RubyGems - chamber - Versions diffs - 2.12.3 → 2.14.1 - Mend

chamber 2.12.3 → 2.14.1

Files changed (57) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/README.md +101 -26
data/lib/chamber.rb +82 -10
data/lib/chamber/adapters/cloud/circle_ci.rb +85 -0
data/lib/chamber/adapters/cloud/heroku.rb +74 -0
data/lib/chamber/binary/circle_ci.rb +122 -0
data/lib/chamber/binary/heroku.rb +45 -16
data/lib/chamber/binary/runner.rb +42 -26
data/lib/chamber/binary/travis.rb +5 -3
data/lib/chamber/commands/base.rb +10 -16
data/lib/chamber/commands/cloud/base.rb +35 -0
data/lib/chamber/commands/{heroku → cloud}/clear.rb +6 -8
data/lib/chamber/commands/cloud/compare.rb +26 -0
data/lib/chamber/commands/cloud/pull.rb +29 -0
data/lib/chamber/commands/cloud/push.rb +44 -0
data/lib/chamber/commands/comparable.rb +2 -2
data/lib/chamber/commands/compare.rb +6 -9
data/lib/chamber/commands/initialize.rb +26 -22
data/lib/chamber/commands/securable.rb +10 -10
data/lib/chamber/commands/secure.rb +2 -2
data/lib/chamber/commands/show.rb +8 -8
data/lib/chamber/commands/sign.rb +2 -2
data/lib/chamber/commands/verify.rb +2 -2
data/lib/chamber/configuration.rb +8 -3
data/lib/chamber/context_resolver.rb +16 -7
data/lib/chamber/encryption_methods/ssl.rb +21 -12
data/lib/chamber/file.rb +22 -20
data/lib/chamber/file_set.rb +21 -11
data/lib/chamber/files/signature.rb +31 -23
data/lib/chamber/filters/decryption_filter.rb +13 -11
data/lib/chamber/filters/encryption_filter.rb +17 -8
data/lib/chamber/filters/environment_filter.rb +12 -14
data/lib/chamber/filters/failed_decryption_filter.rb +6 -6
data/lib/chamber/filters/insecure_filter.rb +12 -3
data/lib/chamber/filters/namespace_filter.rb +5 -5
data/lib/chamber/filters/secure_filter.rb +5 -5
data/lib/chamber/filters/translate_secure_keys_filter.rb +5 -5
data/lib/chamber/instance.rb +54 -30
data/lib/chamber/integrations/rails.rb +1 -1
data/lib/chamber/integrations/sinatra.rb +6 -6
data/lib/chamber/key_pair.rb +8 -8
data/lib/chamber/keys/base.rb +35 -41
data/lib/chamber/keys/decryption.rb +8 -14
data/lib/chamber/keys/encryption.rb +8 -14
data/lib/chamber/namespace_set.rb +2 -4
data/lib/chamber/settings.rb +86 -56
data/lib/chamber/types/secured.rb +8 -10
data/lib/chamber/version.rb +1 -1
data/templates/settings.yml +2 -0
metadata +51 -41
metadata.gz.sig +0 -0
data/lib/chamber/commands/heroku.rb +0 -31
data/lib/chamber/commands/heroku/compare.rb +0 -33
data/lib/chamber/commands/heroku/pull.rb +0 -30
data/lib/chamber/commands/heroku/push.rb +0 -27

data/lib/chamber/integrations/rails.rb CHANGED

@@ -9,7 +9,7 @@ class   Rails < ::Rails::Railtie
     Chamber.load(basepath:   ::Rails.root.join('config'),
                  namespaces: {
                    environment: -> { ::Rails.env },
-                   hostname:    -> { Socket.gethostname },
+                   hostname:    -> { ::Socket.gethostname },
                  })
   end
 end

data/lib/chamber/integrations/sinatra.rb CHANGED

@@ -16,12 +16,12 @@ module Sinatra
       end
       Chamber.load(
-                    basepath:   root,
-                    namespaces: {
-                      environment: -> { env },
-                      hostname:    -> { Socket.gethostname },
-                    },
-                  )
+        basepath:   root,
+        namespaces: {
+          environment: -> { env },
+          hostname:    -> { Socket.gethostname },
+        },
+      )
     end
   end
 end

data/lib/chamber/key_pair.rb CHANGED

@@ -9,10 +9,10 @@ class  KeyPair
                 :namespace,
                 :passphrase
-  def initialize(options = {})
-    self.namespace     = options[:namespace]
-    self.passphrase    = options.fetch(:passphrase, SecureRandom.uuid)
-    self.key_file_path = Pathname.new(options.fetch(:key_file_path))
+  def initialize(key_file_path:, namespace: nil, passphrase: ::SecureRandom.uuid)
+    self.namespace     = namespace
+    self.passphrase    = passphrase
+    self.key_file_path = Pathname.new(key_file_path)
   end
   def encrypted_private_key_passphrase_filepath
@@ -77,10 +77,10 @@ class  KeyPair
   def base_key_filename
     @base_key_filename ||= [
                              '.chamber',
-                             namespace,
-                           ].
-                             compact.
-                             join('.')
+                             namespace ? namespace.tr('-.', '') : nil,
+                           ]
+                             .compact
+                             .join('.')
   end
 end
 end

data/lib/chamber/keys/base.rb CHANGED

@@ -3,73 +3,67 @@
 module  Chamber
 module  Keys
 class   Base
-  def self.resolve(*args)
-    new(*args).resolve
+  def self.resolve(**args)
+    new(**args).resolve
   end
   attr_accessor :rootpath
   attr_reader   :filenames,
                 :namespaces
-  def initialize(options = {})
-    self.rootpath   = Pathname.new(options.fetch(:rootpath))
-    self.namespaces = options.fetch(:namespaces)
-    self.filenames  = options[:filenames]
+  def initialize(rootpath:, namespaces:, filenames: nil)
+    self.rootpath   = Pathname.new(rootpath)
+    self.namespaces = namespaces
+    self.filenames  = filenames
   end
   def resolve
-    filenames.each_with_object({}) do |filename, memo|
-      namespace = namespace_from_filename(filename) || '__default'
-      value     = key_from_file_contents(filename) ||
-                  key_from_environment_variable(filename)
+    key_paths.each_with_object({}) do |path, memo|
+      namespace = namespace_from_path(path) || '__default'
+      value     = path.readable? ? path.read : ENV[environment_variable_from_path(path)]
       memo[namespace.downcase.to_sym] = value if value
     end
   end
-  def filenames=(other)
-    @filenames = begin
-                   paths = Array(other).
-                             map { |o| Pathname.new(o) }.
-                             compact
+  def as_environment_variables
+    key_paths.select(&:readable?).each_with_object({}) do |path, memo|
+      memo[environment_variable_from_path(path)] = path.read
+    end
+  end
-                   paths << default_key_file_path if paths.empty?
+  private
-                   (
-                     paths +
-                     generate_key_filenames
-                   ).
-                     uniq
-                 end
+  def key_paths
+    @key_paths = (filenames.any? ? filenames : [default_key_file_path]) +
+                 namespaces.map { |n| namespace_to_key_path(n) }
   end
-  private
+  # rubocop:disable Performance/ChainArrayAllocation
+  def filenames=(other)
+    @filenames = Array(other)
+                   .map { |o| Pathname.new(o) }
+                   .compact
+  end
+  # rubocop:enable Performance/ChainArrayAllocation
   def namespaces=(other)
-    @namespaces ||= begin
-                      keys = if other.respond_to?(:keys)
-                               other.keys.map(&:to_s)
-                             else
-                               other
-                             end
-                      keys + %w{signature}
-                    end
+    @namespaces = other + %w{signature}
   end
-  def key_from_file_contents(filename)
-    filename.readable? && filename.read
+  def namespace_from_path(path)
+    path
+      .basename
+      .to_s
+      .match(self.class::NAMESPACE_PATTERN) { |m| m[1].upcase }
   end
-  def key_from_environment_variable(filename)
-    ENV[environment_variable_from_filename(filename)]
+  def namespace_to_key_path(namespace)
+    rootpath + ".chamber.#{namespace.to_s.tr('.-', '')}#{key_filename_extension}"
   end
-  def namespace_from_filename(filename)
-    filename.
-      basename.
-      to_s.
-      match(self.class::NAMESPACE_PATTERN) { |m| m[1].upcase }
+  def default_key_file_path
+    Pathname.new(rootpath + ".chamber#{key_filename_extension}")
   end
 end
 end

data/lib/chamber/keys/decryption.rb CHANGED

@@ -13,28 +13,22 @@ class   Decryption < Chamber::Keys::Base
                         (\w+)       # Namespace
                         \.pem       # Extension
                         \z          # End of Filename
-                      /x
+                      /x.freeze
   private
-  def environment_variable_from_filename(filename)
+  def environment_variable_from_path(path)
     [
       'CHAMBER',
-      namespace_from_filename(filename),
+      namespace_from_path(path),
       'KEY',
-    ].
-      compact.
-      join('_')
+    ]
+      .compact
+      .join('_')
   end
-  def generate_key_filenames
-    namespaces.map do |namespace|
-      rootpath + ".chamber.#{namespace}.pem"
-    end
-  end
-  def default_key_file_path
-    Pathname.new(rootpath + '.chamber.pem')
+  def key_filename_extension
+    '.pem'
   end
 end
 end

data/lib/chamber/keys/encryption.rb CHANGED

@@ -13,28 +13,22 @@ class   Encryption < Chamber::Keys::Base
                         (\w+)       # Namespace
                         \.pub\.pem  # Extension
                         \z          # End of Filename
-                      /x
+                      /x.freeze
   private
-  def environment_variable_from_filename(filename)
+  def environment_variable_from_path(path)
     [
       'CHAMBER',
-      namespace_from_filename(filename),
+      namespace_from_path(path),
       'PUBLIC_KEY',
-    ].
-      compact.
-      join('_')
+    ]
+      .compact
+      .join('_')
   end
-  def generate_key_filenames
-    namespaces.map do |namespace|
-      rootpath + ".chamber.#{namespace}.pub.pem"
-    end
-  end
-  def default_key_file_path
-    Pathname.new(rootpath + '.chamber.pub.pem')
+  def key_filename_extension
+    '.pub.pem'
   end
 end
 end

data/lib/chamber/namespace_set.rb CHANGED

@@ -71,10 +71,8 @@ class   NamespaceSet
   # Internal: Iterates over each namespace value and allows it to be used in
   # a block.
   #
-  def each
-    namespaces.each do |namespace|
-      yield namespace
-    end
+  def each(&block)
+    namespaces.each(&block)
   end
   ###

data/lib/chamber/settings.rb CHANGED

@@ -16,29 +16,40 @@ require 'chamber/filters/failed_decryption_filter'
 #
 module  Chamber
 class   Settings
-  attr_accessor :pre_filters,
-                :post_filters,
+  attr_accessor :decryption_keys,
                 :encryption_keys,
-                :decryption_keys
+                :post_filters,
+                :pre_filters,
+                :secure_key_prefix
   attr_reader   :namespaces
-  # rubocop:disable Metrics/CyclomaticComplexity, Metrics/LineLength
-  def initialize(options = {})
-    self.namespaces      = options[:namespaces]      || []
-    self.raw_data        = options[:settings]        || {}
-    self.decryption_keys = options[:decryption_keys] || {}
-    self.encryption_keys = options[:encryption_keys] || {}
-    self.pre_filters     = options[:pre_filters]     || [
-                                                          Filters::NamespaceFilter,
-                                                        ]
-    self.post_filters    = options[:post_filters]    || [
-                                                          Filters::DecryptionFilter,
-                                                          Filters::EnvironmentFilter,
-                                                          Filters::FailedDecryptionFilter,
-                                                          Filters::TranslateSecureKeysFilter,
-                                                        ]
+  # rubocop:disable Metrics/ParameterLists
+  def initialize(
+                  decryption_keys:   {},
+                  encryption_keys:   {},
+                  namespaces:        [],
+                  pre_filters:       [
+                                       Filters::NamespaceFilter,
+                                     ],
+                  post_filters:      [
+                                       Filters::DecryptionFilter,
+                                       Filters::EnvironmentFilter,
+                                       Filters::FailedDecryptionFilter,
+                                       Filters::TranslateSecureKeysFilter,
+                                     ],
+                  secure_key_prefix: '_secure_',
+                  settings:          {},
+                  **_args
+                )
+    self.decryption_keys   = decryption_keys
+    self.encryption_keys   = encryption_keys
+    self.namespaces        = namespaces
+    self.post_filters      = post_filters
+    self.pre_filters       = pre_filters
+    self.raw_data          = settings
+    self.secure_key_prefix = secure_key_prefix
   end
-  # rubocop:enable Metrics/CyclomaticComplexity, Metrics/LineLength
+  # rubocop:enable Metrics/ParameterLists
   ###
   # Internal: Converts a Settings object into a hash that is compatible as an
@@ -79,15 +90,11 @@ class   Settings
   #                 } ).to_s
   #   # => 'MY_KEY="my value" MY_OTHER_KEY="my other value"'
   #
-  def to_s(options = {})
-    hierarchical_separator = options[:hierarchical_separator] || '_'
-    pair_separator         = options[:pair_separator]         || ' '
-    value_surrounder       = options[:value_surrounder]       || '"'
-    name_value_separator   = options[:name_value_separator]   || '='
-    concatenated_name_hash = to_concatenated_name_hash(hierarchical_separator)
-    pairs = concatenated_name_hash.to_a.map do |key, value|
+  def to_s(hierarchical_separator: '_',
+           pair_separator:         ' ',
+           value_surrounder:       '"',
+           name_value_separator:   '=')
+    pairs = to_concatenated_name_hash(hierarchical_separator).to_a.map do |key, value|
       "#{key.upcase}#{name_value_separator}#{value_surrounder}#{value}#{value_surrounder}"
     end
@@ -182,20 +189,21 @@ class   Settings
   # Returns a new Settings object
   #
   def merge(other)
-    other_settings = if other.is_a? Settings
+    other_settings = case other
+                     when Settings
                        other
-                     elsif other.is_a? Hash
+                     when Hash
                        Settings.new(settings: other)
                      end
-    # rubocop:disable Metrics/LineLength
+    # rubocop:disable Layout/LineLength
     Settings.new(
       encryption_keys: encryption_keys.any? ? encryption_keys : other_settings.encryption_keys,
       decryption_keys: decryption_keys.any? ? decryption_keys : other_settings.decryption_keys,
       namespaces:      (namespaces + other_settings.namespaces),
       settings:        raw_data.merge(other_settings.raw_data),
     )
-    # rubocop:enable Metrics/LineLength
+    # rubocop:enable Layout/LineLength
   end
   ###
@@ -219,33 +227,59 @@ class   Settings
     namespaces  == other.namespaces
   end
+  def [](key)
+    warn "WARNING: Bracket access will require strings instead of symbols in Chamber 3.0.  You attempted to access the '#{key}' setting.  See https://github.com/thekompanee/chamber/wiki/Upgrading-To-Chamber-3.0#removal-of-bracket-indifferent-access for full details." if key.is_a?(::Symbol) # rubocop:disable Layout/LineLength
+    warn "WARNING: Accessing a non-existent key ('#{key}') with brackets will fail in Chamber 3.0.  See https://github.com/thekompanee/chamber/wiki/Upgrading-To-Chamber-3.0#bracket-access-now-fails-on-non-existent-keys for full details." unless data.has_key?(key) # rubocop:disable Layout/LineLength
+    data.[](key)
+  end
+  def dig!(*args)
+    args.inject(data) do |data_value, bracket_value|
+      key = bracket_value.is_a?(::Symbol) ? bracket_value.to_s : bracket_value
+      data_value.fetch(key)
+    end
+  end
+  def dig(*args)
+    dig!(*args)
+  rescue ::KeyError, ::IndexError # rubocop:disable Lint/ShadowedException
+    nil
+  end
   def securable
-    Settings.new(metadata.merge(
-                    settings:    raw_data,
-                    pre_filters: [Filters::SecureFilter],
-    ))
+    Settings.new(**metadata.merge(
+                   settings:    raw_data,
+                   pre_filters: [Filters::SecureFilter],
+                 ))
   end
   def secure
-    Settings.new(metadata.merge(
-                    settings:     raw_data,
-                    pre_filters:  [Filters::EncryptionFilter],
-                    post_filters: [Filters::TranslateSecureKeysFilter],
-    ))
+    Settings.new(**metadata.merge(
+                   settings:     raw_data,
+                   pre_filters:  [Filters::EncryptionFilter],
+                   post_filters: [Filters::TranslateSecureKeysFilter],
+                 ))
   end
   def insecure
-    Settings.new(metadata.merge(
-                    settings:     raw_data,
-                    pre_filters:  [Filters::InsecureFilter],
-                    post_filters: [Filters::TranslateSecureKeysFilter],
-    ))
+    Settings.new(**metadata.merge(
+                   settings:     raw_data,
+                   pre_filters:  [Filters::InsecureFilter],
+                   post_filters: [Filters::TranslateSecureKeysFilter],
+                 ))
   end
   def method_missing(name, *args)
-    return data.public_send(name, *args) if data.respond_to?(name)
+    if data.respond_to?(name)
+      warn "WARNING: Object notation access is deprecated and will be removed in Chamber 3.0.  You attempted to access the '#{name}' setting.  See https://github.com/thekompanee/chamber/wiki/Upgrading-To-Chamber-3.0#removal-of-object-notation-access for full details." # rubocop:disable Layout/LineLength
+      warn "WARNING: Predicate methods are deprecated and will be removed in Chamber 3.0.  You attempted to access the '#{name}' setting.  See https://github.com/thekompanee/chamber/wiki/Upgrading-To-Chamber-3.0#removal-of-predicate-accessors for full details." if name.end_with?('?') # rubocop:disable Layout/LineLength
-    super
+      data.public_send(name, *args)
+    else
+      super
+    end
   end
   def respond_to_missing?(name, include_private = false)
@@ -262,24 +296,20 @@ class   Settings
     @namespaces = NamespaceSet.new(raw_namespaces)
   end
+  # rubocop:disable Naming/MemoizedInstanceVariableName
   def raw_data
     @filtered_raw_data ||= pre_filters.inject(@raw_data) do |filtered_data, filter|
-      filter.execute({ data: filtered_data }.
-                     merge(metadata))
+      filter.execute(**{ data: filtered_data }.merge(metadata))
     end
   end
+  # rubocop:enable Naming/MemoizedInstanceVariableName
   def data
     @data ||= post_filters.inject(raw_data) do |filtered_data, filter|
-      filter.execute({ data: filtered_data }.
-                     merge(metadata))
+      filter.execute(**{ data: filtered_data }.merge(metadata))
     end
   end
-  def secure_key_prefix
-    '_secure_'
-  end
   def metadata
     {
       decryption_keys:   decryption_keys,