vault_ruby_client 0.18.2

data/lib/vault/api/sys/policy.rb

@@ -0,0 +1,95 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+require "json"
+
+module Vault
+  class Policy < Response
+    # @!attribute [r] name
+    #   Name of the policy.
+    #
+    #   @example Get the name of the policy
+    #     policy.name #=> "default"
+    #
+    #   @return [String]
+    field :name
+
+    # @!attribute [r] rules
+    #   Raw HCL policy.
+    #
+    #   @example Display the list of rules
+    #     policy.rules #=> "path \"secret/foo\" {}"
+    #
+    #   @return [String]
+    field :rules
+  end
+
+  class Sys
+    # The list of policies in vault.
+    #
+    # @example
+    #   Vault.sys.policies #=> ["root"]
+    #
+    # @return [Array<String>]
+    def policies
+      client.get("/v1/sys/policy")[:policies]
+    end
+
+    # Get the policy by the given name. If a policy does not exist by that name,
+    # +nil+ is returned.
+    #
+    # @example
+    #   Vault.sys.policy("root") #=> #<Vault::Policy rules="">
+    #
+    # @return [Policy, nil]
+    def policy(name)
+      json = client.get("/v1/sys/policy/#{encode_path(name)}")
+      return Policy.decode(json)
+    rescue HTTPError => e
+      return nil if e.code == 404
+      raise
+    end
+
+    # Create a new policy with the given name and rules.
+    #
+    # @example
+    #   policy = <<-EOH
+    #     path "sys" {
+    #       policy = "deny"
+    #     }
+    #   EOH
+    #   Vault.sys.put_policy("dev", policy) #=> true
+    #
+    # It is recommend that you load policy rules from a file:
+    #
+    # @example
+    #   policy = File.read("/path/to/my/policy.hcl")
+    #   Vault.sys.put_policy("dev", policy)
+    #
+    # @param [String] name
+    #   the name of the policy
+    # @param [String] rules
+    #   the policy rules
+    #
+    # @return [true]
+    def put_policy(name, rules)
+      client.put("/v1/sys/policy/#{encode_path(name)}", JSON.fast_generate(
+        rules: rules,
+      ))
+      return true
+    end
+
+    # Delete the policy with the given name. If a policy does not exist, vault
+    # will not return an error.
+    #
+    # @example
+    #   Vault.sys.delete_policy("dev") #=> true
+    #
+    # @param [String] name
+    #   the name of the policy
+    def delete_policy(name)
+      client.delete("/v1/sys/policy/#{encode_path(name)}")
+      return true
+    end
+  end
+end

data/lib/vault/api/sys/quota.rb

@@ -0,0 +1,110 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+module Vault
+  class Quota < Response
+    # @!attribute [r] name
+    #   Name of the quota rule.
+    #   @return [String]
+    field :name
+
+    # @!attribute [r] path
+    #   Namespace/Path combination the quota applies to.
+    #   @return [String]
+    field :path
+
+    # @!attribute [r] type
+    #   Type of the quota rule, must be one of "lease-count" or "rate-limit"
+    #   @return [String]
+    field :type
+  end
+
+  class RateLimitQuota < Quota
+    # @!attribute [r] rate
+    #   The rate at which allowed requests are refilled per second by the quota
+    #   rule.
+    #   @return [Float]
+    field :rate
+
+    # @!attribute [r] burst
+    #   The maximum number of requests at any given second allowed by the quota
+    #   rule.
+    #   @return [Int]
+    field :burst
+  end
+
+  class LeaseCountQuota < Quota
+    # @!attribute [r] counter
+    #   Number of currently active leases for the quota.
+    #   @return [Int]
+    field :counter
+
+    # @!attribute [r] max_leases
+    #   The maximum number of allowed leases for this quota.
+    #   @return [Int]
+    field :max_leases
+  end
+
+  class Sys
+    def quotas(type)
+      path = generate_path(type)
+      json = client.list(path)
+      if data = json.dig(:data, :key_info)
+        data.map do |item|
+          type_class(type).decode(item)
+        end
+      else
+        json
+      end
+    end
+
+    def create_quota(type, name, opts={})
+      path = generate_path(type, name)
+      client.post(path, JSON.fast_generate(opts))
+      return true
+    end
+
+    def delete_quota(type, name)
+      path = generate_path(type, name)
+      client.delete(path)
+      return true
+    end
+
+    def get_quota(type, name)
+      path = generate_path(type, name)
+      response = client.get(path)
+      if data = response[:data]
+        type_class(type).decode(data)
+      end
+    end
+
+    def get_quota_config
+      client.get("v1/sys/quotas/config")
+    end
+    
+    def update_quota_config(opts={})
+      client.post("v1/sys/quotas/config", JSON.fast_generate(opts))
+      return true
+    end
+
+    private
+
+    def generate_path(type, name=nil)
+      verify_type(type)
+      path = ["v1", "sys", "quotas", type, name].compact
+      path.join("/")
+    end
+
+    def verify_type(type)
+      return if ["rate-limit", "lease-count"].include?(type)
+      raise ArgumentError, "type must be one of \"rate-limit\" or \"lease-count\""
+    end
+
+    def type_class(type)
+      case type
+      when "lease-count" then LeaseCountQuota
+      when "rate-limit" then RateLimitQuota
+      end
+    end
+  end
+end

data/lib/vault/api/sys/seal.rb

@@ -0,0 +1,84 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+require "json"
+
+module Vault
+  class SealStatus < Response
+    # @!method sealed?
+    #   Returns if the Vault is sealed.
+    #
+    #   @example Check if the Vault is sealed
+    #     status.sealed? #=> true
+    #
+    #   @return [Boolean]
+    field :sealed, as: :sealed?
+
+    # @!attribute t
+    #   Threshold of keys required to unseal the Vault.
+    #
+    #   @example Get the threshold of keys
+    #     status.t #=> 3
+    #
+    #   @return [Fixnum]
+    field :t
+
+    # @!attribute n
+    #   Total number of unseal keys.
+    #
+    #   @example Get the total number of keys
+    #     status.n #=> 5
+    #
+    #   @return [Fixnum]
+    field :n
+
+    # @!attribute progress
+    #   Number of keys that have been entered.
+    #
+    #   @example Get the current unseal progress
+    #     status.progress #=> 2
+    #
+    #   @return [Fixnum]
+    field :progress
+  end
+
+  class Sys
+    # Get the current seal status.
+    #
+    # @example
+    #   Vault.sys.seal_status #=> #<Vault::SealStatus sealed=false, t=1, n=1, progress=0>
+    #
+    # @return [SealStatus]
+    def seal_status
+      json = client.get("/v1/sys/seal-status")
+      return SealStatus.decode(json)
+    end
+
+    # Seal the vault. Warning: this will seal the vault!
+    #
+    # @example
+    #   Vault.sys.seal #=> true
+    #
+    # @return [true]
+    def seal
+      client.put("/v1/sys/seal", nil)
+      return true
+    end
+
+    # Unseal the vault with the given shard.
+    #
+    # @example
+    #   Vault.sys.unseal("abcd-1234") #=> #<Vault::SealStatus sealed=true, t=3, n=5, progress=1>
+    #
+    # @param [String] shard
+    #   the key to use
+    #
+    # @return [SealStatus]
+    def unseal(shard)
+      json = client.put("/v1/sys/unseal", JSON.fast_generate(
+        key: shard,
+      ))
+      return SealStatus.decode(json)
+    end
+  end
+end

data/lib/vault/api/sys.rb

@@ -0,0 +1,30 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+require_relative "../client"
+require_relative "../request"
+require_relative "../response"
+
+module Vault
+  class Client
+    # A proxy to the {Sys} methods.
+    # @return [Sys]
+    def sys
+      @sys ||= Sys.new(self)
+    end
+  end
+
+  class Sys < Request; end
+end
+
+require_relative "sys/audit"
+require_relative "sys/auth"
+require_relative "sys/health"
+require_relative "sys/init"
+require_relative "sys/leader"
+require_relative "sys/lease"
+require_relative "sys/mount"
+require_relative "sys/namespace"
+require_relative "sys/policy"
+require_relative "sys/quota"
+require_relative "sys/seal"

data/lib/vault/api/transform/alphabet.rb

@@ -0,0 +1,46 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+require_relative '../../request'
+require_relative '../../response'
+
+module Vault
+  class Transform < Request
+    class Alphabet < Response
+      # @!attribute [r] id
+      #   String listing all possible characters of the alphabet
+      #   @return [String]
+      field :alphabet
+    end
+
+    def create_alphabet(name, alphabet:, **opts)
+      opts ||= {}
+      opts[:alphabet] = alphabet
+      client.post("/v1/transform/alphabet/#{encode_path(name)}", JSON.fast_generate(opts))
+      return true
+    end
+
+    def get_alphabet(name)
+      json = client.get("/v1/transform/alphabet/#{encode_path(name)}")
+      if data = json.dig(:data)
+        Alphabet.decode(data)
+      else
+        json
+      end
+    end
+
+    def delete_alphabet(name)
+      client.delete("/v1/transform/alphabet/#{encode_path(name)}")
+      true
+    end
+
+    def alphabets
+      json = client.list("/v1/transform/alphabet")
+      if keys = json.dig(:data, :keys)
+        keys
+      else
+        json
+      end
+    end
+  end
+end

data/lib/vault/api/transform/role.rb

@@ -0,0 +1,45 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+require_relative '../../request'
+require_relative '../../response'
+
+module Vault
+  class Transform < Request
+    class Role < Response
+      # @!attribute [r] transformations
+      #   Array of all transformations the role has access to
+      #   @return [Array<String>]
+      field :transformations
+    end
+
+    def create_role(name, **opts)
+      opts ||= {}
+      client.post("/v1/transform/role/#{encode_path(name)}", JSON.fast_generate(opts))
+      return true
+    end
+
+    def get_role(name)
+      json = client.get("/v1/transform/role/#{encode_path(name)}")
+      if data = json.dig(:data)
+        Role.decode(data)
+      else
+        json
+      end
+    end
+
+    def delete_role(name)
+      client.delete("/v1/transform/role/#{encode_path(name)}")
+      true
+    end
+
+    def roles
+      json = client.list("/v1/transform/role")
+      if keys = json.dig(:data, :keys)
+        keys
+      else
+        json
+      end
+    end
+  end
+end

data/lib/vault/api/transform/template.rb

@@ -0,0 +1,57 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+require_relative '../../request'
+require_relative '../../response'
+
+module Vault
+  class Transform < Request
+    class Template < Response
+      # @!attribute [r] alphabet
+      #   Name of the alphabet to be used in the template
+      #   @return [String]
+      field :alphabet
+
+      # @!attribute [r] pattern
+      #   Regex string to detect and match for the template
+      #   @return [String]
+      field :pattern
+
+      # @!attribute [r] type
+      #   Type of the template, currently, only "regex" is supported
+      #   @return [String]
+      field :type
+    end
+
+    def create_template(name, type:, pattern:, **opts)
+      opts ||= {}
+      opts[:type] = type
+      opts[:pattern] = pattern
+      client.post("/v1/transform/template/#{encode_path(name)}", JSON.fast_generate(opts))
+      return true
+    end
+
+    def get_template(name)
+      json = client.get("/v1/transform/template/#{encode_path(name)}")
+      if data = json.dig(:data)
+        Template.decode(data)
+      else
+        json
+      end
+    end
+
+    def delete_template(name)
+      client.delete("/v1/transform/template/#{encode_path(name)}")
+      true
+    end
+
+    def templates
+      json = client.list("/v1/transform/template")
+      if keys = json.dig(:data, :keys)
+        keys
+      else
+        json
+      end
+    end
+  end
+end

data/lib/vault/api/transform/transformation.rb

@@ -0,0 +1,64 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+require_relative '../../request'
+require_relative '../../response'
+
+module Vault
+  class Transform < Request
+    class Transformation < Response
+      # @!attribute [r] allowed_roles
+      #   Array of role names that are allowed to use this transformation
+      #   @return [Array<String>]
+      field :allowed_roles
+
+      # @!attribute [r] templates
+      #   Array of template names accessible to this transformation
+      #   @return [Array<String>]
+      field :templates
+
+      # @!attribute [r] tweak_source
+      #   String representing how a tweak is provided for this transformation.
+      #   Available tweaks are "supplied", "generated", and "internal"
+      #   @return [String]
+      field :tweak_source
+
+      # @!attribute [r] type
+      #   String representing the type of transformation this is.
+      #   Available types are "fpe", and "masking"
+      #   @return [String]
+      field :type
+    end
+
+    def create_transformation(name, type:, template:, **opts)
+      opts ||= {}
+      opts[:type] = type
+      opts[:template] = template
+      client.post("/v1/transform/transformation/#{encode_path(name)}", JSON.fast_generate(opts))
+      return true
+    end
+
+    def get_transformation(name)
+      json = client.get("/v1/transform/transformation/#{encode_path(name)}")
+      if data = json.dig(:data)
+        Transformation.decode(data)
+      else
+        json
+      end
+    end
+
+    def delete_transformation(name)
+      client.delete("/v1/transform/transformation/#{encode_path(name)}")
+      true
+    end
+
+    def transformations
+      json = client.list("/v1/transform/transformation")
+      if keys = json.dig(:data, :keys)
+        keys
+      else
+        json
+      end
+    end
+  end
+end

data/lib/vault/api/transform.rb

@@ -0,0 +1,32 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+require_relative '../client'
+require_relative '../request'
+
+module Vault
+  class Client
+    # A proxy to the {Transform} methods.
+    # @return [Transform]
+    def transform
+      @transform ||= Transform.new(self)
+    end
+  end
+
+  class Transform < Request
+    def encode(role_name:, **opts)
+      opts ||= {}
+      client.post("/v1/transform/encode/#{encode_path(role_name)}", JSON.fast_generate(opts))
+    end
+
+    def decode(role_name:, **opts)
+      opts ||= {}
+      client.post("/v1/transform/decode/#{encode_path(role_name)}", JSON.fast_generate(opts))
+    end
+  end
+end
+
+require_relative 'transform/alphabet'
+require_relative 'transform/role'
+require_relative 'transform/template'
+require_relative 'transform/transformation'

data/lib/vault/api.rb

@@ -0,0 +1,17 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+module Vault
+  module API
+    require_relative "api/approle"
+    require_relative "api/auth_token"
+    require_relative "api/auth_tls"
+    require_relative "api/auth"
+    require_relative "api/help"
+    require_relative "api/kv"
+    require_relative "api/logical"
+    require_relative "api/secret"
+    require_relative "api/sys"
+    require_relative "api/transform"
+  end
+end