Skip to content

Enchance Vault utils #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 16, 2019
Merged

Enchance Vault utils #54

merged 1 commit into from
Aug 16, 2019

Conversation

@StefanDinu
Copy link
Contributor

@StefanDinu StefanDinu commented Aug 14, 2019
edited
Loading

Enhance Vault modules and add support for enforcing a minimum ops version in Terraform clusters.

Addresses issue #55

Description

  1. Enhance Vault module, now it will not muffle Exceptions and exposed another function called check_vault() that will return a Jinja2 friendly boolean ("true" or "false")
  2. Added support for enforcing a minimum ops version in Terraform clusters ("ops_min_version")

Motivation and Context

  1. Aims to solve scenarios where reading a non-existent Vault secret always returned "None" and never threw an exception.
  2. Aims to make it easier to enforce a minimum version of ops across larger teams.

How Has This Been Tested?

Built the ops Docker container locally from sources, ran Terraform plan and apply on our clusters.
Also tested with older versions of ops which now fail because another PR will introduce a new function in the TF modules that will only exist in the newer ops.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • I have signed the Adobe Open Source CLA.
  • My code follows the code style of this project.
  • I have read the CONTRIBUTING document.
  • All new and existing tests passed.

costimuraru
costimuraru reviewed Aug 14, 2019
View reviewed changes
src/ops/cli/terraform.py Outdated
self.cluster_config = cluster_config
# Check if the cluster_config has a strict requirement of OPS version
# But only if 'ops_min_version' is specified. Not all clusters configs enforce this
if "ops_min_version" in self.cluster_config.conf["terraform"]:
Copy link
Contributor

@costimuraru costimuraru Aug 14, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. To keep things more easy to read, what do you think about extracting this code block in a dedicated method def check_ops_version() or something similar.
  2. It's not really ideal to have this checks in the class constructor (__init__). What do you think about having this check in the run method?
  3. It's possible that for newer integrations to not have the terraform section at all, in which this check would fail because self.cluster_config.conf["terraform"] would be None. What do you think about also adding a check such as 'terraform' in self.cluster_config.conf

Copy link
Contributor Author

@StefanDinu StefanDinu Aug 14, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the feedback ! Will implement these

costimuraru
costimuraru reviewed Aug 14, 2019
View reviewed changes
src/ops/simplevault.py
data = default
return data
# if the provided secret path doesn't exist, return false
return False
Copy link
Contributor

@costimuraru costimuraru Aug 14, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we return the default value if the secret does not exist?

Never mind, I see this is in the check method.

@StefanDinu StefanDinu force-pushed the ops_vault_enhancements branch from b285d5a to 37ae881 Compare August 14, 2019 14:17
@StefanDinu StefanDinu merged commit e2cfe99 into adobe:master Aug 16, 2019
@StefanDinu StefanDinu deleted the ops_vault_enhancements branch August 16, 2019 07:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@costimuraru costimuraru costimuraru approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@StefanDinu @costimuraru