vault 0.17.0 → 0.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/LICENSE +2 -0
- data/lib/vault/api/approle.rb +3 -0
- data/lib/vault/api/auth.rb +4 -1
- data/lib/vault/api/auth_tls.rb +3 -0
- data/lib/vault/api/auth_token.rb +3 -0
- data/lib/vault/api/help.rb +3 -0
- data/lib/vault/api/kv.rb +3 -0
- data/lib/vault/api/logical.rb +3 -0
- data/lib/vault/api/secret.rb +3 -0
- data/lib/vault/api/sys/audit.rb +3 -0
- data/lib/vault/api/sys/auth.rb +3 -0
- data/lib/vault/api/sys/health.rb +3 -0
- data/lib/vault/api/sys/init.rb +3 -0
- data/lib/vault/api/sys/leader.rb +3 -0
- data/lib/vault/api/sys/lease.rb +3 -0
- data/lib/vault/api/sys/mount.rb +3 -0
- data/lib/vault/api/sys/namespace.rb +3 -0
- data/lib/vault/api/sys/policy.rb +3 -0
- data/lib/vault/api/sys/quota.rb +3 -0
- data/lib/vault/api/sys/seal.rb +3 -0
- data/lib/vault/api/sys.rb +3 -0
- data/lib/vault/api/transform/alphabet.rb +3 -0
- data/lib/vault/api/transform/role.rb +3 -0
- data/lib/vault/api/transform/template.rb +3 -0
- data/lib/vault/api/transform/transformation.rb +3 -0
- data/lib/vault/api/transform.rb +3 -0
- data/lib/vault/api.rb +3 -0
- data/lib/vault/client.rb +18 -22
- data/lib/vault/configurable.rb +3 -0
- data/lib/vault/defaults.rb +3 -0
- data/lib/vault/encode.rb +3 -0
- data/lib/vault/errors.rb +3 -0
- data/lib/vault/persistent/connection.rb +3 -0
- data/lib/vault/persistent/pool.rb +3 -0
- data/lib/vault/persistent/timed_stack_multi.rb +3 -0
- data/lib/vault/persistent.rb +22 -22
- data/lib/vault/request.rb +3 -0
- data/lib/vault/response.rb +3 -0
- data/lib/vault/vendor/connection_pool/timed_stack.rb +3 -0
- data/lib/vault/vendor/connection_pool/version.rb +3 -0
- data/lib/vault/vendor/connection_pool.rb +3 -0
- data/lib/vault/version.rb +4 -1
- data/lib/vault.rb +3 -0
- metadata +21 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 111fe5b36f83c0d507ec99a0fda7a8cb7a483136f29a0a709dececfa0f1965ed
|
|
4
|
+
data.tar.gz: 970b448a78d140f8ebaf289bf597ca47ebc25516a189fe1d615ed47d2a8fa671
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 87854275263cc1e88d21be3e2e5eb9ed4d9fa3d61429df0901d1ed278c64ae667a92ffff95789766ee73fb7d132021125bcf6d7de63840c124d5dfe143c89838
|
|
7
|
+
data.tar.gz: b18967dd085a2e02c2de9d0a7d8570d61069324dd17af21b9b7f2bec0a5382233cc75a534b39acf926947bc9cd4a85ab0b8c7207528961c70e0ee34e277c1ae4
|
data/CHANGELOG.md
CHANGED
data/LICENSE
CHANGED
data/lib/vault/api/approle.rb
CHANGED
data/lib/vault/api/auth.rb
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
# Copyright (c) HashiCorp, Inc.
|
|
2
|
+
# SPDX-License-Identifier: MPL-2.0
|
|
3
|
+
|
|
1
4
|
require "json"
|
|
2
5
|
|
|
3
6
|
require_relative "secret"
|
|
@@ -313,7 +316,7 @@ module Vault
|
|
|
313
316
|
#
|
|
314
317
|
# @return [String] aws region
|
|
315
318
|
def region_from_sts_endpoint(sts_endpoint)
|
|
316
|
-
valid_sts_endpoint = %r{https:\/\/sts\.?(.*)
|
|
319
|
+
valid_sts_endpoint = %r{https:\/\/sts\.?(.*)\.amazonaws\.com}.match(sts_endpoint)
|
|
317
320
|
raise "Unable to parse STS endpoint #{sts_endpoint}" unless valid_sts_endpoint
|
|
318
321
|
valid_sts_endpoint[1].empty? ? 'us-east-1' : valid_sts_endpoint[1]
|
|
319
322
|
end
|
data/lib/vault/api/auth_tls.rb
CHANGED
data/lib/vault/api/auth_token.rb
CHANGED
data/lib/vault/api/help.rb
CHANGED
data/lib/vault/api/kv.rb
CHANGED
data/lib/vault/api/logical.rb
CHANGED
data/lib/vault/api/secret.rb
CHANGED
data/lib/vault/api/sys/audit.rb
CHANGED
data/lib/vault/api/sys/auth.rb
CHANGED
data/lib/vault/api/sys/health.rb
CHANGED
data/lib/vault/api/sys/init.rb
CHANGED
data/lib/vault/api/sys/leader.rb
CHANGED
data/lib/vault/api/sys/lease.rb
CHANGED
data/lib/vault/api/sys/mount.rb
CHANGED
data/lib/vault/api/sys/policy.rb
CHANGED
data/lib/vault/api/sys/quota.rb
CHANGED
data/lib/vault/api/sys/seal.rb
CHANGED
data/lib/vault/api/sys.rb
CHANGED
data/lib/vault/api/transform.rb
CHANGED
data/lib/vault/api.rb
CHANGED
data/lib/vault/client.rb
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
# Copyright (c) HashiCorp, Inc.
|
|
2
|
+
# SPDX-License-Identifier: MPL-2.0
|
|
3
|
+
|
|
1
4
|
require "cgi"
|
|
2
5
|
require "json"
|
|
3
6
|
require "uri"
|
|
@@ -45,6 +48,7 @@ module Vault
|
|
|
45
48
|
|
|
46
49
|
# Failed to reach the server (aka bad URL)
|
|
47
50
|
a << Errno::ECONNREFUSED
|
|
51
|
+
a << Errno::EADDRNOTAVAIL
|
|
48
52
|
|
|
49
53
|
# Failed to read body or no response body given
|
|
50
54
|
a << EOFError
|
|
@@ -60,11 +64,6 @@ module Vault
|
|
|
60
64
|
a << PersistentHTTP::Error
|
|
61
65
|
end.freeze
|
|
62
66
|
|
|
63
|
-
# Indicates a requested operation is not possible due to security
|
|
64
|
-
# concerns.
|
|
65
|
-
class SecurityError < RuntimeError
|
|
66
|
-
end
|
|
67
|
-
|
|
68
67
|
include Vault::Configurable
|
|
69
68
|
|
|
70
69
|
# Create a new Client with the given options. Any options given take
|
|
@@ -113,8 +112,8 @@ module Vault
|
|
|
113
112
|
|
|
114
113
|
@nhp.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
|
115
114
|
|
|
116
|
-
# Vault requires TLS1.2
|
|
117
|
-
@nhp.
|
|
115
|
+
# Vault requires at least TLS1.2
|
|
116
|
+
@nhp.min_version = OpenSSL::SSL::TLS1_2_VERSION
|
|
118
117
|
|
|
119
118
|
# Only use secure ciphers
|
|
120
119
|
@nhp.ciphers = ssl_ciphers
|
|
@@ -245,10 +244,6 @@ module Vault
|
|
|
245
244
|
request.basic_auth uri.user, uri.password
|
|
246
245
|
end
|
|
247
246
|
|
|
248
|
-
if proxy_address and uri.scheme.downcase == "https"
|
|
249
|
-
raise SecurityError, "no direct https connection to vault"
|
|
250
|
-
end
|
|
251
|
-
|
|
252
247
|
# Get a list of headers
|
|
253
248
|
headers = DEFAULT_HEADERS.merge(headers)
|
|
254
249
|
|
|
@@ -387,19 +382,20 @@ module Vault
|
|
|
387
382
|
# the response object from the request
|
|
388
383
|
def error(response)
|
|
389
384
|
if response.body && response.body.match("missing client token")
|
|
390
|
-
|
|
391
|
-
end
|
|
392
|
-
|
|
393
|
-
# Use the correct exception class
|
|
394
|
-
case response
|
|
395
|
-
when Net::HTTPPreconditionFailed
|
|
396
|
-
raise MissingRequiredStateError.new
|
|
397
|
-
when Net::HTTPClientError
|
|
385
|
+
# Vault 1.10+ no longer returns "missing" client token" so we use HTTPClientError
|
|
398
386
|
klass = HTTPClientError
|
|
399
|
-
when Net::HTTPServerError
|
|
400
|
-
klass = HTTPServerError
|
|
401
387
|
else
|
|
402
|
-
|
|
388
|
+
# Use the correct exception class
|
|
389
|
+
case response
|
|
390
|
+
when Net::HTTPPreconditionFailed
|
|
391
|
+
raise MissingRequiredStateError.new
|
|
392
|
+
when Net::HTTPClientError
|
|
393
|
+
klass = HTTPClientError
|
|
394
|
+
when Net::HTTPServerError
|
|
395
|
+
klass = HTTPServerError
|
|
396
|
+
else
|
|
397
|
+
klass = HTTPError
|
|
398
|
+
end
|
|
403
399
|
end
|
|
404
400
|
|
|
405
401
|
if (response.content_type || '').include?("json")
|
data/lib/vault/configurable.rb
CHANGED
data/lib/vault/defaults.rb
CHANGED
data/lib/vault/encode.rb
CHANGED
data/lib/vault/errors.rb
CHANGED
data/lib/vault/persistent.rb
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
# Copyright (c) HashiCorp, Inc.
|
|
2
|
+
# SPDX-License-Identifier: MPL-2.0
|
|
3
|
+
|
|
1
4
|
# Vendored and modified from github.com/drbrain/net-http-persistent
|
|
2
5
|
#
|
|
3
6
|
require 'net/http'
|
|
@@ -71,11 +74,11 @@ autoload :OpenSSL, 'openssl'
|
|
|
71
74
|
# #ca_path :: Directory with certificate-authorities
|
|
72
75
|
# #cert_store :: An SSL certificate store
|
|
73
76
|
# #ciphers :: List of SSl ciphers allowed
|
|
77
|
+
# #min_version :: Minimum SSL version to use
|
|
74
78
|
# #private_key :: The client's SSL private key
|
|
75
79
|
# #reuse_ssl_sessions :: Reuse a previously opened SSL session for a new
|
|
76
80
|
# connection
|
|
77
81
|
# #ssl_timeout :: SSL session lifetime
|
|
78
|
-
# #ssl_version :: Which specific SSL version to use
|
|
79
82
|
# #verify_callback :: For server certificate verification
|
|
80
83
|
# #verify_depth :: Depth of certificate verification
|
|
81
84
|
# #verify_mode :: How connections should be verified
|
|
@@ -364,6 +367,11 @@ class PersistentHTTP
|
|
|
364
367
|
|
|
365
368
|
attr_reader :name
|
|
366
369
|
|
|
370
|
+
##
|
|
371
|
+
# Minimum SSL version to use.
|
|
372
|
+
|
|
373
|
+
attr_reader :min_version
|
|
374
|
+
|
|
367
375
|
##
|
|
368
376
|
# Seconds to wait until a connection is opened. See Net::HTTP#open_timeout
|
|
369
377
|
|
|
@@ -434,14 +442,6 @@ class PersistentHTTP
|
|
|
434
442
|
|
|
435
443
|
attr_reader :ssl_timeout
|
|
436
444
|
|
|
437
|
-
##
|
|
438
|
-
# SSL version to use.
|
|
439
|
-
#
|
|
440
|
-
# By default, the version will be negotiated automatically between client
|
|
441
|
-
# and server. Ruby 1.9 and newer only.
|
|
442
|
-
|
|
443
|
-
attr_reader :ssl_version
|
|
444
|
-
|
|
445
445
|
##
|
|
446
446
|
# Where this instance's last-use times live in the thread local variables
|
|
447
447
|
|
|
@@ -528,9 +528,9 @@ class PersistentHTTP
|
|
|
528
528
|
@ca_file = nil
|
|
529
529
|
@ca_path = nil
|
|
530
530
|
@ciphers = nil
|
|
531
|
+
@min_version = nil
|
|
531
532
|
@private_key = nil
|
|
532
533
|
@ssl_timeout = nil
|
|
533
|
-
@ssl_version = nil
|
|
534
534
|
@verify_callback = nil
|
|
535
535
|
@verify_depth = nil
|
|
536
536
|
@verify_mode = nil
|
|
@@ -603,10 +603,10 @@ class PersistentHTTP
|
|
|
603
603
|
def connection_for uri
|
|
604
604
|
use_ssl = uri.scheme.downcase == 'https'
|
|
605
605
|
|
|
606
|
-
net_http_args = [uri.
|
|
606
|
+
net_http_args = [uri.hostname, uri.port]
|
|
607
607
|
|
|
608
608
|
net_http_args.concat @proxy_args if
|
|
609
|
-
@proxy_uri and not proxy_bypass? uri.
|
|
609
|
+
@proxy_uri and not proxy_bypass? uri.hostname, uri.port
|
|
610
610
|
|
|
611
611
|
connection = @pool.checkout net_http_args
|
|
612
612
|
|
|
@@ -715,7 +715,7 @@ class PersistentHTTP
|
|
|
715
715
|
# Returns the HTTP protocol version for +uri+
|
|
716
716
|
|
|
717
717
|
def http_version uri
|
|
718
|
-
@http_versions["#{uri.
|
|
718
|
+
@http_versions["#{uri.hostname}:#{uri.port}"]
|
|
719
719
|
end
|
|
720
720
|
|
|
721
721
|
##
|
|
@@ -798,7 +798,7 @@ class PersistentHTTP
|
|
|
798
798
|
|
|
799
799
|
if @proxy_uri then
|
|
800
800
|
@proxy_args = [
|
|
801
|
-
@proxy_uri.
|
|
801
|
+
@proxy_uri.hostname,
|
|
802
802
|
@proxy_uri.port,
|
|
803
803
|
unescape(@proxy_uri.user),
|
|
804
804
|
unescape(@proxy_uri.password),
|
|
@@ -973,7 +973,7 @@ class PersistentHTTP
|
|
|
973
973
|
end
|
|
974
974
|
end
|
|
975
975
|
|
|
976
|
-
@http_versions["#{uri.
|
|
976
|
+
@http_versions["#{uri.hostname}:#{uri.port}"] ||= response.http_version
|
|
977
977
|
|
|
978
978
|
response
|
|
979
979
|
end
|
|
@@ -1043,8 +1043,8 @@ class PersistentHTTP
|
|
|
1043
1043
|
connection.use_ssl = true
|
|
1044
1044
|
|
|
1045
1045
|
connection.ciphers = @ciphers if @ciphers
|
|
1046
|
+
connection.min_version = @min_version if @min_version
|
|
1046
1047
|
connection.ssl_timeout = @ssl_timeout if @ssl_timeout
|
|
1047
|
-
connection.ssl_version = @ssl_version if @ssl_version
|
|
1048
1048
|
|
|
1049
1049
|
connection.verify_depth = @verify_depth
|
|
1050
1050
|
connection.verify_mode = @verify_mode
|
|
@@ -1098,19 +1098,19 @@ application:
|
|
|
1098
1098
|
end
|
|
1099
1099
|
|
|
1100
1100
|
##
|
|
1101
|
-
# SSL
|
|
1101
|
+
# Minimum SSL version to use
|
|
1102
1102
|
|
|
1103
|
-
def
|
|
1104
|
-
@
|
|
1103
|
+
def min_version= min_version
|
|
1104
|
+
@min_version = min_version
|
|
1105
1105
|
|
|
1106
1106
|
reconnect_ssl
|
|
1107
1107
|
end
|
|
1108
1108
|
|
|
1109
1109
|
##
|
|
1110
|
-
# SSL
|
|
1110
|
+
# SSL session lifetime
|
|
1111
1111
|
|
|
1112
|
-
def
|
|
1113
|
-
@
|
|
1112
|
+
def ssl_timeout= ssl_timeout
|
|
1113
|
+
@ssl_timeout = ssl_timeout
|
|
1114
1114
|
|
|
1115
1115
|
reconnect_ssl
|
|
1116
1116
|
end
|
data/lib/vault/request.rb
CHANGED
data/lib/vault/response.rb
CHANGED
data/lib/vault/version.rb
CHANGED
data/lib/vault.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: vault
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.18.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Seth Vargo
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-09-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sigv4
|
|
@@ -108,9 +108,23 @@ dependencies:
|
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
110
|
version: 3.8.3
|
|
111
|
+
- !ruby/object:Gem::Dependency
|
|
112
|
+
name: webrick
|
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
|
114
|
+
requirements:
|
|
115
|
+
- - "~>"
|
|
116
|
+
- !ruby/object:Gem::Version
|
|
117
|
+
version: '1.5'
|
|
118
|
+
type: :development
|
|
119
|
+
prerelease: false
|
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
+
requirements:
|
|
122
|
+
- - "~>"
|
|
123
|
+
- !ruby/object:Gem::Version
|
|
124
|
+
version: '1.5'
|
|
111
125
|
description: Vault is a Ruby API client for interacting with a Vault server.
|
|
112
126
|
email:
|
|
113
|
-
-
|
|
127
|
+
- team-vault-devex@hashicorp.com
|
|
114
128
|
executables: []
|
|
115
129
|
extensions: []
|
|
116
130
|
extra_rdoc_files: []
|
|
@@ -164,7 +178,7 @@ homepage: https://github.com/hashicorp/vault-ruby
|
|
|
164
178
|
licenses:
|
|
165
179
|
- MPL-2.0
|
|
166
180
|
metadata: {}
|
|
167
|
-
post_install_message:
|
|
181
|
+
post_install_message:
|
|
168
182
|
rdoc_options: []
|
|
169
183
|
require_paths:
|
|
170
184
|
- lib
|
|
@@ -179,8 +193,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
179
193
|
- !ruby/object:Gem::Version
|
|
180
194
|
version: '0'
|
|
181
195
|
requirements: []
|
|
182
|
-
rubygems_version: 3.
|
|
183
|
-
signing_key:
|
|
196
|
+
rubygems_version: 3.4.10
|
|
197
|
+
signing_key:
|
|
184
198
|
specification_version: 4
|
|
185
199
|
summary: Vault is a Ruby API client for interacting with a Vault server.
|
|
186
200
|
test_files: []
|