chamber 2.12.2 → 2.14.0

data/lib/chamber/file_set.rb

@@ -112,19 +112,28 @@ require 'chamber/settings'
 #
 module  Chamber
 class   FileSet
-  attr_reader   :namespaces,
-                :paths
   attr_accessor :decryption_keys,
                 :encryption_keys,
-                :basepath
+                :basepath,
+                :signature_name
+  attr_reader   :namespaces,
+                :paths
 
-  def initialize(options = {})
-    self.namespaces      = options[:namespaces] || {}
-    self.decryption_keys = options[:decryption_keys]
-    self.encryption_keys = options[:encryption_keys]
-    self.paths           = options.fetch(:files)
-    self.basepath        = options[:basepath]
+  # rubocop:disable Metrics/ParameterLists
+  def initialize(files:,
+                 basepath:        nil,
+                 decryption_keys: nil,
+                 encryption_keys: nil,
+                 namespaces:      {},
+                 signature_name:  nil)
+    self.basepath        = basepath
+    self.decryption_keys = decryption_keys
+    self.encryption_keys = encryption_keys
+    self.namespaces      = namespaces
+    self.paths           = files
+    self.signature_name  = signature_name
   end
+  # rubocop:enable Metrics/ParameterLists
 
   ###
   # Internal: Returns an Array of the ordered list of files that was processed
@@ -234,7 +243,8 @@ class   FileSet
           File.new(path:            file,
                    namespaces:      namespaces,
                    decryption_keys: decryption_keys,
-                   encryption_keys: encryption_keys)
+                   encryption_keys: encryption_keys,
+                   signature_name:  signature_name)
         end
 
         sorted_relevant_files += relevant_glob_files
@@ -247,7 +257,7 @@ class   FileSet
   private
 
   def all_files
-    @all_files ||= file_globs.map { |fg| Pathname.glob(fg) }.flatten.uniq.sort
+    @all_files ||= file_globs.map { |fg| Pathname.glob(fg) }.flatten.uniq.sort # rubocop:disable Performance/ChainArrayAllocation
   end
 
   def non_namespaced_files

data/lib/chamber/files/signature.rb

@@ -7,35 +7,43 @@ require 'time'
 module Chamber
 module Files
 class  Signature
-  SIGNATURE_HEADER                    = '-----BEGIN CHAMBER SIGNATURE-----'
-  SIGNATURE_FOOTER                    = '-----END CHAMBER SIGNATURE-----'
-  SIGNATURE_IN_SIGNATURE_FILE_PATTERN = /#{SIGNATURE_HEADER}\n(.*)\n#{SIGNATURE_FOOTER}/
+  SIGNATURE_HEADER          = '-----BEGIN CHAMBER SIGNATURE-----'
+  SIGNATURE_HEADER_PATTERN  = /-----BEGIN\sCHAMBER\sSIGNATURE-----/.freeze
+  SIGNATURE_FOOTER          = '-----END CHAMBER SIGNATURE-----'
+  SIGNATURE_FOOTER_PATTERN  = /-----END\sCHAMBER\sSIGNATURE-----/.freeze
+  SIGNATURE_IN_FILE_PATTERN = /
+                                #{SIGNATURE_HEADER_PATTERN}\n # Header
+                                (.*)\n                        # Signature Body
+                                #{SIGNATURE_FOOTER_PATTERN}   # Footer
+                              /x.freeze
 
   attr_accessor :settings_content,
-                :settings_filename
+                :settings_filename,
+                :signature_name
 
   attr_reader   :signature_key
 
-  def initialize(settings_filename, settings_content, signature_key)
+  def initialize(settings_filename, settings_content, signature_key, signature_name)
     self.signature_key     = signature_key
     self.settings_content  = settings_content
     self.settings_filename = Pathname.new(settings_filename)
+    self.signature_name    = signature_name
   end
 
   def signature_key=(keyish)
-    @signature_key ||= if keyish.is_a?(OpenSSL::PKey::RSA)
-                         keyish
-                       elsif ::File.readable?(::File.expand_path(keyish))
-                         file_contents = ::File.read(::File.expand_path(keyish))
-                         OpenSSL::PKey::RSA.new(file_contents)
-                       else
-                         OpenSSL::PKey::RSA.new(keyish)
-                       end
+    @signature_key = if keyish.is_a?(OpenSSL::PKey::RSA)
+                       keyish
+                     elsif ::File.readable?(::File.expand_path(keyish))
+                       file_contents = ::File.read(::File.expand_path(keyish))
+                       OpenSSL::PKey::RSA.new(file_contents)
+                     else
+                       OpenSSL::PKey::RSA.new(keyish)
+                     end
   end
 
   def write
     signature_filename.write(<<-HEREDOC, 0, mode: 'w+')
-Signed By: #{`git config --get 'user.name'`.chomp}
+Signed By: #{signature_name}
 Signed At: #{Time.now.utc.iso8601}
 
 #{SIGNATURE_HEADER}
@@ -55,20 +63,20 @@ Signed At: #{Time.now.utc.iso8601}
   end
 
   def raw_signature
-    @raw_signature ||= signature_key.
-                         sign(digest, settings_content)
+    @raw_signature ||= signature_key
+                         .sign(digest, settings_content)
   end
 
   def signature_filename
-    @signature_filename ||= settings_filename.
-                              sub('.yml', '.sig').
-                              sub('.erb', '')
+    @signature_filename ||= settings_filename
+                              .sub('.yml', '.sig')
+                              .sub('.erb', '')
   end
 
   def encoded_signature_content
-    @encoded_signature_content ||= signature_filename.
-                                     read.
-                                     match(SIGNATURE_IN_SIGNATURE_FILE_PATTERN) do |match|
+    @encoded_signature_content ||= signature_filename
+                                     .read
+                                     .match(SIGNATURE_IN_FILE_PATTERN) do |match|
       match[1]
     end
   end
@@ -78,7 +86,7 @@ Signed At: #{Time.now.utc.iso8601}
   end
 
   def digest
-    @digest ||= OpenSSL::Digest::SHA512.new
+    @digest ||= OpenSSL::Digest.new('SHA512')
   end
 end
 end

data/lib/chamber/filters/decryption_filter.rb

@@ -12,35 +12,35 @@ require 'chamber/errors/decryption_failure'
 module  Chamber
 module  Filters
 class   DecryptionFilter
-  BASE64_STRING_PATTERN     = %r{\A[A-Za-z0-9\+/]{342}==\z}
+  BASE64_STRING_PATTERN     = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
   LARGE_DATA_STRING_PATTERN = %r{
                                   \A                            # Beginning of String
                                   (
-                                    [A-Za-z0-9\+\/#]*\={0,2}    # Base64 Encoded Key
+                                    [A-Za-z0-9+/#]*={0,2}       # Base64 Encoded Key
                                   )
                                   \#                            # Separator
                                   (
-                                    [A-Za-z0-9\+\/#]*\={0,2}    # Base64 Encoded IV
+                                    [A-Za-z0-9+/#]*={0,2}       # Base64 Encoded IV
                                   )
                                   \#                            # Separator
                                   (
-                                    [A-Za-z0-9\+\/#]*\={0,2}    # Base64 Encoded Data
+                                    [A-Za-z0-9+/#]*={0,2}       # Base64 Encoded Data
                                   )
                                   \z                            # End of String
-                                }x
+                                }x.freeze
 
   attr_accessor :data,
                 :secure_key_token
   attr_reader   :decryption_keys
 
-  def initialize(options = {})
-    self.decryption_keys  = options.fetch(:decryption_keys, {}) || {}
-    self.data             = options.fetch(:data).dup
-    self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
+  def initialize(data:, secure_key_prefix:, decryption_keys: {}, **_args)
+    self.decryption_keys  = decryption_keys || {}
+    self.data             = data.dup
+    self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
   end
 
-  def self.execute(options = {})
-    new(options).__send__(:execute)
+  def self.execute(**args)
+    new(**args).__send__(:execute)
   end
 
   protected
@@ -75,6 +75,7 @@ class   DecryptionFilter
 
   private
 
+  # rubocop:disable Style/RedundantBegin
   def decrypt(key, value)
     method = decryption_method(value)
 
@@ -88,6 +89,7 @@ class   DecryptionFilter
 
     value
   end
+  # rubocop:enable Style/RedundantBegin
 
   def decryption_method(value)
     if value.respond_to?(:match)

data/lib/chamber/filters/encryption_filter.rb

@@ -10,21 +10,30 @@ require 'chamber/encryption_methods/none'
 module    Chamber
 module    Filters
 class     EncryptionFilter
-  BASE64_STRING_PATTERN     = %r{\A[A-Za-z0-9\+\/]{342}==\z}
-  LARGE_DATA_STRING_PATTERN = %r{\A([A-Za-z0-9\+\/#]*\={0,2})#([A-Za-z0-9\+\/#]*\={0,2})#([A-Za-z0-9\+\/#]*\={0,2})\z} # rubocop:disable Metrics/LineLength
+  BASE64_STRING_PATTERN     = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
+  BASE64_SUBSTRING_PATTERN  = %r{[A-Za-z0-9+/#]*={0,2}}.freeze
+  LARGE_DATA_STRING_PATTERN = /
+                                \A
+                                (#{BASE64_SUBSTRING_PATTERN})
+                                \#
+                                (#{BASE64_SUBSTRING_PATTERN})
+                                \#
+                                (#{BASE64_SUBSTRING_PATTERN})
+                                \z
+                              /x.freeze
 
   attr_accessor :data,
                 :secure_key_token
   attr_reader   :encryption_keys
 
-  def initialize(options = {})
-    self.encryption_keys  = options.fetch(:encryption_keys, {}) || {}
-    self.data             = options.fetch(:data).dup
-    self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
+  def initialize(data:, secure_key_prefix:, encryption_keys: {}, **_args)
+    self.encryption_keys  = encryption_keys || {}
+    self.data             = data.dup
+    self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
   end
 
-  def self.execute(options = {})
-    new(options).__send__(:execute)
+  def self.execute(**args)
+    new(**args).__send__(:execute)
   end
 
   protected

data/lib/chamber/filters/environment_filter.rb

@@ -3,6 +3,8 @@
 require 'yaml'
 require 'hashie/mash'
 
+require 'chamber/errors/environment_conversion'
+
 module  Chamber
 module  Filters
 class   EnvironmentFilter
@@ -86,16 +88,16 @@ class   EnvironmentFilter
   #   }
   #
   #
-  def self.execute(options = {})
-    new(options).__send__(:execute)
+  def self.execute(**args)
+    new(**args).__send__(:execute)
   end
 
   attr_accessor :data,
                 :secure_key_token
 
-  def initialize(options = {})
-    self.data             = options.fetch(:data)
-    self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
+  def initialize(data:, secure_key_prefix:, **_args)
+    self.data             = data
+    self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
   end
 
   protected
@@ -108,7 +110,9 @@ class   EnvironmentFilter
         { key => execute(value, environment_keys) }
       end,
       lambda do |key, value, environment_key|
-        { key => convert_environment_value(ENV[environment_key], value) }
+        { key => convert_environment_value(environment_key,
+                                           ENV[environment_key],
+                                           value) }
       end,
     )
   end
@@ -134,8 +138,7 @@ class   EnvironmentFilter
     environment_hash
   end
 
-  # rubocop:disable Metrics/CyclomaticComplexity
-  def convert_environment_value(environment_value, settings_value)
+  def convert_environment_value(environment_key, environment_value, settings_value) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/AbcSize
     return settings_value unless environment_value
     return                if %w{___nil___ ___null___}.include?(environment_value)
 
@@ -159,13 +162,21 @@ class   EnvironmentFilter
           fail ArgumentError, "Invalid value for Array: #{environment_value}"
         end
       end
-    when 'Integer'
+    when 'Fixnum', 'Integer'
       Integer(environment_value)
     else
       environment_value
     end
+  rescue ArgumentError
+    raise Chamber::Errors::EnvironmentConversion, <<-HEREDOC
+We attempted to convert '#{environment_key}' from '#{environment_value}' to a '#{settings_value.class.name}'.
+
+Unfortunately, this did not go as planned.  Please either verify that your value is convertable
+or change the original YAML value to be something more generic (like a String).
+
+For more information, see https://github.com/thekompanee/chamber/wiki/Environment-Variable-Coercions
+    HEREDOC
   end
-  # rubocop:enable Metrics/CyclomaticComplexity
 end
 end
 end

data/lib/chamber/filters/failed_decryption_filter.rb

@@ -5,18 +5,18 @@ require 'chamber/errors/decryption_failure'
 module  Chamber
 module  Filters
 class   FailedDecryptionFilter
-  BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9\+/]{342}==\z}
+  BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
 
-  def self.execute(options = {})
-    new(options).__send__(:execute)
+  def self.execute(**args)
+    new(**args).__send__(:execute)
   end
 
   attr_accessor :data,
                 :secure_key_token
 
-  def initialize(options = {})
-    self.data             = options.fetch(:data).dup
-    self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
+  def initialize(data:, secure_key_prefix:, **_args)
+    self.data             = data.dup
+    self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
   end
 
   protected

data/lib/chamber/filters/insecure_filter.rb

@@ -6,12 +6,21 @@ require 'chamber/filters/secure_filter'
 module  Chamber
 module  Filters
 class   InsecureFilter < SecureFilter
-  BASE64_STRING_PATTERN     = %r{\A[A-Za-z0-9\+\/]{342}==\z}
-  LARGE_DATA_STRING_PATTERN = %r{\A([A-Za-z0-9\+\/#]*\={0,2})#([A-Za-z0-9\+\/#]*\={0,2})#([A-Za-z0-9\+\/#]*\={0,2})\z} # rubocop:disable Metrics/LineLength
+  BASE64_STRING_PATTERN     = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
+  BASE64_SUBSTRING_PATTERN  = %r{[A-Za-z0-9+/#]*={0,2}}.freeze
+  LARGE_DATA_STRING_PATTERN = /
+                                \A
+                                (#{BASE64_SUBSTRING_PATTERN})
+                                \#
+                                (#{BASE64_SUBSTRING_PATTERN})
+                                \#
+                                (#{BASE64_SUBSTRING_PATTERN})
+                                \z
+                              /x.freeze
 
   protected
 
-  def execute(raw_data = data)
+  def execute(raw_data = data) # rubocop:disable Metrics/CyclomaticComplexity
     securable_settings = super
     settings           = Hashie::Mash.new
 

data/lib/chamber/filters/namespace_filter.rb

@@ -5,16 +5,16 @@ require 'hashie/mash'
 module  Chamber
 module  Filters
 class   NamespaceFilter
-  def self.execute(options = {})
-    new(options).__send__(:execute)
+  def self.execute(**args)
+    new(**args).__send__(:execute)
   end
 
   attr_accessor :data,
                 :namespaces
 
-  def initialize(options = {})
-    self.data       = Hashie::Mash.new(options.fetch(:data))
-    self.namespaces = options.fetch(:namespaces)
+  def initialize(data:, namespaces:, **_args)
+    self.data       = Hashie::Mash.new(data)
+    self.namespaces = namespaces
   end
 
   protected

data/lib/chamber/filters/secure_filter.rb

@@ -5,16 +5,16 @@ require 'hashie/mash'
 module  Chamber
 module  Filters
 class   SecureFilter
-  def self.execute(options = {})
-    new(options).__send__(:execute)
+  def self.execute(**args)
+    new(**args).__send__(:execute)
   end
 
   attr_accessor :data,
                 :secure_key_token
 
-  def initialize(options = {})
-    self.data             = Hashie::Mash.new(options.fetch(:data))
-    self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
+  def initialize(data:, secure_key_prefix:, **_args)
+    self.data             = Hashie::Mash.new(data)
+    self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
   end
 
   protected

data/lib/chamber/filters/translate_secure_keys_filter.rb

@@ -5,16 +5,16 @@ require 'hashie/mash'
 module  Chamber
 module  Filters
 class   TranslateSecureKeysFilter
-  def self.execute(options = {})
-    new(options).__send__(:execute)
+  def self.execute(**args)
+    new(**args).__send__(:execute)
   end
 
   attr_accessor :data,
                 :secure_key_token
 
-  def initialize(options = {})
-    self.data             = options.fetch(:data).dup
-    self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
+  def initialize(data:, secure_key_prefix:, **_args)
+    self.data             = data.dup
+    self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
   end
 
   protected

data/lib/chamber/instance.rb

@@ -9,15 +9,19 @@ class   Instance
   attr_accessor :configuration,
                 :files
 
-  def initialize(options = {})
-    self.configuration = Configuration.new  options
-    self.files         = FileSet.new        configuration.to_hash
+  def initialize(**args)
+    self.configuration = Configuration.new(**args)
+    self.files         = FileSet.new(**configuration.to_hash)
   end
 
   def settings
     @settings ||= files.to_settings { |settings| @settings = settings }
   end
 
+  def [](key)
+    settings.[](key)
+  end
+
   def filenames
     files.filenames
   end
@@ -34,39 +38,51 @@ class   Instance
     files.verify
   end
 
-  def encrypt(data, options = {})
-    config = configuration.to_hash.merge(options)
-
-    Settings.
-      new(
-      config.merge(
-        settings:     data,
-        pre_filters:  [Filters::EncryptionFilter],
-        post_filters: [],
-      ),
-    ).
-      to_hash
+  def to_environment
+    settings.to_environment
+  end
+
+  def to_s(**args)
+    settings.to_s(**args)
+  end
+
+  def to_hash
+    settings.to_hash
+  end
+
+  def namespaces
+    settings.namespaces
   end
 
-  def decrypt(data, options = {})
-    config = configuration.to_hash.merge(options)
-
-    Settings.
-      new(
-      config.merge(
-        settings:     data,
-        pre_filters:  [Filters::NamespaceFilter],
-        post_filters: [
-                        Filters::DecryptionFilter,
-                        Filters::FailedDecryptionFilter,
-                      ],
-      ),
-    ).
-      to_hash
+  def encrypt(data, **args)
+    config = configuration.to_hash.merge(**args)
+
+    Settings
+      .new(
+        **config.merge(
+          settings:     data,
+          pre_filters:  [Filters::EncryptionFilter],
+          post_filters: [],
+        ),
+      )
+      .to_hash
   end
 
-  def to_s(options = {})
-    settings.to_s(options)
+  def decrypt(data, **args)
+    config = configuration.to_hash.merge(**args)
+
+    Settings
+      .new(
+        **config.merge(
+          settings:     data,
+          pre_filters:  [Filters::NamespaceFilter],
+          post_filters: [
+                          Filters::DecryptionFilter,
+                          Filters::FailedDecryptionFilter,
+                        ],
+        ),
+      )
+      .to_hash
   end
 
   def method_missing(name, *args)