Class: Vault::Client

Inherits:

Object

• Object
• Vault::Client

Includes:

Configurable

Defined in:

lib/vault/client.rb,
lib/vault/api/sys.rb,
lib/vault/api/help.rb,
lib/vault/api/logical.rb,
lib/vault/api/auth_token.rb

Constant Summary

USER_AGENT =

The user agent for this client.

"VaultRuby/#{Vault::VERSION} (+github.com/hashicorp/vault-ruby)".freeze

DEFAULT_HEADERS =

The default headers that are sent with every request.

{
  "Content-Type" => "application/json",
  "Accept"       => "application/json",
  "User-Agent"   => USER_AGENT,
}.freeze

JSON_PARSE_OPTIONS =

The default list of options to use when parsing JSON.

{
  max_nesting:      false,
  create_additions: false,
  symbolize_names:  true,
}.freeze

Instance Method Summary

• #auth_token ⇒ AuthToken

  A proxy to the AuthToken methods.

• #build_uri(verb, path, params = {}) ⇒ URI

  Construct a URL from the given verb and path.

• #class_for_request(verb) ⇒ Class

  Helper method to get the corresponding Net::HTTP class from the given HTTP verb.

• #delete(path, params = {}, headers = {}) ⇒ Object

  Perform a DELETE request.

• #error(response) ⇒ Object

  Raise a response error, extracting as much information from the server’s response as possible.

• #get(path, params = {}, headers = {}) ⇒ Object

  Perform a GET request.

• #help(path) ⇒ Help

  Gets help for the given path.

• #initialize(options = {}) ⇒ Vault::Client constructor

  Create a new Client with the given options.

• #logical ⇒ Logical

  A proxy to the Logical methods.

• #patch(path, data, headers = {}) ⇒ Object

  Perform a PATCH request.

• #post(path, data, headers = {}) ⇒ Object

  Perform a POST request.

• #put(path, data, headers = {}) ⇒ Object

  Perform a PUT request.

• #request(verb, path, data = {}, headers = {}) ⇒ String, Hash

  Make an HTTP request with the given verb, data, params, and headers.

• #same_options?(opts) ⇒ true, false

  Determine if the given options are the same as ours.

• #success(response) ⇒ String, Hash

  Parse the response object and manipulate the result based on the given Content-Type header.

• #sys ⇒ Sys

  A proxy to the Sys methods.

• #to_query_string(hash) ⇒ String^?

  Convert the given hash to a list of query string parameters.

Methods included from Configurable

#configure, keys, #options, #reset!

Constructor Details

#initialize(options = {}) ⇒ Vault::Client

Create a new Client with the given options. Any options given take precedence over the default options.

# File 'lib/vault/client.rb', line 36

def initialize(options = {})
  # Use any options given, but fall back to the defaults set on the module
  Vault::Configurable.keys.each do |key|
    value = if options[key].nil?
      Vault.instance_variable_get(:"@#{key}")
    else
      options[key]
    end

    instance_variable_set(:"@#{key}", value)
  end
end

Instance Method Details

#auth_token ⇒ AuthToken

A proxy to the AuthToken methods.

Returns:

• (AuthToken)

# File 'lib/vault/api/auth_token.rb', line 12

def auth_token
  @auth_token ||= AuthToken.new(self)
end

#build_uri(verb, path, params = {}) ⇒ URI

Construct a URL from the given verb and path. If the request is a GET or DELETE request, the params are assumed to be query params are are converted as such using #to_query_string.

If the path is relative, it is merged with the Defaults.address attribute. If the path is absolute, it is converted to a URI object and returned.

Parameters:

• verb (Symbol) —

  the lowercase HTTP verb (e.g. :get)

• path (String) —

  the absolute or relative HTTP path (url) to get

• params (Hash) (defaults to: {}) —

  the list of params to build the URI with (for GET and DELETE requests)

Returns:

• (URI)

# File 'lib/vault/client.rb', line 205

def build_uri(verb, path, params = {})
  # Add any query string parameters
  if [:delete, :get].include?(verb)
    path = [path, to_query_string(params)].compact.join("?")
  end

  # Parse the URI
  uri = URI.parse(path)

  # Don't merge absolute URLs
  uri = URI.parse(File.join(address, path)) unless uri.absolute?

  # Return the URI object
  uri
end

#class_for_request(verb) ⇒ Class

Helper method to get the corresponding Net::HTTP class from the given HTTP verb.

Parameters:

• verb (#to_s) —

  the HTTP verb to create a class from

Returns:

• (Class)

# File 'lib/vault/client.rb', line 228

def class_for_request(verb)
  Net::HTTP.const_get(verb.to_s.capitalize)
end

#delete(path, params = {}, headers = {}) ⇒ Object

Perform a DELETE request.

See Also:

• #request

# File 'lib/vault/client.rb', line 81

def delete(path, params = {}, headers = {})
  request(:delete, path, params, headers)
end

#error(response) ⇒ Object

Raise a response error, extracting as much information from the server’s response as possible.

Parameters:

• response (HTTP::Message) —

  the response object from the request

Raises:

• (HTTPError)

# File 'lib/vault/client.rb', line 270

def error(response)
  if (response.content_type || '').include?("json")
    # Attempt to parse the error as JSON
    begin
      json = JSON.parse(response.body, JSON_PARSE_OPTIONS)

      if json[:errors]
        raise HTTPError.new(address, response.code, json[:errors])
      end
    rescue JSON::ParserError; end
  end

  raise HTTPError.new(address, response.code, [response.body])
end

#get(path, params = {}, headers = {}) ⇒ Object

Perform a GET request.

See Also:

• #request

# File 'lib/vault/client.rb', line 57

def get(path, params = {}, headers = {})
  request(:get, path, params, headers)
end

#help(path) ⇒ Help

Gets help for the given path.

Examples:

Vault.help #=> #<Vault::Help help="..." see_also="...">

Parameters:

• path (String) —

  the path to get help for

Returns:

• (Help)

# File 'lib/vault/api/help.rb', line 18

def help(path)
  json = self.get("/v1/#{path}", help: 1)
  return Help.decode(json)
end

#logical ⇒ Logical

A proxy to the Logical methods.

Returns:

• (Logical)

# File 'lib/vault/api/logical.rb', line 10

def logical
  @logical ||= Logical.new(self)
end

#patch(path, data, headers = {}) ⇒ Object

Perform a PATCH request.

See Also:

• #request

# File 'lib/vault/client.rb', line 75

def patch(path, data, headers = {})
  request(:patch, path, data, headers)
end

#post(path, data, headers = {}) ⇒ Object

Perform a POST request.

See Also:

• #request

# File 'lib/vault/client.rb', line 63

def post(path, data, headers = {})
  request(:post, path, data, headers)
end

#put(path, data, headers = {}) ⇒ Object

Perform a PUT request.

See Also:

• #request

# File 'lib/vault/client.rb', line 69

def put(path, data, headers = {})
  request(:put, path, data, headers)
end

#request(verb, path, data = {}, headers = {}) ⇒ String, Hash

Make an HTTP request with the given verb, data, params, and headers. If the response has a return type of JSON, the JSON is automatically parsed and returned as a hash; otherwise it is returned as a string.

Parameters:

• verb (Symbol) —

  the lowercase symbol of the HTTP verb (e.g. :get, :delete)

• path (String) —

  the absolute or relative path from Defaults.address to make the request against

• data (#read, Hash, nil) (defaults to: {}) —

  the data to use (varies based on the verb)

• headers (Hash) (defaults to: {}) —

  the list of headers to use

Returns:

• (String, Hash) —

  the response body

Raises:

• (HTTPError) —

  if the request is not an HTTP 200 OK

# File 'lib/vault/client.rb', line 104

def request(verb, path, data = {}, headers = {})
  # All requests to vault require a token, so we should error without even
  # trying if there is no token set
  raise MissingTokenError if token.nil?

  # Build the URI and request object from the given information
  uri = build_uri(verb, path, data)
  request = class_for_request(verb).new(uri.request_uri)

  # Add headers
  headers = DEFAULT_HEADERS.merge(headers)
  headers.each do |key, value|
    request.add_field(key, value)
  end

  # Setup PATCH/POST/PUT
  if [:patch, :post, :put].include?(verb)
    if data.respond_to?(:read)
      request.content_length = data.size
      request.body_stream = data
    elsif data.is_a?(Hash)
      request.form_data = data
    else
      request.body = data
    end
  end

  # Create the HTTP connection object - since the proxy information defaults
  # to +nil+, we can just pass it to the initializer method instead of doing
  # crazy strange conditionals.
  connection = Net::HTTP.new(uri.host, uri.port,
    proxy_address, proxy_port, proxy_username, proxy_password)

  # Create the cookie for the request.
  cookie = CGI::Cookie.new
  cookie.name    = "token"
  cookie.value   = token
  cookie.path    = "/"
  cookie.expires = Time.now + (60*60*24*376)

  # Apply SSL, if applicable
  if uri.scheme == "https"
    # Turn on SSL
    connection.use_ssl = true

    # Turn on secure cookies
    cookie.secure = true

    # Custom pem files, no problem!
    if ssl_pem_file
      pem = File.read(ssl_pem_file)
      connection.cert = OpenSSL::X509::Certificate.new(pem)
      connection.key = OpenSSL::PKey::RSA.new(pem)
      connection.verify_mode = OpenSSL::SSL::VERIFY_PEER
    end

    # Naughty, naughty, naughty! Don't blame when when someone hops in
    # and executes a MITM attack!
    unless ssl_verify
      connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
    end
  end

  # Add the cookie to the request.
  request["Cookie"] = cookie.to_s

  # Create a connection using the block form, which will ensure the socket
  # is properly closed in the event of an error.
  connection.start do |http|
    response = http.request(request)

    case response
    when Net::HTTPRedirection
      redirect = URI.parse(response["location"])
      request(verb, redirect, data, headers)
    when Net::HTTPSuccess
      success(response)
    else
      error(response)
    end
  end
rescue SocketError, Errno::ECONNREFUSED, EOFError
  raise HTTPConnectionError.new(address)
end

#same_options?(opts) ⇒ true, false

Determine if the given options are the same as ours.

Returns:

• (true, false)

# File 'lib/vault/client.rb', line 51

def same_options?(opts)
  options.hash == opts.hash
end

#success(response) ⇒ String, Hash

Parse the response object and manipulate the result based on the given Content-Type header. For now, this method only parses JSON, but it could be expanded in the future to accept other content types.

Parameters:

• response (HTTP::Message) —

  the response object from the request

Returns:

• (String, Hash) —

  the parsed response, as an object

# File 'lib/vault/client.rb', line 255

def success(response)
  if response.body && (response.content_type || '').include?("json")
    JSON.parse(response.body, JSON_PARSE_OPTIONS)
  else
    response.body
  end
end

#sys ⇒ Sys

A proxy to the Sys methods.

Returns:

• (Sys)

# File 'lib/vault/api/sys.rb', line 9

def sys
  @sys ||= Sys.new(self)
end

#to_query_string(hash) ⇒ String^?

Convert the given hash to a list of query string parameters. Each key and value in the hash is URI-escaped for safety.

Parameters:

• hash (Hash) —

  the hash to create the query string from

Returns:

• (String, nil) —

  the query string as a string, or nil if there are no params

# File 'lib/vault/client.rb', line 240

def to_query_string(hash)
  hash.map do |key, value|
    "#{CGI.escape(key.to_s)}=#{CGI.escape(value.to_s)}"
  end.join('&')[/.+/]
end