chamber 2.10.1 → 2.10.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/lib/chamber/encryption_methods/none.rb +2 -0
- data/lib/chamber/version.rb +1 -1
- metadata +22 -99
- metadata.gz.sig +0 -0
- data/spec/fixtures/settings.yml +0 -28
- data/spec/lib/chamber/commands/files_spec.rb +0 -24
- data/spec/lib/chamber/commands/heroku/clear_spec.rb +0 -12
- data/spec/lib/chamber/commands/heroku/compare_spec.rb +0 -12
- data/spec/lib/chamber/commands/heroku/pull_spec.rb +0 -12
- data/spec/lib/chamber/commands/heroku/push_spec.rb +0 -12
- data/spec/lib/chamber/commands/secure_spec.rb +0 -42
- data/spec/lib/chamber/commands/show_spec.rb +0 -59
- data/spec/lib/chamber/context_resolver_spec.rb +0 -164
- data/spec/lib/chamber/file_set_spec.rb +0 -250
- data/spec/lib/chamber/file_spec.rb +0 -241
- data/spec/lib/chamber/filters/boolean_conversion_filter_spec.rb +0 -57
- data/spec/lib/chamber/filters/decryption_filter_spec.rb +0 -252
- data/spec/lib/chamber/filters/encryption_filter_spec.rb +0 -195
- data/spec/lib/chamber/filters/environment_filter_spec.rb +0 -48
- data/spec/lib/chamber/filters/failed_decryption_filter_spec.rb +0 -54
- data/spec/lib/chamber/filters/insecure_filter_spec.rb +0 -82
- data/spec/lib/chamber/filters/namespace_filter_spec.rb +0 -92
- data/spec/lib/chamber/filters/secure_filter_spec.rb +0 -41
- data/spec/lib/chamber/filters/translate_secure_keys_filter_spec.rb +0 -39
- data/spec/lib/chamber/namespace_set_spec.rb +0 -129
- data/spec/lib/chamber/settings_spec.rb +0 -390
- data/spec/lib/chamber/types/secured_spec.rb +0 -70
- data/spec/lib/chamber_spec.rb +0 -314
- data/spec/rails-2-test/config.ru +0 -0
- data/spec/rails-2-test/config/application.rb +0 -6
- data/spec/rails-2-test/script/console +0 -0
- data/spec/rails-3-test/config.ru +0 -0
- data/spec/rails-3-test/config/application.rb +0 -6
- data/spec/rails-3-test/script/rails +0 -0
- data/spec/rails-4-test/bin/rails +0 -0
- data/spec/rails-4-test/config.ru +0 -0
- data/spec/rails-4-test/config/application.rb +0 -6
- data/spec/rails-engine-test/spec/dummy/config.ru +0 -0
- data/spec/rails-engine-test/spec/dummy/config/application.rb +0 -5
- data/spec/rails-engine-test/spec/dummy/script/rails +0 -0
- data/spec/spec_key +0 -27
- data/spec/spec_key.pub +0 -9
@@ -1,57 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
require 'rspectacular'
|
3
|
-
require 'chamber/filters/boolean_conversion_filter'
|
4
|
-
|
5
|
-
module Chamber
|
6
|
-
module Filters
|
7
|
-
describe BooleanConversionFilter do
|
8
|
-
# rubocop:disable Lint/DuplicatedKey
|
9
|
-
it 'can convert string boolean values into TrueClass and FalseClass even if they ' \
|
10
|
-
'are deeply nested' do
|
11
|
-
|
12
|
-
filtered_data = BooleanConversionFilter.execute(
|
13
|
-
data: {
|
14
|
-
true_boolean: 'true',
|
15
|
-
boolean_group: {
|
16
|
-
yes_boolean: 'yes',
|
17
|
-
t_boolean: 't',
|
18
|
-
non_boolean: 'hello',
|
19
|
-
sub_boolean_group: {
|
20
|
-
false_boolean: 'false',
|
21
|
-
no_boolean: 'no',
|
22
|
-
nilly: nil,
|
23
|
-
non_boolean: 3,
|
24
|
-
},
|
25
|
-
f_boolean: 'f',
|
26
|
-
non_boolean: Time.utc(2012, 8, 1),
|
27
|
-
nilly: nil,
|
28
|
-
},
|
29
|
-
false_boolean: 'false',
|
30
|
-
nilly: nil,
|
31
|
-
non_boolean: [1, 2, 3],
|
32
|
-
},
|
33
|
-
)
|
34
|
-
|
35
|
-
expect(filtered_data).to eql(true_boolean: true,
|
36
|
-
boolean_group: {
|
37
|
-
yes_boolean: true,
|
38
|
-
t_boolean: true,
|
39
|
-
non_boolean: 'hello',
|
40
|
-
sub_boolean_group: {
|
41
|
-
false_boolean: false,
|
42
|
-
no_boolean: false,
|
43
|
-
nilly: nil,
|
44
|
-
non_boolean: 3,
|
45
|
-
},
|
46
|
-
f_boolean: false,
|
47
|
-
non_boolean: Time.utc(2012, 8, 1),
|
48
|
-
nilly: nil,
|
49
|
-
},
|
50
|
-
false_boolean: false,
|
51
|
-
nilly: nil,
|
52
|
-
non_boolean: [1, 2, 3])
|
53
|
-
end
|
54
|
-
# rubocop:enable Lint/DuplicatedKey
|
55
|
-
end
|
56
|
-
end
|
57
|
-
end
|
@@ -1,252 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
require 'rspectacular'
|
3
|
-
require 'chamber/filters/decryption_filter'
|
4
|
-
|
5
|
-
module Chamber
|
6
|
-
module Filters
|
7
|
-
describe DecryptionFilter do
|
8
|
-
it 'will attempt to decrypt values which are marked as "secure"' do
|
9
|
-
filtered_settings = DecryptionFilter.execute(
|
10
|
-
data: {
|
11
|
-
_secure_my_secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4m' \
|
12
|
-
'psspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ5' \
|
13
|
-
'7m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXz' \
|
14
|
-
'nf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZD' \
|
15
|
-
'wS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXW' \
|
16
|
-
'S7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kK' \
|
17
|
-
'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
|
18
|
-
},
|
19
|
-
decryption_key: './spec/spec_key',
|
20
|
-
)
|
21
|
-
|
22
|
-
expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
|
23
|
-
end
|
24
|
-
|
25
|
-
it 'will correct decrypt values which contain multiline strings' do
|
26
|
-
filtered_settings = DecryptionFilter.execute(
|
27
|
-
data: {
|
28
|
-
_secure_my_secure_setting: 'Q0ImhgdRmOdXEx04E3TnMoW/c6ckuce+y4kYGYWIJM6W/nBJBF' \
|
29
|
-
'jnqcFru/6wo+TVEZxowxjxJNv8H6SuxYmahxMRl7AajTrJ/QD+' \
|
30
|
-
'bKzbStL7D2oViB1dDNUz4GZxeNDSMU0oF9e67ih6AmnxAgI0Rl' \
|
31
|
-
'EterOMyWOPHJIUrLquBRlIs0JyP8yermN9KWOAeLZdJlIGSyfw' \
|
32
|
-
'EU+sWQtafJ3jiNAPqWTGJxHfQZTQHn+q4SnZPPnBPK0dZiZzqO' \
|
33
|
-
'rtkzmVPR7SAT5Ube4CxJWhkpWpl5rPgamqVsG/P0AalMqLxuPU' \
|
34
|
-
'XqSdOEWKkK6jerbElVyQ7FdRBLau2JXHpDZYGw8KTA==#EPCuI' \
|
35
|
-
'el5w17aUZfpHOuFNQ==#VzcE0BIuqA7xUMYEZkWZa4kOPse95N' \
|
36
|
-
'iow+e/FhKAlG/7uYYTmkRbxRiMLtzH1Swzyz0NHF/BJPa1rKRb' \
|
37
|
-
'cVCGjK8v13O9zJY8UdCQYsrdQaTIOA95NIcxwLCbrYencDzZFx' \
|
38
|
-
'YtOgioyXbW9OCPnjDe9ozkCw6prRclgJyvadvKWqBgaJkluIdi' \
|
39
|
-
'kCDLX+Dy7fjkLtq5GqPFeFjHKwRGMLQB5dYk1VNAKgzhnSpUkJ' \
|
40
|
-
'JZA2Z7P54NhQQ83Doypfwb16LfKFax9575XeUWZeURxl7Ric4M' \
|
41
|
-
'rjJYrc3u5biTzToMQBITGEsComsTDpfB3FVtZhobNjzdkhEGzf' \
|
42
|
-
'6F2iRjjHDsQfaUebAPxDVFa31p5XGQN7YJDeAXYBLb16kAhv8N' \
|
43
|
-
'5DGwiukPjtUVXUfFQzaTnJWm/eIhQKFH8rkVawAr9wAeoSz7cw' \
|
44
|
-
'WFyD+pq5QF9GlxPU5ZotNjrqO4rz/s8+bkt2XwBANTVCZrTb9g' \
|
45
|
-
'nE9FyIqFmRZ9L8Ef43KE02wDcUnrKp3oOMSItWnY5rFJew0eAU' \
|
46
|
-
'+CHQ==',
|
47
|
-
},
|
48
|
-
decryption_key: './spec/spec_key',
|
49
|
-
)
|
50
|
-
|
51
|
-
expect(filtered_settings._secure_my_secure_setting).to eql <<-HEREDOC
|
52
|
-
-----BEGIN RSA PRIVATE KEY-----
|
53
|
-
uQ431irYF7XGEwmsfNUcw++6Enjmt9MItVZJrfL4cUr84L1ccOEX9AThsxz2nkiO
|
54
|
-
GgU+HtwwueZDUZ8Pdn71+1CdVaSUeEkVaYKYuHwYVb1spGfreHQHRP90EMv3U5Ir
|
55
|
-
xs0YFwKBgAJKGol+GM1oFodg48v4QA6hlF5z49v83wU+AS2f3aMVfjkTYgAEAoCT
|
56
|
-
qoSi7wkYK3NvftVgVi8Z2+1WEzp3S590UkkHmjc5o+HfS657v2fnqkekJyinB+OH
|
57
|
-
b5tySsPxt/3Un4D9EaGhjv44GMvL54vFI1Sqc8RsF/H8lRvj5ai5
|
58
|
-
-----END RSA PRIVATE KEY-----
|
59
|
-
HEREDOC
|
60
|
-
end
|
61
|
-
|
62
|
-
it 'will not attempt to decrypt values which are not marked as "secure"' do
|
63
|
-
filtered_settings = DecryptionFilter.execute(
|
64
|
-
data: {
|
65
|
-
my_secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4m' \
|
66
|
-
'psspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ5' \
|
67
|
-
'7m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXz' \
|
68
|
-
'nf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZD' \
|
69
|
-
'wS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXW' \
|
70
|
-
'S7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kK' \
|
71
|
-
'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
|
72
|
-
},
|
73
|
-
decryption_key: './spec/spec_key',
|
74
|
-
)
|
75
|
-
|
76
|
-
my_secure_setting = filtered_settings.my_secure_setting
|
77
|
-
|
78
|
-
expect(my_secure_setting).to eql 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYT' \
|
79
|
-
'haV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJU' \
|
80
|
-
'd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4L' \
|
81
|
-
'DGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9Dj' \
|
82
|
-
'kBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lr' \
|
83
|
-
'mQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBf' \
|
84
|
-
'v5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1' \
|
85
|
-
'+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
|
86
|
-
end
|
87
|
-
|
88
|
-
it 'will not attempt to decrypt values even if they are prefixed with "secure"' do
|
89
|
-
filtered_settings = DecryptionFilter.execute(
|
90
|
-
data: {
|
91
|
-
secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBt' \
|
92
|
-
'mjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/em' \
|
93
|
-
'EAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9Djk' \
|
94
|
-
'Bb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxs' \
|
95
|
-
'WVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKT' \
|
96
|
-
'cdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
|
97
|
-
},
|
98
|
-
decryption_key: './spec/spec_key',
|
99
|
-
)
|
100
|
-
|
101
|
-
secure_setting = filtered_settings.secure_setting
|
102
|
-
|
103
|
-
expect(secure_setting).to eql 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4m' \
|
104
|
-
'psspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ5' \
|
105
|
-
'7m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXz' \
|
106
|
-
'nf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZD' \
|
107
|
-
'wS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXW' \
|
108
|
-
'S7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kK' \
|
109
|
-
'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
|
110
|
-
end
|
111
|
-
|
112
|
-
it 'will not attempt to decrypt values even if they are not properly encoded' do
|
113
|
-
filtered_settings = DecryptionFilter.execute(
|
114
|
-
data: {
|
115
|
-
_secure_my_secure_setting: 'cJbFe0NI5\wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4' \
|
116
|
-
'mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ' \
|
117
|
-
'57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfX' \
|
118
|
-
'znf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZ' \
|
119
|
-
'DwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNX' \
|
120
|
-
'WS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1k' \
|
121
|
-
'KTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
|
122
|
-
},
|
123
|
-
decryption_key: './spec/spec_key',
|
124
|
-
)
|
125
|
-
|
126
|
-
my_secure_setting = filtered_settings._secure_my_secure_setting
|
127
|
-
|
128
|
-
expect(my_secure_setting).to eql 'cJbFe0NI5\wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4' \
|
129
|
-
'mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ' \
|
130
|
-
'57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfX' \
|
131
|
-
'znf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZ' \
|
132
|
-
'DwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNX' \
|
133
|
-
'WS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1k' \
|
134
|
-
'KTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
|
135
|
-
end
|
136
|
-
|
137
|
-
it 'will not attempt to decrypt values if it guesses that they are not encrpyted' do
|
138
|
-
filtered_settings = DecryptionFilter.execute(data: {
|
139
|
-
_secure_my_secure_setting: 'hello',
|
140
|
-
},
|
141
|
-
decryption_key: './spec/spec_key')
|
142
|
-
|
143
|
-
expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
|
144
|
-
end
|
145
|
-
|
146
|
-
it 'simply returns the encrypted string if there is no decryption key' do
|
147
|
-
filtered_settings = DecryptionFilter.execute(
|
148
|
-
data: {
|
149
|
-
_secure_my_secure_setting: 'cJbFe0NI5\wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4' \
|
150
|
-
'mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ' \
|
151
|
-
'57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfX' \
|
152
|
-
'znf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZ' \
|
153
|
-
'DwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNX' \
|
154
|
-
'WS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1k' \
|
155
|
-
'KTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
|
156
|
-
},
|
157
|
-
)
|
158
|
-
|
159
|
-
my_secure_setting = filtered_settings._secure_my_secure_setting
|
160
|
-
|
161
|
-
expect(my_secure_setting).to eql 'cJbFe0NI5\wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4' \
|
162
|
-
'mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ' \
|
163
|
-
'57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfX' \
|
164
|
-
'znf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZ' \
|
165
|
-
'DwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNX' \
|
166
|
-
'WS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1k' \
|
167
|
-
'KTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
|
168
|
-
end
|
169
|
-
|
170
|
-
it 'can decrypt a complex object' do
|
171
|
-
filtered_settings = DecryptionFilter.execute(
|
172
|
-
data: {
|
173
|
-
_secure_my_secure_setting: 'rF1MIcLX/Q88gjpHTifI27fJHopDKVTJRvOwF2MZ8kVIrvBhFg' \
|
174
|
-
'LOyQ7JEBiWNBh1yUtR6PeKlB+h44sIL3yKMcZyccX73Mo+CiWx' \
|
175
|
-
'mnjtK4I1QxcJL8OSLa8GQPlSBxoBCykWqerwN0b2oS/jv8umB2' \
|
176
|
-
'j2RyANFYklD3mAxn1LsoTuFPAif+SCLRIGafcHkOywM32qn6Hh' \
|
177
|
-
'UpeBChX81JhJpip1gdJmRTGEZjKfR93h1shW0LqLLbdQUwYPOP' \
|
178
|
-
'bnjz7fU7x+d5/ighWTDsmOVyvEiqM0WasFzK+WBUfvo8tQxUym' \
|
179
|
-
'exw/U3B7N/0R/9v6U3l6x7eeIoQ4+lnJK2ULFzVgiw==',
|
180
|
-
},
|
181
|
-
decryption_key: './spec/spec_key',
|
182
|
-
)
|
183
|
-
|
184
|
-
expect(filtered_settings._secure_my_secure_setting).to be_a Integer
|
185
|
-
expect(filtered_settings._secure_my_secure_setting).to eql 12_345
|
186
|
-
end
|
187
|
-
|
188
|
-
it 'can decrypt a number that has not been yamlled' do
|
189
|
-
filtered_settings = DecryptionFilter.execute(
|
190
|
-
data: {
|
191
|
-
_secure_my_secure_setting: 'Ieh5poOpcirj1jihkh1eENaCrF8ECQSLOigM4ApTZ8hp4vrL3N' \
|
192
|
-
'KWp3djEkQz0QceopgN8TBJOEj1lqfGGL3Ar5L0SGrIsHt6KOil' \
|
193
|
-
'erEXXH4/e2+s8JFWpdfjCxgn12fv1jqXxNyuMUlYRBD7R+oRNV' \
|
194
|
-
'A5nNpnwiSE7IOBjUEZyzlQUrePVku5CtOs0hfGe+79n6D8zFGT' \
|
195
|
-
'px7UjZg4QVXyHISBM2hAaDOZ0dfxVqbzmvN3B68xbuIty5vyv1' \
|
196
|
-
'+Ry2k+yIGJXIOjNm96ntDxIuUbycfrqYdtopBDI5kcr0zckPWM' \
|
197
|
-
'QRqkp7yd/XNZqyYCFGMNKNwokE6wZuGffkD/H/VPxQ==',
|
198
|
-
},
|
199
|
-
decryption_key: './spec/spec_key',
|
200
|
-
)
|
201
|
-
|
202
|
-
expect(filtered_settings._secure_my_secure_setting).to eql '12345'
|
203
|
-
end
|
204
|
-
|
205
|
-
it 'can decrypt a string that has not been yamlled' do
|
206
|
-
filtered_settings = DecryptionFilter.execute(
|
207
|
-
data: {
|
208
|
-
_secure_my_secure_setting: 'V2ifd6KwfGK8zW7K87ypHiA89UvVqsAX3961dR/B5ensruVFi5' \
|
209
|
-
'KydFR1KxPQHxInhVl4GIvpBCwczK1mMZ61NGVISK04tg90R52/' \
|
210
|
-
'ue0s4V9v01h1wTnahrkRGFyKk4iiQwsluuXGaW4gBFayaKOs77' \
|
211
|
-
'HL/fMBY985akz8lv/8secg2U66YWeIHblJ2OKdNELaEFZKXWyw' \
|
212
|
-
'PxXEMPckAnbJB6liwFNjbY1y0WH6oiP/OzoiOGzGeuUr2P8IfW' \
|
213
|
-
'8JIedOuy4JV4Y46QPvu4zCZhDgNa4dTCdOTA/oEd5+GLhuoSiC' \
|
214
|
-
'87k/vbURwhqs1fmyXUJpUaDg3x4quTDZ6uBTG0Qu/A==',
|
215
|
-
},
|
216
|
-
decryption_key: './spec/spec_key',
|
217
|
-
)
|
218
|
-
|
219
|
-
expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
|
220
|
-
end
|
221
|
-
|
222
|
-
it 'can decrypt large encrypted data' do
|
223
|
-
filtered_settings = DecryptionFilter.execute(
|
224
|
-
data: {
|
225
|
-
_secure_my_secure_setting: 'AcMY7ALLoGZRakL3ibyo2WB438ipdMDIjsa4SCDBP2saOY63A' \
|
226
|
-
'D3C/SZanexlYDQoYoYC0V5J5EvKHgGMDAU8qnp9LjzU5VCwJ3' \
|
227
|
-
'SVRGz3J0c7LXgTlC585Lgy8LX+/yjYFm4D13hlMvvsoI35Bo8' \
|
228
|
-
'EVkTSU2+0gRSjRpQJeK1o7az5+fBuNmFipevA4YfLnarnpwo2' \
|
229
|
-
'd2oO+BqStI2QQI1UWwN2R04rvOdHoEzA6DLsdvYX+QTKDk4K5' \
|
230
|
-
'oSKXfuMBvzOCaCGT75cmt85ZY7XZnwbKi6c4mtL1ajrCr8sQF' \
|
231
|
-
'TA/GyG1EiYLFp1uQco0m2/S9yFf26REjax4ZE6O/ilXgT6xg=' \
|
232
|
-
'=#YAm25swWRQx4ip1RjVzpGQ==#vRGvgjErI+dATM4UOtFkkg' \
|
233
|
-
'efFpFTvxGpHN0gRbf1VCO4K07eqAQPb46BDI67a8iNum9cBph' \
|
234
|
-
'es7oGmuNnUvBg4JiZhKsXnolcRWdITDVh/XYNioXRmesvj4x+' \
|
235
|
-
'tY0FVhkLV2zubRVfC7CDJgin6wRHP+bcZhICDD2YqB+XRS4ou' \
|
236
|
-
'66UeaiGA4eV4G6sPIo+DPjDM3m8JFnuRFMvGk73wthbN4MdAp' \
|
237
|
-
'9xONt5wfobJUiUR11k2iAqwhx7Wyj0imz/afI8goDTdMfQt3V' \
|
238
|
-
'DOYqYG3y2AcYOfsOL6m0GtQRlKvtsvw+m8/ICwSGiL2Loup0j' \
|
239
|
-
'/jDGhFi1lwf4ded8aSwyS+2/Ks9C008dsJwpR1SxJ59z1KSzd' \
|
240
|
-
'QcTcrJTnxd+2qpOVVIoaRGud2tSV+5wKXy9dWRflLsjEtBRFR' \
|
241
|
-
'eFurTVQPodjDy+Lhs452/O/+KAJOXMKeYegCGOe8z9tLD3tel' \
|
242
|
-
'jjTyJPeW/1FE3+tP3G3HJAV4sgoO0YwhNY1Nji56igCl3UvEP' \
|
243
|
-
'nEQcJgu0w/+dqSreqwp6TqaqXY3lzr8vi733lti4nss=',
|
244
|
-
},
|
245
|
-
decryption_key: './spec/spec_key',
|
246
|
-
)
|
247
|
-
|
248
|
-
expect(filtered_settings._secure_my_secure_setting).to eql 'long' * 100
|
249
|
-
end
|
250
|
-
end
|
251
|
-
end
|
252
|
-
end
|
@@ -1,195 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
require 'rspectacular'
|
3
|
-
require 'chamber/filters/encryption_filter'
|
4
|
-
|
5
|
-
module Chamber
|
6
|
-
module Filters
|
7
|
-
describe EncryptionFilter do
|
8
|
-
it 'will attempt to encrypt values which are marked as "secure"' do
|
9
|
-
filtered_settings = EncryptionFilter.execute(
|
10
|
-
data: {
|
11
|
-
_secure_my_secure_setting: 'hello',
|
12
|
-
},
|
13
|
-
encryption_key: './spec/spec_key.pub',
|
14
|
-
)
|
15
|
-
|
16
|
-
expect(filtered_settings._secure_my_secure_setting).to match \
|
17
|
-
EncryptionFilter::BASE64_STRING_PATTERN
|
18
|
-
end
|
19
|
-
|
20
|
-
it 'will not attempt to encrypt values which are not marked as "secure"' do
|
21
|
-
filtered_settings = EncryptionFilter.execute(
|
22
|
-
data: {
|
23
|
-
my_secure_setting: 'hello',
|
24
|
-
},
|
25
|
-
encryption_key: './spec/spec_key.pub',
|
26
|
-
)
|
27
|
-
|
28
|
-
expect(filtered_settings.my_secure_setting).to eql 'hello'
|
29
|
-
end
|
30
|
-
|
31
|
-
it 'will not attempt to encrypt values even if they are prefixed with "secure"' do
|
32
|
-
filtered_settings = EncryptionFilter.execute(
|
33
|
-
data: {
|
34
|
-
secure_setting: 'hello',
|
35
|
-
},
|
36
|
-
encryption_key: './spec/spec_key.pub',
|
37
|
-
)
|
38
|
-
|
39
|
-
expect(filtered_settings.secure_setting).to eql 'hello'
|
40
|
-
end
|
41
|
-
|
42
|
-
it 'will attempt to encrypt values if they are not properly encoded' do
|
43
|
-
filtered_settings = EncryptionFilter.execute(
|
44
|
-
data: {
|
45
|
-
_secure_my_secure_setting: 'fNI5\jwlBn',
|
46
|
-
},
|
47
|
-
encryption_key: './spec/spec_key.pub',
|
48
|
-
)
|
49
|
-
|
50
|
-
expect(filtered_settings._secure_my_secure_setting).to match \
|
51
|
-
EncryptionFilter::BASE64_STRING_PATTERN
|
52
|
-
end
|
53
|
-
|
54
|
-
it 'will attempt to encrypt values if they are numbers' do
|
55
|
-
filtered_settings = EncryptionFilter.execute(data: {
|
56
|
-
_secure_my_secure_setting: 12_345,
|
57
|
-
},
|
58
|
-
encryption_key: './spec/spec_key.pub')
|
59
|
-
|
60
|
-
expect(filtered_settings._secure_my_secure_setting).to match \
|
61
|
-
EncryptionFilter::BASE64_STRING_PATTERN
|
62
|
-
end
|
63
|
-
|
64
|
-
it 'will not attempt to encrypt normal values if it guesses that they are already encrypted' do
|
65
|
-
filtered_settings = EncryptionFilter.execute(
|
66
|
-
data: {
|
67
|
-
_secure_my_secure_setting: 'fNI5wlBniNhEU4396pmhWwx+A09bRAMJOUASuP7PzprewBX8C' \
|
68
|
-
'XYqL+v/uXOJpIRCLDjwe8quuC+j9iLcPU7HBRMr054gGxeqZe' \
|
69
|
-
'xbLevXcPk7SrMis3qeEKmnAuarQGXe7ZAntidMY9Lx4pqSkhY' \
|
70
|
-
'XwQnI48d2Dh44qfaS9w2OrehSkpdFRnuxQeOpCKO/bleB0J88' \
|
71
|
-
'WGkytCohyHCRIpbaEjEC3UD52pnqMeu/ClNm+PBgE6Ci94pu5' \
|
72
|
-
'UUnZuIE/y+P4A3wgD6G/u8hgvAW51JwVryg/im1rayGAwWYNg' \
|
73
|
-
'upQ/5LDmjffwx7Q3fyMH2uF3CDIKRIC6U+mnM5SRMO4Dzysw==',
|
74
|
-
},
|
75
|
-
encryption_key: './spec/spec_key.pub',
|
76
|
-
)
|
77
|
-
|
78
|
-
my_secure_setting = filtered_settings._secure_my_secure_setting
|
79
|
-
|
80
|
-
expect(my_secure_setting).to eql 'fNI5wlBniNhEU4396pmhWwx+A09bRAMJOUASuP7Pzprew' \
|
81
|
-
'BX8CXYqL+v/uXOJpIRCLDjwe8quuC+j9iLcPU7HBRMr05' \
|
82
|
-
'4gGxeqZexbLevXcPk7SrMis3qeEKmnAuarQGXe7ZAntid' \
|
83
|
-
'MY9Lx4pqSkhYXwQnI48d2Dh44qfaS9w2OrehSkpdFRnux' \
|
84
|
-
'QeOpCKO/bleB0J88WGkytCohyHCRIpbaEjEC3UD52pnqM' \
|
85
|
-
'eu/ClNm+PBgE6Ci94pu5UUnZuIE/y+P4A3wgD6G/u8hgv' \
|
86
|
-
'AW51JwVryg/im1rayGAwWYNgupQ/5LDmjffwx7Q3fyMH2' \
|
87
|
-
'uF3CDIKRIC6U+mnM5SRMO4Dzysw=='
|
88
|
-
end
|
89
|
-
|
90
|
-
it 'will not attempt to encrypt large values if it guesses that they are already encrypted' do
|
91
|
-
filtered_settings = EncryptionFilter.execute(
|
92
|
-
data: {
|
93
|
-
_secure_my_secure_setting: 'AcMY7ALLoGZRakL3ibyo2WB438ipdMDIjsa4SCDBP2saOY63A' \
|
94
|
-
'D3C/SZanexlYDQoYoYC0V5J5EvKHgGMDAU8qnp9LjzU5VCwJ3' \
|
95
|
-
'SVRGz3J0c7LXgTlC585Lgy8LX+/yjYFm4D13hlMvvsoI35Bo8' \
|
96
|
-
'EVkTSU2+0gRSjRpQJeK1o7az5+fBuNmFipevA4YfLnarnpwo2' \
|
97
|
-
'd2oO+BqStI2QQI1UWwN2R04rvOdHoEzA6DLsdvYX+QTKDk4K5' \
|
98
|
-
'oSKXfuMBvzOCaCGT75cmt85ZY7XZnwbKi6c4mtL1ajrCr8sQF' \
|
99
|
-
'TA/GyG1EiYLFp1uQco0m2/S9yFf26REjax4ZE6O/ilXgT6xg=' \
|
100
|
-
'=#YAm25swWRQx4ip1RjVzpGQ==#vRGvgjErI+dATM4UOtFkkg' \
|
101
|
-
'efFpFTvxGpHN0gRbf1VCO4K07eqAQPb46BDI67a8iNum9cBph' \
|
102
|
-
'es7oGmuNnUvBg4JiZhKsXnolcRWdITDVh/XYNioXRmesvj4x+' \
|
103
|
-
'tY0FVhkLV2zubRVfC7CDJgin6wRHP+bcZhICDD2YqB+XRS4ou' \
|
104
|
-
'66UeaiGA4eV4G6sPIo+DPjDM3m8JFnuRFMvGk73wthbN4MdAp' \
|
105
|
-
'9xONt5wfobJUiUR11k2iAqwhx7Wyj0imz/afI8goDTdMfQt3V' \
|
106
|
-
'DOYqYG3y2AcYOfsOL6m0GtQRlKvtsvw+m8/ICwSGiL2Loup0j' \
|
107
|
-
'/jDGhFi1lwf4ded8aSwyS+2/Ks9C008dsJwpR1SxJ59z1KSzd' \
|
108
|
-
'QcTcrJTnxd+2qpOVVIoaRGud2tSV+5wKXy9dWRflLsjEtBRFR' \
|
109
|
-
'eFurTVQPodjDy+Lhs452/O/+KAJOXMKeYegCGOe8z9tLD3tel' \
|
110
|
-
'jjTyJPeW/1FE3+tP3G3HJAV4sgoO0YwhNY1Nji56igCl3UvEP' \
|
111
|
-
'nEQcJgu0w/+dqSreqwp6TqaqXY3lzr8vi733lti4nss=',
|
112
|
-
},
|
113
|
-
encryption_key: './spec/spec_key.pub',
|
114
|
-
)
|
115
|
-
|
116
|
-
my_secure_setting = filtered_settings._secure_my_secure_setting
|
117
|
-
|
118
|
-
expect(my_secure_setting).to eql 'AcMY7ALLoGZRakL3ibyo2WB438ipdMDIjsa4SCDBP2saOY63A' \
|
119
|
-
'D3C/SZanexlYDQoYoYC0V5J5EvKHgGMDAU8qnp9LjzU5VCwJ3' \
|
120
|
-
'SVRGz3J0c7LXgTlC585Lgy8LX+/yjYFm4D13hlMvvsoI35Bo8' \
|
121
|
-
'EVkTSU2+0gRSjRpQJeK1o7az5+fBuNmFipevA4YfLnarnpwo2' \
|
122
|
-
'd2oO+BqStI2QQI1UWwN2R04rvOdHoEzA6DLsdvYX+QTKDk4K5' \
|
123
|
-
'oSKXfuMBvzOCaCGT75cmt85ZY7XZnwbKi6c4mtL1ajrCr8sQF' \
|
124
|
-
'TA/GyG1EiYLFp1uQco0m2/S9yFf26REjax4ZE6O/ilXgT6xg=' \
|
125
|
-
'=#YAm25swWRQx4ip1RjVzpGQ==#vRGvgjErI+dATM4UOtFkkg' \
|
126
|
-
'efFpFTvxGpHN0gRbf1VCO4K07eqAQPb46BDI67a8iNum9cBph' \
|
127
|
-
'es7oGmuNnUvBg4JiZhKsXnolcRWdITDVh/XYNioXRmesvj4x+' \
|
128
|
-
'tY0FVhkLV2zubRVfC7CDJgin6wRHP+bcZhICDD2YqB+XRS4ou' \
|
129
|
-
'66UeaiGA4eV4G6sPIo+DPjDM3m8JFnuRFMvGk73wthbN4MdAp' \
|
130
|
-
'9xONt5wfobJUiUR11k2iAqwhx7Wyj0imz/afI8goDTdMfQt3V' \
|
131
|
-
'DOYqYG3y2AcYOfsOL6m0GtQRlKvtsvw+m8/ICwSGiL2Loup0j' \
|
132
|
-
'/jDGhFi1lwf4ded8aSwyS+2/Ks9C008dsJwpR1SxJ59z1KSzd' \
|
133
|
-
'QcTcrJTnxd+2qpOVVIoaRGud2tSV+5wKXy9dWRflLsjEtBRFR' \
|
134
|
-
'eFurTVQPodjDy+Lhs452/O/+KAJOXMKeYegCGOe8z9tLD3tel' \
|
135
|
-
'jjTyJPeW/1FE3+tP3G3HJAV4sgoO0YwhNY1Nji56igCl3UvEP' \
|
136
|
-
'nEQcJgu0w/+dqSreqwp6TqaqXY3lzr8vi733lti4nss='
|
137
|
-
end
|
138
|
-
|
139
|
-
it 'can encrypt long multiline strings' do
|
140
|
-
filtered_settings = EncryptionFilter.execute(
|
141
|
-
data: {
|
142
|
-
_secure_multiline: <<-HEREDOC
|
143
|
-
-----BEGIN RSA PRIVATE KEY-----
|
144
|
-
uQ431irYF7XGEwmsfNUcw++6Enjmt9MItVZJrfL4cUr84L1ccOEX9AThsxz2nkiO
|
145
|
-
GgU+HtwwueZDUZ8Pdn71+1CdVaSUeEkVaYKYuHwYVb1spGfreHQHRP90EMv3U5Ir
|
146
|
-
xs0YFwKBgAJKGol+GM1oFodg48v4QA6hlF5z49v83wU+AS2f3aMVfjkTYgAEAoCT
|
147
|
-
qoSi7wkYK3NvftVgVi8Z2+1WEzp3S590UkkHmjc5o+HfS657v2fnqkekJyinB+OH
|
148
|
-
b5tySsPxt/3Un4D9EaGhjv44GMvL54vFI1Sqc8RsF/H8lRvj5ai5
|
149
|
-
-----END RSA PRIVATE KEY-----
|
150
|
-
HEREDOC
|
151
|
-
},
|
152
|
-
encryption_key: './spec/spec_key.pub',
|
153
|
-
)
|
154
|
-
|
155
|
-
my_secure_setting = filtered_settings._secure_multiline
|
156
|
-
|
157
|
-
expect(my_secure_setting).to match(EncryptionFilter::LARGE_DATA_STRING_PATTERN)
|
158
|
-
end
|
159
|
-
|
160
|
-
it 'will encrypt strings of 127 chars effective length' do
|
161
|
-
filtered_settings = EncryptionFilter.execute(
|
162
|
-
data: {
|
163
|
-
_secure_my_secure_setting: 'A' * 119,
|
164
|
-
},
|
165
|
-
encryption_key: './spec/spec_key.pub',
|
166
|
-
)
|
167
|
-
|
168
|
-
expect(filtered_settings._secure_my_secure_setting).to match \
|
169
|
-
EncryptionFilter::BASE64_STRING_PATTERN
|
170
|
-
|
171
|
-
filtered_settings = EncryptionFilter.execute(
|
172
|
-
data: {
|
173
|
-
_secure_my_secure_setting: 'A' * 120,
|
174
|
-
},
|
175
|
-
encryption_key: './spec/spec_key.pub',
|
176
|
-
)
|
177
|
-
|
178
|
-
expect(filtered_settings._secure_my_secure_setting).to match \
|
179
|
-
EncryptionFilter::LARGE_DATA_STRING_PATTERN
|
180
|
-
end
|
181
|
-
|
182
|
-
it 'will encrypt and decrypt strings larger than 128 chars' do
|
183
|
-
filtered_settings = EncryptionFilter.execute(
|
184
|
-
data: {
|
185
|
-
_secure_my_secure_setting: 'long' * 100,
|
186
|
-
},
|
187
|
-
encryption_key: './spec/spec_key.pub',
|
188
|
-
)
|
189
|
-
|
190
|
-
expect(filtered_settings._secure_my_secure_setting).to match \
|
191
|
-
EncryptionFilter::LARGE_DATA_STRING_PATTERN
|
192
|
-
end
|
193
|
-
end
|
194
|
-
end
|
195
|
-
end
|