vault 0.16.0 → 0.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -1
- data/lib/vault/api/auth.rb +7 -2
- data/lib/vault/api/sys/mount.rb +54 -0
- data/lib/vault/client.rb +2 -0
- data/lib/vault/defaults.rb +1 -1
- data/lib/vault/errors.rb +12 -0
- data/lib/vault/version.rb +1 -1
- data/lib/vault.rb +6 -5
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9cd81591af963bbdfe3d167fa31b00a9d503e3ad0dfcdf242cadce97ddc19281
|
4
|
+
data.tar.gz: de55b77ff05e80aeecf8f648d66916d9662605083fbfc0c36222368f85de0a2a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0e0fa430df19981f84399ea639c69bb503d4f553bbd943b32bb0cb58ccf74f1f75f1d7c9558de92da372cf9f4d6e2dcd9b40f7a311956ee1c29310ee2701e5aa
|
7
|
+
data.tar.gz: 67395eb83e5586ef4232fac94ca5be1c9e408c3592a0fcfc26ee4cae1e81c0017b9a8e96ad39b24a256e61712b1ea001e9ab645ea79fabe918fdf0d377e58f89
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,14 @@
|
|
1
1
|
# Vault Ruby Changelog
|
2
2
|
|
3
|
-
##
|
3
|
+
## v?.??.? (Unreleased)
|
4
|
+
|
5
|
+
## v0.17.0 (May 11, 2022)
|
6
|
+
|
7
|
+
IMPROVEMENTS
|
8
|
+
|
9
|
+
- Added MissingRequiredStateErr error type to refer to 412s returned by Vault 1.10 when the WAL index on the node does not match the index in the Server-Side Consistent Token. This error type can be passed as a parameter to `#with_retries`, and will also be retried automatically when `#with_retries` is used with no parameters.
|
10
|
+
|
11
|
+
## v0.16.0 (March 17, 2021)
|
4
12
|
|
5
13
|
IMPROVEMENTS
|
6
14
|
|
data/lib/vault/api/auth.rb
CHANGED
@@ -286,12 +286,17 @@ module Vault
|
|
286
286
|
# @param [String] path (default: 'cert')
|
287
287
|
# The path to the auth backend to use for the login procedure.
|
288
288
|
#
|
289
|
+
# @param [String] name optional
|
290
|
+
# The named certificate role provided to the login request.
|
291
|
+
#
|
289
292
|
# @return [Secret]
|
290
|
-
def tls(pem = nil, path = 'cert')
|
293
|
+
def tls(pem = nil, path = 'cert', name: nil)
|
291
294
|
new_client = client.dup
|
292
295
|
new_client.ssl_pem_contents = pem if !pem.nil?
|
293
296
|
|
294
|
-
|
297
|
+
opts = {}
|
298
|
+
opts[:name] = name if name
|
299
|
+
json = new_client.post("/v1/auth/#{CGI.escape(path)}/login", opts)
|
295
300
|
secret = Secret.decode(json)
|
296
301
|
client.token = secret.auth.client_token
|
297
302
|
return secret
|
data/lib/vault/api/sys/mount.rb
CHANGED
@@ -23,6 +23,48 @@ module Vault
|
|
23
23
|
field :options
|
24
24
|
end
|
25
25
|
|
26
|
+
class MountTune < Response
|
27
|
+
# @!attribute [r] description
|
28
|
+
# Specifies the description of the mount.
|
29
|
+
# @return [String]
|
30
|
+
field :description
|
31
|
+
|
32
|
+
# @!attribute [r] default_lease_ttl
|
33
|
+
# Specifies the default time-to-live.
|
34
|
+
# @return [Fixnum]
|
35
|
+
field :default_lease_ttl
|
36
|
+
|
37
|
+
# @!attribute [r] max_lease_ttl
|
38
|
+
# Specifies the maximum time-to-live.
|
39
|
+
# @return [Fixnum]
|
40
|
+
field :max_lease_ttl
|
41
|
+
|
42
|
+
# @!attribute [r] audit_non_hmac_request_keys
|
43
|
+
# Specifies the comma-separated list of keys that will not be HMAC'd by audit devices in the request data object.
|
44
|
+
# @return [Array<String>]
|
45
|
+
field :audit_non_hmac_request_keys
|
46
|
+
|
47
|
+
# @!attribute [r] audit_non_hmac_response_keys
|
48
|
+
# Specifies the comma-separated list of keys that will not be HMAC'd by audit devices in the response data object.
|
49
|
+
# @return [Array<String>]
|
50
|
+
field :audit_non_hmac_response_keys
|
51
|
+
|
52
|
+
# @!attribute [r] listing_visibility
|
53
|
+
# Specifies whether to show this mount in the UI-specific listing endpoint.
|
54
|
+
# @return [String]
|
55
|
+
field :listing_visibility
|
56
|
+
|
57
|
+
# @!attribute [r] passthrough_request_headers
|
58
|
+
# Comma-separated list of headers to whitelist and pass from the request to the plugin.
|
59
|
+
# @return [Array<String>]
|
60
|
+
field :passthrough_request_headers
|
61
|
+
|
62
|
+
# @!attribute [r] allowed_response_headers
|
63
|
+
# Comma-separated list of headers to whitelist, allowing a plugin to include them in the response.
|
64
|
+
# @return [Array<String>]
|
65
|
+
field :allowed_response_headers
|
66
|
+
end
|
67
|
+
|
26
68
|
class Sys < Request
|
27
69
|
# List all mounts in the vault.
|
28
70
|
#
|
@@ -57,6 +99,18 @@ module Vault
|
|
57
99
|
return true
|
58
100
|
end
|
59
101
|
|
102
|
+
# Get the mount tunings at a given path.
|
103
|
+
#
|
104
|
+
# @example
|
105
|
+
# Vault.sys.get_mount_tune("pki") #=> { :pki => #<struct Vault::MountTune default_lease_ttl=2764800> }
|
106
|
+
#
|
107
|
+
# @return [MountTune]
|
108
|
+
def get_mount_tune(path)
|
109
|
+
json = client.get("/v1/sys/mounts/#{encode_path(path)}/tune")
|
110
|
+
json = json[:data] if json[:data]
|
111
|
+
return MountTune.decode(json)
|
112
|
+
end
|
113
|
+
|
60
114
|
# Tune a mount at the given path.
|
61
115
|
#
|
62
116
|
# @example
|
data/lib/vault/client.rb
CHANGED
data/lib/vault/defaults.rb
CHANGED
@@ -35,7 +35,7 @@ module Vault
|
|
35
35
|
|
36
36
|
# The set of exceptions that are detect and retried by default
|
37
37
|
# with `with_retries`
|
38
|
-
RETRIED_EXCEPTIONS = [HTTPServerError]
|
38
|
+
RETRIED_EXCEPTIONS = [HTTPServerError, MissingRequiredStateError]
|
39
39
|
|
40
40
|
class << self
|
41
41
|
# The list of calculated options for this configurable.
|
data/lib/vault/errors.rb
CHANGED
@@ -22,6 +22,18 @@ EOH
|
|
22
22
|
end
|
23
23
|
end
|
24
24
|
|
25
|
+
class MissingRequiredStateError < VaultError
|
26
|
+
def initialize
|
27
|
+
super <<-EOH
|
28
|
+
The performance standby node does not yet have the
|
29
|
+
most recent index state required to authenticate
|
30
|
+
the request.
|
31
|
+
|
32
|
+
Generally, the request should be retried with the with_retries clause.
|
33
|
+
EOH
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
25
37
|
class HTTPConnectionError < VaultError
|
26
38
|
attr_reader :address
|
27
39
|
|
data/lib/vault/version.rb
CHANGED
data/lib/vault.rb
CHANGED
@@ -18,12 +18,13 @@ module Vault
|
|
18
18
|
@client = Vault::Client.new
|
19
19
|
|
20
20
|
# Set secure SSL options
|
21
|
-
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS
|
22
|
-
opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
|
23
|
-
opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
|
24
|
-
opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
|
25
|
-
opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
|
21
|
+
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.tap do |opts|
|
22
|
+
opts[:options] &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
|
23
|
+
opts[:options] |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
|
24
|
+
opts[:options] |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
|
25
|
+
opts[:options] |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
|
26
26
|
end
|
27
|
+
|
27
28
|
|
28
29
|
self
|
29
30
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: vault
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.17.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Seth Vargo
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-05-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sigv4
|
@@ -179,7 +179,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
179
179
|
- !ruby/object:Gem::Version
|
180
180
|
version: '0'
|
181
181
|
requirements: []
|
182
|
-
rubygems_version: 3.2.
|
182
|
+
rubygems_version: 3.2.32
|
183
183
|
signing_key:
|
184
184
|
specification_version: 4
|
185
185
|
summary: Vault is a Ruby API client for interacting with a Vault server.
|