthMethod.new(
+        client_id: client_id,
+        client_secret: client_secret
+      ))
+
+      handle_auth_response(response)
+    end
+
+    def kubernetes_auth(identity_id:, service_account_token_path:)
+
+      response = run_command(kubernetes_auth_login: KubernetesAuthMethod.new(
+        identity_id: identity_id,
+        service_account_token_path: service_account_token_path
+      ))
+
+      handle_auth_response(response)
+    end
+
+    def azure_auth(identity_id:)
+
+      response = run_command(azure_auth_login: AzureAuthMethod.new(
+        identity_id: identity_id
+      ))
+
+      handle_auth_response(response)
+    end
+
+    def gcp_id_token_auth(identity_id:)
+
+      response = run_command(gcp_id_token_auth_login: GCPIDTokenAuthMethod.new(
+        identity_id: identity_id
+      ))
+
+      handle_auth_response(response)
+    end
+
+    def gcp_iam_auth(identity_id:, service_account_key_file_path:)
+
+      response = run_command(gcp_iam_auth_login: GCPIamAuthMethod.new(
+        identity_id: identity_id,
+        service_account_key_file_path: service_account_key_file_path
+      ))
+
+      handle_auth_response(response)
+    end
+
+    def aws_iam_auth(identity_id:)
+
+      response = run_command(aws_iam_auth_login: AWSIamAuthMethod.new(
+        identity_id: identity_id
+      ))
+
+      handle_auth_response(response)
+    end
+
+    private
+
+    def error_handler(response)
+
+      # If the response is successful, we return without raising errors.
+      if response.key?('success') && response['success'] == true && response.key?('data')
+        return
+      end
+
+      if response['errorMessage']
+        raise InfisicalError, response['errorMessage'] if response.key?('errorMessage')
+      else
+        raise InfisicalError, 'Error while getting response'
+      end
+    end
+
+    def handle_auth_response(response)
+      auth_response = ResponseForAccessTokenSuccessResponse.from_json!(response).to_dynamic
+      error_handler(auth_response)
+
+      auth_response['data']
+    end
+
+    def run_command(command)
+      response = @command_runner.run(InfisicalCommands.new(command))
+      raise InfisicalError, 'Error getting response' if response.nil?
+
+      response
+    end
+  end
+end
+

data/lib/clients/encryption.rb

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+
+# rubocop:disable Metrics/MethodLength
+# rubocop:disable Naming/MethodParameterName
+
+
+
+require 'json'
+require_relative '../extended_schemas/schemas'
+
+
+module InfisicalSDK
+  # Perform encryption
+  class EncryptionClient
+    def initialize(command_runner)
+      @command_runner = command_runner
+    end
+
+    def encrypt_symmetric(data:, key:)
+      response = run_command(encrypt_symmetric: EncryptSymmetricOptions.new(
+        key: key,
+        plaintext: data,
+      ))
+
+      encrypt_response = ResponseForEncryptSymmetricResponse.from_json!(response).to_dynamic
+      error_handler(encrypt_response)
+
+
+      encrypt_response['data']
+    end
+
+    def decrypt_symmetric(
+      ciphertext:,
+      iv:,
+      tag:,
+      key:
+    )
+
+      response = run_command(decrypt_symmetric: DecryptSymmetricOptions.new(
+        ciphertext: ciphertext,
+        iv: iv,
+        tag: tag,
+        key: key
+      ))
+
+      decrypt_response = ResponseForDecryptSymmetricResponse.from_json!(response).to_dynamic
+      error_handler(decrypt_response)
+
+      decrypt_response['data']['decrypted']
+    end
+
+    def create_symmetric_key
+      response = run_command(create_symmetric_key: ArbitraryOptions.new(
+        data: ''
+      ))
+
+      key_response = ResponseForCreateSymmetricKeyResponse.from_json!(response).to_dynamic
+      error_handler(key_response)
+
+      key_response['data']['key']
+    end
+
+    private
+
+    def error_handler(response)
+
+      # If the response is successful, we return without raising errors.
+      if response.key?('success') && response['success'] == true && response.key?('data')
+        return
+      end
+
+      if response['errorMessage']
+        raise InfisicalError, response['errorMessage'] if response.key?('errorMessage')
+      else
+        raise InfisicalError, 'Error while getting response'
+      end
+    end
+
+    def run_command(command)
+      response = @command_runner.run(InfisicalCommands.new(command))
+      raise InfisicalError, 'Error getting response' if response.nil?
+
+      response
+    end
+  end
+end
+
+# rubocop:enable Metrics/MethodLength
+# rubocop:enable Naming/MethodParameterName
+

data/lib/clients/secrets.rb

@@ -0,0 +1,169 @@
+# frozen_string_literal: true
+
+require 'json'
+
+require_relative '../extended_schemas/schemas'
+
+module InfisicalSDK
+  # Manage Infisical secrets.
+  class SecretsClient
+    def initialize(command_runner)
+      @command_runner = command_runner
+    end
+
+    # rubocop:disable Metrics/ParameterLists
+    # rubocop:disable Metrics/MethodLength
+    def get(
+      secret_name:,
+      project_id:,
+      environment:,
+      path: nil,
+      include_imports: nil,
+      type: nil
+    )
+
+      response = run_command(get_secret: GetSecretOptions.new(
+        secret_name: secret_name,
+        project_id: project_id,
+        environment: environment,
+        path: path,
+        include_imports: include_imports,
+        get_secret_options_type: type
+      ))
+
+      secrets_response = ResponseForGetSecretResponse.from_json!(response).to_dynamic
+      error_handler(secrets_response)
+
+
+      secrets_response['data']['secret']
+    end
+
+    def list(
+      project_id:,
+      environment:,
+      path: nil ,
+      attach_to_process_env: nil,
+      expand_secret_references: nil,
+      recursive: nil,
+      include_imports: nil
+    )
+      response = run_command(list_secrets: ListSecretsOptions.new(
+        project_id: project_id,
+        environment: environment,
+        path: path,
+        include_imports: include_imports,
+        recursive: recursive,
+        attach_to_process_env: attach_to_process_env,
+        expand_secret_references: expand_secret_references,
+      ))
+
+      secrets_response = ResponseForListSecretsResponse.from_json!(response).to_dynamic
+      error_handler(secrets_response)
+
+      secrets_response['data']['secrets']
+    end
+
+    def update(
+      secret_name:,
+      secret_value:,
+      project_id:,
+      environment:,
+      path: nil,
+      skip_multiline_encoding: nil,
+      type: nil
+    )
+      response = run_command(update_secret: UpdateSecretOptions.new(
+        secret_name: secret_name,
+        secret_value: secret_value,
+        project_id: project_id,
+        environment: environment,
+        path: path,
+        skip_multiline_encoding: skip_multiline_encoding,
+        update_secret_options_type: type
+      ))
+
+      secrets_response = ResponseForUpdateSecretResponse.from_json!(response).to_dynamic
+      error_handler(secrets_response)
+
+
+      secrets_response['data']['secret']
+    end
+
+    def create(
+      secret_name:,
+      secret_value:,
+      project_id:,
+      environment:,
+      secret_comment: nil,
+      path: nil,
+      skip_multiline_encoding: nil,
+      type: nil
+
+    )
+
+      response = run_command(create_secret: CreateSecretOptions.new(
+        secret_name: secret_name,
+        secret_value: secret_value,
+        secret_comment: secret_comment,
+        project_id: project_id,
+        environment: environment,
+        skip_multiline_encoding: skip_multiline_encoding,
+        path: path,
+        create_secret_options_type: type
+      ))
+
+      secrets_response = ResponseForCreateSecretResponse.from_json!(response).to_dynamic
+      error_handler(secrets_response)
+
+
+      secrets_response['data']['secret']
+    end
+
+    def delete(
+      secret_name:,
+      project_id:,
+      environment:,
+      path: nil,
+      type: nil
+    )
+      response = run_command(delete_secret: DeleteSecretOptions.new(
+        secret_name: secret_name,
+        project_id: project_id,
+        environment: environment,
+        path: path,
+        delete_secret_options_type: type
+      ))
+
+      secrets_response = ResponseForDeleteSecretResponse.from_json!(response).to_dynamic
+      error_handler(secrets_response)
+
+      secrets_response['data']['secret']
+    end
+
+    private
+
+    def error_handler(response)
+
+      # If the response is successful, we return without raising errors.
+      if response.key?('success') && response['success'] == true && response.key?('data')
+        return
+      end
+
+      if response['errorMessage']
+        raise InfisicalError, response['errorMessage'] if response.key?('errorMessage')
+      else
+        raise InfisicalError, 'Error while getting response'
+      end
+    end
+
+    def run_command(command)
+      response = @command_runner.run(InfisicalCommands.new(command))
+      raise InfisicalError, 'Error getting response' if response.nil?
+
+      response
+    end
+  end
+end
+
+# rubocop:enable Metrics/ParameterLists
+# rubocop:enable Metrics/MethodLength

data/lib/command_runner.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module InfisicalSDK
+  # Run base SDK commands
+  class CommandRunner
+    def initialize(infisical_sdk, handle)
+      @infisical_sdk = infisical_sdk
+      @handle = handle
+    end
+
+    # @param [Dry-Struct] cmd
+    def run(cmd)
+      @infisical_sdk.run_command(cmd.to_json, @handle)
+    end
+  end
+end

data/lib/infisical-sdk.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'dry-types'
+
+require_relative 'schemas'
+require_relative 'extended_schemas/schemas'
+require_relative 'infisical_lib'
+require_relative 'infisical_error'
+require_relative 'command_runner'
+require_relative 'clients/secrets'
+require_relative 'clients/auth'
+require_relative 'clients/encryption'
+
+module InfisicalSDK
+  class InfisicalClient
+    attr_reader :infisical, :command_runner, :secrets, :auth, :encryption
+
+    def initialize(site_url = nil, cache_ttl = 300)
+      settings = ClientSettings.new(
+        # We preset these values or we'll get type validation errors (thanks Quicktype!)
+        access_token: nil,
+        client_secret: nil,
+        client_id: nil,
+        auth: nil,
+        user_agent: 'infisical-ruby-sdk',
+        cache_ttl: cache_ttl,
+        site_url: site_url
+      )
+
+
+      @infisical = InfisicalLib
+      @handle = @infisical.init(settings.to_dynamic.compact.to_json)
+      @command_runner = CommandRunner.new(@infisical, @handle)
+      @secrets = SecretsClient.new(@command_runner)
+      @auth = AuthClient.new(@command_runner)
+      @encryption = EncryptionClient.new(@command_runner)
+    end
+
+    def free_mem
+      @infisical.free_mem(@handle)
+    end
+  end
+end

data/lib/infisical_error.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module InfisicalSDK
+  # Infisical Error
+  class InfisicalError < StandardError
+    def initialize(message = 'Failed to get get response')
+      super(message)
+    end
+  end
+end

data/lib/infisical_lib.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require 'ffi'
+
+module InfisicalSDK
+  # C wrapper for Ruby SDK
+  module InfisicalLib
+    extend FFI::Library
+
+    def self.mac_with_intel?
+      `uname -m`.strip == 'x86_64'
+    end
+
+    def self.linux_arm64?
+      RUBY_PLATFORM.include?('linux') && %w[aarch64 arm64].any? { |arch| RUBY_PLATFORM.include?(arch) }
+    end
+
+    ffi_lib case RUBY_PLATFORM
+            when /darwin/
+              local_file = if mac_with_intel?
+                             File.expand_path('macos-x64/libinfisical_c.dylib', __dir__)
+                           else
+                             File.expand_path('macos-arm64/libinfisical_c.dylib', __dir__)
+                           end
+              File.exist?(local_file) ? local_file : File.expand_path('../../../../target/debug/libinfisical_c.dylib', __dir__)
+            when /linux/
+              local_file = if linux_arm64?
+                             File.expand_path('linux-arm64/libinfisical_c.so', __dir__)
+                           else
+                             File.expand_path('linux-x64/libinfisical_c.so', __dir__)
+                           end
+              File.exist?(local_file) ? local_file : File.expand_path('../../../../target/debug/libinfisical_c.so', __dir__)
+            when /mswin|mingw/
+              local_file = File.expand_path('windows-x64/infisical_c.dll', __dir__)
+              File.exist?(local_file) ? local_file : File.expand_path('../../../../target/debug/infisical_c.dll', __dir__)
+            else
+              raise "Unsupported platform: #{RUBY_PLATFORM}"
+            end
+
+    attach_function :init, [:string], :pointer
+    attach_function :run_command, %i[string pointer], :string
+    attach_function :free_mem, [:pointer], :void
+  end
+end