vault 0.1.4 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -0
- data/Gemfile.lock +1 -1
- data/lib/vault.rb +6 -4
- data/lib/vault/client.rb +12 -17
- data/lib/vault/configurable.rb +1 -0
- data/lib/vault/defaults.rb +1 -1
- data/lib/vault/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8070f5204dc7fb565bfd50f5ba081fcd43b871ee
|
|
4
|
+
data.tar.gz: ee1b072bdf2cf41a886b35fcb765337bdb18b260
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a4ef3702182f75b6d33b48be4d93f3bb8c0ea66920bc9b63cbaa46be9983a934c2611728fef80260d591293d87b941a07904d5add95f65feebd9847efc8125d0
|
|
7
|
+
data.tar.gz: dbb8386139effe9ba92a6803e7f20074a0a1ae92fe527d113113f9d6f95495465ac4ab190e13ae6ff944ffc09f480ff251904cf1e9edaa274bb715a3908746ca
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,16 @@
|
|
|
1
1
|
# Vault Ruby Changelog
|
|
2
2
|
|
|
3
|
+
## v0.1.5 (September 1, 2015)
|
|
4
|
+
|
|
5
|
+
IMPROVEMENTS
|
|
6
|
+
|
|
7
|
+
- Use headers instead of cookies for authenticating to Vault [GH-36]
|
|
8
|
+
|
|
9
|
+
BUG FIXES
|
|
10
|
+
|
|
11
|
+
- Do not set undefined OpenSSL options
|
|
12
|
+
- Add `ssl_pem_passphrase` as a configuration option [GH-35]
|
|
13
|
+
|
|
3
14
|
## v0.1.4 (August 15, 2015)
|
|
4
15
|
|
|
5
16
|
IMPROVEMENTS
|
data/Gemfile.lock
CHANGED
data/lib/vault.rb
CHANGED
|
@@ -18,10 +18,12 @@ module Vault
|
|
|
18
18
|
@client = Vault::Client.new
|
|
19
19
|
|
|
20
20
|
# Set secure SSL options
|
|
21
|
-
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options]
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
21
|
+
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options].tap do |opts|
|
|
22
|
+
opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
|
|
23
|
+
opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
|
|
24
|
+
opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
|
|
25
|
+
opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
|
|
26
|
+
end
|
|
25
27
|
|
|
26
28
|
self
|
|
27
29
|
end
|
data/lib/vault/client.rb
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
require "cgi"
|
|
2
|
-
require "cgi/cookie"
|
|
3
2
|
require "json"
|
|
4
3
|
require "net/http"
|
|
5
4
|
require "net/https"
|
|
@@ -14,6 +13,9 @@ module Vault
|
|
|
14
13
|
# The user agent for this client.
|
|
15
14
|
USER_AGENT = "VaultRuby/#{Vault::VERSION} (+github.com/hashicorp/vault-ruby)".freeze
|
|
16
15
|
|
|
16
|
+
# The name of the header used to hold the Vault token.
|
|
17
|
+
TOKEN_HEADER = "X-Vault-Token".freeze
|
|
18
|
+
|
|
17
19
|
# The default headers that are sent with every request.
|
|
18
20
|
DEFAULT_HEADERS = {
|
|
19
21
|
"Content-Type" => "application/json",
|
|
@@ -121,8 +123,16 @@ module Vault
|
|
|
121
123
|
uri = build_uri(verb, path, data)
|
|
122
124
|
request = class_for_request(verb).new(uri.request_uri)
|
|
123
125
|
|
|
124
|
-
#
|
|
126
|
+
# Get a list of headers
|
|
125
127
|
headers = DEFAULT_HEADERS.merge(headers)
|
|
128
|
+
|
|
129
|
+
# Add the Vault token header - users could still override this on a
|
|
130
|
+
# per-request basis
|
|
131
|
+
if !token.nil?
|
|
132
|
+
request.add_field(TOKEN_HEADER, token)
|
|
133
|
+
end
|
|
134
|
+
|
|
135
|
+
# Add headers
|
|
126
136
|
headers.each do |key, value|
|
|
127
137
|
request.add_field(key, value)
|
|
128
138
|
end
|
|
@@ -155,13 +165,6 @@ module Vault
|
|
|
155
165
|
connection.read_timeout = (read_timeout || timeout).to_i
|
|
156
166
|
end
|
|
157
167
|
|
|
158
|
-
# Create the cookie for the request.
|
|
159
|
-
cookie = CGI::Cookie.new
|
|
160
|
-
cookie.name = "token"
|
|
161
|
-
cookie.value = token
|
|
162
|
-
cookie.path = "/"
|
|
163
|
-
cookie.expires = Time.now + (60*60*24*365)
|
|
164
|
-
|
|
165
168
|
# Apply SSL, if applicable
|
|
166
169
|
if uri.scheme == "https"
|
|
167
170
|
# Turn on SSL
|
|
@@ -173,9 +176,6 @@ module Vault
|
|
|
173
176
|
# Only use secure ciphers
|
|
174
177
|
connection.ciphers = ssl_ciphers
|
|
175
178
|
|
|
176
|
-
# Turn on secure cookies
|
|
177
|
-
cookie.secure = true
|
|
178
|
-
|
|
179
179
|
# Custom pem files, no problem!
|
|
180
180
|
if ssl_pem_file
|
|
181
181
|
pem = File.read(ssl_pem_file)
|
|
@@ -206,11 +206,6 @@ module Vault
|
|
|
206
206
|
end
|
|
207
207
|
end
|
|
208
208
|
|
|
209
|
-
# Add the cookie to the request if a token was given.
|
|
210
|
-
if !token.nil?
|
|
211
|
-
request["Cookie"] = cookie.to_s
|
|
212
|
-
end
|
|
213
|
-
|
|
214
209
|
begin
|
|
215
210
|
# Create a connection using the block form, which will ensure the socket
|
|
216
211
|
# is properly closed in the event of an error.
|
data/lib/vault/configurable.rb
CHANGED
data/lib/vault/defaults.rb
CHANGED
|
@@ -89,7 +89,7 @@ module Vault
|
|
|
89
89
|
ENV["VAULT_SSL_CERT"]
|
|
90
90
|
end
|
|
91
91
|
|
|
92
|
-
#
|
|
92
|
+
# Passphrase to the pem file on disk to use with custom SSL verification
|
|
93
93
|
# @return [String, nil]
|
|
94
94
|
def ssl_pem_passphrase
|
|
95
95
|
ENV["VAULT_SSL_CERT_PASSPHRASE"]
|
data/lib/vault/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: vault
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Seth Vargo
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-09-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|