legion-crypt 1.4.26 → 1.4.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -0
- data/lib/legion/crypt/helper.rb +2 -2
- data/lib/legion/crypt/vault.rb +30 -20
- data/lib/legion/crypt/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '082f74f156f2cbf27b9905d81276292945c3ca03c8cc47608cd60bc9f8c9c303'
|
|
4
|
+
data.tar.gz: a10a0f6d3afa1f6a9acc0a9e66c48e9ae4576ae8921409a8d7c52a14433f1953
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 86f52e9d2a8d91d6aacc0639771e494085d0c5c1022a33797873ff7a4dd1029a54809b27eaa2f577183b565b912641b094bc93163bf45424b8a298631112c7c3
|
|
7
|
+
data.tar.gz: f5422d69c6264f2b291d6fe333724cebb3d798626a815b7f19e4ee2e5ca2f5b7d03d84838153dce99970a7899af8c9cf133db2b194730b39fdd6c9b5683eaedb
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,16 @@
|
|
|
1
1
|
# Legion::Crypt
|
|
2
2
|
|
|
3
|
+
## [1.4.28] - 2026-03-31
|
|
4
|
+
|
|
5
|
+
### Fixed
|
|
6
|
+
- `Helper#vault_write` now accepts keyword args (`**data`) and splats to `Crypt.write`, fixing `ArgumentError` on Ruby 3.4 when writing to Vault KV
|
|
7
|
+
|
|
8
|
+
## [1.4.27] - 2026-03-31
|
|
9
|
+
|
|
10
|
+
### Fixed
|
|
11
|
+
- `connect_vault` now sets `::Vault.namespace` from `vault_namespace` setting, fixing 403 errors for non-cluster Vault connections in namespaced environments
|
|
12
|
+
- Extracted `resolve_vault_address` and `log_vault_connection_error` to reduce `connect_vault` complexity
|
|
13
|
+
|
|
3
14
|
## [1.4.26] - 2026-03-28
|
|
4
15
|
|
|
5
16
|
### Fixed
|
data/lib/legion/crypt/helper.rb
CHANGED
|
@@ -11,8 +11,8 @@ module Legion
|
|
|
11
11
|
Legion::Crypt.get(vault_path(path))
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
-
def vault_write(path, data)
|
|
15
|
-
Legion::Crypt.write(vault_path(path), data)
|
|
14
|
+
def vault_write(path, **data)
|
|
15
|
+
Legion::Crypt.write(vault_path(path), **data)
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
def vault_exist?(path = nil)
|
data/lib/legion/crypt/vault.rb
CHANGED
|
@@ -15,35 +15,20 @@ module Legion
|
|
|
15
15
|
def connect_vault
|
|
16
16
|
@sessions = []
|
|
17
17
|
vault_settings = Legion::Settings[:crypt][:vault]
|
|
18
|
-
|
|
19
|
-
address = vault_settings[:address] || 'localhost'
|
|
20
|
-
port = vault_settings[:port] || 8200
|
|
21
|
-
|
|
22
|
-
if address.match?(%r{\Ahttps?://})
|
|
23
|
-
uri = URI.parse(address)
|
|
24
|
-
protocol = uri.scheme
|
|
25
|
-
address = uri.host
|
|
26
|
-
port = uri.port if vault_settings[:port].nil?
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
::Vault.address = "#{protocol}://#{address}:#{port}"
|
|
18
|
+
::Vault.address = resolve_vault_address(vault_settings)
|
|
30
19
|
|
|
31
20
|
Legion::Settings[:crypt][:vault][:token] = ENV['VAULT_DEV_ROOT_TOKEN_ID'] if ENV.key? 'VAULT_DEV_ROOT_TOKEN_ID'
|
|
32
21
|
return nil if Legion::Settings[:crypt][:vault][:token].nil?
|
|
33
22
|
|
|
34
23
|
::Vault.token = Legion::Settings[:crypt][:vault][:token]
|
|
24
|
+
namespace = vault_settings[:vault_namespace]
|
|
25
|
+
::Vault.namespace = namespace if namespace
|
|
35
26
|
if vault_healthy?
|
|
36
27
|
Legion::Settings[:crypt][:vault][:connected] = true
|
|
37
|
-
Legion::Logging.info "Vault connected at #{::Vault.address}" if defined?(Legion::Logging)
|
|
28
|
+
Legion::Logging.info "Vault connected at #{::Vault.address} (namespace=#{namespace || 'none'})" if defined?(Legion::Logging)
|
|
38
29
|
end
|
|
39
30
|
rescue StandardError => e
|
|
40
|
-
|
|
41
|
-
Legion::Logging.log_exception(e, lex: 'crypt', component_type: :helper)
|
|
42
|
-
elsif defined?(Legion::Logging) && Legion::Logging.respond_to?(:error)
|
|
43
|
-
Legion::Logging.error "Vault connection failed: #{e.class}=#{e.message}\n#{Array(e.backtrace).first(10).join("\n")}"
|
|
44
|
-
else
|
|
45
|
-
warn "Vault connection failed: #{e.class}=#{e.message}"
|
|
46
|
-
end
|
|
31
|
+
log_vault_connection_error(e)
|
|
47
32
|
Legion::Settings[:crypt][:vault][:connected] = false
|
|
48
33
|
false
|
|
49
34
|
end
|
|
@@ -206,6 +191,31 @@ module Legion
|
|
|
206
191
|
data[:data]
|
|
207
192
|
end
|
|
208
193
|
|
|
194
|
+
def resolve_vault_address(vault_settings)
|
|
195
|
+
protocol = vault_settings[:protocol] || 'http'
|
|
196
|
+
address = vault_settings[:address] || 'localhost'
|
|
197
|
+
port = vault_settings[:port] || 8200
|
|
198
|
+
|
|
199
|
+
if address.match?(%r{\Ahttps?://})
|
|
200
|
+
uri = URI.parse(address)
|
|
201
|
+
protocol = uri.scheme
|
|
202
|
+
address = uri.host
|
|
203
|
+
port = uri.port if vault_settings[:port].nil?
|
|
204
|
+
end
|
|
205
|
+
|
|
206
|
+
"#{protocol}://#{address}:#{port}"
|
|
207
|
+
end
|
|
208
|
+
|
|
209
|
+
def log_vault_connection_error(error)
|
|
210
|
+
if defined?(Legion::Logging) && Legion::Logging.respond_to?(:log_exception)
|
|
211
|
+
Legion::Logging.log_exception(error, lex: 'crypt', component_type: :helper)
|
|
212
|
+
elsif defined?(Legion::Logging) && Legion::Logging.respond_to?(:error)
|
|
213
|
+
Legion::Logging.error "Vault connection failed: #{error.class}=#{error.message}\n#{Array(error.backtrace).first(10).join("\n")}"
|
|
214
|
+
else
|
|
215
|
+
warn "Vault connection failed: #{error.class}=#{error.message}"
|
|
216
|
+
end
|
|
217
|
+
end
|
|
218
|
+
|
|
209
219
|
def log_vault_debug(message)
|
|
210
220
|
Legion::Logging.debug(message) if defined?(Legion::Logging)
|
|
211
221
|
end
|
data/lib/legion/crypt/version.rb
CHANGED