vault_ruby_client 0.18.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. checksums.yaml +7 -0
  2. data/CHANGELOG.md +287 -0
  3. data/LICENSE +364 -0
  4. data/README.md +223 -0
  5. data/lib/vault/api/approle.rb +221 -0
  6. data/lib/vault/api/auth.rb +324 -0
  7. data/lib/vault/api/auth_tls.rb +95 -0
  8. data/lib/vault/api/auth_token.rb +245 -0
  9. data/lib/vault/api/help.rb +36 -0
  10. data/lib/vault/api/kv.rb +230 -0
  11. data/lib/vault/api/logical.rb +153 -0
  12. data/lib/vault/api/secret.rb +171 -0
  13. data/lib/vault/api/sys/audit.rb +94 -0
  14. data/lib/vault/api/sys/auth.rb +119 -0
  15. data/lib/vault/api/sys/health.rb +66 -0
  16. data/lib/vault/api/sys/init.rb +86 -0
  17. data/lib/vault/api/sys/leader.rb +51 -0
  18. data/lib/vault/api/sys/lease.rb +52 -0
  19. data/lib/vault/api/sys/mount.rb +165 -0
  20. data/lib/vault/api/sys/namespace.rb +86 -0
  21. data/lib/vault/api/sys/policy.rb +95 -0
  22. data/lib/vault/api/sys/quota.rb +110 -0
  23. data/lib/vault/api/sys/seal.rb +84 -0
  24. data/lib/vault/api/sys.rb +30 -0
  25. data/lib/vault/api/transform/alphabet.rb +46 -0
  26. data/lib/vault/api/transform/role.rb +45 -0
  27. data/lib/vault/api/transform/template.rb +57 -0
  28. data/lib/vault/api/transform/transformation.rb +64 -0
  29. data/lib/vault/api/transform.rb +32 -0
  30. data/lib/vault/api.rb +17 -0
  31. data/lib/vault/client.rb +460 -0
  32. data/lib/vault/configurable.rb +53 -0
  33. data/lib/vault/defaults.rb +218 -0
  34. data/lib/vault/encode.rb +22 -0
  35. data/lib/vault/errors.rb +87 -0
  36. data/lib/vault/persistent/connection.rb +45 -0
  37. data/lib/vault/persistent/pool.rb +51 -0
  38. data/lib/vault/persistent/timed_stack_multi.rb +73 -0
  39. data/lib/vault/persistent.rb +1161 -0
  40. data/lib/vault/request.rb +47 -0
  41. data/lib/vault/response.rb +92 -0
  42. data/lib/vault/vendor/connection_pool/timed_stack.rb +181 -0
  43. data/lib/vault/vendor/connection_pool/version.rb +8 -0
  44. data/lib/vault/vendor/connection_pool.rb +153 -0
  45. data/lib/vault/version.rb +6 -0
  46. data/lib/vault_ruby_client.rb +53 -0
  47. metadata +158 -0
@@ -0,0 +1,95 @@
1
+ # Copyright (c) HashiCorp, Inc.
2
+ # SPDX-License-Identifier: MPL-2.0
3
+
4
+ require "json"
5
+
6
+ module Vault
7
+ class Policy < Response
8
+ # @!attribute [r] name
9
+ # Name of the policy.
10
+ #
11
+ # @example Get the name of the policy
12
+ # policy.name #=> "default"
13
+ #
14
+ # @return [String]
15
+ field :name
16
+
17
+ # @!attribute [r] rules
18
+ # Raw HCL policy.
19
+ #
20
+ # @example Display the list of rules
21
+ # policy.rules #=> "path \"secret/foo\" {}"
22
+ #
23
+ # @return [String]
24
+ field :rules
25
+ end
26
+
27
+ class Sys
28
+ # The list of policies in vault.
29
+ #
30
+ # @example
31
+ # Vault.sys.policies #=> ["root"]
32
+ #
33
+ # @return [Array<String>]
34
+ def policies
35
+ client.get("/v1/sys/policy")[:policies]
36
+ end
37
+
38
+ # Get the policy by the given name. If a policy does not exist by that name,
39
+ # +nil+ is returned.
40
+ #
41
+ # @example
42
+ # Vault.sys.policy("root") #=> #<Vault::Policy rules="">
43
+ #
44
+ # @return [Policy, nil]
45
+ def policy(name)
46
+ json = client.get("/v1/sys/policy/#{encode_path(name)}")
47
+ return Policy.decode(json)
48
+ rescue HTTPError => e
49
+ return nil if e.code == 404
50
+ raise
51
+ end
52
+
53
+ # Create a new policy with the given name and rules.
54
+ #
55
+ # @example
56
+ # policy = <<-EOH
57
+ # path "sys" {
58
+ # policy = "deny"
59
+ # }
60
+ # EOH
61
+ # Vault.sys.put_policy("dev", policy) #=> true
62
+ #
63
+ # It is recommend that you load policy rules from a file:
64
+ #
65
+ # @example
66
+ # policy = File.read("/path/to/my/policy.hcl")
67
+ # Vault.sys.put_policy("dev", policy)
68
+ #
69
+ # @param [String] name
70
+ # the name of the policy
71
+ # @param [String] rules
72
+ # the policy rules
73
+ #
74
+ # @return [true]
75
+ def put_policy(name, rules)
76
+ client.put("/v1/sys/policy/#{encode_path(name)}", JSON.fast_generate(
77
+ rules: rules,
78
+ ))
79
+ return true
80
+ end
81
+
82
+ # Delete the policy with the given name. If a policy does not exist, vault
83
+ # will not return an error.
84
+ #
85
+ # @example
86
+ # Vault.sys.delete_policy("dev") #=> true
87
+ #
88
+ # @param [String] name
89
+ # the name of the policy
90
+ def delete_policy(name)
91
+ client.delete("/v1/sys/policy/#{encode_path(name)}")
92
+ return true
93
+ end
94
+ end
95
+ end
@@ -0,0 +1,110 @@
1
+ # Copyright (c) HashiCorp, Inc.
2
+ # SPDX-License-Identifier: MPL-2.0
3
+
4
+ module Vault
5
+ class Quota < Response
6
+ # @!attribute [r] name
7
+ # Name of the quota rule.
8
+ # @return [String]
9
+ field :name
10
+
11
+ # @!attribute [r] path
12
+ # Namespace/Path combination the quota applies to.
13
+ # @return [String]
14
+ field :path
15
+
16
+ # @!attribute [r] type
17
+ # Type of the quota rule, must be one of "lease-count" or "rate-limit"
18
+ # @return [String]
19
+ field :type
20
+ end
21
+
22
+ class RateLimitQuota < Quota
23
+ # @!attribute [r] rate
24
+ # The rate at which allowed requests are refilled per second by the quota
25
+ # rule.
26
+ # @return [Float]
27
+ field :rate
28
+
29
+ # @!attribute [r] burst
30
+ # The maximum number of requests at any given second allowed by the quota
31
+ # rule.
32
+ # @return [Int]
33
+ field :burst
34
+ end
35
+
36
+ class LeaseCountQuota < Quota
37
+ # @!attribute [r] counter
38
+ # Number of currently active leases for the quota.
39
+ # @return [Int]
40
+ field :counter
41
+
42
+ # @!attribute [r] max_leases
43
+ # The maximum number of allowed leases for this quota.
44
+ # @return [Int]
45
+ field :max_leases
46
+ end
47
+
48
+ class Sys
49
+ def quotas(type)
50
+ path = generate_path(type)
51
+ json = client.list(path)
52
+ if data = json.dig(:data, :key_info)
53
+ data.map do |item|
54
+ type_class(type).decode(item)
55
+ end
56
+ else
57
+ json
58
+ end
59
+ end
60
+
61
+ def create_quota(type, name, opts={})
62
+ path = generate_path(type, name)
63
+ client.post(path, JSON.fast_generate(opts))
64
+ return true
65
+ end
66
+
67
+ def delete_quota(type, name)
68
+ path = generate_path(type, name)
69
+ client.delete(path)
70
+ return true
71
+ end
72
+
73
+ def get_quota(type, name)
74
+ path = generate_path(type, name)
75
+ response = client.get(path)
76
+ if data = response[:data]
77
+ type_class(type).decode(data)
78
+ end
79
+ end
80
+
81
+ def get_quota_config
82
+ client.get("v1/sys/quotas/config")
83
+ end
84
+
85
+ def update_quota_config(opts={})
86
+ client.post("v1/sys/quotas/config", JSON.fast_generate(opts))
87
+ return true
88
+ end
89
+
90
+ private
91
+
92
+ def generate_path(type, name=nil)
93
+ verify_type(type)
94
+ path = ["v1", "sys", "quotas", type, name].compact
95
+ path.join("/")
96
+ end
97
+
98
+ def verify_type(type)
99
+ return if ["rate-limit", "lease-count"].include?(type)
100
+ raise ArgumentError, "type must be one of \"rate-limit\" or \"lease-count\""
101
+ end
102
+
103
+ def type_class(type)
104
+ case type
105
+ when "lease-count" then LeaseCountQuota
106
+ when "rate-limit" then RateLimitQuota
107
+ end
108
+ end
109
+ end
110
+ end
@@ -0,0 +1,84 @@
1
+ # Copyright (c) HashiCorp, Inc.
2
+ # SPDX-License-Identifier: MPL-2.0
3
+
4
+ require "json"
5
+
6
+ module Vault
7
+ class SealStatus < Response
8
+ # @!method sealed?
9
+ # Returns if the Vault is sealed.
10
+ #
11
+ # @example Check if the Vault is sealed
12
+ # status.sealed? #=> true
13
+ #
14
+ # @return [Boolean]
15
+ field :sealed, as: :sealed?
16
+
17
+ # @!attribute t
18
+ # Threshold of keys required to unseal the Vault.
19
+ #
20
+ # @example Get the threshold of keys
21
+ # status.t #=> 3
22
+ #
23
+ # @return [Fixnum]
24
+ field :t
25
+
26
+ # @!attribute n
27
+ # Total number of unseal keys.
28
+ #
29
+ # @example Get the total number of keys
30
+ # status.n #=> 5
31
+ #
32
+ # @return [Fixnum]
33
+ field :n
34
+
35
+ # @!attribute progress
36
+ # Number of keys that have been entered.
37
+ #
38
+ # @example Get the current unseal progress
39
+ # status.progress #=> 2
40
+ #
41
+ # @return [Fixnum]
42
+ field :progress
43
+ end
44
+
45
+ class Sys
46
+ # Get the current seal status.
47
+ #
48
+ # @example
49
+ # Vault.sys.seal_status #=> #<Vault::SealStatus sealed=false, t=1, n=1, progress=0>
50
+ #
51
+ # @return [SealStatus]
52
+ def seal_status
53
+ json = client.get("/v1/sys/seal-status")
54
+ return SealStatus.decode(json)
55
+ end
56
+
57
+ # Seal the vault. Warning: this will seal the vault!
58
+ #
59
+ # @example
60
+ # Vault.sys.seal #=> true
61
+ #
62
+ # @return [true]
63
+ def seal
64
+ client.put("/v1/sys/seal", nil)
65
+ return true
66
+ end
67
+
68
+ # Unseal the vault with the given shard.
69
+ #
70
+ # @example
71
+ # Vault.sys.unseal("abcd-1234") #=> #<Vault::SealStatus sealed=true, t=3, n=5, progress=1>
72
+ #
73
+ # @param [String] shard
74
+ # the key to use
75
+ #
76
+ # @return [SealStatus]
77
+ def unseal(shard)
78
+ json = client.put("/v1/sys/unseal", JSON.fast_generate(
79
+ key: shard,
80
+ ))
81
+ return SealStatus.decode(json)
82
+ end
83
+ end
84
+ end
@@ -0,0 +1,30 @@
1
+ # Copyright (c) HashiCorp, Inc.
2
+ # SPDX-License-Identifier: MPL-2.0
3
+
4
+ require_relative "../client"
5
+ require_relative "../request"
6
+ require_relative "../response"
7
+
8
+ module Vault
9
+ class Client
10
+ # A proxy to the {Sys} methods.
11
+ # @return [Sys]
12
+ def sys
13
+ @sys ||= Sys.new(self)
14
+ end
15
+ end
16
+
17
+ class Sys < Request; end
18
+ end
19
+
20
+ require_relative "sys/audit"
21
+ require_relative "sys/auth"
22
+ require_relative "sys/health"
23
+ require_relative "sys/init"
24
+ require_relative "sys/leader"
25
+ require_relative "sys/lease"
26
+ require_relative "sys/mount"
27
+ require_relative "sys/namespace"
28
+ require_relative "sys/policy"
29
+ require_relative "sys/quota"
30
+ require_relative "sys/seal"
@@ -0,0 +1,46 @@
1
+ # Copyright (c) HashiCorp, Inc.
2
+ # SPDX-License-Identifier: MPL-2.0
3
+
4
+ require_relative '../../request'
5
+ require_relative '../../response'
6
+
7
+ module Vault
8
+ class Transform < Request
9
+ class Alphabet < Response
10
+ # @!attribute [r] id
11
+ # String listing all possible characters of the alphabet
12
+ # @return [String]
13
+ field :alphabet
14
+ end
15
+
16
+ def create_alphabet(name, alphabet:, **opts)
17
+ opts ||= {}
18
+ opts[:alphabet] = alphabet
19
+ client.post("/v1/transform/alphabet/#{encode_path(name)}", JSON.fast_generate(opts))
20
+ return true
21
+ end
22
+
23
+ def get_alphabet(name)
24
+ json = client.get("/v1/transform/alphabet/#{encode_path(name)}")
25
+ if data = json.dig(:data)
26
+ Alphabet.decode(data)
27
+ else
28
+ json
29
+ end
30
+ end
31
+
32
+ def delete_alphabet(name)
33
+ client.delete("/v1/transform/alphabet/#{encode_path(name)}")
34
+ true
35
+ end
36
+
37
+ def alphabets
38
+ json = client.list("/v1/transform/alphabet")
39
+ if keys = json.dig(:data, :keys)
40
+ keys
41
+ else
42
+ json
43
+ end
44
+ end
45
+ end
46
+ end
@@ -0,0 +1,45 @@
1
+ # Copyright (c) HashiCorp, Inc.
2
+ # SPDX-License-Identifier: MPL-2.0
3
+
4
+ require_relative '../../request'
5
+ require_relative '../../response'
6
+
7
+ module Vault
8
+ class Transform < Request
9
+ class Role < Response
10
+ # @!attribute [r] transformations
11
+ # Array of all transformations the role has access to
12
+ # @return [Array<String>]
13
+ field :transformations
14
+ end
15
+
16
+ def create_role(name, **opts)
17
+ opts ||= {}
18
+ client.post("/v1/transform/role/#{encode_path(name)}", JSON.fast_generate(opts))
19
+ return true
20
+ end
21
+
22
+ def get_role(name)
23
+ json = client.get("/v1/transform/role/#{encode_path(name)}")
24
+ if data = json.dig(:data)
25
+ Role.decode(data)
26
+ else
27
+ json
28
+ end
29
+ end
30
+
31
+ def delete_role(name)
32
+ client.delete("/v1/transform/role/#{encode_path(name)}")
33
+ true
34
+ end
35
+
36
+ def roles
37
+ json = client.list("/v1/transform/role")
38
+ if keys = json.dig(:data, :keys)
39
+ keys
40
+ else
41
+ json
42
+ end
43
+ end
44
+ end
45
+ end
@@ -0,0 +1,57 @@
1
+ # Copyright (c) HashiCorp, Inc.
2
+ # SPDX-License-Identifier: MPL-2.0
3
+
4
+ require_relative '../../request'
5
+ require_relative '../../response'
6
+
7
+ module Vault
8
+ class Transform < Request
9
+ class Template < Response
10
+ # @!attribute [r] alphabet
11
+ # Name of the alphabet to be used in the template
12
+ # @return [String]
13
+ field :alphabet
14
+
15
+ # @!attribute [r] pattern
16
+ # Regex string to detect and match for the template
17
+ # @return [String]
18
+ field :pattern
19
+
20
+ # @!attribute [r] type
21
+ # Type of the template, currently, only "regex" is supported
22
+ # @return [String]
23
+ field :type
24
+ end
25
+
26
+ def create_template(name, type:, pattern:, **opts)
27
+ opts ||= {}
28
+ opts[:type] = type
29
+ opts[:pattern] = pattern
30
+ client.post("/v1/transform/template/#{encode_path(name)}", JSON.fast_generate(opts))
31
+ return true
32
+ end
33
+
34
+ def get_template(name)
35
+ json = client.get("/v1/transform/template/#{encode_path(name)}")
36
+ if data = json.dig(:data)
37
+ Template.decode(data)
38
+ else
39
+ json
40
+ end
41
+ end
42
+
43
+ def delete_template(name)
44
+ client.delete("/v1/transform/template/#{encode_path(name)}")
45
+ true
46
+ end
47
+
48
+ def templates
49
+ json = client.list("/v1/transform/template")
50
+ if keys = json.dig(:data, :keys)
51
+ keys
52
+ else
53
+ json
54
+ end
55
+ end
56
+ end
57
+ end
@@ -0,0 +1,64 @@
1
+ # Copyright (c) HashiCorp, Inc.
2
+ # SPDX-License-Identifier: MPL-2.0
3
+
4
+ require_relative '../../request'
5
+ require_relative '../../response'
6
+
7
+ module Vault
8
+ class Transform < Request
9
+ class Transformation < Response
10
+ # @!attribute [r] allowed_roles
11
+ # Array of role names that are allowed to use this transformation
12
+ # @return [Array<String>]
13
+ field :allowed_roles
14
+
15
+ # @!attribute [r] templates
16
+ # Array of template names accessible to this transformation
17
+ # @return [Array<String>]
18
+ field :templates
19
+
20
+ # @!attribute [r] tweak_source
21
+ # String representing how a tweak is provided for this transformation.
22
+ # Available tweaks are "supplied", "generated", and "internal"
23
+ # @return [String]
24
+ field :tweak_source
25
+
26
+ # @!attribute [r] type
27
+ # String representing the type of transformation this is.
28
+ # Available types are "fpe", and "masking"
29
+ # @return [String]
30
+ field :type
31
+ end
32
+
33
+ def create_transformation(name, type:, template:, **opts)
34
+ opts ||= {}
35
+ opts[:type] = type
36
+ opts[:template] = template
37
+ client.post("/v1/transform/transformation/#{encode_path(name)}", JSON.fast_generate(opts))
38
+ return true
39
+ end
40
+
41
+ def get_transformation(name)
42
+ json = client.get("/v1/transform/transformation/#{encode_path(name)}")
43
+ if data = json.dig(:data)
44
+ Transformation.decode(data)
45
+ else
46
+ json
47
+ end
48
+ end
49
+
50
+ def delete_transformation(name)
51
+ client.delete("/v1/transform/transformation/#{encode_path(name)}")
52
+ true
53
+ end
54
+
55
+ def transformations
56
+ json = client.list("/v1/transform/transformation")
57
+ if keys = json.dig(:data, :keys)
58
+ keys
59
+ else
60
+ json
61
+ end
62
+ end
63
+ end
64
+ end
@@ -0,0 +1,32 @@
1
+ # Copyright (c) HashiCorp, Inc.
2
+ # SPDX-License-Identifier: MPL-2.0
3
+
4
+ require_relative '../client'
5
+ require_relative '../request'
6
+
7
+ module Vault
8
+ class Client
9
+ # A proxy to the {Transform} methods.
10
+ # @return [Transform]
11
+ def transform
12
+ @transform ||= Transform.new(self)
13
+ end
14
+ end
15
+
16
+ class Transform < Request
17
+ def encode(role_name:, **opts)
18
+ opts ||= {}
19
+ client.post("/v1/transform/encode/#{encode_path(role_name)}", JSON.fast_generate(opts))
20
+ end
21
+
22
+ def decode(role_name:, **opts)
23
+ opts ||= {}
24
+ client.post("/v1/transform/decode/#{encode_path(role_name)}", JSON.fast_generate(opts))
25
+ end
26
+ end
27
+ end
28
+
29
+ require_relative 'transform/alphabet'
30
+ require_relative 'transform/role'
31
+ require_relative 'transform/template'
32
+ require_relative 'transform/transformation'
data/lib/vault/api.rb ADDED
@@ -0,0 +1,17 @@
1
+ # Copyright (c) HashiCorp, Inc.
2
+ # SPDX-License-Identifier: MPL-2.0
3
+
4
+ module Vault
5
+ module API
6
+ require_relative "api/approle"
7
+ require_relative "api/auth_token"
8
+ require_relative "api/auth_tls"
9
+ require_relative "api/auth"
10
+ require_relative "api/help"
11
+ require_relative "api/kv"
12
+ require_relative "api/logical"
13
+ require_relative "api/secret"
14
+ require_relative "api/sys"
15
+ require_relative "api/transform"
16
+ end
17
+ end