Merge pull request #47 from vimc/vimc-7150

Pre release tidyup, part 1

.Rbuildignore

@@ -14,3 +14,5 @@
 ^\.github$
 ^\.lintr$
 ^development\.md$
+^_pkgdown\.yml$
+^docs$

.github/workflows/pkgdown.yaml

@@ -39,6 +39,10 @@ jobs:
           extra-packages: any::pkgdown, local::.
           needs: website
 
+      - name: Move real vignettes
+        run: |
+          cp vignettes_src/* vignettes
+
       - name: Build site
         run: pkgdown::build_site_github_pages(new_process = FALSE, install = FALSE)
         shell: Rscript {0}

Makefile

@@ -43,10 +43,7 @@ README.md: README.Rmd
 	rm -f $@.bak
 
 pkgdown:
-	./scripts/pkgdown
-
-website: pkgdown
-	./scripts/update_web.sh
+	Rscript -e 'pkgdown::build_site()'
 
 manual:
 	R CMD Rd2pdf --no-clean .

NEWS.md

@@ -1,57 +1,57 @@
-## 1.1.5
+# 1.1.5
 
 * Support for authentication with LDAP (#42)
 
-## 1.1.2
+# 1.1.2
 
 * Support for vault [namespaces](https://developer.hashicorp.com/vault/tutorials/enterprise/namespaces) on enterprise versions of vault
 
-## 1.0.4
+# 1.0.4
 
 * `vaultr::vault_resolve_secrets` (and `$read` in the kv1 secrets engine) provide more information about what was being read at the point of failure (VIMC-3437)
 
-## 1.0.3
+# 1.0.3
 
 * New convenience argument to `vaultr::vault_resolve_secrets` to pass in all connection arguments at once, designed to make this easier to use from scripts (VIMC-3397).
 
-## 1.0.2
+# 1.0.2
 
 * First public release
 
-## 0.2.6
+# 0.2.6
 
 * All objects gain a `help()` method, with the aim of making the main help easier to find.
 
-## 0.2.5
+# 0.2.5
 
 * Support for AppRole authentication
 * Move secrets support under secrets top level element (so `vault$secrets$kv1` rather than `vault$kv1`); VIMC-2891
 
-## 0.2.4
+# 0.2.4
 
 * Support for the [`cubbyhole`](https://www.vaultproject.io/docs/secrets/cubbyhole/index.html) secret engine and response wrapping
 * Faster testing on windows due to improved timeouts while looking for free ports
 
-## 0.2.3
+# 0.2.3
 
 * Fix windows filename issue with test server
 
-## 0.2.2
+# 0.2.2
 
 * Add vault_resolve_secrets method
 
-## 0.2.1
+# 0.2.1
 
 * Documentation for core classes
 
-## 0.2.0
+# 0.2.0
 
 * Complete rewrite based on use over the last year:
   - supporting many more vault methods
   - a better base for ongoing method support
   - rationalised authentication and caching
   - easier to use server for tests
 
-## 0.1.0
+# 0.1.0
 
 * Initial internal release

R/http.R

@@ -26,12 +26,9 @@ vault_client_response <- function(res, to_json = TRUE) {
   if (code >= 400 && code < 600) {
     if (response_is_json(res)) {
       dat <- response_to_json(res)
-      ## TODO: this section is a bit out of sync with
-      ## https://www.vaultproject.io/api/overview.html#error-response
-      ## which mentions errors but not warnings
+      ## https://developer.hashicorp.com/vault/api-docs#error-response
       errors <- list_to_character(dat$errors)
-      warnings <- list_to_character(dat$warnings)
-      text <- paste(c(errors, warnings), collapse = "\n")
+      text <- paste(errors, collapse = "\n")
     } else {
       errors <- NULL
       text <- trimws(httr::content(res, "text", encoding = "UTF-8"))

R/server_manager.R

@@ -16,9 +16,10 @@
 ##' Starting a server in test mode must *not* be used for production
 ##'   under any circumstances.  As the name suggests,
 ##'   `vault_test_server` is a server suitable for *tests* only and
-##'   lacks any of the features required to make vault secure.  Please
-##'   see https://www.vaultproject.io/docs/concepts/dev-server.html
-##'   for more information
+##'   lacks any of the features required to make vault secure.  For
+##'   more information, please see the the official Vault
+##'   documentation on development servers:
+##'   https://developer.hashicorp.com/vault/docs/concepts/dev-server
 ##'
 ##' @title Control a test vault server
 ##'
@@ -223,7 +224,7 @@ vault_server_start_dev <- function(bin, port, quiet) {
     Sys.sleep(0.5) # nocov
   }
 
-  ## See https://www.vaultproject.io/docs/secrets/kv/kv-v2.html#setup
+  ## See https://developer.hashicorp.com/vault/docs/secrets/kv/kv-v2#setup
   ##
   ## > when running a dev-mode server, the v2 kv secrets engine is
   ## > enabled by default at the path secret/ (for non-dev servers, it

R/vault_client_audit.R

@@ -1,5 +1,5 @@
 ##' Interact with vault's audit devices.  For more details, see
-##' https://www.vaultproject.io/docs/audit/
+##' https://developer.hashicorp.com/vault/docs/audit
 ##'
 ##' @title Vault Audit Devices
 ##' @name vault_client_audit

R/vault_client_auth_approle.R

@@ -1,6 +1,6 @@
 ##' Interact with vault's AppRole authentication backend.  For more
 ##' details about this, see the vault documentation at
-##' https://www.vaultproject.io/docs/auth/approle.html
+##' https://developer.hashicorp.com/vault/docs/auth/approle
 ##'
 ##' @title Vault AppRole Authentication Configuration
 ##' @name vault_client_auth_approle

R/vault_client_auth_github.R

@@ -1,18 +1,19 @@
 ##' Interact with vault's GitHub authentication backend.  For more
 ##' details, please see the vault documentation at
-##' https://www.vaultproject.io/docs/auth/github.html
+##' https://developer.hashicorp.com/vault/docs/auth/github
 ##'
 ##' @title Vault GitHub Authentication Configuration
 ##' @name vault_client_auth_github
 ##'
 ##' @examples
 ##' server <- vaultr::vault_test_server(if_disabled = message)
-##' if (!is.null(server)) {
+##' token <- Sys.getenv("VAULT_TEST_AUTH_GITHUB_TOKEN")
+##' if (!is.null(server) && nzchar(token)) {
 ##'   client <- server$client()
 ##'
 ##'   client$auth$enable("github")
-##'   # To enable login for members of the organisation "vimc":
-##'   client$auth$github$configure(organization = "vimc")
+##'   # To enable login for members of the organisation "example":
+##'   client$auth$github$configure(organization = "example")
 ##'   # To map members of the "robots" team *within* that organisation
 ##'   # to the "defaut" policy:
 ##'   client$auth$github$write("development", "default")

R/vault_client_auth_ldap.R

@@ -2,7 +2,7 @@
 ##' can be used to configure users based on their presence or group
 ##' membership in an LDAP server.  For more information, please see
 ##' the vault documentation
-##' https://www.vaultproject.io/docs/auth/ldap.html
+##' https://developer.hashicorp.com/vault/docs/auth/ldap
 ##'
 ##' @title Vault LDAP Authentication Configuration
 ##' @name vault_client_auth_ldap

R/vault_client_auth_userpass.R

@@ -2,7 +2,7 @@
 ##' This backend can be used to configure basic username+password
 ##' authentication, suitable for human users.  For more information,
 ##' please see the vault documentation
-##' https://www.vaultproject.io/docs/auth/userpass.html
+##' https://developer.hashicorp.com/vault/docs/auth/userpass
 ##'
 ##' @title Vault Username/Password Authentication Configuration
 ##' @name vault_client_auth_userpass

R/vault_client_cubbyhole.R

@@ -3,7 +3,7 @@
 ##' (c.f. [vaultr::vault_client_kv2]) that is scoped to your
 ##' current token only and not accessible to anyone else.  For more
 ##' details please see the vault documentation
-##' https://www.vaultproject.io/docs/secrets/cubbyhole/index.html
+##' https://developer.hashicorp.com/vault/docs/secrets/cubbyhole
 ##'
 ##' @title Cubbyhole secret store
 ##' @name vault_client_cubbyhole

R/vault_client_kv2.R

@@ -2,7 +2,7 @@
 ##' for storing simple key-value data that can be versioned and for
 ##' storing metadata alongside the secrets (see
 ##' [vaultr::vault_client_kv1] for a simpler key-value store, and see
-##' https://www.vaultproject.io/docs/secrets/kv/kv-v2.html for
+##' https://developer.hashicorp.com/vault/docs/secrets/kv/kv-v2 for
 ##' detailed information about this secret store.
 ##'
 ##' A `kv2` store can be mounted anywhere, so all methods accept

R/vault_client_policy.R

@@ -1,6 +1,6 @@
 ##' Interact with vault's policies.  To get started, you may want to
 ##' read up on policies as described in the vault manual, here:
-##' https://www.vaultproject.io/docs/concepts/policies.html
+##' https://developer.hashicorp.com/vault/docs/concepts/policies
 ##'
 ##' @title Vault Policy Configuration
 ##' @name vault_client_policy

R/vault_client_token.R

@@ -2,9 +2,9 @@
 ##' querying, creating and deleting tokens.  Tokens are fundamental to
 ##' the way that vault works, so there are a lot of methods here.  The
 ##' vault documentation has a page devoted to token concepts:
-##' https://www.vaultproject.io/docs/concepts/tokens.html. There is
-##' also a page with commands:
-##' https://www.vaultproject.io/docs/commands/token/index.html - these
+##' https://developer.hashicorp.com/vault/docs/concepts/tokens - there
+##' is also a page with commands:
+##' https://developer.hashicorp.com/vault/docs/commands/token - these
 ##' have names very similar to the names used here.
 ##'
 ##' @section Token Accessors:
@@ -192,7 +192,7 @@ vault_client_token <- R6::R6Class(
     ##'
     ##' @param wrap_ttl Indicates that the secret should be wrapped.
     ##'   This is discussed in the vault documentation:
-    ##'   https://www.vaultproject.io/docs/concepts/response-wrapping.html
+    ##'   https://developer.hashicorp.com/vault/docs/concepts/response-wrapping
     ##'   When this option is used, `vault` will take the response it
     ##'   would have sent to an HTTP client and instead insert it into
     ##'   the cubbyhole of a single-use token, returning that

R/vault_client_transit.R

@@ -4,7 +4,7 @@
 ##' transit secrets engine can also sign and verify data; generate
 ##' hashes and HMACs of data; and act as a source of random bytes.
 ##' See
-##' https://www.vaultproject.io/docs/secrets/transit/index.html
+##' https://developer.hashicorp.com/vault/docs/secrets/transit
 ##' for an introduction to the capabilities of the `transit`
 ##' engine.
 ##'
@@ -668,7 +668,7 @@ vault_client_transit <- R6::R6Class(
       assert_vault_version("0.11.4", private$api_client, path,
                            "transit key trim")
       ## TODO: this differs from the spec here:
-      ## https://www.vaultproject.io/api/secret/transit/index.html#trim-key
+      ## https://developer.hashicorp.com/vault/api-docs/secret/transit#trim-key
       ## (claims min_version)
       body <- list(min_available_version = assert_scalar_integer(min_version))
       private$api_client$POST(path, body = body)

R/vaultr.R

@@ -29,6 +29,4 @@
 ##' and the "packages" vignette.
 ##'
 ##' @title Vault Client for Secrets and Sensitive Data
-##' @name vaultr
-##' @docType package
-NULL
+"_PACKAGE"

README.Rmd

@@ -2,15 +2,20 @@
 
 <!-- badges: start -->
 [![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active)
+[![R-CMD-check](https://github.com/vimc/vaultr/actions/workflows/R-CMD-check.yaml/badge.svg)](https://github.com/vimc/vaultr/actions/workflows/R-CMD-check.yaml)
 [![codecov.io](https://codecov.io/github/vimc/vaultr/coverage.svg?branch=master)](https://app.codecov.io/github/vimc/vaultr?branch=master)
+[![CodeFactor](https://www.codefactor.io/repository/github/vimc/vaultr/badge)](https://www.codefactor.io/repository/github/vimc/vaultr)
 [![](http://www.r-pkg.org/badges/version/vaultr)](https://cran.r-project.org/package=vaultr)
-[![R-CMD-check](https://github.com/vimc/vaultr/actions/workflows/R-CMD-check.yaml/badge.svg)](https://github.com/vimc/vaultr/actions/workflows/R-CMD-check.yaml)
-)[![CodeFactor](https://www.codefactor.io/repository/github/vimc/vaultr/badge)](https://www.codefactor.io/repository/github/vimc/vaultr)
 <!-- badges: end -->
 
-API client for [vault](https://www.vaultproject.io/).
+Interact with [HashiCorp's vault](https://www.vaultproject.io/), to securely use secrets from R.  This package wraps the [vault http API](https://www.vaultproject.io/api/index.html) to allow secrets to be accessed from R.  Secrets might be passwords, tokens, certificates or any other sensitive data.
 
-Vault provides a platform for distributing secrets across machines.  This package wraps the [vault http API](https://www.vaultproject.io/api/index.html) to allow secrets to be accessed from R.  Secrets might be passwords, tokens, certificates or any other sensitive data.
+* Authenticate with several different providers (token, username and password, GitHub, LDAP, and "approle")
+* Read and write secrets into vault using its key-value stores (version 1 or 2), cubbyhole and in-transit "encryption-as-a-service"
+* Inspect and work with vault tokens
+* Read, write and update vault policies
+* Allows a degree of access to operator maintenance
+* Work with vault's audit devices
 
 ## Usage
 
@@ -68,20 +73,18 @@ Install `vaultr` from CRAN with
 install.packages("vaultr")
 ```
 
-To install our internally released version (which might be ahead of CRAN) via drat, use
-
+To install our internally released version (which might be ahead of CRAN) via our r-universe, use
 
 ```r
-# install.packages("drat") # (if needed)
-drat:::add("vimc")
-install.packages("vaultr")
+install.packages(
+  "vaultr",
+  repos = c("https://vimc.r-universe.dev", "https://cloud.r-project.org"))
 ```
 
 or install the bleeding edge with
 
 ```r
-# install.packages("devtools") # (if needed)
-devtools::install_gitub("vimc/vaultr", upgrade = FALSE)
+remotes::install_gitub("vimc/vaultr", upgrade = FALSE)
 ```
 
 ## License

README.md

@@ -2,15 +2,20 @@
 
 <!-- badges: start -->
 [![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active)
+[![R-CMD-check](https://github.com/vimc/vaultr/actions/workflows/R-CMD-check.yaml/badge.svg)](https://github.com/vimc/vaultr/actions/workflows/R-CMD-check.yaml)
 [![codecov.io](https://codecov.io/github/vimc/vaultr/coverage.svg?branch=master)](https://app.codecov.io/github/vimc/vaultr?branch=master)
+[![CodeFactor](https://www.codefactor.io/repository/github/vimc/vaultr/badge)](https://www.codefactor.io/repository/github/vimc/vaultr)
 [![](http://www.r-pkg.org/badges/version/vaultr)](https://cran.r-project.org/package=vaultr)
-[![R-CMD-check](https://github.com/vimc/vaultr/actions/workflows/R-CMD-check.yaml/badge.svg)](https://github.com/vimc/vaultr/actions/workflows/R-CMD-check.yaml)
-)[![CodeFactor](https://www.codefactor.io/repository/github/vimc/vaultr/badge)](https://www.codefactor.io/repository/github/vimc/vaultr)
 <!-- badges: end -->
 
-API client for [vault](https://www.vaultproject.io/).
+Interact with [HashiCorp's vault](https://www.vaultproject.io/), to securely use secrets from R.  This package wraps the [vault http API](https://www.vaultproject.io/api/index.html) to allow secrets to be accessed from R.  Secrets might be passwords, tokens, certificates or any other sensitive data.
 
-Vault provides a platform for distributing secrets across machines.  This package wraps the [vault http API](https://www.vaultproject.io/api/index.html) to allow secrets to be accessed from R.  Secrets might be passwords, tokens, certificates or any other sensitive data.
+* Authenticate with several different providers (token, username and password, GitHub, LDAP, and "approle")
+* Read and write secrets into vault using its key-value stores (version 1 or 2), cubbyhole and in-transit "encryption-as-a-service"
+* Inspect and work with vault tokens
+* Read, write and update vault policies
+* Allows a degree of access to operator maintenance
+* Work with vault's audit devices
 
 ## Usage
 
@@ -80,20 +85,19 @@ Install `vaultr` from CRAN with
 install.packages("vaultr")
 ```
 
-To install our internally released version (which might be ahead of CRAN) via drat, use
+To install our internally released version (which might be ahead of CRAN) via r-universe, use
 
 
 ```r
-# install.packages("drat") # (if needed)
-drat:::add("vimc")
-install.packages("vaultr")
+install.packages(
+  "vaultr",
+  repos = c("https://vimc.r-universe.dev", "https://cloud.r-project.org"))
 ```
 
 or install the bleeding edge with
 
 ```r
-# install.packages("devtools") # (if needed)
-devtools::install_gitub("vimc/vaultr", upgrade = FALSE)
+remotes::install_gitub("vimc/vaultr", upgrade = FALSE)
 ```
 
 ## License