vault 0.10.0 → 0.16.0

data/lib/vault/api/transform/template.rb

@@ -0,0 +1,54 @@
+require_relative '../../request'
+require_relative '../../response'
+
+module Vault
+  class Transform < Request
+    class Template < Response
+      # @!attribute [r] alphabet
+      #   Name of the alphabet to be used in the template
+      #   @return [String]
+      field :alphabet
+
+      # @!attribute [r] pattern
+      #   Regex string to detect and match for the template
+      #   @return [String]
+      field :pattern
+
+      # @!attribute [r] type
+      #   Type of the template, currently, only "regex" is supported
+      #   @return [String]
+      field :type
+    end
+
+    def create_template(name, type:, pattern:, **opts)
+      opts ||= {}
+      opts[:type] = type
+      opts[:pattern] = pattern
+      client.post("/v1/transform/template/#{encode_path(name)}", JSON.fast_generate(opts))
+      return true
+    end
+
+    def get_template(name)
+      json = client.get("/v1/transform/template/#{encode_path(name)}")
+      if data = json.dig(:data)
+        Template.decode(data)
+      else
+        json
+      end
+    end
+
+    def delete_template(name)
+      client.delete("/v1/transform/template/#{encode_path(name)}")
+      true
+    end
+
+    def templates
+      json = client.list("/v1/transform/template")
+      if keys = json.dig(:data, :keys)
+        keys
+      else
+        json
+      end
+    end
+  end
+end

data/lib/vault/api/transform/transformation.rb

@@ -0,0 +1,61 @@
+require_relative '../../request'
+require_relative '../../response'
+
+module Vault
+  class Transform < Request
+    class Transformation < Response
+      # @!attribute [r] allowed_roles
+      #   Array of role names that are allowed to use this transformation
+      #   @return [Array<String>]
+      field :allowed_roles
+
+      # @!attribute [r] templates
+      #   Array of template names accessible to this transformation
+      #   @return [Array<String>]
+      field :templates
+
+      # @!attribute [r] tweak_source
+      #   String representing how a tweak is provided for this transformation.
+      #   Available tweaks are "supplied", "generated", and "internal"
+      #   @return [String]
+      field :tweak_source
+
+      # @!attribute [r] type
+      #   String representing the type of transformation this is.
+      #   Available types are "fpe", and "masking"
+      #   @return [String]
+      field :type
+    end
+
+    def create_transformation(name, type:, template:, **opts)
+      opts ||= {}
+      opts[:type] = type
+      opts[:template] = template
+      client.post("/v1/transform/transformation/#{encode_path(name)}", JSON.fast_generate(opts))
+      return true
+    end
+
+    def get_transformation(name)
+      json = client.get("/v1/transform/transformation/#{encode_path(name)}")
+      if data = json.dig(:data)
+        Transformation.decode(data)
+      else
+        json
+      end
+    end
+
+    def delete_transformation(name)
+      client.delete("/v1/transform/transformation/#{encode_path(name)}")
+      true
+    end
+
+    def transformations
+      json = client.list("/v1/transform/transformation")
+      if keys = json.dig(:data, :keys)
+        keys
+      else
+        json
+      end
+    end
+  end
+end

data/lib/vault/client.rb

@@ -16,6 +16,9 @@ module Vault
     # The name of the header used to hold the Vault token.
     TOKEN_HEADER = "X-Vault-Token".freeze
 
+    # The name of the header used to hold the Namespace.
+    NAMESPACE_HEADER = "X-Vault-Namespace".freeze
+
     # The name of the header used to hold the wrapped request ttl.
     WRAP_TTL_HEADER = "X-Vault-Wrap-TTL".freeze
 
@@ -83,11 +86,7 @@ module Vault
       @lock.synchronize do
         return @nhp if @nhp
 
-        @nhp = PersistentHTTP.new("vault-ruby", nil, pool_size)
-
-        if hostname
-          @nhp.hostname = hostname
-        end
+        @nhp = PersistentHTTP.new("vault-ruby", nil, pool_size, pool_timeout)
 
         if proxy_address
           proxy_uri = URI.parse "http://#{proxy_address}"
@@ -158,6 +157,12 @@ module Vault
 
     private :pool
 
+    # Shutdown any open pool connections. Pool will be recreated upon next request.
+    def shutdown
+      @nhp.shutdown()
+      @nhp = nil
+    end
+
     # Creates and yields a new client object with the given token. This may be
     # used safely in a threadsafe manner because the original client remains
     # unchanged. The value of the block is returned.
@@ -236,6 +241,9 @@ module Vault
       # Build the URI and request object from the given information
       uri = build_uri(verb, path, data)
       request = class_for_request(verb).new(uri.request_uri)
+      if uri.userinfo()
+        request.basic_auth uri.user, uri.password
+      end
 
       if proxy_address and uri.scheme.downcase == "https"
         raise SecurityError, "no direct https connection to vault"
@@ -250,6 +258,12 @@ module Vault
         headers[TOKEN_HEADER] ||= token
       end
 
+      # Add the Vault Namespace header - users could still override this on a
+      # per-request basis
+      if !namespace.nil?
+        headers[NAMESPACE_HEADER] ||= namespace
+      end
+
       # Add headers
       headers.each do |key, value|
         request.add_field(key, value)

data/lib/vault/configurable.rb

@@ -7,12 +7,14 @@ module Vault
         :address,
         :token,
         :hostname,
+        :namespace,
         :open_timeout,
         :proxy_address,
         :proxy_password,
         :proxy_port,
         :proxy_username,
         :pool_size,
+        :pool_timeout,
         :read_timeout,
         :ssl_ciphers,
         :ssl_pem_contents,

data/lib/vault/defaults.rb

@@ -1,4 +1,5 @@
 require "pathname"
+require "base64"
 
 module Vault
   module Defaults
@@ -29,6 +30,9 @@ module Vault
     # The default size of the connection pool
     DEFAULT_POOL_SIZE = 16
 
+    # The default timeout in seconds for retrieving a connection from the connection pool
+    DEFAULT_POOL_TIMEOUT = 0.5
+
     # The set of exceptions that are detect and retried by default
     # with `with_retries`
     RETRIED_EXCEPTIONS = [HTTPServerError]
@@ -60,6 +64,13 @@ module Vault
         nil
       end
 
+
+      # Vault Namespace, if any.
+      # @return [String, nil]
+      def namespace
+        ENV["VAULT_NAMESPACE"]
+      end
+
       # The SNI host to use when connecting to Vault via TLS.
       # @return [String, nil]
       def hostname
@@ -77,12 +88,22 @@ module Vault
       # @return Integer
       def pool_size
         if var = ENV["VAULT_POOL_SIZE"]
-          return var.to_i
+          var.to_i
         else
           DEFAULT_POOL_SIZE
         end
       end
 
+      # The timeout for getting a connection from the connection pool that communicates with Vault
+      # @return Float
+      def pool_timeout
+        if var = ENV["VAULT_POOL_TIMEOUT"]
+          var.to_f
+        else
+          DEFAULT_POOL_TIMEOUT
+        end
+      end
+
       # The HTTP Proxy server address as a string
       # @return [String, nil]
       def proxy_address
@@ -126,7 +147,11 @@ module Vault
       # the value for {#ssl_pem_file}, if set.
       # @return [String, nil]
       def ssl_pem_contents
-        ENV["VAULT_SSL_PEM_CONTENTS"]
+        if ENV["VAULT_SSL_PEM_CONTENTS_BASE64"]
+          Base64.decode64(ENV["VAULT_SSL_PEM_CONTENTS_BASE64"])
+        else
+          ENV["VAULT_SSL_PEM_CONTENTS"]
+        end
       end
 
       # The path to a pem on disk to use with custom SSL verification

data/lib/vault/persistent.rb

@@ -202,11 +202,6 @@ class PersistentHTTP
 
   HAVE_OPENSSL = defined? OpenSSL::SSL # :nodoc:
 
-  ##
-  # The default connection pool size is 1/4 the allowed open files.
-
-  DEFAULT_POOL_SIZE = 16
-
   ##
   # The version of PersistentHTTP you are using
 
@@ -505,7 +500,7 @@ class PersistentHTTP
   # Defaults to 1/4 the number of allowed file handles.  You can have no more
   # than this many threads with active HTTP transactions.
 
-  def initialize name=nil, proxy=nil, pool_size=DEFAULT_POOL_SIZE
+  def initialize name=nil, proxy=nil, pool_size=Vault::Defaults::DEFAULT_POOL_SIZE, pool_timeout=Vault::Defaults::DEFAULT_POOL_TIMEOUT
     @name = name
 
     @debug_output     = nil
@@ -525,7 +520,7 @@ class PersistentHTTP
     @socket_options << [Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1] if
       Socket.const_defined? :TCP_NODELAY
 
-    @pool = PersistentHTTP::Pool.new size: pool_size do |http_args|
+    @pool = PersistentHTTP::Pool.new size: pool_size, timeout: pool_timeout do |http_args|
       PersistentHTTP::Connection.new Net::HTTP, http_args, @ssl_generation
     end
 

data/lib/vault/persistent/pool.rb

@@ -31,7 +31,7 @@ class PersistentHTTP::Pool < Vault::ConnectionPool # :nodoc:
     stack  = stacks[net_http_args]
 
     if stack.empty? then
-      conn = @available.pop connection_args: net_http_args
+      conn = @available.pop @timeout, connection_args: net_http_args
     else
       conn = stack.last
     end

data/lib/vault/request.rb

@@ -29,6 +29,7 @@ module Vault
     def extract_headers!(options = {})
       extract = {
         wrap_ttl: Vault::Client::WRAP_TTL_HEADER,
+        namespace: Vault::Client::NAMESPACE_HEADER,
       }
 
       {}.tap do |h|

data/lib/vault/version.rb

@@ -1,3 +1,3 @@
 module Vault
-  VERSION = "0.10.0"
+  VERSION = "0.16.0"
 end

metadata

@@ -1,43 +1,57 @@
 --- !ruby/object:Gem::Specification
 name: vault
 version: !ruby/object:Gem::Version
-  version: 0.10.0
+  version: 0.16.0
 platform: ruby
 authors:
 - Seth Vargo
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-04-19 00:00:00.000000000 Z
+date: 2021-03-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :development
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.13.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.13.1
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -70,30 +84,30 @@ dependencies:
   name: yard
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.9.24
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.9.24
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: 3.8.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: 3.8.3
 description: Vault is a Ruby API client for interacting with a Vault server.
 email:
 - sethvargo@gmail.com
@@ -101,14 +115,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- ".rspec"
-- ".travis.yml"
 - CHANGELOG.md
-- Gemfile
 - LICENSE
 - README.md
-- Rakefile
 - lib/vault.rb
 - lib/vault/api.rb
 - lib/vault/api/approle.rb
@@ -116,17 +125,26 @@ files:
 - lib/vault/api/auth_tls.rb
 - lib/vault/api/auth_token.rb
 - lib/vault/api/help.rb
+- lib/vault/api/kv.rb
 - lib/vault/api/logical.rb
 - lib/vault/api/secret.rb
 - lib/vault/api/sys.rb
 - lib/vault/api/sys/audit.rb
 - lib/vault/api/sys/auth.rb
+- lib/vault/api/sys/health.rb
 - lib/vault/api/sys/init.rb
 - lib/vault/api/sys/leader.rb
 - lib/vault/api/sys/lease.rb
 - lib/vault/api/sys/mount.rb
+- lib/vault/api/sys/namespace.rb
 - lib/vault/api/sys/policy.rb
+- lib/vault/api/sys/quota.rb
 - lib/vault/api/sys/seal.rb
+- lib/vault/api/transform.rb
+- lib/vault/api/transform/alphabet.rb
+- lib/vault/api/transform/role.rb
+- lib/vault/api/transform/template.rb
+- lib/vault/api/transform/transformation.rb
 - lib/vault/client.rb
 - lib/vault/configurable.rb
 - lib/vault/defaults.rb
@@ -142,10 +160,9 @@ files:
 - lib/vault/vendor/connection_pool/timed_stack.rb
 - lib/vault/vendor/connection_pool/version.rb
 - lib/vault/version.rb
-- vault.gemspec
 homepage: https://github.com/hashicorp/vault-ruby
 licenses:
-- MPLv2
+- MPL-2.0
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -155,15 +172,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 3.2.3
 signing_key: 
 specification_version: 4
 summary: Vault is a Ruby API client for interacting with a Vault server.