tiller 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/tiller +1 -1
- data/lib/tiller/data/consul.rb +4 -2
- data/lib/tiller/data/environment_nested.rb +18 -0
- data/lib/tiller/data/file.rb +1 -0
- data/lib/tiller/data/vault.rb +68 -16
- data/lib/tiller/vault.rb +3 -3
- data/lib/tiller/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d77cf5dbfb18a7c01748c26f85a1750db39cdf64
|
4
|
+
data.tar.gz: 7c6495941198eb295f8bc77aa596836ba4c1b1bb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 62be132162a6b83147e771070d663f1e9218a83f92e0a120b74f8adc1d3e44c163eab8f6bbf5eb50106f776c50d6181f1538f451d8e039fb491b323a48c6a78a
|
7
|
+
data.tar.gz: 8782973e32397059a0be3406a946274f3f3afe521bf07893202c5e7f5c42f697b646419a2547ee6ee6eb2651d86c4f356ed6d0e04117802697f930671e58ef82
|
data/bin/tiller
CHANGED
@@ -297,7 +297,7 @@ module Tiller
|
|
297
297
|
log.info("Child process forked with PID #{child_pid}")
|
298
298
|
|
299
299
|
# Catch signals and send them on to the child processes
|
300
|
-
[ :INT, :TERM, :HUP ].each do |sig|
|
300
|
+
[ :INT, :TERM, :HUP, :QUIT, :USR1, :USR2, :WINCH ].each do |sig|
|
301
301
|
Signal.trap(sig) do
|
302
302
|
pids.each { |p| signal(sig, p, :verbose => config[:verbose])}
|
303
303
|
end
|
data/lib/tiller/data/consul.rb
CHANGED
@@ -61,11 +61,13 @@ class ConsulDataSource < Tiller::DataSource
|
|
61
61
|
|
62
62
|
def fetch_all_keys(path)
|
63
63
|
keys = Diplomat::Kv.get(path, { keys: true, :dc => @consul_config['dc'] }, :return)
|
64
|
-
all_keys =
|
64
|
+
all_keys = Hash.new
|
65
65
|
if keys.is_a? Array
|
66
66
|
keys.each do |k|
|
67
67
|
Tiller::log.debug("#{self} : Fetching key #{k}")
|
68
|
-
|
68
|
+
k_basename = k[path.length..-1] # remove leading path
|
69
|
+
v = Diplomat::Kv.get(k, { nil_values: true, :dc => @consul_config['dc'] })
|
70
|
+
all_keys.deep_merge!(k_basename.split('/').reverse.inject(v) { |a, n| { n => a } })
|
69
71
|
end
|
70
72
|
all_keys
|
71
73
|
else
|
@@ -0,0 +1,18 @@
|
|
1
|
+
require 'tiller/datasource'
|
2
|
+
|
3
|
+
class EnvironmentNestedDataSource < Tiller::DataSource
|
4
|
+
|
5
|
+
def global_values
|
6
|
+
values = Hash.new
|
7
|
+
ENV.each do |k, v|
|
8
|
+
begin
|
9
|
+
v = YAML.load(v) # helper to get real data type instead of string
|
10
|
+
values.deep_merge!(k.split('_').reverse.inject(v) { |a, n| { n => a } })
|
11
|
+
rescue
|
12
|
+
Tiller::log.debug("Environment variable #{k} with value #{v} could not be unfolded (ignored)")
|
13
|
+
end
|
14
|
+
end
|
15
|
+
values
|
16
|
+
end
|
17
|
+
|
18
|
+
end
|
data/lib/tiller/data/file.rb
CHANGED
@@ -25,6 +25,7 @@ class FileDataSource < Tiller::DataSource
|
|
25
25
|
env_file = File.join(Tiller::config[:tiller_base], 'environments',
|
26
26
|
"#{Tiller::config[:environment]}.yaml")
|
27
27
|
@config_hash = YAML.load(open(env_file))
|
28
|
+
@config_hash ||= Hash.new #in case YAML.load returned false
|
28
29
|
rescue
|
29
30
|
abort("Error : Could not load environment file #{env_file}")
|
30
31
|
end
|
data/lib/tiller/data/vault.rb
CHANGED
@@ -9,26 +9,59 @@ class VaultDataSource < Tiller::DataSource
|
|
9
9
|
|
10
10
|
def global_values
|
11
11
|
return {} unless Tiller::config.has_key?('vault')
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
12
|
+
if @vault_config['flex_mode']
|
13
|
+
globals = {}
|
14
|
+
Tiller::log.debug("#{self} : In Flex Mode: Fetching all defined paths under values")
|
15
|
+
@vault_config['values'].each do |key, path|
|
16
|
+
next unless path
|
17
|
+
Tiller::log.debug("#{self} : Fetching values in #{path} into the #{key} variable")
|
18
|
+
path = "/#{path}" if path[0] != '/'
|
19
|
+
path = interpolate(path)
|
20
|
+
globals[key] = get_values(path)
|
21
|
+
end
|
22
|
+
globals
|
23
|
+
else
|
24
|
+
path = interpolate("#{@vault_config['values']['global']}")
|
25
|
+
Tiller::log.debug("#{self} : Fetching globals from #{path}")
|
26
|
+
globals = get_values(path)
|
27
|
+
|
28
|
+
# Do we have per-env globals ? If so, merge them
|
29
|
+
path = interpolate("#{@vault_config['values']['per_env']}")
|
30
|
+
Tiller::log.debug("#{self} : Fetching per-environment globals from #{path}")
|
31
|
+
globals.deep_merge!(get_values(path))
|
32
|
+
end
|
20
33
|
end
|
21
34
|
|
22
35
|
def values(template_name)
|
23
36
|
return {} unless Tiller::config.has_key?('vault')
|
24
|
-
|
25
|
-
|
26
|
-
|
37
|
+
if @vault_config['flex_mode']
|
38
|
+
# Merge configs of the template and environment, subsequently
|
39
|
+
template_config = Tiller::config[template_name] || {}
|
40
|
+
if Tiller::config.has_key?('environments') && Tiller::config['environments'].has_key?(Tiller::config[:environment]) && Tiller::config['environments'][Tiller::config[:environment]].has_key?(template_name)
|
41
|
+
template_config.deep_merge!(Tiller::config['environments'][Tiller::config[:environment]][template_name])
|
42
|
+
end
|
43
|
+
return {} unless template_config.has_key?('vault')
|
44
|
+
values = {}
|
45
|
+
template_config['vault'].each do |key, path|
|
46
|
+
path = "/#{path}" if path[0] != '/'
|
47
|
+
# We want to make Vault compatible with dynamic values here
|
48
|
+
path = Tiller::render(path, direct_render: true) if Tiller::config.assoc('dynamic_values')
|
49
|
+
path = interpolate(path)
|
50
|
+
Tiller::log.debug("#{self} : Fetching values in #{path} into the #{key} variable")
|
51
|
+
values[key] = get_values(path)
|
52
|
+
end
|
53
|
+
values
|
54
|
+
else
|
55
|
+
path = interpolate("#{@vault_config['values']['template']}", template_name)
|
56
|
+
Tiller::log.debug("#{self} : Fetching template values from #{path}")
|
57
|
+
get_values(path)
|
58
|
+
end
|
27
59
|
end
|
28
60
|
|
29
61
|
|
30
62
|
def target_values(template_name)
|
31
63
|
return {} unless Tiller::config.has_key?('vault')
|
64
|
+
return {} if @vault_config['flex_mode']
|
32
65
|
path = interpolate("#{@vault_config['values']['target']}", template_name)
|
33
66
|
Tiller::log.debug("#{self} : Fetching template target values from #{path}")
|
34
67
|
get_values(path)
|
@@ -38,18 +71,37 @@ class VaultDataSource < Tiller::DataSource
|
|
38
71
|
# Helper method, not used by DataSource API
|
39
72
|
def get_values(path)
|
40
73
|
keys = nil
|
74
|
+
Tiller::log.debug("Trying Vault list with #{path}")
|
41
75
|
Vault.with_retries(Vault::HTTPConnectionError, Vault::HTTPError) do |attempt, e|
|
42
|
-
|
43
|
-
|
76
|
+
Tiller::log.warn("#{self} : Received exception #{e} from Vault") if e
|
77
|
+
keys = Vault.logical.list(path)
|
44
78
|
end
|
45
79
|
|
46
80
|
values = {}
|
47
|
-
if keys.is_a?
|
81
|
+
if keys.is_a?(Array) && keys.size > 0
|
48
82
|
keys.each do |k|
|
49
83
|
Tiller::log.debug("#{self} : Fetching value at #{path}/#{k}")
|
50
84
|
Vault.with_retries(Vault::HTTPConnectionError, Vault::HTTPError) do |attempt, e|
|
51
|
-
|
52
|
-
|
85
|
+
Tiller::log.warn("#{self} : Received exception #{e} from Vault") if e
|
86
|
+
Tiller::log.debug("Actual Vault Path: #{File.absolute_path(k,path)}")
|
87
|
+
vdata = Vault.logical.read(File.absolute_path(k,path)).data
|
88
|
+
if @vault_config['flex_mode']
|
89
|
+
values[k.to_sym] = vdata
|
90
|
+
else
|
91
|
+
values[k] = vdata[@vault_config['json_key_name']]
|
92
|
+
end
|
93
|
+
end
|
94
|
+
end
|
95
|
+
values
|
96
|
+
elsif @vault_config['flex_mode']
|
97
|
+
Tiller::log.debug("#{path} is likely a Vault document, retrieving values for them")
|
98
|
+
Vault.with_retries(Vault::HTTPConnectionError, Vault::HTTPError) do |attempt, e|
|
99
|
+
Tiller::log.warn("#{self} : Received exception #{e} from Vault") if e
|
100
|
+
vault_data = Vault.logical.read(path)
|
101
|
+
if vault_data && (data = vault_data.data) && data.is_a?(Hash)
|
102
|
+
values = data
|
103
|
+
else
|
104
|
+
Tiller::log.warn("No values found at #{path}")
|
53
105
|
end
|
54
106
|
end
|
55
107
|
values
|
data/lib/tiller/vault.rb
CHANGED
@@ -3,7 +3,7 @@ require 'pp'
|
|
3
3
|
require 'tiller/defaults'
|
4
4
|
require 'tiller/util'
|
5
5
|
|
6
|
-
VAULT_TOKEN_FILE = "#{Dir.home}/.vault-token"
|
6
|
+
VAULT_TOKEN_FILE = ENV.key?('HOME') ? "#{Dir.home}/.vault-token" : nil
|
7
7
|
|
8
8
|
module Tiller::VaultCommon
|
9
9
|
def setup
|
@@ -19,14 +19,14 @@ module Tiller::VaultCommon
|
|
19
19
|
|
20
20
|
# Sanity checks
|
21
21
|
['url'].each {|c| raise "Missing Vault configuration #{c}" unless @vault_config.has_key?(c)}
|
22
|
-
raise "Missing Vault token" if !(File.exists?
|
22
|
+
raise "Missing Vault token" if !((VAULT_TOKEN_FILE && File.exists?(VAULT_TOKEN_FILE)) || @vault_config['token'] || ENV['VAULT_TOKEN'])
|
23
23
|
|
24
24
|
Vault.configure do |config|
|
25
25
|
# The address of the Vault server
|
26
26
|
config.address = @vault_config['url']
|
27
27
|
|
28
28
|
# The token to authenticate to Vault
|
29
|
-
config.token = @vault_config['token'] || File.read(VAULT_TOKEN_FILE)
|
29
|
+
config.token = @vault_config['token'] || ENV['VAULT_TOKEN'] || File.read(VAULT_TOKEN_FILE)
|
30
30
|
|
31
31
|
config.ssl_verify = @vault_config['ssl_verify']
|
32
32
|
config.ssl_pem_file = @vault_config['ssl_pem_file'] if @vault_config.has_key?(:ssl_pem_file)
|
data/lib/tiller/version.rb
CHANGED
@@ -1,2 +1,2 @@
|
|
1
1
|
# http://semver.org/
|
2
|
-
VERSION="1.
|
2
|
+
VERSION="1.1.0"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tiller
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mark Dastmalchi-Round
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-04-24 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: A tool to create configuration files from a variety of sources, particularly
|
14
14
|
useful for Docker containers. See https://github.com/markround/tiller for examples
|
@@ -33,6 +33,7 @@ files:
|
|
33
33
|
- lib/tiller/data/defaults.rb
|
34
34
|
- lib/tiller/data/environment.rb
|
35
35
|
- lib/tiller/data/environment_json.rb
|
36
|
+
- lib/tiller/data/environment_nested.rb
|
36
37
|
- lib/tiller/data/external_file.rb
|
37
38
|
- lib/tiller/data/file.rb
|
38
39
|
- lib/tiller/data/http.rb
|