vault 0.12.0 → 0.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 5eeb054b599872ef7a225999772c0b486554f339
-  data.tar.gz: b1524f9c83ea5c2e5c3c74f66fafaa69e47b8c94
+SHA256:
+  metadata.gz: 45b9f9e52cf35711735bdb4ff03db5c64712df2ad07b1ba50d5ba7172d0b5e15
+  data.tar.gz: ee28f237fee824b1e9381ed35c06f587bdf022ab26455a04221ca385ac1a4448
 SHA512:
-  metadata.gz: d49f63c294a4165babfa3c6f2d2dfd90baabff86a964b895eb16b4ab08bd493fb07266c53f95fe2a255e2435df6f2ba42a921a97dfa1b94fe235a8c43e6aa77f
-  data.tar.gz: c4aa7afc3b28a1aa5912ee184c7a24d07d6c19d61ae922c409cd0c0aaf6cf3efff3c5dd2269ab1d65251a7f1ce35f8cd8810c7b4d516bfd83fff93153ad39ed1
+  metadata.gz: 8afef6bdd52369d7af804cbe8dc182166ee49698d9d2d71b923401f6546b9fc7f5ce7514236eaf9c92b867f030ed78e200a83cd71a88f765eae48af45aa41ec1
+  data.tar.gz: 877dbfb3dba0fe37718a68bafe22218f4fb1bd9577d3263ed979d3a71c14bc78a603bacb32a231d4ae7c346171bd6e81b6b4f95ab7368be7dc5d1ac236860da7

data/.travis.yml

@@ -4,6 +4,9 @@ language: ruby
 cache: bundler
 
 env:
+  - VAULT_VERSION=0.11.4
+  - VAULT_VERSION=0.10.4
+  - VAULT_VERSION=0.9.6
   - VAULT_VERSION=0.8.3
   - VAULT_VERSION=0.7.3
   - VAULT_VERSION=0.6.5

data/README.md

@@ -117,7 +117,9 @@ For advanced users, the first argument of the block is the attempt number and th
 
 ```ruby
 Vault.with_retries(Vault::HTTPConnectionError, Vault::HTTPError) do |attempt, e|
-  log "Received exception #{e} from Vault - attempt #{attempt}"
+  if e
+    log "Received exception #{e} from Vault - attempt #{attempt}"
+  end
   Vault.logical.read("secret/bacon")
 end
 ```

data/lib/vault/api.rb

@@ -5,6 +5,7 @@ module Vault
     require_relative "api/auth_tls"
     require_relative "api/auth"
     require_relative "api/help"
+    require_relative "api/kv"
     require_relative "api/logical"
     require_relative "api/secret"
     require_relative "api/sys"

data/lib/vault/api/kv.rb

@@ -0,0 +1,207 @@
+require_relative "secret"
+require_relative "../client"
+require_relative "../request"
+require_relative "../response"
+
+module Vault
+  class Client
+    # A proxy to the {KV} methods.
+    # @return [KV]
+    def kv(mount)
+      KV.new(self, mount)
+    end
+  end
+
+  class KV < Request
+    attr_reader :mount
+
+    def initialize(client, mount)
+      super client
+
+      @mount = mount
+    end
+
+    # List the names of secrets at the given path, if the path supports
+    # listing. If the the path does not exist, an empty array will be returned.
+    #
+    # @example
+    #   Vault.kv("secret").list("foo") #=> ["bar", "baz"]
+    #
+    # @param [String] path
+    #   the path to list
+    #
+    # @return [Array<String>]
+    def list(path = "", options = {})
+      headers = extract_headers!(options)
+      json = client.list("/v1/#{mount}/metadata/#{encode_path(path)}", {}, headers)
+      json[:data][:keys] || []
+    rescue HTTPError => e
+      return [] if e.code == 404
+      raise
+    end
+
+    # Read the secret at the given path. If the secret does not exist, +nil+
+    # will be returned. The latest version is returned by default, but you
+    # can request a specific version.
+    #
+    # @example
+    #   Vault.kv("secret").read("password") #=> #<Vault::Secret lease_id="">
+    #
+    # @param [String] path
+    #   the path to read
+    # @param [Integer] version
+    #   the version of the secret
+    #
+    # @return [Secret, nil]
+    def read(path, version = nil, options = {})
+      headers = extract_headers!(options)
+      params  = {}
+      params[:version] = version unless version.nil?
+
+      json = client.get("/v1/#{mount}/data/#{encode_path(path)}", params, headers)
+      return Secret.decode(json[:data])
+    rescue HTTPError => e
+      return nil if e.code == 404
+      raise
+    end
+
+    # Read the metadata of a secret at the given path. If the secret does not
+    # exist, nil will be returned.
+    #
+    # @example
+    #    Vault.kv("secret").read_metadata("password") => {...}
+    #
+    # @param [String] path
+    #   the path to read
+    #
+    # @return [Hash, nil]
+    def read_metadata(path)
+      client.get("/v1/#{mount}/metadata/#{encode_path(path)}")[:data]
+    rescue HTTPError => e
+      return nil if e.code == 404
+      raise
+    end
+
+    # Write the secret at the given path with the given data. Note that the
+    # data must be a {Hash}!
+    #
+    # @example
+    #   Vault.logical.write("secret/password", value: "secret") #=> #<Vault::Secret lease_id="">
+    #
+    # @param [String] path
+    #   the path to write
+    # @param [Hash] data
+    #   the data to write
+    #
+    # @return [Secret]
+    def write(path, data = {}, options = {})
+      headers = extract_headers!(options)
+      json = client.post("/v1/#{mount}/data/#{encode_path(path)}", JSON.fast_generate(:data => data), headers)
+      if json.nil?
+        return true
+      else
+        return Secret.decode(json)
+      end
+    end
+
+    # Write the metadata of a secret at the given path. Note that teh data must
+    # be a {Hash}.
+    #
+    # @example
+    #    Vault.kv("secret").write_metadata("password", max_versions => 3)
+    #
+    # @param [String] path
+    #   the path to write
+    # @param [Hash] metadata
+    #    the metadata to write
+    #
+    # @return [true]
+    def write_metadata(path, metadata = {})
+      client.post("/v1/#{mount}/metadata/#{encode_path(path)}", JSON.fast_generate(metadata))
+
+      true
+    end
+
+    # Delete the secret at the given path. If the secret does not exist, vault
+    # will still return true.
+    #
+    # @example
+    #   Vault.logical.delete("secret/password") #=> true
+    #
+    # @param [String] path
+    #   the path to delete
+    #
+    # @return [true]
+    def delete(path)
+      client.delete("/v1/#{mount}/data/#{encode_path(path)}")
+
+      true
+    end
+
+    # Mark specific versions of a secret as deleted.
+    #
+    # @example
+    #   Vault.kv("secret").delete_versions("password", [1, 2])
+    #
+    # @param [String] path
+    #   the path to remove versions from
+    # @param [Array<Integer>] versions
+    #   an array of versions to remove
+    #
+    # @return [true]
+    def delete_versions(path, versions)
+      client.post("/v1/#{mount}/delete/#{encode_path(path)}", JSON.fast_generate(versions: versions))
+
+      true
+    end
+
+    # Mark specific versions of a secret as active.
+    #
+    # @example
+    #   Vault.kv("secret").undelete_versions("password", [1, 2])
+    #
+    # @param [String] path
+    #   the path to enable versions for
+    # @param [Array<Integer>] versions
+    #   an array of versions to mark as undeleted
+    #
+    # @return [true]
+    def undelete_versions(path, versions)
+      client.post("/v1/#{mount}/undelete/#{encode_path(path)}", JSON.fast_generate(versions: versions))
+
+      true
+    end
+
+    # Completely remove a secret and its metadata.
+    #
+    # @example
+    #   Vault.kv("secret").destroy("password")
+    #
+    # @param [String] path
+    #   the path to remove
+    #
+    # @return [true]
+    def destroy(path)
+      client.delete("/v1/#{mount}/metadata/#{encode_path(path)}")
+
+      true
+    end
+
+    # Completely remove specific versions of a secret.
+    #
+    # @example
+    #   Vault.kv("secret").destroy_versions("password", [1, 2])
+    #
+    # @param [String] path
+    #   the path to remove versions from
+    # @param [Array<Integer>] versions
+    #   an array of versions to destroy
+    #
+    # @return [true]
+    def destroy_versions(path, versions)
+      client.post("/v1/#{mount}/destroy/#{encode_path(path)}", JSON.fast_generate(versions: versions))
+
+      true
+    end
+  end
+end

data/lib/vault/api/secret.rb

@@ -32,6 +32,18 @@ module Vault
     #   @return [Hash<Symbol, Object>]
     field :data, freeze: true
 
+    # @!attribute [r] metadata
+    #   Read-only metadata information related to the secret.
+    #
+    #   @example Reading metadata
+    #     secret = Vault.logical(:versioned).read("secret", "foo")
+    #     secret.metadata[:created_time] #=> "2018-12-08T04:22:54.168065Z"
+    #     secret.metadata[:version]      #=> 1
+    #     secret.metadata[:destroyed]    #=> false
+    #
+    #   @return [Hash<Symbol, Object>]
+    field :metadata, freeze: true
+
     # @!attribute [r] lease_duration
     #   The number of seconds this lease is valid. If this number is 0 or nil,
     #   the secret does not expire.

data/lib/vault/api/sys/mount.rb

@@ -44,8 +44,8 @@ module Vault
     #   the type of mount
     # @param [String] description
     #   a human-friendly description (optional)
-    def mount(path, type, description = nil)
-      payload = { type: type }
+    def mount(path, type, description = nil, options = {})
+      payload = options.merge type: type
       payload[:description] = description if !description.nil?
 
       client.post("/v1/sys/mounts/#{encode_path(path)}", JSON.fast_generate(payload))

data/lib/vault/version.rb

@@ -1,3 +1,3 @@
 module Vault
-  VERSION = "0.12.0"
+  VERSION = "0.13.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: vault
 version: !ruby/object:Gem::Version
-  version: 0.12.0
+  version: 0.13.0
 platform: ruby
 authors:
 - Seth Vargo
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-08-14 00:00:00.000000000 Z
+date: 2019-10-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
@@ -130,6 +130,7 @@ files:
 - lib/vault/api/auth_tls.rb
 - lib/vault/api/auth_token.rb
 - lib/vault/api/help.rb
+- lib/vault/api/kv.rb
 - lib/vault/api/logical.rb
 - lib/vault/api/secret.rb
 - lib/vault/api/sys.rb
@@ -178,7 +179,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.14
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Vault is a Ruby API client for interacting with a Vault server.