tiller 0.9.2 → 0.9.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e1972112b5fe6beea47fb18e9433b247a94075f9
-  data.tar.gz: 6571bac99e1c81cf9880a4e08109799b7c0e19f3
+  metadata.gz: 15b6d2bae8088a2cdff87c27892257063b0bce78
+  data.tar.gz: 499654583932982792992a5ba48e337f9ba4930f
 SHA512:
-  metadata.gz: 2e2d7516a7accb7a99b4536826278c30a478ce6256e19c5094981dabd32d7388ba3a00e4a093fdd0b9e2bb7e7c72cd8f508f599d154bd5827bbc35537aafa6d1
-  data.tar.gz: c54136043b68745b00dcf015707346770f068286953af017a7866b098f4b7129a5a824c67b22210fa6f261c3a7bb9b35c21283cc60343045ce6f038809f85855
+  metadata.gz: c7a7fdf2f42bfa81891644495754a0b705b8a706b737e39671606c2a2bce6cd5f4e8c576f019fd603a23de85ad1fbefdd18f072c3a46914e51d0c6d23c6c78e5
+  data.tar.gz: afce5ef800ef253760bba24311eeb56474ea0889cdb4dd3f1ef44704e272fbda3bcd005b1b320f10b691b44bdbc40099af3b609d248c2487aee4185f4948e1af

data/bin/tiller

@@ -35,7 +35,7 @@ module Tiller
 
   puts "tiller v#{VERSION} (https://github.com/markround/tiller) <github@markround.com>"
 
-  class << self;
+  class << self
     attr_accessor :config, :log, :templates, :tiller
   end
 

data/lib/tiller/consul.rb

@@ -4,10 +4,15 @@ require 'tiller/defaults'
 require 'tiller/util'
 
 module Tiller::ConsulCommon
+
+
   def setup
     # Set our defaults if not specified
     @consul_config = Tiller::Consul.defaults
-    raise 'No Consul configuration block' unless Tiller::config.has_key?('consul')
+    unless Tiller::config.has_key?('consul')
+      Tiller::log.info('No Consul configuration block for this environment')
+      return
+    end
     @consul_config.deep_merge!(Tiller::config['consul'])
 
     # Sanity check

data/lib/tiller/data/consul.rb

@@ -8,6 +8,8 @@ class ConsulDataSource < Tiller::DataSource
   include Tiller::ConsulCommon
 
   def global_values
+    return {} unless Tiller::config.has_key?('consul')
+
     # Fetch globals
     path = interpolate("#{@consul_config['values']['global']}")
     Tiller::log.debug("#{self} : Fetching globals from #{path}")
@@ -43,12 +45,14 @@ class ConsulDataSource < Tiller::DataSource
   end
 
   def values(template_name)
+    return {} unless Tiller::config.has_key?('consul')
     path = interpolate("#{@consul_config['values']['template']}", template_name)
     Tiller::log.debug("#{self} : Fetching template values from #{path}")
     fetch_all_keys(path)
   end
 
   def target_values(template_name)
+    return {} unless Tiller::config.has_key?('consul')
     path = interpolate("#{@consul_config['values']['target']}", template_name)
     Tiller::log.debug("#{self} : Fetching template target values from #{path}")
     fetch_all_keys(path)

data/lib/tiller/data/http.rb

@@ -10,14 +10,17 @@ class HttpDataSource < Tiller::DataSource
   include Tiller::HttpCommon
 
   def values(template_name)
+    return {} unless Tiller::config.has_key?('http')
     parse(get_uri(@http_config['uri'] + @http_config['values']['template'], :template => template_name))
   end
 
   def global_values
+    return {} unless Tiller::config.has_key?('http')
     parse(get_uri(@http_config['uri'] + @http_config['values']['global']))
   end
 
   def target_values(template_name)
+    return {} unless Tiller::config.has_key?('http')
     parse(get_uri(@http_config['uri'] + @http_config['values']['target'], :template => template_name))
   end
 

data/lib/tiller/data/vault.rb

@@ -0,0 +1,62 @@
+require 'yaml'
+require 'vault'
+require 'tiller/datasource'
+require 'tiller/vault.rb'
+
+class VaultDataSource < Tiller::DataSource
+
+  include Tiller::VaultCommon
+
+  def global_values
+    return {} unless Tiller::config.has_key?('vault')
+    path = interpolate("#{@vault_config['values']['global']}")
+    Tiller::log.debug("#{self} : Fetching globals from #{path}")
+    globals = get_values(path)
+
+    # Do we have per-env globals ? If so, merge them
+    path = interpolate("#{@vault_config['values']['per_env']}")
+    Tiller::log.debug("#{self} : Fetching per-environment globals from #{path}")
+    globals.deep_merge!(get_values(path))
+  end
+
+  def values(template_name)
+    return {} unless Tiller::config.has_key?('vault')
+    path = interpolate("#{@vault_config['values']['template']}", template_name)
+    Tiller::log.debug("#{self} : Fetching template values from #{path}")
+    get_values(path)
+  end
+
+
+  def target_values(template_name)
+    return {} unless Tiller::config.has_key?('vault')
+    path = interpolate("#{@vault_config['values']['target']}", template_name)
+    Tiller::log.debug("#{self} : Fetching template target values from #{path}")
+    get_values(path)
+  end
+
+
+  # Helper method, not used by DataSource API
+  def get_values(path)
+    keys = nil
+    Vault.with_retries(Vault::HTTPConnectionError, Vault::HTTPError) do |attempt, e|
+        Tiller::log.warn("#{self} : Received exception #{e} from Vault") if e
+        keys = Vault.logical.list(path)
+    end
+
+    values = {}
+    if keys.is_a? Array
+      keys.each do |k|
+        Tiller::log.debug("#{self} : Fetching value at #{path}/#{k}")
+        Vault.with_retries(Vault::HTTPConnectionError, Vault::HTTPError) do |attempt, e|
+            Tiller::log.warn("#{self} : Received exception #{e} from Vault") if e
+            values[k] = Vault.logical.read(File.absolute_path(k,path)).data[@vault_config['json_key_name']]
+        end
+      end
+      values
+    else
+      {}
+    end
+  end
+
+
+end

data/lib/tiller/defaults.rb

@@ -31,6 +31,22 @@ module Tiller::Zookeeper
   }
 end
 
+# Defaults for the Vault data and template sources
+module Tiller::Vault
+  Defaults = {
+    'timeout'       => 30,
+    'ssl_verify'    => false,
+    'templates'     => '/secret/tiller/templates',
+    'json_key_name' => :content,
+
+    'values'    => {
+        'global'    => '/secret/tiller/globals/all',
+        'per_env'   => '/secret/tiller/globals/%e',
+        'template'  => '/secret/tiller/values/%e/%t',
+        'target'    => '/secret/tiller/target_values/%t/%e'
+    }
+  }
+end
 
 # Defaults for the HTTP data and template sources
 module Tiller::Http
@@ -79,4 +95,3 @@ module Tiller::Environment
     }
   end
 end
-

data/lib/tiller/http.rb

@@ -12,7 +12,11 @@ module Tiller::HttpCommon
     # Set our defaults if not specified
     @http_config = Tiller::Http.defaults
 
-    raise 'No HTTP configuration block' unless Tiller::config.has_key?('http')
+    unless Tiller::config.has_key?('http')
+      Tiller::log.info('No HTTP configuration block for this environment')
+      return
+    end
+
     @http_config.merge!(Tiller::config['http'])
 
     # Sanity check

data/lib/tiller/logger.rb

@@ -3,8 +3,12 @@ require 'logger'
 module Tiller
 
   class Logger < Logger
+
+    attr_accessor :messages
+
     def initialize
       super(STDOUT)
+      self.messages = []
 
       self.level = Logger::WARN
       self.level = Logger::INFO if Tiller::config[:verbose]
@@ -15,6 +19,13 @@ module Tiller
       end
 
     end
+
+    # Quick hack to remove duplicate informational messages
+    def info(msg)
+      super(msg) unless self.messages.include?(msg)
+      self.messages.push(msg)
+    end
+
   end
 
 end

data/lib/tiller/template/consul.rb

@@ -8,6 +8,7 @@ class ConsulTemplateSource < Tiller::TemplateSource
   include Tiller::ConsulCommon
 
   def templates
+    return [] unless Tiller::config.has_key?('consul')
     path = interpolate("#{@consul_config['templates']}")
     Tiller::log.debug("#{self} : Fetching templates from #{path}")
     templates = Diplomat::Kv.get(path, {:keys => true, :dc => @consul_config['dc']}, :return)

data/lib/tiller/template/http.rb

@@ -10,6 +10,7 @@ class HttpTemplateSource < Tiller::TemplateSource
   include Tiller::HttpCommon
 
   def templates
+    return [] unless Tiller::config.has_key?('http')
     parse(get_uri(@http_config['uri'] + @http_config['templates']))
   end
 

data/lib/tiller/template/vault.rb

@@ -0,0 +1,41 @@
+require 'pp'
+require 'vault'
+require 'tiller/templatesource'
+require 'tiller/vault.rb'
+
+class VaultTemplateSource < Tiller::TemplateSource
+
+  include Tiller::VaultCommon
+
+  def templates
+    return [] unless Tiller::config.has_key?('vault')
+    path = interpolate("#{@vault_config['templates']}")
+    Tiller::log.debug("#{self} : Fetching templates from #{path}")
+
+    templates = nil
+
+    Vault.with_retries(Vault::HTTPConnectionError, Vault::HTTPError) do |attempt, e|
+        Tiller::log.warn("#{self} : Received exception #{e} from Vault") if e
+        templates = Vault.logical.list(path)
+    end
+
+    if templates.is_a? Array
+      templates
+    else
+      Tiller::log.warn("Consul : No templates could be fetched from #{path}")
+      []
+    end
+  end
+
+  def template(template_name)
+    path = interpolate("#{@vault_config['templates']}")
+
+    Vault.with_retries(Vault::HTTPConnectionError, Vault::HTTPError) do |attempt, e|
+        Tiller::log.warn("#{self} : Received exception #{e} from Vault") if e
+        Vault.logical.read(File.absolute_path(template_name,path)).data[:content]
+    end
+
+  end
+
+
+end

data/lib/tiller/vault.rb

@@ -0,0 +1,53 @@
+require 'vault'
+require 'pp'
+require 'tiller/defaults'
+require 'tiller/util'
+
+VAULT_TOKEN_FILE = "#{Dir.home}/.vault-token"
+
+module Tiller::VaultCommon
+  def setup
+    # Set our defaults if not specified
+    @vault_config = Tiller::Vault::Defaults
+
+    unless Tiller::config.has_key?('vault')
+      Tiller::log.info('No Vault configuration block for this environment')
+      return
+    end
+
+    @vault_config.deep_merge!(Tiller::config['vault'])
+
+    # Sanity checks
+    ['url'].each {|c| raise "Missing Vault configuration #{c}" unless @vault_config.has_key?(c)}
+    raise "Missing Vault token" if !(File.exists? VAULT_TOKEN_FILE || @vault_config['token'])
+
+    Vault.configure do |config|
+        # The address of the Vault server
+        config.address = @vault_config['url']
+
+        # The token to authenticate to Vault
+        config.token = @vault_config['token'] || File.read(VAULT_TOKEN_FILE)
+
+        config.ssl_verify = @vault_config['ssl_verify']
+        config.ssl_pem_file = @vault_config['ssl_pem_file'] if @vault_config.has_key?(:ssl_pem_file)
+
+        config.timeout = @vault_config['timeout']
+    end
+
+    # Check if Vault is unsealed, perform a safe check with retries on failure
+    Vault.with_retries(Vault::HTTPConnectionError, Vault::HTTPError) do |attempt, e|
+        Tiller::log.debug("#{self} : Connecting to Vault at #{@vault_config['url']}")
+        raise "Vault at url: #{uri} is sealed" if Vault.sys.seal_status.sealed?
+        Tiller::log.warn("#{self} : Received exception #{e} from Vault") if e
+    end
+
+  end
+
+  # Interpolate configuration placeholders with values
+  def interpolate(path, template_name = nil)
+    path.gsub!('%e', Tiller::config[:environment])
+    path.gsub!('%t', template_name) if template_name
+    path
+  end
+
+end

data/lib/tiller/version.rb

@@ -1 +1 @@
-VERSION="0.9.2"
+VERSION="0.9.3"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tiller
 version: !ruby/object:Gem::Version
-  version: 0.9.2
+  version: 0.9.3
 platform: ruby
 authors:
 - Mark Dastmalchi-Round
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-08-19 00:00:00.000000000 Z
+date: 2016-09-07 00:00:00.000000000 Z
 dependencies: []
 description: A tool to create configuration files from a variety of sources, particularly
   useful for Docker containers. See https://github.com/markround/tiller for examples
@@ -36,6 +36,7 @@ files:
 - lib/tiller/data/file.rb
 - lib/tiller/data/http.rb
 - lib/tiller/data/random.rb
+- lib/tiller/data/vault.rb
 - lib/tiller/data/xml_file.rb
 - lib/tiller/data/zookeeper.rb
 - lib/tiller/datasource.rb
@@ -49,9 +50,11 @@ files:
 - lib/tiller/template/consul.rb
 - lib/tiller/template/file.rb
 - lib/tiller/template/http.rb
+- lib/tiller/template/vault.rb
 - lib/tiller/template/zookeeper.rb
 - lib/tiller/templatesource.rb
 - lib/tiller/util.rb
+- lib/tiller/vault.rb
 - lib/tiller/version.rb
 homepage: http://www.markround.com/blog/categories/tiller/
 licenses: