RubyGems - chamber - Versions diffs - 2.12.3 → 2.14.1 - Mend

chamber 2.12.3 → 2.14.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (57) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/README.md +101 -26
data/lib/chamber.rb +82 -10
data/lib/chamber/adapters/cloud/circle_ci.rb +85 -0
data/lib/chamber/adapters/cloud/heroku.rb +74 -0
data/lib/chamber/binary/circle_ci.rb +122 -0
data/lib/chamber/binary/heroku.rb +45 -16
data/lib/chamber/binary/runner.rb +42 -26
data/lib/chamber/binary/travis.rb +5 -3
data/lib/chamber/commands/base.rb +10 -16
data/lib/chamber/commands/cloud/base.rb +35 -0
data/lib/chamber/commands/{heroku → cloud}/clear.rb +6 -8
data/lib/chamber/commands/cloud/compare.rb +26 -0
data/lib/chamber/commands/cloud/pull.rb +29 -0
data/lib/chamber/commands/cloud/push.rb +44 -0
data/lib/chamber/commands/comparable.rb +2 -2
data/lib/chamber/commands/compare.rb +6 -9
data/lib/chamber/commands/initialize.rb +26 -22
data/lib/chamber/commands/securable.rb +10 -10
data/lib/chamber/commands/secure.rb +2 -2
data/lib/chamber/commands/show.rb +8 -8
data/lib/chamber/commands/sign.rb +2 -2
data/lib/chamber/commands/verify.rb +2 -2
data/lib/chamber/configuration.rb +8 -3
data/lib/chamber/context_resolver.rb +16 -7
data/lib/chamber/encryption_methods/ssl.rb +21 -12
data/lib/chamber/file.rb +22 -20
data/lib/chamber/file_set.rb +21 -11
data/lib/chamber/files/signature.rb +31 -23
data/lib/chamber/filters/decryption_filter.rb +13 -11
data/lib/chamber/filters/encryption_filter.rb +17 -8
data/lib/chamber/filters/environment_filter.rb +12 -14
data/lib/chamber/filters/failed_decryption_filter.rb +6 -6
data/lib/chamber/filters/insecure_filter.rb +12 -3
data/lib/chamber/filters/namespace_filter.rb +5 -5
data/lib/chamber/filters/secure_filter.rb +5 -5
data/lib/chamber/filters/translate_secure_keys_filter.rb +5 -5
data/lib/chamber/instance.rb +54 -30
data/lib/chamber/integrations/rails.rb +1 -1
data/lib/chamber/integrations/sinatra.rb +6 -6
data/lib/chamber/key_pair.rb +8 -8
data/lib/chamber/keys/base.rb +35 -41
data/lib/chamber/keys/decryption.rb +8 -14
data/lib/chamber/keys/encryption.rb +8 -14
data/lib/chamber/namespace_set.rb +2 -4
data/lib/chamber/settings.rb +86 -56
data/lib/chamber/types/secured.rb +8 -10
data/lib/chamber/version.rb +1 -1
data/templates/settings.yml +2 -0
metadata +51 -41
metadata.gz.sig +0 -0
data/lib/chamber/commands/heroku.rb +0 -31
data/lib/chamber/commands/heroku/compare.rb +0 -33
data/lib/chamber/commands/heroku/pull.rb +0 -30
data/lib/chamber/commands/heroku/push.rb +0 -27

data/lib/chamber/integrations/rails.rb CHANGED

@@ -9,7 +9,7 @@ class   Rails < ::Rails::Railtie
     Chamber.load(basepath:   ::Rails.root.join('config'),
                  namespaces: {
                    environment: -> { ::Rails.env },
-                   hostname:    -> { Socket.gethostname },
+                   hostname:    -> { ::Socket.gethostname },
                  })
   end
 end

data/lib/chamber/integrations/sinatra.rb CHANGED

@@ -16,12 +16,12 @@ module Sinatra
       end
       Chamber.load(
-                    basepath:   root,
-                    namespaces: {
-                      environment: -> { env },
-                      hostname:    -> { Socket.gethostname },
-                    },
-                  )
+        basepath:   root,
+        namespaces: {
+          environment: -> { env },
+          hostname:    -> { Socket.gethostname },
+        },
+      )
     end
   end
 end

data/lib/chamber/key_pair.rb CHANGED

@@ -9,10 +9,10 @@ class  KeyPair
                 :namespace,
                 :passphrase
-  def initialize(options = {})
-    self.namespace     = options[:namespace]
-    self.passphrase    = options.fetch(:passphrase, SecureRandom.uuid)
-    self.key_file_path = Pathname.new(options.fetch(:key_file_path))
+  def initialize(key_file_path:, namespace: nil, passphrase: ::SecureRandom.uuid)
+    self.namespace     = namespace
+    self.passphrase    = passphrase
+    self.key_file_path = Pathname.new(key_file_path)
   end
   def encrypted_private_key_passphrase_filepath
@@ -77,10 +77,10 @@ class  KeyPair
   def base_key_filename
     @base_key_filename ||= [
                              '.chamber',
-                             namespace,
-                           ].
-                             compact.
-                             join('.')
+                             namespace ? namespace.tr('-.', '') : nil,
+                           ]
+                             .compact
+                             .join('.')
   end
 end
 end

data/lib/chamber/keys/base.rb CHANGED

@@ -3,73 +3,67 @@
 module  Chamber
 module  Keys
 class   Base
-  def self.resolve(*args)
-    new(*args).resolve
+  def self.resolve(**args)
+    new(**args).resolve
   end
   attr_accessor :rootpath
   attr_reader   :filenames,
                 :namespaces
-  def initialize(options = {})
-    self.rootpath   = Pathname.new(options.fetch(:rootpath))
-    self.namespaces = options.fetch(:namespaces)
-    self.filenames  = options[:filenames]
+  def initialize(rootpath:, namespaces:, filenames: nil)
+    self.rootpath   = Pathname.new(rootpath)
+    self.namespaces = namespaces
+    self.filenames  = filenames
   end
   def resolve
-    filenames.each_with_object({}) do |filename, memo|
-      namespace = namespace_from_filename(filename) || '__default'
-      value     = key_from_file_contents(filename) ||
-                  key_from_environment_variable(filename)
+    key_paths.each_with_object({}) do |path, memo|
+      namespace = namespace_from_path(path) || '__default'
+      value     = path.readable? ? path.read : ENV[environment_variable_from_path(path)]
       memo[namespace.downcase.to_sym] = value if value
     end
   end
-  def filenames=(other)
-    @filenames = begin
-                   paths = Array(other).
-                             map { |o| Pathname.new(o) }.
-                             compact
+  def as_environment_variables
+    key_paths.select(&:readable?).each_with_object({}) do |path, memo|
+      memo[environment_variable_from_path(path)] = path.read
+    end
+  end
-                   paths << default_key_file_path if paths.empty?
+  private
-                   (
-                     paths +
-                     generate_key_filenames
-                   ).
-                     uniq
-                 end
+  def key_paths
+    @key_paths = (filenames.any? ? filenames : [default_key_file_path]) +
+                 namespaces.map { |n| namespace_to_key_path(n) }
   end
-  private
+  # rubocop:disable Performance/ChainArrayAllocation
+  def filenames=(other)
+    @filenames = Array(other)
+                   .map { |o| Pathname.new(o) }
+                   .compact
+  end
+  # rubocop:enable Performance/ChainArrayAllocation
   def namespaces=(other)
-    @namespaces ||= begin
-                      keys = if other.respond_to?(:keys)
-                               other.keys.map(&:to_s)
-                             else
-                               other
-                             end
-                      keys + %w{signature}
-                    end
+    @namespaces = other + %w{signature}
   end
-  def key_from_file_contents(filename)
-    filename.readable? && filename.read
+  def namespace_from_path(path)
+    path
+      .basename
+      .to_s
+      .match(self.class::NAMESPACE_PATTERN) { |m| m[1].upcase }
   end
-  def key_from_environment_variable(filename)
-    ENV[environment_variable_from_filename(filename)]
+  def namespace_to_key_path(namespace)
+    rootpath + ".chamber.#{namespace.to_s.tr('.-', '')}#{key_filename_extension}"
   end
-  def namespace_from_filename(filename)
-    filename.
-      basename.
-      to_s.
-      match(self.class::NAMESPACE_PATTERN) { |m| m[1].upcase }
+  def default_key_file_path
+    Pathname.new(rootpath + ".chamber#{key_filename_extension}")
   end
 end
 end

data/lib/chamber/keys/decryption.rb CHANGED

@@ -13,28 +13,22 @@ class   Decryption < Chamber::Keys::Base
                         (\w+)       # Namespace
                         \.pem       # Extension
                         \z          # End of Filename
-                      /x
+                      /x.freeze
   private
-  def environment_variable_from_filename(filename)
+  def environment_variable_from_path(path)
     [
       'CHAMBER',
-      namespace_from_filename(filename),
+      namespace_from_path(path),
       'KEY',
-    ].
-      compact.
-      join('_')
+    ]
+      .compact
+      .join('_')
   end
-  def generate_key_filenames
-    namespaces.map do |namespace|
-      rootpath + ".chamber.#{namespace}.pem"
-    end
-  end
-  def default_key_file_path
-    Pathname.new(rootpath + '.chamber.pem')
+  def key_filename_extension
+    '.pem'
   end
 end
 end

data/lib/chamber/keys/encryption.rb CHANGED

@@ -13,28 +13,22 @@ class   Encryption < Chamber::Keys::Base
                         (\w+)       # Namespace
                         \.pub\.pem  # Extension
                         \z          # End of Filename
-                      /x
+                      /x.freeze
   private
-  def environment_variable_from_filename(filename)
+  def environment_variable_from_path(path)
     [
       'CHAMBER',
-      namespace_from_filename(filename),
+      namespace_from_path(path),
       'PUBLIC_KEY',
-    ].
-      compact.
-      join('_')
+    ]
+      .compact
+      .join('_')
   end
-  def generate_key_filenames
-    namespaces.map do |namespace|
-      rootpath + ".chamber.#{namespace}.pub.pem"
-    end
-  end
-  def default_key_file_path
-    Pathname.new(rootpath + '.chamber.pub.pem')
+  def key_filename_extension
+    '.pub.pem'
   end
 end
 end

data/lib/chamber/namespace_set.rb CHANGED

@@ -71,10 +71,8 @@ class   NamespaceSet
   # Internal: Iterates over each namespace value and allows it to be used in
   # a block.
   #
-  def each
-    namespaces.each do |namespace|
-      yield namespace
-    end
+  def each(&block)
+    namespaces.each(&block)
   end
   ###

data/lib/chamber/settings.rb CHANGED

@@ -16,29 +16,40 @@ require 'chamber/filters/failed_decryption_filter'
 #
 module  Chamber
 class   Settings
-  attr_accessor :pre_filters,
-                :post_filters,
+  attr_accessor :decryption_keys,
                 :encryption_keys,
-                :decryption_keys
+                :post_filters,
+                :pre_filters,
+                :secure_key_prefix
   attr_reader   :namespaces
-  # rubocop:disable Metrics/CyclomaticComplexity, Metrics/LineLength
-  def initialize(options = {})
-    self.namespaces      = options[:namespaces]      || []
-    self.raw_data        = options[:settings]        || {}
-    self.decryption_keys = options[:decryption_keys] || {}
-    self.encryption_keys = options[:encryption_keys] || {}
-    self.pre_filters     = options[:pre_filters]     || [
-                                                          Filters::NamespaceFilter,
-                                                        ]
-    self.post_filters    = options[:post_filters]    || [
-                                                          Filters::DecryptionFilter,
-                                                          Filters::EnvironmentFilter,
-                                                          Filters::FailedDecryptionFilter,
-                                                          Filters::TranslateSecureKeysFilter,
-                                                        ]
+  # rubocop:disable Metrics/ParameterLists
+  def initialize(
+                  decryption_keys:   {},
+                  encryption_keys:   {},
+                  namespaces:        [],
+                  pre_filters:       [
+                                       Filters::NamespaceFilter,
+                                     ],
+                  post_filters:      [
+                                       Filters::DecryptionFilter,
+                                       Filters::EnvironmentFilter,
+                                       Filters::FailedDecryptionFilter,
+                                       Filters::TranslateSecureKeysFilter,
+                                     ],
+                  secure_key_prefix: '_secure_',
+                  settings:          {},
+                  **_args
+                )
+    self.decryption_keys   = decryption_keys
+    self.encryption_keys   = encryption_keys
+    self.namespaces        = namespaces
+    self.post_filters      = post_filters
+    self.pre_filters       = pre_filters
+    self.raw_data          = settings
+    self.secure_key_prefix = secure_key_prefix
   end
-  # rubocop:enable Metrics/CyclomaticComplexity, Metrics/LineLength
+  # rubocop:enable Metrics/ParameterLists
   ###
   # Internal: Converts a Settings object into a hash that is compatible as an
@@ -79,15 +90,11 @@ class   Settings
   #                 } ).to_s
   #   # => 'MY_KEY="my value" MY_OTHER_KEY="my other value"'
   #
-  def to_s(options = {})
-    hierarchical_separator = options[:hierarchical_separator] || '_'
-    pair_separator         = options[:pair_separator]         || ' '
-    value_surrounder       = options[:value_surrounder]       || '"'
-    name_value_separator   = options[:name_value_separator]   || '='
-    concatenated_name_hash = to_concatenated_name_hash(hierarchical_separator)
-    pairs = concatenated_name_hash.to_a.map do |key, value|
+  def to_s(hierarchical_separator: '_',
+           pair_separator:         ' ',
+           value_surrounder:       '"',
+           name_value_separator:   '=')
+    pairs = to_concatenated_name_hash(hierarchical_separator).to_a.map do |key, value|
       "#{key.upcase}#{name_value_separator}#{value_surrounder}#{value}#{value_surrounder}"
     end
@@ -182,20 +189,21 @@ class   Settings
   # Returns a new Settings object
   #
   def merge(other)
-    other_settings = if other.is_a? Settings
+    other_settings = case other
+                     when Settings
                        other
-                     elsif other.is_a? Hash
+                     when Hash
                        Settings.new(settings: other)
                      end
-    # rubocop:disable Metrics/LineLength
+    # rubocop:disable Layout/LineLength
     Settings.new(
       encryption_keys: encryption_keys.any? ? encryption_keys : other_settings.encryption_keys,
       decryption_keys: decryption_keys.any? ? decryption_keys : other_settings.decryption_keys,
       namespaces:      (namespaces + other_settings.namespaces),
       settings:        raw_data.merge(other_settings.raw_data),
     )
-    # rubocop:enable Metrics/LineLength
+    # rubocop:enable Layout/LineLength
   end
   ###
@@ -219,33 +227,59 @@ class   Settings
     namespaces  == other.namespaces
   end
+  def [](key)
+    warn "WARNING: Bracket access will require strings instead of symbols in Chamber 3.0.  You attempted to access the '#{key}' setting.  See https://github.com/thekompanee/chamber/wiki/Upgrading-To-Chamber-3.0#removal-of-bracket-indifferent-access for full details." if key.is_a?(::Symbol) # rubocop:disable Layout/LineLength
+    warn "WARNING: Accessing a non-existent key ('#{key}') with brackets will fail in Chamber 3.0.  See https://github.com/thekompanee/chamber/wiki/Upgrading-To-Chamber-3.0#bracket-access-now-fails-on-non-existent-keys for full details." unless data.has_key?(key) # rubocop:disable Layout/LineLength
+    data.[](key)
+  end
+  def dig!(*args)
+    args.inject(data) do |data_value, bracket_value|
+      key = bracket_value.is_a?(::Symbol) ? bracket_value.to_s : bracket_value
+      data_value.fetch(key)
+    end
+  end
+  def dig(*args)
+    dig!(*args)
+  rescue ::KeyError, ::IndexError # rubocop:disable Lint/ShadowedException
+    nil
+  end
   def securable
-    Settings.new(metadata.merge(
-                    settings:    raw_data,
-                    pre_filters: [Filters::SecureFilter],
-    ))
+    Settings.new(**metadata.merge(
+                   settings:    raw_data,
+                   pre_filters: [Filters::SecureFilter],
+                 ))
   end
   def secure
-    Settings.new(metadata.merge(
-                    settings:     raw_data,
-                    pre_filters:  [Filters::EncryptionFilter],
-                    post_filters: [Filters::TranslateSecureKeysFilter],
-    ))
+    Settings.new(**metadata.merge(
+                   settings:     raw_data,
+                   pre_filters:  [Filters::EncryptionFilter],
+                   post_filters: [Filters::TranslateSecureKeysFilter],
+                 ))
   end
   def insecure
-    Settings.new(metadata.merge(
-                    settings:     raw_data,
-                    pre_filters:  [Filters::InsecureFilter],
-                    post_filters: [Filters::TranslateSecureKeysFilter],
-    ))
+    Settings.new(**metadata.merge(
+                   settings:     raw_data,
+                   pre_filters:  [Filters::InsecureFilter],
+                   post_filters: [Filters::TranslateSecureKeysFilter],
+                 ))
   end
   def method_missing(name, *args)
-    return data.public_send(name, *args) if data.respond_to?(name)
+    if data.respond_to?(name)
+      warn "WARNING: Object notation access is deprecated and will be removed in Chamber 3.0.  You attempted to access the '#{name}' setting.  See https://github.com/thekompanee/chamber/wiki/Upgrading-To-Chamber-3.0#removal-of-object-notation-access for full details." # rubocop:disable Layout/LineLength
+      warn "WARNING: Predicate methods are deprecated and will be removed in Chamber 3.0.  You attempted to access the '#{name}' setting.  See https://github.com/thekompanee/chamber/wiki/Upgrading-To-Chamber-3.0#removal-of-predicate-accessors for full details." if name.end_with?('?') # rubocop:disable Layout/LineLength
-    super
+      data.public_send(name, *args)
+    else
+      super
+    end
   end
   def respond_to_missing?(name, include_private = false)
@@ -262,24 +296,20 @@ class   Settings
     @namespaces = NamespaceSet.new(raw_namespaces)
   end
+  # rubocop:disable Naming/MemoizedInstanceVariableName
   def raw_data
     @filtered_raw_data ||= pre_filters.inject(@raw_data) do |filtered_data, filter|
-      filter.execute({ data: filtered_data }.
-                     merge(metadata))
+      filter.execute(**{ data: filtered_data }.merge(metadata))
     end
   end
+  # rubocop:enable Naming/MemoizedInstanceVariableName
   def data
     @data ||= post_filters.inject(raw_data) do |filtered_data, filter|
-      filter.execute({ data: filtered_data }.
-                     merge(metadata))
+      filter.execute(**{ data: filtered_data }.merge(metadata))
     end
   end
-  def secure_key_prefix
-    '_secure_'
-  end
   def metadata
     {
       decryption_keys:   decryption_keys,