hephaestus 0.7.5.3 → 0.7.6.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c3194bd2f901487254193134cea8684e93c3c9610a1af40bec9ab3669a343b41
4
- data.tar.gz: cb07a5bcc0ec613ae2fa438fc10db957bf55cf222bb14c6ad5815a68bf2a0a96
3
+ metadata.gz: '06919e0eb77dd697814949c6277748199dad368b99aced6a743011977dda7ce2'
4
+ data.tar.gz: 42119352711937a4498fe284838c71ade955fa8dc4352a8ffd8ca753a9af0116
5
5
  SHA512:
6
- metadata.gz: 880abf42e09fe3b55aa0a48d1cc6acd5c42de3bb64c01400d821832beb01dfbab324fe40a0e32e4cc6d233e4a7972bb24de2b41142f7b5e5cc4fde68c37a852d
7
- data.tar.gz: cf22ec5af5aea6921156206f262ec49f8f63bca2d397140edf5cf7236001efea40a83ca991e54d7463211a5143a9a44e8afcb113b75f05dd09911f47419b0cf3
6
+ metadata.gz: a652f7316f064d9348d7edd9a77f70dfb909b0933afcaa2f754962766f9afdf76ec46e790d1ae2e78e449b8667ecfc93883caf2e4af11afad49fc1c448cfd77c
7
+ data.tar.gz: 67f9a6c742247a646eda858416ae232c8244c304f572cbe91fd676a817b68f71e0d9fd46e322e194e7a75e44c5a5bb902ab0e0b96296ae1f4fc95ce989ac728c
data/CHANGELOG.md CHANGED
@@ -1,3 +1,15 @@
1
+ # [v0.7.6.1] - 21-11-2024
2
+ ## What's Changed
3
+ * replace newlines by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/56
4
+
5
+
6
+ **Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.7.6...v0.7.6.1
7
+ # [v0.7.6] - 21-11-2024
8
+ ## What's Changed
9
+ * Load secrets more efficiently by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/54
10
+
11
+
12
+ **Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.7.5.3...v0.7.6
1
13
  # [v0.7.5.3] - 20-11-2024
2
14
  **Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.7.5.2...v0.7.5.3
3
15
  # [v0.7.5.2] - 20-11-2024
@@ -1,13 +1,7 @@
1
1
  # typed: false
2
2
  # frozen_string_literal: true
3
3
 
4
- def fetch_plug_env_secret(label:, default:)
5
- if productionish?
6
- op_read("op://Plug-#{plug_name}/#{ENV["RAILS_ENV"].capitalize}/#{label}")
7
- else
8
- ENV.fetch(label.to_s, default.is_a?(Pathname) ? default.read : default)
9
- end
10
- end
4
+ OP_VAULT_SECRETS = {}
11
5
 
12
6
  def fetch_infra_secret(label:, default:)
13
7
  if productionish?
@@ -17,9 +11,9 @@ def fetch_infra_secret(label:, default:)
17
11
  end
18
12
  end
19
13
 
20
- def fetch_document_secret(document_secrets, label:, default:)
14
+ def fetch_vault_secret(label:, default:)
21
15
  if productionish?
22
- document_secrets[label]
16
+ OP_VAULT_SECRETS.delete(label) || raise("Secret `#{label}` not found in 1Password")
23
17
  else
24
18
  ENV.fetch(label, default.is_a?(Pathname) ? default.read : default)
25
19
  end
@@ -31,10 +25,7 @@ def op_read(label)
31
25
  end
32
26
  end
33
27
 
34
- # technically, this gets every secret, including ones UNIQUE
35
- # to the platform, but we're not using those yet. feels "better"
36
- # to have the plugs manage those on their own
37
- def op_get_secrets(vault:, tag:)
28
+ def op_load_vault_into_env(vault:, tag:)
38
29
  %x(#{include_sudo?}op item list --vault #{vault} --tags #{tag} --format json | #{include_sudo?}op item get - --reveal --format=json).tap do
39
30
  raise "Failed to fetch value `#{vault}` for `#{tag}` from 1Password" unless $CHILD_STATUS.success?
40
31
  end
@@ -107,36 +98,34 @@ module Hephaestus
107
98
  "web.yetto.test"
108
99
  end
109
100
 
110
- # Every plug has these secrets; to reduce the amount of API calls to 1Password,
101
+ # Every plug has secrets; to reduce the amount of API calls to 1Password,
111
102
  # we can grab one document that contains all the secrets we need
112
103
  if productionish?
113
104
  check_dependencies!
114
- fetched_secrets = op_get_secrets(vault: "Plug-#{plug_name}", tag: ENV["RAILS_ENV"])
105
+ res = JSON.parse(op_load_vault_into_env(vault: "Plug-#{plug_name}", tag: ENV["RAILS_ENV"]))
106
+ ["Common", "Unique", "Yetto"].each do |section_label|
107
+ res["fields"].select { |f| f["section"] && f["section"]["label"] }.each do |field|
108
+ next unless field["section"]["label"] == section_label
109
+
110
+ OP_VAULT_SECRETS[field["label"]] = field["value"].gsub("\\n", "\n")
111
+ end
112
+ end
115
113
  end
116
114
 
117
- SLACK_LOG_URL = fetch_document_secret(
118
- fetched_secrets,
119
- label: "SLACK_LOG_URL",
120
- default: "https://slack.com/the_log_room",
121
- )
122
-
123
115
  YETTO_API_URL = "#{YETTO_URL}/api"
124
116
  YETTO_REDIRECT_URL = productionish? ? "#{PROTOCOL}#{YETTO_URL}" : "#{PROTOCOL}127.0.0.1:3000"
125
117
 
126
- YETTO_PLUG_PEM = fetch_document_secret(
127
- fetched_secrets,
118
+ YETTO_PLUG_PEM = fetch_vault_secret(
128
119
  label: "YETTO_PLUG_PEM",
129
120
  default: Rails.root.join("test/fixtures/files/fake_pem_file/fake.pem"),
130
121
  )
131
122
 
132
- YETTO_SIGNING_SECRET = fetch_document_secret(
133
- fetched_secrets,
123
+ YETTO_SIGNING_SECRET = fetch_vault_secret(
134
124
  label: "YETTO_SIGNING_SECRET",
135
125
  default: "super-secret",
136
126
  )
137
127
 
138
- YETTO_PLUG_ID = fetch_document_secret(
139
- fetched_secrets,
128
+ YETTO_PLUG_ID = fetch_vault_secret(
140
129
  label: "YETTO_PLUG_ID",
141
130
  default: "plug-id",
142
131
  )
@@ -5,7 +5,7 @@ unless Rails.env.development?
5
5
  # establish the environment for OTEL
6
6
  ENV["OTEL_EXPORTER_OTLP_ENDPOINT"] = "https://api.honeycomb.io"
7
7
 
8
- ENV["OTEL_EXPORTER_OTLP_HEADERS"] = fetch_plug_env_secret(
8
+ ENV["OTEL_EXPORTER_OTLP_HEADERS"] = fetch_vault_secret(
9
9
  label: "OTEL_EXPORTER_OTLP_HEADERS",
10
10
  default: "x-honeycomb-team=your-api-key",
11
11
  )
@@ -3,21 +3,20 @@
3
3
 
4
4
  require "slack_webhook_logger"
5
5
 
6
- Rails.application.configure do
7
- config.after_initialize do
8
- SlackWebhookLogger.setup do |config|
9
- # Webhook URL
10
- #
11
- # The URL where messages will be sent.
12
- config.webhook_url = Hephaestus::SLACK_LOG_URL
6
+ SlackWebhookLogger.setup do |config|
7
+ # Webhook URL
8
+ #
9
+ # The URL where messages will be sent.
10
+ config.webhook_url = fetch_infra_secret(
11
+ label: "SLACK_LOG_URL",
12
+ default: "https://slack.com/the_log_room",
13
+ )
13
14
 
14
- # The minimum error level to see in Slack.
15
- #
16
- # All log levels are supported, but don't do anything less then :warn since Slack only allows one message
17
- # per minute.
18
- config.level = :WARN
15
+ # The minimum error level to see in Slack.
16
+ #
17
+ # All log levels are supported, but don't do anything less then :warn since Slack only allows one message
18
+ # per minute.
19
+ config.level = :WARN
19
20
 
20
- config.ignore_patterns = [/Can't verify CSRF token authenticity/, /is not a valid MIME type/]
21
- end
22
- end
21
+ config.ignore_patterns = [/Can't verify CSRF token authenticity/, /is not a valid MIME type/]
23
22
  end
@@ -2,7 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Hephaestus
5
- VERSION = "0.7.5.3"
5
+ VERSION = "0.7.6.1"
6
6
  RAILS_VERSION = ">= 8.0"
7
7
  RUBY_VERSION = File
8
8
  .read("#{File.dirname(__FILE__)}/../../.ruby-version")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hephaestus
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.5.3
4
+ version: 0.7.6.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Garen Torikian
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-11-20 00:00:00.000000000 Z
11
+ date: 2024-11-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bootsnap