Merge branch 'release-0.7.0'

amperity · Jun 21, 2019 · 59f7202 · 59f7202
2 parents ca3bdda + c67df00
commit 59f7202
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 13 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,16 +8,30 @@ This change log follows the conventions of [keepachangelog.com](http://keepachan
 
 ...
 
+
+## [0.7.0] - 2019-06-20
+
+### Changed
+- Upgrade Clojure to 1.10.0.
+- Upgrade `clj-http` to 3.7.0.
+- Drop dependency on `digest` library.
+- Other minor dependency updates.
+
+
 ## [0.6.6] - 2019-06-14
+
 ### Changed
 - Open authentication (type) dispatch to multimethod
   [#28](https://github.com/amperity/vault-clj/pull/28)
 
+
 ## [0.6.5] - 2018-11-5
+
 ### Changed
 - Fix client token lease renewal
   [a034b3](https://github.com/amperity/vault-clj/commit/a034b34d47781877578db77c8947f47266df6ae9)
 
+
 ## [0.6.4] - 2018-10-29
 
 ### Changed
@@ -37,6 +51,7 @@ This change log follows the conventions of [keepachangelog.com](http://keepachan
 - Use `digest` instead of transitive apache lib for hashing.
   [362f1ab](https://github.com/amperity/vault-clj/commit/362f1ab233045cb8468987686353d5146224fa24)
 
+
 ## [0.6.2] - 2018-08-09
 
 ### Added
@@ -48,6 +63,7 @@ This change log follows the conventions of [keepachangelog.com](http://keepachan
 - Upgrade Clojure to 1.9
 - Hash role-id when logging app-role authentication status.
 
+
 ## [0.6.0] - 2018-04-23
 
 ### Added
@@ -67,13 +83,15 @@ This change log follows the conventions of [keepachangelog.com](http://keepachan
   [#17](https://github.com/amperity/vault-clj/issues/17)
   [#18](https://github.com/amperity/vault-clj/pull/18)
 
+
 ## [0.5.1] - 2017-09-26
 
 ### Added
 - HTTP client supports LDAP authentication using the `:ldap` type.
   [#14](https://github.com/amperity/vault-clj/issues/14)
   [#16](https://github.com/amperity/vault-clj/pull/16)
 
+
 ## [0.5.0] - 2017-07-07
 
 ### Added
@@ -87,6 +105,7 @@ This change log follows the conventions of [keepachangelog.com](http://keepachan
   if set and a secret path is not present. Otherwise, clients consistently throw
   exceptions. [#7](https://github.com/amperity/vault-clj/issues/7)
 
+
 ## [0.4.1] - 2017-05-10
 
 ### Added
@@ -99,6 +118,7 @@ This change log follows the conventions of [keepachangelog.com](http://keepachan
   minutes, respectively. This allows for better lease utilization, as the
   previous twenty minute window was too large for short-lived leases.
 
+
 ## [0.4.0] - 2017-01-06
 
 **THIS RELEASE CONTAINS BREAKING CHANGES!**
@@ -137,13 +157,15 @@ in at runtime. This makes testing code without a Vault instance much simpler.
   management.
 - Deprecated the `vault.env/init-app-client` constructor.
 
+
 ## [0.3.4] - 2016-11-16
 
 ### Added
 - Add `create-token!` API support in the Client protocol. Tokens can be returned
   as [wrapped responses](https://www.vaultproject.io/docs/concepts/response-wrapping.html).
 - Add `unwrap!` API support in the Client protocol.
 
+
 ## [0.3.3] - 2016-11-04
 
 ### Changed
@@ -154,13 +176,15 @@ in at runtime. This makes testing code without a Vault instance much simpler.
 - HTTP `307` redirects from clustered Vault instances will be followed up to two
   times in order to connect to the correct master node.
 
+
 ## [0.3.2] - 2016-10-26
 
 ### Added
 - Add `delete-secret!` API support in the Client protocol.
 - `memory-client` returns a mock in-memory client implementation for testing.
 - Numerous unit tests to cover environment and caching logic.
 
+
 ## [0.3.1] - 2016-10-25
 
 ### Added
@@ -171,6 +195,7 @@ in at runtime. This makes testing code without a Vault instance much simpler.
 - Tokens used for direct authentication are trimmed as a precation to prevent
   odd header-based HTTP errors.
 
+
 ## [0.3.0] - 2016-10-18
 
 With this version, the project has been forked to the Amperity organization.
@@ -183,6 +208,7 @@ With this version, the project has been forked to the Amperity organization.
   takes a map of env vars with some potential secret values as Vault paths.
   Listed variables of the form `vault:<path>` are resolved as secret values.
 
+
 ## [0.2.0] - 2016-03-25
 
 ### Changed
@@ -194,11 +220,14 @@ With this version, the project has been forked to the Amperity organization.
   token string.
 - Added support for listing secrets with the client protocol.
 
+
 ## [0.1.0] - 2015-10-27
+
 ### Added
 - Initial library implementation.
 
-[Unreleased]: https://github.com/amperity/vault-clj/compare/0.6.6...HEAD
+[Unreleased]: https://github.com/amperity/vault-clj/compare/0.7.0...HEAD
+[0.7.0]: https://github.com/amperity/vault-clj/compare/0.6.6...0.7.0
 [0.6.6]: https://github.com/amperity/vault-clj/compare/0.6.5...0.6.6
 [0.6.5]: https://github.com/amperity/vault-clj/compare/0.6.4...0.6.5
 [0.6.4]: https://github.com/amperity/vault-clj/compare/0.6.3...0.6.4

diff --git a/project.clj b/project.clj
@@ -1,4 +1,4 @@
-(defproject amperity/vault-clj "0.6.6"
+(defproject amperity/vault-clj "0.7.0"
   :description "Clojure client for the Vault secret management system."
   :url "https://github.com/amperity/vault-clj"
   :license {:name "Apache License"
@@ -8,13 +8,12 @@
   :pedantic? :abort
 
   :dependencies
-  [[org.clojure/clojure "1.9.0"]
+  [[org.clojure/clojure "1.10.0"]
    [org.clojure/tools.logging "0.4.0"]
-   [amperity/envoy "0.3.1"]
-   [cheshire "5.8.0"]
-   [clj-http "2.3.0"]
-   [digest "1.4.8"]
-   [com.stuartsierra/component "0.3.2"]]
+   [amperity/envoy "0.3.3"]
+   [cheshire "5.8.1"]
+   [clj-http "3.7.0"]
+   [com.stuartsierra/component "0.4.0"]]
 
   :codox
   {:metadata {:doc/format :markdown}
@@ -31,7 +30,7 @@
 
    :repl
    {:source-paths ["dev"]
-    :dependencies [[org.clojure/tools.namespace "0.2.11"]]
+    :dependencies [[org.clojure/tools.namespace "0.3.0"]]
     :jvm-opts ["-Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.SimpleLog"
                "-Dorg.apache.commons.logging.simplelog.showdatetime=true"
                "-Dorg.apache.commons.logging.simplelog.defaultlog=info"

diff --git a/src/vault/client/http.clj b/src/vault/client/http.clj
@@ -6,10 +6,12 @@
     [clojure.tools.logging :as log]
     [clojure.walk :as walk]
     [com.stuartsierra.component :as component]
-    [digest :as digest]
     [vault.core :as vault]
     [vault.lease :as lease]
-    [vault.timer :as timer]))
+    [vault.timer :as timer])
+  (:import
+    java.security.MessageDigest
+    org.apache.commons.codec.binary.Hex))
 
 
 ;; ## API Utilities
@@ -28,6 +30,15 @@
       value)))
 
 
+(defn- sha-256
+  "Geerate a SHA-2 256 bit digest from a string."
+  [s]
+  (let [hasher (MessageDigest/getInstance "SHA-256")
+        str-bytes (.getBytes (str s) "UTF-8")]
+    (.update hasher str-bytes)
+    (Hex/encodeHexString (.digest hasher))))
+
+
 (defn- clean-body
   "Cleans up a response from the Vault API by rewriting some keywords and
   dropping extraneous information. Note that this changes the `:data` in the
@@ -200,7 +211,7 @@
   [client _ credentials]
   (let [{:keys [role-id secret-id]} credentials]
     (api-auth!
-      (str "role-id sha256:" (digest/sha-256 role-id))
+      (str "role-id sha256:" (sha-256 role-id))
       (:auth client)
       (do-api-request
         :post (str (:api-url client) "/v1/auth/approle/login")
@@ -561,7 +572,7 @@
                       :content-type :json})]
       (log/debug "Wrote secret" path)
       (lease/remove-path! leases path)
-      (case  (:status response)
+      (case (int (:status response -1))
         204 true
         200 (:body response)
         false)))