vault 0.17.0 → 0.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9cd81591af963bbdfe3d167fa31b00a9d503e3ad0dfcdf242cadce97ddc19281
-  data.tar.gz: de55b77ff05e80aeecf8f648d66916d9662605083fbfc0c36222368f85de0a2a
+  metadata.gz: 111fe5b36f83c0d507ec99a0fda7a8cb7a483136f29a0a709dececfa0f1965ed
+  data.tar.gz: 970b448a78d140f8ebaf289bf597ca47ebc25516a189fe1d615ed47d2a8fa671
 SHA512:
-  metadata.gz: 0e0fa430df19981f84399ea639c69bb503d4f553bbd943b32bb0cb58ccf74f1f75f1d7c9558de92da372cf9f4d6e2dcd9b40f7a311956ee1c29310ee2701e5aa
-  data.tar.gz: 67395eb83e5586ef4232fac94ca5be1c9e408c3592a0fcfc26ee4cae1e81c0017b9a8e96ad39b24a256e61712b1ea001e9ab645ea79fabe918fdf0d377e58f89
+  metadata.gz: 87854275263cc1e88d21be3e2e5eb9ed4d9fa3d61429df0901d1ed278c64ae667a92ffff95789766ee73fb7d132021125bcf6d7de63840c124d5dfe143c89838
+  data.tar.gz: b18967dd085a2e02c2de9d0a7d8570d61069324dd17af21b9b7f2bec0a5382233cc75a534b39acf926947bc9cd4a85ab0b8c7207528961c70e0ee34e277c1ae4

data/CHANGELOG.md

@@ -2,6 +2,12 @@
 
 ## v?.??.? (Unreleased)
 
+## v0.18.0 (September 14, 2023)
+
+IMPROVEMENTS
+
+- Added support for TLS v1.3 by replacing `ssl_version` with `min_version`.
+
 ## v0.17.0 (May 11, 2022)
 
 IMPROVEMENTS

data/LICENSE

@@ -1,3 +1,5 @@
+Copyright (c) 2015 HashiCorp, Inc.
+
 Mozilla Public License, version 2.0
 
 1. Definitions

data/lib/vault/api/approle.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 require_relative "secret"

data/lib/vault/api/auth.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 require_relative "secret"
@@ -313,7 +316,7 @@ module Vault
     #
     # @return [String] aws region
     def region_from_sts_endpoint(sts_endpoint)
-      valid_sts_endpoint = %r{https:\/\/sts\.?(.*).amazonaws.com}.match(sts_endpoint)
+      valid_sts_endpoint = %r{https:\/\/sts\.?(.*)\.amazonaws\.com}.match(sts_endpoint)
       raise "Unable to parse STS endpoint #{sts_endpoint}" unless valid_sts_endpoint
       valid_sts_endpoint[1].empty? ? 'us-east-1' : valid_sts_endpoint[1]
     end

data/lib/vault/api/auth_tls.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 require_relative "secret"

data/lib/vault/api/auth_token.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 require_relative "secret"

data/lib/vault/api/help.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative "../client"
 require_relative "../response"
 

data/lib/vault/api/kv.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative "secret"
 require_relative "../client"
 require_relative "../request"

data/lib/vault/api/logical.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative "secret"
 require_relative "../client"
 require_relative "../request"

data/lib/vault/api/secret.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "time"
 
 require_relative "../response"

data/lib/vault/api/sys/audit.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 module Vault

data/lib/vault/api/sys/auth.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 module Vault

data/lib/vault/api/sys/health.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 module Vault

data/lib/vault/api/sys/init.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 module Vault

data/lib/vault/api/sys/leader.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   class LeaderStatus < Response
     # @!method ha_enabled?

data/lib/vault/api/sys/lease.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   class Sys
     # Renew a lease with the given ID.

data/lib/vault/api/sys/mount.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 module Vault

data/lib/vault/api/sys/namespace.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   class Namespace < Response
     # @!attribute [r] id

data/lib/vault/api/sys/policy.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 module Vault

data/lib/vault/api/sys/quota.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   class Quota < Response
     # @!attribute [r] name

data/lib/vault/api/sys/seal.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 module Vault

data/lib/vault/api/sys.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative "../client"
 require_relative "../request"
 require_relative "../response"

data/lib/vault/api/transform/alphabet.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative '../../request'
 require_relative '../../response'
 

data/lib/vault/api/transform/role.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative '../../request'
 require_relative '../../response'
 

data/lib/vault/api/transform/template.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative '../../request'
 require_relative '../../response'
 

data/lib/vault/api/transform/transformation.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative '../../request'
 require_relative '../../response'
 

data/lib/vault/api/transform.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative '../client'
 require_relative '../request'
 

data/lib/vault/api.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   module API
     require_relative "api/approle"

data/lib/vault/client.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "cgi"
 require "json"
 require "uri"
@@ -45,6 +48,7 @@ module Vault
 
       # Failed to reach the server (aka bad URL)
       a << Errno::ECONNREFUSED
+      a << Errno::EADDRNOTAVAIL
 
       # Failed to read body or no response body given
       a << EOFError
@@ -60,11 +64,6 @@ module Vault
       a << PersistentHTTP::Error
     end.freeze
 
-    # Indicates a requested operation is not possible due to security
-    # concerns.
-    class SecurityError < RuntimeError
-    end
-
     include Vault::Configurable
 
     # Create a new Client with the given options. Any options given take
@@ -113,8 +112,8 @@ module Vault
 
         @nhp.verify_mode = OpenSSL::SSL::VERIFY_PEER
 
-        # Vault requires TLS1.2
-        @nhp.ssl_version = "TLSv1_2"
+        # Vault requires at least TLS1.2
+        @nhp.min_version = OpenSSL::SSL::TLS1_2_VERSION
 
         # Only use secure ciphers
         @nhp.ciphers = ssl_ciphers
@@ -245,10 +244,6 @@ module Vault
         request.basic_auth uri.user, uri.password
       end
 
-      if proxy_address and uri.scheme.downcase == "https"
-        raise SecurityError, "no direct https connection to vault"
-      end
-
       # Get a list of headers
       headers = DEFAULT_HEADERS.merge(headers)
 
@@ -387,19 +382,20 @@ module Vault
     #   the response object from the request
     def error(response)
       if response.body && response.body.match("missing client token")
-        raise MissingTokenError
-      end
-
-      # Use the correct exception class
-      case response
-      when Net::HTTPPreconditionFailed
-        raise MissingRequiredStateError.new
-      when Net::HTTPClientError
+        # Vault 1.10+ no longer returns "missing" client token" so we use HTTPClientError
         klass = HTTPClientError
-      when Net::HTTPServerError
-        klass = HTTPServerError
       else
-        klass = HTTPError
+        # Use the correct exception class
+        case response
+        when Net::HTTPPreconditionFailed
+          raise MissingRequiredStateError.new
+        when Net::HTTPClientError
+          klass = HTTPClientError
+        when Net::HTTPServerError
+          klass = HTTPServerError
+        else
+          klass = HTTPError
+        end
       end
 
       if (response.content_type || '').include?("json")

data/lib/vault/configurable.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative "defaults"
 
 module Vault

data/lib/vault/defaults.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "pathname"
 require "base64"
 

data/lib/vault/encode.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   module EncodePath
 

data/lib/vault/errors.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   class VaultError < RuntimeError; end
 

data/lib/vault/persistent/connection.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 ##
 # A Net::HTTP connection wrapper that holds extra information for managing the
 # connection's lifetime.

data/lib/vault/persistent/pool.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
 class PersistentHTTP::Pool < Vault::ConnectionPool # :nodoc:
 

data/lib/vault/persistent/timed_stack_multi.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
 class PersistentHTTP::TimedStackMulti < ConnectionPool::TimedStack # :nodoc:
 

data/lib/vault/persistent.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # Vendored and modified from github.com/drbrain/net-http-persistent
 #
 require 'net/http'
@@ -71,11 +74,11 @@ autoload :OpenSSL, 'openssl'
 # #ca_path            :: Directory with certificate-authorities
 # #cert_store         :: An SSL certificate store
 # #ciphers            :: List of SSl ciphers allowed
+# #min_version        :: Minimum SSL version to use
 # #private_key        :: The client's SSL private key
 # #reuse_ssl_sessions :: Reuse a previously opened SSL session for a new
 #                        connection
 # #ssl_timeout        :: SSL session lifetime
-# #ssl_version        :: Which specific SSL version to use
 # #verify_callback    :: For server certificate verification
 # #verify_depth       :: Depth of certificate verification
 # #verify_mode        :: How connections should be verified
@@ -364,6 +367,11 @@ class PersistentHTTP
 
   attr_reader :name
 
+  ##
+  # Minimum SSL version to use.
+
+  attr_reader :min_version
+
   ##
   # Seconds to wait until a connection is opened.  See Net::HTTP#open_timeout
 
@@ -434,14 +442,6 @@ class PersistentHTTP
 
   attr_reader :ssl_timeout
 
-  ##
-  # SSL version to use.
-  #
-  # By default, the version will be negotiated automatically between client
-  # and server.  Ruby 1.9 and newer only.
-
-  attr_reader :ssl_version
-
   ##
   # Where this instance's last-use times live in the thread local variables
 
@@ -528,9 +528,9 @@ class PersistentHTTP
     @ca_file            = nil
     @ca_path            = nil
     @ciphers            = nil
+    @min_version        = nil
     @private_key        = nil
     @ssl_timeout        = nil
-    @ssl_version        = nil
     @verify_callback    = nil
     @verify_depth       = nil
     @verify_mode        = nil
@@ -603,10 +603,10 @@ class PersistentHTTP
   def connection_for uri
     use_ssl = uri.scheme.downcase == 'https'
 
-    net_http_args = [uri.host, uri.port]
+    net_http_args = [uri.hostname, uri.port]
 
     net_http_args.concat @proxy_args if
-      @proxy_uri and not proxy_bypass? uri.host, uri.port
+      @proxy_uri and not proxy_bypass? uri.hostname, uri.port
 
     connection = @pool.checkout net_http_args
 
@@ -715,7 +715,7 @@ class PersistentHTTP
   # Returns the HTTP protocol version for +uri+
 
   def http_version uri
-    @http_versions["#{uri.host}:#{uri.port}"]
+    @http_versions["#{uri.hostname}:#{uri.port}"]
   end
 
   ##
@@ -798,7 +798,7 @@ class PersistentHTTP
 
     if @proxy_uri then
       @proxy_args = [
-        @proxy_uri.host,
+        @proxy_uri.hostname,
         @proxy_uri.port,
         unescape(@proxy_uri.user),
         unescape(@proxy_uri.password),
@@ -973,7 +973,7 @@ class PersistentHTTP
       end
     end
 
-    @http_versions["#{uri.host}:#{uri.port}"] ||= response.http_version
+    @http_versions["#{uri.hostname}:#{uri.port}"] ||= response.http_version
 
     response
   end
@@ -1043,8 +1043,8 @@ class PersistentHTTP
     connection.use_ssl = true
 
     connection.ciphers     = @ciphers     if @ciphers
+    connection.min_version = @min_version if @min_version
     connection.ssl_timeout = @ssl_timeout if @ssl_timeout
-    connection.ssl_version = @ssl_version if @ssl_version
 
     connection.verify_depth = @verify_depth
     connection.verify_mode  = @verify_mode
@@ -1098,19 +1098,19 @@ application:
   end
 
   ##
-  # SSL session lifetime
+  # Minimum SSL version to use
 
-  def ssl_timeout= ssl_timeout
-    @ssl_timeout = ssl_timeout
+  def min_version= min_version
+    @min_version = min_version
 
     reconnect_ssl
   end
 
   ##
-  # SSL version to use
+  # SSL session lifetime
 
-  def ssl_version= ssl_version
-    @ssl_version = ssl_version
+  def ssl_timeout= ssl_timeout
+    @ssl_timeout = ssl_timeout
 
     reconnect_ssl
   end

data/lib/vault/request.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   class Request
     attr_reader :client

data/lib/vault/response.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   class Response
     # Defines a new field. This is designed to be used by the subclass as a

data/lib/vault/vendor/connection_pool/timed_stack.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require 'thread'
 require 'timeout'
 

data/lib/vault/vendor/connection_pool/version.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
 class ConnectionPool
   VERSION = "2.2.0"

data/lib/vault/vendor/connection_pool.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative 'connection_pool/version'
 require_relative 'connection_pool/timed_stack'
 

data/lib/vault/version.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
-  VERSION = "0.17.0"
+  VERSION = "0.18.0"
 end

data/lib/vault.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   require_relative "vault/errors"
   require_relative "vault/client"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: vault
 version: !ruby/object:Gem::Version
-  version: 0.17.0
+  version: 0.18.0
 platform: ruby
 authors:
 - Seth Vargo
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-05-11 00:00:00.000000000 Z
+date: 2023-09-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
@@ -108,9 +108,23 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 3.8.3
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
 description: Vault is a Ruby API client for interacting with a Vault server.
 email:
-- sethvargo@gmail.com
+- team-vault-devex@hashicorp.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -164,7 +178,7 @@ homepage: https://github.com/hashicorp/vault-ruby
 licenses:
 - MPL-2.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -179,8 +193,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.32
-signing_key: 
+rubygems_version: 3.4.10
+signing_key:
 specification_version: 4
 summary: Vault is a Ruby API client for interacting with a Vault server.
 test_files: []