domed-city 3.0.1 → 3.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: dfb7e4a9a5f9c16f580669b1bc182dc1f617847a
4
- data.tar.gz: 85b9252a348897c7aeae9544d53ab7ae3f1e097f
3
+ metadata.gz: 6744973673ccdca6eba774cc3347a1c8d7107bbd
4
+ data.tar.gz: 7e4811795a1b527253938ca7204e21578078b3f1
5
5
  SHA512:
6
- metadata.gz: 9e06ae2c8a29c882d6dcdc6b88c81c973f932fad476aeabc4740e37fb572e25661fc4a2126dde18f1082eb78369283721d7abd1b9c890a2f6557019b309e58a5
7
- data.tar.gz: 59cbc4bf3e339285be30a35524239e7bb793a57ce84f70fc54fdd3d099ec831c6d0b8e202ffbcfb87cf736c93212b3b2eecb976b527c3069d22693b3d69c26c8
6
+ metadata.gz: dabbb1a896e2d68ba2eaa5312a81f78dc7781689d542d9acc71394cd3f2d4b025eeaf0f443f8811e727c938841c0f31cc448fb722c52ca41d8e816bb897bd432
7
+ data.tar.gz: 95a48cda0d4a8b695666a24e4d85647da09ec4637db65e8e83eb52d8a3dc9e3ed54cc34c66d5aaa7f60e8ec9f1069efdca8fb8dab5d9ac95bd6b12d22f765684
@@ -9,3 +9,6 @@ LineLength:
9
9
  Description: 'Limit lines to a more generous 120 characters.'
10
10
  Enabled: true
11
11
  Max: 120
12
+
13
+ Metrics/MethodLength:
14
+ Max: 15
@@ -1,3 +1,26 @@
1
+ # 3.1.0
2
+
3
+ Added hiera-eyaml support.
4
+
5
+ This allows us to use encrypted Terraform variables via hiera lookups (the `hiera.yaml` is consumed).
6
+
7
+ It also allows us to decrypt and extract SSL certificates or SSH keys which can then be used as appropriate.
8
+
9
+ In order to utilise these two improvements, you must update your `itv.yaml` e.g.:
10
+
11
+ ```
12
+ dome:
13
+ hiera_keys:
14
+ artifactory_password: 'deirdre::artifactory_password'
15
+ certs:
16
+ sit.phoenix.itv.com.pem: 'phoenix::sit_wildcard_cert'
17
+ phoenix.key: 'phoenix::certificate_key'
18
+ ```
19
+
20
+ This release also containes:
21
+ - Improved debugging/output messages.
22
+ - More tests.
23
+
1
24
  # 3.0.1
2
25
 
3
26
  Forcibly unsetting environment variables `AWS_ACCESS_KEY` and `AWS_SECRET_KEY`.
@@ -25,4 +25,6 @@ Gem::Specification.new do |spec|
25
25
  spec.add_dependency 'trollop', '~> 2.1'
26
26
  spec.add_dependency 'aws-sdk', '~> 2.1'
27
27
  spec.add_dependency 'colorize', '~> 0.7'
28
+ spec.add_dependency 'hiera', '~> 1.3'
29
+ spec.add_dependency 'hiera-eyaml', '~> 2.1'
28
30
  end
@@ -3,6 +3,7 @@ require 'aws-sdk'
3
3
  require 'colorize'
4
4
  require 'fileutils'
5
5
  require 'yaml'
6
+ require 'hiera'
6
7
 
7
8
  require 'dome/settings'
8
9
  require 'dome/version'
@@ -10,3 +11,5 @@ require 'dome/helpers/shell'
10
11
  require 'dome/environment'
11
12
  require 'dome/state'
12
13
  require 'dome/terraform'
14
+ require 'dome/hiera_lookup'
15
+ require 'dome/secrets'
@@ -1,10 +1,11 @@
1
1
  module Dome
2
2
  class Environment
3
- attr_reader :environment, :account, :settings
3
+ attr_reader :environment, :account, :ecosystem, :settings
4
4
 
5
5
  def initialize(directories = Dir.pwd.split('/'))
6
6
  @environment = directories[-1]
7
7
  @account = directories[-2]
8
+ @ecosystem = directories[-2].split('-')[-1]
8
9
  @settings = Dome::Settings.new
9
10
  end
10
11
 
@@ -60,7 +61,6 @@ module Dome
60
61
 
61
62
  private
62
63
 
63
- # rubocop:disable Metrics/MethodLength
64
64
  # rubocop:disable Metrics/AbcSize
65
65
  def generic_error_message
66
66
  puts "The 'account' and 'environment' variables are assigned based on your current directory.\n".colorize(:red)
@@ -0,0 +1,91 @@
1
+ module Dome
2
+ class HieraLookup
3
+ def initialize(environment)
4
+ @environment = environment.environment
5
+ @account = environment.account
6
+ @ecosystem = environment.ecosystem
7
+ @settings = Dome::Settings.new
8
+ end
9
+
10
+ def config
11
+ @config ||= YAML.load_file(File.join(puppet_dir, 'hiera.yaml')).merge(default_config)
12
+ end
13
+
14
+ def default_config
15
+ {
16
+ logger: 'noop',
17
+ yaml: {
18
+ datadir: "#{puppet_dir}/hieradata"
19
+ },
20
+ eyaml: {
21
+ datadir: "#{puppet_dir}/hieradata",
22
+ pkcs7_private_key: eyaml_private_key,
23
+ pkcs7_public_key: eyaml_public_key
24
+ }
25
+ }
26
+ end
27
+
28
+ def puppet_dir
29
+ directory = File.join(@settings.project_root, 'puppet')
30
+ puts "The configured Puppet directory is: #{directory.colorize(:green)}" unless @directory
31
+ @directory ||= directory
32
+ end
33
+
34
+ def eyaml_private_key
35
+ private_key = File.join(puppet_dir, 'keys/private_key.pkcs7.pem')
36
+ raise "Cannot find eyaml private key! Make sure it exists at #{private_key}" unless File.exist?(private_key)
37
+ puts "Found eyaml private key: #{private_key.colorize(:green)}"
38
+ private_key
39
+ end
40
+
41
+ def eyaml_public_key
42
+ public_key = File.join(puppet_dir, 'keys/public_key.pkcs7.pem')
43
+ raise "Cannot find eyaml public key! Make sure it exists at #{public_key}" unless File.exist?(public_key)
44
+ puts "Found eyaml public key: #{public_key.colorize(:green)}"
45
+ public_key
46
+ end
47
+
48
+ def lookup(key, default = nil, order_override = nil, resolution_type = :priority)
49
+ hiera = Hiera.new(config: config)
50
+
51
+ hiera_scope = {}
52
+ hiera_scope['ecosystem'] = @ecosystem
53
+ hiera_scope['location'] = 'aeuw1'
54
+ hiera_scope['env'] = @environment
55
+
56
+ hiera.lookup(key.to_s, default, hiera_scope, order_override, resolution_type)
57
+ end
58
+
59
+ def secret_env_vars(secret_vars)
60
+ secret_vars.each_pair do |key, val|
61
+ hiera_lookup = lookup(val)
62
+ terraform_env_var = "TF_VAR_#{key}"
63
+ ENV[terraform_env_var] = hiera_lookup
64
+ if hiera_lookup
65
+ puts "Setting #{terraform_env_var.colorize(:green)}."
66
+ else
67
+ puts "Hiera lookup failed for '#{val}', so #{terraform_env_var} was not set.".colorize(:red)
68
+ end
69
+ end
70
+ end
71
+
72
+ def extract_certs(certs)
73
+ create_certificate_directory
74
+
75
+ certs.each_pair do |key, val|
76
+ directory = "#{certificate_directory}/#{key}"
77
+ puts "Extracting certificate #{key.colorize(:green)} into #{directory.colorize(:green)}"
78
+ File.open(directory, 'w') { |f| f.write(lookup(val)) }
79
+ end
80
+ end
81
+
82
+ def create_certificate_directory
83
+ puts "Creating certificate directory at #{certificate_directory.colorize(:green)}"
84
+ FileUtils.mkdir_p certificate_directory
85
+ end
86
+
87
+ def certificate_directory
88
+ "#{@settings.project_root}/terraform/certs"
89
+ end
90
+ end
91
+ end
@@ -0,0 +1,38 @@
1
+ module Dome
2
+ class Secrets
3
+ attr_reader :settings, :hiera
4
+
5
+ def initialize(environment)
6
+ @environment = environment
7
+ @settings = Dome::Settings.new
8
+ @hiera = Dome::HieraLookup.new(@environment)
9
+ end
10
+
11
+ def secret_env_vars
12
+ return if dome_config.nil? || hiera_keys_config.nil?
13
+ @hiera.secret_env_vars(hiera_keys_config)
14
+ end
15
+
16
+ def extract_certs
17
+ return if dome_config.nil? || certs_config.nil?
18
+ @hiera.extract_certs(certs_config)
19
+ end
20
+
21
+ def dome_config
22
+ puts "No #{'dome'.colorize(:green)} key found in your itv.yaml." unless @settings.parse['dome']
23
+ @settings.parse['dome']
24
+ end
25
+
26
+ def hiera_keys_config
27
+ puts "No #{'hiera_keys'.colorize(:green)} sub-key under #{'dome'.colorize(:green)} key found "\
28
+ 'in your itv.yaml.' unless @settings.parse['dome']['hiera_keys']
29
+ @settings.parse['dome']['hiera_keys']
30
+ end
31
+
32
+ def certs_config
33
+ puts "No #{'certs'.colorize(:green)} sub-key under #{'dome'.colorize(:green)} key found "\
34
+ 'in your itv.yaml.' unless @settings.parse['dome']['certs']
35
+ @settings.parse['dome']['certs']
36
+ end
37
+ end
38
+ end
@@ -12,5 +12,9 @@ module Dome
12
12
  def itv_yaml_path
13
13
  '../../../itv.yaml'
14
14
  end
15
+
16
+ def project_root
17
+ File.realpath(File.dirname(itv_yaml_path))
18
+ end
15
19
  end
16
20
  end
@@ -6,6 +6,7 @@ module Dome
6
6
 
7
7
  def initialize
8
8
  @environment = Dome::Environment.new
9
+ @secrets = Dome::Secrets.new(@environment)
9
10
  @state = Dome::State.new(@environment)
10
11
  @plan_file = "plans/#{@environment.account}-#{@environment.environment}-plan.tf"
11
12
  end
@@ -45,13 +46,16 @@ module Dome
45
46
  end
46
47
 
47
48
  def apply
49
+ @secrets.secret_env_vars
48
50
  command = "terraform apply #{@plan_file}"
49
51
  failure_message = 'something went wrong when applying the TF plan'
50
52
  execute_command(command, failure_message)
51
53
  end
52
54
 
53
55
  def create_plan
54
- command = "terraform plan -module-depth=1 -refresh=true -out=#{@plan_file} -var-file=params/env.tfvars"
56
+ @secrets.secret_env_vars
57
+ @secrets.extract_certs
58
+ command = "terraform plan -refresh=true -out=#{@plan_file} -var-file=params/env.tfvars"
55
59
  failure_message = 'something went wrong when creating the TF plan'
56
60
  execute_command(command, failure_message)
57
61
  end
@@ -1,3 +1,3 @@
1
1
  module Dome
2
- VERSION = '3.0.1'.freeze
2
+ VERSION = '3.1.0'.freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: domed-city
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.1
4
+ version: 3.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - ITV
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-07-06 00:00:00.000000000 Z
11
+ date: 2016-09-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -108,6 +108,34 @@ dependencies:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
110
  version: '0.7'
111
+ - !ruby/object:Gem::Dependency
112
+ name: hiera
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: '1.3'
118
+ type: :runtime
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: '1.3'
125
+ - !ruby/object:Gem::Dependency
126
+ name: hiera-eyaml
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - "~>"
130
+ - !ruby/object:Gem::Version
131
+ version: '2.1'
132
+ type: :runtime
133
+ prerelease: false
134
+ version_requirements: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - "~>"
137
+ - !ruby/object:Gem::Version
138
+ version: '2.1'
111
139
  description:
112
140
  email:
113
141
  - common-platform-team-group@itv.com
@@ -131,6 +159,8 @@ files:
131
159
  - lib/dome.rb
132
160
  - lib/dome/environment.rb
133
161
  - lib/dome/helpers/shell.rb
162
+ - lib/dome/hiera_lookup.rb
163
+ - lib/dome/secrets.rb
134
164
  - lib/dome/settings.rb
135
165
  - lib/dome/state.rb
136
166
  - lib/dome/terraform.rb