vault 0.3.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f44b1c7408f1606c17e1b1aea67b3547aae80873
-  data.tar.gz: f908452ae3a2117b1b12c5305921f59242ef89ce
+  metadata.gz: c591681b73cba4f23a6c399ce65ecb232be4c8bb
+  data.tar.gz: 7f01da9d58aae383b63dd8bc666db5ca7e2181d8
 SHA512:
-  metadata.gz: 00352ca38411b6340b145dfad3bbe8c1f6d49535fbf169717ee60c37198e07e229e56b1f4b1e30fe907d5d542cfe7656ad3386570e2d2894d922935416ce6b0e
-  data.tar.gz: 5a4d53a45ee70b529d03e77fa3e73adabd2e538c3b18aa4547a1d0f78f733cea6337940b70105952b9067df7b9e5d40327bdef45b6b6b5b933eead0e59a46381
+  metadata.gz: 1efa7198ad5a0713ba37826978cd417ac6de66da5023d220890b092c8758af7fb9a7a494ea9db685e1e21011e4f62fc4379c42b50f0d3fa6992a68d57ad8a319
+  data.tar.gz: 415e4410e7f5ba98827996d47ad10ef8f81caa12dd0a213698b019306717bfb08694a2ea598428a72629c3c6180739a49f6541c9553f3355f33391efcd6adc73

data/.travis.yml

@@ -3,7 +3,7 @@ cache: bundler
 sudo: false
 
 before_install: |-
-  wget -O vault.zip -q https://releases.hashicorp.com/vault/0.5.0-rc1/vault_0.5.0-rc1_linux_amd64.zip
+  wget -O vault.zip -q https://releases.hashicorp.com/vault/0.5.2/vault_0.5.2_linux_amd64.zip
   unzip vault.zip
   mkdir ~/bin
   mv vault ~/bin

data/CHANGELOG.md

@@ -1,8 +1,21 @@
 # Vault Ruby Changelog
 
-## v0.3.0.dev (Unreleased)
+## v0.4.0 (March 31, 2016)
 
+NEW FEATURES
+
+- Add LDAP authentication method [GH-61]
+- Add GitHub authentication method [GH-37]
+- Add `create_orphan` method [GH-65]
+- Add `lookup` and `lookup_self` for tokens
+- Accept `VAULT_SKIP_VERIFY` environment variable [GH-66]
+
+BUG FIXES
 
+- Prefer `VAULT_TOKEN` environment variable over disk to mirror Vault's own
+  behavior [GH-98]
+- Do not duplicate query parameters on HEAD/GET requests [GH-62]
+- Yield exception in `with_retries` [GH-68]
 
 ## v0.3.0 (February 16, 2016)
 

data/README.md

@@ -68,7 +68,7 @@ Vault.configure do |config|
 end
 ```
 
-If you do not want the Vault singleton, of if you need to communicate with multiple Vault servers at once, you can create indepenent client objects:
+If you do not want the Vault singleton, or if you need to communicate with multiple Vault servers at once, you can create independent client objects:
 
 ```ruby
 client_1 = Vault::Client.new(address: "https://vault.mycompany.com")

data/lib/vault/api/auth.rb

@@ -98,5 +98,45 @@ module Vault
       client.token = secret.auth.client_token
       return secret
     end
+
+    # Authenticate via the "ldap" authentication method. If authentication
+    # is successful, the resulting token will be stored on the client and used
+    # for future requests.
+    #
+    # @example
+    #   Vault.auth.ldap("sethvargo", "s3kr3t") #=> #<Vault::Secret lease_id="">
+    #
+    # @param [String] username
+    # @param [String] password
+    # @param [Hash] options
+    #   additional options to pass to the authentication call, such as a custom
+    #   mount point
+    #
+    # @return [Secret]
+    def ldap(username, password, options = {})
+      payload = { password: password }.merge(options)
+      json = client.post("/v1/auth/ldap/login/#{CGI.escape(username)}", JSON.fast_generate(payload))
+      secret = Secret.decode(json)
+      client.token = secret.auth.client_token
+      return secret
+    end
+
+    # Authenticate via the GitHub authentication method. If authentication is
+    # successful, the resulting token will be stored on the client and used
+    # for future requests.
+    #
+    # @example
+    #   Vault.auth.github("mypersonalgithubtoken") #=> #<Vault::Secret lease_id="">
+    #
+    # @param [String] github_token
+    #
+    # @return [Secret]
+    def github(github_token)
+      payload = {token: github_token}
+      json = client.post("/v1/auth/github/login", JSON.fast_generate(payload))
+      secret = Secret.decode(json)
+      client.token = secret.auth.client_token
+      return secret
+    end
   end
 end

data/lib/vault/api/auth_token.rb

@@ -28,6 +28,43 @@ module Vault
       return Secret.decode(json)
     end
 
+    # Create an orphaned authentication token.
+    #
+    # @example
+    #   Vault.auth_token.create_orphan #=> #<Vault::Secret lease_id="">
+    #
+    # @param [Hash] options
+    #
+    # @return [Secret]
+    def create_orphan(options = {})
+      json = client.post("/v1/auth/token/create-orphan", JSON.fast_generate(options))
+      return Secret.decode(json)
+    end
+
+    # Lookup information about the current token.
+    #
+    # @example
+    #   Vault.auth_token.lookup_self("abcd-...") #=> #<Vault::Secret lease_id="">
+    #
+    # @param [String] token
+    #
+    # @return [Secret]
+    def lookup(token)
+      json = client.get("/v1/auth/token/lookup/#{CGI.escape(token)}")
+      return Secret.decode(json)
+    end
+
+    # Lookup information about the given token.
+    #
+    # @example
+    #   Vault.auth_token.lookup_self #=> #<Vault::Secret lease_id="">
+    #
+    # @return [Secret]
+    def lookup_self
+      json = client.get("/v1/auth/token/lookup-self")
+      return Secret.decode(json)
+    end
+
     # Renew the given authentication token.
     #
     # @example

data/lib/vault/client.rb

@@ -217,6 +217,11 @@ module Vault
 
           case response
           when Net::HTTPRedirection
+            # On a redirect of a GET or HEAD request, the URL already contains
+            # the data as query string parameters.
+            if [:head, :get].include?(verb)
+              data = {}
+            end
             request(verb, response[LOCATION_HEADER], data, headers)
           when Net::HTTPSuccess
             success(response)
@@ -353,7 +358,7 @@ module Vault
       backoff_max  = options[:max_wait] || Defaults::RETRY_MAX_WAIT
 
       begin
-        return yield retries
+        return yield retries, exception
       rescue *rescued => e
         exception = e
 

data/lib/vault/defaults.rb

@@ -42,11 +42,15 @@ module Vault
       # The vault token to use for authentiation.
       # @return [String, nil]
       def token
+        if !ENV["VAULT_TOKEN"].nil?
+          return ENV["VAULT_TOKEN"]
+        end
+
         if VAULT_DISK_TOKEN.exist? && VAULT_DISK_TOKEN.readable?
-          VAULT_DISK_TOKEN.read
-        else
-          ENV["VAULT_TOKEN"]
+          return VAULT_DISK_TOKEN.read
         end
+
+        nil
       end
 
       # The number of seconds to wait when trying to open a connection before
@@ -122,6 +126,11 @@ module Vault
       # Verify SSL requests (default: true)
       # @return [true, false]
       def ssl_verify
+        # Vault CLI uses this envvar, so accept it by precedence
+        if !ENV["VAULT_SKIP_VERIFY"].nil?
+          return true
+        end
+
         if ENV["VAULT_SSL_VERIFY"].nil?
           true
         else

data/lib/vault/version.rb

@@ -1,3 +1,3 @@
 module Vault
-  VERSION = "0.3.0"
+  VERSION = "0.4.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: vault
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Seth Vargo
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-02-16 00:00:00.000000000 Z
+date: 2016-03-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler