bridgetown_credentials 0.2.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c8779dc0cb6b351a39d667b7f7114bb087d9bbadf75511cdfb3ff1288384e76d
4
- data.tar.gz: 2e1804b7ad62f4668bcd786a3bbee6bc64cef78c0ce55d76268382f51a481546
3
+ metadata.gz: a0a7c3406ec0b71f20855c85edf8c0599b32bab8596781934d490c8b96676cb4
4
+ data.tar.gz: 8b6d6b1aa01fd6c2d6eb3358076f60592fff716f3b6e8d96d9fea7d93cdca2a2
5
5
  SHA512:
6
- metadata.gz: df801bb953a77b287a1d27cb791911739a4d3f5e95c103752d93b20ae9c87a47d66e47486b28fe518e4b7212411b957e3b59d5d0b4fb3583d9cfe9c836cc30ca
7
- data.tar.gz: '078e49dedc4c3fa2d91a31dc8e16be6a244aec28f8c87e204cb4a412bfaba156c9b3eb2b4fbeb551d297d32aacea74c55939830ed45c6c8bd74dc2f7532605f7'
6
+ metadata.gz: d197d743dea142c2f67940ddce6168e31484df6b9f3bea19863559f1c95ed4cfaf911612331badaaa107087ba879e8eee1a3f225b41564468e47ce442d2dba6d
7
+ data.tar.gz: 747a691b25168d1eb8ceca15308b0e799904bfda62c63e8175226e5ac164312392b32f7f11ed85e374c702bca794491f22820ae6bdb98ef6d74949e91d89e64a
checksums.yaml.gz.sig CHANGED
Binary file
data/CHANGELOG.md CHANGED
@@ -2,6 +2,18 @@
2
2
 
3
3
  Nothing so far
4
4
 
5
+ ## 1.0.1
6
+
7
+ #### Changes
8
+ * Update Ruby to 3.4
9
+
10
+ Nothing so far
11
+
12
+ ## 1.0.0
13
+
14
+ ### Breaking Changes
15
+ * Switch from ActiveSupport to dry-credentials (see README)
16
+
5
17
  ## 0.2.0
6
18
 
7
19
  ### Breaking Changes
data/README.md CHANGED
@@ -1,18 +1,20 @@
1
1
  [![Version](https://img.shields.io/gem/v/bridgetown_credentials.svg?style=flat)](https://rubygems.org/gems/bridgetown_credentials)
2
2
  [![Tests](https://img.shields.io/github/actions/workflow/status/svoop/bridgetown_credentials/test.yml?style=flat&label=tests)](https://github.com/svoop/bridgetown_credentials/actions?workflow=Test)
3
3
  [![Code Climate](https://img.shields.io/codeclimate/maintainability/svoop/bridgetown_credentials.svg?style=flat)](https://codeclimate.com/github/svoop/bridgetown_credentials/)
4
- [![Donorbox](https://img.shields.io/badge/donate-on_donorbox-yellow.svg)](https://donorbox.org/bitcetera)
4
+ [![GitHub Sponsors](https://img.shields.io/github/sponsors/svoop.svg)](https://github.com/sponsors/svoop)
5
5
 
6
6
  # Credentials for Bridgetown
7
7
 
8
8
  This plugin adds Rails-like encrypted credentials to Bridgetown.
9
9
 
10
- Credentials like passwords, access tokens and other secrets are often passed to sites each by it's own ENV variable. This is both uncool, non-atomic and therefore unreliable. Use this plugin to store your credentials in encrypted YAML files which you can safely commit to your source code repository. In order to use all of them in Bridgetown, you have to set or pass exactly one ENV variable holding the key to decrypt.
10
+ Credentials like passwords, access tokens and other secrets are often passed to sites each by its own ENV variable. This is both uncool, non-atomic and therefore unreliable. Use this plugin to store your credentials in encrypted YAML files which you can safely commit to your source code repository. In order to use all of them in Bridgetown, you have to set or pass exactly one ENV variable holding the key to decrypt.
11
11
 
12
12
  * [Homepage](https://github.com/svoop/bridgetown_credentials)
13
13
  * [API](https://www.rubydoc.info/gems/bridgetown_credentials)
14
14
  * Author: [Sven Schwyn - Bitcetera](https://bitcetera.com)
15
15
 
16
+ Thank you for supporting free and open-source software by sponsoring on [GitHub](https://github.com/sponsors/svoop) or on [Donorbox](https://donorbox.com/bitcetera). Any gesture is appreciated, from a single Euro for a ☕️ cup of coffee to 🍹 early retirement.
17
+
16
18
  ## Installation
17
19
 
18
20
  First add this gem to your bundle:
@@ -34,12 +36,6 @@ Bundler.setup(:default, Bridgetown.env)
34
36
  require "bridgetown_credentials"
35
37
  ```
36
38
 
37
- For safety, you should exclude key files from the source code repository:
38
-
39
- ```shell
40
- bin/bridgetown apply "$(bundle info --path bridgetown_credentials)/bridgetown.automation.rb"
41
- ```
42
-
43
39
  ### Secure Installation
44
40
 
45
41
  This gem is [cryptographically signed](https://guides.rubygems.org/security/#using-gems) in order to assure it hasn't been tampered with.
@@ -51,6 +47,32 @@ gem cert --add <(curl -Ls https://raw.github.com/svoop/bridgetown_credentials/ma
51
47
  bundle install --trust-policy MediumSecurity
52
48
  ```
53
49
 
50
+ ## Update from 0.x.x to 1.x.x
51
+
52
+ From version 1.0.0 upwards, this gem uses [Dry::Credentials](https://rubygems.org/gems/dry-credentials) instead of ActiveSupport (which is planned to be ditched from Bridgetown at some point in the future). This requires you to take some additional steps:
53
+
54
+ 1. Backup the decrypted credentials for every environment:<br>`bin/bridgetown credentials edit -e ENVIRONMENT`
55
+ 2. Delete (or move elsewhere) your old encrypted credentials files:<br>`rm config/credentials/*`
56
+ 3. Update this gem to a version >= 1:<br>`bundle update bridgetown_credentials`
57
+ 4. Create new encrypted credentials files for every environment:<br>`bin/bridgetown credentials edit -e ENVIRONMENT`
58
+ 5. Step 4 prints the new ENV variable which contains the private key required whenever you edit or query credentials. Example: For the development environment, the new ENV variable `DEVELOPMENT_CREDENTIALS_KEY` replaces the old ENV variable `BRIDGETOWN_DEVELOPMENT_KEY`.
59
+
60
+ Please note that Dry::Credentials does not support unified environments (one `config/credentials.yml.enc` for both development and production) anymore!
61
+
62
+ Also, nested credentials have to be queried differently now and thus you might have to update your Bridgetown site accordingly. Given the example credentials from the [Usage section](#usage) below:
63
+
64
+ ```ruby
65
+ # Queries on version 0.x.x
66
+ Bridgetown.credentials.foo # => "bar"
67
+ Bridgetown.credentials.aws[:access_key_id] # => "awsXid"
68
+ Bridgetown.credentials.google.dig((:maps, :api_key) # => "goomXkey"
69
+
70
+ # Queries on version 1.x.x
71
+ Bridgetown.credentials.foo # => "bar"
72
+ Bridgetown.credentials.aws.access_key_id # => "awsXid"
73
+ Bridgetown.credentials.google.maps.api_key # => "goomXkey"
74
+ ```
75
+
54
76
  ## Usage
55
77
 
56
78
  ### First Time
@@ -76,18 +98,9 @@ google:
76
98
  api_key: goopXkey
77
99
  ```
78
100
 
79
- After saving the file, the following new files have been created:
101
+ After saving, the private key required to encrypt/decrypt the credentials is printed this first time only. Make sure you store this information in a safe place, you will need it in the future.
80
102
 
81
- ```
82
- config/
83
- └─ credentials/
84
- ├─ development.key
85
- └─ development.yml.enc
86
- ```
87
-
88
- ⚠️ Move the `*.key` files to a safe place such as a password manager now! Never check them into the source code repository!
89
-
90
- The credentials you've edited above have been written to `development.yml.enc` and will be available when Bridgetown is in `development` mode.
103
+ The credentials you've edited above has been written to `config/credentials/development.yml.enc` and will be loaded when Bridgetown is in `development` mode.
91
104
 
92
105
  To edit the credentials for `production` mode:
93
106
 
@@ -95,54 +108,32 @@ To edit the credentials for `production` mode:
95
108
  bin/bridgetown credentials edit -e production
96
109
  ```
97
110
 
98
- To edit or use a credentials file from now on, you have to set the corresponding key as an ENV variable. The actual key is the content of the `*.key` file you should have tucked away above.
111
+ To edit or query credentials from now on, the corresponding ENV variable with the private key has to be set:
99
112
 
100
113
  ```shell
101
- export BRIDGETOWN_DEVELOPMENT_KEY="10aabbccddeeff00112233445566778899"
102
- export BRIDGETOWN_PRODUCTION_KEY="20aabbccddeeff00112233445566778899"
114
+ export DEVELOPMENT_CREDENTIALS_KEY="4c87...af93"
115
+ export PRODUCTION_CREDENTIALS_KEY="92bb...820f"
103
116
  ```
104
117
 
105
- #### Unified Environments
106
-
107
- If you prefer not to separate credentials between different environments:
108
-
109
- ```shell
110
- rm config/credentials/production.*
111
- mv config/credentials/development.yml config/credentials.yml
112
- rmdir config/credentials
113
- ```
118
+ ### Edit
114
119
 
115
- This simplifies the files to:
120
+ The command is the same as the first time:
116
121
 
117
122
  ```
118
- config/
119
- └─ credentials.yml.enc
120
- ```
121
-
122
- To edit or use this from now on, you have to set:
123
-
124
-
125
- ```shell
126
- export BRIDGETOWN_CREDENTIALS_KEY="30aabbccddeeff00112233445566778899"
123
+ bin/bridgetown credentials edit
124
+ bin/bridgetown credentials edit -e production
127
125
  ```
128
126
 
129
- ⚠️ If `config/credentials.yml` is present, any other credentials files are ignored.
130
-
131
- ### Read
127
+ ### Query
132
128
 
133
129
  Throughout the Bridgetown stack, you can now use the credentials as follows:
134
130
 
135
131
  ```ruby
136
- Bridgetown.credentials.foo # => "bar"
137
- Bridgetown.credentials.aws[:access_key_id] # => "awsXid"
138
- Bridgetown.credentials.google.dig((:maps, :api_key) # => "goomXkey"
132
+ Bridgetown.credentials.foo # => "bar"
133
+ Bridgetown.credentials.aws.access_key_id # => "awsXid"
134
+ Bridgetown.credentials.google.maps.api_key # => "goomXkey"
139
135
  ```
140
136
 
141
- ### Commands
142
-
143
- * `bin/bridgetown credentials edit` – edit the credentials
144
- * `bin/bridgetown credentials show` – dump the decrypted credentials to STDOUT
145
-
146
137
  ## Tests
147
138
 
148
139
  * `bundle exec rake test` to run the test suite
@@ -6,22 +6,15 @@ module BridgetownCredentials
6
6
  class Commands
7
7
  class Credentials < Thor
8
8
  Bridgetown::Commands::Registrations.register do
9
- desc "credentials <command>", "Work with Rails-like encrypted credentials"
9
+ desc "credentials <command>", "Work with encrypted credentials"
10
10
  subcommand "credentials", Credentials
11
11
  end
12
12
 
13
- desc "edit", "Edit the credentials"
13
+ desc "edit", "Edit (or create) encrypted credentials"
14
14
  option :environment, aliases: '-e'
15
15
  def edit
16
- ENV['BRIDGETOWN_ENV'] = options['environment'] if options['environment']
17
- BridgetownCredentials::Commands.new.edit
18
- end
19
-
20
- desc "show", "Dump the decrypted credentials to STDOUT"
21
- option :environment, aliases: '-e'
22
- def show
23
- ENV['BRIDGETOWN_ENV'] = options['environment'] if options['environment']
24
- BridgetownCredentials::Commands.new.show
16
+ BridgetownCredentials.initializer
17
+ Bridgetown.credentials.edit! options['environment']
25
18
  end
26
19
  end
27
20
  end
@@ -0,0 +1,15 @@
1
+ # frozen_string_literal: true
2
+
3
+ module BridgetownCredentials
4
+ class << self
5
+ def initializer
6
+ Dry::Credentials::Extension.new.then do |credentials|
7
+ credentials[:env] = Bridgetown.env
8
+ credentials[:dir] = "#{Bridgetown.configuration.root_dir}/config/credentials"
9
+ Pathname(credentials[:dir]).mkpath
10
+ credentials.load!
11
+ Bridgetown.define_singleton_method(:credentials) { credentials }
12
+ end
13
+ end
14
+ end
15
+ end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module BridgetownCredentials
4
- VERSION = "0.2.0"
4
+ VERSION = "1.0.1"
5
5
  end
@@ -1,17 +1,12 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "dry/credentials"
3
4
  require "bridgetown"
4
5
 
5
- require 'tempfile'
6
- require 'yaml'
7
- require "active_support/encrypted_configuration"
8
-
9
6
  require_relative "bridgetown_credentials/version"
10
- require_relative "bridgetown_credentials/credentials"
11
- require_relative "bridgetown_credentials/commands"
7
+ require_relative "bridgetown_credentials/initializer"
12
8
  require_relative "bridgetown_credentials/commands/credentials"
13
- require_relative "bridgetown_credentials/bridgetown"
14
9
 
15
10
  Bridgetown.initializer :bridgetown_credentials do
16
- Bridgetown.extend BridgetownCredentials::Bridgetown
11
+ BridgetownCredentials.initializer
17
12
  end
@@ -0,0 +1,12 @@
1
+ require_relative '../../spec_helper'
2
+
3
+ describe BridgetownCredentials do
4
+ describe :initializer do
5
+ it "sets env, dir and defines credentials on Bridgetown" do
6
+ BridgetownCredentials.initializer
7
+ _(Bridgetown).must_respond_to :credentials
8
+ _(Bridgetown.credentials[:env]).must_equal Bridgetown.env
9
+ _(Bridgetown.credentials[:dir]).must_equal Bridgetown.configuration.root_dir + '/config/credentials'
10
+ end
11
+ end
12
+ end
data/spec/spec_helper.rb CHANGED
@@ -11,23 +11,5 @@ require 'pathname'
11
11
  require 'minitest/autorun'
12
12
  require Pathname(__dir__).join('..', 'lib', 'bridgetown_credentials')
13
13
 
14
- require 'minitest/sound'
15
- Minitest::Sound.success = Pathname(__dir__).join('sounds', 'success.mp3').to_s
16
- Minitest::Sound.failure = Pathname(__dir__).join('sounds', 'failure.mp3').to_s
17
-
14
+ require 'minitest/flash'
18
15
  require 'minitest/focus'
19
- class MiniTest::Spec
20
- class << self
21
- alias_method :context, :describe
22
- end
23
- end
24
-
25
- def fixtures_path
26
- Pathname(__dir__).join('fixtures')
27
- end
28
-
29
- KEYS = {
30
- unified: '4f9ab3ef4bddd3ad6d01886b6ffff49c',
31
- development: 'e4af0afc87c885a430afa3c9691d8bf4',
32
- production: '5f1380543df0a4c839324619e0acf0bf'
33
- }
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,18 +1,17 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bridgetown_credentials
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sven Schwyn
8
- autorequire:
9
8
  bindir: bin
10
9
  cert_chain:
11
10
  - |
12
11
  -----BEGIN CERTIFICATE-----
13
12
  MIIDODCCAiCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDDBhydWJ5
14
- L0RDPWJpdGNldGVyYS9EQz1jb20wHhcNMjIxMTA2MTIzNjUwWhcNMjMxMTA2MTIz
15
- NjUwWjAjMSEwHwYDVQQDDBhydWJ5L0RDPWJpdGNldGVyYS9EQz1jb20wggEiMA0G
13
+ L0RDPWJpdGNldGVyYS9EQz1jb20wHhcNMjQxMTIwMjExMDIwWhcNMjUxMTIwMjEx
14
+ MDIwWjAjMSEwHwYDVQQDDBhydWJ5L0RDPWJpdGNldGVyYS9EQz1jb20wggEiMA0G
16
15
  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcLg+IHjXYaUlTSU7R235lQKD8ZhEe
17
16
  KMhoGlSUonZ/zo1OT3KXcqTCP1iMX743xYs6upEGALCWWwq+nxvlDdnWRjF3AAv7
18
17
  ikC+Z2BEowjyeCCT/0gvn4ohKcR0JOzzRaIlFUVInlGSAHx2QHZ2N8ntf54lu7nd
@@ -21,15 +20,15 @@ cert_chain:
21
20
  PVa0i729A4IhroNnFNmw4wOC93ARNbM1+LW36PLMmKjKudf5Exg8VmDVAgMBAAGj
22
21
  dzB1MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBSfK8MtR62mQ6oN
23
22
  yoX/VKJzFjLSVDAdBgNVHREEFjAUgRJydWJ5QGJpdGNldGVyYS5jb20wHQYDVR0S
24
- BBYwFIEScnVieUBiaXRjZXRlcmEuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAYG2na
25
- ye8OE2DANQIFM/xDos/E4DaPWCJjX5xvFKNKHMCeQYPeZvLICCwyw2paE7Otwk6p
26
- uvbg2Ks5ykXsbk5i6vxDoeeOLvmxCqI6m+tHb8v7VZtmwRJm8so0eSX0WvTaKnIf
27
- CAn1bVUggczVdNoBXw9WAILKyw9bvh3Ft740XZrR74sd+m2pGwjCaM8hzLvrVbGP
28
- DyYhlBeRWyQKQ0WDIsiTSRhzK8HwSTUWjvPwx7SEdIU/HZgyrk0ETObKPakVu6bH
29
- kAyiRqgxF4dJviwtqI7mZIomWL63+kXLgjOjMe1SHxfIPo/0ji6+r1p4KYa7o41v
30
- fwIwU1MKlFBdsjkd
23
+ BBYwFIEScnVieUBiaXRjZXRlcmEuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQDSeB1x
24
+ 8QK8F/ML37isgvwGiQxovDUqu6Sq14cQ1qE9y5prUBmL2AsDuCBpXXctcvamFqNC
25
+ PgfJtj7ZZcXmY0SfKCog7T1btkr6zYxPXpxwUqB45n0I6v5qc0UCNvMEfBzxlak5
26
+ VW7UMNlKD9qukeN55hxuLF2F/sLldMcHUo/ATgdV4zk1t3sK6A9+02wz5K5qfWdM
27
+ Mi+XWXmGd57uojk3RcIXNwBRRP4DTKcKgVXhuyHb7q1vjTXrS6bw1Ortu0KmWOIk
28
+ jTyRsT1gymASS2KHe+BaCTwD74GqO8q4woYLZgXnJ/PvgcFgY2FEi2Kn/sXLp4JE
29
+ boIgxQCMT+nxBHCD
31
30
  -----END CERTIFICATE-----
32
- date: 2023-01-26 00:00:00.000000000 Z
31
+ date: 2024-12-26 00:00:00.000000000 Z
33
32
  dependencies:
34
33
  - !ruby/object:Gem::Dependency
35
34
  name: bridgetown
@@ -52,19 +51,25 @@ dependencies:
52
51
  - !ruby/object:Gem::Version
53
52
  version: '2.0'
54
53
  - !ruby/object:Gem::Dependency
55
- name: activesupport
54
+ name: dry-credentials
56
55
  requirement: !ruby/object:Gem::Requirement
57
56
  requirements:
58
57
  - - "~>"
59
58
  - !ruby/object:Gem::Version
60
- version: '7'
59
+ version: '0'
60
+ - - ">="
61
+ - !ruby/object:Gem::Version
62
+ version: 0.2.1
61
63
  type: :runtime
62
64
  prerelease: false
63
65
  version_requirements: !ruby/object:Gem::Requirement
64
66
  requirements:
65
67
  - - "~>"
66
68
  - !ruby/object:Gem::Version
67
- version: '7'
69
+ version: '0'
70
+ - - ">="
71
+ - !ruby/object:Gem::Version
72
+ version: 0.2.1
68
73
  - !ruby/object:Gem::Dependency
69
74
  name: debug
70
75
  requirement: !ruby/object:Gem::Requirement
@@ -108,7 +113,7 @@ dependencies:
108
113
  - !ruby/object:Gem::Version
109
114
  version: '0'
110
115
  - !ruby/object:Gem::Dependency
111
- name: minitest-sound
116
+ name: minitest-flash
112
117
  requirement: !ruby/object:Gem::Requirement
113
118
  requirements:
114
119
  - - ">="
@@ -196,23 +201,12 @@ files:
196
201
  - CHANGELOG.md
197
202
  - LICENSE.txt
198
203
  - README.md
199
- - bridgetown.automation.rb
200
204
  - lib/bridgetown_credentials.rb
201
- - lib/bridgetown_credentials/bridgetown.rb
202
- - lib/bridgetown_credentials/commands.rb
203
205
  - lib/bridgetown_credentials/commands/credentials.rb
204
- - lib/bridgetown_credentials/credentials.rb
206
+ - lib/bridgetown_credentials/initializer.rb
205
207
  - lib/bridgetown_credentials/version.rb
206
- - spec/fixtures/separated/config/credentials/development.yml.enc
207
- - spec/fixtures/separated/config/credentials/production.yml.enc
208
- - spec/fixtures/unified/config/credentials.yml.enc
209
- - spec/fixtures/unified/config/credentials/development.yml.enc
210
- - spec/fixtures/unified/config/credentials/production.yml.enc
211
- - spec/lib/bridgetown_credentials/commands_spec.rb
212
- - spec/lib/bridgetown_credentials/credentials_spec.rb
208
+ - spec/lib/bridgetown_credentials/initializer_spec.rb
213
209
  - spec/lib/bridgetown_credentials/version_spec.rb
214
- - spec/sounds/failure.mp3
215
- - spec/sounds/success.mp3
216
210
  - spec/spec_helper.rb
217
211
  homepage: https://github.com/svoop/bridgetown_credentials
218
212
  licenses:
@@ -223,7 +217,9 @@ metadata:
223
217
  source_code_uri: https://github.com/svoop/bridgetown_credentials
224
218
  documentation_uri: https://www.rubydoc.info/gems/bridgetown_credentials
225
219
  bug_tracker_uri: https://github.com/svoop/bridgetown_credentials/issues
226
- post_install_message:
220
+ post_install_message: "⚠️ Breaking change: bridgetown_credentials >= 1.0.0 no longer
221
+ depends on ActiveSupport. Please read the update section in the README for how to
222
+ migrate your Bridgetown site. Don't worry, it's a piece of cake!"
227
223
  rdoc_options:
228
224
  - "--title"
229
225
  - Credentials for Bridgetown
@@ -245,19 +241,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
245
241
  - !ruby/object:Gem::Version
246
242
  version: '0'
247
243
  requirements: []
248
- rubygems_version: 3.4.5
249
- signing_key:
244
+ rubygems_version: 3.6.2
250
245
  specification_version: 4
251
246
  summary: Rails-like encrypted credentials for Bridgetown
252
247
  test_files:
253
- - spec/fixtures/separated/config/credentials/development.yml.enc
254
- - spec/fixtures/separated/config/credentials/production.yml.enc
255
- - spec/fixtures/unified/config/credentials/development.yml.enc
256
- - spec/fixtures/unified/config/credentials/production.yml.enc
257
- - spec/fixtures/unified/config/credentials.yml.enc
258
- - spec/lib/bridgetown_credentials/commands_spec.rb
259
- - spec/lib/bridgetown_credentials/credentials_spec.rb
248
+ - spec/lib/bridgetown_credentials/initializer_spec.rb
260
249
  - spec/lib/bridgetown_credentials/version_spec.rb
261
- - spec/sounds/failure.mp3
262
- - spec/sounds/success.mp3
263
250
  - spec/spec_helper.rb
metadata.gz.sig CHANGED
Binary file
@@ -1,7 +0,0 @@
1
- # Make sure key files are not committed to the source code repository
2
- append_to_file ".gitignore" do
3
- <<~END
4
- config/credentials.key
5
- config/credentials/*.key
6
- END
7
- end
@@ -1,14 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module BridgetownCredentials
4
- module Bridgetown
5
-
6
- def credentials
7
- BridgetownCredentials::Credentials.new(
8
- root_dir: ::Bridgetown.configuration.root_dir,
9
- env: ::Bridgetown.env
10
- ).credentials
11
- end
12
-
13
- end
14
- end
@@ -1,24 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module BridgetownCredentials
4
- class Commands
5
-
6
- def initialize(root_dir: ::Bridgetown.configuration.root_dir, env: ::Bridgetown.env)
7
- @credentials = BridgetownCredentials::Credentials.new(root_dir: root_dir, env: env)
8
- end
9
-
10
- def edit
11
- tempfile = Tempfile.new('btcs')
12
- tempfile.write @credentials.credentials.read
13
- tempfile.close
14
- system "#{ENV['EDITOR']} #{tempfile.path}"
15
- @credentials.credentials.write File.read(tempfile.path)
16
- ensure
17
- tempfile.unlink
18
- end
19
-
20
- def show
21
- puts @credentials.credentials.read
22
- end
23
- end
24
- end
@@ -1,60 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module BridgetownCredentials
4
- class Credentials
5
-
6
- attr_reader :credentials
7
-
8
- def initialize(root_dir:, env:)
9
- @config_path = Pathname(root_dir).join('config') # NOTE: config dir is hardcoded as of bridgetown-1.2
10
- @env = env
11
- @credentials = credentials_path ? load : create
12
- end
13
-
14
- private
15
-
16
- def credentials_path
17
- [
18
- @config_path.join("credentials.yml.enc"),
19
- default_credentials_path
20
- ].find do |path|
21
- path.file?
22
- end
23
- end
24
-
25
- def credentials_env
26
- ['BRIDGETOWN', credentials_path.basename('.yml.enc'), 'KEY']
27
- .join('_')
28
- .upcase
29
- end
30
-
31
- def default_credentials_path
32
- @config_path.join('credentials', "#{@env}.yml.enc")
33
- end
34
-
35
- def default_key_path
36
- @config_path.join('credentials', "#{@env}.key")
37
- end
38
-
39
- def load
40
- ActiveSupport::EncryptedConfiguration.new(
41
- config_path: credentials_path,
42
- env_key: credentials_env,
43
- key_path: '---',
44
- raise_if_missing_key: true
45
- )
46
- end
47
-
48
- def create
49
- default_key_path.dirname.mkpath
50
- default_key_path.write(ActiveSupport::EncryptedConfiguration.generate_key)
51
- ActiveSupport::EncryptedConfiguration.new(
52
- config_path: default_credentials_path,
53
- env_key: '---',
54
- key_path: default_key_path,
55
- raise_if_missing_key: false
56
- )
57
- end
58
-
59
- end
60
- end
@@ -1 +0,0 @@
1
- 9i/EtUJt1efCi00JI8zjhF0NLObmkgZYdz1AybNHLKc4Hr8=--TpvEzWdBo9BDIehP--58KgR6zZPV7ji2Ej4LKwtg==
@@ -1 +0,0 @@
1
- S5RzJRMyPJ+0/yqQnDxSZ3ZZ6TVM21Uzt5rtj+77Tnkd--vny3NxIG5530Q2Cc--vqccEZ/3Jga3Jbc9G1knSA==
@@ -1 +0,0 @@
1
- 9i/EtUJt1efCi00JI8zjhF0NLObmkgZYdz1AybNHLKc4Hr8=--TpvEzWdBo9BDIehP--58KgR6zZPV7ji2Ej4LKwtg==
@@ -1 +0,0 @@
1
- S5RzJRMyPJ+0/yqQnDxSZ3ZZ6TVM21Uzt5rtj+77Tnkd--vny3NxIG5530Q2Cc--vqccEZ/3Jga3Jbc9G1knSA==
@@ -1 +0,0 @@
1
- iEiDBqdV97GT29DWsyuuiHSdPDOZjwwat5mn--Kw4OaG2ueY51rkD7--hwUIAa4Llvp2GoUaz+NPww==
@@ -1,34 +0,0 @@
1
- require_relative '../../spec_helper'
2
-
3
- describe BridgetownCredentials::Commands do
4
-
5
- describe :edit do
6
- it "generates the necessary files and writes the credentials via EDITOR" do
7
- ENV['EDITOR'] = 'echo "foo: bar" >'
8
- Dir.mktmpdir do |root_dir|
9
- root_dir = Pathname(root_dir)
10
- subject = BridgetownCredentials::Commands.new(root_dir: root_dir, env: 'staging')
11
- subject.edit
12
- ENV['BRIDGETOWN_STAGING_KEY'] = File.read(root_dir.join('config', 'credentials', 'staging.key'))
13
- subject = BridgetownCredentials::Commands.new(root_dir: root_dir, env: 'staging')
14
- _{ subject.show }.must_output "foo: bar\n"
15
- end
16
- end
17
- end
18
-
19
- describe :show do
20
- let :root_dir do
21
- fixtures_path.join('separated')
22
- end
23
-
24
- subject do
25
- ENV['BRIDGETOWN_PRODUCTION_KEY'] = KEYS[:production]
26
- BridgetownCredentials::Commands.new(root_dir: root_dir, env: 'production')
27
- end
28
-
29
- it "prints the decrypted credentials without leading three dashes line" do
30
- _{ subject.show }.must_output "production: PRODUCTION\n"
31
- end
32
- end
33
-
34
- end
@@ -1,83 +0,0 @@
1
- require_relative '../../spec_helper'
2
-
3
- describe BridgetownCredentials::Credentials do
4
- context "unified credentials" do
5
- let :root_dir do
6
- fixtures_path.join('unified')
7
- end
8
-
9
- subject do
10
- BridgetownCredentials::Credentials.new(root_dir: root_dir, env: 'development')
11
- end
12
-
13
- describe :credentials_path do
14
- it "always discovers credentials.yml.enc" do
15
- _(subject.send(:credentials_path)).must_equal root_dir.join('config', 'credentials.yml.enc')
16
- end
17
- end
18
-
19
- describe :credentials_env do
20
- it "always returns BRIDGETOWN_CREDENTIALS_KEY" do
21
- _(subject.send(:credentials_env)).must_equal 'BRIDGETOWN_CREDENTIALS_KEY'
22
- end
23
- end
24
-
25
- describe :credentials do
26
- it "always decodes credentials.yml.enc" do
27
- ENV['BRIDGETOWN_CREDENTIALS_KEY'] = KEYS[:unified]
28
- _(subject.credentials).must_be_instance_of ActiveSupport::EncryptedConfiguration
29
- end
30
-
31
- it "fails if no key env var is set" do
32
- ENV['BRIDGETOWN_CREDENTIALS_KEY'] = nil
33
- _{ subject.credentials.config }.must_raise RuntimeError
34
- end
35
- end
36
- end
37
-
38
- context "separated credentials" do
39
- let :root_dir do
40
- fixtures_path.join('separated')
41
- end
42
-
43
- subject do
44
- BridgetownCredentials::Credentials.new(root_dir: root_dir, env: 'production')
45
- end
46
-
47
- describe :credentials_path do
48
- it "discovers .yml.enc for the current environment" do
49
- _(subject.send(:credentials_path)).must_equal root_dir.join('config', 'credentials', 'production.yml.enc')
50
- end
51
- end
52
-
53
- describe :credentials_env do
54
- it "returns the env var key for the current environment" do
55
- _(subject.send(:credentials_env)).must_equal 'BRIDGETOWN_PRODUCTION_KEY'
56
- end
57
- end
58
-
59
- describe :credentials do
60
- it "decodes .yml.enc for the current environment" do
61
- ENV['BRIDGETOWN_PRODUCTION_KEY'] = KEYS[:production]
62
- _(subject.credentials).must_be_instance_of ActiveSupport::EncryptedConfiguration
63
- end
64
-
65
- it "fails if no key env var is set" do
66
- ENV['BRIDGETOWN_PRODUCTION_KEY'] = nil
67
- _{ subject.credentials.config }.must_raise RuntimeError
68
- end
69
- end
70
- end
71
-
72
- context "new credentials" do
73
- describe :initializer do
74
- it "generate a key" do
75
- Dir.mktmpdir do |root_dir|
76
- root_dir = Pathname(root_dir)
77
- BridgetownCredentials::Credentials.new(root_dir: root_dir, env: 'foobar')
78
- _(root_dir.join('config', 'credentials', 'foobar.key')).path_must_exist
79
- end
80
- end
81
- end
82
- end
83
- end
Binary file
Binary file