Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

common_attrs (12) Versions 0.4.5

Resourced to help manage Chef attributes

Policyfile
Berkshelf
Knife
cookbook 'common_attrs', '= 0.4.5', :supermarket
cookbook 'common_attrs', '= 0.4.5'
knife supermarket install common_attrs
knife supermarket download common_attrs
README
Dependencies
Changelog
Quality 0%

common_attrs cookbook

A cookbook which provides tools (libraries, custom resources) to help manage Attributes during Chef runs. This is especially useful when using PolicyFiles which require a workflow to replace the concept of Environments.

Be advised that this cookbook provides you with all of the necessary tools to shoot yourself in the foot ... repeatedly. When making use of any of the Custom Resources contained within, you should be sure to have a workflow in mind.

Requirements

  • Chef 12.7.0 or later.

Platform

Any

Custom Resources

common_environment

A custom resource which is designed to replicate the concept of Environment objects in deployments that make use of PolicyFiles.

During compile time, these resources will load a data_bag_item and then apply it's contents to the node attributes at a configurable (or auto detected) precedence level.

Attributes

common_attrs.environments.data_bag

The data_bag from which to fetch environment items which are formatted much like one would a standard environment file.

{
  "id": "production",
  "default_attributes": {
    "key": "value"
  },
  "override_attributes": {
    "key": "value"
  }
}
common_attrs.environments.compile_time

A boolean value which provides a default value for the common_environment resource and which determines whether the resources should be applied during compile or converge phase.

common_attrs.environments.ignore_missing

A boolean value which provides a default value for the common_environment resource and which determines whether the resources should throw an exception when a data_bag_item is not found.

common_attrs.environments.active.prepend

An array of data_bag_item names which is used by the common_attrs::environments recipe to create common_environment resources.

By default, this array will contain the following entries :
* env_#{node.environment.sub(/_/,'')} : the current environment or 'default'
* env_#{node.policy_group} : the policy_group name if defined
* policy_#{node.policy_name} : the policy_name if defined

common_attrs.environments.active.custom

An array of data_bag_item names which is used by the common_attrs::environments recipe to create common_environment resources.

By default, this array is left empty and is provided to allow you to extend without overriding the auto-generated values in prepend.

Recipe

common_attrs::environments

This recipe will automatically create common_environment resources based on the values found in attributes, first for prepend and then for custom.

Resources

common_environment

Actions
* apply: Apply the environment to the node

Properties
* environment: (name attribute) The name of the data_bag_item to load.
* data_bag: The data_bag to load from. This defaults to node.common_attrs.environments.data_bag.
* precedence: The precedence level to apply to, which may be either environment, role or node.
* compile_time: Whether to apply the environment during compile or converge time.
* ignore_missing: Whether to throw an exception if the data_bag_item is missing.

common_namespace

A custom resource which provides an alternative to the Environment pattern where one would provide configurations specific to a given environment within an attribute namespace.

As an example, the following node attributes provided by cookbooks, PolicyFiles, Environments, Roles or common_environment:

{
  "application": {
    "database_host": "127.0.0.1",
    "database_port": 3306,
    "num_processes": 1
  },
  "_production": {
    "application": {
      "database_host": "db.myapp.domain.com",
      "num_processes": 50  
    }
  },
  "_staging": {
    "application": {
      "database_host": "db.myapp.domain.test",
      "num_processes": 10  
    }
  }
}

Attributes

common_attrs.namespaces.compile_time

A boolean value which provides a default value for the common_namespace resource and which determines whether the resources should be applied during compile or converge phase.

common_attrs.namespaces.prefix

A string with which to prefix namespace names when attempting to locate node attributes. The initial idea is that this be a simple character (_ by default), however this could be a word followed by a period which would expand to an entire hash key.

common_attrs.namespaces.active.prepend

An array of namespace names which is used by the common_attrs::namespace recipe to create namespace resources.

By default, this array will contain the following entries :
* env_#{node.environment.sub(/_/,'')} : the current environment or 'default'
* env_#{node.policy_group} : the policy_group name if defined
* policy_#{node.policy_name} : the policy_name if defined

common_attrs.namespaces.active.custom

An array of namespace names which is used by the common_attrs::namespace recipe to create namespace resources.

By default, this array is left empty and is provided to allow you to extend without overriding the auto-generated values in prepend.

Recipe

common_attrs::namespaces

This recipe will automatically create common_namespace resources based on the values found in attributes, first for prepend and then for custom.

Resources

common_namespace

Actions
* apply: Apply the namespace to the node

Properties
* namespace: (name attribute) The name of the namespace to apply.
* destination: A period separated path to the attribute to apply this namespace to, defaulting to the root level of the node.
* precedence: The precedence level to apply to, which may be either environment, role or node.
* prefix: The prefix to apply to the namespace name and which defaults to common_attrs.namespaces.prefix
* compile_time: Whether to apply the namespace during compile or converge time.

common_secrets

Custom resources which will load a data_bag_item containing secrets into the node.run_state if it has not already been created. This may then be used by other resources, such as common_secret or directly within your recipes.

Example:
json
{
"id": "secrets",
"my_key": "my_value"
}

common_secrets "secrets"
raise node.run_state[:common_secrets][:secrets][:my_key]
{
  "common_secrets":{
    "active":{
      "deploy_keys": {
        "attribute_path": "common_auth.users.config.www-data.keys.private_keys.deploy",
        "secrets_item": "deploy"
      }
    }
  }
}

Attributes

common_attrs.secrets.data_bag

The data_bag from which to fetch secrets items. The format of the data_bag_item is free form.

common_attrs.secrets.compile_time

A boolean value which provides a default value for the common_secrets resource and which determines whether the resources should be applied during compile or converge phase.

common_attrs.secrets.active

A hash of key => hash pairs which are used by the recipes to create instances of common_secrets and where the name refers to the common_secrets name and the hash is any properties to apply.

{
  "action": {
    "secrets": {
      "compile_time": true,
      "secrets_item": "data_bag_item_name"
    }
  }
}

Recipes

common_attrs:secrets

This recipe will automatically create common_secret resources based on the values found in attributes.

Resources

common_secrets

Actions
* apply: Apply the secrets to the node run_state

Properties
* secrets_item: (name attribute) The name of the data_bag_item to load.
* secrets_bag: The name of the data_bag to load items from.
* secrets_name: The name of the key under node.run_state[:common_secrets] to load this in.
* compile_time: Whether to apply the secrets during compile or converge time.

common_secret

Actions
* apply: Apply the secret to node attributes

Properties
* attribute_path: (name attribute) The location where to copy the secret to.
* secrets_path: The path within the common_secret run_state hash where the secret may be found.
* secrets_item: The name of the data_bag_item to load.
* secrets_bag: The name of the data_bag to load items from.
* compile_time: Whether to apply the secret during compile or converge time.

Additional Recipes / Attributes

Attributes Obfuscated

Hash of key => boolean values where the keys represent a path to an attribute that should be replaced prior to Chef reporting to chef server.

Attributes

common_attrs.obfuscated
{
  "plain": {
    "text": {
      "secret": "value"
    }
  },
  "common_attrs": {
     "obfuscated": {
      "plain.text.secret": true
    }
  }
}

Recipes

common_attrs::obfuscated

This recipe creates a converge_complete event handler which will go through the hash of obfuscated types and replace their content with **suppressed sensitive output**.

Attributes Blacklisted

Hash of key => boolean values where the keys represent a path to an attribute that should be deleted prior to Chef reporting to chef server.

Attributes

common_attrs.blacklisted
{
  "plain": {
    "text": {
      "secret": "value"
    }
  },
  "common_attrs": {
     "blacklisted": {
      "plain.text.secret": true
    }
  }
}

Recipes

common_attrs::blacklisted

This recipe creates a converge_complete event handler which will go through the hash of obfuscated types and deletes their content.

Library Methods

This cookbook provides a number of helper methods and injects a few of them by monkey patching DataBagItem, Node::Attributes and Resource. When doing this, special care is taken to ensure that the method names are namespaced so as to minimize future WTF moments.

Documentation on each of these may be found within the library files.

  • Hash.dig
  • Hash.common_assign_at
  • Resource.common_properties
  • DataBagItem.to_common_data
  • DataBagItem.to_common_namespace
  • EncryptedDataBagItem.to_common_data
  • EncryptedDataBagItem.to_common_namespace
  • Attribute.to_common_data
  • Attribute.to_common_namespace
  • Common::Delegator::ObfuscatedType

Attribute Precedence

Given that we're dealing with Attributes, special care needs to be taken to ensure that we don't get lost in the myriad of different precedence levels.

The table below contains a listing of where the new custom resources fit within this precedence from least important to most.

new? source precedence level
no cookbook.attribute default
no cookbook.recipe default
no environment environment_default
yes common_environment environment_default
yes common_namespace environment_default
no role role_default
no policy_file role_default
yes common_secrets force_default
no cookbook.attribute normal
no cookbook.recipe normal

common_attrs

v0.4.5

  • Bugfix
    • allow common_secret to work when attribute_path is a '.'

v0.4.4

  • Bugfix
    • to_common_namespace did not correctly detect namespace attributes

v0.4.3

  • Bugfix
    • Better detect when policy is enabled

v0.4.2

  • Bugfix
    • New namespace/environment loaders were not setting attributes correctly

v0.4.1

  • Enhancement
    • Prefix autodetection ends up being overly complicated, revert that.

v0.4.0

  • Enhancement

    • Prefix environment, policy_group, policy_name with a word which enables autodetection of precedence levels. On one hand, it makes that easier, on the other it helps make the data_bag item list more readable.
  • Bugfix

    • Fixed an issue where the attributes would throw an exception when the node did not support policies

v0.3.0

  • Enhancement
    • Allow common_environment to apply to node.default
    • Allow common_namespace to apply to node.default

v0.2.0

  • Enhancement
    • Provide support for loading entire hashes from common_secret instead of only allowing single keys.

v0.1.5

  • Add attribute blacklisting
  • Add whyrun support/bypass to all common_attr resources

v0.1.4

  • Add EncryptedDataBagItem monkey patches

Collaborator Number Metric
            

0.4.5 failed this metric

Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Foodcritic Metric
            

0.4.5 failed this metric

FC016: LWRP does not declare a default action: /tmp/3a34d90ced22b609595fcb91/common_attrs/resources/common_environment.rb:1
FC016: LWRP does not declare a default action: /tmp/3a34d90ced22b609595fcb91/common_attrs/resources/common_namespace.rb:1
FC016: LWRP does not declare a default action: /tmp/3a34d90ced22b609595fcb91/common_attrs/resources/common_secret.rb:1
FC016: LWRP does not declare a default action: /tmp/3a34d90ced22b609595fcb91/common_attrs/resources/common_secrets.rb:1