chamber 2.13.1 → 2.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/README.md +101 -26
- data/lib/chamber.rb +72 -10
- data/lib/chamber/adapters/cloud/circle_ci.rb +16 -13
- data/lib/chamber/adapters/cloud/heroku.rb +40 -13
- data/lib/chamber/binary/circle_ci.rb +25 -12
- data/lib/chamber/binary/heroku.rb +31 -12
- data/lib/chamber/binary/runner.rb +37 -27
- data/lib/chamber/binary/travis.rb +5 -3
- data/lib/chamber/commands/base.rb +10 -16
- data/lib/chamber/commands/cloud/base.rb +3 -3
- data/lib/chamber/commands/cloud/pull.rb +2 -2
- data/lib/chamber/commands/cloud/push.rb +7 -7
- data/lib/chamber/commands/comparable.rb +2 -2
- data/lib/chamber/commands/compare.rb +6 -9
- data/lib/chamber/commands/initialize.rb +26 -22
- data/lib/chamber/commands/securable.rb +9 -9
- data/lib/chamber/commands/secure.rb +2 -2
- data/lib/chamber/commands/show.rb +8 -8
- data/lib/chamber/commands/sign.rb +2 -2
- data/lib/chamber/commands/verify.rb +2 -2
- data/lib/chamber/configuration.rb +6 -3
- data/lib/chamber/context_resolver.rb +8 -7
- data/lib/chamber/encryption_methods/ssl.rb +12 -12
- data/lib/chamber/file.rb +16 -14
- data/lib/chamber/file_set.rb +18 -8
- data/lib/chamber/files/signature.rb +16 -14
- data/lib/chamber/filters/decryption_filter.rb +12 -10
- data/lib/chamber/filters/encryption_filter.rb +8 -8
- data/lib/chamber/filters/environment_filter.rb +12 -14
- data/lib/chamber/filters/failed_decryption_filter.rb +6 -6
- data/lib/chamber/filters/insecure_filter.rb +3 -3
- data/lib/chamber/filters/namespace_filter.rb +5 -5
- data/lib/chamber/filters/secure_filter.rb +5 -5
- data/lib/chamber/filters/translate_secure_keys_filter.rb +5 -5
- data/lib/chamber/instance.rb +37 -21
- data/lib/chamber/key_pair.rb +7 -7
- data/lib/chamber/keys/base.rb +13 -13
- data/lib/chamber/keys/decryption.rb +3 -3
- data/lib/chamber/keys/encryption.rb +3 -3
- data/lib/chamber/namespace_set.rb +2 -4
- data/lib/chamber/settings.rb +45 -43
- data/lib/chamber/types/secured.rb +8 -10
- data/lib/chamber/version.rb +1 -1
- data/templates/settings.yml +2 -0
- metadata +24 -26
- metadata.gz.sig +0 -0
@@ -10,8 +10,8 @@ require 'chamber/encryption_methods/none'
|
|
10
10
|
module Chamber
|
11
11
|
module Filters
|
12
12
|
class EncryptionFilter
|
13
|
-
BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9
|
14
|
-
BASE64_SUBSTRING_PATTERN = %r{[A-Za-z0-9
|
13
|
+
BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
|
14
|
+
BASE64_SUBSTRING_PATTERN = %r{[A-Za-z0-9+/#]*={0,2}}.freeze
|
15
15
|
LARGE_DATA_STRING_PATTERN = /
|
16
16
|
\A
|
17
17
|
(#{BASE64_SUBSTRING_PATTERN})
|
@@ -26,14 +26,14 @@ class EncryptionFilter
|
|
26
26
|
:secure_key_token
|
27
27
|
attr_reader :encryption_keys
|
28
28
|
|
29
|
-
def initialize(
|
30
|
-
self.encryption_keys =
|
31
|
-
self.data =
|
32
|
-
self.secure_key_token = /\A#{Regexp.escape(
|
29
|
+
def initialize(data:, secure_key_prefix:, encryption_keys: {}, **_args)
|
30
|
+
self.encryption_keys = encryption_keys || {}
|
31
|
+
self.data = data.dup
|
32
|
+
self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
|
33
33
|
end
|
34
34
|
|
35
|
-
def self.execute(
|
36
|
-
new(
|
35
|
+
def self.execute(**args)
|
36
|
+
new(**args).__send__(:execute)
|
37
37
|
end
|
38
38
|
|
39
39
|
protected
|
@@ -88,16 +88,16 @@ class EnvironmentFilter
|
|
88
88
|
# }
|
89
89
|
#
|
90
90
|
#
|
91
|
-
def self.execute(
|
92
|
-
new(
|
91
|
+
def self.execute(**args)
|
92
|
+
new(**args).__send__(:execute)
|
93
93
|
end
|
94
94
|
|
95
95
|
attr_accessor :data,
|
96
96
|
:secure_key_token
|
97
97
|
|
98
|
-
def initialize(
|
99
|
-
self.data =
|
100
|
-
self.secure_key_token = /\A#{Regexp.escape(
|
98
|
+
def initialize(data:, secure_key_prefix:, **_args)
|
99
|
+
self.data = data
|
100
|
+
self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
|
101
101
|
end
|
102
102
|
|
103
103
|
protected
|
@@ -138,8 +138,7 @@ class EnvironmentFilter
|
|
138
138
|
environment_hash
|
139
139
|
end
|
140
140
|
|
141
|
-
# rubocop:disable Metrics/CyclomaticComplexity, Metrics/
|
142
|
-
def convert_environment_value(environment_key, environment_value, settings_value)
|
141
|
+
def convert_environment_value(environment_key, environment_value, settings_value) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/AbcSize
|
143
142
|
return settings_value unless environment_value
|
144
143
|
return if %w{___nil___ ___null___}.include?(environment_value)
|
145
144
|
|
@@ -163,22 +162,21 @@ class EnvironmentFilter
|
|
163
162
|
fail ArgumentError, "Invalid value for Array: #{environment_value}"
|
164
163
|
end
|
165
164
|
end
|
166
|
-
when 'Integer'
|
165
|
+
when 'Fixnum', 'Integer'
|
167
166
|
Integer(environment_value)
|
168
167
|
else
|
169
168
|
environment_value
|
170
169
|
end
|
171
170
|
rescue ArgumentError
|
172
|
-
raise Chamber::Errors::EnvironmentConversion,
|
173
|
-
|
171
|
+
raise Chamber::Errors::EnvironmentConversion, <<-HEREDOC
|
172
|
+
We attempted to convert '#{environment_key}' from '#{environment_value}' to a '#{settings_value.class.name}'.
|
174
173
|
|
175
|
-
|
176
|
-
|
174
|
+
Unfortunately, this did not go as planned. Please either verify that your value is convertable
|
175
|
+
or change the original YAML value to be something more generic (like a String).
|
177
176
|
|
178
|
-
|
177
|
+
For more information, see https://github.com/thekompanee/chamber/wiki/Environment-Variable-Coercions
|
179
178
|
HEREDOC
|
180
179
|
end
|
181
|
-
# rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
182
180
|
end
|
183
181
|
end
|
184
182
|
end
|
@@ -5,18 +5,18 @@ require 'chamber/errors/decryption_failure'
|
|
5
5
|
module Chamber
|
6
6
|
module Filters
|
7
7
|
class FailedDecryptionFilter
|
8
|
-
BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9
|
8
|
+
BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
|
9
9
|
|
10
|
-
def self.execute(
|
11
|
-
new(
|
10
|
+
def self.execute(**args)
|
11
|
+
new(**args).__send__(:execute)
|
12
12
|
end
|
13
13
|
|
14
14
|
attr_accessor :data,
|
15
15
|
:secure_key_token
|
16
16
|
|
17
|
-
def initialize(
|
18
|
-
self.data =
|
19
|
-
self.secure_key_token = /\A#{Regexp.escape(
|
17
|
+
def initialize(data:, secure_key_prefix:, **_args)
|
18
|
+
self.data = data.dup
|
19
|
+
self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
|
20
20
|
end
|
21
21
|
|
22
22
|
protected
|
@@ -6,8 +6,8 @@ require 'chamber/filters/secure_filter'
|
|
6
6
|
module Chamber
|
7
7
|
module Filters
|
8
8
|
class InsecureFilter < SecureFilter
|
9
|
-
BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9
|
10
|
-
BASE64_SUBSTRING_PATTERN = %r{[A-Za-z0-9
|
9
|
+
BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
|
10
|
+
BASE64_SUBSTRING_PATTERN = %r{[A-Za-z0-9+/#]*={0,2}}.freeze
|
11
11
|
LARGE_DATA_STRING_PATTERN = /
|
12
12
|
\A
|
13
13
|
(#{BASE64_SUBSTRING_PATTERN})
|
@@ -20,7 +20,7 @@ class InsecureFilter < SecureFilter
|
|
20
20
|
|
21
21
|
protected
|
22
22
|
|
23
|
-
def execute(raw_data = data)
|
23
|
+
def execute(raw_data = data) # rubocop:disable Metrics/CyclomaticComplexity
|
24
24
|
securable_settings = super
|
25
25
|
settings = Hashie::Mash.new
|
26
26
|
|
@@ -5,16 +5,16 @@ require 'hashie/mash'
|
|
5
5
|
module Chamber
|
6
6
|
module Filters
|
7
7
|
class NamespaceFilter
|
8
|
-
def self.execute(
|
9
|
-
new(
|
8
|
+
def self.execute(**args)
|
9
|
+
new(**args).__send__(:execute)
|
10
10
|
end
|
11
11
|
|
12
12
|
attr_accessor :data,
|
13
13
|
:namespaces
|
14
14
|
|
15
|
-
def initialize(
|
16
|
-
self.data = Hashie::Mash.new(
|
17
|
-
self.namespaces =
|
15
|
+
def initialize(data:, namespaces:, **_args)
|
16
|
+
self.data = Hashie::Mash.new(data)
|
17
|
+
self.namespaces = namespaces
|
18
18
|
end
|
19
19
|
|
20
20
|
protected
|
@@ -5,16 +5,16 @@ require 'hashie/mash'
|
|
5
5
|
module Chamber
|
6
6
|
module Filters
|
7
7
|
class SecureFilter
|
8
|
-
def self.execute(
|
9
|
-
new(
|
8
|
+
def self.execute(**args)
|
9
|
+
new(**args).__send__(:execute)
|
10
10
|
end
|
11
11
|
|
12
12
|
attr_accessor :data,
|
13
13
|
:secure_key_token
|
14
14
|
|
15
|
-
def initialize(
|
16
|
-
self.data = Hashie::Mash.new(
|
17
|
-
self.secure_key_token = /\A#{Regexp.escape(
|
15
|
+
def initialize(data:, secure_key_prefix:, **_args)
|
16
|
+
self.data = Hashie::Mash.new(data)
|
17
|
+
self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
|
18
18
|
end
|
19
19
|
|
20
20
|
protected
|
@@ -5,16 +5,16 @@ require 'hashie/mash'
|
|
5
5
|
module Chamber
|
6
6
|
module Filters
|
7
7
|
class TranslateSecureKeysFilter
|
8
|
-
def self.execute(
|
9
|
-
new(
|
8
|
+
def self.execute(**args)
|
9
|
+
new(**args).__send__(:execute)
|
10
10
|
end
|
11
11
|
|
12
12
|
attr_accessor :data,
|
13
13
|
:secure_key_token
|
14
14
|
|
15
|
-
def initialize(
|
16
|
-
self.data =
|
17
|
-
self.secure_key_token = /\A#{Regexp.escape(
|
15
|
+
def initialize(data:, secure_key_prefix:, **_args)
|
16
|
+
self.data = data.dup
|
17
|
+
self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
|
18
18
|
end
|
19
19
|
|
20
20
|
protected
|
data/lib/chamber/instance.rb
CHANGED
@@ -9,15 +9,19 @@ class Instance
|
|
9
9
|
attr_accessor :configuration,
|
10
10
|
:files
|
11
11
|
|
12
|
-
def initialize(
|
13
|
-
self.configuration = Configuration.new
|
14
|
-
self.files = FileSet.new
|
12
|
+
def initialize(**args)
|
13
|
+
self.configuration = Configuration.new(**args)
|
14
|
+
self.files = FileSet.new(**configuration.to_hash)
|
15
15
|
end
|
16
16
|
|
17
17
|
def settings
|
18
18
|
@settings ||= files.to_settings { |settings| @settings = settings }
|
19
19
|
end
|
20
20
|
|
21
|
+
def [](key)
|
22
|
+
settings.[](key)
|
23
|
+
end
|
24
|
+
|
21
25
|
def filenames
|
22
26
|
files.filenames
|
23
27
|
end
|
@@ -34,26 +38,42 @@ class Instance
|
|
34
38
|
files.verify
|
35
39
|
end
|
36
40
|
|
37
|
-
def
|
38
|
-
|
41
|
+
def to_environment
|
42
|
+
settings.to_environment
|
43
|
+
end
|
44
|
+
|
45
|
+
def to_s(**args)
|
46
|
+
settings.to_s(**args)
|
47
|
+
end
|
48
|
+
|
49
|
+
def to_hash
|
50
|
+
settings.to_hash
|
51
|
+
end
|
52
|
+
|
53
|
+
def namespaces
|
54
|
+
settings.namespaces
|
55
|
+
end
|
39
56
|
|
40
|
-
|
41
|
-
|
42
|
-
|
57
|
+
def encrypt(data, **args)
|
58
|
+
config = configuration.to_hash.merge(**args)
|
59
|
+
|
60
|
+
Settings
|
61
|
+
.new(
|
62
|
+
**config.merge(
|
43
63
|
settings: data,
|
44
64
|
pre_filters: [Filters::EncryptionFilter],
|
45
65
|
post_filters: [],
|
46
66
|
),
|
47
|
-
)
|
48
|
-
to_hash
|
67
|
+
)
|
68
|
+
.to_hash
|
49
69
|
end
|
50
70
|
|
51
|
-
def decrypt(data,
|
52
|
-
config = configuration.to_hash.merge(
|
71
|
+
def decrypt(data, **args)
|
72
|
+
config = configuration.to_hash.merge(**args)
|
53
73
|
|
54
|
-
Settings
|
55
|
-
new(
|
56
|
-
config.merge(
|
74
|
+
Settings
|
75
|
+
.new(
|
76
|
+
**config.merge(
|
57
77
|
settings: data,
|
58
78
|
pre_filters: [Filters::NamespaceFilter],
|
59
79
|
post_filters: [
|
@@ -61,12 +81,8 @@ class Instance
|
|
61
81
|
Filters::FailedDecryptionFilter,
|
62
82
|
],
|
63
83
|
),
|
64
|
-
)
|
65
|
-
to_hash
|
66
|
-
end
|
67
|
-
|
68
|
-
def to_s(options = {})
|
69
|
-
settings.to_s(options)
|
84
|
+
)
|
85
|
+
.to_hash
|
70
86
|
end
|
71
87
|
|
72
88
|
def method_missing(name, *args)
|
data/lib/chamber/key_pair.rb
CHANGED
@@ -9,10 +9,10 @@ class KeyPair
|
|
9
9
|
:namespace,
|
10
10
|
:passphrase
|
11
11
|
|
12
|
-
def initialize(
|
13
|
-
self.namespace =
|
14
|
-
self.passphrase =
|
15
|
-
self.key_file_path = Pathname.new(
|
12
|
+
def initialize(key_file_path:, namespace: nil, passphrase: ::SecureRandom.uuid)
|
13
|
+
self.namespace = namespace
|
14
|
+
self.passphrase = passphrase
|
15
|
+
self.key_file_path = Pathname.new(key_file_path)
|
16
16
|
end
|
17
17
|
|
18
18
|
def encrypted_private_key_passphrase_filepath
|
@@ -78,9 +78,9 @@ class KeyPair
|
|
78
78
|
@base_key_filename ||= [
|
79
79
|
'.chamber',
|
80
80
|
namespace ? namespace.tr('-.', '') : nil,
|
81
|
-
]
|
82
|
-
compact
|
83
|
-
join('.')
|
81
|
+
]
|
82
|
+
.compact
|
83
|
+
.join('.')
|
84
84
|
end
|
85
85
|
end
|
86
86
|
end
|
data/lib/chamber/keys/base.rb
CHANGED
@@ -3,18 +3,18 @@
|
|
3
3
|
module Chamber
|
4
4
|
module Keys
|
5
5
|
class Base
|
6
|
-
def self.resolve(
|
7
|
-
new(
|
6
|
+
def self.resolve(**args)
|
7
|
+
new(**args).resolve
|
8
8
|
end
|
9
9
|
|
10
10
|
attr_accessor :rootpath
|
11
11
|
attr_reader :filenames,
|
12
12
|
:namespaces
|
13
13
|
|
14
|
-
def initialize(
|
15
|
-
self.rootpath = Pathname.new(
|
16
|
-
self.namespaces =
|
17
|
-
self.filenames =
|
14
|
+
def initialize(rootpath:, namespaces:, filenames: nil)
|
15
|
+
self.rootpath = Pathname.new(rootpath)
|
16
|
+
self.namespaces = namespaces
|
17
|
+
self.filenames = filenames
|
18
18
|
end
|
19
19
|
|
20
20
|
def resolve
|
@@ -41,9 +41,9 @@ class Base
|
|
41
41
|
|
42
42
|
# rubocop:disable Performance/ChainArrayAllocation
|
43
43
|
def filenames=(other)
|
44
|
-
@filenames = Array(other)
|
45
|
-
map { |o| Pathname.new(o) }
|
46
|
-
compact
|
44
|
+
@filenames = Array(other)
|
45
|
+
.map { |o| Pathname.new(o) }
|
46
|
+
.compact
|
47
47
|
end
|
48
48
|
# rubocop:enable Performance/ChainArrayAllocation
|
49
49
|
|
@@ -52,10 +52,10 @@ class Base
|
|
52
52
|
end
|
53
53
|
|
54
54
|
def namespace_from_path(path)
|
55
|
-
path
|
56
|
-
basename
|
57
|
-
to_s
|
58
|
-
match(self.class::NAMESPACE_PATTERN) { |m| m[1].upcase }
|
55
|
+
path
|
56
|
+
.basename
|
57
|
+
.to_s
|
58
|
+
.match(self.class::NAMESPACE_PATTERN) { |m| m[1].upcase }
|
59
59
|
end
|
60
60
|
|
61
61
|
def namespace_to_key_path(namespace)
|
@@ -71,10 +71,8 @@ class NamespaceSet
|
|
71
71
|
# Internal: Iterates over each namespace value and allows it to be used in
|
72
72
|
# a block.
|
73
73
|
#
|
74
|
-
def each
|
75
|
-
namespaces.each
|
76
|
-
yield namespace
|
77
|
-
end
|
74
|
+
def each(&block)
|
75
|
+
namespaces.each(&block)
|
78
76
|
end
|
79
77
|
|
80
78
|
###
|
data/lib/chamber/settings.rb
CHANGED
@@ -16,29 +16,40 @@ require 'chamber/filters/failed_decryption_filter'
|
|
16
16
|
#
|
17
17
|
module Chamber
|
18
18
|
class Settings
|
19
|
-
attr_accessor :
|
20
|
-
:post_filters,
|
19
|
+
attr_accessor :decryption_keys,
|
21
20
|
:encryption_keys,
|
22
|
-
:
|
21
|
+
:post_filters,
|
22
|
+
:pre_filters,
|
23
|
+
:secure_key_prefix
|
23
24
|
attr_reader :namespaces
|
24
25
|
|
25
|
-
# rubocop:disable Metrics/
|
26
|
-
def initialize(
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
26
|
+
# rubocop:disable Metrics/ParameterLists
|
27
|
+
def initialize(
|
28
|
+
decryption_keys: {},
|
29
|
+
encryption_keys: {},
|
30
|
+
namespaces: [],
|
31
|
+
pre_filters: [
|
32
|
+
Filters::NamespaceFilter,
|
33
|
+
],
|
34
|
+
post_filters: [
|
35
|
+
Filters::DecryptionFilter,
|
36
|
+
Filters::EnvironmentFilter,
|
37
|
+
Filters::FailedDecryptionFilter,
|
38
|
+
Filters::TranslateSecureKeysFilter,
|
39
|
+
],
|
40
|
+
secure_key_prefix: '_secure_',
|
41
|
+
settings: {},
|
42
|
+
**_args
|
43
|
+
)
|
44
|
+
self.decryption_keys = decryption_keys
|
45
|
+
self.encryption_keys = encryption_keys
|
46
|
+
self.namespaces = namespaces
|
47
|
+
self.post_filters = post_filters
|
48
|
+
self.pre_filters = pre_filters
|
49
|
+
self.raw_data = settings
|
50
|
+
self.secure_key_prefix = secure_key_prefix
|
40
51
|
end
|
41
|
-
# rubocop:enable Metrics/
|
52
|
+
# rubocop:enable Metrics/ParameterLists
|
42
53
|
|
43
54
|
###
|
44
55
|
# Internal: Converts a Settings object into a hash that is compatible as an
|
@@ -79,15 +90,11 @@ class Settings
|
|
79
90
|
# } ).to_s
|
80
91
|
# # => 'MY_KEY="my value" MY_OTHER_KEY="my other value"'
|
81
92
|
#
|
82
|
-
def to_s(
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
concatenated_name_hash = to_concatenated_name_hash(hierarchical_separator)
|
89
|
-
|
90
|
-
pairs = concatenated_name_hash.to_a.map do |key, value|
|
93
|
+
def to_s(hierarchical_separator: '_',
|
94
|
+
pair_separator: ' ',
|
95
|
+
value_surrounder: '"',
|
96
|
+
name_value_separator: '=')
|
97
|
+
pairs = to_concatenated_name_hash(hierarchical_separator).to_a.map do |key, value|
|
91
98
|
"#{key.upcase}#{name_value_separator}#{value_surrounder}#{value}#{value_surrounder}"
|
92
99
|
end
|
93
100
|
|
@@ -182,20 +189,21 @@ class Settings
|
|
182
189
|
# Returns a new Settings object
|
183
190
|
#
|
184
191
|
def merge(other)
|
185
|
-
other_settings =
|
192
|
+
other_settings = case other
|
193
|
+
when Settings
|
186
194
|
other
|
187
|
-
|
195
|
+
when Hash
|
188
196
|
Settings.new(settings: other)
|
189
197
|
end
|
190
198
|
|
191
|
-
# rubocop:disable
|
199
|
+
# rubocop:disable Layout/LineLength
|
192
200
|
Settings.new(
|
193
201
|
encryption_keys: encryption_keys.any? ? encryption_keys : other_settings.encryption_keys,
|
194
202
|
decryption_keys: decryption_keys.any? ? decryption_keys : other_settings.decryption_keys,
|
195
203
|
namespaces: (namespaces + other_settings.namespaces),
|
196
204
|
settings: raw_data.merge(other_settings.raw_data),
|
197
205
|
)
|
198
|
-
# rubocop:enable
|
206
|
+
# rubocop:enable Layout/LineLength
|
199
207
|
end
|
200
208
|
|
201
209
|
###
|
@@ -220,14 +228,14 @@ class Settings
|
|
220
228
|
end
|
221
229
|
|
222
230
|
def securable
|
223
|
-
Settings.new(metadata.merge(
|
231
|
+
Settings.new(**metadata.merge(
|
224
232
|
settings: raw_data,
|
225
233
|
pre_filters: [Filters::SecureFilter],
|
226
234
|
))
|
227
235
|
end
|
228
236
|
|
229
237
|
def secure
|
230
|
-
Settings.new(metadata.merge(
|
238
|
+
Settings.new(**metadata.merge(
|
231
239
|
settings: raw_data,
|
232
240
|
pre_filters: [Filters::EncryptionFilter],
|
233
241
|
post_filters: [Filters::TranslateSecureKeysFilter],
|
@@ -235,7 +243,7 @@ class Settings
|
|
235
243
|
end
|
236
244
|
|
237
245
|
def insecure
|
238
|
-
Settings.new(metadata.merge(
|
246
|
+
Settings.new(**metadata.merge(
|
239
247
|
settings: raw_data,
|
240
248
|
pre_filters: [Filters::InsecureFilter],
|
241
249
|
post_filters: [Filters::TranslateSecureKeysFilter],
|
@@ -265,23 +273,17 @@ class Settings
|
|
265
273
|
# rubocop:disable Naming/MemoizedInstanceVariableName
|
266
274
|
def raw_data
|
267
275
|
@filtered_raw_data ||= pre_filters.inject(@raw_data) do |filtered_data, filter|
|
268
|
-
filter.execute({ data: filtered_data }.
|
269
|
-
merge(metadata))
|
276
|
+
filter.execute(**{ data: filtered_data }.merge(metadata))
|
270
277
|
end
|
271
278
|
end
|
272
279
|
# rubocop:enable Naming/MemoizedInstanceVariableName
|
273
280
|
|
274
281
|
def data
|
275
282
|
@data ||= post_filters.inject(raw_data) do |filtered_data, filter|
|
276
|
-
filter.execute({ data: filtered_data }.
|
277
|
-
merge(metadata))
|
283
|
+
filter.execute(**{ data: filtered_data }.merge(metadata))
|
278
284
|
end
|
279
285
|
end
|
280
286
|
|
281
|
-
def secure_key_prefix
|
282
|
-
'_secure_'
|
283
|
-
end
|
284
|
-
|
285
287
|
def metadata
|
286
288
|
{
|
287
289
|
decryption_keys: decryption_keys,
|