vault 0.17.0 → 0.18.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/LICENSE +2 -0
- data/lib/vault/api/approle.rb +3 -0
- data/lib/vault/api/auth.rb +4 -1
- data/lib/vault/api/auth_tls.rb +3 -0
- data/lib/vault/api/auth_token.rb +3 -0
- data/lib/vault/api/help.rb +3 -0
- data/lib/vault/api/kv.rb +3 -0
- data/lib/vault/api/logical.rb +3 -0
- data/lib/vault/api/secret.rb +3 -0
- data/lib/vault/api/sys/audit.rb +3 -0
- data/lib/vault/api/sys/auth.rb +3 -0
- data/lib/vault/api/sys/health.rb +3 -0
- data/lib/vault/api/sys/init.rb +3 -0
- data/lib/vault/api/sys/leader.rb +3 -0
- data/lib/vault/api/sys/lease.rb +3 -0
- data/lib/vault/api/sys/mount.rb +3 -0
- data/lib/vault/api/sys/namespace.rb +3 -0
- data/lib/vault/api/sys/policy.rb +3 -0
- data/lib/vault/api/sys/quota.rb +3 -0
- data/lib/vault/api/sys/seal.rb +3 -0
- data/lib/vault/api/sys.rb +3 -0
- data/lib/vault/api/transform/alphabet.rb +3 -0
- data/lib/vault/api/transform/role.rb +3 -0
- data/lib/vault/api/transform/template.rb +3 -0
- data/lib/vault/api/transform/transformation.rb +3 -0
- data/lib/vault/api/transform.rb +3 -0
- data/lib/vault/api.rb +3 -0
- data/lib/vault/client.rb +23 -21
- data/lib/vault/configurable.rb +3 -0
- data/lib/vault/defaults.rb +3 -0
- data/lib/vault/encode.rb +3 -0
- data/lib/vault/errors.rb +3 -0
- data/lib/vault/persistent/connection.rb +3 -0
- data/lib/vault/persistent/pool.rb +3 -0
- data/lib/vault/persistent/timed_stack_multi.rb +3 -0
- data/lib/vault/persistent.rb +30 -22
- data/lib/vault/request.rb +3 -0
- data/lib/vault/response.rb +3 -0
- data/lib/vault/vendor/connection_pool/timed_stack.rb +3 -0
- data/lib/vault/vendor/connection_pool/version.rb +3 -0
- data/lib/vault/vendor/connection_pool.rb +3 -0
- data/lib/vault/version.rb +4 -1
- data/lib/vault.rb +3 -0
- metadata +21 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 648a27b6ed1f890271b38e0a30ad9f916a9c6ea21115cc9aeb9b401aaf8d7506
|
4
|
+
data.tar.gz: 6fc3ad15682ee6da9add40186cef645e8378e45f9058c6e74869d5df350c11f7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3b02128523c3c8c00f268cec7258ca6ea18e1bb725aceba69dd1686d28f9b4c6275dd858b8b89a79f5758be6922a3defaf1edf8355d86f6db7d448befee5de90
|
7
|
+
data.tar.gz: 835578abf7f9783940baa562b8881eefb9915e0f272f58ee2b0b6916edffc5d942e2cf328e64f918c627dac219fde7fddb706ef8aaaac1ccc509521ad78eca5b
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,19 @@
|
|
2
2
|
|
3
3
|
## v?.??.? (Unreleased)
|
4
4
|
|
5
|
+
## v0.18.1 (September 14, 2023)
|
6
|
+
|
7
|
+
BUG FIXES
|
8
|
+
|
9
|
+
- Restored the ability to use this gem with older Ruby versions that do not have
|
10
|
+
the `OpenSSL::SSL::TLS1_2_VERSION` constant.
|
11
|
+
|
12
|
+
## v0.18.0 (September 14, 2023)
|
13
|
+
|
14
|
+
IMPROVEMENTS
|
15
|
+
|
16
|
+
- Added support for TLS v1.3 by replacing `ssl_version` with `min_version`.
|
17
|
+
|
5
18
|
## v0.17.0 (May 11, 2022)
|
6
19
|
|
7
20
|
IMPROVEMENTS
|
data/LICENSE
CHANGED
data/lib/vault/api/approle.rb
CHANGED
data/lib/vault/api/auth.rb
CHANGED
@@ -1,3 +1,6 @@
|
|
1
|
+
# Copyright (c) HashiCorp, Inc.
|
2
|
+
# SPDX-License-Identifier: MPL-2.0
|
3
|
+
|
1
4
|
require "json"
|
2
5
|
|
3
6
|
require_relative "secret"
|
@@ -313,7 +316,7 @@ module Vault
|
|
313
316
|
#
|
314
317
|
# @return [String] aws region
|
315
318
|
def region_from_sts_endpoint(sts_endpoint)
|
316
|
-
valid_sts_endpoint = %r{https:\/\/sts\.?(.*)
|
319
|
+
valid_sts_endpoint = %r{https:\/\/sts\.?(.*)\.amazonaws\.com}.match(sts_endpoint)
|
317
320
|
raise "Unable to parse STS endpoint #{sts_endpoint}" unless valid_sts_endpoint
|
318
321
|
valid_sts_endpoint[1].empty? ? 'us-east-1' : valid_sts_endpoint[1]
|
319
322
|
end
|
data/lib/vault/api/auth_tls.rb
CHANGED
data/lib/vault/api/auth_token.rb
CHANGED
data/lib/vault/api/help.rb
CHANGED
data/lib/vault/api/kv.rb
CHANGED
data/lib/vault/api/logical.rb
CHANGED
data/lib/vault/api/secret.rb
CHANGED
data/lib/vault/api/sys/audit.rb
CHANGED
data/lib/vault/api/sys/auth.rb
CHANGED
data/lib/vault/api/sys/health.rb
CHANGED
data/lib/vault/api/sys/init.rb
CHANGED
data/lib/vault/api/sys/leader.rb
CHANGED
data/lib/vault/api/sys/lease.rb
CHANGED
data/lib/vault/api/sys/mount.rb
CHANGED
data/lib/vault/api/sys/policy.rb
CHANGED
data/lib/vault/api/sys/quota.rb
CHANGED
data/lib/vault/api/sys/seal.rb
CHANGED
data/lib/vault/api/sys.rb
CHANGED
data/lib/vault/api/transform.rb
CHANGED
data/lib/vault/api.rb
CHANGED
data/lib/vault/client.rb
CHANGED
@@ -1,3 +1,6 @@
|
|
1
|
+
# Copyright (c) HashiCorp, Inc.
|
2
|
+
# SPDX-License-Identifier: MPL-2.0
|
3
|
+
|
1
4
|
require "cgi"
|
2
5
|
require "json"
|
3
6
|
require "uri"
|
@@ -45,6 +48,7 @@ module Vault
|
|
45
48
|
|
46
49
|
# Failed to reach the server (aka bad URL)
|
47
50
|
a << Errno::ECONNREFUSED
|
51
|
+
a << Errno::EADDRNOTAVAIL
|
48
52
|
|
49
53
|
# Failed to read body or no response body given
|
50
54
|
a << EOFError
|
@@ -60,10 +64,12 @@ module Vault
|
|
60
64
|
a << PersistentHTTP::Error
|
61
65
|
end.freeze
|
62
66
|
|
63
|
-
#
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
+
# Vault requires at least TLS1.2
|
68
|
+
MIN_TLS_VERSION = if defined? OpenSSL::SSL::TLS1_2_VERSION
|
69
|
+
OpenSSL::SSL::TLS1_2_VERSION
|
70
|
+
else
|
71
|
+
"TLSv1_2"
|
72
|
+
end
|
67
73
|
|
68
74
|
include Vault::Configurable
|
69
75
|
|
@@ -113,8 +119,7 @@ module Vault
|
|
113
119
|
|
114
120
|
@nhp.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
115
121
|
|
116
|
-
|
117
|
-
@nhp.ssl_version = "TLSv1_2"
|
122
|
+
@nhp.min_version = MIN_TLS_VERSION
|
118
123
|
|
119
124
|
# Only use secure ciphers
|
120
125
|
@nhp.ciphers = ssl_ciphers
|
@@ -245,10 +250,6 @@ module Vault
|
|
245
250
|
request.basic_auth uri.user, uri.password
|
246
251
|
end
|
247
252
|
|
248
|
-
if proxy_address and uri.scheme.downcase == "https"
|
249
|
-
raise SecurityError, "no direct https connection to vault"
|
250
|
-
end
|
251
|
-
|
252
253
|
# Get a list of headers
|
253
254
|
headers = DEFAULT_HEADERS.merge(headers)
|
254
255
|
|
@@ -387,19 +388,20 @@ module Vault
|
|
387
388
|
# the response object from the request
|
388
389
|
def error(response)
|
389
390
|
if response.body && response.body.match("missing client token")
|
390
|
-
|
391
|
-
end
|
392
|
-
|
393
|
-
# Use the correct exception class
|
394
|
-
case response
|
395
|
-
when Net::HTTPPreconditionFailed
|
396
|
-
raise MissingRequiredStateError.new
|
397
|
-
when Net::HTTPClientError
|
391
|
+
# Vault 1.10+ no longer returns "missing" client token" so we use HTTPClientError
|
398
392
|
klass = HTTPClientError
|
399
|
-
when Net::HTTPServerError
|
400
|
-
klass = HTTPServerError
|
401
393
|
else
|
402
|
-
|
394
|
+
# Use the correct exception class
|
395
|
+
case response
|
396
|
+
when Net::HTTPPreconditionFailed
|
397
|
+
raise MissingRequiredStateError.new
|
398
|
+
when Net::HTTPClientError
|
399
|
+
klass = HTTPClientError
|
400
|
+
when Net::HTTPServerError
|
401
|
+
klass = HTTPServerError
|
402
|
+
else
|
403
|
+
klass = HTTPError
|
404
|
+
end
|
403
405
|
end
|
404
406
|
|
405
407
|
if (response.content_type || '').include?("json")
|
data/lib/vault/configurable.rb
CHANGED
data/lib/vault/defaults.rb
CHANGED
data/lib/vault/encode.rb
CHANGED
data/lib/vault/errors.rb
CHANGED
data/lib/vault/persistent.rb
CHANGED
@@ -1,3 +1,6 @@
|
|
1
|
+
# Copyright (c) HashiCorp, Inc.
|
2
|
+
# SPDX-License-Identifier: MPL-2.0
|
3
|
+
|
1
4
|
# Vendored and modified from github.com/drbrain/net-http-persistent
|
2
5
|
#
|
3
6
|
require 'net/http'
|
@@ -71,11 +74,11 @@ autoload :OpenSSL, 'openssl'
|
|
71
74
|
# #ca_path :: Directory with certificate-authorities
|
72
75
|
# #cert_store :: An SSL certificate store
|
73
76
|
# #ciphers :: List of SSl ciphers allowed
|
77
|
+
# #min_version :: Minimum SSL version to use
|
74
78
|
# #private_key :: The client's SSL private key
|
75
79
|
# #reuse_ssl_sessions :: Reuse a previously opened SSL session for a new
|
76
80
|
# connection
|
77
81
|
# #ssl_timeout :: SSL session lifetime
|
78
|
-
# #ssl_version :: Which specific SSL version to use
|
79
82
|
# #verify_callback :: For server certificate verification
|
80
83
|
# #verify_depth :: Depth of certificate verification
|
81
84
|
# #verify_mode :: How connections should be verified
|
@@ -364,6 +367,11 @@ class PersistentHTTP
|
|
364
367
|
|
365
368
|
attr_reader :name
|
366
369
|
|
370
|
+
##
|
371
|
+
# Minimum SSL version to use.
|
372
|
+
|
373
|
+
attr_reader :min_version
|
374
|
+
|
367
375
|
##
|
368
376
|
# Seconds to wait until a connection is opened. See Net::HTTP#open_timeout
|
369
377
|
|
@@ -434,14 +442,6 @@ class PersistentHTTP
|
|
434
442
|
|
435
443
|
attr_reader :ssl_timeout
|
436
444
|
|
437
|
-
##
|
438
|
-
# SSL version to use.
|
439
|
-
#
|
440
|
-
# By default, the version will be negotiated automatically between client
|
441
|
-
# and server. Ruby 1.9 and newer only.
|
442
|
-
|
443
|
-
attr_reader :ssl_version
|
444
|
-
|
445
445
|
##
|
446
446
|
# Where this instance's last-use times live in the thread local variables
|
447
447
|
|
@@ -528,9 +528,9 @@ class PersistentHTTP
|
|
528
528
|
@ca_file = nil
|
529
529
|
@ca_path = nil
|
530
530
|
@ciphers = nil
|
531
|
+
@min_version = nil
|
531
532
|
@private_key = nil
|
532
533
|
@ssl_timeout = nil
|
533
|
-
@ssl_version = nil
|
534
534
|
@verify_callback = nil
|
535
535
|
@verify_depth = nil
|
536
536
|
@verify_mode = nil
|
@@ -603,10 +603,10 @@ class PersistentHTTP
|
|
603
603
|
def connection_for uri
|
604
604
|
use_ssl = uri.scheme.downcase == 'https'
|
605
605
|
|
606
|
-
net_http_args = [uri.
|
606
|
+
net_http_args = [uri.hostname, uri.port]
|
607
607
|
|
608
608
|
net_http_args.concat @proxy_args if
|
609
|
-
@proxy_uri and not proxy_bypass? uri.
|
609
|
+
@proxy_uri and not proxy_bypass? uri.hostname, uri.port
|
610
610
|
|
611
611
|
connection = @pool.checkout net_http_args
|
612
612
|
|
@@ -715,7 +715,7 @@ class PersistentHTTP
|
|
715
715
|
# Returns the HTTP protocol version for +uri+
|
716
716
|
|
717
717
|
def http_version uri
|
718
|
-
@http_versions["#{uri.
|
718
|
+
@http_versions["#{uri.hostname}:#{uri.port}"]
|
719
719
|
end
|
720
720
|
|
721
721
|
##
|
@@ -798,7 +798,7 @@ class PersistentHTTP
|
|
798
798
|
|
799
799
|
if @proxy_uri then
|
800
800
|
@proxy_args = [
|
801
|
-
@proxy_uri.
|
801
|
+
@proxy_uri.hostname,
|
802
802
|
@proxy_uri.port,
|
803
803
|
unescape(@proxy_uri.user),
|
804
804
|
unescape(@proxy_uri.password),
|
@@ -973,7 +973,7 @@ class PersistentHTTP
|
|
973
973
|
end
|
974
974
|
end
|
975
975
|
|
976
|
-
@http_versions["#{uri.
|
976
|
+
@http_versions["#{uri.hostname}:#{uri.port}"] ||= response.http_version
|
977
977
|
|
978
978
|
response
|
979
979
|
end
|
@@ -1043,8 +1043,16 @@ class PersistentHTTP
|
|
1043
1043
|
connection.use_ssl = true
|
1044
1044
|
|
1045
1045
|
connection.ciphers = @ciphers if @ciphers
|
1046
|
+
|
1047
|
+
if @min_version
|
1048
|
+
if connection.respond_to? :min_version=
|
1049
|
+
connection.min_version = @min_version
|
1050
|
+
else
|
1051
|
+
connection.ssl_version = @min_version
|
1052
|
+
end
|
1053
|
+
end
|
1054
|
+
|
1046
1055
|
connection.ssl_timeout = @ssl_timeout if @ssl_timeout
|
1047
|
-
connection.ssl_version = @ssl_version if @ssl_version
|
1048
1056
|
|
1049
1057
|
connection.verify_depth = @verify_depth
|
1050
1058
|
connection.verify_mode = @verify_mode
|
@@ -1098,19 +1106,19 @@ application:
|
|
1098
1106
|
end
|
1099
1107
|
|
1100
1108
|
##
|
1101
|
-
# SSL
|
1109
|
+
# Minimum SSL version to use
|
1102
1110
|
|
1103
|
-
def
|
1104
|
-
@
|
1111
|
+
def min_version= min_version
|
1112
|
+
@min_version = min_version
|
1105
1113
|
|
1106
1114
|
reconnect_ssl
|
1107
1115
|
end
|
1108
1116
|
|
1109
1117
|
##
|
1110
|
-
# SSL
|
1118
|
+
# SSL session lifetime
|
1111
1119
|
|
1112
|
-
def
|
1113
|
-
@
|
1120
|
+
def ssl_timeout= ssl_timeout
|
1121
|
+
@ssl_timeout = ssl_timeout
|
1114
1122
|
|
1115
1123
|
reconnect_ssl
|
1116
1124
|
end
|
data/lib/vault/request.rb
CHANGED
data/lib/vault/response.rb
CHANGED
data/lib/vault/version.rb
CHANGED
data/lib/vault.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: vault
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.18.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Seth Vargo
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-09-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sigv4
|
@@ -108,9 +108,23 @@ dependencies:
|
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
110
|
version: 3.8.3
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: webrick
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - "~>"
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '1.5'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - "~>"
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '1.5'
|
111
125
|
description: Vault is a Ruby API client for interacting with a Vault server.
|
112
126
|
email:
|
113
|
-
-
|
127
|
+
- team-vault-devex@hashicorp.com
|
114
128
|
executables: []
|
115
129
|
extensions: []
|
116
130
|
extra_rdoc_files: []
|
@@ -164,7 +178,7 @@ homepage: https://github.com/hashicorp/vault-ruby
|
|
164
178
|
licenses:
|
165
179
|
- MPL-2.0
|
166
180
|
metadata: {}
|
167
|
-
post_install_message:
|
181
|
+
post_install_message:
|
168
182
|
rdoc_options: []
|
169
183
|
require_paths:
|
170
184
|
- lib
|
@@ -179,8 +193,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
179
193
|
- !ruby/object:Gem::Version
|
180
194
|
version: '0'
|
181
195
|
requirements: []
|
182
|
-
rubygems_version: 3.
|
183
|
-
signing_key:
|
196
|
+
rubygems_version: 3.4.10
|
197
|
+
signing_key:
|
184
198
|
specification_version: 4
|
185
199
|
summary: Vault is a Ruby API client for interacting with a Vault server.
|
186
200
|
test_files: []
|