chamber 2.14.3 → 3.0.0rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/lib/chamber/adapters/cloud/heroku.rb +4 -4
- data/lib/chamber/binary/circle_ci.rb +8 -7
- data/lib/chamber/binary/heroku.rb +8 -7
- data/lib/chamber/binary/runner.rb +11 -10
- data/lib/chamber/binary/travis.rb +7 -3
- data/lib/chamber/commands/securable.rb +4 -1
- data/lib/chamber/context_resolver.rb +0 -1
- data/lib/chamber/encryption_methods/public_key.rb +1 -27
- data/lib/chamber/encryption_methods/ssl.rb +2 -28
- data/lib/chamber/file.rb +5 -28
- data/lib/chamber/file_set.rb +1 -7
- data/lib/chamber/filters/decryption_filter.rb +6 -6
- data/lib/chamber/filters/encryption_filter.rb +8 -5
- data/lib/chamber/filters/environment_filter.rb +11 -10
- data/lib/chamber/filters/failed_decryption_filter.rb +4 -1
- data/lib/chamber/filters/insecure_filter.rb +1 -2
- data/lib/chamber/filters/namespace_filter.rb +9 -5
- data/lib/chamber/filters/secure_filter.rb +5 -3
- data/lib/chamber/filters/translate_secure_keys_filter.rb +5 -3
- data/lib/chamber/instance.rb +7 -14
- data/lib/chamber/keys/base.rb +2 -2
- data/lib/chamber/refinements/array.rb +20 -0
- data/lib/chamber/refinements/deep_dup.rb +58 -0
- data/lib/chamber/refinements/enumerable.rb +20 -9
- data/lib/chamber/refinements/hash.rb +51 -0
- data/lib/chamber/rubinius_fix.rb +1 -1
- data/lib/chamber/settings.rb +24 -41
- data/lib/chamber/types/secured.rb +13 -13
- data/lib/chamber/version.rb +1 -1
- data/lib/chamber.rb +0 -11
- data.tar.gz.sig +4 -1
- metadata +24 -39
- metadata.gz.sig +0 -0
- data/lib/chamber/core_ext/hash.rb +0 -15
- data/lib/chamber/errors/non_conforming_key.rb +0 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3119f8787d3c63913a0ab69a0114cbf6d43a154ad1703aef610a2b02720b0cbc
|
4
|
+
data.tar.gz: ed25f8e4a9f93045c94aba4776fa6a0296f9db9f1312e4a1dadeb35343eba140
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: acc3d5daf9e6570ccf16e76b8433e8d0912cdd85f4858f6634ee37531aa6a1c53b47621afeb21c0b9524eea6f8af3a02b52872f843b28a3f94d3e20bfa582880
|
7
|
+
data.tar.gz: 39a117062b19f734066f11c405730e499cc0325e6b2e3fd208aa68a930645e28f6b88f4f98e43133e8b70457d82ac3860f426b1385611b0d4b924003f79f0490
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
@@ -20,18 +20,18 @@ class Heroku
|
|
20
20
|
self.app = app
|
21
21
|
end
|
22
22
|
|
23
|
-
def add_environment_variable(name, value)
|
23
|
+
def add_environment_variable(name, value) # rubocop:disable Metrics/AbcSize
|
24
24
|
value = value.gsub(/\n/, '\n') if value
|
25
25
|
request = ::Net::HTTP::Patch.new(config_vars_uri)
|
26
26
|
|
27
27
|
request['Authorization'] = "Bearer #{api_token}"
|
28
28
|
request['Accept'] = 'application/vnd.heroku+json; version=3'
|
29
29
|
request['Content-Type'] = 'application/json'
|
30
|
-
request.body = ::JSON.dump(
|
30
|
+
request.body = ::JSON.dump(::Hash[name, value])
|
31
31
|
|
32
32
|
response = ::JSON.parse(response(request).body)
|
33
33
|
|
34
|
-
fail NameError, response['message'] if response['message']
|
34
|
+
fail ::NameError, response['message'] if response['message']
|
35
35
|
|
36
36
|
response
|
37
37
|
end
|
@@ -44,7 +44,7 @@ class Heroku
|
|
44
44
|
|
45
45
|
response = ::JSON.parse(response(request).body)
|
46
46
|
|
47
|
-
fail NameError, response['message'] if response['message']
|
47
|
+
fail ::NameError, response['message'] if response['message']
|
48
48
|
|
49
49
|
response
|
50
50
|
end
|
@@ -1,16 +1,17 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'thor'
|
4
|
-
require 'chamber/core_ext/hash'
|
5
4
|
require 'chamber/commands/cloud/clear'
|
6
5
|
require 'chamber/commands/cloud/push'
|
7
6
|
require 'chamber/commands/cloud/pull'
|
8
7
|
require 'chamber/commands/cloud/compare'
|
8
|
+
require 'chamber/refinements/hash'
|
9
9
|
|
10
10
|
module Chamber
|
11
11
|
module Binary
|
12
|
-
class CircleCi < Thor
|
13
|
-
include Thor::Actions
|
12
|
+
class CircleCi < ::Thor
|
13
|
+
include ::Thor::Actions
|
14
|
+
using ::Chamber::Refinements::Hash
|
14
15
|
|
15
16
|
class_option :api_token,
|
16
17
|
type: :string,
|
@@ -49,7 +50,7 @@ class CircleCi < Thor
|
|
49
50
|
|
50
51
|
def clear
|
51
52
|
Commands::Cloud::Clear.call(**options
|
52
|
-
.
|
53
|
+
.deep_transform_keys(&:to_sym)
|
53
54
|
.merge(shell: self, adapter: 'circle_ci'))
|
54
55
|
end
|
55
56
|
|
@@ -81,7 +82,7 @@ class CircleCi < Thor
|
|
81
82
|
|
82
83
|
def push
|
83
84
|
Commands::Cloud::Push.call(**options
|
84
|
-
.
|
85
|
+
.deep_transform_keys(&:to_sym)
|
85
86
|
.merge(shell: self, adapter: 'circle_ci'))
|
86
87
|
end
|
87
88
|
|
@@ -96,7 +97,7 @@ class CircleCi < Thor
|
|
96
97
|
|
97
98
|
def pull
|
98
99
|
Commands::Cloud::Pull.call(**options
|
99
|
-
.
|
100
|
+
.deep_transform_keys(&:to_sym)
|
100
101
|
.merge(shell: self, adapter: 'circle_ci'))
|
101
102
|
end
|
102
103
|
|
@@ -114,7 +115,7 @@ class CircleCi < Thor
|
|
114
115
|
|
115
116
|
def compare
|
116
117
|
Commands::Cloud::Compare.call(**options
|
117
|
-
.
|
118
|
+
.deep_transform_keys(&:to_sym)
|
118
119
|
.merge(shell: self, adapter: 'circle_ci'))
|
119
120
|
end
|
120
121
|
end
|
@@ -1,16 +1,17 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'thor'
|
4
|
-
require 'chamber/core_ext/hash'
|
5
4
|
require 'chamber/commands/cloud/clear'
|
6
5
|
require 'chamber/commands/cloud/push'
|
7
6
|
require 'chamber/commands/cloud/pull'
|
8
7
|
require 'chamber/commands/cloud/compare'
|
8
|
+
require 'chamber/refinements/hash'
|
9
9
|
|
10
10
|
module Chamber
|
11
11
|
module Binary
|
12
|
-
class Heroku < Thor
|
13
|
-
include Thor::Actions
|
12
|
+
class Heroku < ::Thor
|
13
|
+
include ::Thor::Actions
|
14
|
+
using ::Chamber::Refinements::Hash
|
14
15
|
|
15
16
|
class_option :app,
|
16
17
|
type: :string,
|
@@ -37,7 +38,7 @@ class Heroku < Thor
|
|
37
38
|
|
38
39
|
def clear
|
39
40
|
Commands::Cloud::Clear.call(**options
|
40
|
-
.
|
41
|
+
.deep_transform_keys(&:to_sym)
|
41
42
|
.merge(shell: self, adapter: 'heroku'))
|
42
43
|
end
|
43
44
|
|
@@ -69,7 +70,7 @@ class Heroku < Thor
|
|
69
70
|
|
70
71
|
def push
|
71
72
|
Commands::Cloud::Push.call(**options
|
72
|
-
.
|
73
|
+
.deep_transform_keys(&:to_sym)
|
73
74
|
.merge(shell: self, adapter: 'heroku'))
|
74
75
|
end
|
75
76
|
|
@@ -84,7 +85,7 @@ class Heroku < Thor
|
|
84
85
|
|
85
86
|
def pull
|
86
87
|
Commands::Cloud::Pull.call(**options
|
87
|
-
.
|
88
|
+
.deep_transform_keys(&:to_sym)
|
88
89
|
.merge(shell: self, adapter: 'heroku'))
|
89
90
|
end
|
90
91
|
|
@@ -102,7 +103,7 @@ class Heroku < Thor
|
|
102
103
|
|
103
104
|
def compare
|
104
105
|
Commands::Cloud::Compare.call(**options
|
105
|
-
.
|
106
|
+
.deep_transform_keys(&:to_sym)
|
106
107
|
.merge(shell: self, adapter: 'heroku'))
|
107
108
|
end
|
108
109
|
end
|
@@ -1,7 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'thor'
|
4
|
-
require 'chamber/core_ext/hash'
|
5
4
|
require 'chamber/rubinius_fix'
|
6
5
|
require 'chamber/binary/travis'
|
7
6
|
require 'chamber/binary/heroku'
|
@@ -13,11 +12,13 @@ require 'chamber/commands/sign'
|
|
13
12
|
require 'chamber/commands/verify'
|
14
13
|
require 'chamber/commands/compare'
|
15
14
|
require 'chamber/commands/initialize'
|
15
|
+
require 'chamber/refinements/hash'
|
16
16
|
|
17
17
|
module Chamber
|
18
18
|
module Binary
|
19
|
-
class Runner < Thor
|
20
|
-
include Thor::Actions
|
19
|
+
class Runner < ::Thor
|
20
|
+
include ::Thor::Actions
|
21
|
+
using ::Chamber::Refinements::Hash
|
21
22
|
|
22
23
|
source_root ::File.expand_path('../../../templates', __dir__)
|
23
24
|
|
@@ -93,7 +94,7 @@ class Runner < Thor
|
|
93
94
|
'Useful for debugging.'
|
94
95
|
|
95
96
|
def show
|
96
|
-
puts Commands::Show.call(**options.
|
97
|
+
puts Commands::Show.call(**options.deep_transform_keys(&:to_sym).merge(shell: self))
|
97
98
|
end
|
98
99
|
|
99
100
|
################################################################################
|
@@ -101,7 +102,7 @@ class Runner < Thor
|
|
101
102
|
desc 'files', 'Lists the settings files which are parsed with the given options'
|
102
103
|
|
103
104
|
def files
|
104
|
-
puts Commands::Files.call(**options.
|
105
|
+
puts Commands::Files.call(**options.deep_transform_keys(&:to_sym).merge(shell: self))
|
105
106
|
end
|
106
107
|
|
107
108
|
################################################################################
|
@@ -131,7 +132,7 @@ class Runner < Thor
|
|
131
132
|
'destination of the comparison'
|
132
133
|
|
133
134
|
def compare
|
134
|
-
Commands::Compare.call(**options.
|
135
|
+
Commands::Compare.call(**options.deep_transform_keys(&:to_sym).merge(shell: self))
|
135
136
|
end
|
136
137
|
|
137
138
|
################################################################################
|
@@ -151,7 +152,7 @@ class Runner < Thor
|
|
151
152
|
'what values would be encrypted'
|
152
153
|
|
153
154
|
def secure
|
154
|
-
Commands::Secure.call(**options.
|
155
|
+
Commands::Secure.call(**options.deep_transform_keys(&:to_sym).merge(shell: self))
|
155
156
|
end
|
156
157
|
|
157
158
|
################################################################################
|
@@ -170,9 +171,9 @@ class Runner < Thor
|
|
170
171
|
|
171
172
|
def sign
|
172
173
|
if options[:verify]
|
173
|
-
Commands::Verify.call(**options.
|
174
|
+
Commands::Verify.call(**options.deep_transform_keys(&:to_sym).merge(shell: self))
|
174
175
|
else
|
175
|
-
Commands::Sign.call(**options.
|
176
|
+
Commands::Sign.call(**options.deep_transform_keys(&:to_sym).merge(shell: self))
|
176
177
|
end
|
177
178
|
end
|
178
179
|
|
@@ -186,7 +187,7 @@ class Runner < Thor
|
|
186
187
|
default: false
|
187
188
|
|
188
189
|
def init
|
189
|
-
Commands::Initialize.call(**options.
|
190
|
+
Commands::Initialize.call(**options.deep_transform_keys(&:to_sym).merge(shell: self))
|
190
191
|
end
|
191
192
|
end
|
192
193
|
end
|
@@ -1,12 +1,14 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'thor'
|
4
|
-
require 'chamber/core_ext/hash'
|
5
4
|
require 'chamber/commands/travis/secure'
|
5
|
+
require 'chamber/refinements/hash'
|
6
6
|
|
7
7
|
module Chamber
|
8
8
|
module Binary
|
9
|
-
class Travis < Thor
|
9
|
+
class Travis < ::Thor
|
10
|
+
using ::Chamber::Refinements::Hash
|
11
|
+
|
10
12
|
desc 'secure',
|
11
13
|
'Uses your Travis CI public key to encrypt the settings you have ' \
|
12
14
|
'chosen not to commit to the repo'
|
@@ -26,7 +28,9 @@ class Travis < Thor
|
|
26
28
|
'which are marked as "_secure"'
|
27
29
|
|
28
30
|
def secure
|
29
|
-
Commands::Travis::Secure.call(**options
|
31
|
+
Commands::Travis::Secure.call(**options
|
32
|
+
.deep_transform_keys(&:to_sym)
|
33
|
+
.merge(shell: self))
|
30
34
|
end
|
31
35
|
end
|
32
36
|
end
|
@@ -2,15 +2,18 @@
|
|
2
2
|
|
3
3
|
require 'shellwords'
|
4
4
|
require 'chamber/instance'
|
5
|
+
require 'chamber/refinements/hash'
|
5
6
|
|
6
7
|
module Chamber
|
7
8
|
module Commands
|
8
9
|
module Securable
|
10
|
+
using ::Chamber::Refinements::Hash
|
11
|
+
|
9
12
|
def initialize(only_sensitive: nil, **args)
|
10
13
|
super(**args)
|
11
14
|
|
12
15
|
ignored_settings_options = args
|
13
|
-
.
|
16
|
+
.deep_merge(files: ignored_settings_filepaths)
|
14
17
|
.reject { |k, _v| k == 'basepath' }
|
15
18
|
self.ignored_settings_instance = Chamber::Instance.new(**ignored_settings_options)
|
16
19
|
self.current_settings_instance = Chamber::Instance.new(**args)
|
@@ -20,33 +20,7 @@ class PublicKey
|
|
20
20
|
unencrypted_value = decryption_key.private_decrypt(decoded_string)
|
21
21
|
|
22
22
|
begin
|
23
|
-
_unserialized_value =
|
24
|
-
YAML.safe_load(unencrypted_value,
|
25
|
-
aliases: true,
|
26
|
-
permitted_classes: [
|
27
|
-
::Date,
|
28
|
-
::Time,
|
29
|
-
::Regexp,
|
30
|
-
])
|
31
|
-
rescue ::Psych::DisallowedClass => error
|
32
|
-
warn <<-HEREDOC
|
33
|
-
WARNING: Recursive data structures (complex classes) being loaded from Chamber
|
34
|
-
has been deprecated and will be removed in 3.0.
|
35
|
-
|
36
|
-
See https://github.com/thekompanee/chamber/wiki/Upgrading-To-Chamber-3.0#limiting-complex-classes
|
37
|
-
for full details.
|
38
|
-
|
39
|
-
#{error.message}
|
40
|
-
|
41
|
-
Called from: '#{caller.to_a[8]}'
|
42
|
-
HEREDOC
|
43
|
-
|
44
|
-
if YAML.respond_to?(:unsafe_load)
|
45
|
-
YAML.unsafe_load(unencrypted_value)
|
46
|
-
else
|
47
|
-
YAML.load(unencrypted_value)
|
48
|
-
end
|
49
|
-
end
|
23
|
+
_unserialized_value = YAML.load(unencrypted_value)
|
50
24
|
rescue TypeError
|
51
25
|
unencrypted_value
|
52
26
|
end
|
@@ -35,7 +35,7 @@ class Ssl
|
|
35
35
|
Base64.strict_encode64(encrypted_data)
|
36
36
|
end
|
37
37
|
|
38
|
-
def self.decrypt(key, value, decryption_keys) # rubocop:disable Metrics/AbcSize
|
38
|
+
def self.decrypt(key, value, decryption_keys) # rubocop:disable Metrics/AbcSize
|
39
39
|
if decryption_keys.nil?
|
40
40
|
value
|
41
41
|
else
|
@@ -62,33 +62,7 @@ class Ssl
|
|
62
62
|
end
|
63
63
|
|
64
64
|
begin
|
65
|
-
_unserialized_value =
|
66
|
-
YAML.safe_load(unencrypted_value,
|
67
|
-
aliases: true,
|
68
|
-
permitted_classes: [
|
69
|
-
::Date,
|
70
|
-
::Time,
|
71
|
-
::Regexp,
|
72
|
-
])
|
73
|
-
rescue ::Psych::DisallowedClass => error
|
74
|
-
warn <<-HEREDOC
|
75
|
-
WARNING: Recursive data structures (complex classes) being loaded from Chamber
|
76
|
-
has been deprecated and will be removed in 3.0.
|
77
|
-
|
78
|
-
See https://github.com/thekompanee/chamber/wiki/Upgrading-To-Chamber-3.0#limiting-complex-classes
|
79
|
-
for full details.
|
80
|
-
|
81
|
-
#{error.message}
|
82
|
-
|
83
|
-
Called from: '#{caller.to_a[8]}'
|
84
|
-
HEREDOC
|
85
|
-
|
86
|
-
if YAML.respond_to?(:unsafe_load)
|
87
|
-
YAML.unsafe_load(unencrypted_value)
|
88
|
-
else
|
89
|
-
YAML.load(unencrypted_value)
|
90
|
-
end
|
91
|
-
end
|
65
|
+
_unserialized_value = YAML.load(unencrypted_value)
|
92
66
|
rescue TypeError
|
93
67
|
unencrypted_value
|
94
68
|
end
|
data/lib/chamber/file.rb
CHANGED
@@ -4,6 +4,7 @@ require 'pathname'
|
|
4
4
|
require 'yaml'
|
5
5
|
require 'erb'
|
6
6
|
require 'chamber/files/signature'
|
7
|
+
require 'chamber/refinements/hash'
|
7
8
|
|
8
9
|
###
|
9
10
|
# Internal: Represents a single file containing settings information in a given
|
@@ -11,6 +12,8 @@ require 'chamber/files/signature'
|
|
11
12
|
#
|
12
13
|
module Chamber
|
13
14
|
class File < Pathname
|
15
|
+
using ::Chamber::Refinements::Hash
|
16
|
+
|
14
17
|
attr_accessor :namespaces,
|
15
18
|
:decryption_keys,
|
16
19
|
:encryption_keys,
|
@@ -139,37 +142,11 @@ class File < Pathname
|
|
139
142
|
@secure_prefix_pattern ||= Regexp.escape(secure_prefix)
|
140
143
|
end
|
141
144
|
|
142
|
-
def file_contents_hash
|
145
|
+
def file_contents_hash
|
143
146
|
file_contents = read
|
144
147
|
erb_result = ERB.new(file_contents).result
|
145
148
|
|
146
|
-
|
147
|
-
YAML.safe_load(erb_result,
|
148
|
-
aliases: true,
|
149
|
-
permitted_classes: [
|
150
|
-
::Date,
|
151
|
-
::Time,
|
152
|
-
::Regexp,
|
153
|
-
]) || {}
|
154
|
-
rescue ::Psych::DisallowedClass => error
|
155
|
-
warn <<-HEREDOC
|
156
|
-
WARNING: Recursive data structures (complex classes) being loaded from Chamber
|
157
|
-
has been deprecated and will be removed in 3.0.
|
158
|
-
|
159
|
-
See https://github.com/thekompanee/chamber/wiki/Upgrading-To-Chamber-3.0#limiting-complex-classes
|
160
|
-
for full details.
|
161
|
-
|
162
|
-
#{error.message}
|
163
|
-
|
164
|
-
Called from: '#{caller.to_a[2]}'
|
165
|
-
HEREDOC
|
166
|
-
|
167
|
-
if YAML.respond_to?(:unsafe_load)
|
168
|
-
YAML.unsafe_load(erb_result) || {}
|
169
|
-
else
|
170
|
-
YAML.load(erb_result) || {}
|
171
|
-
end
|
172
|
-
end
|
149
|
+
(YAML.load(erb_result) || {}).deep_transform_keys(&:to_s)
|
173
150
|
rescue Errno::ENOENT
|
174
151
|
{}
|
175
152
|
end
|
data/lib/chamber/file_set.rb
CHANGED
@@ -256,15 +256,9 @@ class FileSet
|
|
256
256
|
|
257
257
|
private
|
258
258
|
|
259
|
-
# rubocop:disable Performance/ChainArrayAllocation
|
260
259
|
def all_files
|
261
|
-
@all_files ||= file_globs
|
262
|
-
.map { |fg| Pathname.glob(fg) }
|
263
|
-
.flatten
|
264
|
-
.uniq
|
265
|
-
.sort
|
260
|
+
@all_files ||= file_globs.map { |fg| Pathname.glob(fg) }.flatten.uniq.sort # rubocop:disable Performance/ChainArrayAllocation
|
266
261
|
end
|
267
|
-
# rubocop:enable Performance/ChainArrayAllocation
|
268
262
|
|
269
263
|
def non_namespaced_files
|
270
264
|
@non_namespaced_files ||= all_files - namespaced_files
|
@@ -2,16 +2,18 @@
|
|
2
2
|
|
3
3
|
require 'openssl'
|
4
4
|
require 'base64'
|
5
|
-
require 'hashie/mash'
|
6
5
|
require 'yaml'
|
7
6
|
require 'chamber/encryption_methods/public_key'
|
8
7
|
require 'chamber/encryption_methods/ssl'
|
9
8
|
require 'chamber/encryption_methods/none'
|
10
9
|
require 'chamber/errors/decryption_failure'
|
10
|
+
require 'chamber/refinements/deep_dup'
|
11
11
|
|
12
12
|
module Chamber
|
13
13
|
module Filters
|
14
14
|
class DecryptionFilter
|
15
|
+
using ::Chamber::Refinements::DeepDup
|
16
|
+
|
15
17
|
BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
|
16
18
|
LARGE_DATA_STRING_PATTERN = %r{
|
17
19
|
\A # Beginning of String
|
@@ -35,7 +37,7 @@ class DecryptionFilter
|
|
35
37
|
|
36
38
|
def initialize(data:, secure_key_prefix:, decryption_keys: {}, **_args)
|
37
39
|
self.decryption_keys = decryption_keys || {}
|
38
|
-
self.data = data.
|
40
|
+
self.data = data.deep_dup
|
39
41
|
self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
|
40
42
|
end
|
41
43
|
|
@@ -46,7 +48,7 @@ class DecryptionFilter
|
|
46
48
|
protected
|
47
49
|
|
48
50
|
def execute(raw_data = data)
|
49
|
-
settings =
|
51
|
+
settings = {}
|
50
52
|
|
51
53
|
raw_data.each_pair do |key, value|
|
52
54
|
settings[key] = if value.respond_to? :each_pair
|
@@ -75,7 +77,6 @@ class DecryptionFilter
|
|
75
77
|
|
76
78
|
private
|
77
79
|
|
78
|
-
# rubocop:disable Style/RedundantBegin
|
79
80
|
def decrypt(key, value)
|
80
81
|
method = decryption_method(value)
|
81
82
|
|
@@ -89,10 +90,9 @@ class DecryptionFilter
|
|
89
90
|
|
90
91
|
value
|
91
92
|
end
|
92
|
-
# rubocop:enable Style/RedundantBegin
|
93
93
|
|
94
94
|
def decryption_method(value)
|
95
|
-
if value.
|
95
|
+
if value.respond_to?(:match)
|
96
96
|
if value.match(BASE64_STRING_PATTERN)
|
97
97
|
EncryptionMethods::PublicKey
|
98
98
|
elsif value.match(LARGE_DATA_STRING_PATTERN)
|
@@ -1,15 +1,17 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'openssl'
|
4
|
-
require 'hashie/mash'
|
5
4
|
require 'yaml'
|
6
5
|
require 'chamber/encryption_methods/public_key'
|
7
6
|
require 'chamber/encryption_methods/ssl'
|
8
7
|
require 'chamber/encryption_methods/none'
|
8
|
+
require 'chamber/refinements/deep_dup'
|
9
9
|
|
10
10
|
module Chamber
|
11
11
|
module Filters
|
12
12
|
class EncryptionFilter
|
13
|
+
using ::Chamber::Refinements::DeepDup
|
14
|
+
|
13
15
|
BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
|
14
16
|
BASE64_SUBSTRING_PATTERN = %r{[A-Za-z0-9+/#]*={0,2}}.freeze
|
15
17
|
LARGE_DATA_STRING_PATTERN = /
|
@@ -28,7 +30,7 @@ class EncryptionFilter
|
|
28
30
|
|
29
31
|
def initialize(data:, secure_key_prefix:, encryption_keys: {}, **_args)
|
30
32
|
self.encryption_keys = encryption_keys || {}
|
31
|
-
self.data = data.
|
33
|
+
self.data = data.deep_dup
|
32
34
|
self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
|
33
35
|
end
|
34
36
|
|
@@ -39,7 +41,7 @@ class EncryptionFilter
|
|
39
41
|
protected
|
40
42
|
|
41
43
|
def execute(raw_data = data, namespace = nil)
|
42
|
-
raw_data.each_with_object(
|
44
|
+
raw_data.each_with_object({}) do |(key, value), settings|
|
43
45
|
settings[key] = if value.respond_to? :each_pair
|
44
46
|
execute(value, namespace || key)
|
45
47
|
elsif key.match(secure_key_token)
|
@@ -67,7 +69,8 @@ class EncryptionFilter
|
|
67
69
|
|
68
70
|
def encrypt(namespace, key, value)
|
69
71
|
method = encryption_method(value)
|
70
|
-
|
72
|
+
namespace_key = namespace ? namespace.to_sym : nil
|
73
|
+
encryption_key = encryption_keys[namespace_key] || encryption_keys[:__default]
|
71
74
|
|
72
75
|
return value unless encryption_key
|
73
76
|
|
@@ -75,7 +78,7 @@ class EncryptionFilter
|
|
75
78
|
end
|
76
79
|
|
77
80
|
def encryption_method(value)
|
78
|
-
value_is_encrypted = value.
|
81
|
+
value_is_encrypted = value.respond_to?(:match) &&
|
79
82
|
(value.match(BASE64_STRING_PATTERN) ||
|
80
83
|
value.match(LARGE_DATA_STRING_PATTERN))
|
81
84
|
|
@@ -1,13 +1,16 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'yaml'
|
4
|
-
require 'hashie/mash'
|
5
|
-
|
6
4
|
require 'chamber/errors/environment_conversion'
|
5
|
+
require 'chamber/refinements/hash'
|
6
|
+
require 'chamber/refinements/deep_dup'
|
7
7
|
|
8
8
|
module Chamber
|
9
9
|
module Filters
|
10
10
|
class EnvironmentFilter
|
11
|
+
using ::Chamber::Refinements::Hash
|
12
|
+
using ::Chamber::Refinements::DeepDup
|
13
|
+
|
11
14
|
###
|
12
15
|
# Internal: Allows the existing environment to be injected into the passed in
|
13
16
|
# hash. The hash that is passed in is *not* modified, instead a new hash is
|
@@ -110,11 +113,9 @@ class EnvironmentFilter
|
|
110
113
|
{ key => execute(value, environment_keys) }
|
111
114
|
end,
|
112
115
|
lambda do |key, value, environment_key|
|
113
|
-
{
|
114
|
-
key => convert_environment_value(environment_key,
|
116
|
+
{ key => convert_environment_value(environment_key,
|
115
117
|
ENV[environment_key],
|
116
|
-
value)
|
117
|
-
}
|
118
|
+
value) }
|
118
119
|
end,
|
119
120
|
)
|
120
121
|
end
|
@@ -122,18 +123,18 @@ class EnvironmentFilter
|
|
122
123
|
private
|
123
124
|
|
124
125
|
def with_environment(settings, parent_keys, hash_block, value_block)
|
125
|
-
environment_hash =
|
126
|
+
environment_hash = {}
|
126
127
|
|
127
128
|
settings.each_pair do |key, value|
|
128
129
|
environment_key = key.to_s.gsub(secure_key_token, '')
|
129
|
-
environment_keys = parent_keys.
|
130
|
+
environment_keys = parent_keys.deep_dup.push(environment_key)
|
130
131
|
|
131
132
|
if value.respond_to? :each_pair
|
132
|
-
environment_hash.
|
133
|
+
environment_hash.deep_merge!(hash_block.call(key, value, environment_keys))
|
133
134
|
else
|
134
135
|
environment_key = environment_keys.join('_').upcase
|
135
136
|
|
136
|
-
environment_hash.
|
137
|
+
environment_hash.deep_merge!(value_block.call(key, value, environment_key))
|
137
138
|
end
|
138
139
|
end
|
139
140
|
|
@@ -1,10 +1,13 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'chamber/errors/decryption_failure'
|
4
|
+
require 'chamber/refinements/deep_dup'
|
4
5
|
|
5
6
|
module Chamber
|
6
7
|
module Filters
|
7
8
|
class FailedDecryptionFilter
|
9
|
+
using ::Chamber::Refinements::DeepDup
|
10
|
+
|
8
11
|
BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
|
9
12
|
|
10
13
|
def self.execute(**args)
|
@@ -15,7 +18,7 @@ class FailedDecryptionFilter
|
|
15
18
|
:secure_key_token
|
16
19
|
|
17
20
|
def initialize(data:, secure_key_prefix:, **_args)
|
18
|
-
self.data = data.
|
21
|
+
self.data = data.deep_dup
|
19
22
|
self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
|
20
23
|
end
|
21
24
|
|
@@ -1,6 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require 'hashie/mash'
|
4
3
|
require 'chamber/filters/secure_filter'
|
5
4
|
|
6
5
|
module Chamber
|
@@ -22,7 +21,7 @@ class InsecureFilter < SecureFilter
|
|
22
21
|
|
23
22
|
def execute(raw_data = data) # rubocop:disable Metrics/CyclomaticComplexity
|
24
23
|
securable_settings = super
|
25
|
-
settings =
|
24
|
+
settings = {}
|
26
25
|
|
27
26
|
securable_settings.each_pair do |key, value|
|
28
27
|
value = if value.respond_to? :each_pair
|