vault 0.20.0 → 0.20.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/vault/api/auth.rb +19 -4
- data/lib/vault/version.rb +1 -1
- metadata +2 -16
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 46acf59f9b079b96d8af544537fc4657b02a04c0fdf9bd613cb46027435a6148
|
|
4
|
+
data.tar.gz: 828e7e36228d6900e8c1be9e7b9d319fb03fe2cb541eabca81a8a5323989a313
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0cc19d71f9f16123ab02539691a932098c39cea39362dc4c5b5e46f42390df23ae367b0ce26fb0a33940daf1af178884982076cd2d0dc92f310e326d4dfb8b8c
|
|
7
|
+
data.tar.gz: 1072fd9dfec4dfab692455b6b06833cb5ce9f9b3bacff3d36773b5491c326b1683ec9b7aa6c55926bf73f08c74a88fbfd71dcf4d778ce6ddf3b2669d04ad527d
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,14 @@
|
|
|
1
1
|
# Vault Ruby Changelog
|
|
2
2
|
|
|
3
|
+
## Unreleased
|
|
4
|
+
|
|
5
|
+
## v0.20.1 (March 31, 2026)
|
|
6
|
+
|
|
7
|
+
BUG FIXES
|
|
8
|
+
|
|
9
|
+
- Removed explicit `connection_pool` runtime dependency to allow use of connection_pool 3.x for compatibility with sidekiq 8.1+. The gem is already managed as a transitive dependency by `net-http-persistent`, which supports connection_pool 2.2.4+ through 3.x. [GH-393]
|
|
10
|
+
- Hardened STS endpoint parsing in AWS auth by replacing permissive matching with strict HTTPS URI and host validation, preserving supported global, regional, GovCloud, and China endpoints while rejecting malformed inputs. [GH-402]
|
|
11
|
+
|
|
3
12
|
## v0.20.0 (February 4, 2026)
|
|
4
13
|
|
|
5
14
|
IMPROVEMENTS
|
data/lib/vault/api/auth.rb
CHANGED
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
# SPDX-License-Identifier: MPL-2.0
|
|
3
3
|
|
|
4
4
|
require "json"
|
|
5
|
+
require "uri"
|
|
5
6
|
|
|
6
7
|
require_relative "secret"
|
|
7
8
|
require_relative "../client"
|
|
@@ -302,7 +303,7 @@ module Vault
|
|
|
302
303
|
# The path to the auth backend to use for the login procedure.
|
|
303
304
|
#
|
|
304
305
|
# @param [String] name optional
|
|
305
|
-
# The named certificate role provided to the login request.
|
|
306
|
+
# The named certificate role provided to the login request.
|
|
306
307
|
#
|
|
307
308
|
# @return [Secret]
|
|
308
309
|
def tls(pem = nil, path = 'cert', name: nil)
|
|
@@ -328,9 +329,23 @@ module Vault
|
|
|
328
329
|
#
|
|
329
330
|
# @return [String] aws region
|
|
330
331
|
def region_from_sts_endpoint(sts_endpoint)
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
332
|
+
uri = URI.parse(sts_endpoint)
|
|
333
|
+
|
|
334
|
+
unless uri.is_a?(URI::HTTPS) && uri.userinfo.nil?
|
|
335
|
+
raise "Unable to parse STS endpoint #{sts_endpoint}"
|
|
336
|
+
end
|
|
337
|
+
|
|
338
|
+
case uri.host
|
|
339
|
+
when "sts.amazonaws.com"
|
|
340
|
+
"us-east-1"
|
|
341
|
+
when /\Asts\.([a-z0-9-]+)\.amazonaws\.com\z/,
|
|
342
|
+
/\Asts\.([a-z0-9-]+)\.amazonaws\.com\.cn\z/
|
|
343
|
+
Regexp.last_match(1)
|
|
344
|
+
else
|
|
345
|
+
raise "Unable to parse STS endpoint #{sts_endpoint}"
|
|
346
|
+
end
|
|
347
|
+
rescue URI::InvalidURIError
|
|
348
|
+
raise "Unable to parse STS endpoint #{sts_endpoint}"
|
|
334
349
|
end
|
|
335
350
|
end
|
|
336
351
|
end
|
data/lib/vault/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: vault
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.20.
|
|
4
|
+
version: 0.20.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Seth Vargo
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2026-
|
|
11
|
+
date: 2026-03-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sigv4
|
|
@@ -38,20 +38,6 @@ dependencies:
|
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0'
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: connection_pool
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
44
|
-
requirements:
|
|
45
|
-
- - "~>"
|
|
46
|
-
- !ruby/object:Gem::Version
|
|
47
|
-
version: '2.4'
|
|
48
|
-
type: :runtime
|
|
49
|
-
prerelease: false
|
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
-
requirements:
|
|
52
|
-
- - "~>"
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: '2.4'
|
|
55
41
|
- !ruby/object:Gem::Dependency
|
|
56
42
|
name: net-http-persistent
|
|
57
43
|
requirement: !ruby/object:Gem::Requirement
|