cookbook 'chef_vault_retry', '= 0.1.0'
chef_vault_retry (2) Versions 0.1.0 Follow0
Provides the chef_vault_retry_item method
cookbook 'chef_vault_retry', '= 0.1.0', :supermarket
knife supermarket install chef_vault_retry
knife supermarket download chef_vault_retry
chef_vault_retry
This cookbook is heavily inspired by the excellent chef-vault cookbook. In similar fashion, it installs the chef-vault gem and provides a helper method for retrieving vault item contents. Unlike the chef-client
cookbook however, the chef_vault_retry_item
helper method will periodically retry loading the vault item if a ChefVault::Exceptions::SecretDecryption
exception is raised, allowing an admin to refresh the vault item before the chef-client run fails. This is primarily intended to ease the bootstrapping of new systems.
Helper Methods
This cookbook provides a helper method for retrieving chef-vault items:
secret = chef_vault_retry_item('vault', 'item')
See the Usage section below for more details. Similar to the chef-client
cookbook, if the item isn't encrypted and the node['chef_vault_retry']['databag_fallback']
attribute is set to true
(the default), this helper method will attempt to load the item as a regular data bag item.
Attributes
-
node['chef_vault_retry']['interval']
- the interval in seconds between retries; default is30
-
node['chef_vault_retry']['retries']
- the maximum number of retries before allowing the chef-client run to fail; default is40
The following attributes have been duplicated from the chef-client
cookbook for gem installation:
-
node['chef_vault_retry']['version']
- version of thechef-client
gem to install; default is'~> 2.6'
-
node['chef_vault_retry']['databag_fallback']
- If the vault item passed is a regular data bag item, fall back to loading it as such; default istrue
-
node['chef_vault_retry']['gem_source']
- maps to thesource
property for thechef_gem
resource; default isnil
-
node['chef_vault_retry']['gem_options']
- maps to theoptions
property for thechef_gem
resource; default isnil
Usage
Include the chef_vault_retry::default
recipe before using the helper method in recipes:
include_recipe 'chef_vault_retry::default'
secret = chef_vault_retry_item('vault', 'item')
If a node is unable to decrypt an existing chef-vault item, the following error will be displayed in the chef-client run and will repeat on the configured interval (default 30s):
Unable to decrypt vault item (vault/item). Retrying in 30s.
Assuming an admin refreshes the vault item before the configured maximum number of retries (default 40), the chef-client run will continue now that the node can decrypt the item's contents.
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Collaborator Number Metric
0.1.0 passed this metric
Contributing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.0 passed this metric
No Binaries Metric
0.1.0 passed this metric
Testing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.0 passed this metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.0 passed this metric
No Binaries Metric
0.1.0 passed this metric
Testing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.0 passed this metric
0.1.0 passed this metric
Testing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.0 failed this metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number