Class: PatientHttp::SecretManager

Inherits:

Object

• Object
• PatientHttp::SecretManager

Defined in:

lib/patient_http/secret_manager.rb

Overview

Resolves SecretReference values into their actual secret values when a request is sent by the processor.

A SecretManager is built from the secrets registered on the Configuration.

See Also:

• Configuration#secret_manager

Defined Under Namespace

Classes: SecretNotFoundError

Instance Method Summary

• #include?(name) ⇒ Boolean

  Check if a secret name is registered in the static registry.

• #initialize(secrets: {}) ⇒ SecretManager constructor

  Initialize a new SecretManager.

• #resolve(name) ⇒ String

  Resolve a secret by name.

• #resolve_headers(headers) ⇒ Hash^?

  Resolve any secret references in a headers hash, returning a new hash.

• #resolve_params(params) ⇒ Hash^?

  Resolve any secret references in a params hash, returning a new hash.

• #resolve_url(url, secret_params) ⇒ String

  Append resolved secret params to a URL’s query string.

Constructor Details

#initialize(secrets: {}) ⇒ SecretManager

Initialize a new SecretManager.

Parameters:

• secrets (Hash{String => Object}) (defaults to: {}) —

  static registry mapping names to values (a value may be a callable, which is invoked with the name to produce the value) secret not found in the static registry

# File 'lib/patient_http/secret_manager.rb', line 19

def initialize(secrets: {})
  @secrets = secrets || {}
end

Instance Method Details

#include?(name) ⇒ Boolean

Check if a secret name is registered in the static registry.

Parameters:

• name (String, Symbol) —

  the secret name

Returns:

• (Boolean) —

  true if the name is registered, false otherwise

# File 'lib/patient_http/secret_manager.rb', line 27

def include?(name)
  @secrets.include?(name.to_s)
end

#resolve(name) ⇒ String

Resolve a secret by name.

The static registry is checked first; if the registered value responds to #call it is invoked with the name. If the name is not in the registry, an error is raised.

Parameters:

• name (String, Symbol) —

  the secret name

Returns:

• (String) —

  the resolved secret value

Raises:

• (SecretNotFoundError) —

  if the secret cannot be resolved

# File 'lib/patient_http/secret_manager.rb', line 39

def resolve(name)
  name = name.to_s

  unless @secrets.include?(name)
    raise SecretNotFoundError.new("No secret registered for #{name.inspect}")
  end

  value = @secrets[name]
  value = value.call(name) if value.respond_to?(:call)
  value&.to_s
end

#resolve_headers(headers) ⇒ Hash^?

Resolve any secret references in a headers hash, returning a new hash.

Parameters:

• headers (Hash, nil) —

  header name/value pairs

Returns:

• (Hash, nil) —

  a new hash with secret references replaced by resolved values

# File 'lib/patient_http/secret_manager.rb', line 55

def resolve_headers(headers)
  resolve_values(headers)
end

#resolve_params(params) ⇒ Hash^?

Resolve any secret references in a params hash, returning a new hash.

Parameters:

• params (Hash, nil) —

  param name/value pairs

Returns:

• (Hash, nil) —

  a new hash with secret references replaced by resolved values

# File 'lib/patient_http/secret_manager.rb', line 63

def resolve_params(params)
  resolve_values(params)
end

#resolve_url(url, secret_params) ⇒ String

Append resolved secret params to a URL’s query string.

Parameters:

• url (String) —

  the request URL

• secret_params (Hash, nil) —

  secret param name/value (SecretReference) pairs

Returns:

• (String) —

  the URL with resolved secret params appended (unchanged if none)

# File 'lib/patient_http/secret_manager.rb', line 72

def resolve_url(url, secret_params)
  return url if secret_params.nil? || secret_params.empty?

  serialized_params = URI.encode_www_form(resolve_params(secret_params))
  uri = URI(url)
  uri.query = [uri.query, serialized_params].compact.reject(&:empty?).join("&")
  uri.to_s
end