consul-templaterb 1.26.3 → 1.27.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (15) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +7 -7
  3. data/.travis.yml +5 -5
  4. data/CHANGELOG.md +7 -0
  5. data/README.md +1 -1
  6. data/TemplateAPI.md +9 -0
  7. data/bin/consul-templaterb +30 -0
  8. data/lib/consul/async/consul_endpoint.rb +19 -3
  9. data/lib/consul/async/consul_template.rb +12 -0
  10. data/lib/consul/async/json_endpoint.rb +15 -2
  11. data/lib/consul/async/vault_endpoint.rb +16 -2
  12. data/lib/consul/async/version.rb +1 -1
  13. data/samples/checks_in_warning_or_critical_state.yaml.erb +13 -0
  14. data/samples/display_timestamped_changes.txt.erb +17 -0
  15. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: eca26ee1958aac8a862d3c1c96b35446ac7a7775f3209095f64d8cd01200fee9
4
- data.tar.gz: 15292c1651add5460162cf629814c37aeb9c965daaae0a5bfcb9a083e0c40758
3
+ metadata.gz: ea2191ec559b6c2ccc871a6cac0083fd894200bd268421eb25b12361a8fc4373
4
+ data.tar.gz: db35acece2ea661ef35cefad9c1a94dd452e533458cff6cfa97f3114d5cc502f
5
5
  SHA512:
6
- metadata.gz: a7e04120d50851589cb0e90e45327768b81c2c9954634ca7b1d80d51b88de5e6186402c4f3be0bbc7a67ef220c8950c4117730bf50abaf2c080c5cd3e007d18b
7
- data.tar.gz: 9b434745e5e8fb44c955350d38c68a469dc08b249b331800c38e112952757f85713e7ee2e924a3bd62883115443467329774177b98a0193badce3f2dfbb9a4d1
6
+ metadata.gz: bf4a2b9e2ee7ba6d811b8d20202c2c0bc998afe5fcbd08c1325f573a38b422a5d94a21666efff14526d44071aa2faeb36e2157f72a097d36dad8309b30418aef
7
+ data.tar.gz: 28087756e716a4a6e2c8526b4920571118a3c6b2896ff2e302d52281fccfb277b5741b1a0c8b2be132ba7c405c6ea689767369b90c8db052562348739d3ba04d
data/.rubocop.yml CHANGED
@@ -7,28 +7,28 @@ Layout/LineLength:
7
7
  Max: 175
8
8
 
9
9
  Metrics/AbcSize:
10
- Max: 82
10
+ Max: 87
11
11
 
12
12
  Metrics/BlockLength:
13
- Max: 160
13
+ Max: 182
14
14
 
15
15
  Metrics/BlockNesting:
16
16
  Max: 4
17
17
 
18
18
  Metrics/ClassLength:
19
- Max: 275
19
+ Max: 285
20
20
 
21
21
  Metrics/CyclomaticComplexity:
22
- Max: 20
22
+ Max: 21
23
23
 
24
24
  Metrics/MethodLength:
25
- Max: 65
25
+ Max: 68
26
26
 
27
27
  Metrics/ParameterLists:
28
- Max: 14
28
+ Max: 18
29
29
 
30
30
  Metrics/PerceivedComplexity:
31
- Max: 23
31
+ Max: 24
32
32
 
33
33
  # We use `dc` as a parameter in many methods
34
34
  Naming/MethodParameterName:
data/.travis.yml CHANGED
@@ -1,13 +1,13 @@
1
1
  language: ruby
2
2
  rvm:
3
- - 2.4.9
4
- - 2.5.7
5
- - 2.6.5
6
- - 2.7.0
3
+ - 2.4.10
4
+ - 2.5.8
5
+ - 2.6.6
6
+ - 2.7.1
7
7
  jobs:
8
8
  include:
9
9
  - stage: Gem release
10
- rvm: 2.5.7
10
+ rvm: 2.5.8
11
11
  script: echo "Publishing consul-templaterb on rubygems.org ..."
12
12
  deploy:
13
13
  provider: rubygems
data/CHANGELOG.md CHANGED
@@ -2,8 +2,15 @@
2
2
 
3
3
  ## (UNRELEASED)
4
4
 
5
+ ## 1.27.0 (June 5, 2020)
6
+
5
7
  NEW FEATURES:
6
8
 
9
+ * For Consul 1.7+, now support `checks_in_state(check_state, dc: nil, [agent: consul_agent_address])`,
10
+ fixes feature [#65](https://github.com/criteo/consul-templaterb/issues/65)
11
+ * New options to support/disable TLS validation thanks to [@jeromegn](https://github.com/jeromegn)
12
+ [#66](https://github.com/criteo/consul-templaterb/pull/66)
13
+
7
14
  ## 1.26.3 (April 15, 2020)
8
15
 
9
16
  BUGFIX:
data/README.md CHANGED
@@ -332,7 +332,7 @@ Please consult [CHANGELOG.md](CHANGELOG.md) for fixed bugs.
332
332
 
333
333
  ## TODO
334
334
 
335
- * [x] Hashi's Vault support (EXPERIMENTAL)
335
+ * [x] Hashi's Vault support
336
336
  * [ ] Implement automatic dynamic rate limit
337
337
  * [x] More samples: apache, nginx, a full website displaying consul information...
338
338
  * [x] Optimize rendering speed at start-up: an iteration is done every second by default, but it would be possible to speed
data/TemplateAPI.md CHANGED
@@ -388,6 +388,15 @@ name or its ID. If DC is specified, will lookup for given node in another datace
388
388
 
389
389
  [Find all the checks](https://www.consul.io/api/health.html#list-checks-for-service) of a given service.
390
390
 
391
+ ## def checks_in_state(check_state, dc: nil, [agent: consul_agent_address])
392
+
393
+ [Find all the checks in a given state](https://www.consul.io/api-docs/health#list-checks-in-state) in the whole cluster.
394
+
395
+ The filter check_state must be one of any|critical|warning|passing.
396
+
397
+ Warning: this endpoint might be very frequently updated in a
398
+ large cluster if you are using `any` value. This endpoint is supported with Consul 1.7+.
399
+
391
400
  ## kv(name, [dc: nil], [keys: false], [recurse: false], [agent: consul_agent_address])
392
401
 
393
402
  [Read keys from KV Store](https://www.consul.io/api/kv.html#read-key). It can be used for both listing the keys and
data/bin/consul-templaterb CHANGED
@@ -28,6 +28,9 @@ options = {
28
28
  },
29
29
  base_url: ENV['VAULT_ADDR'] || 'http://localhost:8200',
30
30
  token: ENV['VAULT_TOKEN'] || nil,
31
+ tls_cert_chain: ENV['VAULT_CLIENT_CERT'] || nil,
32
+ tls_private_key: ENV['VAULT_CLIENT_KEY'] || nil,
33
+ tls_verify_peer: true,
31
34
  max_consecutive_errors_on_endpoint: 10, # Stop program after n consecutive failures on same endpoint
32
35
  fail_fast_errors: nil, # fail fast the program if endpoint was never success
33
36
  token_renew: true,
@@ -48,6 +51,9 @@ options = {
48
51
  },
49
52
  base_url: ENV['CONSUL_HTTP_ADDR'] || 'http://localhost:8500',
50
53
  token: ENV['CONSUL_HTTP_TOKEN'] || nil,
54
+ tls_cert_chain: ENV['CONSUL_CLIENT_CERT'] || nil,
55
+ tls_private_key: ENV['CONSUL_CLIENT_KEY'] || nil,
56
+ tls_verify_peer: true,
51
57
  max_consecutive_errors_on_endpoint: 10, # Stop program after n consecutive failures on same endpoint
52
58
  fail_fast_errors: nil, # fail fast the program if endpoint was never success
53
59
  retry_duration: 10, # On error, retry after n seconds
@@ -122,6 +128,18 @@ optparse = OptionParser.new do |opts|
122
128
  options[:consul][:base_url] = consul_url
123
129
  end
124
130
 
131
+ opts.on('--consul-cert-chain=<path/to/cert_chain>', String, 'Path to Consul TLS client certificate chain to use') do |consul_client_cert|
132
+ options[:consul][:tls_cert_chain] = consul_client_cert
133
+ end
134
+
135
+ opts.on('--consul-private-key=<path/to/private_key>', String, 'Path to Consul TLS client private key to use') do |consul_client_key|
136
+ options[:consul][:tls_private_key] = consul_client_key
137
+ end
138
+
139
+ opts.on('--skip-consul-verify-tls', 'Skip verifying Consul TLS via certificate authority (DANGEROUS)') do
140
+ options[:consul][:tls_verify_peer] = false
141
+ end
142
+
125
143
  opts.on('-l', '--log-level=<log_level>', String, "Log level, default=info, any of #{::Consul::Async::Debug.levels.join('|')}") do |log_level|
126
144
  ::Consul::Async::Debug.level = log_level
127
145
  end
@@ -134,6 +152,18 @@ optparse = OptionParser.new do |opts|
134
152
  options[:vault][:base_url] = vault_url
135
153
  end
136
154
 
155
+ opts.on('--vault-cert-chain=<path/to/cert_chain>', String, 'Path to Vault TLS client certificate chain to use') do |vault_client_cert|
156
+ options[:vault][:tls_cert_chain] = vault_client_cert
157
+ end
158
+
159
+ opts.on('--vault-private-key=<path/to/private_key>', String, 'Path to Vault TLS client private key to use') do |vault_client_key|
160
+ options[:vault][:tls_private_key] = vault_client_key
161
+ end
162
+
163
+ opts.on('--skip-vault-verify-tls', 'Skip verifying Vault TLS via certificate authority (DANGEROUS)') do
164
+ options[:vault][:tls_verify_peer] = false
165
+ end
166
+
137
167
  opts.on('-T', '--vault-token=<token>', String, 'Token used to authenticate against vault.') do |vault_token|
138
168
  options[:vault][:token] = vault_token
139
169
  end
data/lib/consul/async/consul_endpoint.rb CHANGED
@@ -9,7 +9,7 @@ module Consul
9
9
  class ConsulConfiguration
10
10
  attr_reader :base_url, :token, :retry_duration, :min_duration, :wait_duration, :max_retry_duration, :retry_on_non_diff,
11
11
  :missing_index_retry_time_on_diff, :missing_index_retry_time_on_unchanged, :debug, :enable_gzip_compression,
12
- :fail_fast_errors, :max_consecutive_errors_on_endpoint
12
+ :fail_fast_errors, :max_consecutive_errors_on_endpoint, :tls_cert_chain, :tls_private_key, :tls_verify_peer
13
13
  def initialize(base_url: 'http://localhost:8500',
14
14
  debug: { network: false },
15
15
  token: nil,
@@ -23,7 +23,10 @@ module Consul
23
23
  enable_gzip_compression: true,
24
24
  paths: {},
25
25
  max_consecutive_errors_on_endpoint: 10,
26
- fail_fast_errors: 1)
26
+ fail_fast_errors: 1,
27
+ tls_cert_chain: nil,
28
+ tls_private_key: nil,
29
+ tls_verify_peer: true)
27
30
  @base_url = base_url
28
31
  @token = token
29
32
  @debug = debug
@@ -38,6 +41,9 @@ module Consul
38
41
  @paths = paths
39
42
  @max_consecutive_errors_on_endpoint = max_consecutive_errors_on_endpoint
40
43
  @fail_fast_errors = fail_fast_errors
44
+ @tls_cert_chain = tls_cert_chain
45
+ @tls_private_key = tls_private_key
46
+ @tls_verify_peer = tls_verify_peer
41
47
  end
42
48
 
43
49
  def ch(path, symbol)
@@ -71,7 +77,10 @@ module Consul
71
77
  enable_gzip_compression: enable_gzip_compression,
72
78
  paths: @paths,
73
79
  max_consecutive_errors_on_endpoint: @max_consecutive_errors_on_endpoint,
74
- fail_fast_errors: @fail_fast_errors)
80
+ fail_fast_errors: @fail_fast_errors,
81
+ tls_cert_chain: ch(path, :tls_cert_chain),
82
+ tls_private_key: ch(path, :tls_private_key),
83
+ tls_verify_peer: ch(path, :tls_verify_peer))
75
84
  end
76
85
  end
77
86
 
@@ -233,6 +242,13 @@ module Consul
233
242
  connect_timeout: 5, # default connection setup timeout
234
243
  inactivity_timeout: conf.wait_duration + 1 + (conf.wait_duration / 16) # default connection inactivity (post-setup) timeout
235
244
  }
245
+ unless conf.tls_cert_chain.nil?
246
+ options[:tls] = {
247
+ cert_chain_file: conf.tls_cert_chain,
248
+ private_key_file: conf.tls_private_key,
249
+ verify_peer: conf.tls_verify_peer
250
+ }
251
+ end
236
252
  connection = {
237
253
  conn: EventMachine::HttpRequest.new(conf.base_url, options)
238
254
  }
data/lib/consul/async/consul_template.rb CHANGED
@@ -161,6 +161,18 @@ module Consul
161
161
  create_if_missing(path, query_params, agent: agent) { ConsulTemplateChecks.new(ConsulEndpoint.new(consul_conf, path, true, query_params, '[]', agent)) }
162
162
  end
163
163
 
164
+ # https://www.consul.io/api-docs/health#list-checks-in-state
165
+ # Supported in Consul 1.7+
166
+ def checks_in_state(check_state, dc: nil, agent: nil)
167
+ valid_checks_states = %w[any critical passing warning]
168
+ raise "checks_in_state('#{check_state}'...) must be one of #{valid_checks_states}" unless valid_checks_states.include?(check_state)
169
+
170
+ path = "/v1/health/state/#{check_state}"
171
+ query_params = {}
172
+ query_params[:dc] = dc if dc
173
+ create_if_missing(path, query_params, agent: agent) { ConsulTemplateChecks.new(ConsulEndpoint.new(consul_conf, path, true, query_params, '[]', agent)) }
174
+ end
175
+
164
176
  # https://www.consul.io/api/catalog.html#list-nodes
165
177
  def nodes(dc: nil, agent: nil)
166
178
  path = '/v1/catalog/nodes'
data/lib/consul/async/json_endpoint.rb CHANGED
@@ -9,7 +9,7 @@ module Consul
9
9
  class JSONConfiguration
10
10
  attr_reader :url, :retry_duration, :min_duration, :retry_on_non_diff,
11
11
  :debug, :enable_gzip_compression, :request_method, :json_body,
12
- :headers
12
+ :headers, :tls_cert_chain, :tls_private_key, :tls_verify_peer
13
13
  def initialize(url:,
14
14
  debug: { network: false },
15
15
  retry_duration: 10,
@@ -18,7 +18,10 @@ module Consul
18
18
  request_method: :get,
19
19
  json_body: nil,
20
20
  headers: {},
21
- enable_gzip_compression: true)
21
+ enable_gzip_compression: true,
22
+ tls_cert_chain: nil,
23
+ tls_private_key: nil,
24
+ tls_verify_peer: true)
22
25
  @url = url
23
26
  @debug = debug
24
27
  @enable_gzip_compression = enable_gzip_compression
@@ -28,6 +31,9 @@ module Consul
28
31
  @request_method = request_method
29
32
  @json_body = json_body
30
33
  @headers = headers
34
+ @tls_cert_chain = tls_cert_chain
35
+ @tls_private_key = tls_private_key
36
+ @tls_verify_peer = tls_verify_peer
31
37
  end
32
38
 
33
39
  def create(_url)
@@ -181,6 +187,13 @@ module Consul
181
187
  connect_timeout: 5, # default connection setup timeout
182
188
  inactivity_timeout: 60 # default connection inactivity (post-setup) timeout
183
189
  }
190
+ unless conf.tls_cert_chain.nil?
191
+ options[:tls] = {
192
+ cert_chain_file: conf.tls_cert_chain,
193
+ private_key_file: conf.tls_private_key,
194
+ verify_peer: conf.tls_verify_peer
195
+ }
196
+ end
184
197
  connection = {
185
198
  conn: EventMachine::HttpRequest.new(conf.url, options)
186
199
  }
data/lib/consul/async/vault_endpoint.rb CHANGED
@@ -10,7 +10,8 @@ module Consul
10
10
  # Configuration for Vault Endpoints
11
11
  class VaultConfiguration
12
12
  attr_reader :base_url, :token, :token_renew, :retry_duration, :min_duration, :wait_duration, :max_retry_duration, :retry_on_non_diff,
13
- :lease_duration_factor, :debug, :max_consecutive_errors_on_endpoint, :fail_fast_errors
13
+ :lease_duration_factor, :debug, :max_consecutive_errors_on_endpoint, :fail_fast_errors, :tls_cert_chain, :tls_private_key,
14
+ :tls_verify_peer
14
15
 
15
16
  def initialize(base_url: 'http://localhost:8200',
16
17
  debug: { network: false },
@@ -22,7 +23,10 @@ module Consul
22
23
  max_retry_duration: 600,
23
24
  paths: {},
24
25
  max_consecutive_errors_on_endpoint: 10,
25
- fail_fast_errors: false)
26
+ fail_fast_errors: false,
27
+ tls_cert_chain: nil,
28
+ tls_private_key: nil,
29
+ tls_verify_peer: true)
26
30
  @base_url = base_url
27
31
  @token_renew = token_renew
28
32
  @debug = debug
@@ -34,6 +38,9 @@ module Consul
34
38
  @token = token
35
39
  @max_consecutive_errors_on_endpoint = max_consecutive_errors_on_endpoint
36
40
  @fail_fast_errors = fail_fast_errors
41
+ @tls_cert_chain = tls_cert_chain
42
+ @tls_private_key = tls_private_key
43
+ @tls_verify_peer = tls_verify_peer
37
44
  end
38
45
 
39
46
  def ch(path, symbol)
@@ -226,6 +233,13 @@ module Consul
226
233
  connect_timeout: 5, # default connection setup timeout
227
234
  inactivity_timeout: 1 # default connection inactivity (post-setup) timeout
228
235
  }
236
+ unless conf.tls_cert_chain.nil?
237
+ options[:tls] = {
238
+ cert_chain_file: conf.tls_cert_chain,
239
+ private_key_file: conf.tls_private_key,
240
+ verify_peer: conf.tls_verify_peer
241
+ }
242
+ end
229
243
  connection = EventMachine::HttpRequest.new(conf.base_url, options)
230
244
  cb = proc do |_|
231
245
  http = connection.send(http_method.downcase, build_request) # Under the hood: c.send('get', {stuff}) === c.get({stuff})
data/lib/consul/async/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Consul
2
2
  module Async
3
- VERSION = '1.26.3'.freeze
3
+ VERSION = '1.27.0'.freeze
4
4
  end
5
5
  end
data/samples/checks_in_warning_or_critical_state.yaml.erb ADDED
@@ -0,0 +1,13 @@
1
+ <%=
2
+ # This sample displays checks for the whole cluster
3
+ # in warning or critical state
4
+ # API available with Consul 1.7+
5
+ res = []
6
+ checks_in_state('warning').each do |c|
7
+ res << c
8
+ end
9
+ checks_in_state('critical').each do |c|
10
+ res << c
11
+ end
12
+ YAML.dump({'warning_or_critical_checks' => res})
13
+ %>
data/samples/display_timestamped_changes.txt.erb ADDED
@@ -0,0 +1,17 @@
1
+ <%
2
+ # This example show how to display local time informaition about changes
3
+ # Example of usage to display logs of changes on nodes() endpoint:
4
+ #
5
+ # consul-templaterb --template "display_timestamped_changes.txt.erb:display_timestamped_changes.txt:cat display_timestamped_changes.txt" -l error
6
+ #
7
+ # Would output:
8
+ # Last update: 1588800554 (2020-05-06 21:29:14 UTC), X-Consul-Index: 4345827328
9
+ # Last update: 1588800569 (2020-05-06 21:29:29 UTC), X-Consul-Index: 4345829548
10
+ # Last update: 1588800676 (2020-05-06 21:31:16 UTC), X-Consul-Index: 4345836342
11
+ #
12
+ @my_last_time = Time.now.utc unless @my_last_time
13
+ val = nodes()
14
+ new_idx = val.endpoint.x_consul_index
15
+ @my_last_time = Time.now.utc if @my_last_idx != new_idx
16
+ @my_last_idx = new_idx
17
+ %>Last update: <%= @my_last_time.to_i %> (<%= @my_last_time %>), X-Consul-Index: <%= new_idx %>
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: consul-templaterb
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.26.3
4
+ version: 1.27.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - SRE Core Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-04-15 00:00:00.000000000 Z
11
+ date: 2020-06-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: em-http-request
@@ -198,6 +198,7 @@ files:
198
198
  - samples/all_services.txt.erb
199
199
  - samples/all_services_multi_agents.txt.erb
200
200
  - samples/all_templates.erb
201
+ - samples/checks_in_warning_or_critical_state.yaml.erb
201
202
  - samples/consul-ui/README.md
202
203
  - samples/consul-ui/common/footer.html.erb
203
204
  - samples/consul-ui/common/header.html.erb
@@ -229,6 +230,7 @@ files:
229
230
  - samples/criteo/haproxy.cfg.erb
230
231
  - samples/debug/compare_connect_services.txt.erb
231
232
  - samples/demos/compute_pricing.txt.erb
233
+ - samples/display_timestamped_changes.txt.erb
232
234
  - samples/find_all_invalid_dns_labels.json.erb
233
235
  - samples/find_nodes_in_catalog_but_not_in_members.json.erb
234
236
  - samples/ha_proxy.cfg.erb