vault 0.16.0 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 46c570463a1aba190e789e5b2516b4140d48961611ff058235d3b9744e6a6b24
4
- data.tar.gz: c84a96cf71d9f405281f56629e0fb68a6ce051740ea46da60e35cabf37d8b44e
3
+ metadata.gz: 9cd81591af963bbdfe3d167fa31b00a9d503e3ad0dfcdf242cadce97ddc19281
4
+ data.tar.gz: de55b77ff05e80aeecf8f648d66916d9662605083fbfc0c36222368f85de0a2a
5
5
  SHA512:
6
- metadata.gz: 98a20e963ec212e2269d1c28b581c24b356495789b4b37b20ebcb829c17904b518fc32f9cd2dadfcd59b957361410e7aa61f88e7ad419d72533d0ac1bd0ec68d
7
- data.tar.gz: 35f0126a7e7ba6173662222a9006cd02bc2f78d6d674533546b68ad87420f99b1e26f1f160058b2a051c36a5faac219921ab24191f9165212ddc8f15c440e0a6
6
+ metadata.gz: 0e0fa430df19981f84399ea639c69bb503d4f553bbd943b32bb0cb58ccf74f1f75f1d7c9558de92da372cf9f4d6e2dcd9b40f7a311956ee1c29310ee2701e5aa
7
+ data.tar.gz: 67395eb83e5586ef4232fac94ca5be1c9e408c3592a0fcfc26ee4cae1e81c0017b9a8e96ad39b24a256e61712b1ea001e9ab645ea79fabe918fdf0d377e58f89
data/CHANGELOG.md CHANGED
@@ -1,6 +1,14 @@
1
1
  # Vault Ruby Changelog
2
2
 
3
- ## v0.16.0 (??? ??, 2021)
3
+ ## v?.??.? (Unreleased)
4
+
5
+ ## v0.17.0 (May 11, 2022)
6
+
7
+ IMPROVEMENTS
8
+
9
+ - Added MissingRequiredStateErr error type to refer to 412s returned by Vault 1.10 when the WAL index on the node does not match the index in the Server-Side Consistent Token. This error type can be passed as a parameter to `#with_retries`, and will also be retried automatically when `#with_retries` is used with no parameters.
10
+
11
+ ## v0.16.0 (March 17, 2021)
4
12
 
5
13
  IMPROVEMENTS
6
14
 
@@ -286,12 +286,17 @@ module Vault
286
286
  # @param [String] path (default: 'cert')
287
287
  # The path to the auth backend to use for the login procedure.
288
288
  #
289
+ # @param [String] name optional
290
+ # The named certificate role provided to the login request.
291
+ #
289
292
  # @return [Secret]
290
- def tls(pem = nil, path = 'cert')
293
+ def tls(pem = nil, path = 'cert', name: nil)
291
294
  new_client = client.dup
292
295
  new_client.ssl_pem_contents = pem if !pem.nil?
293
296
 
294
- json = new_client.post("/v1/auth/#{CGI.escape(path)}/login")
297
+ opts = {}
298
+ opts[:name] = name if name
299
+ json = new_client.post("/v1/auth/#{CGI.escape(path)}/login", opts)
295
300
  secret = Secret.decode(json)
296
301
  client.token = secret.auth.client_token
297
302
  return secret
@@ -23,6 +23,48 @@ module Vault
23
23
  field :options
24
24
  end
25
25
 
26
+ class MountTune < Response
27
+ # @!attribute [r] description
28
+ # Specifies the description of the mount.
29
+ # @return [String]
30
+ field :description
31
+
32
+ # @!attribute [r] default_lease_ttl
33
+ # Specifies the default time-to-live.
34
+ # @return [Fixnum]
35
+ field :default_lease_ttl
36
+
37
+ # @!attribute [r] max_lease_ttl
38
+ # Specifies the maximum time-to-live.
39
+ # @return [Fixnum]
40
+ field :max_lease_ttl
41
+
42
+ # @!attribute [r] audit_non_hmac_request_keys
43
+ # Specifies the comma-separated list of keys that will not be HMAC'd by audit devices in the request data object.
44
+ # @return [Array<String>]
45
+ field :audit_non_hmac_request_keys
46
+
47
+ # @!attribute [r] audit_non_hmac_response_keys
48
+ # Specifies the comma-separated list of keys that will not be HMAC'd by audit devices in the response data object.
49
+ # @return [Array<String>]
50
+ field :audit_non_hmac_response_keys
51
+
52
+ # @!attribute [r] listing_visibility
53
+ # Specifies whether to show this mount in the UI-specific listing endpoint.
54
+ # @return [String]
55
+ field :listing_visibility
56
+
57
+ # @!attribute [r] passthrough_request_headers
58
+ # Comma-separated list of headers to whitelist and pass from the request to the plugin.
59
+ # @return [Array<String>]
60
+ field :passthrough_request_headers
61
+
62
+ # @!attribute [r] allowed_response_headers
63
+ # Comma-separated list of headers to whitelist, allowing a plugin to include them in the response.
64
+ # @return [Array<String>]
65
+ field :allowed_response_headers
66
+ end
67
+
26
68
  class Sys < Request
27
69
  # List all mounts in the vault.
28
70
  #
@@ -57,6 +99,18 @@ module Vault
57
99
  return true
58
100
  end
59
101
 
102
+ # Get the mount tunings at a given path.
103
+ #
104
+ # @example
105
+ # Vault.sys.get_mount_tune("pki") #=> { :pki => #<struct Vault::MountTune default_lease_ttl=2764800> }
106
+ #
107
+ # @return [MountTune]
108
+ def get_mount_tune(path)
109
+ json = client.get("/v1/sys/mounts/#{encode_path(path)}/tune")
110
+ json = json[:data] if json[:data]
111
+ return MountTune.decode(json)
112
+ end
113
+
60
114
  # Tune a mount at the given path.
61
115
  #
62
116
  # @example
data/lib/vault/client.rb CHANGED
@@ -392,6 +392,8 @@ module Vault
392
392
 
393
393
  # Use the correct exception class
394
394
  case response
395
+ when Net::HTTPPreconditionFailed
396
+ raise MissingRequiredStateError.new
395
397
  when Net::HTTPClientError
396
398
  klass = HTTPClientError
397
399
  when Net::HTTPServerError
@@ -35,7 +35,7 @@ module Vault
35
35
 
36
36
  # The set of exceptions that are detect and retried by default
37
37
  # with `with_retries`
38
- RETRIED_EXCEPTIONS = [HTTPServerError]
38
+ RETRIED_EXCEPTIONS = [HTTPServerError, MissingRequiredStateError]
39
39
 
40
40
  class << self
41
41
  # The list of calculated options for this configurable.
data/lib/vault/errors.rb CHANGED
@@ -22,6 +22,18 @@ EOH
22
22
  end
23
23
  end
24
24
 
25
+ class MissingRequiredStateError < VaultError
26
+ def initialize
27
+ super <<-EOH
28
+ The performance standby node does not yet have the
29
+ most recent index state required to authenticate
30
+ the request.
31
+
32
+ Generally, the request should be retried with the with_retries clause.
33
+ EOH
34
+ end
35
+ end
36
+
25
37
  class HTTPConnectionError < VaultError
26
38
  attr_reader :address
27
39
 
data/lib/vault/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Vault
2
- VERSION = "0.16.0"
2
+ VERSION = "0.17.0"
3
3
  end
data/lib/vault.rb CHANGED
@@ -18,12 +18,13 @@ module Vault
18
18
  @client = Vault::Client.new
19
19
 
20
20
  # Set secure SSL options
21
- OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options].tap do |opts|
22
- opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
23
- opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
24
- opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
25
- opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
21
+ OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.tap do |opts|
22
+ opts[:options] &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
23
+ opts[:options] |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
24
+ opts[:options] |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
25
+ opts[:options] |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
26
26
  end
27
+
27
28
 
28
29
  self
29
30
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.16.0
4
+ version: 0.17.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Seth Vargo
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-03-17 00:00:00.000000000 Z
11
+ date: 2022-05-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sigv4
@@ -179,7 +179,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
179
179
  - !ruby/object:Gem::Version
180
180
  version: '0'
181
181
  requirements: []
182
- rubygems_version: 3.2.3
182
+ rubygems_version: 3.2.32
183
183
  signing_key:
184
184
  specification_version: 4
185
185
  summary: Vault is a Ruby API client for interacting with a Vault server.