Class: Dsv::Vault
- Inherits:
-
Object
- Object
- Dsv::Vault
- Defined in:
- lib/dsv.rb
Constant Summary collapse
- DEFAULT_URL_TEMPLATE =
"https://%s.secretsvaultcloud.%s/v1/%s%s"
- DEFAULT_TLD =
"com"
Instance Method Summary collapse
-
#accessResource(method, resource, path, input, parse_json = true) ⇒ Hash
Helper method to access a resource via API.
-
#getAccessToken ⇒ String
Query API for OAuth token.
-
#initialize(config = nil) ⇒ Vault
constructor
Initialize a
Vault
object with provided configuration. -
#urlFor(resource, path = nil) ⇒ String
Generate the URL for a specific request.
Constructor Details
#initialize(config = nil) ⇒ Vault
Initialize a Vault
object with provided configuration.
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# File 'lib/dsv.rb', line 40 def initialize(config = nil) unless config.nil? @configuration = config.collect{|k,v| [k.to_s, v]}.to_h else @configuration = {} @configuration['client_id'] = ENV['DSV_CLIENT_ID'] @configuration['client_secret'] = ENV['DSV_CLIENT_SECRET'] @configuration['tenant'] = ENV['DSV_TENANT'] @configuration['tld'] = ENV['DSV_TLD'] end if @configuration['client_id'].nil? || @configuration['client_secret'].nil? $logger.error("Must provide client_id and client_secret") raise InvalidConfigurationException end $logger.debug("Vault is configured for client_id: #{@configuration['client_id']}") end |
Instance Method Details
#accessResource(method, resource, path, input, parse_json = true) ⇒ Hash
Helper method to access a resource via API
-
AccessDeniedException
is raised if the server responds with anAPI_AccessDenied
error -
InvalidMethodTypeException
is raised if a method other than [“GET”, “POST”, “PUT”, “DELETE”] is provided -
UnrecognizedResourceException
is raised if a resource other than [“clients”, “roles”, “secrets”] is requested
73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 |
# File 'lib/dsv.rb', line 73 def accessResource(method, resource, path, input, parse_json=true) unless ["GET", "POST", "PUT", "DELETE"].include?(method.upcase) $logger.error "Invalid request method: #{method}" raise InvalidMethodTypeException end unless ["clients", "roles", "secrets"].include? resource = "unrecognized resource" $logger.debug "#{}, #{resource}" raise UnrecognizedResourceException end body = "" unless input.nil? body = input.to_json end accessToken = getAccessToken # Yikes, normally not a fan of metaprogramming # We first ensured that `method` is legit to prevent # arbitrary method invocation url = urlFor(resource, path) $logger.debug "Sending request to: #{url}" resp = Faraday.send(method.downcase, url) do | req | req.headers['Authorization'] = "Bearer #{accessToken}" req.body = body unless body.empty? if ["POST", "PUT"].include?(method.upcase) req.headers['Content-Type'] = 'application/json' end end data = resp.body return data unless parse_json begin hash = JSON.parse(data) if hash['errorCode'] == "API_AccessDenied" raise AccessDeniedException end if hash['message'] == "Invalid permissions" raise AccessDeniedException end if hash['code'] == 404 raise ResourceNotFoundException end rescue JSON::ParserError => e $logger.error "Error parsing JSON: #{e.to_s}" raise e end return hash end |
#getAccessToken ⇒ String
Query API for OAuth token
-
InvalidCredentialsException
is returned if the provided credentials are not valid
140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 |
# File 'lib/dsv.rb', line 140 def getAccessToken grantRequest = { grant_type: "client_credentials", client_id: @configuration['client_id'], client_secret: @configuration['client_secret'] }.to_json url = urlFor("token") $logger.debug "calling #{url} with client_id #{@configuration['client_id']}" response = Faraday.post( url, grantRequest, "Content-Type" => "application/json" ) unless response.status == 200 $logger.debug "grant response error: #{response.body}" raise InvalidCredentialsException end begin grant = JSON.parse(response.body) return grant['accessToken'] rescue JSON::ParserError => e $logger.error "Error parsing JSON: #{e.to_s}" raise e end end |
#urlFor(resource, path = nil) ⇒ String
Generate the URL for a specific request. This factors in several configuration options including:
-
tenant
-
tld
180 181 182 183 184 185 186 187 |
# File 'lib/dsv.rb', line 180 def urlFor(resource, path=nil) if path != nil path = "/#{path.delete_prefix("/")}" end sprintf(DEFAULT_URL_TEMPLATE, @configuration['tenant'], @configuration['tld'] || DEFAULT_TLD, resource, path) end |