domed-city 3.0.1 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: dfb7e4a9a5f9c16f580669b1bc182dc1f617847a
4
- data.tar.gz: 85b9252a348897c7aeae9544d53ab7ae3f1e097f
3
+ metadata.gz: 6744973673ccdca6eba774cc3347a1c8d7107bbd
4
+ data.tar.gz: 7e4811795a1b527253938ca7204e21578078b3f1
5
5
  SHA512:
6
- metadata.gz: 9e06ae2c8a29c882d6dcdc6b88c81c973f932fad476aeabc4740e37fb572e25661fc4a2126dde18f1082eb78369283721d7abd1b9c890a2f6557019b309e58a5
7
- data.tar.gz: 59cbc4bf3e339285be30a35524239e7bb793a57ce84f70fc54fdd3d099ec831c6d0b8e202ffbcfb87cf736c93212b3b2eecb976b527c3069d22693b3d69c26c8
6
+ metadata.gz: dabbb1a896e2d68ba2eaa5312a81f78dc7781689d542d9acc71394cd3f2d4b025eeaf0f443f8811e727c938841c0f31cc448fb722c52ca41d8e816bb897bd432
7
+ data.tar.gz: 95a48cda0d4a8b695666a24e4d85647da09ec4637db65e8e83eb52d8a3dc9e3ed54cc34c66d5aaa7f60e8ec9f1069efdca8fb8dab5d9ac95bd6b12d22f765684
@@ -9,3 +9,6 @@ LineLength:
9
9
  Description: 'Limit lines to a more generous 120 characters.'
10
10
  Enabled: true
11
11
  Max: 120
12
+
13
+ Metrics/MethodLength:
14
+ Max: 15
@@ -1,3 +1,26 @@
1
+ # 3.1.0
2
+
3
+ Added hiera-eyaml support.
4
+
5
+ This allows us to use encrypted Terraform variables via hiera lookups (the `hiera.yaml` is consumed).
6
+
7
+ It also allows us to decrypt and extract SSL certificates or SSH keys which can then be used as appropriate.
8
+
9
+ In order to utilise these two improvements, you must update your `itv.yaml` e.g.:
10
+
11
+ ```
12
+ dome:
13
+ hiera_keys:
14
+ artifactory_password: 'deirdre::artifactory_password'
15
+ certs:
16
+ sit.phoenix.itv.com.pem: 'phoenix::sit_wildcard_cert'
17
+ phoenix.key: 'phoenix::certificate_key'
18
+ ```
19
+
20
+ This release also containes:
21
+ - Improved debugging/output messages.
22
+ - More tests.
23
+
1
24
  # 3.0.1
2
25
 
3
26
  Forcibly unsetting environment variables `AWS_ACCESS_KEY` and `AWS_SECRET_KEY`.
@@ -25,4 +25,6 @@ Gem::Specification.new do |spec|
25
25
  spec.add_dependency 'trollop', '~> 2.1'
26
26
  spec.add_dependency 'aws-sdk', '~> 2.1'
27
27
  spec.add_dependency 'colorize', '~> 0.7'
28
+ spec.add_dependency 'hiera', '~> 1.3'
29
+ spec.add_dependency 'hiera-eyaml', '~> 2.1'
28
30
  end
@@ -3,6 +3,7 @@ require 'aws-sdk'
3
3
  require 'colorize'
4
4
  require 'fileutils'
5
5
  require 'yaml'
6
+ require 'hiera'
6
7
 
7
8
  require 'dome/settings'
8
9
  require 'dome/version'
@@ -10,3 +11,5 @@ require 'dome/helpers/shell'
10
11
  require 'dome/environment'
11
12
  require 'dome/state'
12
13
  require 'dome/terraform'
14
+ require 'dome/hiera_lookup'
15
+ require 'dome/secrets'
@@ -1,10 +1,11 @@
1
1
  module Dome
2
2
  class Environment
3
- attr_reader :environment, :account, :settings
3
+ attr_reader :environment, :account, :ecosystem, :settings
4
4
 
5
5
  def initialize(directories = Dir.pwd.split('/'))
6
6
  @environment = directories[-1]
7
7
  @account = directories[-2]
8
+ @ecosystem = directories[-2].split('-')[-1]
8
9
  @settings = Dome::Settings.new
9
10
  end
10
11
 
@@ -60,7 +61,6 @@ module Dome
60
61
 
61
62
  private
62
63
 
63
- # rubocop:disable Metrics/MethodLength
64
64
  # rubocop:disable Metrics/AbcSize
65
65
  def generic_error_message
66
66
  puts "The 'account' and 'environment' variables are assigned based on your current directory.\n".colorize(:red)
@@ -0,0 +1,91 @@
1
+ module Dome
2
+ class HieraLookup
3
+ def initialize(environment)
4
+ @environment = environment.environment
5
+ @account = environment.account
6
+ @ecosystem = environment.ecosystem
7
+ @settings = Dome::Settings.new
8
+ end
9
+
10
+ def config
11
+ @config ||= YAML.load_file(File.join(puppet_dir, 'hiera.yaml')).merge(default_config)
12
+ end
13
+
14
+ def default_config
15
+ {
16
+ logger: 'noop',
17
+ yaml: {
18
+ datadir: "#{puppet_dir}/hieradata"
19
+ },
20
+ eyaml: {
21
+ datadir: "#{puppet_dir}/hieradata",
22
+ pkcs7_private_key: eyaml_private_key,
23
+ pkcs7_public_key: eyaml_public_key
24
+ }
25
+ }
26
+ end
27
+
28
+ def puppet_dir
29
+ directory = File.join(@settings.project_root, 'puppet')
30
+ puts "The configured Puppet directory is: #{directory.colorize(:green)}" unless @directory
31
+ @directory ||= directory
32
+ end
33
+
34
+ def eyaml_private_key
35
+ private_key = File.join(puppet_dir, 'keys/private_key.pkcs7.pem')
36
+ raise "Cannot find eyaml private key! Make sure it exists at #{private_key}" unless File.exist?(private_key)
37
+ puts "Found eyaml private key: #{private_key.colorize(:green)}"
38
+ private_key
39
+ end
40
+
41
+ def eyaml_public_key
42
+ public_key = File.join(puppet_dir, 'keys/public_key.pkcs7.pem')
43
+ raise "Cannot find eyaml public key! Make sure it exists at #{public_key}" unless File.exist?(public_key)
44
+ puts "Found eyaml public key: #{public_key.colorize(:green)}"
45
+ public_key
46
+ end
47
+
48
+ def lookup(key, default = nil, order_override = nil, resolution_type = :priority)
49
+ hiera = Hiera.new(config: config)
50
+
51
+ hiera_scope = {}
52
+ hiera_scope['ecosystem'] = @ecosystem
53
+ hiera_scope['location'] = 'aeuw1'
54
+ hiera_scope['env'] = @environment
55
+
56
+ hiera.lookup(key.to_s, default, hiera_scope, order_override, resolution_type)
57
+ end
58
+
59
+ def secret_env_vars(secret_vars)
60
+ secret_vars.each_pair do |key, val|
61
+ hiera_lookup = lookup(val)
62
+ terraform_env_var = "TF_VAR_#{key}"
63
+ ENV[terraform_env_var] = hiera_lookup
64
+ if hiera_lookup
65
+ puts "Setting #{terraform_env_var.colorize(:green)}."
66
+ else
67
+ puts "Hiera lookup failed for '#{val}', so #{terraform_env_var} was not set.".colorize(:red)
68
+ end
69
+ end
70
+ end
71
+
72
+ def extract_certs(certs)
73
+ create_certificate_directory
74
+
75
+ certs.each_pair do |key, val|
76
+ directory = "#{certificate_directory}/#{key}"
77
+ puts "Extracting certificate #{key.colorize(:green)} into #{directory.colorize(:green)}"
78
+ File.open(directory, 'w') { |f| f.write(lookup(val)) }
79
+ end
80
+ end
81
+
82
+ def create_certificate_directory
83
+ puts "Creating certificate directory at #{certificate_directory.colorize(:green)}"
84
+ FileUtils.mkdir_p certificate_directory
85
+ end
86
+
87
+ def certificate_directory
88
+ "#{@settings.project_root}/terraform/certs"
89
+ end
90
+ end
91
+ end
@@ -0,0 +1,38 @@
1
+ module Dome
2
+ class Secrets
3
+ attr_reader :settings, :hiera
4
+
5
+ def initialize(environment)
6
+ @environment = environment
7
+ @settings = Dome::Settings.new
8
+ @hiera = Dome::HieraLookup.new(@environment)
9
+ end
10
+
11
+ def secret_env_vars
12
+ return if dome_config.nil? || hiera_keys_config.nil?
13
+ @hiera.secret_env_vars(hiera_keys_config)
14
+ end
15
+
16
+ def extract_certs
17
+ return if dome_config.nil? || certs_config.nil?
18
+ @hiera.extract_certs(certs_config)
19
+ end
20
+
21
+ def dome_config
22
+ puts "No #{'dome'.colorize(:green)} key found in your itv.yaml." unless @settings.parse['dome']
23
+ @settings.parse['dome']
24
+ end
25
+
26
+ def hiera_keys_config
27
+ puts "No #{'hiera_keys'.colorize(:green)} sub-key under #{'dome'.colorize(:green)} key found "\
28
+ 'in your itv.yaml.' unless @settings.parse['dome']['hiera_keys']
29
+ @settings.parse['dome']['hiera_keys']
30
+ end
31
+
32
+ def certs_config
33
+ puts "No #{'certs'.colorize(:green)} sub-key under #{'dome'.colorize(:green)} key found "\
34
+ 'in your itv.yaml.' unless @settings.parse['dome']['certs']
35
+ @settings.parse['dome']['certs']
36
+ end
37
+ end
38
+ end
@@ -12,5 +12,9 @@ module Dome
12
12
  def itv_yaml_path
13
13
  '../../../itv.yaml'
14
14
  end
15
+
16
+ def project_root
17
+ File.realpath(File.dirname(itv_yaml_path))
18
+ end
15
19
  end
16
20
  end
@@ -6,6 +6,7 @@ module Dome
6
6
 
7
7
  def initialize
8
8
  @environment = Dome::Environment.new
9
+ @secrets = Dome::Secrets.new(@environment)
9
10
  @state = Dome::State.new(@environment)
10
11
  @plan_file = "plans/#{@environment.account}-#{@environment.environment}-plan.tf"
11
12
  end
@@ -45,13 +46,16 @@ module Dome
45
46
  end
46
47
 
47
48
  def apply
49
+ @secrets.secret_env_vars
48
50
  command = "terraform apply #{@plan_file}"
49
51
  failure_message = 'something went wrong when applying the TF plan'
50
52
  execute_command(command, failure_message)
51
53
  end
52
54
 
53
55
  def create_plan
54
- command = "terraform plan -module-depth=1 -refresh=true -out=#{@plan_file} -var-file=params/env.tfvars"
56
+ @secrets.secret_env_vars
57
+ @secrets.extract_certs
58
+ command = "terraform plan -refresh=true -out=#{@plan_file} -var-file=params/env.tfvars"
55
59
  failure_message = 'something went wrong when creating the TF plan'
56
60
  execute_command(command, failure_message)
57
61
  end
@@ -1,3 +1,3 @@
1
1
  module Dome
2
- VERSION = '3.0.1'.freeze
2
+ VERSION = '3.1.0'.freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: domed-city
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.1
4
+ version: 3.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - ITV
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-07-06 00:00:00.000000000 Z
11
+ date: 2016-09-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -108,6 +108,34 @@ dependencies:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
110
  version: '0.7'
111
+ - !ruby/object:Gem::Dependency
112
+ name: hiera
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: '1.3'
118
+ type: :runtime
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: '1.3'
125
+ - !ruby/object:Gem::Dependency
126
+ name: hiera-eyaml
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - "~>"
130
+ - !ruby/object:Gem::Version
131
+ version: '2.1'
132
+ type: :runtime
133
+ prerelease: false
134
+ version_requirements: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - "~>"
137
+ - !ruby/object:Gem::Version
138
+ version: '2.1'
111
139
  description:
112
140
  email:
113
141
  - common-platform-team-group@itv.com
@@ -131,6 +159,8 @@ files:
131
159
  - lib/dome.rb
132
160
  - lib/dome/environment.rb
133
161
  - lib/dome/helpers/shell.rb
162
+ - lib/dome/hiera_lookup.rb
163
+ - lib/dome/secrets.rb
134
164
  - lib/dome/settings.rb
135
165
  - lib/dome/state.rb
136
166
  - lib/dome/terraform.rb