getnelson / platypus   0.1.6

Apache License 2.0 GitHub

A semiaquatic animal with venomous ankles, wielding a Vault client in Scala

Scala versions: 2.12 2.11

Platypus

Build Status Maven Central codecov

A native Scala client for interacting with Vault. There is currently only one supported client, which uses http4s to make HTTP calls to Vault. Alternative implementations could be added with relative ease by providing an additional free interpreter for the VaultOp algebra.

Getting started

Add the following to your build.sbt:

libraryDependencies += "io.getnelson.platypus" %% "http4s" % "x.y.z"

Where x.y.z is the desired Platypus version. Check for the latest release Maven Central.

Algebra

Platypus currently only supports a limited subset of the total actions available within the Vault HTTP API. Supported operations are iterated within the VaultOp source. For example, to create a new policy one can construct the operation as such:

import platypus._

val fooReadOnly = Rule(
  path = "secret/foo",
  capabilities = "read" :: Nil,
  policy = None
)

val createMyPolicy: VaultOpF[Unit] = VaultOp
  .createPolicy(
    name = "my-policy",
    rules = fooReadOnly :: Nil
  )

This however is just a description of what operation the program might perform in the future, just creating these operations does not actually execute the operations. In order to create the policy, we need to use the http4s interpreter.

http4s Interpreter

First we create an interpreter, which requires a Vault token, an http4s client, and a base url for Vault:

import cats.effect.IO
import org.http4s.Uri.uri
import org.http4s.client.blaze.Http1Client
import platypus._
import platypus.http4s._

val token = Token("1c1cb196-a03c-4336-bfac-d551849e11de")
val client = Http1Client[IO]().unsafeRunSync
val baseUrl = uri("http://127.0.0.1:8200")

val interpreter = new Http4sVaultClient(baseUrl, client)

Now we can apply commands to our http4s client to get back IOs which actually interact with Vault:

import cats.effect.IO

val c: IO[Unit] = platypus.run(interpreter, createMyPolicy)

// actually execute the calls
c.unsafeRunSync

Typically, the Platypus algebra would be a part of a Coproduct with other algebras in a larger program, so running the IO immediately after platypus.run is not typical.

Supported Vault Versions

  • 0.10.x

Contributing

Contributions are welcome; particularly to expand the algebra with additional operations that are supported by Vault but not yet supported by Platypus.

Statistics

Contributors

11 Dependencies

No Dependent