hephaestus 0.7.2.5 → 0.7.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/config/initializers/environment.rb +39 -6
- data/lib/hephaestus/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: db088f028c2b24af00eacbc327b259254d38d523762cff49273226cc6e566723
|
4
|
+
data.tar.gz: b8ef763acf61503ddd3094855700b237dc5ce8ce7bf9e9bcce93746e45e05542
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7287b9003e6d4e78383291c036811620c2dcf8368803d97f8ea9c6998680af30bed8374f27016674246dcd76705e88b4326625d45c74c9421bc8f4ba12184759
|
7
|
+
data.tar.gz: dd2fd426b4670f4b9fd3abb25cb734ff4e021adbbbd5de77a43b5c8fa90c762557efc977b088974873a3b7500e4ae6e27b4ad735db3795037cc7dc7161b98cbe
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,9 @@
|
|
1
|
+
# [v0.7.3] - 18-11-2024
|
2
|
+
## What's Changed
|
3
|
+
* Grab entire document of secrets by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/41
|
4
|
+
|
5
|
+
|
6
|
+
**Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.7.2.5...v0.7.3
|
1
7
|
# [v0.7.2.5] - 18-11-2024
|
2
8
|
## What's Changed
|
3
9
|
* This can be empty by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/39
|
@@ -13,7 +13,15 @@ def fetch_infra_secret(label:, default:)
|
|
13
13
|
if productionish?
|
14
14
|
op_read("op://Infra/Global Secrets/#{label}")
|
15
15
|
else
|
16
|
-
ENV.fetch(label
|
16
|
+
ENV.fetch(label, default.is_a?(Pathname) ? default.read : default)
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
def fetch_document_secret(document_secrets:, label:, default:)
|
21
|
+
if productionish?
|
22
|
+
document_secrets[label]
|
23
|
+
else
|
24
|
+
ENV.fetch(label, default.is_a?(Pathname) ? default.read : default)
|
17
25
|
end
|
18
26
|
end
|
19
27
|
|
@@ -21,6 +29,13 @@ def op_read(label)
|
|
21
29
|
%x(op read "#{label}").chomp
|
22
30
|
end
|
23
31
|
|
32
|
+
# technically, this gets every secret, including ones UNIQUE
|
33
|
+
# to the platform, but we're not using those yet. feels "better"
|
34
|
+
# to have the plugs manage those on their own
|
35
|
+
def op_get_secrets(vault:, tag:)
|
36
|
+
%x(op item list --vault #{vault} --tags #{tag} --format json | op item get - --reveal --format=json)
|
37
|
+
end
|
38
|
+
|
24
39
|
def productionish?
|
25
40
|
Rails.env.production? || Rails.env.staging?
|
26
41
|
end
|
@@ -75,7 +90,12 @@ module Hephaestus
|
|
75
90
|
"web.yetto.test"
|
76
91
|
end
|
77
92
|
|
78
|
-
|
93
|
+
# Every plug has these secrets; to reduce the amount of API calls to 1Password,
|
94
|
+
# we can grab one document that contains all the secrets we need
|
95
|
+
fetched_secrets = op_get_secrets(vault: "Plug-#{plug_name}", tag: ENV["RAILS_ENV"])
|
96
|
+
|
97
|
+
SLACK_LOG_URL = fetch_document_secret(
|
98
|
+
fetched_secrets,
|
79
99
|
label: "SLACK_LOG_URL",
|
80
100
|
default: "https://slack.com/the_log_room",
|
81
101
|
)
|
@@ -83,8 +103,21 @@ module Hephaestus
|
|
83
103
|
YETTO_API_URL = "#{YETTO_URL}/api"
|
84
104
|
YETTO_REDIRECT_URL = productionish? ? "#{PROTOCOL}#{YETTO_URL}" : "#{PROTOCOL}127.0.0.1:3000"
|
85
105
|
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
106
|
+
YETTO_PLUG_PEM = fetch_document_secret(
|
107
|
+
fetched_secrets,
|
108
|
+
label: "YETTO_PLUG_PEM",
|
109
|
+
default: Rails.root.join("test/fixtures/files/fake_pem_file/fake.pem"),
|
110
|
+
)
|
111
|
+
|
112
|
+
YETTO_SIGNING_SECRET = fetch_document_secret(
|
113
|
+
fetched_secrets,
|
114
|
+
label: "YETTO_SIGNING_SECRET",
|
115
|
+
default: "super-secret",
|
116
|
+
)
|
117
|
+
|
118
|
+
YETTO_PLUG_ID = fetch_document_secret(
|
119
|
+
fetched_secrets,
|
120
|
+
label: "YETTO_PLUG_ID",
|
121
|
+
default: "plug-id",
|
122
|
+
)
|
90
123
|
end
|
data/lib/hephaestus/version.rb
CHANGED