Merge pull request #41 from Infisical/daniel/ruby-sdk

Feat: Ruby SDK

.github/workflows/generate-schemas.yml

@@ -77,3 +77,10 @@ jobs:
                   name: sdk-schemas-java
                   path: ${{ github.workspace }}/languages/java/src/main/java/com/infisical/sdk/schema/*
                   if-no-files-found: error
+
+            - name: Upload Ruby schemas artifact
+              uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+              with:
+                  name: sdk-schemas-ruby
+                  path: ${{ github.workspace }}/languages/ruby/infisical-sdk/lib/schemas.rb
+                  if-no-files-found: error

.github/workflows/release-ruby.yml

@@ -0,0 +1,110 @@
+name: Release Ruby SDK
+run-name: Release Ruby SDK
+
+on:
+    workflow_dispatch:
+
+    push:
+        tags:
+            - "*.*.*" # version, e.g. 1.0.0
+
+permissions:
+    contents: read
+    id-token: write
+
+jobs:
+    generate_schemas:
+        uses: ./.github/workflows/generate-schemas.yml
+
+    build_rust:
+        uses: ./.github/workflows/build-c-bindings.yml
+
+    release_ruby:
+        name: Release Ruby
+        runs-on: ubuntu-22.04
+        needs:
+            - generate_schemas
+            - build_rust
+        steps:
+            - name: Checkout Repository
+              uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+
+            - name: Set up Ruby
+              uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0
+              with:
+                  ruby-version: 3.2
+
+            - name: Download Ruby schemas artifact
+              uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+              with:
+                  name: sdk-schemas-ruby
+                  path: languages/ruby/infisical-sdk/lib/
+
+            # x64 Apple Darwin
+            - name: Download x86_64-apple-darwin files
+              uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+              with:
+                  name: libinfisical_c_files-x86_64-apple-darwin
+                  path: temp/macos-x64
+
+            # ARM64 Apple Darwin
+            - name: Download aarch64-apple-darwin files
+              uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+              with:
+                  name: libinfisical_c_files-aarch64-apple-darwin
+                  path: temp/macos-arm64
+
+            # x64 Linux GNU
+            - name: Download x86_64-unknown-linux-gnu files
+              uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+              with:
+                  name: libinfisical_c_files-x86_64-unknown-linux-gnu
+                  path: temp/linux-x64
+
+            # ARM64 Linux GNU
+            - name: Download aarch64-unknown-linux-gnu files
+              uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+              with:
+                  name: libinfisical_c_files-aarch64-unknown-linux-gnu
+                  path: temp/linux-arm64
+
+            # MSVC x86/x64 Windows
+            - name: Download x86_64-pc-windows-msvc files
+              uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+              with:
+                  name: libinfisical_c_files-x86_64-pc-windows-msvc
+                  path: temp/windows-x64
+
+            - name: Copy lib files
+              run: |
+                  mkdir -p languages/ruby/infisical-sdk/lib/macos-arm64
+                  mkdir -p languages/ruby/infisical-sdk/lib/linux-x64
+                  mkdir -p languages/ruby/infisical-sdk/lib/linux-arm64
+                  mkdir -p languages/ruby/infisical-sdk/lib/macos-x64
+                  mkdir -p languages/ruby/infisical-sdk/lib/windows-x64
+
+                  platforms=("macos-arm64" "linux-x64" "linux-arm64" "macos-x64" "windows-x64")
+                  files=("libinfisical_c.dylib" "libinfisical_c.so" "libinfisical_c.so" "libinfisical_c.dylib" "libinfisical_c.dll")
+
+                  for ((i=0; i<${#platforms[@]}; i++)); do
+                    cp "temp/${platforms[$i]}/${files[$i]}" "languages/ruby/infisical-sdk/lib/${platforms[$i]}/${files[$i]}"
+                  done
+
+            - name: bundle install
+              run: bundle install
+              working-directory: languages/ruby/infisical-sdk
+
+            - name: Build gem
+              run: gem build infisical-sdk.gemspec
+              working-directory: languages/ruby/infisical-sdk
+
+            - name: Push gem to Rubygems
+              run: |
+                  mkdir -p $HOME/.gem
+                  touch $HOME/.gem/credentials
+                  chmod 0600 $HOME/.gem/credentials
+                  printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+                  gem push *.gem
+              env:
+                  GEM_HOST_API_KEY: ${{ secrets.GEM_HOST_API_KEY }}
+              working-directory: languages/ruby/infisical-sdk

.gitignore

@@ -198,4 +198,8 @@ languages/node/npm/**/*.node
 languages/node/artifacts
 languages/node/package/**/*
 
-languages/java/gradle.properties
+
+languages/ruby/infisical-sdk/Gemfile.lock
+languages/ruby/infisical-sdk/pkg
+
+languages/java/gradle.properties

crates/infisical-json/src/client.rs

@@ -46,6 +46,20 @@ impl Client {
             Command::CreateSymmetricKey(_) => {
                 self.0.cryptography().create_symmetric_key().into_string()
             }
+
+            // Authentication
+            Command::UniversalAuthLogin(req) => {
+                self.0.auth().universal_login(&req).await.into_string()
+            }
+            Command::KubernetesAuthLogin(req) => {
+                self.0.auth().kubernetes_login(&req).await.into_string()
+            }
+            Command::AzureAuthLogin(req) => self.0.auth().azure_login(&req).await.into_string(),
+            Command::GcpIdTokenAuthLogin(req) => {
+                self.0.auth().gcp_id_token_login(&req).await.into_string()
+            }
+            Command::GcpIamAuthLogin(req) => self.0.auth().gcp_iam_login(&req).await.into_string(),
+            Command::AwsIamAuthLogin(req) => self.0.auth().aws_iam_login(&req).await.into_string(),
         }
     }
 

crates/infisical-json/src/command.rs

@@ -5,6 +5,11 @@ use infisical::manager::secrets::{
 
 use infisical::manager::cryptography::{DecryptSymmetricOptions, EncryptSymmetricOptions};
 
+use infisical::client::auth_method_settings::{
+    AWSIamAuthMethod, AzureAuthMethod, GCPIamAuthMethod, GCPIdTokenAuthMethod,
+    KubernetesAuthMethod, UniversalAuthMethod,
+};
+
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
@@ -28,4 +33,11 @@ pub enum Command {
     CreateSymmetricKey(ArbitraryOptions),
     EncryptSymmetric(EncryptSymmetricOptions),
     DecryptSymmetric(DecryptSymmetricOptions),
+
+    UniversalAuthLogin(UniversalAuthMethod),
+    KubernetesAuthLogin(KubernetesAuthMethod),
+    AzureAuthLogin(AzureAuthMethod),
+    GcpIdTokenAuthLogin(GCPIdTokenAuthMethod),
+    GcpIamAuthLogin(GCPIamAuthMethod),
+    AwsIamAuthLogin(AWSIamAuthMethod),
 }

crates/infisical/src/api/auth/aws_iam_login.rs

@@ -15,18 +15,10 @@ use aws_sigv4::{
 use crate::helper::get_aws_region;
 use log::debug;
 
-pub async fn aws_iam_login(client: &mut Client) -> Result<AccessTokenSuccessResponse> {
-    let identity_id;
-
-    if let Some(aws_iam_auth) = &client.auth.aws_iam {
-        identity_id = aws_iam_auth.identity_id.clone();
-    } else {
-        return Err(Error::MissingParametersAuthError {
-            message: "Attempt to authenticate with AWS IAM failed. Identity ID is missing."
-                .to_string(),
-        });
-    }
-
+pub async fn aws_iam_login(
+    client: &mut Client,
+    identity_id: String,
+) -> Result<AccessTokenSuccessResponse> {
     let aws_region = get_aws_region().await?.into_owned();
     let aws_region_str: &'static str = Box::leak(aws_region.into_boxed_str());
 

crates/infisical/src/api/auth/azure_login.rs

@@ -2,7 +2,7 @@ use serde::{Deserialize, Serialize};
 
 use crate::{
     constants::AZURE_METADATA_SERVICE_URL,
-    error::{api_error_handler, Error, Result},
+    error::{api_error_handler, Result},
     Client,
 };
 
@@ -13,17 +13,10 @@ struct AzureSuccessResponse {
     access_token: String,
 }
 
-pub async fn azure_login(client: &mut Client) -> Result<AccessTokenSuccessResponse> {
-    let identity_id;
-
-    if let Some(azure_auth) = &client.auth.azure {
-        identity_id = azure_auth.identity_id.clone();
-    } else {
-        return Err(Error::MissingParametersAuthError {
-            message: "Attempt to authenticate with Azure. Identity ID is missing.".to_string(),
-        });
-    }
-
+pub async fn azure_login(
+    client: &mut Client,
+    identity_id: String,
+) -> Result<AccessTokenSuccessResponse> {
     let request_client = reqwest::Client::builder()
         .use_preconfigured_tls(rustls_platform_verifier::tls_config())
         .build()

crates/infisical/src/api/auth/gcp_iam_login.rs

@@ -17,19 +17,11 @@ struct JwtPayload {
 
 use super::AccessTokenSuccessResponse;
 
-pub async fn gcp_iam_login(client: &mut Client) -> Result<AccessTokenSuccessResponse> {
-    let service_account_key_path;
-    let identity_id;
-
-    if let Some(gcp_iam_auth) = &client.auth.gcp_iam {
-        service_account_key_path = gcp_iam_auth.service_account_key_file_path.clone();
-        identity_id = gcp_iam_auth.identity_id.clone();
-    } else {
-        return Err(Error::MissingParametersAuthError {
-          message: "Attempt to authenticate with GCP IAM failed. Identity ID or service account key path is missing.".to_string(),
-      });
-    }
-
+pub async fn gcp_iam_login(
+    client: &mut Client,
+    identity_id: String,
+    service_account_key_path: String,
+) -> Result<AccessTokenSuccessResponse> {
     let service_account_key = &read_service_account_key(service_account_key_path).await?;
 
     // Create an authenticator

crates/infisical/src/api/auth/gcp_id_token_login.rs

@@ -6,18 +6,10 @@ use crate::{
 
 use super::AccessTokenSuccessResponse;
 
-pub async fn gcp_id_token_login(client: &mut Client) -> Result<AccessTokenSuccessResponse> {
-    let identity_id;
-
-    if let Some(gcp_id_token_auth) = &client.auth.gcp_id_token {
-        identity_id = gcp_id_token_auth.identity_id.clone();
-    } else {
-        return Err(Error::MissingParametersAuthError {
-            message: "Attempt to authenticate with GCP ID Token failed. Identity ID is missing."
-                .to_string(),
-        });
-    }
-
+pub async fn gcp_id_token_login(
+    client: &mut Client,
+    identity_id: String,
+) -> Result<AccessTokenSuccessResponse> {
     let request_client = reqwest::Client::builder()
         .use_preconfigured_tls(rustls_platform_verifier::tls_config())
         .build()

crates/infisical/src/api/auth/kubernetes_login.rs

@@ -7,24 +7,11 @@ use crate::{
 
 use super::{auth_infisical_kubernetes, AccessTokenSuccessResponse};
 
-pub async fn kubernetes_login(client: &mut Client) -> Result<AccessTokenSuccessResponse> {
-    let identity_id;
-    let service_account_token_path;
-
-    if let Some(kubernetes_auth) = &client.auth.kubernetes {
-        identity_id = kubernetes_auth.identity_id.clone();
-        if kubernetes_auth.service_account_token_path.is_none() {
-            return Err(Error::MissingParametersAuthError {
-                message: "Attempt to authenticate with Kubernetes. Service account token path is missing.".to_string(),
-            });
-        }
-        service_account_token_path = kubernetes_auth.service_account_token_path.clone().unwrap();
-    } else {
-        return Err(Error::MissingParametersAuthError {
-            message: "Attempt to authenticate with Kubernetes. Identity ID and service account token path is missing.".to_string(),
-        });
-    }
-
+pub async fn kubernetes_login(
+    client: &mut Client,
+    identity_id: String,
+    service_account_token_path: String,
+) -> Result<AccessTokenSuccessResponse> {
     debug!(
         "Reading service account token from path: {}",
         service_account_token_path

crates/infisical/src/api/auth/mod.rs

@@ -20,11 +20,15 @@ fn base64_encode(plain: String) -> String {
     return base64::engine::general_purpose::STANDARD.encode(plain);
 }
 
-#[derive(Serialize, Deserialize, Debug, JsonSchema)]
+#[derive(Serialize, Deserialize, Debug, JsonSchema, Clone)]
 #[serde(rename_all = "camelCase")]
 
 pub struct AccessTokenSuccessResponse {
     pub access_token: String,
+    pub expires_in: i64,
+    #[serde(rename = "accessTokenMaxTTL")]
+    pub access_token_max_ttl: i64,
+    pub token_type: String,
 }
 
 #[derive(Serialize)]

crates/infisical/src/api/auth/universal_auth_login.rs

@@ -1,5 +1,5 @@
 use crate::{
-    error::{api_error_handler, Error, Result},
+    error::{api_error_handler, Result},
     Client,
 };
 use log::debug;
@@ -8,19 +8,11 @@ use std::collections::HashMap;
 
 use super::AccessTokenSuccessResponse;
 
-pub async fn universal_auth_login(client: &mut Client) -> Result<AccessTokenSuccessResponse> {
-    let client_id;
-    let client_secret;
-
-    if let Some(universal_auth) = &client.auth.universal_auth {
-        client_id = universal_auth.client_id.clone();
-        client_secret = universal_auth.client_secret.clone();
-    } else {
-        return Err(Error::MissingParametersAuthError {
-            message: "Attempt to authenticate with Universal Auth failed. Universal auth credentials are missing.".to_string(),
-        });
-    }
-
+pub async fn universal_auth_login(
+    client: &mut Client,
+    client_id: String,
+    client_secret: String,
+) -> Result<AccessTokenSuccessResponse> {
     let mut body = HashMap::new();
     body.insert("clientId", Some(client_id));
     body.insert("clientSecret", Some(client_secret));

crates/infisical/src/auth/mod.rs

@@ -1,4 +1 @@
-pub mod authenticate;
-
 pub use crate::api::auth::AccessTokenSuccessResponse;
-pub use authenticate::UpdateAccessTokenRequest;