OSDN -- Open-Source-Software-Entwicklung und Downloads
Übersetzungsstatus von Deutsch translation status for de
  • R/O
  • HTTP
  • SSH
  • HTTPS
Fork

grid-chef-repo: Commit

Grid環境構築用のChefリポジトリです。


Commit MetaInfo

Revision69b89ffcc4ecdc4d48a887fd945a826a9807c4d7 (tree)
Zeit2015-12-29 11:11:45
Autorwhitestar <whitestar@gaea...>
Commiterwhitestar

Log Message

environment-sensitive vault item improvemnet.

Ändern Zusammenfassung

Diff

--- a/cookbooks/berkshelf-api-server-ya/CHANGELOG.md
+++ b/cookbooks/berkshelf-api-server-ya/CHANGELOG.md
@@ -1,6 +1,10 @@
11 berkshelf-api-server-ya CHANGELOG
22 =================================
33
4+0.3.0
5+-----
6+- Vault item scan improvement for nested hash.
7+
48 0.2.0
59 -----
610 - SSL server key deployment by the Chef Vault.
--- a/cookbooks/berkshelf-api-server-ya/README.md
+++ b/cookbooks/berkshelf-api-server-ya/README.md
@@ -28,11 +28,13 @@ Attributes
2828 |`[:berkshelf_api][:proxy][:ssl_certificate_key_vault_item]`|Hash|Chef Vault item read conf. for the server private key. (ver. 0.2.0 or later)|undefined|
2929 |`[:berkshelf_api][:proxy][:ssl_certificate_key_vault_item][:vault]`|String|Vault name|undefined|
3030 |`[:berkshelf_api][:proxy][:ssl_certificate_key_vault_item][:name]`|String|Vault item name|undefined|
31-|`[:berkshelf_api][:proxy][:ssl_certificate_key_vault_item][:key]`|String|Vault item key|undefined|
31+|`[:berkshelf_api][:proxy][:ssl_certificate_key_vault_item][:env_context]`|Boolean|for multiple environment settings within encrypted items.|`false`|
32+|`[:berkshelf_api][:proxy][:ssl_certificate_key_vault_item][:key]`|String|Vault item key (single key or nested hash key path delimited by slash)|undefined|
3233 |`[:berkshelf_api][:config][:endpoints][1..n][:options][:client_key_vault_item]`|Hash|Chef Vault item read conf. for the endpoint access user's private key. (ver. 0.2.0. or later)|undefined|
3334 |`[:berkshelf_api][:config][:endpoints][1..n][:options][:client_key_vault_item][:vault]`|String|Vault name|undefined|
3435 |`[:berkshelf_api][:config][:endpoints][1..n][:options][:client_key_vault_item][:name]`|String|Vault item name|undefined|
35-|`[:berkshelf_api][:config][:endpoints][1..n][:options][:client_key_vault_item][:key]`|String|Vault item key|undefined|
36+|`[:berkshelf_api][:config][:endpoints][1..n][:options][:client_key_vault_item][:env_context]`|Boolean|for multiple environment settings within encrypted items.|`false`|
37+|`[:berkshelf_api][:config][:endpoints][1..n][:options][:client_key_vault_item][:key]`|String|Vault item key (single key or nested hash key path delimited by slash)|undefined|
3638
3739 Usage
3840 -----
--- a/cookbooks/berkshelf-api-server-ya/attributes/default.rb
+++ b/cookbooks/berkshelf-api-server-ya/attributes/default.rb
@@ -26,7 +26,23 @@ default[:berkshelf_api][:proxy][:ssl_certificate_key] = ''
2626 default[:berkshelf_api][:proxy][:ssl_certificate_key_vault_item] = {
2727 :vault => 'ssl_server_keys',
2828 :name => '<COMMON_NAME>',
29+ # single key or nested hash key path delimited by slash
30+ # Case 1.
31+ :env_context => false,
2932 :key => 'private'
33+ # -> item['private']
34+ # Case 2.
35+ #:env_context => true,
36+ #:key => 'private'
37+ # -> item[node.chef_environment]['private']
38+ # Case 3.
39+ #:env_context => true,
40+ #:key => nil, # or '' or undefined
41+ # -> item[node.chef_environment]
42+ # Case 4.
43+ #:env_context => true,
44+ #:key => 'hash/path/to/private/key'
45+ # -> item[node.chef_environment]['hash']['path']['to']['private']['key']
3046 }
3147 =end
3248
@@ -39,7 +55,11 @@ default[:berkshelf_api][:config][:endpoints] = [
3955 :client_key_vault_item => {
4056 :vault => 'berks_api_client_keys',
4157 :name => '<ORG_NAME>',
58+ # single key or nested hash key path delimited by slash
59+ :env_context => false,
4260 :key => 'berkshelf'
61+ #:env_context => true,
62+ #:key => 'hash/path/to/private/key'
4363 }
4464 }
4565 },
--- a/cookbooks/berkshelf-api-server-ya/metadata.rb
+++ b/cookbooks/berkshelf-api-server-ya/metadata.rb
@@ -4,7 +4,7 @@ maintainer_email ''
44 license 'Apache 2.0'
55 description 'Installs/Configures berkshelf-api-server-ya'
66 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
7-version '0.2.0'
7+version '0.3.0'
88
99 # local cookbooks
1010 #depends 'chef_utils', '>= 0.5.0'
--- a/cookbooks/berkshelf-api-server-ya/recipes/app.rb
+++ b/cookbooks/berkshelf-api-server-ya/recipes/app.rb
@@ -39,8 +39,17 @@ endpoints.each {|endpoint|
3939 end
4040
4141 require 'chef-vault'
42- item = ChefVault::Item.load(item_conf[:vault], item_conf[:name])
43- secret = item[item_conf[:key]]
42+ secret = ChefVault::Item.load(item_conf[:vault], item_conf[:name])
43+
44+ if item_conf.has_key?(:env_context) && item_conf[:env_context] == true then
45+ secret = secret[node.chef_environment]
46+ end
47+
48+ if !item_conf[:key].nil? && !item_conf[:key].empty? then
49+ item_conf[:key].split('/').each {|elm|
50+ secret = secret[elm]
51+ }
52+ end
4453
4554 file options[:client_key] do
4655 content secret
--- a/cookbooks/berkshelf-api-server-ya/recipes/http_proxy.rb
+++ b/cookbooks/berkshelf-api-server-ya/recipes/http_proxy.rb
@@ -34,8 +34,17 @@ if node[:berkshelf_api][:proxy].has_key?(:ssl_certificate_key_vault_item) then
3434 end
3535
3636 require 'chef-vault'
37- item = ChefVault::Item.load(item_conf[:vault], item_conf[:name])
38- secret = item[item_conf[:key]]
37+ secret = ChefVault::Item.load(item_conf[:vault], item_conf[:name])
38+
39+ if item_conf.has_key?(:env_context) && item_conf[:env_context] == true then
40+ secret = secret[node.chef_environment]
41+ end
42+
43+ if !item_conf[:key].nil? && !item_conf[:key].empty? then
44+ item_conf[:key].split('/').each {|elm|
45+ secret = secret[elm]
46+ }
47+ end
3948
4049 file node[:berkshelf_api][:proxy][:ssl_certificate_key] do
4150 content secret
Show on old repository browser