RubyGems - chamber - Versions diffs - 2.13.1 → 2.14.0 - Mend

chamber 2.13.1 → 2.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (49) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/README.md +101 -26
data/lib/chamber.rb +72 -10
data/lib/chamber/adapters/cloud/circle_ci.rb +16 -13
data/lib/chamber/adapters/cloud/heroku.rb +40 -13
data/lib/chamber/binary/circle_ci.rb +25 -12
data/lib/chamber/binary/heroku.rb +31 -12
data/lib/chamber/binary/runner.rb +37 -27
data/lib/chamber/binary/travis.rb +5 -3
data/lib/chamber/commands/base.rb +10 -16
data/lib/chamber/commands/cloud/base.rb +3 -3
data/lib/chamber/commands/cloud/pull.rb +2 -2
data/lib/chamber/commands/cloud/push.rb +7 -7
data/lib/chamber/commands/comparable.rb +2 -2
data/lib/chamber/commands/compare.rb +6 -9
data/lib/chamber/commands/initialize.rb +26 -22
data/lib/chamber/commands/securable.rb +9 -9
data/lib/chamber/commands/secure.rb +2 -2
data/lib/chamber/commands/show.rb +8 -8
data/lib/chamber/commands/sign.rb +2 -2
data/lib/chamber/commands/verify.rb +2 -2
data/lib/chamber/configuration.rb +6 -3
data/lib/chamber/context_resolver.rb +8 -7
data/lib/chamber/encryption_methods/ssl.rb +12 -12
data/lib/chamber/file.rb +16 -14
data/lib/chamber/file_set.rb +18 -8
data/lib/chamber/files/signature.rb +16 -14
data/lib/chamber/filters/decryption_filter.rb +12 -10
data/lib/chamber/filters/encryption_filter.rb +8 -8
data/lib/chamber/filters/environment_filter.rb +12 -14
data/lib/chamber/filters/failed_decryption_filter.rb +6 -6
data/lib/chamber/filters/insecure_filter.rb +3 -3
data/lib/chamber/filters/namespace_filter.rb +5 -5
data/lib/chamber/filters/secure_filter.rb +5 -5
data/lib/chamber/filters/translate_secure_keys_filter.rb +5 -5
data/lib/chamber/instance.rb +37 -21
data/lib/chamber/key_pair.rb +7 -7
data/lib/chamber/keys/base.rb +13 -13
data/lib/chamber/keys/decryption.rb +3 -3
data/lib/chamber/keys/encryption.rb +3 -3
data/lib/chamber/namespace_set.rb +2 -4
data/lib/chamber/settings.rb +45 -43
data/lib/chamber/types/secured.rb +8 -10
data/lib/chamber/version.rb +1 -1
data/templates/settings.yml +2 -0
metadata +24 -26
metadata.gz.sig +0 -0

data/lib/chamber/commands/securable.rb CHANGED

@@ -6,15 +6,15 @@ require 'chamber/instance'
 module  Chamber
 module  Commands
 module  Securable
-  def initialize(options = {})
-    super
-    ignored_settings_options        = options.
-                                        merge(files: ignored_settings_filepaths).
-                                        reject { |k, _v| k == 'basepath' }
-    self.ignored_settings_instance  = Chamber::Instance.new(ignored_settings_options)
-    self.current_settings_instance  = Chamber::Instance.new(options)
-    self.only_sensitive             = options[:only_sensitive]
+  def initialize(only_sensitive: nil, **args)
+    super(**args)
+    ignored_settings_options        = args
+                                        .merge(files: ignored_settings_filepaths)
+                                        .reject { |k, _v| k == 'basepath' }
+    self.ignored_settings_instance  = Chamber::Instance.new(**ignored_settings_options)
+    self.current_settings_instance  = Chamber::Instance.new(**args)
+    self.only_sensitive             = only_sensitive
   end
   protected

data/lib/chamber/commands/secure.rb CHANGED

@@ -8,8 +8,8 @@ module  Commands
 class   Secure < Chamber::Commands::Base
   include Chamber::Commands::Securable
-  def initialize(options = {})
-    super(options.merge(namespaces: ['*']))
+  def initialize(**args)
+    super(**args.merge(namespaces: ['*']))
   end
   def call

data/lib/chamber/commands/show.rb CHANGED

@@ -9,21 +9,21 @@ class   Show < Chamber::Commands::Base
   attr_accessor :as_env,
                 :only_sensitive
-  def initialize(options = {})
-    super
+  def initialize(as_env: nil, only_sensitive: nil, **args)
+    super(**args)
-    self.as_env         = options[:as_env]
-    self.only_sensitive = options[:only_sensitive]
+    self.as_env         = as_env
+    self.only_sensitive = only_sensitive
   end
   def call
     if as_env
       settings.to_s(pair_separator: "\n")
     else
-      PP.
-        pp(settings.to_hash, StringIO.new, 60).
-        string.
-        chomp
+      PP
+        .pp(settings.to_hash, StringIO.new, 60)
+        .string
+        .chomp
     end
   end

data/lib/chamber/commands/sign.rb CHANGED

@@ -5,8 +5,8 @@ require 'chamber/commands/base'
 module  Chamber
 module  Commands
 class   Sign < Chamber::Commands::Base
-  def initialize(options = {})
-    super(options.merge(namespaces: ['*']))
+  def initialize(**args)
+    super(**args.merge(namespaces: ['*']))
   end
   def call

data/lib/chamber/commands/verify.rb CHANGED

@@ -5,8 +5,8 @@ require 'chamber/commands/base'
 module  Chamber
 module  Commands
 class   Verify < Chamber::Commands::Base
-  def initialize(options = {})
-    super(options.merge(namespaces: ['*']))
+  def initialize(**args)
+    super(**args.merge(namespaces: ['*']))
   end
   def call

data/lib/chamber/configuration.rb CHANGED

@@ -9,10 +9,11 @@ class   Configuration
                 :encryption_keys,
                 :files,
                 :namespaces,
-                :rootpath
+                :rootpath,
+                :signature_name
-  def initialize(options = {})
-    options              = ContextResolver.resolve(options)
+  def initialize(**args)
+    options              = ContextResolver.resolve(**args)
     self.basepath        = options.fetch(:basepath)
     self.namespaces      = options.fetch(:namespaces)
@@ -20,6 +21,7 @@ class   Configuration
     self.encryption_keys = options.fetch(:encryption_keys)
     self.files           = options.fetch(:files)
     self.rootpath        = options.fetch(:rootpath)
+    self.signature_name  = options.fetch(:signature_name)
   end
   def to_hash
@@ -29,6 +31,7 @@ class   Configuration
       encryption_keys: encryption_keys,
       files:           files,
       namespaces:      namespaces,
+      signature_name:  signature_name,
     }
   end
 end

data/lib/chamber/context_resolver.rb CHANGED

@@ -3,7 +3,6 @@
 require 'pathname'
 require 'socket'
-require 'chamber/core_ext/hash'
 require 'chamber/keys/decryption'
 require 'chamber/keys/encryption'
@@ -11,11 +10,11 @@ module  Chamber
 class   ContextResolver
   attr_accessor :options
-  def initialize(options = {})
-    self.options = options.transform_keys(&:to_sym)
+  def initialize(**args)
+    self.options = args
   end
-  # rubocop:disable Metrics/AbcSize, Metrics/LineLength
+  # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize, Layout/LineLength
   def resolve
     options[:rootpath]   ||= Pathname.pwd
     options[:rootpath]     = Pathname.new(options[:rootpath])
@@ -43,12 +42,14 @@ class   ContextResolver
                                     options[:basepath] + 'settings',
                                   ]
+    options[:signature_name]    = options[:signature_name]
     options
   end
-  # rubocop:enable Metrics/AbcSize, Metrics/LineLength
+  # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize, Layout/LineLength
-  def self.resolve(options = {})
-    new(options).resolve
+  def self.resolve(**args)
+    new(**args).resolve
   end
   protected

data/lib/chamber/encryption_methods/ssl.rb CHANGED

@@ -5,7 +5,7 @@ require 'base64'
 module  Chamber
 module  EncryptionMethods
 class   Ssl
-  BASE64_STRING_PATTERN     = %r{[A-Za-z0-9\+\/#]*\={0,2}}.freeze
+  BASE64_STRING_PATTERN     = %r{[A-Za-z0-9+/#]*={0,2}}.freeze
   LARGE_DATA_STRING_PATTERN = /
                                 \A
                                 (#{BASE64_STRING_PATTERN})
@@ -16,12 +16,12 @@ class   Ssl
                                 \z
                               /x.freeze
-  def self.encrypt(_key, value, encryption_keys)
-    value = YAML.dump(value)
-    cipher = OpenSSL::Cipher.new('AES-128-CBC')
+  def self.encrypt(_key, value, encryption_keys) # rubocop:disable Metrics/AbcSize
+    value         = YAML.dump(value)
+    cipher        = OpenSSL::Cipher.new('AES-128-CBC')
     cipher.encrypt
     symmetric_key = cipher.random_key
-    iv = cipher.random_iv
+    iv            = cipher.random_iv
     # encrypt all data with this key and iv
     encrypted_data = cipher.update(value) + cipher.final
@@ -35,24 +35,24 @@ class   Ssl
     Base64.strict_encode64(encrypted_data)
   end
-  def self.decrypt(key, value, decryption_keys)
+  def self.decrypt(key, value, decryption_keys) # rubocop:disable Metrics/AbcSize
     if decryption_keys.nil?
       value
     else
-      key, iv, decoded_string = value.
-                                  match(LARGE_DATA_STRING_PATTERN).
-                                  captures.
-                                  map do |part|
+      key, iv, decoded_string = value
+                                  .match(LARGE_DATA_STRING_PATTERN)
+                                  .captures
+                                  .map do |part|
         Base64.strict_decode64(part)
       end
-      key = decryption_keys.private_decrypt(key)
+      key                     = decryption_keys.private_decrypt(key)
       cipher_dec = OpenSSL::Cipher.new('AES-128-CBC')
       cipher_dec.decrypt
       cipher_dec.key = key
-      cipher_dec.iv = iv
+      cipher_dec.iv  = iv
       begin
         unencrypted_value = cipher_dec.update(decoded_string) + cipher_dec.final

data/lib/chamber/file.rb CHANGED

@@ -13,7 +13,8 @@ module  Chamber
 class   File < Pathname
   attr_accessor :namespaces,
                 :decryption_keys,
-                :encryption_keys
+                :encryption_keys,
+                :signature_name
   ###
   # Internal: Creates a settings file representing a path to a file on the
@@ -42,12 +43,13 @@ class   File < Pathname
   #   Chamber::File.new path: '/tmp/settings.yml'
   #   # => <Chamber::File>
   #
-  def initialize(options = {})
-    self.namespaces      = options[:namespaces]      || {}
-    self.decryption_keys = options[:decryption_keys] || {}
-    self.encryption_keys = options[:encryption_keys] || {}
+  def initialize(path:, namespaces: {}, decryption_keys: {}, encryption_keys: {}, signature_name: nil)
+    self.namespaces      = namespaces
+    self.decryption_keys = decryption_keys
+    self.encryption_keys = encryption_keys
+    self.signature_name  = signature_name
-    super options.fetch(:path)
+    super path
   end
   ###
@@ -76,7 +78,7 @@ class   File < Pathname
                                   encryption_keys: encryption_keys)
   end
-  # rubocop:disable Metrics/LineLength
+  # rubocop:disable Layout/LineLength, Metrics/AbcSize
   def secure
     insecure_settings = to_settings.insecure.to_flattened_name_hash
     secure_settings   = to_settings.insecure.secure.to_flattened_name_hash
@@ -88,14 +90,14 @@ class   File < Pathname
       escaped_name  = Regexp.escape(name_pieces.last)
       escaped_value = Regexp.escape(value)
-      file_contents.
-        sub!(
+      file_contents
+        .sub!(
           /^(\s*)#{secure_prefix_pattern}#{escaped_name}(\s*):(\s*)['"]?#{escaped_value}['"]?$/,
           "\\1#{secure_prefix}#{name_pieces.last}\\2:\\3#{secure_value}",
         )
-      file_contents.
-        sub!(
+      file_contents
+        .sub!(
           /^(\s*)#{secure_prefix_pattern}#{escaped_name}(\s*):(\s*)\|((?:\n\1\s{2}.*)+)/,
           "\\1#{secure_prefix}#{name_pieces.last}\\2:\\3#{secure_value}",
         )
@@ -103,7 +105,7 @@ class   File < Pathname
     write(file_contents)
   end
-  # rubocop:enable Metrics/LineLength
+  # rubocop:enable Layout/LineLength, Metrics/AbcSize
   def sign
     signature_key_contents = decryption_keys[:signature]
@@ -111,7 +113,7 @@ class   File < Pathname
     fail ArgumentError, 'You asked to sign your settings files but no signature key was found.  Run `chamber init --signature` to generate one.' \
       unless signature_key_contents
-    signature = Files::Signature.new(to_s, read, signature_key_contents)
+    signature = Files::Signature.new(to_s, read, signature_key_contents, signature_name)
     signature.write
   end
@@ -122,7 +124,7 @@ class   File < Pathname
     fail ArgumentError, 'You asked to verify your settings files but no signature key was found.  Run `chamber init --signature` to generate one.' \
       unless signature_key_contents
-    signature = Files::Signature.new(to_s, read, signature_key_contents)
+    signature = Files::Signature.new(to_s, read, signature_key_contents, signature_name)
     signature.verify
   end

data/lib/chamber/file_set.rb CHANGED

@@ -114,17 +114,26 @@ module  Chamber
 class   FileSet
   attr_accessor :decryption_keys,
                 :encryption_keys,
-                :basepath
+                :basepath,
+                :signature_name
   attr_reader   :namespaces,
                 :paths
-  def initialize(options = {})
-    self.namespaces      = options[:namespaces] || {}
-    self.decryption_keys = options[:decryption_keys]
-    self.encryption_keys = options[:encryption_keys]
-    self.paths           = options.fetch(:files)
-    self.basepath        = options[:basepath]
+  # rubocop:disable Metrics/ParameterLists
+  def initialize(files:,
+                 basepath:        nil,
+                 decryption_keys: nil,
+                 encryption_keys: nil,
+                 namespaces:      {},
+                 signature_name:  nil)
+    self.basepath        = basepath
+    self.decryption_keys = decryption_keys
+    self.encryption_keys = encryption_keys
+    self.namespaces      = namespaces
+    self.paths           = files
+    self.signature_name  = signature_name
   end
+  # rubocop:enable Metrics/ParameterLists
   ###
   # Internal: Returns an Array of the ordered list of files that was processed
@@ -234,7 +243,8 @@ class   FileSet
           File.new(path:            file,
                    namespaces:      namespaces,
                    decryption_keys: decryption_keys,
-                   encryption_keys: encryption_keys)
+                   encryption_keys: encryption_keys,
+                   signature_name:  signature_name)
         end
         sorted_relevant_files += relevant_glob_files

data/lib/chamber/files/signature.rb CHANGED

@@ -8,9 +8,9 @@ module Chamber
 module Files
 class  Signature
   SIGNATURE_HEADER          = '-----BEGIN CHAMBER SIGNATURE-----'
-  SIGNATURE_HEADER_PATTERN  = /\-\-\-\-\-BEGIN\sCHAMBER\sSIGNATURE\-\-\-\-\-/.freeze
+  SIGNATURE_HEADER_PATTERN  = /-----BEGIN\sCHAMBER\sSIGNATURE-----/.freeze
   SIGNATURE_FOOTER          = '-----END CHAMBER SIGNATURE-----'
-  SIGNATURE_FOOTER_PATTERN  = /\-\-\-\-\-END\sCHAMBER\sSIGNATURE\-\-\-\-\-/.freeze
+  SIGNATURE_FOOTER_PATTERN  = /-----END\sCHAMBER\sSIGNATURE-----/.freeze
   SIGNATURE_IN_FILE_PATTERN = /
                                 #{SIGNATURE_HEADER_PATTERN}\n # Header
                                 (.*)\n                        # Signature Body
@@ -18,14 +18,16 @@ class  Signature
                               /x.freeze
   attr_accessor :settings_content,
-                :settings_filename
+                :settings_filename,
+                :signature_name
   attr_reader   :signature_key
-  def initialize(settings_filename, settings_content, signature_key)
+  def initialize(settings_filename, settings_content, signature_key, signature_name)
     self.signature_key     = signature_key
     self.settings_content  = settings_content
     self.settings_filename = Pathname.new(settings_filename)
+    self.signature_name    = signature_name
   end
   def signature_key=(keyish)
@@ -41,7 +43,7 @@ class  Signature
   def write
     signature_filename.write(<<-HEREDOC, 0, mode: 'w+')
-Signed By: #{`git config --get 'user.name'`.chomp}
+Signed By: #{signature_name}
 Signed At: #{Time.now.utc.iso8601}
 #{SIGNATURE_HEADER}
@@ -61,20 +63,20 @@ Signed At: #{Time.now.utc.iso8601}
   end
   def raw_signature
-    @raw_signature ||= signature_key.
-                         sign(digest, settings_content)
+    @raw_signature ||= signature_key
+                         .sign(digest, settings_content)
   end
   def signature_filename
-    @signature_filename ||= settings_filename.
-                              sub('.yml', '.sig').
-                              sub('.erb', '')
+    @signature_filename ||= settings_filename
+                              .sub('.yml', '.sig')
+                              .sub('.erb', '')
   end
   def encoded_signature_content
-    @encoded_signature_content ||= signature_filename.
-                                     read.
-                                     match(SIGNATURE_IN_FILE_PATTERN) do |match|
+    @encoded_signature_content ||= signature_filename
+                                     .read
+                                     .match(SIGNATURE_IN_FILE_PATTERN) do |match|
       match[1]
     end
   end
@@ -84,7 +86,7 @@ Signed At: #{Time.now.utc.iso8601}
   end
   def digest
-    @digest ||= OpenSSL::Digest::SHA512.new
+    @digest ||= OpenSSL::Digest.new('SHA512')
   end
 end
 end

data/lib/chamber/filters/decryption_filter.rb CHANGED

@@ -12,19 +12,19 @@ require 'chamber/errors/decryption_failure'
 module  Chamber
 module  Filters
 class   DecryptionFilter
-  BASE64_STRING_PATTERN     = %r{\A[A-Za-z0-9\+/]{342}==\z}.freeze
+  BASE64_STRING_PATTERN     = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
   LARGE_DATA_STRING_PATTERN = %r{
                                   \A                            # Beginning of String
                                   (
-                                    [A-Za-z0-9\+\/#]*\={0,2}    # Base64 Encoded Key
+                                    [A-Za-z0-9+/#]*={0,2}       # Base64 Encoded Key
                                   )
                                   \#                            # Separator
                                   (
-                                    [A-Za-z0-9\+\/#]*\={0,2}    # Base64 Encoded IV
+                                    [A-Za-z0-9+/#]*={0,2}       # Base64 Encoded IV
                                   )
                                   \#                            # Separator
                                   (
-                                    [A-Za-z0-9\+\/#]*\={0,2}    # Base64 Encoded Data
+                                    [A-Za-z0-9+/#]*={0,2}       # Base64 Encoded Data
                                   )
                                   \z                            # End of String
                                 }x.freeze
@@ -33,14 +33,14 @@ class   DecryptionFilter
                 :secure_key_token
   attr_reader   :decryption_keys
-  def initialize(options = {})
-    self.decryption_keys  = options.fetch(:decryption_keys, {}) || {}
-    self.data             = options.fetch(:data).dup
-    self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
+  def initialize(data:, secure_key_prefix:, decryption_keys: {}, **_args)
+    self.decryption_keys  = decryption_keys || {}
+    self.data             = data.dup
+    self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
   end
-  def self.execute(options = {})
-    new(options).__send__(:execute)
+  def self.execute(**args)
+    new(**args).__send__(:execute)
   end
   protected
@@ -75,6 +75,7 @@ class   DecryptionFilter
   private
+  # rubocop:disable Style/RedundantBegin
   def decrypt(key, value)
     method = decryption_method(value)
@@ -88,6 +89,7 @@ class   DecryptionFilter
     value
   end
+  # rubocop:enable Style/RedundantBegin
   def decryption_method(value)
     if value.respond_to?(:match)