vault 0.11.0 → 0.12.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: dcb5948ae3d3f53115a8e0aef77b70d18c042550
4
- data.tar.gz: 143ffc1b71f99550e83548ba92f1edb0e7e4ef0a
3
+ metadata.gz: 5eeb054b599872ef7a225999772c0b486554f339
4
+ data.tar.gz: b1524f9c83ea5c2e5c3c74f66fafaa69e47b8c94
5
5
  SHA512:
6
- metadata.gz: a7473e4c1791e62f8814a677d0c71bce2ca9b51a32c534dfd11830bcbbd3a2b8e993dacf3df52bc747fc1473931801733731de5e3a00c1078a9e59f2cbaa75b8
7
- data.tar.gz: 7c7a6793019c4f67a7927f01e839cbe9d0ac288dea9affe6e564d6482eedb4da5553cf01a823b9615c572e06a937bef532fd4a80777feb2488e5b3f41cd7e9a6
6
+ metadata.gz: d49f63c294a4165babfa3c6f2d2dfd90baabff86a964b895eb16b4ab08bd493fb07266c53f95fe2a255e2435df6f2ba42a921a97dfa1b94fe235a8c43e6aa77f
7
+ data.tar.gz: c4aa7afc3b28a1aa5912ee184c7a24d07d6c19d61ae922c409cd0c0aaf6cf3efff3c5dd2269ab1d65251a7f1ce35f8cd8810c7b4d516bfd83fff93153ad39ed1
data/.gitignore CHANGED
@@ -2,6 +2,7 @@
2
2
  *.gem
3
3
  *.rbc
4
4
  /.config
5
+ /.vscode
5
6
  /coverage/
6
7
  /InstalledFiles
7
8
  /pkg/
@@ -1,5 +1,19 @@
1
1
  # Vault Ruby Changelog
2
2
 
3
+ ## v0.12.0 (August 14, 2018)
4
+
5
+ IMPROVEMENTS
6
+
7
+ - Expose the github login path as an optional argument
8
+ - Support HTTP basic auth [GH-181]
9
+ - Expose the AWS IAM path to use [GH-180]
10
+ - Add GCP Auth [GH-173]
11
+ - Add shutdown functionality to close persistent connections [GH-175]
12
+
13
+ BUG FIXES
14
+
15
+ - Specifing the hostname for SNI didn't work. The functionality has been disabled for now.
16
+
3
17
  ## v0.11.0 (March 19, 2018)
4
18
 
5
19
  IMPROVEMENTS
@@ -155,9 +155,9 @@ module Vault
155
155
  # @param [String] github_token
156
156
  #
157
157
  # @return [Secret]
158
- def github(github_token)
158
+ def github(github_token, path="/v1/auth/github/login")
159
159
  payload = {token: github_token}
160
- json = client.post("/v1/auth/github/login", JSON.fast_generate(payload))
160
+ json = client.post(path, JSON.fast_generate(payload))
161
161
  secret = Secret.decode(json)
162
162
  client.token = secret.auth.client_token
163
163
  return secret
@@ -193,7 +193,7 @@ module Vault
193
193
  # for future requests.
194
194
  #
195
195
  # @example
196
- # Vault.auth.aws_iam("dev-role-iam", Aws::AssumeRoleCredentials.new, "vault.example.com", "https://sts.us-east-2.amazonaws.com") #=> #<Vault::Secret lease_id="">
196
+ # Vault.auth.aws_iam("dev-role-iam", Aws::InstanceProfileCredentials.new, "vault.example.com", "https://sts.us-east-2.amazonaws.com") #=> #<Vault::Secret lease_id="">
197
197
  #
198
198
  # @param [String] role
199
199
  # @param [CredentialProvider] credentials_provider
@@ -202,14 +202,17 @@ module Vault
202
202
  # As of Jan 2018, Vault will accept ANY or NO header if none is configured by the Vault server admin
203
203
  # @param [String] sts_endpoint optional
204
204
  # https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
205
+ # @param [String] route optional
205
206
  # @return [Secret]
206
- def aws_iam(role, credentials_provider, iam_auth_header_value = nil, sts_endpoint = 'https://sts.amazonaws.com')
207
+ def aws_iam(role, credentials_provider, iam_auth_header_value = nil, sts_endpoint = 'https://sts.amazonaws.com', route = nil)
207
208
  require "aws-sigv4"
208
209
  require "base64"
209
210
 
210
211
  request_body = 'Action=GetCallerIdentity&Version=2011-06-15'
211
212
  request_method = 'POST'
212
213
 
214
+ route ||= '/v1/auth/aws/login'
215
+
213
216
  vault_headers = {
214
217
  'User-Agent' => Vault::Client::USER_AGENT,
215
218
  'Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8'
@@ -236,7 +239,29 @@ module Vault
236
239
  iam_request_body: Base64.strict_encode64(request_body)
237
240
  }
238
241
 
239
- json = client.post('/v1/auth/aws/login', JSON.fast_generate(payload))
242
+ json = client.post(route, JSON.fast_generate(payload))
243
+ secret = Secret.decode(json)
244
+ client.token = secret.auth.client_token
245
+ return secret
246
+ end
247
+
248
+ # Authenticate via the GCP authentication method. If authentication is
249
+ # successful, the resulting token will be stored on the client and used
250
+ # for future requests.
251
+ #
252
+ # @example
253
+ # Vault.auth.gcp("read-only", "jwt", "gcp") #=> #<Vault::Secret lease_id="">
254
+ #
255
+ # @param [String] role
256
+ # @param [String] jwt
257
+ # jwt returned by the instance identity metadata, or iam api
258
+ # @param [String] path optional
259
+ # the path were the gcp auth backend is mounted
260
+ #
261
+ # @return [Secret]
262
+ def gcp(role, jwt, path = 'gcp')
263
+ payload = { role: role, jwt: jwt }
264
+ json = client.post("/v1/auth/#{CGI.escape(path)}/login", JSON.fast_generate(payload))
240
265
  secret = Secret.decode(json)
241
266
  client.token = secret.auth.client_token
242
267
  return secret
@@ -85,10 +85,6 @@ module Vault
85
85
 
86
86
  @nhp = PersistentHTTP.new("vault-ruby", nil, pool_size)
87
87
 
88
- if hostname
89
- @nhp.hostname = hostname
90
- end
91
-
92
88
  if proxy_address
93
89
  proxy_uri = URI.parse "http://#{proxy_address}"
94
90
 
@@ -158,6 +154,12 @@ module Vault
158
154
 
159
155
  private :pool
160
156
 
157
+ # Shutdown any open pool connections. Pool will be recreated upon next request.
158
+ def shutdown
159
+ @nhp.shutdown()
160
+ @nhp = nil
161
+ end
162
+
161
163
  # Creates and yields a new client object with the given token. This may be
162
164
  # used safely in a threadsafe manner because the original client remains
163
165
  # unchanged. The value of the block is returned.
@@ -236,6 +238,9 @@ module Vault
236
238
  # Build the URI and request object from the given information
237
239
  uri = build_uri(verb, path, data)
238
240
  request = class_for_request(verb).new(uri.request_uri)
241
+ if uri.userinfo()
242
+ request.basic_auth uri.user, uri.password
243
+ end
239
244
 
240
245
  if proxy_address and uri.scheme.downcase == "https"
241
246
  raise SecurityError, "no direct https connection to vault"
@@ -1,3 +1,3 @@
1
1
  module Vault
2
- VERSION = "0.11.0"
2
+ VERSION = "0.12.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.11.0
4
+ version: 0.12.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Seth Vargo
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-03-19 00:00:00.000000000 Z
11
+ date: 2018-08-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sigv4