settings_reader-vault_resolver 0.4.9 → 0.4.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/linters.yml +21 -11
- data/.github/workflows/main.yml +56 -5
- data/lib/settings_reader/vault_resolver/configuration.rb +5 -0
- data/lib/settings_reader/vault_resolver/engines/abstract.rb +2 -2
- data/lib/settings_reader/vault_resolver/version.rb +1 -1
- metadata +3 -4
- data/.circleci/config.yml +0 -114
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e80770a5709f4c47de9c79c771e2174749ad345d5f59584d83d406fd44b9d8cb
|
|
4
|
+
data.tar.gz: 78d265a099e0a191bf01882cb666acfeecc802e1211fa097fe5588107720e90c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 900237697adf7ee9984e912bde5c1a8433ef345084db65d76d03d39fd1d904fc4f5859a9a7205634e2c1ccb5f9a807f1f2ba066b147ade86febb1695bd7ff9d7
|
|
7
|
+
data.tar.gz: 7ff9538f5d886b99ace02d7eed050df0e017abba45de586d8c91e0c20bd7b505074545317df3b7a7f223728ea32dc39adf76a214f0f938e5ad9a3fbaf63b8e49
|
|
@@ -9,6 +9,19 @@ on:
|
|
|
9
9
|
- cron: '30 0 * * 1'
|
|
10
10
|
|
|
11
11
|
jobs:
|
|
12
|
+
rubocop:
|
|
13
|
+
runs-on: ubuntu-latest
|
|
14
|
+
|
|
15
|
+
steps:
|
|
16
|
+
- name: Checkout
|
|
17
|
+
uses: actions/checkout@v3
|
|
18
|
+
- name: Set up Ruby
|
|
19
|
+
uses: ruby/setup-ruby@v1
|
|
20
|
+
with:
|
|
21
|
+
ruby-version: 2.5
|
|
22
|
+
bundler-cache: true
|
|
23
|
+
- name: Run rubocop
|
|
24
|
+
run: bundle exec rubocop --parallel
|
|
12
25
|
|
|
13
26
|
code-ql:
|
|
14
27
|
name: Analyze
|
|
@@ -24,16 +37,13 @@ jobs:
|
|
|
24
37
|
language: [ 'ruby' ]
|
|
25
38
|
|
|
26
39
|
steps:
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
- name: Initialize CodeQL
|
|
31
|
-
uses: github/codeql-action/init@v1
|
|
32
|
-
with:
|
|
33
|
-
languages: ${{ matrix.language }}
|
|
40
|
+
- name: Checkout repository
|
|
41
|
+
uses: actions/checkout@v3
|
|
34
42
|
|
|
35
|
-
|
|
36
|
-
|
|
43
|
+
- name: Initialize CodeQL
|
|
44
|
+
uses: github/codeql-action/init@v2
|
|
45
|
+
with:
|
|
46
|
+
languages: ${{ matrix.language }}
|
|
37
47
|
|
|
38
|
-
|
|
39
|
-
|
|
48
|
+
- name: Perform CodeQL Analysis
|
|
49
|
+
uses: github/codeql-action/analyze@v2
|
data/.github/workflows/main.yml
CHANGED
|
@@ -10,6 +10,58 @@ on:
|
|
|
10
10
|
types: [published]
|
|
11
11
|
|
|
12
12
|
jobs:
|
|
13
|
+
build:
|
|
14
|
+
env:
|
|
15
|
+
VAULT_ADDR: 'http://127.0.0.1:8200'
|
|
16
|
+
VAULT_TOKEN: 'vault_root_token'
|
|
17
|
+
DATABASE_ADDR: 'database'
|
|
18
|
+
runs-on: ubuntu-latest
|
|
19
|
+
strategy:
|
|
20
|
+
matrix:
|
|
21
|
+
ruby: [ '2.5', '2.6', '2.7', '3.0' ]
|
|
22
|
+
services:
|
|
23
|
+
vault:
|
|
24
|
+
image: hashicorp/vault
|
|
25
|
+
ports:
|
|
26
|
+
- "8200:8200"
|
|
27
|
+
env:
|
|
28
|
+
VAULT_DEV_ROOT_TOKEN_ID: vault_root_token
|
|
29
|
+
SKIP_SETCAP: true
|
|
30
|
+
database:
|
|
31
|
+
image: postgres:14.1-alpine
|
|
32
|
+
ports:
|
|
33
|
+
- "5432:5432"
|
|
34
|
+
env:
|
|
35
|
+
POSTGRES_USER: 'vault_root'
|
|
36
|
+
POSTGRES_PASSWORD: 'root_password'
|
|
37
|
+
POSTGRES_DB: 'app_db'
|
|
38
|
+
options: >-
|
|
39
|
+
--health-cmd pg_isready
|
|
40
|
+
--health-interval 10s
|
|
41
|
+
--health-timeout 5s
|
|
42
|
+
--health-retries 5
|
|
43
|
+
steps:
|
|
44
|
+
- name: Checkout
|
|
45
|
+
uses: actions/checkout@v1
|
|
46
|
+
|
|
47
|
+
- name: Set up Ruby
|
|
48
|
+
uses: ruby/setup-ruby@v1
|
|
49
|
+
with:
|
|
50
|
+
ruby-version: ${{ matrix.ruby }}
|
|
51
|
+
bundler-cache: true
|
|
52
|
+
|
|
53
|
+
- name: Set up Vault
|
|
54
|
+
run: sh local/vault/setup.sh
|
|
55
|
+
|
|
56
|
+
- name: Run specs
|
|
57
|
+
env:
|
|
58
|
+
COVERAGE: true
|
|
59
|
+
run: bundle exec rspec
|
|
60
|
+
|
|
61
|
+
- name: Upload coverage
|
|
62
|
+
env:
|
|
63
|
+
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
|
|
64
|
+
run: bash <(curl -s https://codecov.io/bash)
|
|
13
65
|
|
|
14
66
|
release:
|
|
15
67
|
runs-on: ubuntu-latest
|
|
@@ -17,14 +69,13 @@ jobs:
|
|
|
17
69
|
if: github.event_name == 'release' && github.event.action == 'published'
|
|
18
70
|
steps:
|
|
19
71
|
- name: Checkout
|
|
20
|
-
uses: actions/checkout@
|
|
72
|
+
uses: actions/checkout@v3
|
|
21
73
|
|
|
22
74
|
- name: Set up Ruby
|
|
23
|
-
uses:
|
|
75
|
+
uses: ruby/setup-ruby@v1
|
|
24
76
|
with:
|
|
25
|
-
ruby-version: 2.7
|
|
26
|
-
|
|
27
|
-
run: gem install bundler:2.1.4
|
|
77
|
+
ruby-version: 2.7
|
|
78
|
+
bundler-cache: true
|
|
28
79
|
- name: Set up credentials
|
|
29
80
|
run: |
|
|
30
81
|
mkdir -p $HOME/.gem
|
|
@@ -6,6 +6,10 @@ module SettingsReader
|
|
|
6
6
|
# Default: Logger.new(STDOUT, level: Logger::ERROR)
|
|
7
7
|
attr_accessor :logger
|
|
8
8
|
|
|
9
|
+
# What errors should be retried when connecting to vault
|
|
10
|
+
# Default: `Vault::HTTPConnectionError` and `OpenSSL::SSL::SSLError`
|
|
11
|
+
attr_accessor :retriable_errors
|
|
12
|
+
|
|
9
13
|
# How many times to retry retrieval of the secret
|
|
10
14
|
# Default: 2
|
|
11
15
|
attr_accessor :retrieval_retries
|
|
@@ -40,6 +44,7 @@ module SettingsReader
|
|
|
40
44
|
|
|
41
45
|
def initialize
|
|
42
46
|
@logger = Logger.new($stdout, level: Logger::ERROR)
|
|
47
|
+
@retriable_errors = [OpenSSL::SSL::SSLError, Vault::HTTPConnectionError]
|
|
43
48
|
@retrieval_retries = 2
|
|
44
49
|
@lease_refresh_interval = 60
|
|
45
50
|
@lease_renew_delay = 300
|
|
@@ -43,7 +43,7 @@ module SettingsReader
|
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
def get_and_retry_connection(address)
|
|
46
|
-
Vault.with_retries(
|
|
46
|
+
Vault.with_retries(*config.retriable_errors, attempts: config.retrieval_retries) do
|
|
47
47
|
get_secret(address)
|
|
48
48
|
end
|
|
49
49
|
end
|
|
@@ -58,7 +58,7 @@ module SettingsReader
|
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
def renew_and_retry_connection(entry)
|
|
61
|
-
Vault.with_retries(
|
|
61
|
+
Vault.with_retries(*config.retriable_errors, attempts: config.lease_renew_retries) do
|
|
62
62
|
renew_lease(entry)
|
|
63
63
|
end
|
|
64
64
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: settings_reader-vault_resolver
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Volodymyr Mykhailyk
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-07-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: concurrent-ruby
|
|
@@ -62,7 +62,6 @@ executables: []
|
|
|
62
62
|
extensions: []
|
|
63
63
|
extra_rdoc_files: []
|
|
64
64
|
files:
|
|
65
|
-
- ".circleci/config.yml"
|
|
66
65
|
- ".github/workflows/linters.yml"
|
|
67
66
|
- ".github/workflows/main.yml"
|
|
68
67
|
- ".gitignore"
|
|
@@ -119,7 +118,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
119
118
|
- !ruby/object:Gem::Version
|
|
120
119
|
version: '0'
|
|
121
120
|
requirements: []
|
|
122
|
-
rubygems_version: 3.
|
|
121
|
+
rubygems_version: 3.1.6
|
|
123
122
|
signing_key:
|
|
124
123
|
specification_version: 4
|
|
125
124
|
summary: Settings Reader plugin to resolve values using in Hashicorp Vault
|
data/.circleci/config.yml
DELETED
|
@@ -1,114 +0,0 @@
|
|
|
1
|
-
|
|
2
|
-
version: 2.1
|
|
3
|
-
|
|
4
|
-
orbs:
|
|
5
|
-
ci: matic/orb-common@0.2
|
|
6
|
-
ruby: circleci/ruby@1.8.0
|
|
7
|
-
|
|
8
|
-
jobs:
|
|
9
|
-
|
|
10
|
-
rspec-test:
|
|
11
|
-
resource_class: small
|
|
12
|
-
parameters:
|
|
13
|
-
ruby-version:
|
|
14
|
-
type: string
|
|
15
|
-
docker:
|
|
16
|
-
- image: cimg/ruby:<< parameters.ruby-version >>
|
|
17
|
-
environment:
|
|
18
|
-
COVERAGE: true
|
|
19
|
-
CODECOV_TOKEN: a0c859b6-dfb7-4d9f-9933-2dd945cdd960
|
|
20
|
-
VAULT_ADDR: 'http://127.0.0.1:8200'
|
|
21
|
-
VAULT_TOKEN: 'vault_root_token'
|
|
22
|
-
- image: vault
|
|
23
|
-
environment:
|
|
24
|
-
VAULT_DEV_ROOT_TOKEN_ID: vault_root_token
|
|
25
|
-
SKIP_SETCAP: true
|
|
26
|
-
- image: postgres:14.1-alpine
|
|
27
|
-
environment:
|
|
28
|
-
POSTGRES_DB: 'app_db'
|
|
29
|
-
POSTGRES_USER: 'vault_root'
|
|
30
|
-
POSTGRES_PASSWORD: 'root_password'
|
|
31
|
-
steps:
|
|
32
|
-
- checkout
|
|
33
|
-
- ruby/install-deps
|
|
34
|
-
- run:
|
|
35
|
-
name: Set up vault
|
|
36
|
-
command: sh local/vault/setup.sh
|
|
37
|
-
- run:
|
|
38
|
-
name: Run RSpec Tests
|
|
39
|
-
command: bundle exec rspec
|
|
40
|
-
- store_test_results:
|
|
41
|
-
path: reports/rspec
|
|
42
|
-
- store_artifacts:
|
|
43
|
-
path: reports/rspec
|
|
44
|
-
- ci/slack-stage-message
|
|
45
|
-
|
|
46
|
-
rubocop:
|
|
47
|
-
resource_class: small
|
|
48
|
-
docker:
|
|
49
|
-
- image: cimg/ruby:2.5
|
|
50
|
-
steps:
|
|
51
|
-
- checkout
|
|
52
|
-
- ruby/install-deps
|
|
53
|
-
- run:
|
|
54
|
-
name: Run rubocop
|
|
55
|
-
command: bundle exec rubocop --parallel
|
|
56
|
-
|
|
57
|
-
release:
|
|
58
|
-
parameters:
|
|
59
|
-
tag:
|
|
60
|
-
type: string
|
|
61
|
-
default: "default-tag"
|
|
62
|
-
docker:
|
|
63
|
-
- image: cimg/ruby:2.7.5
|
|
64
|
-
environment:
|
|
65
|
-
RELEASE_TAG: << parameters.tag >>
|
|
66
|
-
steps:
|
|
67
|
-
- checkout
|
|
68
|
-
- ruby/install-deps
|
|
69
|
-
- run:
|
|
70
|
-
name: Set up credentials
|
|
71
|
-
command: |
|
|
72
|
-
mkdir -p $HOME/.gem
|
|
73
|
-
touch $HOME/.gem/credentials
|
|
74
|
-
chmod 0600 $HOME/.gem/credentials
|
|
75
|
-
printf -- "---\n:rubygems_api_key: $RUBYGEMS_API_KEY\n" > $HOME/.gem/credentials
|
|
76
|
-
- run:
|
|
77
|
-
name: Set version
|
|
78
|
-
command: sed -i "s/[[:digit:]].[[:digit:]].[[:digit:]]/${RELEASE_TAG}/g" $(find . -name "version.rb")
|
|
79
|
-
- run:
|
|
80
|
-
name: Build gem
|
|
81
|
-
command: gem build *.gemspec
|
|
82
|
-
- run:
|
|
83
|
-
name: Push gem
|
|
84
|
-
command: gem push *.gem
|
|
85
|
-
|
|
86
|
-
workflows:
|
|
87
|
-
|
|
88
|
-
settings_reader-vault_resolver.build-pull-request:
|
|
89
|
-
when:
|
|
90
|
-
not:
|
|
91
|
-
equal: [ main, << pipeline.git.branch >> ]
|
|
92
|
-
jobs:
|
|
93
|
-
|
|
94
|
-
- rspec-test:
|
|
95
|
-
context: global
|
|
96
|
-
matrix:
|
|
97
|
-
parameters:
|
|
98
|
-
ruby-version: [ '2.5', '2.6', '2.7', '3.0' ]
|
|
99
|
-
|
|
100
|
-
- rubocop:
|
|
101
|
-
name: Rubocop
|
|
102
|
-
context: global
|
|
103
|
-
|
|
104
|
-
settings_reader-vault_resolver.release:
|
|
105
|
-
jobs:
|
|
106
|
-
|
|
107
|
-
- release:
|
|
108
|
-
tag: << pipeline.git.tag >>
|
|
109
|
-
context: gem-publishing
|
|
110
|
-
filters:
|
|
111
|
-
branches:
|
|
112
|
-
ignore: /.*/
|
|
113
|
-
tags:
|
|
114
|
-
only: /\d\.\d\.\d/ # It should be [digin dot digit dot digit] format
|