legion-crypt 1.4.22 → 1.4.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/lib/legion/crypt/vault.rb +11 -1
- data/lib/legion/crypt/vault_cluster.rb +9 -1
- data/lib/legion/crypt/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bc1b26f800d0d5512ee35965b6700750bcfcacc5265042f749c3e56a973140c6
|
|
4
|
+
data.tar.gz: cb154b6f1c44688b9a7d4d41e4c125279c9c945b8b162da448c1b2f7b0bacb67
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4bf5a0be9d6c724dc0011508e7ce3ab23a8a9af46c7800fdd8a45711fa75e3569635bec16467d942306124c17c3a14c45bd161082b0e1c62a80c6172e9f050d9
|
|
7
|
+
data.tar.gz: cd5269888634c81cda229646c13db9a61a67c687430bda6b5202047a73f84fb480b55e1e39534fcadec348b34ee62f0c913723338b20c3ffba6e31943fa38922
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,11 @@
|
|
|
1
1
|
# Legion::Crypt
|
|
2
2
|
|
|
3
|
+
## [1.4.23] - 2026-03-27
|
|
4
|
+
|
|
5
|
+
### Fixed
|
|
6
|
+
- `connect_vault` now accepts Vault standby responses (429, 472, 473) as healthy, fixing connection failures against performance standby nodes
|
|
7
|
+
- `connect_all_clusters` uses the same standby-tolerant health check
|
|
8
|
+
|
|
3
9
|
## [1.4.22] - 2026-03-27
|
|
4
10
|
|
|
5
11
|
### Changed
|
data/lib/legion/crypt/vault.rb
CHANGED
|
@@ -32,7 +32,7 @@ module Legion
|
|
|
32
32
|
return nil if Legion::Settings[:crypt][:vault][:token].nil?
|
|
33
33
|
|
|
34
34
|
::Vault.token = Legion::Settings[:crypt][:vault][:token]
|
|
35
|
-
if
|
|
35
|
+
if vault_healthy?
|
|
36
36
|
Legion::Settings[:crypt][:vault][:connected] = true
|
|
37
37
|
Legion::Logging.info "Vault connected at #{::Vault.address}" if defined?(Legion::Logging)
|
|
38
38
|
end
|
|
@@ -48,6 +48,16 @@ module Legion
|
|
|
48
48
|
false
|
|
49
49
|
end
|
|
50
50
|
|
|
51
|
+
def vault_healthy?
|
|
52
|
+
::Vault.sys.health_status.initialized?
|
|
53
|
+
rescue ::Vault::HTTPError => e
|
|
54
|
+
# 429 = standby, 472 = DR secondary, 473 = performance standby
|
|
55
|
+
# All indicate an initialized, healthy Vault — just not the active node.
|
|
56
|
+
return true if e.message =~ /\b(429|472|473)\b/
|
|
57
|
+
|
|
58
|
+
raise
|
|
59
|
+
end
|
|
60
|
+
|
|
51
61
|
def read(path, type = 'legion')
|
|
52
62
|
full_path = type.nil? || type.empty? ? "#{type}/#{path}" : path
|
|
53
63
|
log_read_context(full_path)
|
|
@@ -53,7 +53,7 @@ module Legion
|
|
|
53
53
|
next unless config[:token]
|
|
54
54
|
|
|
55
55
|
client = vault_client(name)
|
|
56
|
-
config[:connected] = client
|
|
56
|
+
config[:connected] = cluster_healthy?(client)
|
|
57
57
|
results[name] = config[:connected]
|
|
58
58
|
log_cluster_connected(name, config) if config[:connected]
|
|
59
59
|
end
|
|
@@ -71,6 +71,14 @@ module Legion
|
|
|
71
71
|
|
|
72
72
|
private
|
|
73
73
|
|
|
74
|
+
def cluster_healthy?(client)
|
|
75
|
+
client.sys.health_status.initialized?
|
|
76
|
+
rescue ::Vault::HTTPError => e
|
|
77
|
+
return true if e.message =~ /\b(429|472|473)\b/
|
|
78
|
+
|
|
79
|
+
raise
|
|
80
|
+
end
|
|
81
|
+
|
|
74
82
|
def mark_vault_connected
|
|
75
83
|
return unless defined?(Legion::Settings)
|
|
76
84
|
|
data/lib/legion/crypt/version.rb
CHANGED