settings_reader-vault_resolver 0.5.0 → 0.6.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f3e683be3539c3e3fd46bf0de60c78f11c7aeda4bbc321246298ec19b068fa84
-  data.tar.gz: 80a0bae40ee7bef3f22ac77761685fa89a53eeb21311295590dea2378c2b0a9b
+  metadata.gz: 1a4f83916758232ddc5e3b36f6cc9ea25b813cd5bc69fb0f4a71d5b651a07ddf
+  data.tar.gz: baa1b66b38f6d2b41bcf11fcf230613740a67a6cf78d68db531ff6a5960f8b0f
 SHA512:
-  metadata.gz: 3c957e71f2730a18abe2b8a21e10d4fd93f1f0efcf779d7ca1f4cca791363a5bc5a2daeee83510b9a03b71045c7b8700957ce571ca5462355976e2fd203bd71a
-  data.tar.gz: ce4d399a56ec38e4bf39f87ecb759a0f5a77b7269f84de42a8d32b0ef477e25b38522513c03bcd92f60a47eeb43867a69af797a751f1e108ab071fb0f0a6cebf
+  metadata.gz: 3d44012714aed2cb366128221b4764c5b260ff6dadb0548de267b30663864f0c2bc0e0d5e6848576b2791672001fdb81c88f18846dcd6cad1b498fe009ee6c53
+  data.tar.gz: 05ffe659944dbc215264ad3097f64a54a481f9943c9b7cee500281af806246727df9292cf29c6a10481f6049bbf0d174d0ab5165b19b946999eb044bbc0bd088

data/.github/workflows/main.yml

@@ -63,24 +63,22 @@ jobs:
 
       - name: Start Dependencies
         run: |
-          docker-compose up -d
+          docker compose up -d
           echo "Waiting 15 seconds for initial configuraiton"
           sleep 15
 
       - name: Run specs
-        env:
-          COVERAGE: true
         run: bundle exec rspec
 
-      - name: Upload coverage
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        run: bash <(curl -s https://codecov.io/bash)
-
   release:
     runs-on: ubuntu-latest
     needs: build
-    if: github.event_name == 'release' && github.event.action == 'published'
+    # if: github.event_name == 'release' && github.event.action == 'published'
+
+    permissions:
+      # contents: write
+      id-token: write
+
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -90,19 +88,16 @@ jobs:
         with:
           ruby-version: 2.7
           bundler-cache: true
-      - name: Set up credentials
-        run: |
-          mkdir -p $HOME/.gem
-          touch $HOME/.gem/credentials
-          chmod 0600 $HOME/.gem/credentials
-          printf -- "---\n:rubygems_api_key: ${{secrets.RUBYGEMS_AUTH_TOKEN}}\n" > $HOME/.gem/credentials
 
-      - name: Get version
-        run: echo "${GITHUB_REF/refs\/tags\//}" > release.tag
+
+      # - name: Get version
+      #   run: echo "${GITHUB_REF/refs\/tags\//}" > release.tag
       - name: Set version
-        run: sed -i "s/0.0.0/$(<release.tag)/g" $(find . -name "version.rb")
+        run: sed -i "s/0.0.0/0.6.1/g" $(find . -name "version.rb")
+
+      - uses: rubygems/configure-rubygems-credentials@v1.0.0
 
       - name: Build gem
         run: gem build *.gemspec
       - name: Push gem
-        run: gem push *.gem
+        run: gem push *.gem

data/.rubocop.yml

@@ -1,7 +1,7 @@
 AllCops:
   NewCops: enable
   SuggestExtensions: false
-  TargetRubyVersion: 2.5
+  TargetRubyVersion: 2.7
 
 Gemspec/RequireMFA:
   Enabled: false

data/.simplecov

@@ -1,9 +1,7 @@
 if ENV['COVERAGE']
   require 'simplecov'
-  require 'codecov'
   SimpleCov.start do
     enable_coverage :branch
     primary_coverage :branch
-    formatter SimpleCov::Formatter::Codecov
   end
 end

data/.tool-versions

@@ -0,0 +1 @@
+ruby 3.3.8

data/Gemfile

@@ -3,7 +3,6 @@ source 'https://rubygems.org'
 # Specify your gem's dependencies in settings_reader-vault_resolver.gemspec
 gemspec
 
-gem 'codecov'
 gem 'rake'
 gem 'rspec'
 gem 'rubocop'

data/Gemfile.lock

@@ -9,22 +9,25 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    ast (2.4.2)
+    ast (2.4.3)
     aws-eventstream (1.2.0)
     aws-sigv4 (1.4.0)
       aws-eventstream (~> 1, >= 1.0.2)
-    codecov (0.6.0)
-      simplecov (>= 0.15, < 0.22)
     concurrent-ruby (1.1.9)
     diff-lcs (1.5.0)
     docile (1.4.0)
-    parallel (1.21.0)
-    parser (3.1.1.0)
+    json (2.13.2)
+    language_server-protocol (3.17.0.5)
+    lint_roller (1.1.0)
+    parallel (1.27.0)
+    parser (3.3.9.0)
       ast (~> 2.4.1)
+      racc
+    prism (1.4.0)
+    racc (1.8.1)
     rainbow (3.1.1)
     rake (13.0.6)
-    regexp_parser (2.2.1)
-    rexml (3.2.5)
+    regexp_parser (2.11.2)
     rspec (3.10.0)
       rspec-core (~> 3.10.0)
       rspec-expectations (~> 3.10.0)
@@ -38,20 +41,23 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
     rspec-support (3.10.3)
-    rubocop (1.25.1)
+    rubocop (1.80.2)
+      json (~> 2.3)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
       parallel (~> 1.10)
-      parser (>= 3.1.0.0)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
-      rexml
-      rubocop-ast (>= 1.15.1, < 2.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.46.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.16.0)
-      parser (>= 3.1.1.0)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.46.0)
+      parser (>= 3.3.7.2)
+      prism (~> 1.4)
     rubocop-rspec (1.32.0)
       rubocop (>= 0.60.0)
-    ruby-progressbar (1.11.0)
+    ruby-progressbar (1.13.0)
     settings_reader (0.1.0)
     simplecov (0.21.2)
       docile (~> 1.1)
@@ -60,7 +66,9 @@ GEM
     simplecov-html (0.12.3)
     simplecov_json_formatter (0.1.4)
     timecop (0.9.4)
-    unicode-display_width (2.1.0)
+    unicode-display_width (3.2.0)
+      unicode-emoji (~> 4.1)
+    unicode-emoji (4.1.0)
     vault (0.16.0)
       aws-sigv4
 
@@ -68,7 +76,6 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  codecov
   rake
   rspec
   rubocop

data/lib/settings_reader/vault_resolver/configuration.rb

@@ -42,7 +42,11 @@ module SettingsReader
       # Default: empty proc
       attr_accessor :lease_not_found_handler
 
-      def initialize
+      # Whether to raise error or return nil when secret or attribute is missing
+      # Default: false
+      attr_accessor :raise_error_on_missing_secret
+
+      def initialize # rubocop:disable Metrics/MethodLength
         @logger = Logger.new($stdout, level: Logger::ERROR)
         @retriable_errors = [OpenSSL::SSL::SSLError, Vault::HTTPConnectionError]
         @retrieval_retries = 2
@@ -53,6 +57,7 @@ module SettingsReader
         @lease_renew_success_listener = ->(_result) {}
         @vault_initializer = -> {}
         @lease_not_found_handler = ->(_entry) {}
+        @raise_error_on_missing_secret = false
       end
 
       def setup_lease_refresher(cache, previous_task = nil)

data/lib/settings_reader/vault_resolver/engines/abstract.rb

@@ -16,9 +16,11 @@ module SettingsReader
         end
 
         def get(address)
-          return unless (vault_secret = get_and_retry_auth(address))
+          vault_secret = get_and_retry_auth(address)
+          entry = wrap_secret(address, vault_secret) if vault_secret
+          validate_secret!(entry, address) if config.raise_error_on_missing_secret
 
-          wrap_secret(address, vault_secret)
+          entry
         rescue Vault::VaultError => e
           raise SettingsReader::VaultResolver::Error, e.message
         end
@@ -78,6 +80,14 @@ module SettingsReader
         def auth_error?(error)
           error.code == 403 || error.message =~ /token mac for token_version.*is incorrect/
         end
+
+        def validate_secret!(entry, address)
+          secret_value = entry&.value_for(address.attribute)
+          return if secret_value && !secret_value.empty?
+
+          raise SettingsReader::VaultResolver::Error,
+                "Secret not found at #{address}. Secret data: #{entry&.secret&.to_h}"
+        end
       end
     end
   end

data/lib/settings_reader/vault_resolver/instance.rb

@@ -7,7 +7,6 @@ module SettingsReader
       include Logging
 
       IDENTIFIER = 'vault://'.freeze
-      DATABASE_MOUNT = 'database'.freeze
 
       attr_reader :config
 
@@ -22,7 +21,7 @@ module SettingsReader
         value.start_with?(IDENTIFIER)
       end
 
-      # Expect value in format `vault://mount/path/to/secret?attribute_name`
+      # Expect value in format `vault://mount/path/to/secret#attribute_name`
       def resolve(value, _path)
         debug { "Resolving Vault secret at #{value}" }
         address = SettingsReader::VaultResolver::Address.new(value)

data/lib/settings_reader/vault_resolver/version.rb

@@ -1,5 +1,5 @@
 module SettingsReader
   module VaultResolver
-    VERSION = '0.5.0'.freeze
+    VERSION = '0.6.1'.freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: settings_reader-vault_resolver
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.1
 platform: ruby
 authors:
 - Volodymyr Mykhailyk
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-01-22 00:00:00.000000000 Z
+date: 2025-09-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby
@@ -68,6 +68,7 @@ files:
 - ".rspec"
 - ".rubocop.yml"
 - ".simplecov"
+- ".tool-versions"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
@@ -77,7 +78,6 @@ files:
 - Rakefile
 - bin/console
 - bin/setup
-- codecov.yml
 - docker-compose.yml
 - lib/settings_reader/vault_resolver.rb
 - lib/settings_reader/vault_resolver/address.rb
@@ -104,7 +104,7 @@ metadata:
   homepage_uri: https://github.com/matic-insurance/settings_reader-vault_resolver
   source_code_uri: https://github.com/matic-insurance/settings_reader-vault_resolver
   changelog_uri: https://github.com/matic-insurance/settings_reader-vault_resolver/blob/master/CHANGELOG.md
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -120,7 +120,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.1.6
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Settings Reader plugin to resolve values using in Hashicorp Vault
 test_files: []

data/codecov.yml

@@ -1,12 +0,0 @@
-codecov:
-  require_ci_to_pass: yes
-
-coverage:
-  precision: 2
-  round: up
-  range: "90...100"
-
-ignore:
-  - "spec"
-  - "bin"
-  - "local"