hephaestus 0.7.5.3 → 0.7.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/config/initializers/environment.rb +16 -27
  4. data/config/initializers/opentelemetry.rb +1 -1
  5. data/config/initializers/slack_webhook_logger.rb +14 -15
  6. data/lib/hephaestus/version.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c3194bd2f901487254193134cea8684e93c3c9610a1af40bec9ab3669a343b41
4
- data.tar.gz: cb07a5bcc0ec613ae2fa438fc10db957bf55cf222bb14c6ad5815a68bf2a0a96
3
+ metadata.gz: cc016523474a74823d81c878a1a279cb3cfe00daf689d38a02a3de54b8299964
4
+ data.tar.gz: 59a8eb2d832eab4c0c37b823bfb1742324a09784f4b8ffbb3f94ad7db1c494de
5
5
  SHA512:
6
- metadata.gz: 880abf42e09fe3b55aa0a48d1cc6acd5c42de3bb64c01400d821832beb01dfbab324fe40a0e32e4cc6d233e4a7972bb24de2b41142f7b5e5cc4fde68c37a852d
7
- data.tar.gz: cf22ec5af5aea6921156206f262ec49f8f63bca2d397140edf5cf7236001efea40a83ca991e54d7463211a5143a9a44e8afcb113b75f05dd09911f47419b0cf3
6
+ metadata.gz: c3f0c865085e36bf0dc53a0a16e40427df51c7e36d057a40c06d5c0438ae08549898343b298fdf0a05b4bc27035ec40d52a3958f74b523f0c896eaaa797ff9b2
7
+ data.tar.gz: 582c6d71cff598db2c910198d2095f33f60a3a348b4271bd738cd2f3a2c51414fff8a13c59304f14f7877439569a7bfd75a42b84392d1bdd8364bb3d6650bfec
data/CHANGELOG.md CHANGED
@@ -1,3 +1,9 @@
1
+ # [v0.7.6] - 21-11-2024
2
+ ## What's Changed
3
+ * Load secrets more efficiently by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/54
4
+
5
+
6
+ **Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.7.5.3...v0.7.6
1
7
  # [v0.7.5.3] - 20-11-2024
2
8
  **Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.7.5.2...v0.7.5.3
3
9
  # [v0.7.5.2] - 20-11-2024
data/config/initializers/environment.rb CHANGED
@@ -1,13 +1,7 @@
1
1
  # typed: false
2
2
  # frozen_string_literal: true
3
3
 
4
- def fetch_plug_env_secret(label:, default:)
5
- if productionish?
6
- op_read("op://Plug-#{plug_name}/#{ENV["RAILS_ENV"].capitalize}/#{label}")
7
- else
8
- ENV.fetch(label.to_s, default.is_a?(Pathname) ? default.read : default)
9
- end
10
- end
4
+ OP_VAULT_SECRETS = {}
11
5
 
12
6
  def fetch_infra_secret(label:, default:)
13
7
  if productionish?
@@ -17,9 +11,9 @@ def fetch_infra_secret(label:, default:)
17
11
  end
18
12
  end
19
13
 
20
- def fetch_document_secret(document_secrets, label:, default:)
14
+ def fetch_vault_secret(label:, default:)
21
15
  if productionish?
22
- document_secrets[label]
16
+ OP_VAULT_SECRETS.delete(label) || raise("Secret `#{label}` not found in 1Password")
23
17
  else
24
18
  ENV.fetch(label, default.is_a?(Pathname) ? default.read : default)
25
19
  end
@@ -31,10 +25,7 @@ def op_read(label)
31
25
  end
32
26
  end
33
27
 
34
- # technically, this gets every secret, including ones UNIQUE
35
- # to the platform, but we're not using those yet. feels "better"
36
- # to have the plugs manage those on their own
37
- def op_get_secrets(vault:, tag:)
28
+ def op_load_vault_into_env(vault:, tag:)
38
29
  %x(#{include_sudo?}op item list --vault #{vault} --tags #{tag} --format json | #{include_sudo?}op item get - --reveal --format=json).tap do
39
30
  raise "Failed to fetch value `#{vault}` for `#{tag}` from 1Password" unless $CHILD_STATUS.success?
40
31
  end
@@ -107,36 +98,34 @@ module Hephaestus
107
98
  "web.yetto.test"
108
99
  end
109
100
 
110
- # Every plug has these secrets; to reduce the amount of API calls to 1Password,
101
+ # Every plug has secrets; to reduce the amount of API calls to 1Password,
111
102
  # we can grab one document that contains all the secrets we need
112
103
  if productionish?
113
104
  check_dependencies!
114
- fetched_secrets = op_get_secrets(vault: "Plug-#{plug_name}", tag: ENV["RAILS_ENV"])
105
+ res = JSON.parse(op_load_vault_into_env(vault: "Plug-#{plug_name}", tag: ENV["RAILS_ENV"]))
106
+ ["Common", "Unique", "Yetto"].each do |section_label|
107
+ res["fields"].select { |f| f["section"] && f["section"]["label"] }.each do |field|
108
+ next unless field["section"]["label"] == section_label
109
+
110
+ OP_VAULT_SECRETS[field["label"]] = field["value"]
111
+ end
112
+ end
115
113
  end
116
114
 
117
- SLACK_LOG_URL = fetch_document_secret(
118
- fetched_secrets,
119
- label: "SLACK_LOG_URL",
120
- default: "https://slack.com/the_log_room",
121
- )
122
-
123
115
  YETTO_API_URL = "#{YETTO_URL}/api"
124
116
  YETTO_REDIRECT_URL = productionish? ? "#{PROTOCOL}#{YETTO_URL}" : "#{PROTOCOL}127.0.0.1:3000"
125
117
 
126
- YETTO_PLUG_PEM = fetch_document_secret(
127
- fetched_secrets,
118
+ YETTO_PLUG_PEM = fetch_vault_secret(
128
119
  label: "YETTO_PLUG_PEM",
129
120
  default: Rails.root.join("test/fixtures/files/fake_pem_file/fake.pem"),
130
121
  )
131
122
 
132
- YETTO_SIGNING_SECRET = fetch_document_secret(
133
- fetched_secrets,
123
+ YETTO_SIGNING_SECRET = fetch_vault_secret(
134
124
  label: "YETTO_SIGNING_SECRET",
135
125
  default: "super-secret",
136
126
  )
137
127
 
138
- YETTO_PLUG_ID = fetch_document_secret(
139
- fetched_secrets,
128
+ YETTO_PLUG_ID = fetch_vault_secret(
140
129
  label: "YETTO_PLUG_ID",
141
130
  default: "plug-id",
142
131
  )
data/config/initializers/opentelemetry.rb CHANGED
@@ -5,7 +5,7 @@ unless Rails.env.development?
5
5
  # establish the environment for OTEL
6
6
  ENV["OTEL_EXPORTER_OTLP_ENDPOINT"] = "https://api.honeycomb.io"
7
7
 
8
- ENV["OTEL_EXPORTER_OTLP_HEADERS"] = fetch_plug_env_secret(
8
+ ENV["OTEL_EXPORTER_OTLP_HEADERS"] = fetch_vault_secret(
9
9
  label: "OTEL_EXPORTER_OTLP_HEADERS",
10
10
  default: "x-honeycomb-team=your-api-key",
11
11
  )
data/config/initializers/slack_webhook_logger.rb CHANGED
@@ -3,21 +3,20 @@
3
3
 
4
4
  require "slack_webhook_logger"
5
5
 
6
- Rails.application.configure do
7
- config.after_initialize do
8
- SlackWebhookLogger.setup do |config|
9
- # Webhook URL
10
- #
11
- # The URL where messages will be sent.
12
- config.webhook_url = Hephaestus::SLACK_LOG_URL
6
+ SlackWebhookLogger.setup do |config|
7
+ # Webhook URL
8
+ #
9
+ # The URL where messages will be sent.
10
+ config.webhook_url = fetch_infra_secret(
11
+ label: "SLACK_LOG_URL",
12
+ default: "https://slack.com/the_log_room",
13
+ )
13
14
 
14
- # The minimum error level to see in Slack.
15
- #
16
- # All log levels are supported, but don't do anything less then :warn since Slack only allows one message
17
- # per minute.
18
- config.level = :WARN
15
+ # The minimum error level to see in Slack.
16
+ #
17
+ # All log levels are supported, but don't do anything less then :warn since Slack only allows one message
18
+ # per minute.
19
+ config.level = :WARN
19
20
 
20
- config.ignore_patterns = [/Can't verify CSRF token authenticity/, /is not a valid MIME type/]
21
- end
22
- end
21
+ config.ignore_patterns = [/Can't verify CSRF token authenticity/, /is not a valid MIME type/]
23
22
  end
data/lib/hephaestus/version.rb CHANGED
@@ -2,7 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Hephaestus
5
- VERSION = "0.7.5.3"
5
+ VERSION = "0.7.6"
6
6
  RAILS_VERSION = ">= 8.0"
7
7
  RUBY_VERSION = File
8
8
  .read("#{File.dirname(__FILE__)}/../../.ruby-version")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hephaestus
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.5.3
4
+ version: 0.7.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Garen Torikian
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-11-20 00:00:00.000000000 Z
11
+ date: 2024-11-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bootsnap