kubes_aws 0.1.0 → 0.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/kubes_aws.gemspec +3 -0
- data/lib/kubes_aws/config.rb +21 -0
- data/lib/kubes_aws/helpers.rb +20 -0
- data/lib/kubes_aws/iam_role.rb +21 -2
- data/lib/kubes_aws/open_id.rb +1 -1
- data/lib/kubes_aws/secrets/fetcher.rb +30 -0
- data/lib/kubes_aws/secrets.rb +1 -1
- data/lib/kubes_aws/{aws_services.rb → services.rb} +3 -1
- data/lib/kubes_aws/ssm/fetcher.rb +35 -0
- data/lib/kubes_aws/ssm.rb +1 -3
- data/lib/kubes_aws/version.rb +1 -1
- data/lib/kubes_aws.rb +21 -0
- metadata +36 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 51843bf4cdbc25ea7fa4b3242db97e60cb064f25b6f338025978f415a89f0100
|
|
4
|
+
data.tar.gz: 118be0962ba9aff6428c8438780fe21991be278eeab0a9f5b6646fe94de74d5e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9633e441c03d375c306a4081d4c7c71ccd0cf14c976cb1986599749d15161de0647fc2cda9e4d58916f13cc2560d9777e61f34e6b3055bbb978b54655de8aeea
|
|
7
|
+
data.tar.gz: c1b5bb8c8349e1fff848ce0dd266fc8a0db7cd60ab0625b21f81aa948f813b503d39ccc04fde23d544ff083ddb71880f0f385386e297d03fca652122f4eeaca3
|
data/CHANGELOG.md
CHANGED
|
@@ -3,5 +3,18 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
|
5
5
|
|
|
6
|
+
## [0.3.2] - 2022-02-16
|
|
7
|
+
- [#5](https://github.com/boltops-tools/kubes_aws/pull/5) aws_secret_data helper
|
|
8
|
+
- improve iam role infer_cluster
|
|
9
|
+
|
|
10
|
+
## [0.3.1] - 2020-11-12
|
|
11
|
+
- [#3](https://github.com/boltops-tools/kubes_aws/pull/3) rename secrets.base64 option
|
|
12
|
+
|
|
13
|
+
## [0.3.0] - 2020-11-11
|
|
14
|
+
- [#2](https://github.com/boltops-tools/kubes_aws/pull/2) Config interface and secrets.base64 setting. smarter base64 option
|
|
15
|
+
|
|
16
|
+
## [0.2.0]
|
|
17
|
+
- #1 helpers: aws_secret, aws_ssm
|
|
18
|
+
|
|
6
19
|
## [0.1.0]
|
|
7
20
|
- Initial release.
|
data/kubes_aws.gemspec
CHANGED
|
@@ -23,6 +23,7 @@ Gem::Specification.new do |spec|
|
|
|
23
23
|
spec.require_paths = ["lib"]
|
|
24
24
|
|
|
25
25
|
spec.add_dependency "activesupport"
|
|
26
|
+
spec.add_dependency "aws-sdk-ecr"
|
|
26
27
|
spec.add_dependency "aws-sdk-eks"
|
|
27
28
|
spec.add_dependency "aws-sdk-iam"
|
|
28
29
|
spec.add_dependency "aws-sdk-secretsmanager"
|
|
@@ -30,4 +31,6 @@ Gem::Specification.new do |spec|
|
|
|
30
31
|
spec.add_dependency "aws_data"
|
|
31
32
|
spec.add_dependency "memoist"
|
|
32
33
|
spec.add_dependency "zeitwerk"
|
|
34
|
+
|
|
35
|
+
spec.add_development_dependency "kubes"
|
|
33
36
|
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module KubesAws
|
|
2
|
+
class Config
|
|
3
|
+
include Singleton
|
|
4
|
+
|
|
5
|
+
def defaults
|
|
6
|
+
c = ActiveSupport::OrderedOptions.new
|
|
7
|
+
c.secrets = ActiveSupport::OrderedOptions.new
|
|
8
|
+
c.secrets.base64 = true
|
|
9
|
+
c
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
@@config = nil
|
|
13
|
+
def config
|
|
14
|
+
@@config ||= defaults
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def configure
|
|
18
|
+
yield(config)
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
module KubesAws
|
|
2
|
+
module Helpers
|
|
3
|
+
extend Memoist
|
|
4
|
+
include Services
|
|
5
|
+
|
|
6
|
+
def aws_secret(name, options={})
|
|
7
|
+
fetcher = Secrets::Fetcher.new(options)
|
|
8
|
+
fetcher.fetch(name)
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def aws_ssm(name, options={})
|
|
12
|
+
fetcher = SSM::Fetcher.new(options)
|
|
13
|
+
fetcher.fetch(name)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def aws_secret_data(name, options={})
|
|
17
|
+
generic_secret_data(:aws_secret, name, options)
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
data/lib/kubes_aws/iam_role.rb
CHANGED
|
@@ -5,19 +5,20 @@ require "json"
|
|
|
5
5
|
module KubesAws
|
|
6
6
|
class IamRole
|
|
7
7
|
extend Memoist
|
|
8
|
-
include
|
|
8
|
+
include Services
|
|
9
9
|
include Logging
|
|
10
10
|
include Prebaked
|
|
11
11
|
|
|
12
12
|
# public method to keep: role_name
|
|
13
13
|
attr_reader :role_name
|
|
14
|
-
def initialize(app:, cluster
|
|
14
|
+
def initialize(app:, cluster:nil, namespace:nil, managed_policies: [], inline_policies: [], role_name: nil, ksa: nil)
|
|
15
15
|
@app, @cluster, @managed_policies, @inline_policies = app, cluster, managed_policies, inline_policies
|
|
16
16
|
|
|
17
17
|
# conventional names
|
|
18
18
|
@ksa = ksa || @app # convention: app
|
|
19
19
|
@namespace = namespace || "#{@app}-#{Kubes.env}" # convention: app-env
|
|
20
20
|
@role_name = role_name || "#{@app}-#{Kubes.env}" # convention: app-env
|
|
21
|
+
@cluster ||= infer_cluster
|
|
21
22
|
end
|
|
22
23
|
|
|
23
24
|
def call
|
|
@@ -27,6 +28,24 @@ module KubesAws
|
|
|
27
28
|
add_inline_policies
|
|
28
29
|
end
|
|
29
30
|
|
|
31
|
+
# Attempts to infer the EKS cluster name using kubectl
|
|
32
|
+
def infer_cluster
|
|
33
|
+
command = "kubectl config view --minify --output 'jsonpath={..contexts..context.cluster}'"
|
|
34
|
+
out = `#{command}`
|
|
35
|
+
success = $?.success?
|
|
36
|
+
name = out.split('/').last
|
|
37
|
+
if !success or name.blank?
|
|
38
|
+
logger.error <<~EOL.color(:red)
|
|
39
|
+
ERROR: unable to determine EKS cluster name. Please specify it in:
|
|
40
|
+
|
|
41
|
+
KubesAws::IamRole.new
|
|
42
|
+
|
|
43
|
+
EOL
|
|
44
|
+
exit 1
|
|
45
|
+
end
|
|
46
|
+
name
|
|
47
|
+
end
|
|
48
|
+
|
|
30
49
|
def add_inline_policies
|
|
31
50
|
@inline_policies.each do |policy|
|
|
32
51
|
params = normalize_inline_policy(policy)
|
data/lib/kubes_aws/open_id.rb
CHANGED
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
class KubesAws::Secrets
|
|
2
|
+
class Fetcher
|
|
3
|
+
include KubesAws::Logging
|
|
4
|
+
include KubesAws::Services
|
|
5
|
+
|
|
6
|
+
def initialize(options={})
|
|
7
|
+
@options = options
|
|
8
|
+
@base64 = options[:base64]
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def fetch(secret_id)
|
|
12
|
+
value = fetch_value(secret_id)
|
|
13
|
+
value = Base64.strict_encode64(value).strip if base64?
|
|
14
|
+
value
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def base64?
|
|
18
|
+
@base64.nil? ? KubesAws.config.secrets.base64 : @base64
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def fetch_value(secret_id)
|
|
22
|
+
secret_value = secrets.get_secret_value(secret_id: secret_id)
|
|
23
|
+
secret_value.secret_string
|
|
24
|
+
rescue Aws::SecretsManager::Errors::ResourceNotFoundException => e
|
|
25
|
+
logger.info "WARN: secret_id #{secret_id} not found".color(:yellow)
|
|
26
|
+
logger.info e.message
|
|
27
|
+
"NOT FOUND #{secret_id}" # simple string so Kubernetes YAML is valid
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
data/lib/kubes_aws/secrets.rb
CHANGED
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
class KubesAws::SSM
|
|
2
|
+
class Fetcher
|
|
3
|
+
include KubesAws::Logging
|
|
4
|
+
include KubesAws::Services
|
|
5
|
+
|
|
6
|
+
def initialize(options={})
|
|
7
|
+
@options = options
|
|
8
|
+
@base64 = options[:base64]
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def fetch(name)
|
|
12
|
+
parameter = fetch_parameter(name)
|
|
13
|
+
value = parameter.value
|
|
14
|
+
value = Base64.strict_encode64(value).strip if base64?(parameter.type)
|
|
15
|
+
value
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def base64?(type)
|
|
19
|
+
if @base64.nil?
|
|
20
|
+
type == "SecureString"
|
|
21
|
+
else
|
|
22
|
+
@base64
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def fetch_parameter(name)
|
|
27
|
+
resp = ssm.get_parameter(name: name, with_decryption: true)
|
|
28
|
+
resp.parameter
|
|
29
|
+
rescue Aws::SSM::Errors::ParameterNotFound => e
|
|
30
|
+
logger.info "WARN: name #{name} not found".color(:yellow)
|
|
31
|
+
logger.info e.message
|
|
32
|
+
"NOT FOUND #{name}" # simple string so Kubernetes YAML is valid
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
data/lib/kubes_aws/ssm.rb
CHANGED
data/lib/kubes_aws/version.rb
CHANGED
data/lib/kubes_aws.rb
CHANGED
|
@@ -16,5 +16,26 @@ module KubesAws
|
|
|
16
16
|
@@logger = v
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
+
# Friendlier method configure.
|
|
20
|
+
#
|
|
21
|
+
# .kubes/config/env/dev.rb
|
|
22
|
+
# .kubes/config/plugins/google.rb # also works
|
|
23
|
+
#
|
|
24
|
+
# Example:
|
|
25
|
+
#
|
|
26
|
+
# KubesGoogle.configure do |config|
|
|
27
|
+
# config.hooks.gke_whitelist = true
|
|
28
|
+
# end
|
|
29
|
+
#
|
|
30
|
+
def configure(&block)
|
|
31
|
+
Config.instance.configure(&block)
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def config
|
|
35
|
+
Config.instance.config
|
|
36
|
+
end
|
|
37
|
+
|
|
19
38
|
extend self
|
|
20
39
|
end
|
|
40
|
+
|
|
41
|
+
Kubes::Plugin.register(KubesAws)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: kubes_aws
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tung Nguyen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-02-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -24,6 +24,20 @@ dependencies:
|
|
|
24
24
|
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: '0'
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: aws-sdk-ecr
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - ">="
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '0'
|
|
34
|
+
type: :runtime
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - ">="
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: '0'
|
|
27
41
|
- !ruby/object:Gem::Dependency
|
|
28
42
|
name: aws-sdk-eks
|
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -122,6 +136,20 @@ dependencies:
|
|
|
122
136
|
- - ">="
|
|
123
137
|
- !ruby/object:Gem::Version
|
|
124
138
|
version: '0'
|
|
139
|
+
- !ruby/object:Gem::Dependency
|
|
140
|
+
name: kubes
|
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
|
142
|
+
requirements:
|
|
143
|
+
- - ">="
|
|
144
|
+
- !ruby/object:Gem::Version
|
|
145
|
+
version: '0'
|
|
146
|
+
type: :development
|
|
147
|
+
prerelease: false
|
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
149
|
+
requirements:
|
|
150
|
+
- - ">="
|
|
151
|
+
- !ruby/object:Gem::Version
|
|
152
|
+
version: '0'
|
|
125
153
|
description:
|
|
126
154
|
email:
|
|
127
155
|
- tung@boltops.com
|
|
@@ -139,13 +167,17 @@ files:
|
|
|
139
167
|
- kubes_aws.gemspec
|
|
140
168
|
- lib/kubes_aws.rb
|
|
141
169
|
- lib/kubes_aws/autoloader.rb
|
|
142
|
-
- lib/kubes_aws/
|
|
170
|
+
- lib/kubes_aws/config.rb
|
|
171
|
+
- lib/kubes_aws/helpers.rb
|
|
143
172
|
- lib/kubes_aws/iam_role.rb
|
|
144
173
|
- lib/kubes_aws/iam_role/prebaked.rb
|
|
145
174
|
- lib/kubes_aws/logging.rb
|
|
146
175
|
- lib/kubes_aws/open_id.rb
|
|
147
176
|
- lib/kubes_aws/secrets.rb
|
|
177
|
+
- lib/kubes_aws/secrets/fetcher.rb
|
|
178
|
+
- lib/kubes_aws/services.rb
|
|
148
179
|
- lib/kubes_aws/ssm.rb
|
|
180
|
+
- lib/kubes_aws/ssm/fetcher.rb
|
|
149
181
|
- lib/kubes_aws/version.rb
|
|
150
182
|
homepage: https://github.com/boltops-tools/kubes_aws
|
|
151
183
|
licenses:
|
|
@@ -167,7 +199,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
167
199
|
- !ruby/object:Gem::Version
|
|
168
200
|
version: '0'
|
|
169
201
|
requirements: []
|
|
170
|
-
rubygems_version: 3.
|
|
202
|
+
rubygems_version: 3.2.32
|
|
171
203
|
signing_key:
|
|
172
204
|
specification_version: 4
|
|
173
205
|
summary: Kubes AWS Helpers Library
|