settings_reader-vault_resolver 0.4.4 → 0.4.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/settings_reader/vault_resolver/cache.rb +4 -0
- data/lib/settings_reader/vault_resolver/configuration.rb +7 -2
- data/lib/settings_reader/vault_resolver/engines/abstract.rb +5 -7
- data/lib/settings_reader/vault_resolver/entry.rb +4 -0
- data/lib/settings_reader/vault_resolver/refresher.rb +20 -3
- data/lib/settings_reader/vault_resolver/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e7cf89396af4e1bdd661243b99672359c0da0ae19af41e89b25e4564765a8c9a
|
|
4
|
+
data.tar.gz: 0a4e19ad01365e9c5b40e7192fc4c6fc259a238bad1d0c7c08f0e9ab20a15fec
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0275337c5c6c561972cacaf4cfa91576950f024a8062669b74678836328f890b5a93cd4803f65352e5d6d40998c1e6f635d54a045458ec51e24224167cbfe5c4
|
|
7
|
+
data.tar.gz: fe1bebe19a8f0334bd893fe84c9b162d5b2ffb06c6c253f088f74269bf2cbb64b37499bd6da2253bdb0b7261fe322268031a35086d1ceb299ec874e37a9f1188
|
|
@@ -34,15 +34,20 @@ module SettingsReader
|
|
|
34
34
|
# Default: empty proc
|
|
35
35
|
attr_accessor :vault_initializer
|
|
36
36
|
|
|
37
|
+
# Block to be executed when "lease not found" error is raised
|
|
38
|
+
# Default: empty proc
|
|
39
|
+
attr_accessor :lease_not_found_handler
|
|
40
|
+
|
|
37
41
|
def initialize
|
|
38
42
|
@logger = Logger.new($stdout, level: Logger::ERROR)
|
|
39
43
|
@retrieval_retries = 2
|
|
40
44
|
@lease_refresh_interval = 60
|
|
41
45
|
@lease_renew_delay = 300
|
|
42
46
|
@lease_renew_retries = 4
|
|
43
|
-
@lease_renew_error_listener = -> {}
|
|
44
|
-
@lease_renew_success_listener = -> {}
|
|
47
|
+
@lease_renew_error_listener = ->(_result) {}
|
|
48
|
+
@lease_renew_success_listener = ->(_result) {}
|
|
45
49
|
@vault_initializer = -> {}
|
|
50
|
+
@lease_not_found_handler = ->(_entry) {}
|
|
46
51
|
end
|
|
47
52
|
|
|
48
53
|
def setup_lease_refresher(cache, previous_task = nil)
|
|
@@ -29,8 +29,6 @@ module SettingsReader
|
|
|
29
29
|
new_secret = renew_and_retry_auth(entry)
|
|
30
30
|
entry.update_renewed(new_secret)
|
|
31
31
|
true
|
|
32
|
-
rescue Vault::VaultError => e
|
|
33
|
-
raise SettingsReader::VaultResolver::Error, e.message
|
|
34
32
|
end
|
|
35
33
|
|
|
36
34
|
protected
|
|
@@ -50,18 +48,18 @@ module SettingsReader
|
|
|
50
48
|
end
|
|
51
49
|
end
|
|
52
50
|
|
|
53
|
-
def renew_and_retry_auth(
|
|
54
|
-
renew_and_retry_connection(
|
|
51
|
+
def renew_and_retry_auth(entry)
|
|
52
|
+
renew_and_retry_connection(entry)
|
|
55
53
|
rescue Vault::HTTPError => e # if not authenticated, let's reauthenticate and try once more
|
|
56
54
|
raise unless auth_error?(e)
|
|
57
55
|
|
|
58
56
|
config.vault_initializer.call
|
|
59
|
-
renew_and_retry_connection(
|
|
57
|
+
renew_and_retry_connection(entry)
|
|
60
58
|
end
|
|
61
59
|
|
|
62
|
-
def renew_and_retry_connection(
|
|
60
|
+
def renew_and_retry_connection(entry)
|
|
63
61
|
Vault.with_retries(Vault::HTTPConnectionError, attempts: config.lease_renew_retries) do
|
|
64
|
-
renew_lease(
|
|
62
|
+
renew_lease(entry)
|
|
65
63
|
end
|
|
66
64
|
end
|
|
67
65
|
|
|
@@ -18,7 +18,7 @@ module SettingsReader
|
|
|
18
18
|
|
|
19
19
|
def refresh
|
|
20
20
|
info { 'Performing Vault leases refresh' }
|
|
21
|
-
promises = cache.
|
|
21
|
+
promises = cache.active_entries.map do |entry|
|
|
22
22
|
debug { "Checking lease for #{entry}. Leased?: #{entry.leased?}. Expires in: #{entry.expires_in}s" }
|
|
23
23
|
refresh_entry(entry)
|
|
24
24
|
end.compact
|
|
@@ -35,10 +35,27 @@ module SettingsReader
|
|
|
35
35
|
info { "Lease renewed for #{entry}. Expires in: #{entry.expires_in}" }
|
|
36
36
|
entry
|
|
37
37
|
rescue StandardError => e
|
|
38
|
-
|
|
39
|
-
raise SettingsReader::VaultResolver::Error, e.message
|
|
38
|
+
handle_refresh_error(e, entry)
|
|
40
39
|
end
|
|
41
40
|
end
|
|
41
|
+
|
|
42
|
+
private
|
|
43
|
+
|
|
44
|
+
def handle_refresh_error(error, entry)
|
|
45
|
+
handle_lease_not_found(entry) if lease_not_found_error?(error)
|
|
46
|
+
|
|
47
|
+
error { "Error refreshing lease for #{entry}: #{error.message}" }
|
|
48
|
+
raise SettingsReader::VaultResolver::Error, error.message
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def lease_not_found_error?(error)
|
|
52
|
+
error.is_a?(Vault::HTTPClientError) && error.code == 400 && error.message =~ /lease not found/
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def handle_lease_not_found(entry)
|
|
56
|
+
cache.clear(entry)
|
|
57
|
+
config.lease_not_found_handler.call(entry)
|
|
58
|
+
end
|
|
42
59
|
end
|
|
43
60
|
end
|
|
44
61
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: settings_reader-vault_resolver
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Volodymyr Mykhailyk
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-10-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: concurrent-ruby
|