legion-settings 1.3.19 → 1.3.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -1
- data/CLAUDE.md +5 -1
- data/README.md +1 -1
- data/lib/legion/settings/loader.rb +9 -3
- data/lib/legion/settings/resolver.rb +13 -4
- data/lib/legion/settings/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 24640e14063c9f922ecb738b9cb1fc9fea8599dd2e721263aa6bbe940be65f3c
|
|
4
|
+
data.tar.gz: cf387ebcb1d7f6d7b52427dcc1283b7bbee9895f35be05cc7dffb63e1db3c367
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2a672dd08c5af2adacc95c7b47c8dc8c279c49c6a212c11a02663eb42c1624b232c509b180af753b06e963fa7998c2e831ee86644d834bcaa0145e2f53794b03
|
|
7
|
+
data.tar.gz: 5e7683ce7fd420785dc3d011410de328efeaa5df79ccfed19c2549e9b071dfcb4fa2b57b30245b4c4b5d513c6cc6da4205a67097332a812b998e3e26676a446a
|
data/CHANGELOG.md
CHANGED
|
@@ -1,11 +1,19 @@
|
|
|
1
1
|
# Legion::Settings Changelog
|
|
2
2
|
|
|
3
|
-
## [
|
|
3
|
+
## [1.3.21] - 2026-03-27
|
|
4
|
+
|
|
5
|
+
### Fixed
|
|
6
|
+
- Prefer RFC-1918 private addresses over CGNAT (100.64.0.0/10) in client IP detection
|
|
7
|
+
|
|
8
|
+
## [1.3.20] - 2026-03-27
|
|
4
9
|
|
|
5
10
|
### Fixed
|
|
6
11
|
- Add 1-second timeout to FQDN detection to prevent boot hang on slow DNS
|
|
7
12
|
- Downgrade FQDN detection failure log from warn to debug
|
|
8
13
|
|
|
14
|
+
### Added
|
|
15
|
+
- `Resolver#resolve_vault`: debug logging for vault path, key, cache hits, returned data structure, and extracted values
|
|
16
|
+
|
|
9
17
|
## [1.3.18] - 2026-03-24
|
|
10
18
|
|
|
11
19
|
### Added
|
data/CLAUDE.md
CHANGED
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
Hash-like configuration store for the LegionIO framework. Loads settings from JSON files, directories, and environment variables. Provides a unified `Legion::Settings[:key]` accessor used by all other Legion gems. Includes schema-based validation with type inference, enum constraints, and cross-module checks.
|
|
9
9
|
|
|
10
10
|
**GitHub**: https://github.com/LegionIO/legion-settings
|
|
11
|
-
**Version**: 1.3.
|
|
11
|
+
**Version**: 1.3.19
|
|
12
12
|
**License**: Apache-2.0
|
|
13
13
|
|
|
14
14
|
## Architecture
|
|
@@ -46,6 +46,8 @@ Legion::Settings (singleton module)
|
|
|
46
46
|
│ ├── .validate_module # Validate values against schema
|
|
47
47
|
│ └── .detect_unknown_keys # Find typos via Levenshtein distance
|
|
48
48
|
│
|
|
49
|
+
├── AgentLoader # Role-based profile loading: filters which extensions to load (profile: core/cognitive/service/dev/custom/nil)
|
|
50
|
+
├── Validators::Tls # TLS block validator: validates all `tls.*` blocks for required fields, certificate existence, and consistency
|
|
49
51
|
├── ValidationError # Collects all errors, raises once with formatted message
|
|
50
52
|
├── OS # OS detection helpers
|
|
51
53
|
└── CORE_MODULES # [:transport, :cache, :crypt, :data, :logging, :client]
|
|
@@ -81,6 +83,8 @@ Legion::Settings (singleton module)
|
|
|
81
83
|
| `lib/legion/settings/os.rb` | OS detection helpers |
|
|
82
84
|
| `lib/legion/settings/resolver.rb` | Secret resolution: `vault://` and `env://` URI references, fallback chains |
|
|
83
85
|
| `lib/legion/settings/dns_bootstrap.rb` | DNS-based corporate config discovery, caching, background refresh |
|
|
86
|
+
| `lib/legion/settings/agent_loader.rb` | Role-based extension profile filtering (profile: core/cognitive/service/dev/custom/nil) |
|
|
87
|
+
| `lib/legion/settings/validators/tls.rb` | Validates TLS configuration blocks for required fields, cert existence, and consistency |
|
|
84
88
|
| `lib/legion/settings/version.rb` | VERSION constant |
|
|
85
89
|
| `spec/legion/settings_spec.rb` | Core settings module tests |
|
|
86
90
|
| `spec/legion/settings_module_spec.rb` | Module-level accessor and merge tests |
|
data/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
Configuration management module for the [LegionIO](https://github.com/LegionIO/LegionIO) framework. Loads settings from JSON files, directories, and environment variables. Provides a unified `Legion::Settings[:key]` accessor used by all other Legion gems.
|
|
4
4
|
|
|
5
|
-
**Version**: 1.3.
|
|
5
|
+
**Version**: 1.3.19
|
|
6
6
|
|
|
7
7
|
## Installation
|
|
8
8
|
|
|
@@ -384,14 +384,20 @@ module Legion
|
|
|
384
384
|
end
|
|
385
385
|
|
|
386
386
|
def system_address
|
|
387
|
-
Socket.ip_address_list.
|
|
388
|
-
|
|
389
|
-
|
|
387
|
+
addresses = Socket.ip_address_list.select { |a| a.ipv4? && !a.ipv4_loopback? }
|
|
388
|
+
preferred = addresses.find { |a| rfc1918?(a.ip_address) }
|
|
389
|
+
(preferred || addresses.first)&.ip_address || 'unknown'
|
|
390
390
|
rescue StandardError => e
|
|
391
391
|
Legion::Logging.debug("Legion::Settings::Loader#system_address failed: #{e.message}") if defined?(Legion::Logging)
|
|
392
392
|
'unknown'
|
|
393
393
|
end
|
|
394
394
|
|
|
395
|
+
def rfc1918?(ip)
|
|
396
|
+
ip.start_with?('10.') ||
|
|
397
|
+
ip.match?(/\A172\.(1[6-9]|2\d|3[01])\./) ||
|
|
398
|
+
ip.start_with?('192.168.')
|
|
399
|
+
end
|
|
400
|
+
|
|
395
401
|
def log_info(message)
|
|
396
402
|
defined?(Legion::Logging) ? Legion::Logging.info(message) : $stdout.puts(message)
|
|
397
403
|
end
|
|
@@ -139,19 +139,28 @@ module Legion
|
|
|
139
139
|
end
|
|
140
140
|
|
|
141
141
|
def resolve_vault(path, key)
|
|
142
|
+
log_debug("resolve_vault: path=#{path}, key=#{key}, vault_available=#{@vault_available}")
|
|
142
143
|
return nil unless @vault_available
|
|
143
144
|
|
|
144
145
|
@vault_cache[path] ||= begin
|
|
145
|
-
Legion::Crypt.read(path)
|
|
146
|
+
log_debug("resolve_vault: calling Legion::Crypt.read(#{path.inspect})")
|
|
147
|
+
result = Legion::Crypt.read(path)
|
|
148
|
+
log_debug("resolve_vault: read returned #{result.nil? ? 'nil' : "keys=#{result.keys.inspect}"}")
|
|
149
|
+
result
|
|
146
150
|
rescue StandardError => e
|
|
147
|
-
|
|
151
|
+
log_warn("Settings resolver: vault read failed for #{path}: #{e.class}=#{e.message}")
|
|
148
152
|
nil
|
|
149
153
|
end
|
|
150
154
|
|
|
151
155
|
data = @vault_cache[path]
|
|
152
|
-
|
|
156
|
+
unless data.is_a?(Hash)
|
|
157
|
+
log_debug("resolve_vault: data at #{path} is #{data.class}, returning nil")
|
|
158
|
+
return nil
|
|
159
|
+
end
|
|
153
160
|
|
|
154
|
-
data[key.to_sym] || data[key.to_s]
|
|
161
|
+
value = data[key.to_sym] || data[key.to_s]
|
|
162
|
+
log_debug("resolve_vault: #{path}##{key} = #{value.nil? ? 'nil' : '<present>'}")
|
|
163
|
+
value
|
|
155
164
|
end
|
|
156
165
|
|
|
157
166
|
def resolve_lease(name, key)
|