chamber 2.4.0 → 2.7.1

data/lib/chamber/filters/encryption_filter.rb

@@ -1,11 +1,12 @@
 require 'openssl'
 require 'base64'
 require 'hashie/mash'
+require 'yaml'
 
 module    Chamber
 module    Filters
 class     EncryptionFilter
-  SECURE_KEY_TOKEN      = %r{\A_secure_}
+  SECURE_KEY_TOKEN      = /\A_secure_/
   BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9\+\/]{342}==\z}
 
   def initialize(options = {})
@@ -14,7 +15,7 @@ class     EncryptionFilter
   end
 
   def self.execute(options = {})
-    self.new(options).send(:execute)
+    new(options).send(:execute)
   end
 
   protected
@@ -28,9 +29,10 @@ class     EncryptionFilter
     raw_data.each_pair do |key, value|
       if value.respond_to? :each_pair
         value = execute(value)
-      elsif value.respond_to? :match
-        if key.match(SECURE_KEY_TOKEN) && !value.match(BASE64_STRING_PATTERN)
-          encrypted_string = encryption_key.public_encrypt(value)
+      elsif key.match(SECURE_KEY_TOKEN)
+        unless value.respond_to?(:match) && value.match(BASE64_STRING_PATTERN)
+          serialized_value = YAML.dump(value)
+          encrypted_string = encryption_key.public_encrypt(serialized_value)
           value            = Base64.strict_encode64(encrypted_string)
         end
       end

data/lib/chamber/filters/environment_filter.rb

@@ -54,7 +54,7 @@ class   EnvironmentFilter
   #
   #
   def self.execute(options = {})
-    self.new(options).send(:execute)
+    new(options).send(:execute)
   end
 
   protected
@@ -63,12 +63,12 @@ class   EnvironmentFilter
 
   def execute(settings = data, parent_keys = [])
     with_environment(settings, parent_keys,
-      ->(key, value, environment_keys) do
-        { key => execute(value, environment_keys) }
-      end,
-      ->(key, value, environment_key) do
-        { key => (ENV[environment_key] || value) }
-      end)
+                     lambda do |key, value, environment_keys|
+                       { key => execute(value, environment_keys) }
+                     end,
+                     lambda do |key, value, environment_key|
+                       { key => (ENV[environment_key] || value) }
+                     end)
   end
 end
 end

data/lib/chamber/filters/failed_decryption_filter.rb

@@ -0,0 +1,41 @@
+require 'chamber/errors/decryption_failure'
+
+module  Chamber
+module  Filters
+class   FailedDecryptionFilter
+  SECURE_KEY_TOKEN      = /\A_secure_/
+  BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9\+/]{342}==\z}
+
+  def initialize(options = {})
+    self.data = options.fetch(:data).dup
+  end
+
+  def self.execute(options = {})
+    new(options).send(:execute)
+  end
+
+  protected
+
+  attr_accessor :data
+
+  def execute(raw_data = data)
+    settings = raw_data
+
+    raw_data.each_pair do |key, value|
+      if value.respond_to? :each_pair
+        execute(value)
+      elsif key.match(SECURE_KEY_TOKEN) &&
+            value.respond_to?(:match)   &&
+            value.match(BASE64_STRING_PATTERN)
+
+        fail Chamber::Errors::DecryptionFailure,
+             "Failed to decrypt #{key} (with an encrypted value of '#{value}') " \
+             'in your settings.'
+      end
+    end
+
+    settings
+  end
+end
+end
+end

data/lib/chamber/filters/namespace_filter.rb

@@ -9,7 +9,7 @@ class   NamespaceFilter
   end
 
   def self.execute(options = {})
-    self.new(options).send(:execute)
+    new(options).send(:execute)
   end
 
   protected

data/lib/chamber/filters/secure_filter.rb

@@ -3,14 +3,14 @@ require 'hashie/mash'
 module  Chamber
 module  Filters
 class   SecureFilter
-  SECURE_KEY_TOKEN = %r{\A_secure_}
+  SECURE_KEY_TOKEN = /\A_secure_/
 
   def initialize(options = {})
     self.data = Hashie::Mash.new(options.fetch(:data))
   end
 
   def self.execute(options = {})
-    self.new(options).send(:execute)
+    new(options).send(:execute)
   end
 
   protected
@@ -24,9 +24,7 @@ class   SecureFilter
       secure_value  = if value.respond_to? :each_pair
                         execute(value)
                       elsif key.respond_to? :match
-                        if key.match(SECURE_KEY_TOKEN)
-                          value
-                        end
+                        value if key.match(SECURE_KEY_TOKEN)
                       end
 
       settings[key] = secure_value unless secure_value.nil?

data/lib/chamber/filters/translate_secure_keys_filter.rb

@@ -1,17 +1,16 @@
 require 'hashie/mash'
-require 'chamber/errors/undecryptable_value_error'
 
 module  Chamber
 module  Filters
 class   TranslateSecureKeysFilter
-  SECURE_KEY_TOKEN = %r{\A_secure_}
+  SECURE_KEY_TOKEN = /\A_secure_/
 
   def initialize(options = {})
     self.data = options.fetch(:data).dup
   end
 
   def self.execute(options = {})
-    self.new(options).send(:execute)
+    new(options).send(:execute)
   end
 
   protected
@@ -22,33 +21,15 @@ class   TranslateSecureKeysFilter
     settings = Hashie::Mash.new
 
     raw_data.each_pair do |key, value|
-      if value.respond_to? :each_pair
-        value = execute(value)
-      end
-
-      key = key.to_s
-
-      if key.match(SECURE_KEY_TOKEN)
-        key = key.sub(SECURE_KEY_TOKEN, '')
-      end
+      value = execute(value) if value.respond_to? :each_pair
+      key   = key.to_s
+      key   = key.sub(SECURE_KEY_TOKEN, '') if key.match(SECURE_KEY_TOKEN)
 
       settings[key] = value
     end
 
     settings
   end
-
-  def decryption_key=(keyish)
-    return @decryption_key = nil if keyish.nil?
-
-    key_content     = if ::File.readable?(::File.expand_path(keyish))
-                        ::File.read(::File.expand_path(keyish))
-                      else
-                        keyish
-                      end
-
-    @decryption_key = OpenSSL::PKey::RSA.new(key_content)
-  end
 end
 end
 end

data/lib/chamber/namespace_set.rb

@@ -30,7 +30,7 @@ class   NamespaceSet
   # Returns a new NamespaceSet
   #
   def self.[](*namespace_values)
-    self.new(namespace_values)
+    new(namespace_values)
   end
 
   ###
@@ -92,7 +92,7 @@ class   NamespaceSet
   # Returns a Boolean
   #
   def ==(other)
-    self.to_a.eql? other.to_a
+    to_a.eql? other.to_a
   end
 
   ###
@@ -102,8 +102,8 @@ class   NamespaceSet
   # Returns a Boolean
   #
   def eql?(other)
-    other.is_a?(        NamespaceSet)  &&
-    self.namespaces  == other.namespaces
+    other.is_a?(NamespaceSet)  &&
+    namespaces  == other.namespaces
   end
 
   protected
@@ -151,8 +151,8 @@ class   NamespaceSet
   #
   def namespaces
     @namespaces ||= Set.new namespace_values.map do |value|
-                      (value.respond_to?(:call) ? value.call : value).to_s
-                    end
+      (value.respond_to?(:call) ? value.call : value).to_s
+    end
   end
 
   def raw_namespaces=(raw_namespaces)

data/lib/chamber/rails.rb

@@ -1,3 +1 @@
-if defined?(::Rails)
-  require 'chamber/rails/railtie'
-end
+require 'chamber/rails/railtie' if defined?(::Rails)

data/lib/chamber/rails/railtie.rb

@@ -1,10 +1,13 @@
+require 'socket'
+
 module  Chamber
 module  Rails
 class   Railtie < ::Rails::Railtie
   initializer 'chamber.load', before: :load_environment_config do
-    Chamber.load( :basepath   => ::Rails.root.join('config'),
-                  :namespaces => {
-                    :environment => -> { ::Rails.env } })
+    Chamber.load(basepath:   ::Rails.root.join('config'),
+                 namespaces: {
+                   environment: -> { ::Rails.env },
+                   hostname:    -> { Socket.gethostname } })
   end
 end
 end

data/lib/chamber/settings.rb

@@ -8,13 +8,13 @@ require 'chamber/filters/boolean_conversion_filter'
 require 'chamber/filters/secure_filter'
 require 'chamber/filters/translate_secure_keys_filter'
 require 'chamber/filters/insecure_filter'
+require 'chamber/filters/failed_decryption_filter'
 
 ###
 # Internal: Represents the base settings storage needed for Chamber.
 #
 module  Chamber
 class   Settings
-
   attr_reader :namespaces
 
   def initialize(options = {})
@@ -23,14 +23,15 @@ class   Settings
     self.decryption_key   = options[:decryption_key]
     self.encryption_key   = options[:encryption_key]
     self.pre_filters      = options[:pre_filters]     ||  [
-                                                            Filters::NamespaceFilter,
-                                                          ]
+      Filters::NamespaceFilter,
+    ]
     self.post_filters     = options[:post_filters]    ||  [
-                                                            Filters::DecryptionFilter,
-                                                            Filters::TranslateSecureKeysFilter,
-                                                            Filters::EnvironmentFilter,
-                                                            Filters::BooleanConversionFilter,
-                                                          ]
+      Filters::DecryptionFilter,
+      Filters::EnvironmentFilter,
+      Filters::FailedDecryptionFilter,
+      Filters::BooleanConversionFilter,
+      Filters::TranslateSecureKeysFilter,
+    ]
   end
 
   ###
@@ -81,7 +82,7 @@ class   Settings
     concatenated_name_hash = to_concatenated_name_hash(hierarchical_separator)
 
     pairs = concatenated_name_hash.to_a.map do |key, value|
-      %Q{#{key.upcase}#{name_value_separator}#{value_surrounder}#{value}#{value_surrounder}}
+      "#{key.upcase}#{name_value_separator}#{value_surrounder}#{value}#{value_surrounder}"
     end
 
     pairs.join(pair_separator)
@@ -131,7 +132,8 @@ class   Settings
       flattened_name_components = parent_keys.dup.push(key)
 
       if value.respond_to?(:each_pair)
-        flattened_name_hash.merge! to_flattened_name_hash(value, flattened_name_components)
+        flattened_name_hash.merge! to_flattened_name_hash(value,
+                                                          flattened_name_components)
       else
         flattened_name_hash[flattened_name_components] = value
       end
@@ -194,7 +196,7 @@ class   Settings
   # Returns a Boolean
   #
   def ==(other)
-    self.to_hash == other.to_hash
+    to_hash == other.to_hash
   end
 
   ###
@@ -203,29 +205,29 @@ class   Settings
   # Returns a Boolean
   #
   def eql?(other)
-    other.is_a?(        Chamber::Settings)  &&
-    self.data        == other.data          &&
-    self.namespaces  == other.namespaces
+    other.is_a?(Chamber::Settings)  &&
+    data        == other.data          &&
+    namespaces  == other.namespaces
   end
 
   def securable
-    Settings.new( metadata.merge(
-                    settings:     raw_data,
-                    pre_filters:  [Filters::SecureFilter]))
+    Settings.new(metadata.merge(
+                    settings:    raw_data,
+                    pre_filters: [Filters::SecureFilter]))
   end
 
   def secure
-    Settings.new( metadata.merge(
+    Settings.new(metadata.merge(
                     settings:     raw_data,
                     pre_filters:  [Filters::EncryptionFilter],
-                    post_filters: [Filters::TranslateSecureKeysFilter] ))
+                    post_filters: [Filters::TranslateSecureKeysFilter]))
   end
 
   def insecure
-    Settings.new( metadata.merge(
+    Settings.new(metadata.merge(
                     settings:     raw_data,
                     pre_filters:  [Filters::InsecureFilter],
-                    post_filters: [Filters::TranslateSecureKeysFilter] ))
+                    post_filters: [Filters::TranslateSecureKeysFilter]))
   end
 
   protected
@@ -245,24 +247,24 @@ class   Settings
   end
 
   def raw_data
-    @filtered_raw_data  ||= pre_filters.reduce(@raw_data) do |filtered_data, filter|
-                              filter.execute({data: filtered_data}.
-                                              merge(metadata))
-                            end
+    @filtered_raw_data ||= pre_filters.reduce(@raw_data) do |filtered_data, filter|
+      filter.execute({ data: filtered_data }.
+                     merge(metadata))
+    end
   end
 
   def data
-    @data               ||= post_filters.reduce(raw_data) do |filtered_data, filter|
-                              filter.execute({data: filtered_data}.
-                                              merge(metadata))
-                            end
+    @data ||= post_filters.reduce(raw_data) do |filtered_data, filter|
+      filter.execute({ data: filtered_data }.
+                     merge(metadata))
+    end
   end
 
   def metadata
     {
-      namespaces:     self.namespaces,
-      decryption_key: self.decryption_key,
-      encryption_key: self.encryption_key,
+      namespaces:     namespaces,
+      decryption_key: decryption_key,
+      encryption_key: encryption_key,
     }
   end
 

data/lib/chamber/version.rb

@@ -1,3 +1,3 @@
 module Chamber
-  VERSION = '2.4.0'
+  VERSION = '2.7.1'
 end

data/spec/fixtures/settings.yml

@@ -14,6 +14,7 @@ development:
       a_scalar: hello
 test:
   my_setting: my_value
+  _secure_my_secure_settings: 'M3yI2fIHsfD+zznsvO3FB/ryCwvvdQQ9ZXPQlTIR6Y9vtzNFAeRAxZpSyYUdOpeMDkWQSo5ZVLseM20iTh1YpNCjzd7D0bT4O9aBskYBE92b4ioYPAPSZ3NcvA1pGa6A/hWGo3iJZK1t96mGrfxy2mSFFqGHQbj4ix6D7PpCfVkjuUMp3NG3XjgGhmynK88XENWXBQfgxdfwylZZSQTm058BubkuM5MXgf4WGL3qWo+wWk9AOwjohAGq3UAf5Q341g/OlPGbCV3rBPTnlm866N8aAsHtppg5HwbknaySpLMPcv0KhUGC/bEPgbm3tuG7JZKsoqvDmWr/I+LjVi/LKg=='
   my_boolean: 'false'
   my_dynamic_setting: 2
   another_level:

data/spec/lib/chamber/commands/files_spec.rb

@@ -5,8 +5,10 @@ module    Chamber
 module    Commands
 describe  Files do
   let(:rootpath) { ::File.expand_path('./spec/fixtures') }
-  let(:options)  { {  basepath: rootpath,
-                      rootpath: rootpath } }
+  let(:options)  do
+    {  basepath: rootpath,
+       rootpath: rootpath }
+  end
 
   it 'can return values formatted as environment variables' do
     files = Files.call(options)

data/spec/lib/chamber/commands/secure_spec.rb

@@ -8,10 +8,12 @@ describe  Secure do
   let(:rootpath)           { Pathname.new(::File.expand_path('./spec/fixtures')) }
   let(:settings_directory) { rootpath + 'settings' }
   let(:settings_filename)  { settings_directory + 'unencrypted.yml' }
-  let(:options)            { { basepath:       rootpath,
-                               rootpath:       rootpath,
-                               encryption_key: rootpath + '../spec_key',
-                               shell:          double.as_null_object } }
+  let(:options)            do
+    { basepath:       rootpath,
+      rootpath:       rootpath,
+      encryption_key: rootpath + '../spec_key',
+      shell:          double.as_null_object }
+  end
 
   before(:each) do
     ::FileUtils.mkdir_p settings_directory unless ::File.exist? settings_directory
@@ -29,7 +31,8 @@ HEREDOC
 
     Secure.call(options)
 
-    expect(settings_filename.read).to match %r{_secure_my_unencrpyted_setting: [A-Za-z0-9\+\/]{342}==}
+    expect(settings_filename.read).
+    to match %r{_secure_my_unencrpyted_setting: [A-Za-z0-9\+\/]{342}==}
   end
 end
 end