chamber 2.12.5 → 2.14.2

data/lib/chamber/file_set.rb

@@ -114,17 +114,26 @@ module  Chamber
 class   FileSet
   attr_accessor :decryption_keys,
                 :encryption_keys,
-                :basepath
+                :basepath,
+                :signature_name
   attr_reader   :namespaces,
                 :paths
 
-  def initialize(options = {})
-    self.namespaces      = options[:namespaces] || {}
-    self.decryption_keys = options[:decryption_keys]
-    self.encryption_keys = options[:encryption_keys]
-    self.paths           = options.fetch(:files)
-    self.basepath        = options[:basepath]
+  # rubocop:disable Metrics/ParameterLists
+  def initialize(files:,
+                 basepath:        nil,
+                 decryption_keys: nil,
+                 encryption_keys: nil,
+                 namespaces:      {},
+                 signature_name:  nil)
+    self.basepath        = basepath
+    self.decryption_keys = decryption_keys
+    self.encryption_keys = encryption_keys
+    self.namespaces      = namespaces
+    self.paths           = files
+    self.signature_name  = signature_name
   end
+  # rubocop:enable Metrics/ParameterLists
 
   ###
   # Internal: Returns an Array of the ordered list of files that was processed
@@ -234,7 +243,8 @@ class   FileSet
           File.new(path:            file,
                    namespaces:      namespaces,
                    decryption_keys: decryption_keys,
-                   encryption_keys: encryption_keys)
+                   encryption_keys: encryption_keys,
+                   signature_name:  signature_name)
         end
 
         sorted_relevant_files += relevant_glob_files

data/lib/chamber/files/signature.rb

@@ -8,9 +8,9 @@ module Chamber
 module Files
 class  Signature
   SIGNATURE_HEADER          = '-----BEGIN CHAMBER SIGNATURE-----'
-  SIGNATURE_HEADER_PATTERN  = /\-\-\-\-\-BEGIN\sCHAMBER\sSIGNATURE\-\-\-\-\-/.freeze
+  SIGNATURE_HEADER_PATTERN  = /-----BEGIN\sCHAMBER\sSIGNATURE-----/.freeze
   SIGNATURE_FOOTER          = '-----END CHAMBER SIGNATURE-----'
-  SIGNATURE_FOOTER_PATTERN  = /\-\-\-\-\-END\sCHAMBER\sSIGNATURE\-\-\-\-\-/.freeze
+  SIGNATURE_FOOTER_PATTERN  = /-----END\sCHAMBER\sSIGNATURE-----/.freeze
   SIGNATURE_IN_FILE_PATTERN = /
                                 #{SIGNATURE_HEADER_PATTERN}\n # Header
                                 (.*)\n                        # Signature Body
@@ -18,14 +18,16 @@ class  Signature
                               /x.freeze
 
   attr_accessor :settings_content,
-                :settings_filename
+                :settings_filename,
+                :signature_name
 
   attr_reader   :signature_key
 
-  def initialize(settings_filename, settings_content, signature_key)
+  def initialize(settings_filename, settings_content, signature_key, signature_name)
     self.signature_key     = signature_key
     self.settings_content  = settings_content
     self.settings_filename = Pathname.new(settings_filename)
+    self.signature_name    = signature_name
   end
 
   def signature_key=(keyish)
@@ -41,7 +43,7 @@ class  Signature
 
   def write
     signature_filename.write(<<-HEREDOC, 0, mode: 'w+')
-Signed By: #{`git config --get 'user.name'`.chomp}
+Signed By: #{signature_name}
 Signed At: #{Time.now.utc.iso8601}
 
 #{SIGNATURE_HEADER}
@@ -61,20 +63,20 @@ Signed At: #{Time.now.utc.iso8601}
   end
 
   def raw_signature
-    @raw_signature ||= signature_key.
-                         sign(digest, settings_content)
+    @raw_signature ||= signature_key
+                         .sign(digest, settings_content)
   end
 
   def signature_filename
-    @signature_filename ||= settings_filename.
-                              sub('.yml', '.sig').
-                              sub('.erb', '')
+    @signature_filename ||= settings_filename
+                              .sub('.yml', '.sig')
+                              .sub('.erb', '')
   end
 
   def encoded_signature_content
-    @encoded_signature_content ||= signature_filename.
-                                     read.
-                                     match(SIGNATURE_IN_FILE_PATTERN) do |match|
+    @encoded_signature_content ||= signature_filename
+                                     .read
+                                     .match(SIGNATURE_IN_FILE_PATTERN) do |match|
       match[1]
     end
   end
@@ -84,7 +86,7 @@ Signed At: #{Time.now.utc.iso8601}
   end
 
   def digest
-    @digest ||= OpenSSL::Digest::SHA512.new
+    @digest ||= OpenSSL::Digest.new('SHA512')
   end
 end
 end

data/lib/chamber/filters/decryption_filter.rb

@@ -12,19 +12,19 @@ require 'chamber/errors/decryption_failure'
 module  Chamber
 module  Filters
 class   DecryptionFilter
-  BASE64_STRING_PATTERN     = %r{\A[A-Za-z0-9\+/]{342}==\z}.freeze
+  BASE64_STRING_PATTERN     = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
   LARGE_DATA_STRING_PATTERN = %r{
                                   \A                            # Beginning of String
                                   (
-                                    [A-Za-z0-9\+\/#]*\={0,2}    # Base64 Encoded Key
+                                    [A-Za-z0-9+/#]*={0,2}       # Base64 Encoded Key
                                   )
                                   \#                            # Separator
                                   (
-                                    [A-Za-z0-9\+\/#]*\={0,2}    # Base64 Encoded IV
+                                    [A-Za-z0-9+/#]*={0,2}       # Base64 Encoded IV
                                   )
                                   \#                            # Separator
                                   (
-                                    [A-Za-z0-9\+\/#]*\={0,2}    # Base64 Encoded Data
+                                    [A-Za-z0-9+/#]*={0,2}       # Base64 Encoded Data
                                   )
                                   \z                            # End of String
                                 }x.freeze
@@ -33,14 +33,14 @@ class   DecryptionFilter
                 :secure_key_token
   attr_reader   :decryption_keys
 
-  def initialize(options = {})
-    self.decryption_keys  = options.fetch(:decryption_keys, {}) || {}
-    self.data             = options.fetch(:data).dup
-    self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
+  def initialize(data:, secure_key_prefix:, decryption_keys: {}, **_args)
+    self.decryption_keys  = decryption_keys || {}
+    self.data             = data.dup
+    self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
   end
 
-  def self.execute(options = {})
-    new(options).__send__(:execute)
+  def self.execute(**args)
+    new(**args).__send__(:execute)
   end
 
   protected
@@ -75,17 +75,21 @@ class   DecryptionFilter
 
   private
 
+  # rubocop:disable Style/RedundantBegin
   def decrypt(key, value)
     method = decryption_method(value)
 
     decryption_keys.each do |decryption_key|
-      return method.decrypt(key, value, decryption_key)
-    rescue OpenSSL::PKey::RSAError
-      next
+      begin
+        return method.decrypt(key, value, decryption_key)
+      rescue OpenSSL::PKey::RSAError
+        next
+      end
     end
 
     value
   end
+  # rubocop:enable Style/RedundantBegin
 
   def decryption_method(value)
     if value.respond_to?(:match)

data/lib/chamber/filters/encryption_filter.rb

@@ -10,8 +10,8 @@ require 'chamber/encryption_methods/none'
 module    Chamber
 module    Filters
 class     EncryptionFilter
-  BASE64_STRING_PATTERN     = %r{\A[A-Za-z0-9\+\/]{342}==\z}.freeze
-  BASE64_SUBSTRING_PATTERN  = %r{[A-Za-z0-9\+\/#]*\={0,2}}.freeze
+  BASE64_STRING_PATTERN     = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
+  BASE64_SUBSTRING_PATTERN  = %r{[A-Za-z0-9+/#]*={0,2}}.freeze
   LARGE_DATA_STRING_PATTERN = /
                                 \A
                                 (#{BASE64_SUBSTRING_PATTERN})
@@ -26,14 +26,14 @@ class     EncryptionFilter
                 :secure_key_token
   attr_reader   :encryption_keys
 
-  def initialize(options = {})
-    self.encryption_keys  = options.fetch(:encryption_keys, {}) || {}
-    self.data             = options.fetch(:data).dup
-    self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
+  def initialize(data:, secure_key_prefix:, encryption_keys: {}, **_args)
+    self.encryption_keys  = encryption_keys || {}
+    self.data             = data.dup
+    self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
   end
 
-  def self.execute(options = {})
-    new(options).__send__(:execute)
+  def self.execute(**args)
+    new(**args).__send__(:execute)
   end
 
   protected

data/lib/chamber/filters/environment_filter.rb

@@ -88,16 +88,16 @@ class   EnvironmentFilter
   #   }
   #
   #
-  def self.execute(options = {})
-    new(options).__send__(:execute)
+  def self.execute(**args)
+    new(**args).__send__(:execute)
   end
 
   attr_accessor :data,
                 :secure_key_token
 
-  def initialize(options = {})
-    self.data             = options.fetch(:data)
-    self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
+  def initialize(data:, secure_key_prefix:, **_args)
+    self.data             = data
+    self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
   end
 
   protected
@@ -138,8 +138,7 @@ class   EnvironmentFilter
     environment_hash
   end
 
-  # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
-  def convert_environment_value(environment_key, environment_value, settings_value)
+  def convert_environment_value(environment_key, environment_value, settings_value) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/AbcSize
     return settings_value unless environment_value
     return                if %w{___nil___ ___null___}.include?(environment_value)
 
@@ -163,22 +162,21 @@ class   EnvironmentFilter
           fail ArgumentError, "Invalid value for Array: #{environment_value}"
         end
       end
-    when 'Integer'
+    when 'Fixnum', 'Integer'
       Integer(environment_value)
     else
       environment_value
     end
   rescue ArgumentError
-    raise Chamber::Errors::EnvironmentConversion, <<~HEREDOC
-      We attempted to convert '#{environment_key}' from '#{environment_value}' to a '#{settings_value.class.name}'.
+    raise Chamber::Errors::EnvironmentConversion, <<-HEREDOC
+We attempted to convert '#{environment_key}' from '#{environment_value}' to a '#{settings_value.class.name}'.
 
-      Unfortunately, this did not go as planned.  Please either verify that your value is convertable
-      or change the original YAML value to be something more generic (like a String).
+Unfortunately, this did not go as planned.  Please either verify that your value is convertable
+or change the original YAML value to be something more generic (like a String).
 
-      For more information, see https://github.com/thekompanee/chamber/wiki/Environment-Variable-Coercions
+For more information, see https://github.com/thekompanee/chamber/wiki/Environment-Variable-Coercions
     HEREDOC
   end
-  # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
 end
 end
 end

data/lib/chamber/filters/failed_decryption_filter.rb

@@ -5,18 +5,18 @@ require 'chamber/errors/decryption_failure'
 module  Chamber
 module  Filters
 class   FailedDecryptionFilter
-  BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9\+/]{342}==\z}.freeze
+  BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
 
-  def self.execute(options = {})
-    new(options).__send__(:execute)
+  def self.execute(**args)
+    new(**args).__send__(:execute)
   end
 
   attr_accessor :data,
                 :secure_key_token
 
-  def initialize(options = {})
-    self.data             = options.fetch(:data).dup
-    self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
+  def initialize(data:, secure_key_prefix:, **_args)
+    self.data             = data.dup
+    self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
   end
 
   protected

data/lib/chamber/filters/insecure_filter.rb

@@ -6,8 +6,8 @@ require 'chamber/filters/secure_filter'
 module  Chamber
 module  Filters
 class   InsecureFilter < SecureFilter
-  BASE64_STRING_PATTERN     = %r{\A[A-Za-z0-9\+\/]{342}==\z}.freeze
-  BASE64_SUBSTRING_PATTERN  = %r{[A-Za-z0-9\+\/#]*\={0,2}}.freeze
+  BASE64_STRING_PATTERN     = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
+  BASE64_SUBSTRING_PATTERN  = %r{[A-Za-z0-9+/#]*={0,2}}.freeze
   LARGE_DATA_STRING_PATTERN = /
                                 \A
                                 (#{BASE64_SUBSTRING_PATTERN})
@@ -20,7 +20,7 @@ class   InsecureFilter < SecureFilter
 
   protected
 
-  def execute(raw_data = data)
+  def execute(raw_data = data) # rubocop:disable Metrics/CyclomaticComplexity
     securable_settings = super
     settings           = Hashie::Mash.new
 

data/lib/chamber/filters/namespace_filter.rb

@@ -5,16 +5,16 @@ require 'hashie/mash'
 module  Chamber
 module  Filters
 class   NamespaceFilter
-  def self.execute(options = {})
-    new(options).__send__(:execute)
+  def self.execute(**args)
+    new(**args).__send__(:execute)
   end
 
   attr_accessor :data,
                 :namespaces
 
-  def initialize(options = {})
-    self.data       = Hashie::Mash.new(options.fetch(:data))
-    self.namespaces = options.fetch(:namespaces)
+  def initialize(data:, namespaces:, **_args)
+    self.data       = Hashie::Mash.new(data)
+    self.namespaces = namespaces
   end
 
   protected

data/lib/chamber/filters/secure_filter.rb

@@ -5,16 +5,16 @@ require 'hashie/mash'
 module  Chamber
 module  Filters
 class   SecureFilter
-  def self.execute(options = {})
-    new(options).__send__(:execute)
+  def self.execute(**args)
+    new(**args).__send__(:execute)
   end
 
   attr_accessor :data,
                 :secure_key_token
 
-  def initialize(options = {})
-    self.data             = Hashie::Mash.new(options.fetch(:data))
-    self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
+  def initialize(data:, secure_key_prefix:, **_args)
+    self.data             = Hashie::Mash.new(data)
+    self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
   end
 
   protected

data/lib/chamber/filters/translate_secure_keys_filter.rb

@@ -5,16 +5,16 @@ require 'hashie/mash'
 module  Chamber
 module  Filters
 class   TranslateSecureKeysFilter
-  def self.execute(options = {})
-    new(options).__send__(:execute)
+  def self.execute(**args)
+    new(**args).__send__(:execute)
   end
 
   attr_accessor :data,
                 :secure_key_token
 
-  def initialize(options = {})
-    self.data             = options.fetch(:data).dup
-    self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
+  def initialize(data:, secure_key_prefix:, **_args)
+    self.data             = data.dup
+    self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
   end
 
   protected

data/lib/chamber/instance.rb

@@ -9,15 +9,27 @@ class   Instance
   attr_accessor :configuration,
                 :files
 
-  def initialize(options = {})
-    self.configuration = Configuration.new  options
-    self.files         = FileSet.new        configuration.to_hash
+  def initialize(**args)
+    self.configuration = Configuration.new(**args)
+    self.files         = FileSet.new(**configuration.to_hash)
   end
 
   def settings
     @settings ||= files.to_settings { |settings| @settings = settings }
   end
 
+  def [](key)
+    settings.[](key)
+  end
+
+  def dig!(*args)
+    settings.dig!(*args)
+  end
+
+  def dig(*args)
+    settings.dig(*args)
+  end
+
   def filenames
     files.filenames
   end
@@ -34,26 +46,42 @@ class   Instance
     files.verify
   end
 
-  def encrypt(data, options = {})
-    config = configuration.to_hash.merge(options)
+  def to_environment
+    settings.to_environment
+  end
+
+  def to_s(**args)
+    settings.to_s(**args)
+  end
+
+  def to_hash
+    settings.to_hash
+  end
+
+  def namespaces
+    settings.namespaces
+  end
+
+  def encrypt(data, **args)
+    config = configuration.to_hash.merge(**args)
 
-    Settings.
-      new(
-        config.merge(
+    Settings
+      .new(
+        **config.merge(
           settings:     data,
           pre_filters:  [Filters::EncryptionFilter],
           post_filters: [],
         ),
-      ).
-      to_hash
+      )
+      .to_hash
   end
 
-  def decrypt(data, options = {})
-    config = configuration.to_hash.merge(options)
+  def decrypt(data, **args)
+    config = configuration.to_hash.merge(**args)
 
-    Settings.
-      new(
-        config.merge(
+    Settings
+      .new(
+        **config.merge(
           settings:     data,
           pre_filters:  [Filters::NamespaceFilter],
           post_filters: [
@@ -61,12 +89,8 @@ class   Instance
                           Filters::FailedDecryptionFilter,
                         ],
         ),
-      ).
-      to_hash
-  end
-
-  def to_s(options = {})
-    settings.to_s(options)
+      )
+      .to_hash
   end
 
   def method_missing(name, *args)