vault 0.3.0 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f44b1c7408f1606c17e1b1aea67b3547aae80873
4
- data.tar.gz: f908452ae3a2117b1b12c5305921f59242ef89ce
3
+ metadata.gz: c591681b73cba4f23a6c399ce65ecb232be4c8bb
4
+ data.tar.gz: 7f01da9d58aae383b63dd8bc666db5ca7e2181d8
5
5
  SHA512:
6
- metadata.gz: 00352ca38411b6340b145dfad3bbe8c1f6d49535fbf169717ee60c37198e07e229e56b1f4b1e30fe907d5d542cfe7656ad3386570e2d2894d922935416ce6b0e
7
- data.tar.gz: 5a4d53a45ee70b529d03e77fa3e73adabd2e538c3b18aa4547a1d0f78f733cea6337940b70105952b9067df7b9e5d40327bdef45b6b6b5b933eead0e59a46381
6
+ metadata.gz: 1efa7198ad5a0713ba37826978cd417ac6de66da5023d220890b092c8758af7fb9a7a494ea9db685e1e21011e4f62fc4379c42b50f0d3fa6992a68d57ad8a319
7
+ data.tar.gz: 415e4410e7f5ba98827996d47ad10ef8f81caa12dd0a213698b019306717bfb08694a2ea598428a72629c3c6180739a49f6541c9553f3355f33391efcd6adc73
data/.travis.yml CHANGED
@@ -3,7 +3,7 @@ cache: bundler
3
3
  sudo: false
4
4
 
5
5
  before_install: |-
6
- wget -O vault.zip -q https://releases.hashicorp.com/vault/0.5.0-rc1/vault_0.5.0-rc1_linux_amd64.zip
6
+ wget -O vault.zip -q https://releases.hashicorp.com/vault/0.5.2/vault_0.5.2_linux_amd64.zip
7
7
  unzip vault.zip
8
8
  mkdir ~/bin
9
9
  mv vault ~/bin
data/CHANGELOG.md CHANGED
@@ -1,8 +1,21 @@
1
1
  # Vault Ruby Changelog
2
2
 
3
- ## v0.3.0.dev (Unreleased)
3
+ ## v0.4.0 (March 31, 2016)
4
4
 
5
+ NEW FEATURES
6
+
7
+ - Add LDAP authentication method [GH-61]
8
+ - Add GitHub authentication method [GH-37]
9
+ - Add `create_orphan` method [GH-65]
10
+ - Add `lookup` and `lookup_self` for tokens
11
+ - Accept `VAULT_SKIP_VERIFY` environment variable [GH-66]
12
+
13
+ BUG FIXES
5
14
 
15
+ - Prefer `VAULT_TOKEN` environment variable over disk to mirror Vault's own
16
+ behavior [GH-98]
17
+ - Do not duplicate query parameters on HEAD/GET requests [GH-62]
18
+ - Yield exception in `with_retries` [GH-68]
6
19
 
7
20
  ## v0.3.0 (February 16, 2016)
8
21
 
data/README.md CHANGED
@@ -68,7 +68,7 @@ Vault.configure do |config|
68
68
  end
69
69
  ```
70
70
 
71
- If you do not want the Vault singleton, of if you need to communicate with multiple Vault servers at once, you can create indepenent client objects:
71
+ If you do not want the Vault singleton, or if you need to communicate with multiple Vault servers at once, you can create independent client objects:
72
72
 
73
73
  ```ruby
74
74
  client_1 = Vault::Client.new(address: "https://vault.mycompany.com")
@@ -98,5 +98,45 @@ module Vault
98
98
  client.token = secret.auth.client_token
99
99
  return secret
100
100
  end
101
+
102
+ # Authenticate via the "ldap" authentication method. If authentication
103
+ # is successful, the resulting token will be stored on the client and used
104
+ # for future requests.
105
+ #
106
+ # @example
107
+ # Vault.auth.ldap("sethvargo", "s3kr3t") #=> #<Vault::Secret lease_id="">
108
+ #
109
+ # @param [String] username
110
+ # @param [String] password
111
+ # @param [Hash] options
112
+ # additional options to pass to the authentication call, such as a custom
113
+ # mount point
114
+ #
115
+ # @return [Secret]
116
+ def ldap(username, password, options = {})
117
+ payload = { password: password }.merge(options)
118
+ json = client.post("/v1/auth/ldap/login/#{CGI.escape(username)}", JSON.fast_generate(payload))
119
+ secret = Secret.decode(json)
120
+ client.token = secret.auth.client_token
121
+ return secret
122
+ end
123
+
124
+ # Authenticate via the GitHub authentication method. If authentication is
125
+ # successful, the resulting token will be stored on the client and used
126
+ # for future requests.
127
+ #
128
+ # @example
129
+ # Vault.auth.github("mypersonalgithubtoken") #=> #<Vault::Secret lease_id="">
130
+ #
131
+ # @param [String] github_token
132
+ #
133
+ # @return [Secret]
134
+ def github(github_token)
135
+ payload = {token: github_token}
136
+ json = client.post("/v1/auth/github/login", JSON.fast_generate(payload))
137
+ secret = Secret.decode(json)
138
+ client.token = secret.auth.client_token
139
+ return secret
140
+ end
101
141
  end
102
142
  end
@@ -28,6 +28,43 @@ module Vault
28
28
  return Secret.decode(json)
29
29
  end
30
30
 
31
+ # Create an orphaned authentication token.
32
+ #
33
+ # @example
34
+ # Vault.auth_token.create_orphan #=> #<Vault::Secret lease_id="">
35
+ #
36
+ # @param [Hash] options
37
+ #
38
+ # @return [Secret]
39
+ def create_orphan(options = {})
40
+ json = client.post("/v1/auth/token/create-orphan", JSON.fast_generate(options))
41
+ return Secret.decode(json)
42
+ end
43
+
44
+ # Lookup information about the current token.
45
+ #
46
+ # @example
47
+ # Vault.auth_token.lookup_self("abcd-...") #=> #<Vault::Secret lease_id="">
48
+ #
49
+ # @param [String] token
50
+ #
51
+ # @return [Secret]
52
+ def lookup(token)
53
+ json = client.get("/v1/auth/token/lookup/#{CGI.escape(token)}")
54
+ return Secret.decode(json)
55
+ end
56
+
57
+ # Lookup information about the given token.
58
+ #
59
+ # @example
60
+ # Vault.auth_token.lookup_self #=> #<Vault::Secret lease_id="">
61
+ #
62
+ # @return [Secret]
63
+ def lookup_self
64
+ json = client.get("/v1/auth/token/lookup-self")
65
+ return Secret.decode(json)
66
+ end
67
+
31
68
  # Renew the given authentication token.
32
69
  #
33
70
  # @example
data/lib/vault/client.rb CHANGED
@@ -217,6 +217,11 @@ module Vault
217
217
 
218
218
  case response
219
219
  when Net::HTTPRedirection
220
+ # On a redirect of a GET or HEAD request, the URL already contains
221
+ # the data as query string parameters.
222
+ if [:head, :get].include?(verb)
223
+ data = {}
224
+ end
220
225
  request(verb, response[LOCATION_HEADER], data, headers)
221
226
  when Net::HTTPSuccess
222
227
  success(response)
@@ -353,7 +358,7 @@ module Vault
353
358
  backoff_max = options[:max_wait] || Defaults::RETRY_MAX_WAIT
354
359
 
355
360
  begin
356
- return yield retries
361
+ return yield retries, exception
357
362
  rescue *rescued => e
358
363
  exception = e
359
364
 
@@ -42,11 +42,15 @@ module Vault
42
42
  # The vault token to use for authentiation.
43
43
  # @return [String, nil]
44
44
  def token
45
+ if !ENV["VAULT_TOKEN"].nil?
46
+ return ENV["VAULT_TOKEN"]
47
+ end
48
+
45
49
  if VAULT_DISK_TOKEN.exist? && VAULT_DISK_TOKEN.readable?
46
- VAULT_DISK_TOKEN.read
47
- else
48
- ENV["VAULT_TOKEN"]
50
+ return VAULT_DISK_TOKEN.read
49
51
  end
52
+
53
+ nil
50
54
  end
51
55
 
52
56
  # The number of seconds to wait when trying to open a connection before
@@ -122,6 +126,11 @@ module Vault
122
126
  # Verify SSL requests (default: true)
123
127
  # @return [true, false]
124
128
  def ssl_verify
129
+ # Vault CLI uses this envvar, so accept it by precedence
130
+ if !ENV["VAULT_SKIP_VERIFY"].nil?
131
+ return true
132
+ end
133
+
125
134
  if ENV["VAULT_SSL_VERIFY"].nil?
126
135
  true
127
136
  else
data/lib/vault/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Vault
2
- VERSION = "0.3.0"
2
+ VERSION = "0.4.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Seth Vargo
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-02-16 00:00:00.000000000 Z
11
+ date: 2016-03-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler