RubyGems - hephaestus - Versions diffs - 0.7.5.3 → 0.7.6.1 - Mend

hephaestus 0.7.5.3 → 0.7.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +12 -0
data/config/initializers/environment.rb +16 -27
data/config/initializers/opentelemetry.rb +1 -1
data/config/initializers/slack_webhook_logger.rb +14 -15
data/lib/hephaestus/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c3194bd2f901487254193134cea8684e93c3c9610a1af40bec9ab3669a343b41
-  data.tar.gz: cb07a5bcc0ec613ae2fa438fc10db957bf55cf222bb14c6ad5815a68bf2a0a96
+  metadata.gz: '06919e0eb77dd697814949c6277748199dad368b99aced6a743011977dda7ce2'
+  data.tar.gz: 42119352711937a4498fe284838c71ade955fa8dc4352a8ffd8ca753a9af0116
 SHA512:
-  metadata.gz: 880abf42e09fe3b55aa0a48d1cc6acd5c42de3bb64c01400d821832beb01dfbab324fe40a0e32e4cc6d233e4a7972bb24de2b41142f7b5e5cc4fde68c37a852d
-  data.tar.gz: cf22ec5af5aea6921156206f262ec49f8f63bca2d397140edf5cf7236001efea40a83ca991e54d7463211a5143a9a44e8afcb113b75f05dd09911f47419b0cf3
+  metadata.gz: a652f7316f064d9348d7edd9a77f70dfb909b0933afcaa2f754962766f9afdf76ec46e790d1ae2e78e449b8667ecfc93883caf2e4af11afad49fc1c448cfd77c
+  data.tar.gz: 67f9a6c742247a646eda858416ae232c8244c304f572cbe91fd676a817b68f71e0d9fd46e322e194e7a75e44c5a5bb902ab0e0b96296ae1f4fc95ce989ac728c

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,15 @@
+# [v0.7.6.1] - 21-11-2024
+## What's Changed
+* replace newlines by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/56
+**Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.7.6...v0.7.6.1
+# [v0.7.6] - 21-11-2024
+## What's Changed
+* Load secrets more efficiently by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/54
+**Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.7.5.3...v0.7.6
 # [v0.7.5.3] - 20-11-2024
 **Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.7.5.2...v0.7.5.3
 # [v0.7.5.2] - 20-11-2024

data/config/initializers/environment.rb CHANGED Viewed

@@ -1,13 +1,7 @@
 # typed: false
 # frozen_string_literal: true
-def fetch_plug_env_secret(label:, default:)
-  if productionish?
-    op_read("op://Plug-#{plug_name}/#{ENV["RAILS_ENV"].capitalize}/#{label}")
-  else
-    ENV.fetch(label.to_s, default.is_a?(Pathname) ? default.read : default)
-  end
-end
+OP_VAULT_SECRETS = {}
 def fetch_infra_secret(label:, default:)
   if productionish?
@@ -17,9 +11,9 @@ def fetch_infra_secret(label:, default:)
   end
 end
-def fetch_document_secret(document_secrets, label:, default:)
+def fetch_vault_secret(label:, default:)
   if productionish?
-    document_secrets[label]
+    OP_VAULT_SECRETS.delete(label) || raise("Secret `#{label}` not found in 1Password")
   else
     ENV.fetch(label, default.is_a?(Pathname) ? default.read : default)
   end
@@ -31,10 +25,7 @@ def op_read(label)
   end
 end
-# technically, this gets every secret, including ones UNIQUE
-# to the platform, but we're not using those yet. feels "better"
-# to have the plugs manage those on their own
-def op_get_secrets(vault:, tag:)
+def op_load_vault_into_env(vault:, tag:)
   %x(#{include_sudo?}op item list --vault #{vault} --tags #{tag} --format json | #{include_sudo?}op item get - --reveal --format=json).tap do
     raise "Failed to fetch value `#{vault}` for `#{tag}` from 1Password" unless $CHILD_STATUS.success?
   end
@@ -107,36 +98,34 @@ module Hephaestus
     "web.yetto.test"
   end
-  # Every plug has these secrets; to reduce the amount of API calls to 1Password,
+  # Every plug has secrets; to reduce the amount of API calls to 1Password,
   # we can grab one document that contains all the secrets we need
   if productionish?
     check_dependencies!
-    fetched_secrets = op_get_secrets(vault: "Plug-#{plug_name}", tag: ENV["RAILS_ENV"])
+    res = JSON.parse(op_load_vault_into_env(vault: "Plug-#{plug_name}", tag: ENV["RAILS_ENV"]))
+    ["Common", "Unique", "Yetto"].each do |section_label|
+      res["fields"].select { |f| f["section"] && f["section"]["label"] }.each do |field|
+        next unless field["section"]["label"] == section_label
+        OP_VAULT_SECRETS[field["label"]] = field["value"].gsub("\\n", "\n")
+      end
+    end
   end
-  SLACK_LOG_URL = fetch_document_secret(
-    fetched_secrets,
-    label: "SLACK_LOG_URL",
-    default: "https://slack.com/the_log_room",
-  )
   YETTO_API_URL = "#{YETTO_URL}/api"
   YETTO_REDIRECT_URL = productionish? ? "#{PROTOCOL}#{YETTO_URL}" : "#{PROTOCOL}127.0.0.1:3000"
-  YETTO_PLUG_PEM = fetch_document_secret(
-    fetched_secrets,
+  YETTO_PLUG_PEM = fetch_vault_secret(
     label: "YETTO_PLUG_PEM",
     default: Rails.root.join("test/fixtures/files/fake_pem_file/fake.pem"),
   )
-  YETTO_SIGNING_SECRET = fetch_document_secret(
-    fetched_secrets,
+  YETTO_SIGNING_SECRET = fetch_vault_secret(
     label: "YETTO_SIGNING_SECRET",
     default: "super-secret",
   )
-  YETTO_PLUG_ID = fetch_document_secret(
-    fetched_secrets,
+  YETTO_PLUG_ID = fetch_vault_secret(
     label: "YETTO_PLUG_ID",
     default: "plug-id",
   )

data/config/initializers/opentelemetry.rb CHANGED Viewed

@@ -5,7 +5,7 @@ unless Rails.env.development?
   # establish the environment for OTEL
   ENV["OTEL_EXPORTER_OTLP_ENDPOINT"] = "https://api.honeycomb.io"
-  ENV["OTEL_EXPORTER_OTLP_HEADERS"] = fetch_plug_env_secret(
+  ENV["OTEL_EXPORTER_OTLP_HEADERS"] = fetch_vault_secret(
     label: "OTEL_EXPORTER_OTLP_HEADERS",
     default: "x-honeycomb-team=your-api-key",
   )

data/config/initializers/slack_webhook_logger.rb CHANGED Viewed

@@ -3,21 +3,20 @@
 require "slack_webhook_logger"
-Rails.application.configure do
-  config.after_initialize do
-    SlackWebhookLogger.setup do |config|
-      # Webhook URL
-      #
-      # The URL where messages will be sent.
-      config.webhook_url = Hephaestus::SLACK_LOG_URL
+SlackWebhookLogger.setup do |config|
+  # Webhook URL
+  #
+  # The URL where messages will be sent.
+  config.webhook_url = fetch_infra_secret(
+    label: "SLACK_LOG_URL",
+    default: "https://slack.com/the_log_room",
+  )
-      # The minimum error level to see in Slack.
-      #
-      # All log levels are supported, but don't do anything less then :warn since Slack only allows one message
-      # per minute.
-      config.level = :WARN
+  # The minimum error level to see in Slack.
+  #
+  # All log levels are supported, but don't do anything less then :warn since Slack only allows one message
+  # per minute.
+  config.level = :WARN
-      config.ignore_patterns = [/Can't verify CSRF token authenticity/, /is not a valid MIME type/]
-    end
-  end
+  config.ignore_patterns = [/Can't verify CSRF token authenticity/, /is not a valid MIME type/]
 end

data/lib/hephaestus/version.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 # frozen_string_literal: true
 module Hephaestus
-  VERSION = "0.7.5.3"
+  VERSION = "0.7.6.1"
   RAILS_VERSION = ">= 8.0"
   RUBY_VERSION = File
     .read("#{File.dirname(__FILE__)}/../../.ruby-version")

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hephaestus
 version: !ruby/object:Gem::Version
-  version: 0.7.5.3
+  version: 0.7.6.1
 platform: ruby
 authors:
 - Garen Torikian
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-11-20 00:00:00.000000000 Z
+date: 2024-11-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bootsnap