chef_data_region 1.0.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 54ead7a041eac34a55ac2e89f139b3b21ad602c3
+  data.tar.gz: a313837d1e0dc1bf7e803df7ceb697cacd3e9eab
+SHA512:
+  metadata.gz: 38182f2d5e2ac8488e8410e1dab9e679e77b81c50f28cd6e8fa9b115bea0d6c3445da6920d778e0a5acdaf5324290ce6f3cba9d92cbd0b07721a5618f894643a
+  data.tar.gz: '08782a64f0fb303c0489b9f39767aedba09d1ac92cee06c4b463ac40a1a3e3dbb15e066049633d9deba3a758ce2307ce73ee9ef8e3d95990432773e170d3baed'

data/lib/chef/data_region.rb

@@ -0,0 +1,96 @@
+require 'chef/data_bag_item'
+require 'chef/encrypted_data_bag_item'
+require 'chef/recipe'
+
+# Chef class
+class Chef
+  # DataRegion class
+  class DataRegion
+    NAME    = 'chef_data_region'.freeze
+    VERSION = '1.0.3'.freeze
+
+    # This class variable maps data bags to expansion patterns
+    @bags = {}
+
+    # Return the configured data bags
+    def self.bags
+      @bags
+    end
+
+    # Add a bag definition to the set of bags
+    def self.add(bag_name, bag_hash)
+      @bags[bag_name] = bag_hash
+    end
+
+    # DataQuery module
+    #
+    # This module borrows its name from {Chef::DSL::DataQuery}, which
+    # defines the `data_bag_item` method. It exists for mixing in to
+    # {Chef::Recipe}, as occurs with {Chef::DSL::DataQuery}. This is
+    # the means by which `data_bag_item` is available in Chef recipes
+    # without qualification.
+    module DataQuery
+      # Fetch the specified item from the specified bag
+      #
+      # @param bag [] data bag name
+      # @param item [] data bag item name
+      # @param secret [] encrypted data bag item secret key
+      # @return [Chef::DataBagItem] the fetched data bag item
+      def data_bag_item(bag, item, secret = nil)
+        loaded_item = Chef::DataBagItem.load(expand_bag_name(bag), item)
+        encrypted?(loaded_item) ? decrypt(loaded_item) : loaded_item
+      end
+
+      private
+
+      # Decrypt an encrypted item
+      #
+      # @param item [Chef::DataBagItem] a data bag item
+      def decrypt(item)
+        secret ||= Chef::EncryptedDataBagItem.load_secret
+        Chef::EncryptedDataBagItem.new(item.raw_data, secret)
+      end
+
+      # Is the given item encrypted?
+      #
+      # @param item [Chef::DataBagItem] a data bag item
+      def encrypted?(item)
+        item.raw_data.map do |_, value|
+          value.respond_to?(:key) && value.key?('encrypted_data')
+        end.reduce(false, :|)
+      end
+
+      # Expand a data bag name if it matches one of the configured patterns.
+      #
+      # If the name matches, consult the node attribute specified in
+      # the configuration to retrieve the region name, then substitute
+      # it into the expansion pattern.
+      #
+      # If the name does not match, return the name verbatim.
+      #
+      # @param bag_name [String] a data bag name
+      # @return [String] the expanded bag name
+      def expand_bag_name(bag_name)
+        if bags.include?(bag_name)
+          bag_definition = Chef::DataRegion.bags.fetch(bag_name)
+          format(
+            bag_definition[:pattern],
+            attribute: bag_definition[:attribute].reduce(node) do |h, i|
+              h.fetch(i)
+            end
+          )
+        else
+          bag_name
+        end
+      rescue KeyError
+        bag_name
+      rescue NoMethodError
+        raise("Undefined region for data bag '#{bag_name}'")
+      end
+    end
+  end
+end
+
+# Mix the module in to {Chef::Recipe}, thereby overriding
+# Chef::DSL::DataQuery#data_bag_item
+Chef::Recipe.include(Chef::DataRegion::DataQuery)

metadata

@@ -0,0 +1,163 @@
+--- !ruby/object:Gem::Specification
+name: chef_data_region
+version: !ruby/object:Gem::Version
+  version: 1.0.3
+platform: ruby
+authors:
+- Someone
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-04-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.54'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.54'
+- !ruby/object:Gem::Dependency
+  name: chef
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '11'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '11'
+description: |
+  # Chef Data Region Gem
+
+  ## Motivation
+
+  This gem exists to address the following scenario:
+
+  An organization maintains data in Chef data bag items. The data is
+  deployed to several data center environments and is stored in data
+  bags whose names reference the environments. The organization wants to
+  write environment-agnostic recipes that access the data bags without
+  explicitly referencing the data bags by their environment names.
+
+  As a concrete example, imagine the organization maintains encrypted
+  data for three deployment environments: development, staging, and
+  production. It maintains this data in three data bags, one for each
+  environment, with data for services named `gadget` and `widget` in
+  items:
+
+      | Environment | Bag            | Item   |
+      |-------------+----------------+--------|
+      | Development | secure-dev     | gadget |
+      | Development | secure-dev     | widget |
+      | Production  | secure-prod    | gadget |
+      | Production  | secure-prod    | widget |
+      | Staging     | secure-staging | gadget |
+      | Staging     | secure-staging | widget |
+
+  The items are encrypted with a key unique to that environment to
+  maximize security.
+
+  Now consider how a recipe would access these bags. When then recipe is
+  running, it needs to know the data center environment in order to
+  construct the bag name. The organization would most likely assign the
+  enviroment name to a node attribute. In a naive implementation, each
+  recipe would include logic that examined the attribute's value to
+  determine which bag to load. This would obviously duplicate code.
+
+  Imagine instead that the organization wants to reference the bag by
+  the name `secure` and rely on an _abstraction_ to translate `secure`
+  into the environment-specific bag name.
+
+  This gem provides that abstraction.
+
+  ## Features
+
+  This gem overrides the `data_bag_item` method with configurable logic
+  that dynamically decides which bag to load. It retains API
+  compatibility with `Chef::DSL::DataQuery#data_bag_item`, so existing
+  recipes that call `data_bag_item` work without modification.
+
+  The gem imposes no constraints on data bag item structure.
+
+  ## Configuration
+
+  Assign the region name to a node attribute that varies by environment:
+
+      node.default['local'][region'] = 'staging'
+
+  Add the following configuration to Chef Client's `client.rb` file.
+
+    * Require the gem:
+
+          require 'chef/data_region'
+
+    * Configure the gem with a hash that maps a bag name to an expansion
+      pattern:
+
+          Chef::DataRegion.add(
+            'secure',
+            { attribute: %w(local region), pattern: 'secure-%<attribute>s' }
+          )
+
+  ## Bag name expansion
+
+  The gem expands bag names using Ruby's `format` method.
+
+  _More pending..._
+email: s@me.one
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/chef/data_region.rb
+homepage: https://so.me.one
+licenses:
+- 0BSD
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.14
+signing_key: 
+specification_version: 4
+summary: Access region-specific Chef data bags
+test_files: []