rrx_config 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ec601c3c455ddac07928729e842a56bdf68169c7c79933a2f9fbf1f4f73ef731
-  data.tar.gz: 5c6b2d173c96c364e8a950d8b73629d621bf2efe9ee6c0116e31b62b5249a264
+  metadata.gz: 189f07461b184201b231e0ec6e8c6259b7f4b19b94f5a45f3096bb13a48f859c
+  data.tar.gz: b25f916d5035b9c39ec42b8a0568d9b82c1bb2e80478c4ebc1149aee4cce1de2
 SHA512:
-  metadata.gz: 93bfbb4cd84cf2dd39781d68073c85e76a9dc77e66c64d034395870fb79c4c14d1016890720aa5bc312fdb8d21e91c832b6adbb4879dd8cb4cc9aafced95f5b2
-  data.tar.gz: 9241012dda9185d410020eb2ed98fce23ec8061fc5c0821164578d83ef1a6997e893ee5457019ef0d7fee35f4debdcde54e7746691ae8f2c965996f90d47311d
+  metadata.gz: ba6405b01d5bcc63f4ff0d2e05f08bcd7f7aade7150d77c2ba9b19a77553cf6f5f73b1ca3395bf4e6da035e8181b52832295d689e8bbe40e236a4f78a673dfd4
+  data.tar.gz: 77448022e1afa2d5cf43877600e0a738cf62bb9dcdd5dd47b92ba94a7626694a2ede76c388e47128b661a0ebe811e34c6493a5052ab594ec263de433124b1104

data/.idea/inspectionProfiles/Project_Default.xml

@@ -2,6 +2,7 @@
   <profile version="1.0">
     <option name="myName" value="Project Default" />
     <inspection_tool class="RbsMissingTypeSignature" enabled="false" level="WEAK WARNING" enabled_by_default="false" />
+    <inspection_tool class="RubyCaseWithoutElseBlockInspection" enabled="false" level="WARNING" enabled_by_default="false" />
     <inspection_tool class="RubyMismatchedParameterType" enabled="false" level="WARNING" enabled_by_default="false" />
   </profile>
 </component>

data/.idea/rrx_config.iml

@@ -12,7 +12,7 @@
     <orderEntry type="jdk" jdkName="Remote-asdf: ruby-3.2.2 (-p53" jdkType="RUBY_SDK" />
     <orderEntry type="sourceFolder" forTests="false" />
     <orderEntry type="module-library">
-      <library name="rrx_dev (v0.1.0) [path][gem]" type="rubylib">
+      <library name="rrx_dev (v0.1.2) [path][gem]" type="rubylib">
         <properties>
           <option name="version" value="4" />
         </properties>
@@ -60,6 +60,7 @@
     <orderEntry type="library" scope="PROVIDED" name="aws-eventstream (v1.3.0, Remote-asdf: ruby-3.2.2 (-p53) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="aws-partitions (v1.877.0, Remote-asdf: ruby-3.2.2 (-p53) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="aws-sdk-core (v3.190.1, Remote-asdf: ruby-3.2.2 (-p53) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="aws-sdk-rds (v1.213.0, Remote-asdf: ruby-3.2.2 (-p53) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="aws-sdk-secretsmanager (v1.88.0, Remote-asdf: ruby-3.2.2 (-p53) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="aws-sigv4 (v1.8.0, Remote-asdf: ruby-3.2.2 (-p53) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="base64 (v0.2.0, Remote-asdf: ruby-3.2.2 (-p53) [gem]" level="application" />
@@ -92,6 +93,7 @@
     <orderEntry type="library" scope="PROVIDED" name="minitest (v5.20.0, Remote-asdf: ruby-3.2.2 (-p53) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="msgpack (v1.7.2, Remote-asdf: ruby-3.2.2 (-p53) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="mutex_m (v0.2.0, Remote-asdf: ruby-3.2.2 (-p53) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="mysql2 (v0.5.5, Remote-asdf: ruby-3.2.2 (-p53) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="nokogiri (v1.16.0, Remote-asdf: ruby-3.2.2 (-p53) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="parallel (v1.24.0, Remote-asdf: ruby-3.2.2 (-p53) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="parser (v3.2.2.4, Remote-asdf: ruby-3.2.2 (-p53) [gem]" level="application" />

data/Gemfile

@@ -7,3 +7,5 @@ gem 'rrx_dev', path: '../rrx_dev'
 
 gem 'sqlite3'
 gem 'aws-sdk-secretsmanager'
+gem 'aws-sdk-rds'
+gem 'mysql2'

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ../rrx_dev
   specs:
-    rrx_dev (0.1.1)
+    rrx_dev (0.1.2)
       active_record_query_trace
       activesupport (~> 7.1.0)
       bootsnap
@@ -22,7 +22,7 @@ PATH
 PATH
   remote: .
   specs:
-    rrx_config (0.1.0)
+    rrx_config (0.1.1)
       railties
 
 GEM
@@ -72,6 +72,9 @@ GEM
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.8)
       jmespath (~> 1, >= 1.6.1)
+    aws-sdk-rds (1.213.0)
+      aws-sdk-core (~> 3, >= 3.188.0)
+      aws-sigv4 (~> 1.1)
     aws-sdk-secretsmanager (1.88.0)
       aws-sdk-core (~> 3, >= 3.188.0)
       aws-sigv4 (~> 1.1)
@@ -122,6 +125,7 @@ GEM
     minitest (5.20.0)
     msgpack (1.7.2)
     mutex_m (0.2.0)
+    mysql2 (0.5.5)
     nokogiri (1.16.0-x86_64-linux)
       racc (~> 1.4)
     parallel (1.24.0)
@@ -245,7 +249,9 @@ PLATFORMS
   x86_64-linux
 
 DEPENDENCIES
+  aws-sdk-rds
   aws-sdk-secretsmanager
+  mysql2
   rrx_config!
   rrx_dev!
   sqlite3

data/README.md

@@ -1,9 +1,6 @@
 # RrxConfig
 
-
-TODO: Delete this and the text below, and describe your gem
-
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/rrx_config`. To experiment with that code, run `bin/console` for an interactive prompt.
+Ruby on Rails application configuration support.
 
 ## Installation
 
@@ -17,7 +14,8 @@ If bundler is not being used to manage dependencies, install the gem by executin
 
 ## Usage
 
-This gem loads runtime application configuration from an external source
+This gem loads runtime application configuration from JSON provided by an external source.
+Configurations are stored as immutable Ruby `Data` objects.
 
 For example, with the JSON config
 
@@ -40,16 +38,20 @@ def my_code
 end
 ```
 
-Configurations are stored as immutable Ruby `Data` objects. You can test for optional values:
+You can test for optional values using standard mechanisms:
 
 ```ruby
-optional_stuff if RrxConfig.members.include?(:optional_thing)
-deep_optional_stuff if RrxConfig.optional_thing.members.include?(:deep_thoughts)
+optional_stuff if RrxConfig.respond_to?(:optional_thing)
+deep_optional_stuff if RrxConfig.optional_thing.include?(:deep_thoughts)
+
+optional_flag = RrxConfig.try(:optional).try(:flag) || DEFAULT_FLAG
 
 # Root-level configs can also be tested with the xxxx? syntax
 optional_stuff if RrxConfig.optional_thing?
 ```
 
+## Configuration Sources
+
 ### Environment
 
 Set the `RRX_CONFIG` environment variable to the required JSON configuration
@@ -59,11 +61,53 @@ Set the `RRX_CONFIG` environment variable to the required JSON configuration
 Loads configuration from an AWS secret that contains the required JSON configuration. Recommended when deploying on AWS.
 By default will use the implicit AWS context that is assigned by the instance role.
 
-Set the `RRX_CONFIG_AWS_SECRET` to the name of the secret to read.
+Set the `RRX_CONFIG_AWS_SECRET` environment variable to the name of the secret to read.
 
-For local integration testing, set `RRX_AWS_PROFILE` to use local AWS credentials. The profile must have been
+For local integration testing, set `RRX_AWS_PROFILE` to use local AWS credentials. The profile must be
 configured in the local AWS client (typically `~/.aws/credentials`).
 
+### Local File Configuration
+
+For development purposes, the gem will also check for the following files:
+
+* `{rails_root}/spec/spec_config.json` if `RAILS_ENV=test`
+* `{rails_root}/local_config.json`
+
+## Database Support
+
+If the loaded config contains a root-level `database` item then it will be used to configure the
+application database instead of `database.yml`.
+
+### AWS RDS IAM Authentication
+
+The gem also adds support for AWS RDS authentication using IAM to MySQL/MariaDB databases. If the RDS instance
+and user account has been configured correctly, replace the `password` argument with `iam: true`. This is supported
+using the `database` configuration or `database.yml`.
+
+The gem will automatically download the required CA certificates and set the necessary client options.
+
+Using JSON configuration:
+```json
+{
+  "database": {
+    "adapter": "mysql2",
+    "host": "rds-db-address...rds.amazonaws.com",
+    "port": 3306,
+    "username": "my_app_user",
+    "iam": true
+  }
+}
+```
+Using `database.yml`:
+```yaml
+production:
+  adapter: mysql2
+  host: rds-db-address...rds.amazonaws.com
+  port: 3306
+  username: my_app_user
+  iam: true
+```
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
@@ -72,7 +116,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/rrx/rrx_config. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/rrx_config/blob/main/CODE_OF_CONDUCT.md).
+Bug reports and pull requests are welcome on GitHub at https://github.com/rails-rrx/rrx_config. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/rrx_config/blob/main/CODE_OF_CONDUCT.md).
 
 ## License
 
@@ -80,4 +124,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
 
 ## Code of Conduct
 
-Everyone interacting in the RrxConfig project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/rrx_config/blob/main/CODE_OF_CONDUCT.md).
+Everyone interacting in the RrxConfig project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/rails-rrc/rrx_config/blob/main/CODE_OF_CONDUCT.md).

data/lib/rrx_config/aws.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module RrxConfig
+  module Aws
+    PROFILE_VARIABLE = 'RRX_AWS_PROFILE'
+    REGION_VARIABLE  = 'RRX_AWS_REGION'
+    REGION_DEFAULT   = 'us-west-2'
+    PROFILE_DEFAULT = 'default'
+
+    class << self
+      def profile?
+        ENV.include?(PROFILE_VARIABLE)
+      end
+
+      def profile
+        ENV.fetch(PROFILE_VARIABLE, PROFILE_DEFAULT) unless Rails.env.production?
+      end
+
+      def credentials
+        if profile
+          require 'aws-sdk-core/shared_credentials'
+          ::Aws::SharedCredentials.new(profile_name: profile)
+        else
+          require 'aws-sdk-core/instance_profile_credentials'
+          require 'aws-sdk-core/ecs_credentials'
+          ec2 = ::Aws::InstanceProfileCredentials.new
+          ecs = ::Aws::ECSCredentials.new
+          ec2.set? ? ec2 : ecs
+        end
+      end
+
+      def client_args
+        { region:, credentials: }
+      end
+
+      def region
+        ENV.fetch(REGION_VARIABLE, REGION_DEFAULT)
+      end
+    end
+  end
+end

data/lib/rrx_config/configuration.rb

@@ -25,9 +25,9 @@ module RrxConfig
 
     def sources
       [
-        Sources::LocalSource,
+        Sources::EnvironmentSource,
         Sources::AwsSecretSource,
-        Sources::EnvironmentSource
+        Sources::LocalSource
       ]
     end
 

data/lib/rrx_config/database_config.rb

@@ -2,13 +2,83 @@
 
 if defined?(ActiveRecord)
   require 'active_record/database_configurations'
-  ActiveRecord::DatabaseConfigurations.register_db_config_handler do |env_name, name, url, config|
-    if url
-      ActiveRecord::DatabaseConfigurations::UrlConfig.new(env_name, name, url, config)
-    elsif RrxConfig.database?
-      ActiveRecord::DatabaseConfigurations::HashConfig.new(env_name, name, RrxConfig.database.to_h)
-    else
-      ActiveRecord::DatabaseConfigurations::HashConfig.new(env_name, name, config)
+
+  module RrxConfig
+    class IamHashConfig < ActiveRecord::DatabaseConfigurations::HashConfig
+      GLOBAL_PEM_URL='https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem'
+
+      alias raw_configuration_hash configuration_hash
+
+      # @param [Hash] configuration_hash
+      def initialize(env_name, name, configuration_hash)
+        config = configuration_hash.except(:iam)
+        case config[:adapter]
+        when 'mysql2'
+          config[:enable_cleartext_plugin] = true
+        end
+        super(env_name, name, config)
+      end
+
+      def configuration_hash
+        { password:, sslca:, ssl_mode: :required }.reverse_merge!(raw_configuration_hash).freeze
+      end
+
+      def password
+        generator.auth_token(endpoint:, region:, user_name:)
+      end
+
+      def endpoint
+        "#{raw_configuration_hash[:host]}:#{raw_configuration_hash[:port]}"
+      end
+
+      def region
+        raw_configuration_hash.fetch(:region, Aws.region)
+      end
+
+      def user_name
+        raw_configuration_hash[:username] || raw_configuration_hash[:user]
+      end
+
+      def generator
+        require 'aws-sdk-rds'
+        require_relative './aws'
+        @generator ||= ::Aws::RDS::AuthTokenGenerator.new(credentials: Aws.credentials)
+      end
+
+      def sslca
+        unless sslca_path.exist?
+          require 'open-uri'
+          download = URI.open(GLOBAL_PEM_URL)
+          IO.copy_stream download, sslca_path
+        end
+        sslca_path.to_s
+      end
+
+      def sslca_path
+        @sslca_path ||= Rails.root.join('tmp/aws-rds-ca.pem')
+      end
+    end
+
+    def self.db_config_handler(env_name, name, url, config)
+      case
+      when url
+        # Pass to default handler
+        nil
+      when RrxConfig.database?
+        # Use config from RrxConfig
+        if RrxConfig.database.try(:iam)
+          IamHashConfig.new(env_name, name, RrxConfig.database.to_h)
+        else
+          ActiveRecord::DatabaseConfigurations::HashConfig.new(env_name, name, RrxConfig.database.to_h)
+        end
+      when config.fetch(:iam, false)
+        # Use standard config with IAM support
+        IamHashConfig.new(env_name, name, config)
+      end
     end
   end
+
+  ActiveRecord::DatabaseConfigurations.register_db_config_handler do |env_name, name, url, config|
+    RrxConfig.db_config_handler env_name, name, url, config
+  end
 end

data/lib/rrx_config/sources/aws_secret_source.rb

@@ -1,14 +1,12 @@
 # frozen_string_literal: true
 
 require_relative './base'
+require_relative '../aws'
 
 module RrxConfig
   module Sources
     class AwsSecretSource < Base
       SECRET_VARIABLE  = 'RRX_AWS_CONFIG_SECRET_NAME'
-      PROFILE_VARIABLE = 'RRX_AWS_PROFILE'
-      REGION_VARIABLE  = 'RRX_AWS_REGION'
-      REGION_DEFAULT   = 'us-west-2'
 
       def read
         read_secret if secret_id
@@ -45,20 +43,12 @@ module RrxConfig
         @secret_name == :- ? nil : @secret_name
       end
 
-      def credentials_profile
-        profile = Rails.env.production? ? nil : ENV.fetch(PROFILE_VARIABLE, nil)
-        profile || 'default'
-      end
-
       ##
       # @return [Aws::SecretsManager::Client]
       def client
         @client ||= begin
                       require 'aws-sdk-secretsmanager'
-                      Aws::SecretsManager::Client.new(
-                        region:  ENV.fetch(REGION_VARIABLE, REGION_DEFAULT),
-                        profile: credentials_profile
-                      )
+                      ::Aws::SecretsManager::Client.new(**Aws.client_args)
                     end
       end
 

data/lib/rrx_config/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RrxConfig
-  VERSION = "0.1.0"
+  VERSION = "0.1.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rrx_config
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Dan Drew
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2024-01-10 00:00:00.000000000 Z
+date: 2024-01-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -46,6 +46,7 @@ files:
 - README.md
 - Rakefile
 - lib/rrx_config.rb
+- lib/rrx_config/aws.rb
 - lib/rrx_config/configuration.rb
 - lib/rrx_config/database_config.rb
 - lib/rrx_config/environment.rb