chamber 2.12.2 → 2.14.0

data/lib/chamber/commands/cloud/push.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require 'chamber/commands/cloud/base'
+require 'chamber/commands/securable'
+require 'chamber/keys/decryption'
+
+module  Chamber
+module  Commands
+module  Cloud
+class   Push < Chamber::Commands::Cloud::Base
+  include Chamber::Commands::Securable
+
+  attr_accessor :keys
+
+  def initialize(keys:, **args)
+    super(**args)
+
+    self.keys = keys
+  end
+
+  def call
+    environment_variables = if keys
+                              Keys::Decryption
+                                .new(rootpath:   chamber.configuration.rootpath,
+                                     namespaces: chamber.configuration.namespaces)
+                                .as_environment_variables
+                            else
+                              securable_environment_variables
+                            end
+
+    environment_variables.each do |key, value|
+      if dry_run
+        shell.say_status 'push', key, :blue
+      else
+        shell.say_status 'push', key, :green
+
+        adapter.add_environment_variable(key, value)
+      end
+    end
+  end
+end
+end
+end
+end

data/lib/chamber/commands/comparable.rb

@@ -5,10 +5,10 @@ require 'tempfile'
 module  Chamber
 module  Commands
 module  Comparable
-  def initialize(options = {})
+  def initialize(keys_only:, **args)
     super
 
-    self.keys_only = options[:keys_only]
+    self.keys_only = keys_only
   end
 
   def call

data/lib/chamber/commands/compare.rb

@@ -12,18 +12,15 @@ class   Compare < Chamber::Commands::Base
   attr_accessor :first_settings_instance,
                 :second_settings_instance
 
-  def self.call(options = {})
-    new(options).call
+  def self.call(**args)
+    new(**args).call
   end
 
-  def initialize(options = {})
-    super
+  def initialize(first:, second:, **args)
+    super(**args)
 
-    first_settings_options        = options.merge(namespaces: options[:first])
-    self.first_settings_instance  = Chamber::Instance.new(first_settings_options)
-
-    second_settings_options       = options.merge(namespaces: options[:second])
-    self.second_settings_instance = Chamber::Instance.new(second_settings_options)
+    self.first_settings_instance  = Chamber::Instance.new(args.merge(namespaces: first))
+    self.second_settings_instance = Chamber::Instance.new(args.merge(namespaces: second))
   end
 
   protected

data/lib/chamber/commands/initialize.rb

@@ -11,23 +11,23 @@ require 'chamber/commands/base'
 module  Chamber
 module  Commands
 class   Initialize < Chamber::Commands::Base
-  def self.call(options = {})
-    new(options).call
+  def self.call(**args)
+    new(**args).call
   end
 
   attr_accessor :basepath,
                 :namespaces,
                 :signature
 
-  def initialize(options = {})
-    super
+  def initialize(signature:, namespaces: [], **args)
+    super(**args)
 
     self.basepath   = Chamber.configuration.basepath
-    self.namespaces = options.fetch(:namespaces, [])
-    self.signature  = options.fetch(:signature)
+    self.namespaces = namespaces
+    self.signature  = signature
   end
 
-  # rubocop:disable Metrics/LineLength, Metrics/MethodLength, Metrics/AbcSize
+  # rubocop:disable Layout/LineLength, Metrics/MethodLength, Metrics/AbcSize, Metrics/CyclomaticComplexity
   def call
     key_pairs = namespaces.map do |namespace|
       Chamber::KeyPair.new(namespace:     namespace,
@@ -78,21 +78,25 @@ class   Initialize < Chamber::Commands::Base
       shell.say 'Your signature keys, which will be used for verification, are located at:'
       shell.say ''
       shell.say '  * Public Key:            '
-      shell.say signature_key_pair.
-                  public_key_filepath.
-                  relative_path_from(Pathname.pwd), :yellow
+      shell.say signature_key_pair
+                  .public_key_filepath
+                  .relative_path_from(Pathname.pwd),
+                :yellow
       shell.say '  * Private Key:           '
-      shell.say signature_key_pair.
-                  unencrypted_private_key_filepath.
-                  relative_path_from(Pathname.pwd), :yellow
+      shell.say signature_key_pair
+                  .unencrypted_private_key_filepath
+                  .relative_path_from(Pathname.pwd),
+                :yellow
       shell.say '  * Encrypted Private Key: '
-      shell.say signature_key_pair.
-                  encrypted_private_key_filepath.
-                  relative_path_from(Pathname.pwd), :yellow
+      shell.say signature_key_pair
+                  .encrypted_private_key_filepath
+                  .relative_path_from(Pathname.pwd),
+                :yellow
       shell.say '  * Encrypted Passphrase:  '
-      shell.say signature_key_pair.
-                  encrypted_private_key_passphrase_filepath.
-                  relative_path_from(Pathname.pwd), :yellow
+      shell.say signature_key_pair
+                  .encrypted_private_key_passphrase_filepath
+                  .relative_path_from(Pathname.pwd),
+                :yellow
 
       shell.say ''
       shell.say 'The signature private keys should be thought of separately from the other'
@@ -153,7 +157,7 @@ class   Initialize < Chamber::Commands::Base
     shell.say '--------------------------------------------------------------------------------'
     shell.say ''
   end
-  # rubocop:enable Metrics/LineLength, Metrics/MethodLength, Metrics/AbcSize
+  # rubocop:enable Layout/LineLength, Metrics/MethodLength, Metrics/AbcSize, Metrics/CyclomaticComplexity
 
   protected
 
@@ -178,7 +182,7 @@ class   Initialize < Chamber::Commands::Base
   end
 
   def append_to_gitignore
-    ::FileUtils.touch gitignore_filepath
+    ::FileUtils.touch(gitignore_filepath)
 
     gitignore_contents = ::File.read(gitignore_filepath)
 
@@ -206,7 +210,7 @@ class   Initialize < Chamber::Commands::Base
 
   def gem_path
     @gem_path                   ||= Pathname.new(
-                                      ::File.expand_path('../../../..', __FILE__),
+                                      ::File.expand_path('../../..', __dir__),
                                     )
   end
 

data/lib/chamber/commands/securable.rb

@@ -6,15 +6,15 @@ require 'chamber/instance'
 module  Chamber
 module  Commands
 module  Securable
-  def initialize(options = {})
-    super
-
-    ignored_settings_options        = options.
-                                        merge(files: ignored_settings_filepaths).
-                                        reject { |k, _v| k == 'basepath' }
-    self.ignored_settings_instance  = Chamber::Instance.new(ignored_settings_options)
-    self.current_settings_instance  = Chamber::Instance.new(options)
-    self.only_sensitive             = options[:only_sensitive]
+  def initialize(only_sensitive: nil, **args)
+    super(**args)
+
+    ignored_settings_options        = args
+                                        .merge(files: ignored_settings_filepaths)
+                                        .reject { |k, _v| k == 'basepath' }
+    self.ignored_settings_instance  = Chamber::Instance.new(**ignored_settings_options)
+    self.current_settings_instance  = Chamber::Instance.new(**args)
+    self.only_sensitive             = only_sensitive
   end
 
   protected
@@ -53,7 +53,7 @@ module  Securable
     end
 
     `
-      git ls-files --other --ignored --exclude-from=.gitignore |
+      git ls-files --other --ignored --exclude-per-directory=.gitignore |
       sed -e "s|^|#{Shellwords.escape(rootpath.to_s)}/|" |
       grep --colour=never -E '#{shell_escaped_chamber_filenames.join('|')}'
     `.split("\n")

data/lib/chamber/commands/secure.rb

@@ -8,8 +8,8 @@ module  Commands
 class   Secure < Chamber::Commands::Base
   include Chamber::Commands::Securable
 
-  def initialize(options = {})
-    super(options.merge(namespaces: ['*']))
+  def initialize(**args)
+    super(**args.merge(namespaces: ['*']))
   end
 
   def call

data/lib/chamber/commands/show.rb

@@ -9,21 +9,21 @@ class   Show < Chamber::Commands::Base
   attr_accessor :as_env,
                 :only_sensitive
 
-  def initialize(options = {})
-    super
+  def initialize(as_env: nil, only_sensitive: nil, **args)
+    super(**args)
 
-    self.as_env         = options[:as_env]
-    self.only_sensitive = options[:only_sensitive]
+    self.as_env         = as_env
+    self.only_sensitive = only_sensitive
   end
 
   def call
     if as_env
       settings.to_s(pair_separator: "\n")
     else
-      PP.
-        pp(settings.to_hash, StringIO.new, 60).
-        string.
-        chomp
+      PP
+        .pp(settings.to_hash, StringIO.new, 60)
+        .string
+        .chomp
     end
   end
 

data/lib/chamber/commands/sign.rb

@@ -5,8 +5,8 @@ require 'chamber/commands/base'
 module  Chamber
 module  Commands
 class   Sign < Chamber::Commands::Base
-  def initialize(options = {})
-    super(options.merge(namespaces: ['*']))
+  def initialize(**args)
+    super(**args.merge(namespaces: ['*']))
   end
 
   def call

data/lib/chamber/commands/verify.rb

@@ -5,8 +5,8 @@ require 'chamber/commands/base'
 module  Chamber
 module  Commands
 class   Verify < Chamber::Commands::Base
-  def initialize(options = {})
-    super(options.merge(namespaces: ['*']))
+  def initialize(**args)
+    super(**args.merge(namespaces: ['*']))
   end
 
   def call

data/lib/chamber/configuration.rb

@@ -8,16 +8,20 @@ class   Configuration
                 :decryption_keys,
                 :encryption_keys,
                 :files,
-                :namespaces
+                :namespaces,
+                :rootpath,
+                :signature_name
 
-  def initialize(options = {})
-    options              = ContextResolver.resolve(options)
+  def initialize(**args)
+    options              = ContextResolver.resolve(**args)
 
     self.basepath        = options.fetch(:basepath)
     self.namespaces      = options.fetch(:namespaces)
     self.decryption_keys = options.fetch(:decryption_keys)
     self.encryption_keys = options.fetch(:encryption_keys)
     self.files           = options.fetch(:files)
+    self.rootpath        = options.fetch(:rootpath)
+    self.signature_name  = options.fetch(:signature_name)
   end
 
   def to_hash
@@ -27,6 +31,7 @@ class   Configuration
       encryption_keys: encryption_keys,
       files:           files,
       namespaces:      namespaces,
+      signature_name:  signature_name,
     }
   end
 end

data/lib/chamber/context_resolver.rb

@@ -3,7 +3,6 @@
 require 'pathname'
 require 'socket'
 
-require 'chamber/core_ext/hash'
 require 'chamber/keys/decryption'
 require 'chamber/keys/encryption'
 
@@ -11,11 +10,11 @@ module  Chamber
 class   ContextResolver
   attr_accessor :options
 
-  def initialize(options = {})
-    self.options = options.transform_keys(&:to_sym)
+  def initialize(**args)
+    self.options = args
   end
 
-  # rubocop:disable Metrics/AbcSize, Metrics/LineLength
+  # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize, Layout/LineLength
   def resolve
     options[:rootpath]   ||= Pathname.pwd
     options[:rootpath]     = Pathname.new(options[:rootpath])
@@ -30,6 +29,7 @@ class   ContextResolver
       options[:basepath]   ||= options[:rootpath]
     end
 
+    options[:namespaces]        = resolve_namespaces(options[:namespaces])
     options[:encryption_keys]   = Keys::Encryption.resolve(filenames:  options[:encryption_keys],
                                                            namespaces: options[:namespaces],
                                                            rootpath:   options[:rootpath])
@@ -42,16 +42,25 @@ class   ContextResolver
                                     options[:basepath] + 'settings',
                                   ]
 
+    options[:signature_name]    = options[:signature_name]
+
     options
   end
-  # rubocop:enable Metrics/AbcSize, Metrics/LineLength
+  # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize, Layout/LineLength
 
-  def self.resolve(options = {})
-    new(options).resolve
+  def self.resolve(**args)
+    new(**args).resolve
   end
 
   protected
 
+  def resolve_namespaces(other)
+    (other.respond_to?(:values) ? other.values : other)
+      .map do |namespace|
+        namespace.respond_to?(:call) ? namespace.call : namespace
+      end
+  end
+
   def resolve_preset
     if in_a_rails_project?
       'rails'

data/lib/chamber/encryption_methods/ssl.rb

@@ -5,14 +5,23 @@ require 'base64'
 module  Chamber
 module  EncryptionMethods
 class   Ssl
-  LARGE_DATA_STRING_PATTERN = %r{\A([A-Za-z0-9\+\/#]*\={0,2})#([A-Za-z0-9\+\/#]*\={0,2})#([A-Za-z0-9\+\/#]*\={0,2})\z} # rubocop:disable Metrics/LineLength
+  BASE64_STRING_PATTERN     = %r{[A-Za-z0-9+/#]*={0,2}}.freeze
+  LARGE_DATA_STRING_PATTERN = /
+                                \A
+                                (#{BASE64_STRING_PATTERN})
+                                \#
+                                (#{BASE64_STRING_PATTERN})
+                                \#
+                                (#{BASE64_STRING_PATTERN})
+                                \z
+                              /x.freeze
 
-  def self.encrypt(_key, value, encryption_keys)
-    value = YAML.dump(value)
-    cipher = OpenSSL::Cipher.new('AES-128-CBC')
+  def self.encrypt(_key, value, encryption_keys) # rubocop:disable Metrics/AbcSize
+    value         = YAML.dump(value)
+    cipher        = OpenSSL::Cipher.new('AES-128-CBC')
     cipher.encrypt
     symmetric_key = cipher.random_key
-    iv = cipher.random_iv
+    iv            = cipher.random_iv
 
     # encrypt all data with this key and iv
     encrypted_data = cipher.update(value) + cipher.final
@@ -26,24 +35,24 @@ class   Ssl
     Base64.strict_encode64(encrypted_data)
   end
 
-  def self.decrypt(key, value, decryption_keys)
+  def self.decrypt(key, value, decryption_keys) # rubocop:disable Metrics/AbcSize
     if decryption_keys.nil?
       value
     else
-      key, iv, decoded_string = value.
-                                  match(LARGE_DATA_STRING_PATTERN).
-                                  captures.
-                                  map do |part|
+      key, iv, decoded_string = value
+                                  .match(LARGE_DATA_STRING_PATTERN)
+                                  .captures
+                                  .map do |part|
         Base64.strict_decode64(part)
       end
-      key = decryption_keys.private_decrypt(key)
+      key                     = decryption_keys.private_decrypt(key)
 
       cipher_dec = OpenSSL::Cipher.new('AES-128-CBC')
 
       cipher_dec.decrypt
 
       cipher_dec.key = key
-      cipher_dec.iv = iv
+      cipher_dec.iv  = iv
 
       begin
         unencrypted_value = cipher_dec.update(decoded_string) + cipher_dec.final

data/lib/chamber/errors/environment_conversion.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module  Chamber
+module  Errors
+class   EnvironmentConversion < ArgumentError
+end
+end
+end

data/lib/chamber/file.rb

@@ -13,7 +13,8 @@ module  Chamber
 class   File < Pathname
   attr_accessor :namespaces,
                 :decryption_keys,
-                :encryption_keys
+                :encryption_keys,
+                :signature_name
 
   ###
   # Internal: Creates a settings file representing a path to a file on the
@@ -42,12 +43,13 @@ class   File < Pathname
   #   Chamber::File.new path: '/tmp/settings.yml'
   #   # => <Chamber::File>
   #
-  def initialize(options = {})
-    self.namespaces      = options[:namespaces]      || {}
-    self.decryption_keys = options[:decryption_keys] || {}
-    self.encryption_keys = options[:encryption_keys] || {}
+  def initialize(path:, namespaces: {}, decryption_keys: {}, encryption_keys: {}, signature_name: nil)
+    self.namespaces      = namespaces
+    self.decryption_keys = decryption_keys
+    self.encryption_keys = encryption_keys
+    self.signature_name  = signature_name
 
-    super options.fetch(:path)
+    super path
   end
 
   ###
@@ -70,13 +72,13 @@ class   File < Pathname
   # ```
   #
   def to_settings
-    @data ||= Settings.new(settings:        file_contents_hash,
-                           namespaces:      namespaces,
-                           decryption_keys: decryption_keys,
-                           encryption_keys: encryption_keys)
+    @to_settings ||= Settings.new(settings:        file_contents_hash,
+                                  namespaces:      namespaces,
+                                  decryption_keys: decryption_keys,
+                                  encryption_keys: encryption_keys)
   end
 
-  # rubocop:disable Metrics/LineLength
+  # rubocop:disable Layout/LineLength, Metrics/AbcSize
   def secure
     insecure_settings = to_settings.insecure.to_flattened_name_hash
     secure_settings   = to_settings.insecure.secure.to_flattened_name_hash
@@ -88,22 +90,22 @@ class   File < Pathname
       escaped_name  = Regexp.escape(name_pieces.last)
       escaped_value = Regexp.escape(value)
 
-      file_contents.
-        sub!(
+      file_contents
+        .sub!(
           /^(\s*)#{secure_prefix_pattern}#{escaped_name}(\s*):(\s*)['"]?#{escaped_value}['"]?$/,
           "\\1#{secure_prefix}#{name_pieces.last}\\2:\\3#{secure_value}",
-      )
+        )
 
-      file_contents.
-        sub!(
+      file_contents
+        .sub!(
           /^(\s*)#{secure_prefix_pattern}#{escaped_name}(\s*):(\s*)\|((?:\n\1\s{2}.*)+)/,
           "\\1#{secure_prefix}#{name_pieces.last}\\2:\\3#{secure_value}",
-      )
+        )
     end
 
     write(file_contents)
   end
-  # rubocop:enable Metrics/LineLength
+  # rubocop:enable Layout/LineLength, Metrics/AbcSize
 
   def sign
     signature_key_contents = decryption_keys[:signature]
@@ -111,7 +113,7 @@ class   File < Pathname
     fail ArgumentError, 'You asked to sign your settings files but no signature key was found.  Run `chamber init --signature` to generate one.' \
       unless signature_key_contents
 
-    signature = Files::Signature.new(to_s, read, signature_key_contents)
+    signature = Files::Signature.new(to_s, read, signature_key_contents, signature_name)
 
     signature.write
   end
@@ -122,7 +124,7 @@ class   File < Pathname
     fail ArgumentError, 'You asked to verify your settings files but no signature key was found.  Run `chamber init --signature` to generate one.' \
       unless signature_key_contents
 
-    signature = Files::Signature.new(to_s, read, signature_key_contents)
+    signature = Files::Signature.new(to_s, read, signature_key_contents, signature_name)
 
     signature.verify
   end