chamber 2.4.0 → 2.7.1

data/lib/chamber/commands/securable.rb

@@ -4,13 +4,12 @@ require 'chamber/instance'
 module  Chamber
 module  Commands
 module  Securable
-
   def initialize(options = {})
     super
 
     ignored_settings_options        = options.
                                         merge(files: ignored_settings_filepaths).
-                                        reject { |k, v| k == 'basepath' }
+                                        reject { |k, _v| k == 'basepath' }
     self.ignored_settings_instance  = Chamber::Instance.new(ignored_settings_options)
     self.current_settings_instance  = Chamber::Instance.new(options)
     self.only_sensitive             = options[:only_sensitive]
@@ -47,9 +46,15 @@ module  Securable
   end
 
   def ignored_settings_filepaths
-    shell_escaped_chamber_filenames = chamber.filenames.map { |filename| Shellwords.escape(filename) }
+    shell_escaped_chamber_filenames = chamber.filenames.map do |filename|
+      Shellwords.escape(filename)
+    end
 
-    `git ls-files --other --ignored --exclude-from=.gitignore | sed -e "s|^|#{Shellwords.escape(rootpath.to_s)}/|" | grep --colour=never -E '#{shell_escaped_chamber_filenames.join('|')}'`.split("\n")
+    `
+      git ls-files --other --ignored --exclude-from=.gitignore |
+      sed -e "s|^|#{Shellwords.escape(rootpath.to_s)}/|" |
+      grep --colour=never -E '#{shell_escaped_chamber_filenames.join('|')}'
+    `.split("\n")
   end
 end
 end

data/lib/chamber/commands/secure.rb

@@ -11,7 +11,7 @@ class   Secure < Chamber::Commands::Base
 
   def call
     disable_warnings do
-      insecure_environment_variables.each do |key, value|
+      insecure_environment_variables.each do |key, _value|
         if dry_run
           shell.say_status 'encrypt', key, :blue
         else

data/lib/chamber/commands/show.rb

@@ -4,20 +4,36 @@ require 'chamber/commands/base'
 module  Chamber
 module  Commands
 class   Show < Chamber::Commands::Base
-
   def initialize(options = {})
     super
 
-    self.as_env = options[:as_env]
+    self.as_env         = options[:as_env]
+    self.only_sensitive = options[:only_sensitive]
   end
 
   def call
-    as_env ? chamber.to_s(pair_separator: "\n") : PP.pp(chamber.to_hash, StringIO.new, 60).string.chomp
+    if as_env
+      settings.to_s(pair_separator: "\n")
+    else
+      PP.
+      pp(settings.to_hash, StringIO.new, 60).
+      string.
+      chomp
+    end
   end
 
   protected
 
-  attr_accessor :as_env
+  attr_accessor :as_env,
+                :only_sensitive
+
+  def settings
+    @settings ||= if only_sensitive
+                    chamber.settings.securable
+                  else
+                    chamber.settings
+                  end
+  end
 end
 end
 end

data/lib/chamber/commands/travis.rb

@@ -3,7 +3,6 @@ require 'bundler'
 module  Chamber
 module  Commands
 module  Travis
-
   protected
 
   def travis_encrypt(command)

data/lib/chamber/configuration.rb

@@ -20,11 +20,11 @@ class   Configuration
 
   def to_hash
     {
-      basepath:       self.basepath,
-      decryption_key: self.decryption_key,
-      encryption_key: self.encryption_key,
-      files:          self.files,
-      namespaces:     self.namespaces,
+      basepath:       basepath,
+      decryption_key: decryption_key,
+      encryption_key: encryption_key,
+      files:          files,
+      namespaces:     namespaces,
     }
   end
 end

data/lib/chamber/context_resolver.rb

@@ -1,9 +1,10 @@
 require 'pathname'
+require 'socket'
 require 'hashie/mash'
+require 'chamber/decryption_key'
 
 module  Chamber
 class   ContextResolver
-
   def initialize(options = {})
     self.options = Hashie::Mash.new(options)
   end
@@ -22,7 +23,10 @@ class   ContextResolver
       if options[:namespaces] == []
         require options[:rootpath].join('config', 'application')
 
-        options[:namespaces]   = [::Rails.env]
+        options[:namespaces]   = [
+          ::Rails.env,
+          Socket.gethostname,
+        ]
       end
     else
       options[:basepath]     ||= options[:rootpath]
@@ -30,9 +34,8 @@ class   ContextResolver
 
     options[:basepath]         = Pathname.new(options[:basepath])
 
-    options[:files]          ||= [ options[:basepath] + 'credentials*.yml',
-                                   options[:basepath] + 'settings*.yml',
-                                   options[:basepath] + 'settings' ]
+    options[:files]          ||= [options[:basepath] + 'settings*.yml',
+                                  options[:basepath] + 'settings']
 
     options
   rescue LoadError
@@ -40,7 +43,7 @@ class   ContextResolver
   end
 
   def self.resolve(options = {})
-    self.new(options).resolve
+    new(options).resolve
   end
 
   protected
@@ -48,9 +51,7 @@ class   ContextResolver
   attr_accessor :options
 
   def resolve_preset
-    if in_a_rails_project?
-      'rails'
-    end
+    'rails' if in_a_rails_project?
   end
 
   def resolve_encryption_key(key)
@@ -60,9 +61,8 @@ class   ContextResolver
   end
 
   def resolve_decryption_key(key)
-    key ||= options[:rootpath] + '.chamber.pem'
-
-    key if Pathname.new(key).readable?
+    DecryptionKey.resolve(filename: key,
+                          rootpath: options[:rootpath])
   end
 
   def in_a_rails_project?

data/lib/chamber/decryption_key.rb

@@ -0,0 +1,51 @@
+require 'stringio'
+
+module  Chamber
+class   DecryptionKey
+  def initialize(options = {})
+    self.rootpath = options[:rootpath]
+    self.filename = options[:filename] || ''
+  end
+
+  def resolve
+    if filename.readable?
+      filename.read
+    elsif in_environment_variable?
+      environment_variable
+    end
+  end
+
+  def self.resolve(*args)
+    new(*args).resolve
+  end
+
+  protected
+
+  attr_accessor :filename,
+                :rootpath
+
+  def filename=(other)
+    other_file = Pathname.new(other)
+
+    @filename = if other_file.readable?
+                  other_file
+                else
+                  default_file
+                end
+  end
+
+  private
+
+  def in_environment_variable?
+    ENV['CHAMBER_KEY']
+  end
+
+  def environment_variable
+    ENV['CHAMBER_KEY']
+  end
+
+  def default_file
+    Pathname.new(rootpath + '.chamber.pem')
+  end
+end
+end

data/lib/chamber/environmentable.rb

@@ -2,11 +2,14 @@ require 'hashie/mash'
 
 module  Chamber
 module  Environmentable
+  SECURE_KEY_TOKEN = /\A_secure_/
+
   def with_environment(settings, parent_keys, hash_block, value_block)
     environment_hash = Hashie::Mash.new
 
     settings.each_pair do |key, value|
-      environment_keys = parent_keys.dup.push(key)
+      environment_key  = key.to_s.gsub(SECURE_KEY_TOKEN, '')
+      environment_keys = parent_keys.dup.push(environment_key)
 
       if value.respond_to? :each_pair
         environment_hash.merge!(hash_block.call(key, value, environment_keys))

data/lib/chamber/errors/decryption_failure.rb

@@ -0,0 +1,6 @@
+module  Chamber
+module  Errors
+class   DecryptionFailure < RuntimeError
+end
+end
+end

data/lib/chamber/file.rb

@@ -8,7 +8,6 @@ require 'erb'
 #
 module  Chamber
 class   File < Pathname
-
   ###
   # Internal: Creates a settings file representing a path to a file on the
   # filesystem.
@@ -64,16 +63,16 @@ class   File < Pathname
   # ```
   #
   def to_settings
-    @data ||= Settings.new(settings:        file_contents_hash,
-                           namespaces:      namespaces,
-                           decryption_key:  decryption_key,
-                           encryption_key:  encryption_key)
+    @data ||= Settings.new(settings:       file_contents_hash,
+                           namespaces:     namespaces,
+                           decryption_key: decryption_key,
+                           encryption_key: encryption_key)
   end
 
   def secure
     insecure_settings = to_settings.insecure.to_flattened_name_hash
     secure_settings   = to_settings.insecure.secure.to_flattened_name_hash
-    file_contents     = self.read
+    file_contents     = read
 
     insecure_settings.each_pair do |name_pieces, value|
       secure_value  = secure_settings[name_pieces]
@@ -87,7 +86,7 @@ class   File < Pathname
           "\\1_secure_#{name_pieces.last}\\2:\\3#{secure_value}")
     end
 
-    self.write(file_contents)
+    write(file_contents)
   end
 
   protected
@@ -99,7 +98,7 @@ class   File < Pathname
   private
 
   def file_contents_hash
-    file_contents = self.read
+    file_contents = read
     erb_result    = ERB.new(file_contents).result
 
     YAML.load(erb_result) || {}

data/lib/chamber/file_set.rb

@@ -6,10 +6,10 @@ require 'chamber/settings'
 ###
 # Internal: Represents a set of settings files that should be considered for
 # processing. Whether they actually *are* processed depends on their extension
-# (only *.yml files are processed unless explicitly specified), and whether
-# their namespace matches one of the namespaces passed to the FileSet (text
-# after a dash '-' but before the extension is considered the namespace for the
-# file).
+# (only *.yml  and *.yml.erb files are processed unless explicitly specified),
+# and whether their namespace matches one of the namespaces passed to the
+# FileSet (text after a dash '-' but before the extension is considered the
+# namespace for the file).
 #
 # When converted to settings, files are always processed in the order of least
 # specific to most specific.  So if there are two files:
@@ -61,7 +61,7 @@ require 'chamber/settings'
 #   # /tmp/settings-green.yml
 #   # /tmp/settings/another.yml
 #   # /tmp/settings/another.json
-#   # /tmp/settings/yet_another-blue.yml
+#   # /tmp/settings/yet_another-blue.yml.erb
 #   # /tmp/settings/yet_another-green.yml
 #   #
 #
@@ -74,7 +74,7 @@ require 'chamber/settings'
 #
 #   ###
 #   # This will all files in the 'settings' directory but will only process
-#   # 'another.yml' and 'yet_another-blue.yml'
+#   # 'another.yml' and 'yet_another-blue.yml.erb'
 #   #
 #   FileSet.new(files:      '/tmp/settings',
 #               namespaces: {
@@ -110,7 +110,6 @@ require 'chamber/settings'
 #
 module  Chamber
 class   FileSet
-
   def initialize(options = {})
     self.namespaces     = options[:namespaces] || {}
     self.decryption_key = options[:decryption_key]
@@ -208,17 +207,19 @@ class   FileSet
   # duplicates removed.
   #
   def files
-    @files ||= -> do
+    @files ||= lambda do
       sorted_relevant_files = []
 
       file_globs.each do |glob|
         current_glob_files  = Pathname.glob(glob)
         relevant_glob_files = relevant_files & current_glob_files
 
-        relevant_glob_files.map! { |file| File.new( path:           file,
-                                                    namespaces:     namespaces,
-                                                    decryption_key: decryption_key,
-                                                    encryption_key: encryption_key) }
+        relevant_glob_files.map! do |file|
+          File.new(path:           file,
+                   namespaces:     namespaces,
+                   decryption_key: decryption_key,
+                   encryption_key: encryption_key)
+        end
 
         sorted_relevant_files += relevant_glob_files
       end
@@ -243,18 +244,18 @@ class   FileSet
 
   def file_globs
     @file_globs ||= paths.map do |path|
-                      if path.directory?
-                        path + '*.yml'
-                      else
-                        path
-                      end
-                    end
+      if path.directory?
+        path + '*.{yml,yml.erb}'
+      else
+        path
+      end
+    end
   end
 
   def namespaced_files
     @namespaced_files ||= all_files.select do |file|
-                            file.basename.fnmatch? '*-*'
-                          end
+      file.basename.fnmatch? '*-*'
+    end
   end
 
   def relevant_namespaced_files
@@ -262,8 +263,8 @@ class   FileSet
 
     namespaces.each do |namespace|
       file_holder << namespaced_files.select do |file|
-                       file.basename.fnmatch? "*-#{namespace}.???"
-                     end
+        file.basename.fnmatch? "*-#{namespace}.???"
+      end
     end
 
     file_holder.flatten

data/lib/chamber/filters/boolean_conversion_filter.rb

@@ -1,13 +1,12 @@
 module  Chamber
 module  Filters
 class   BooleanConversionFilter
-
   def initialize(options = {})
     self.data = options.fetch(:data).dup
   end
 
   def self.execute(options = {})
-    self.new(options).send(:execute)
+    new(options).send(:execute)
   end
 
   protected

data/lib/chamber/filters/decryption_filter.rb

@@ -1,13 +1,14 @@
 require 'openssl'
 require 'base64'
 require 'hashie/mash'
-require 'chamber/errors/undecryptable_value_error'
+require 'yaml'
+require 'chamber/errors/decryption_failure'
 
 module  Chamber
 module  Filters
 class   DecryptionFilter
-  SECURE_KEY_TOKEN      = %r{\A_secure_}
-  BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9\+\/]{342}==\z}
+  SECURE_KEY_TOKEN      = /\A_secure_/
+  BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9\+/]{342}==\z}
 
   def initialize(options = {})
     self.decryption_key = options.fetch(:decryption_key, nil)
@@ -15,7 +16,7 @@ class   DecryptionFilter
   end
 
   def self.execute(options = {})
-    self.new(options).send(:execute)
+    new(options).send(:execute)
   end
 
   protected
@@ -27,27 +28,13 @@ class   DecryptionFilter
     settings = Hashie::Mash.new
 
     raw_data.each_pair do |key, value|
-      if value.respond_to? :each_pair
-        value = execute(value)
-      elsif key.match(SECURE_KEY_TOKEN) && value.respond_to?(:match)
-        value = if value.match(BASE64_STRING_PATTERN)
-                  if decryption_key.nil?
-                    value
-                  else
-                    decoded_string = Base64.strict_decode64(value)
-                    decryption_key.private_decrypt(decoded_string)
-                  end
-                else
-                  warn 'WARNING: It appears that you would like to keep your ' \
-                      "information for #{key} secure, however the value for that " \
-                      'setting does not appear to be encrypted. Make sure you run ' \
-                      "'chamber secure' before committing."
-
-                  value
-                end
-      end
-
-      settings[key] = value
+      settings[key] = if value.respond_to? :each_pair
+                        execute(value)
+                      elsif key.match(SECURE_KEY_TOKEN) && value.respond_to?(:match)
+                        read_or_decrypt(key, value)
+                      else
+                        value
+                      end
     end
 
     settings
@@ -64,6 +51,36 @@ class   DecryptionFilter
 
     @decryption_key = OpenSSL::PKey::RSA.new(key_content)
   end
+
+  private
+
+  def read_or_decrypt(key, value)
+    if value.match(BASE64_STRING_PATTERN)
+      decrypt(value)
+    else
+      warn 'WARNING: It appears that you would like to keep your ' \
+           "information for #{key} secure, however the value for that " \
+           'setting does not appear to be encrypted. Make sure you run ' \
+           "'chamber secure' before committing."
+
+      value
+    end
+  end
+
+  def decrypt(value)
+    if decryption_key.nil?
+      value
+    else
+      decoded_string    = Base64.strict_decode64(value)
+      unencrypted_value = decryption_key.private_decrypt(decoded_string)
+
+      begin
+        _unserialized_value = YAML.load(unencrypted_value)
+      rescue TypeError
+        unencrypted_value
+      end
+    end
+  end
 end
 end
 end