chamber 2.13.1 → 2.14.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/README.md +101 -26
- data/lib/chamber.rb +72 -10
- data/lib/chamber/adapters/cloud/circle_ci.rb +16 -13
- data/lib/chamber/adapters/cloud/heroku.rb +40 -13
- data/lib/chamber/binary/circle_ci.rb +25 -12
- data/lib/chamber/binary/heroku.rb +31 -12
- data/lib/chamber/binary/runner.rb +37 -27
- data/lib/chamber/binary/travis.rb +5 -3
- data/lib/chamber/commands/base.rb +10 -16
- data/lib/chamber/commands/cloud/base.rb +3 -3
- data/lib/chamber/commands/cloud/pull.rb +2 -2
- data/lib/chamber/commands/cloud/push.rb +7 -7
- data/lib/chamber/commands/comparable.rb +2 -2
- data/lib/chamber/commands/compare.rb +6 -9
- data/lib/chamber/commands/initialize.rb +26 -22
- data/lib/chamber/commands/securable.rb +9 -9
- data/lib/chamber/commands/secure.rb +2 -2
- data/lib/chamber/commands/show.rb +8 -8
- data/lib/chamber/commands/sign.rb +2 -2
- data/lib/chamber/commands/verify.rb +2 -2
- data/lib/chamber/configuration.rb +6 -3
- data/lib/chamber/context_resolver.rb +8 -7
- data/lib/chamber/encryption_methods/ssl.rb +12 -12
- data/lib/chamber/file.rb +16 -14
- data/lib/chamber/file_set.rb +18 -8
- data/lib/chamber/files/signature.rb +16 -14
- data/lib/chamber/filters/decryption_filter.rb +12 -10
- data/lib/chamber/filters/encryption_filter.rb +8 -8
- data/lib/chamber/filters/environment_filter.rb +12 -14
- data/lib/chamber/filters/failed_decryption_filter.rb +6 -6
- data/lib/chamber/filters/insecure_filter.rb +3 -3
- data/lib/chamber/filters/namespace_filter.rb +5 -5
- data/lib/chamber/filters/secure_filter.rb +5 -5
- data/lib/chamber/filters/translate_secure_keys_filter.rb +5 -5
- data/lib/chamber/instance.rb +37 -21
- data/lib/chamber/key_pair.rb +7 -7
- data/lib/chamber/keys/base.rb +13 -13
- data/lib/chamber/keys/decryption.rb +3 -3
- data/lib/chamber/keys/encryption.rb +3 -3
- data/lib/chamber/namespace_set.rb +2 -4
- data/lib/chamber/settings.rb +45 -43
- data/lib/chamber/types/secured.rb +8 -10
- data/lib/chamber/version.rb +1 -1
- data/templates/settings.yml +2 -0
- metadata +24 -26
- metadata.gz.sig +0 -0
@@ -10,8 +10,8 @@ require 'chamber/encryption_methods/none'
|
|
10
10
|
module Chamber
|
11
11
|
module Filters
|
12
12
|
class EncryptionFilter
|
13
|
-
BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9
|
14
|
-
BASE64_SUBSTRING_PATTERN = %r{[A-Za-z0-9
|
13
|
+
BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
|
14
|
+
BASE64_SUBSTRING_PATTERN = %r{[A-Za-z0-9+/#]*={0,2}}.freeze
|
15
15
|
LARGE_DATA_STRING_PATTERN = /
|
16
16
|
\A
|
17
17
|
(#{BASE64_SUBSTRING_PATTERN})
|
@@ -26,14 +26,14 @@ class EncryptionFilter
|
|
26
26
|
:secure_key_token
|
27
27
|
attr_reader :encryption_keys
|
28
28
|
|
29
|
-
def initialize(
|
30
|
-
self.encryption_keys =
|
31
|
-
self.data =
|
32
|
-
self.secure_key_token = /\A#{Regexp.escape(
|
29
|
+
def initialize(data:, secure_key_prefix:, encryption_keys: {}, **_args)
|
30
|
+
self.encryption_keys = encryption_keys || {}
|
31
|
+
self.data = data.dup
|
32
|
+
self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
|
33
33
|
end
|
34
34
|
|
35
|
-
def self.execute(
|
36
|
-
new(
|
35
|
+
def self.execute(**args)
|
36
|
+
new(**args).__send__(:execute)
|
37
37
|
end
|
38
38
|
|
39
39
|
protected
|
@@ -88,16 +88,16 @@ class EnvironmentFilter
|
|
88
88
|
# }
|
89
89
|
#
|
90
90
|
#
|
91
|
-
def self.execute(
|
92
|
-
new(
|
91
|
+
def self.execute(**args)
|
92
|
+
new(**args).__send__(:execute)
|
93
93
|
end
|
94
94
|
|
95
95
|
attr_accessor :data,
|
96
96
|
:secure_key_token
|
97
97
|
|
98
|
-
def initialize(
|
99
|
-
self.data =
|
100
|
-
self.secure_key_token = /\A#{Regexp.escape(
|
98
|
+
def initialize(data:, secure_key_prefix:, **_args)
|
99
|
+
self.data = data
|
100
|
+
self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
|
101
101
|
end
|
102
102
|
|
103
103
|
protected
|
@@ -138,8 +138,7 @@ class EnvironmentFilter
|
|
138
138
|
environment_hash
|
139
139
|
end
|
140
140
|
|
141
|
-
# rubocop:disable Metrics/CyclomaticComplexity, Metrics/
|
142
|
-
def convert_environment_value(environment_key, environment_value, settings_value)
|
141
|
+
def convert_environment_value(environment_key, environment_value, settings_value) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/AbcSize
|
143
142
|
return settings_value unless environment_value
|
144
143
|
return if %w{___nil___ ___null___}.include?(environment_value)
|
145
144
|
|
@@ -163,22 +162,21 @@ class EnvironmentFilter
|
|
163
162
|
fail ArgumentError, "Invalid value for Array: #{environment_value}"
|
164
163
|
end
|
165
164
|
end
|
166
|
-
when 'Integer'
|
165
|
+
when 'Fixnum', 'Integer'
|
167
166
|
Integer(environment_value)
|
168
167
|
else
|
169
168
|
environment_value
|
170
169
|
end
|
171
170
|
rescue ArgumentError
|
172
|
-
raise Chamber::Errors::EnvironmentConversion,
|
173
|
-
|
171
|
+
raise Chamber::Errors::EnvironmentConversion, <<-HEREDOC
|
172
|
+
We attempted to convert '#{environment_key}' from '#{environment_value}' to a '#{settings_value.class.name}'.
|
174
173
|
|
175
|
-
|
176
|
-
|
174
|
+
Unfortunately, this did not go as planned. Please either verify that your value is convertable
|
175
|
+
or change the original YAML value to be something more generic (like a String).
|
177
176
|
|
178
|
-
|
177
|
+
For more information, see https://github.com/thekompanee/chamber/wiki/Environment-Variable-Coercions
|
179
178
|
HEREDOC
|
180
179
|
end
|
181
|
-
# rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
182
180
|
end
|
183
181
|
end
|
184
182
|
end
|
@@ -5,18 +5,18 @@ require 'chamber/errors/decryption_failure'
|
|
5
5
|
module Chamber
|
6
6
|
module Filters
|
7
7
|
class FailedDecryptionFilter
|
8
|
-
BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9
|
8
|
+
BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
|
9
9
|
|
10
|
-
def self.execute(
|
11
|
-
new(
|
10
|
+
def self.execute(**args)
|
11
|
+
new(**args).__send__(:execute)
|
12
12
|
end
|
13
13
|
|
14
14
|
attr_accessor :data,
|
15
15
|
:secure_key_token
|
16
16
|
|
17
|
-
def initialize(
|
18
|
-
self.data =
|
19
|
-
self.secure_key_token = /\A#{Regexp.escape(
|
17
|
+
def initialize(data:, secure_key_prefix:, **_args)
|
18
|
+
self.data = data.dup
|
19
|
+
self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
|
20
20
|
end
|
21
21
|
|
22
22
|
protected
|
@@ -6,8 +6,8 @@ require 'chamber/filters/secure_filter'
|
|
6
6
|
module Chamber
|
7
7
|
module Filters
|
8
8
|
class InsecureFilter < SecureFilter
|
9
|
-
BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9
|
10
|
-
BASE64_SUBSTRING_PATTERN = %r{[A-Za-z0-9
|
9
|
+
BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
|
10
|
+
BASE64_SUBSTRING_PATTERN = %r{[A-Za-z0-9+/#]*={0,2}}.freeze
|
11
11
|
LARGE_DATA_STRING_PATTERN = /
|
12
12
|
\A
|
13
13
|
(#{BASE64_SUBSTRING_PATTERN})
|
@@ -20,7 +20,7 @@ class InsecureFilter < SecureFilter
|
|
20
20
|
|
21
21
|
protected
|
22
22
|
|
23
|
-
def execute(raw_data = data)
|
23
|
+
def execute(raw_data = data) # rubocop:disable Metrics/CyclomaticComplexity
|
24
24
|
securable_settings = super
|
25
25
|
settings = Hashie::Mash.new
|
26
26
|
|
@@ -5,16 +5,16 @@ require 'hashie/mash'
|
|
5
5
|
module Chamber
|
6
6
|
module Filters
|
7
7
|
class NamespaceFilter
|
8
|
-
def self.execute(
|
9
|
-
new(
|
8
|
+
def self.execute(**args)
|
9
|
+
new(**args).__send__(:execute)
|
10
10
|
end
|
11
11
|
|
12
12
|
attr_accessor :data,
|
13
13
|
:namespaces
|
14
14
|
|
15
|
-
def initialize(
|
16
|
-
self.data = Hashie::Mash.new(
|
17
|
-
self.namespaces =
|
15
|
+
def initialize(data:, namespaces:, **_args)
|
16
|
+
self.data = Hashie::Mash.new(data)
|
17
|
+
self.namespaces = namespaces
|
18
18
|
end
|
19
19
|
|
20
20
|
protected
|
@@ -5,16 +5,16 @@ require 'hashie/mash'
|
|
5
5
|
module Chamber
|
6
6
|
module Filters
|
7
7
|
class SecureFilter
|
8
|
-
def self.execute(
|
9
|
-
new(
|
8
|
+
def self.execute(**args)
|
9
|
+
new(**args).__send__(:execute)
|
10
10
|
end
|
11
11
|
|
12
12
|
attr_accessor :data,
|
13
13
|
:secure_key_token
|
14
14
|
|
15
|
-
def initialize(
|
16
|
-
self.data = Hashie::Mash.new(
|
17
|
-
self.secure_key_token = /\A#{Regexp.escape(
|
15
|
+
def initialize(data:, secure_key_prefix:, **_args)
|
16
|
+
self.data = Hashie::Mash.new(data)
|
17
|
+
self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
|
18
18
|
end
|
19
19
|
|
20
20
|
protected
|
@@ -5,16 +5,16 @@ require 'hashie/mash'
|
|
5
5
|
module Chamber
|
6
6
|
module Filters
|
7
7
|
class TranslateSecureKeysFilter
|
8
|
-
def self.execute(
|
9
|
-
new(
|
8
|
+
def self.execute(**args)
|
9
|
+
new(**args).__send__(:execute)
|
10
10
|
end
|
11
11
|
|
12
12
|
attr_accessor :data,
|
13
13
|
:secure_key_token
|
14
14
|
|
15
|
-
def initialize(
|
16
|
-
self.data =
|
17
|
-
self.secure_key_token = /\A#{Regexp.escape(
|
15
|
+
def initialize(data:, secure_key_prefix:, **_args)
|
16
|
+
self.data = data.dup
|
17
|
+
self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
|
18
18
|
end
|
19
19
|
|
20
20
|
protected
|
data/lib/chamber/instance.rb
CHANGED
@@ -9,15 +9,19 @@ class Instance
|
|
9
9
|
attr_accessor :configuration,
|
10
10
|
:files
|
11
11
|
|
12
|
-
def initialize(
|
13
|
-
self.configuration = Configuration.new
|
14
|
-
self.files = FileSet.new
|
12
|
+
def initialize(**args)
|
13
|
+
self.configuration = Configuration.new(**args)
|
14
|
+
self.files = FileSet.new(**configuration.to_hash)
|
15
15
|
end
|
16
16
|
|
17
17
|
def settings
|
18
18
|
@settings ||= files.to_settings { |settings| @settings = settings }
|
19
19
|
end
|
20
20
|
|
21
|
+
def [](key)
|
22
|
+
settings.[](key)
|
23
|
+
end
|
24
|
+
|
21
25
|
def filenames
|
22
26
|
files.filenames
|
23
27
|
end
|
@@ -34,26 +38,42 @@ class Instance
|
|
34
38
|
files.verify
|
35
39
|
end
|
36
40
|
|
37
|
-
def
|
38
|
-
|
41
|
+
def to_environment
|
42
|
+
settings.to_environment
|
43
|
+
end
|
44
|
+
|
45
|
+
def to_s(**args)
|
46
|
+
settings.to_s(**args)
|
47
|
+
end
|
48
|
+
|
49
|
+
def to_hash
|
50
|
+
settings.to_hash
|
51
|
+
end
|
52
|
+
|
53
|
+
def namespaces
|
54
|
+
settings.namespaces
|
55
|
+
end
|
39
56
|
|
40
|
-
|
41
|
-
|
42
|
-
|
57
|
+
def encrypt(data, **args)
|
58
|
+
config = configuration.to_hash.merge(**args)
|
59
|
+
|
60
|
+
Settings
|
61
|
+
.new(
|
62
|
+
**config.merge(
|
43
63
|
settings: data,
|
44
64
|
pre_filters: [Filters::EncryptionFilter],
|
45
65
|
post_filters: [],
|
46
66
|
),
|
47
|
-
)
|
48
|
-
to_hash
|
67
|
+
)
|
68
|
+
.to_hash
|
49
69
|
end
|
50
70
|
|
51
|
-
def decrypt(data,
|
52
|
-
config = configuration.to_hash.merge(
|
71
|
+
def decrypt(data, **args)
|
72
|
+
config = configuration.to_hash.merge(**args)
|
53
73
|
|
54
|
-
Settings
|
55
|
-
new(
|
56
|
-
config.merge(
|
74
|
+
Settings
|
75
|
+
.new(
|
76
|
+
**config.merge(
|
57
77
|
settings: data,
|
58
78
|
pre_filters: [Filters::NamespaceFilter],
|
59
79
|
post_filters: [
|
@@ -61,12 +81,8 @@ class Instance
|
|
61
81
|
Filters::FailedDecryptionFilter,
|
62
82
|
],
|
63
83
|
),
|
64
|
-
)
|
65
|
-
to_hash
|
66
|
-
end
|
67
|
-
|
68
|
-
def to_s(options = {})
|
69
|
-
settings.to_s(options)
|
84
|
+
)
|
85
|
+
.to_hash
|
70
86
|
end
|
71
87
|
|
72
88
|
def method_missing(name, *args)
|
data/lib/chamber/key_pair.rb
CHANGED
@@ -9,10 +9,10 @@ class KeyPair
|
|
9
9
|
:namespace,
|
10
10
|
:passphrase
|
11
11
|
|
12
|
-
def initialize(
|
13
|
-
self.namespace =
|
14
|
-
self.passphrase =
|
15
|
-
self.key_file_path = Pathname.new(
|
12
|
+
def initialize(key_file_path:, namespace: nil, passphrase: ::SecureRandom.uuid)
|
13
|
+
self.namespace = namespace
|
14
|
+
self.passphrase = passphrase
|
15
|
+
self.key_file_path = Pathname.new(key_file_path)
|
16
16
|
end
|
17
17
|
|
18
18
|
def encrypted_private_key_passphrase_filepath
|
@@ -78,9 +78,9 @@ class KeyPair
|
|
78
78
|
@base_key_filename ||= [
|
79
79
|
'.chamber',
|
80
80
|
namespace ? namespace.tr('-.', '') : nil,
|
81
|
-
]
|
82
|
-
compact
|
83
|
-
join('.')
|
81
|
+
]
|
82
|
+
.compact
|
83
|
+
.join('.')
|
84
84
|
end
|
85
85
|
end
|
86
86
|
end
|
data/lib/chamber/keys/base.rb
CHANGED
@@ -3,18 +3,18 @@
|
|
3
3
|
module Chamber
|
4
4
|
module Keys
|
5
5
|
class Base
|
6
|
-
def self.resolve(
|
7
|
-
new(
|
6
|
+
def self.resolve(**args)
|
7
|
+
new(**args).resolve
|
8
8
|
end
|
9
9
|
|
10
10
|
attr_accessor :rootpath
|
11
11
|
attr_reader :filenames,
|
12
12
|
:namespaces
|
13
13
|
|
14
|
-
def initialize(
|
15
|
-
self.rootpath = Pathname.new(
|
16
|
-
self.namespaces =
|
17
|
-
self.filenames =
|
14
|
+
def initialize(rootpath:, namespaces:, filenames: nil)
|
15
|
+
self.rootpath = Pathname.new(rootpath)
|
16
|
+
self.namespaces = namespaces
|
17
|
+
self.filenames = filenames
|
18
18
|
end
|
19
19
|
|
20
20
|
def resolve
|
@@ -41,9 +41,9 @@ class Base
|
|
41
41
|
|
42
42
|
# rubocop:disable Performance/ChainArrayAllocation
|
43
43
|
def filenames=(other)
|
44
|
-
@filenames = Array(other)
|
45
|
-
map { |o| Pathname.new(o) }
|
46
|
-
compact
|
44
|
+
@filenames = Array(other)
|
45
|
+
.map { |o| Pathname.new(o) }
|
46
|
+
.compact
|
47
47
|
end
|
48
48
|
# rubocop:enable Performance/ChainArrayAllocation
|
49
49
|
|
@@ -52,10 +52,10 @@ class Base
|
|
52
52
|
end
|
53
53
|
|
54
54
|
def namespace_from_path(path)
|
55
|
-
path
|
56
|
-
basename
|
57
|
-
to_s
|
58
|
-
match(self.class::NAMESPACE_PATTERN) { |m| m[1].upcase }
|
55
|
+
path
|
56
|
+
.basename
|
57
|
+
.to_s
|
58
|
+
.match(self.class::NAMESPACE_PATTERN) { |m| m[1].upcase }
|
59
59
|
end
|
60
60
|
|
61
61
|
def namespace_to_key_path(namespace)
|
@@ -71,10 +71,8 @@ class NamespaceSet
|
|
71
71
|
# Internal: Iterates over each namespace value and allows it to be used in
|
72
72
|
# a block.
|
73
73
|
#
|
74
|
-
def each
|
75
|
-
namespaces.each
|
76
|
-
yield namespace
|
77
|
-
end
|
74
|
+
def each(&block)
|
75
|
+
namespaces.each(&block)
|
78
76
|
end
|
79
77
|
|
80
78
|
###
|
data/lib/chamber/settings.rb
CHANGED
@@ -16,29 +16,40 @@ require 'chamber/filters/failed_decryption_filter'
|
|
16
16
|
#
|
17
17
|
module Chamber
|
18
18
|
class Settings
|
19
|
-
attr_accessor :
|
20
|
-
:post_filters,
|
19
|
+
attr_accessor :decryption_keys,
|
21
20
|
:encryption_keys,
|
22
|
-
:
|
21
|
+
:post_filters,
|
22
|
+
:pre_filters,
|
23
|
+
:secure_key_prefix
|
23
24
|
attr_reader :namespaces
|
24
25
|
|
25
|
-
# rubocop:disable Metrics/
|
26
|
-
def initialize(
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
26
|
+
# rubocop:disable Metrics/ParameterLists
|
27
|
+
def initialize(
|
28
|
+
decryption_keys: {},
|
29
|
+
encryption_keys: {},
|
30
|
+
namespaces: [],
|
31
|
+
pre_filters: [
|
32
|
+
Filters::NamespaceFilter,
|
33
|
+
],
|
34
|
+
post_filters: [
|
35
|
+
Filters::DecryptionFilter,
|
36
|
+
Filters::EnvironmentFilter,
|
37
|
+
Filters::FailedDecryptionFilter,
|
38
|
+
Filters::TranslateSecureKeysFilter,
|
39
|
+
],
|
40
|
+
secure_key_prefix: '_secure_',
|
41
|
+
settings: {},
|
42
|
+
**_args
|
43
|
+
)
|
44
|
+
self.decryption_keys = decryption_keys
|
45
|
+
self.encryption_keys = encryption_keys
|
46
|
+
self.namespaces = namespaces
|
47
|
+
self.post_filters = post_filters
|
48
|
+
self.pre_filters = pre_filters
|
49
|
+
self.raw_data = settings
|
50
|
+
self.secure_key_prefix = secure_key_prefix
|
40
51
|
end
|
41
|
-
# rubocop:enable Metrics/
|
52
|
+
# rubocop:enable Metrics/ParameterLists
|
42
53
|
|
43
54
|
###
|
44
55
|
# Internal: Converts a Settings object into a hash that is compatible as an
|
@@ -79,15 +90,11 @@ class Settings
|
|
79
90
|
# } ).to_s
|
80
91
|
# # => 'MY_KEY="my value" MY_OTHER_KEY="my other value"'
|
81
92
|
#
|
82
|
-
def to_s(
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
concatenated_name_hash = to_concatenated_name_hash(hierarchical_separator)
|
89
|
-
|
90
|
-
pairs = concatenated_name_hash.to_a.map do |key, value|
|
93
|
+
def to_s(hierarchical_separator: '_',
|
94
|
+
pair_separator: ' ',
|
95
|
+
value_surrounder: '"',
|
96
|
+
name_value_separator: '=')
|
97
|
+
pairs = to_concatenated_name_hash(hierarchical_separator).to_a.map do |key, value|
|
91
98
|
"#{key.upcase}#{name_value_separator}#{value_surrounder}#{value}#{value_surrounder}"
|
92
99
|
end
|
93
100
|
|
@@ -182,20 +189,21 @@ class Settings
|
|
182
189
|
# Returns a new Settings object
|
183
190
|
#
|
184
191
|
def merge(other)
|
185
|
-
other_settings =
|
192
|
+
other_settings = case other
|
193
|
+
when Settings
|
186
194
|
other
|
187
|
-
|
195
|
+
when Hash
|
188
196
|
Settings.new(settings: other)
|
189
197
|
end
|
190
198
|
|
191
|
-
# rubocop:disable
|
199
|
+
# rubocop:disable Layout/LineLength
|
192
200
|
Settings.new(
|
193
201
|
encryption_keys: encryption_keys.any? ? encryption_keys : other_settings.encryption_keys,
|
194
202
|
decryption_keys: decryption_keys.any? ? decryption_keys : other_settings.decryption_keys,
|
195
203
|
namespaces: (namespaces + other_settings.namespaces),
|
196
204
|
settings: raw_data.merge(other_settings.raw_data),
|
197
205
|
)
|
198
|
-
# rubocop:enable
|
206
|
+
# rubocop:enable Layout/LineLength
|
199
207
|
end
|
200
208
|
|
201
209
|
###
|
@@ -220,14 +228,14 @@ class Settings
|
|
220
228
|
end
|
221
229
|
|
222
230
|
def securable
|
223
|
-
Settings.new(metadata.merge(
|
231
|
+
Settings.new(**metadata.merge(
|
224
232
|
settings: raw_data,
|
225
233
|
pre_filters: [Filters::SecureFilter],
|
226
234
|
))
|
227
235
|
end
|
228
236
|
|
229
237
|
def secure
|
230
|
-
Settings.new(metadata.merge(
|
238
|
+
Settings.new(**metadata.merge(
|
231
239
|
settings: raw_data,
|
232
240
|
pre_filters: [Filters::EncryptionFilter],
|
233
241
|
post_filters: [Filters::TranslateSecureKeysFilter],
|
@@ -235,7 +243,7 @@ class Settings
|
|
235
243
|
end
|
236
244
|
|
237
245
|
def insecure
|
238
|
-
Settings.new(metadata.merge(
|
246
|
+
Settings.new(**metadata.merge(
|
239
247
|
settings: raw_data,
|
240
248
|
pre_filters: [Filters::InsecureFilter],
|
241
249
|
post_filters: [Filters::TranslateSecureKeysFilter],
|
@@ -265,23 +273,17 @@ class Settings
|
|
265
273
|
# rubocop:disable Naming/MemoizedInstanceVariableName
|
266
274
|
def raw_data
|
267
275
|
@filtered_raw_data ||= pre_filters.inject(@raw_data) do |filtered_data, filter|
|
268
|
-
filter.execute({ data: filtered_data }.
|
269
|
-
merge(metadata))
|
276
|
+
filter.execute(**{ data: filtered_data }.merge(metadata))
|
270
277
|
end
|
271
278
|
end
|
272
279
|
# rubocop:enable Naming/MemoizedInstanceVariableName
|
273
280
|
|
274
281
|
def data
|
275
282
|
@data ||= post_filters.inject(raw_data) do |filtered_data, filter|
|
276
|
-
filter.execute({ data: filtered_data }.
|
277
|
-
merge(metadata))
|
283
|
+
filter.execute(**{ data: filtered_data }.merge(metadata))
|
278
284
|
end
|
279
285
|
end
|
280
286
|
|
281
|
-
def secure_key_prefix
|
282
|
-
'_secure_'
|
283
|
-
end
|
284
|
-
|
285
287
|
def metadata
|
286
288
|
{
|
287
289
|
decryption_keys: decryption_keys,
|