settings_reader-vault_resolver 0.4.8 → 0.4.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f365d1804568ddfb924bd52094e4a26f39ed13473f8e01c0c7ece3fd6ff7711f
-  data.tar.gz: 84863176a7db5f01ae1caaf05dbb1fb465d644ca193854fe366d5ef9f856b25a
+  metadata.gz: e80770a5709f4c47de9c79c771e2174749ad345d5f59584d83d406fd44b9d8cb
+  data.tar.gz: 78d265a099e0a191bf01882cb666acfeecc802e1211fa097fe5588107720e90c
 SHA512:
-  metadata.gz: 7f05c10c485d163765e36cd56fecf1b4bd931be8fc9c97d19868903bc39e45d17512b3b5cfbc0a90b250e4a24109a375a193dc946c6113e953898af32d20acba
-  data.tar.gz: 1b88c952495f2679e89023b98a17928bdb67184675896a5d8a619aee2c05dd5be46ce9fee200f401570edd16681bee50e0a278585afb9024ed60546a4c13b5de
+  metadata.gz: 900237697adf7ee9984e912bde5c1a8433ef345084db65d76d03d39fd1d904fc4f5859a9a7205634e2c1ccb5f9a807f1f2ba066b147ade86febb1695bd7ff9d7
+  data.tar.gz: 7ff9538f5d886b99ace02d7eed050df0e017abba45de586d8c91e0c20bd7b505074545317df3b7a7f223728ea32dc39adf76a214f0f938e5ad9a3fbaf63b8e49

data/.github/workflows/linters.yml

@@ -9,6 +9,19 @@ on:
     - cron: '30 0 * * 1'
 
 jobs:
+  rubocop:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.5
+          bundler-cache: true
+      - name: Run rubocop
+        run: bundle exec rubocop --parallel
 
   code-ql:
     name: Analyze
@@ -24,16 +37,13 @@ jobs:
         language: [ 'ruby' ]
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
+      - name: Checkout repository
+        uses: actions/checkout@v3
 
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

data/.github/workflows/main.yml

@@ -10,6 +10,58 @@ on:
     types: [published]
 
 jobs:
+  build:
+    env:
+      VAULT_ADDR: 'http://127.0.0.1:8200'
+      VAULT_TOKEN: 'vault_root_token'
+      DATABASE_ADDR: 'database'
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby: [ '2.5', '2.6', '2.7', '3.0' ]
+    services:
+      vault:
+        image: hashicorp/vault
+        ports:
+          - "8200:8200"
+        env:
+          VAULT_DEV_ROOT_TOKEN_ID: vault_root_token
+          SKIP_SETCAP: true
+      database:
+        image: postgres:14.1-alpine
+        ports:
+          - "5432:5432"
+        env:
+          POSTGRES_USER: 'vault_root'
+          POSTGRES_PASSWORD: 'root_password'
+          POSTGRES_DB: 'app_db'
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: Set up Vault
+        run: sh local/vault/setup.sh
+
+      - name: Run specs
+        env:
+          COVERAGE: true
+        run: bundle exec rspec
+
+      - name: Upload coverage
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+        run: bash <(curl -s https://codecov.io/bash)
 
   release:
     runs-on: ubuntu-latest
@@ -17,14 +69,13 @@ jobs:
     if: github.event_name == 'release' && github.event.action == 'published'
     steps:
       - name: Checkout
-        uses: actions/checkout@v1
+        uses: actions/checkout@v3
 
       - name: Set up Ruby
-        uses: actions/setup-ruby@v1
+        uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 2.7.x
-      - name: Set up Bundler
-        run: gem install bundler:2.1.4
+          ruby-version: 2.7
+          bundler-cache: true
       - name: Set up credentials
         run: |
           mkdir -p $HOME/.gem

data/lib/settings_reader/vault_resolver/configuration.rb

@@ -6,6 +6,10 @@ module SettingsReader
       # Default: Logger.new(STDOUT, level: Logger::ERROR)
       attr_accessor :logger
 
+      # What errors should be retried when connecting to vault
+      # Default: `Vault::HTTPConnectionError` and `OpenSSL::SSL::SSLError`
+      attr_accessor :retriable_errors
+
       # How many times to retry retrieval of the secret
       # Default: 2
       attr_accessor :retrieval_retries
@@ -40,6 +44,7 @@ module SettingsReader
 
       def initialize
         @logger = Logger.new($stdout, level: Logger::ERROR)
+        @retriable_errors = [OpenSSL::SSL::SSLError, Vault::HTTPConnectionError]
         @retrieval_retries = 2
         @lease_refresh_interval = 60
         @lease_renew_delay = 300

data/lib/settings_reader/vault_resolver/engines/abstract.rb

@@ -43,7 +43,7 @@ module SettingsReader
         end
 
         def get_and_retry_connection(address)
-          Vault.with_retries(Vault::HTTPConnectionError, attempts: config.retrieval_retries) do
+          Vault.with_retries(*config.retriable_errors, attempts: config.retrieval_retries) do
             get_secret(address)
           end
         end
@@ -58,7 +58,7 @@ module SettingsReader
         end
 
         def renew_and_retry_connection(entry)
-          Vault.with_retries(Vault::HTTPConnectionError, attempts: config.lease_renew_retries) do
+          Vault.with_retries(*config.retriable_errors, attempts: config.lease_renew_retries) do
             renew_lease(entry)
           end
         end

data/lib/settings_reader/vault_resolver/patches/authenticate.rb

@@ -3,7 +3,7 @@ module Vault
   class Authenticate < Request
     def kubernetes(role, route: nil, service_token_path: nil)
       route ||= "/v1/auth/#{SettingsReader::VaultResolver::Engines::Auth::AUTH_BACKEND}/login"
-      service_token_path ||= '/var/run/secrets/kubernetes.io/serviceaccount/token'
+      service_token_path ||= '/var/run/secrets/tokens/dynamic-sa-token'
 
       payload = {
         role: role,

data/lib/settings_reader/vault_resolver/version.rb

@@ -1,5 +1,5 @@
 module SettingsReader
   module VaultResolver
-    VERSION = '0.4.8'.freeze
+    VERSION = '0.4.10'.freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: settings_reader-vault_resolver
 version: !ruby/object:Gem::Version
-  version: 0.4.8
+  version: 0.4.10
 platform: ruby
 authors:
 - Volodymyr Mykhailyk
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-10-24 00:00:00.000000000 Z
+date: 2023-07-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby
@@ -62,7 +62,6 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".circleci/config.yml"
 - ".github/workflows/linters.yml"
 - ".github/workflows/main.yml"
 - ".gitignore"
@@ -119,7 +118,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.32
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: Settings Reader plugin to resolve values using in Hashicorp Vault

data/.circleci/config.yml

@@ -1,114 +0,0 @@
-
-version: 2.1
-
-orbs:
-  ci: matic/orb-common@0.2
-  ruby: circleci/ruby@1.8.0
-
-jobs:
-
-  rspec-test:
-    resource_class: small
-    parameters:
-      ruby-version:
-        type: string
-    docker:
-      - image: cimg/ruby:<< parameters.ruby-version >>
-        environment:
-          COVERAGE: true
-          CODECOV_TOKEN: a0c859b6-dfb7-4d9f-9933-2dd945cdd960
-          VAULT_ADDR: 'http://127.0.0.1:8200'
-          VAULT_TOKEN: 'vault_root_token'
-      - image: vault
-        environment:
-          VAULT_DEV_ROOT_TOKEN_ID: vault_root_token
-          SKIP_SETCAP: true
-      - image: postgres:14.1-alpine
-        environment:
-          POSTGRES_DB: 'app_db'
-          POSTGRES_USER: 'vault_root'
-          POSTGRES_PASSWORD: 'root_password'
-    steps:
-      - checkout
-      - ruby/install-deps
-      - run:
-          name: Set up vault
-          command: sh local/vault/setup.sh
-      - run:
-          name: Run RSpec Tests
-          command: bundle exec rspec
-      - store_test_results:
-          path: reports/rspec
-      - store_artifacts:
-          path: reports/rspec
-      - ci/slack-stage-message
-
-  rubocop:
-    resource_class: small
-    docker:
-      - image: cimg/ruby:2.5
-    steps:
-      - checkout
-      - ruby/install-deps
-      - run:
-          name: Run rubocop
-          command: bundle exec rubocop --parallel
-
-  release:
-    parameters:
-      tag:
-        type: string
-        default: "default-tag"
-    docker:
-      - image: cimg/ruby:2.7.5
-    environment:
-      RELEASE_TAG: << parameters.tag >>
-    steps:
-      - checkout
-      - ruby/install-deps
-      - run:
-          name: Set up credentials
-          command: |
-              mkdir -p $HOME/.gem
-              touch $HOME/.gem/credentials
-              chmod 0600 $HOME/.gem/credentials
-              printf -- "---\n:rubygems_api_key: $RUBYGEMS_API_KEY\n" > $HOME/.gem/credentials
-      - run:
-          name: Set version
-          command: sed -i "s/[[:digit:]].[[:digit:]].[[:digit:]]/${RELEASE_TAG}/g" $(find . -name "version.rb")
-      - run:
-          name: Build gem
-          command: gem build *.gemspec
-      - run:
-          name: Push gem
-          command: gem push *.gem
-
-workflows:
-
-  settings_reader-vault_resolver.build-pull-request:
-    when:
-      not:
-        equal: [ main, << pipeline.git.branch >> ]
-    jobs:
-
-      - rspec-test:
-          context: global
-          matrix:
-            parameters:
-              ruby-version: [ '2.5', '2.6', '2.7', '3.0' ]
-
-      - rubocop:
-          name: Rubocop
-          context: global
-
-  settings_reader-vault_resolver.release:
-    jobs:
-
-      - release:
-          tag: << pipeline.git.tag >>
-          context: gem-publishing
-          filters:
-            branches:
-              ignore: /.*/
-            tags:
-              only: /\d\.\d\.\d/ # It should be [digin dot digit dot digit] format