MovableInkAWS 0.2.7 → 0.2.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +2 -2
- data/lib/movable_ink/aws/ssm.rb +17 -3
- data/lib/movable_ink/aws.rb +3 -3
- data/lib/movable_ink/version.rb +1 -1
- data/spec/ssm_spec.rb +41 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 88c1b6ff56ab368ab4d97a3f539b6a822e7af3c0447f8373a3601907c4e90393
|
4
|
+
data.tar.gz: 31146689d3eab6d8514f88cb85c013b1d4314ff5ad06376fc6e2f7b577dc94a2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 18352f2392290945415bf01b8be8daf41dfa4e5d146174f9d2bebe7154e74681eaced174a1a44cd072190521cb03c2045436d6c9eed8b246b885c267ded92370
|
7
|
+
data.tar.gz: f76fdc11f3109407596a82005400701345d9bea7803f14b3ebf2be283c3ca8ad1072c313370590b86974759dbd5e38cc98631c314ddb0d0b825b7672796734b4
|
data/Gemfile.lock
CHANGED
data/lib/movable_ink/aws/ssm.rb
CHANGED
@@ -1,12 +1,26 @@
|
|
1
1
|
module MovableInk
|
2
2
|
class AWS
|
3
3
|
module SSM
|
4
|
-
def
|
4
|
+
def ssm_client
|
5
5
|
@ssm_client ||= Aws::SSM::Client.new(region: 'us-east-1')
|
6
6
|
end
|
7
7
|
|
8
|
-
def
|
8
|
+
def ssm_client_failover
|
9
|
+
@ssm_client_failover ||= Aws::SSM::Client.new(region: 'us-west-2')
|
10
|
+
end
|
11
|
+
|
12
|
+
def run_with_backoff_and_client_fallback(&block)
|
9
13
|
run_with_backoff do
|
14
|
+
block.call(ssm_client)
|
15
|
+
end
|
16
|
+
rescue MovableInk::AWS::Errors::FailedWithBackoff => e
|
17
|
+
run_with_backoff(tries: 3) do
|
18
|
+
block.call(ssm_client_failover)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
def get_secret(environment: mi_env, role:, attribute:)
|
23
|
+
run_with_backoff_and_client_fallback do |ssm|
|
10
24
|
begin
|
11
25
|
resp = ssm.get_parameter(
|
12
26
|
name: "/#{environment}/#{role}/#{attribute}",
|
@@ -21,7 +35,7 @@ module MovableInk
|
|
21
35
|
|
22
36
|
def get_role_secrets(environment: mi_env, role:)
|
23
37
|
path = "/#{environment}/#{role}"
|
24
|
-
|
38
|
+
run_with_backoff_and_client_fallback do |ssm|
|
25
39
|
ssm.get_parameters_by_path(
|
26
40
|
path: path,
|
27
41
|
with_decryption: true
|
data/lib/movable_ink/aws.rb
CHANGED
@@ -41,8 +41,8 @@ module MovableInk
|
|
41
41
|
end
|
42
42
|
end
|
43
43
|
|
44
|
-
def run_with_backoff(quiet: false)
|
45
|
-
|
44
|
+
def run_with_backoff(quiet: false, tries: 9)
|
45
|
+
tries.times do |num|
|
46
46
|
begin
|
47
47
|
return yield
|
48
48
|
rescue Aws::EC2::Errors::RequestLimitExceeded,
|
@@ -57,7 +57,7 @@ module MovableInk
|
|
57
57
|
MovableInk::AWS::Errors::NoEnvironmentTagError
|
58
58
|
sleep_time = (num+1)**2 + rand(10)
|
59
59
|
if quiet
|
60
|
-
(num >=
|
60
|
+
(num >= tries - 1) ? notify_and_sleep(sleep_time, $!.class) : sleep(sleep_time)
|
61
61
|
else
|
62
62
|
notify_and_sleep(sleep_time, $!.class)
|
63
63
|
end
|
data/lib/movable_ink/version.rb
CHANGED
data/spec/ssm_spec.rb
CHANGED
@@ -50,7 +50,7 @@ describe MovableInk::AWS::SSM do
|
|
50
50
|
it "should retrieve a decrypted secret" do
|
51
51
|
ssm.stub_responses(:get_parameter, parameter)
|
52
52
|
allow(aws).to receive(:mi_env).and_return('test')
|
53
|
-
allow(aws).to receive(:
|
53
|
+
allow(aws).to receive(:ssm_client).and_return(ssm)
|
54
54
|
|
55
55
|
expect(aws.get_secret(role: 'sneakers', attribute: 'setec-astronomy')).to eq('too-many-secrets')
|
56
56
|
end
|
@@ -58,8 +58,47 @@ describe MovableInk::AWS::SSM do
|
|
58
58
|
it "should retrieve all secrets for a role" do
|
59
59
|
ssm.stub_responses(:get_parameters_by_path, parameters)
|
60
60
|
allow(aws).to receive(:mi_env).and_return('test')
|
61
|
-
allow(aws).to receive(:
|
61
|
+
allow(aws).to receive(:ssm_client).and_return(ssm)
|
62
62
|
|
63
63
|
expect(aws.get_role_secrets(role: 'zelda')).to eq(zelda_secrets)
|
64
64
|
end
|
65
|
+
|
66
|
+
describe 'ssm_client' do
|
67
|
+
it 'uses to us-east-1 as a primary for secrets' do
|
68
|
+
expect(Aws::SSM::Client).to receive(:new).with({ region: 'us-east-1' })
|
69
|
+
aws.ssm_client
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
describe 'ssm_client_failover' do
|
74
|
+
it 'fails over to us-west-2' do
|
75
|
+
expect(Aws::SSM::Client).to receive(:new).with({ region: 'us-west-2' })
|
76
|
+
aws.ssm_client_failover
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
describe 'run_with_backoff_and_client_fallback' do
|
81
|
+
it 'passes in the ssm_client client and then the ssm_client_failover client' do
|
82
|
+
allow(aws).to receive(:ssm_client).and_return(1)
|
83
|
+
allow(aws).to receive(:ssm_client_failover).and_return(2)
|
84
|
+
allow(aws).to receive(:notify_and_sleep).and_return(nil)
|
85
|
+
|
86
|
+
results = []
|
87
|
+
calls = 0
|
88
|
+
|
89
|
+
begin
|
90
|
+
aws.run_with_backoff_and_client_fallback do |client|
|
91
|
+
calls += 1
|
92
|
+
results.push(client)
|
93
|
+
raise Aws::EC2::Errors::RequestLimitExceeded.new('context', 'message')
|
94
|
+
end
|
95
|
+
rescue
|
96
|
+
end
|
97
|
+
|
98
|
+
# 9 calls for the first client and 3 calls for the second client
|
99
|
+
expect(calls).to eq(12)
|
100
|
+
# the results will include the mock values for each of the clients
|
101
|
+
expect(results).to include(1, 2)
|
102
|
+
end
|
103
|
+
end
|
65
104
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: MovableInkAWS
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Matt Chesler
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-03-
|
11
|
+
date: 2019-03-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk
|