chef-vault-retry 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +2 -0
- data/Gemfile +3 -0
- data/README.md +39 -0
- data/chef-vault-retry.gemspec +19 -0
- data/lib/chef-vault-retry.rb +39 -0
- data/lib/chef-vault-retry/version.rb +20 -0
- metadata +65 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: ff30d34bbf8026116369661dfe0339c53bfb2b51
|
|
4
|
+
data.tar.gz: a527512f4de92b17142e06c7993beaa670ff4289
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 41b84e9897fe479a20032128b488955a32cae01f308715c8135b1c201bb03cb9b1d4feaf2c11f6dff4fde35fa8e0cccd5e66abeefaa7245d9a7224b6c61df285
|
|
7
|
+
data.tar.gz: f1c0f2d2ae341a2e17f902cbd30ae09b76991be40f485a33e95041e7607ec55b37ce23453a087a3ac64a09d8868737c96c7fedcb39d3b1c2192c2e51e0b50cb9
|
data/.gitignore
ADDED
data/Gemfile
ADDED
data/README.md
ADDED
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
## Overview
|
|
2
|
+
|
|
3
|
+
Wraps `ChefVault::Item.load` with a new method `ChefVaultRetry::Item.load` that will periodically retry to decrypt the secret if an exception is raised. This is primarily intended to ease the bootstrapping of new systems by keeping chef-client runs from failing.
|
|
4
|
+
|
|
5
|
+
## Use
|
|
6
|
+
|
|
7
|
+
Replace the following code in your recipes:
|
|
8
|
+
|
|
9
|
+
```
|
|
10
|
+
chef_gem 'chef-vault' do
|
|
11
|
+
compile_time true if respond_to?(:compile_time)
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
require 'chef-vault'
|
|
15
|
+
|
|
16
|
+
item = ChefVault::Item.load('passwords', 'root')
|
|
17
|
+
item['password']
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
with this instead:
|
|
21
|
+
|
|
22
|
+
```
|
|
23
|
+
chef_gem 'chef-vault-retry' do
|
|
24
|
+
compile_time true if respond_to?(:compile_time)
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
require 'chef-vault-retry'
|
|
28
|
+
|
|
29
|
+
item = ChefVaultRetry::Item.load('passwords', 'root')
|
|
30
|
+
item['password']
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
The same ChefVault::Item.load method will be called, but if a secret decryption exception is raised:
|
|
34
|
+
|
|
35
|
+
1. A message will output about the failure
|
|
36
|
+
* e.g. `SecretDecryption exception raised; please refresh vault item (passwords/root)`
|
|
37
|
+
2. Recipe execution will pause for 30 seconds
|
|
38
|
+
3. The process will repeat
|
|
39
|
+
* It will repeat this 40 times by default (~20 minutes). The number of retries can be customized by passing a Fixnum as the `retries` argument of `ChefVaultRetry::Item.load`
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
$:.push File.expand_path('../lib', __FILE__)
|
|
2
|
+
require 'chef-vault-retry/version'
|
|
3
|
+
|
|
4
|
+
Gem::Specification.new do |s|
|
|
5
|
+
s.name = 'chef-vault-retry'
|
|
6
|
+
s.version = ChefVaultRetry::VERSION
|
|
7
|
+
s.authors = ['Biola University']
|
|
8
|
+
s.email = ['sysadmins@biola.edu']
|
|
9
|
+
s.summary = 'Retry support for chef-vault'
|
|
10
|
+
s.description = s.summary
|
|
11
|
+
s.homepage = 'https://github.com/biola/chef-vault-retry'
|
|
12
|
+
|
|
13
|
+
s.license = 'Apache License, v2.0'
|
|
14
|
+
|
|
15
|
+
s.files = `git ls-files`.split("\n")
|
|
16
|
+
s.require_paths = ['lib']
|
|
17
|
+
|
|
18
|
+
s.add_runtime_dependency 'chef-vault', '~> 2.6'
|
|
19
|
+
end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
#
|
|
2
|
+
# Author:: Troy Ready (<troy.ready@biola.edu>)
|
|
3
|
+
#
|
|
4
|
+
# Copyright:: 2015, Biola University
|
|
5
|
+
#
|
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
7
|
+
# you may not use this file except in compliance with the License.
|
|
8
|
+
# You may obtain a copy of the License at
|
|
9
|
+
#
|
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
|
11
|
+
#
|
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
15
|
+
# See the License for the specific language governing permissions and
|
|
16
|
+
# limitations under the License.
|
|
17
|
+
#
|
|
18
|
+
|
|
19
|
+
require 'chef-vault'
|
|
20
|
+
|
|
21
|
+
class ChefVaultRetry
|
|
22
|
+
class Item
|
|
23
|
+
|
|
24
|
+
def self.load(v, i, retries=40)
|
|
25
|
+
retries.times do
|
|
26
|
+
begin
|
|
27
|
+
return ChefVault::Item.load(v, i)
|
|
28
|
+
rescue ChefVault::Exceptions::SecretDecryption
|
|
29
|
+
puts "SecretDecryption exception raised; "\
|
|
30
|
+
"please refresh vault item (#{v}/#{i})"
|
|
31
|
+
sleep 30
|
|
32
|
+
next
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
fail "Failed after #{retries} attempts to decrypt #{v}/#{i}"
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
end
|
|
39
|
+
end
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# Description: chef-vault-retry VERSION file
|
|
2
|
+
# Copyright 2015, Biola University
|
|
3
|
+
# Copyright 2013-15, Nordstrom, Inc.
|
|
4
|
+
|
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
6
|
+
# you may not use this file except in compliance with the License.
|
|
7
|
+
# You may obtain a copy of the License at
|
|
8
|
+
|
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
|
10
|
+
|
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
14
|
+
# See the License for the specific language governing permissions and
|
|
15
|
+
# limitations under the License.
|
|
16
|
+
|
|
17
|
+
class ChefVaultRetry
|
|
18
|
+
VERSION = '0.1.0'
|
|
19
|
+
MAJOR, MINOR, TINY = VERSION.split('.')
|
|
20
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: chef-vault-retry
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.1.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Biola University
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2015-10-13 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: chef-vault
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - "~>"
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '2.6'
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - "~>"
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '2.6'
|
|
27
|
+
description: Retry support for chef-vault
|
|
28
|
+
email:
|
|
29
|
+
- sysadmins@biola.edu
|
|
30
|
+
executables: []
|
|
31
|
+
extensions: []
|
|
32
|
+
extra_rdoc_files: []
|
|
33
|
+
files:
|
|
34
|
+
- ".gitignore"
|
|
35
|
+
- Gemfile
|
|
36
|
+
- README.md
|
|
37
|
+
- chef-vault-retry.gemspec
|
|
38
|
+
- lib/chef-vault-retry.rb
|
|
39
|
+
- lib/chef-vault-retry/version.rb
|
|
40
|
+
homepage: https://github.com/biola/chef-vault-retry
|
|
41
|
+
licenses:
|
|
42
|
+
- Apache License, v2.0
|
|
43
|
+
metadata: {}
|
|
44
|
+
post_install_message:
|
|
45
|
+
rdoc_options: []
|
|
46
|
+
require_paths:
|
|
47
|
+
- lib
|
|
48
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
49
|
+
requirements:
|
|
50
|
+
- - ">="
|
|
51
|
+
- !ruby/object:Gem::Version
|
|
52
|
+
version: '0'
|
|
53
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
54
|
+
requirements:
|
|
55
|
+
- - ">="
|
|
56
|
+
- !ruby/object:Gem::Version
|
|
57
|
+
version: '0'
|
|
58
|
+
requirements: []
|
|
59
|
+
rubyforge_project:
|
|
60
|
+
rubygems_version: 2.4.5
|
|
61
|
+
signing_key:
|
|
62
|
+
specification_version: 4
|
|
63
|
+
summary: Retry support for chef-vault
|
|
64
|
+
test_files: []
|
|
65
|
+
has_rdoc:
|