chamber 2.4.0 → 2.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (60) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +16 -930
  3. data/Rakefile +6 -0
  4. data/lib/chamber.rb +11 -7
  5. data/lib/chamber/binary/heroku.rb +45 -25
  6. data/lib/chamber/binary/runner.rb +82 -44
  7. data/lib/chamber/binary/travis.rb +14 -8
  8. data/lib/chamber/commands/base.rb +1 -2
  9. data/lib/chamber/commands/comparable.rb +0 -1
  10. data/lib/chamber/commands/compare.rb +1 -1
  11. data/lib/chamber/commands/files.rb +0 -1
  12. data/lib/chamber/commands/heroku.rb +2 -3
  13. data/lib/chamber/commands/heroku/push.rb +1 -1
  14. data/lib/chamber/commands/initialize.rb +69 -12
  15. data/lib/chamber/commands/securable.rb +9 -4
  16. data/lib/chamber/commands/secure.rb +1 -1
  17. data/lib/chamber/commands/show.rb +20 -4
  18. data/lib/chamber/commands/travis.rb +0 -1
  19. data/lib/chamber/configuration.rb +5 -5
  20. data/lib/chamber/context_resolver.rb +12 -12
  21. data/lib/chamber/decryption_key.rb +51 -0
  22. data/lib/chamber/environmentable.rb +4 -1
  23. data/lib/chamber/errors/decryption_failure.rb +6 -0
  24. data/lib/chamber/file.rb +7 -8
  25. data/lib/chamber/file_set.rb +23 -22
  26. data/lib/chamber/filters/boolean_conversion_filter.rb +1 -2
  27. data/lib/chamber/filters/decryption_filter.rb +42 -25
  28. data/lib/chamber/filters/encryption_filter.rb +7 -5
  29. data/lib/chamber/filters/environment_filter.rb +7 -7
  30. data/lib/chamber/filters/failed_decryption_filter.rb +41 -0
  31. data/lib/chamber/filters/namespace_filter.rb +1 -1
  32. data/lib/chamber/filters/secure_filter.rb +3 -5
  33. data/lib/chamber/filters/translate_secure_keys_filter.rb +5 -24
  34. data/lib/chamber/namespace_set.rb +6 -6
  35. data/lib/chamber/rails.rb +1 -3
  36. data/lib/chamber/rails/railtie.rb +6 -3
  37. data/lib/chamber/settings.rb +34 -32
  38. data/lib/chamber/version.rb +1 -1
  39. data/spec/fixtures/settings.yml +1 -0
  40. data/spec/lib/chamber/commands/files_spec.rb +4 -2
  41. data/spec/lib/chamber/commands/secure_spec.rb +8 -5
  42. data/spec/lib/chamber/commands/show_spec.rb +18 -3
  43. data/spec/lib/chamber/context_resolver_spec.rb +38 -18
  44. data/spec/lib/chamber/file_set_spec.rb +73 -52
  45. data/spec/lib/chamber/file_spec.rb +37 -23
  46. data/spec/lib/chamber/filters/boolean_conversion_filter_spec.rb +35 -33
  47. data/spec/lib/chamber/filters/decryption_filter_spec.rb +142 -21
  48. data/spec/lib/chamber/filters/encryption_filter_spec.rb +51 -19
  49. data/spec/lib/chamber/filters/environment_filter_spec.rb +12 -6
  50. data/spec/lib/chamber/filters/failed_decryption_filter_spec.rb +53 -0
  51. data/spec/lib/chamber/filters/insecure_filter_spec.rb +38 -18
  52. data/spec/lib/chamber/filters/namespace_filter_spec.rb +38 -38
  53. data/spec/lib/chamber/filters/secure_filter_spec.rb +10 -10
  54. data/spec/lib/chamber/filters/translate_secure_keys_filter_spec.rb +9 -6
  55. data/spec/lib/chamber/namespace_set_spec.rb +7 -5
  56. data/spec/lib/chamber/settings_spec.rb +168 -79
  57. data/spec/lib/chamber_spec.rb +72 -71
  58. metadata +22 -21
  59. data/lib/chamber/errors/undecryptable_value_error.rb +0 -6
  60. data/templates/settings.yml +0 -14
@@ -4,42 +4,44 @@ require 'chamber/filters/boolean_conversion_filter'
4
4
  module Chamber
5
5
  module Filters
6
6
  describe BooleanConversionFilter do
7
- it 'can convert string boolean values into TrueClass and FalseClass even if they are deeply nested' do
7
+ it 'can convert string boolean values into TrueClass and FalseClass even if they ' \
8
+ 'are deeply nested' do
9
+
8
10
  filtered_data = BooleanConversionFilter.execute(
9
11
  data: {
10
- true_boolean: 'true',
11
- boolean_group: {
12
- yes_boolean: 'yes',
13
- t_boolean: 't',
14
- non_boolean: 'hello',
15
- sub_boolean_group: {
16
- false_boolean: 'false',
17
- no_boolean: 'no',
18
- nilly: nil,
19
- non_boolean: 3, },
20
- f_boolean: 'f',
21
- non_boolean: Time.utc(2012, 8, 1),
22
- nilly: nil, },
23
- false_boolean: 'false',
24
- nilly: nil,
25
- non_boolean: [1, 2, 3] })
12
+ true_boolean: 'true',
13
+ boolean_group: {
14
+ yes_boolean: 'yes',
15
+ t_boolean: 't',
16
+ non_boolean: 'hello',
17
+ sub_boolean_group: {
18
+ false_boolean: 'false',
19
+ no_boolean: 'no',
20
+ nilly: nil,
21
+ non_boolean: 3 },
22
+ f_boolean: 'f',
23
+ non_boolean: Time.utc(2012, 8, 1),
24
+ nilly: nil },
25
+ false_boolean: 'false',
26
+ nilly: nil,
27
+ non_boolean: [1, 2, 3] })
26
28
 
27
- expect(filtered_data).to eql( true_boolean: true,
28
- boolean_group: {
29
- yes_boolean: true,
30
- t_boolean: true,
31
- non_boolean: 'hello',
32
- sub_boolean_group: {
33
- false_boolean: false,
34
- no_boolean: false,
35
- nilly: nil,
36
- non_boolean: 3, },
37
- f_boolean: false,
38
- non_boolean: Time.utc(2012, 8, 1),
39
- nilly: nil, },
40
- false_boolean: false,
41
- nilly: nil,
42
- non_boolean: [1, 2, 3] )
29
+ expect(filtered_data).to eql(true_boolean: true,
30
+ boolean_group: {
31
+ yes_boolean: true,
32
+ t_boolean: true,
33
+ non_boolean: 'hello',
34
+ sub_boolean_group: {
35
+ false_boolean: false,
36
+ no_boolean: false,
37
+ nilly: nil,
38
+ non_boolean: 3 },
39
+ f_boolean: false,
40
+ non_boolean: Time.utc(2012, 8, 1),
41
+ nilly: nil },
42
+ false_boolean: false,
43
+ nilly: nil,
44
+ non_boolean: [1, 2, 3])
43
45
  end
44
46
  end
45
47
  end
@@ -5,50 +5,171 @@ module Chamber
5
5
  module Filters
6
6
  describe DecryptionFilter do
7
7
  it 'will attempt to decrypt values which are marked as "secure"' do
8
- filtered_settings = DecryptionFilter.execute( data: {
9
- _secure_my_secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==' },
10
- decryption_key: './spec/spec_key' )
8
+ filtered_settings = DecryptionFilter.execute(
9
+ data: {
10
+ _secure_my_secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4m' \
11
+ 'psspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ5' \
12
+ '7m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXz' \
13
+ 'nf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZD' \
14
+ 'wS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXW' \
15
+ 'S7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kK' \
16
+ 'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
17
+ },
18
+ decryption_key: './spec/spec_key')
11
19
 
12
20
  expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
13
21
  end
14
22
 
15
23
  it 'will not attempt to decrypt values which are not marked as "secure"' do
16
- filtered_settings = DecryptionFilter.execute( data: {
17
- my_secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==' },
18
- decryption_key: './spec/spec_key' )
24
+ filtered_settings = DecryptionFilter.execute(
25
+ data: {
26
+ my_secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4m' \
27
+ 'psspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ5' \
28
+ '7m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXz' \
29
+ 'nf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZD' \
30
+ 'wS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXW' \
31
+ 'S7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kK' \
32
+ 'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==' },
33
+ decryption_key: './spec/spec_key')
19
34
 
20
- expect(filtered_settings.my_secure_setting).to eql 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
35
+ my_secure_setting = filtered_settings.my_secure_setting
36
+
37
+ expect(my_secure_setting).to eql 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYT' \
38
+ 'haV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJU' \
39
+ 'd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4L' \
40
+ 'DGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9Dj' \
41
+ 'kBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lr' \
42
+ 'mQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBf' \
43
+ 'v5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1' \
44
+ '+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
21
45
  end
22
46
 
23
47
  it 'will not attempt to decrypt values even if they are prefixed with "secure"' do
24
- filtered_settings = DecryptionFilter.execute( data: {
25
- secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==' },
26
- decryption_key: './spec/spec_key' )
48
+ filtered_settings = DecryptionFilter.execute(
49
+ data: {
50
+ secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBt' \
51
+ 'mjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/em' \
52
+ 'EAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9Djk' \
53
+ 'Bb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxs' \
54
+ 'WVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKT' \
55
+ 'cdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
56
+ },
57
+ decryption_key: './spec/spec_key')
58
+
59
+ secure_setting = filtered_settings.secure_setting
27
60
 
28
- expect(filtered_settings.secure_setting).to eql 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
61
+ expect(secure_setting).to eql 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4m' \
62
+ 'psspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ5' \
63
+ '7m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXz' \
64
+ 'nf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZD' \
65
+ 'wS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXW' \
66
+ 'S7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kK' \
67
+ 'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
29
68
  end
30
69
 
31
70
  it 'will not attempt to decrypt values even if they are not properly encoded' do
32
- filtered_settings = DecryptionFilter.execute( data: {
33
- _secure_my_secure_setting: 'cJbFe0NI5\wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==' },
34
- decryption_key: './spec/spec_key' )
71
+ filtered_settings = DecryptionFilter.execute(
72
+ data: {
73
+ _secure_my_secure_setting: 'cJbFe0NI5\wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4' \
74
+ 'mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ' \
75
+ '57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfX' \
76
+ 'znf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZ' \
77
+ 'DwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNX' \
78
+ 'WS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1k' \
79
+ 'KTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
80
+ },
81
+ decryption_key: './spec/spec_key')
35
82
 
36
- expect(filtered_settings._secure_my_secure_setting).to eql 'cJbFe0NI5\wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
83
+ my_secure_setting = filtered_settings._secure_my_secure_setting
84
+
85
+ expect(my_secure_setting).to eql 'cJbFe0NI5\wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4' \
86
+ 'mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ' \
87
+ '57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfX' \
88
+ 'znf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZ' \
89
+ 'DwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNX' \
90
+ 'WS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1k' \
91
+ 'KTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
37
92
  end
38
93
 
39
94
  it 'will not attempt to decrypt values if it guesses that they are not encrpyted' do
40
- filtered_settings = DecryptionFilter.execute( data: {
41
- _secure_my_secure_setting: 'hello' },
42
- decryption_key: './spec/spec_key' )
95
+ filtered_settings = DecryptionFilter.execute(data: {
96
+ _secure_my_secure_setting: 'hello' },
97
+ decryption_key: './spec/spec_key')
43
98
 
44
99
  expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
45
100
  end
46
101
 
47
102
  it 'simply returns the encrypted string if there is no decryption key' do
48
- filtered_settings = DecryptionFilter.execute( data: {
49
- _secure_my_secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==' })
103
+ filtered_settings = DecryptionFilter.execute(
104
+ data: {
105
+ _secure_my_secure_setting: 'cJbFe0NI5\wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4' \
106
+ 'mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ' \
107
+ '57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfX' \
108
+ 'znf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZ' \
109
+ 'DwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNX' \
110
+ 'WS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1k' \
111
+ 'KTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
112
+ },
113
+ )
114
+
115
+ my_secure_setting = filtered_settings._secure_my_secure_setting
116
+
117
+ expect(my_secure_setting).to eql 'cJbFe0NI5\wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4' \
118
+ 'mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ' \
119
+ '57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfX' \
120
+ 'znf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZ' \
121
+ 'DwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNX' \
122
+ 'WS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1k' \
123
+ 'KTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
124
+ end
125
+
126
+ it 'can decrypt a complex object' do
127
+ filtered_settings = DecryptionFilter.execute(
128
+ data: {
129
+ _secure_my_secure_setting: 'rF1MIcLX/Q88gjpHTifI27fJHopDKVTJRvOwF2MZ8kVIrvBhFg' \
130
+ 'LOyQ7JEBiWNBh1yUtR6PeKlB+h44sIL3yKMcZyccX73Mo+CiWx' \
131
+ 'mnjtK4I1QxcJL8OSLa8GQPlSBxoBCykWqerwN0b2oS/jv8umB2' \
132
+ 'j2RyANFYklD3mAxn1LsoTuFPAif+SCLRIGafcHkOywM32qn6Hh' \
133
+ 'UpeBChX81JhJpip1gdJmRTGEZjKfR93h1shW0LqLLbdQUwYPOP' \
134
+ 'bnjz7fU7x+d5/ighWTDsmOVyvEiqM0WasFzK+WBUfvo8tQxUym' \
135
+ 'exw/U3B7N/0R/9v6U3l6x7eeIoQ4+lnJK2ULFzVgiw==',
136
+ },
137
+ decryption_key: './spec/spec_key')
50
138
 
51
- expect(filtered_settings._secure_my_secure_setting).to eql 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
139
+ expect(filtered_settings._secure_my_secure_setting).to be_a Integer
140
+ expect(filtered_settings._secure_my_secure_setting).to eql 12_345
141
+ end
142
+
143
+ it 'can decrypt a number that has not been yamlled' do
144
+ filtered_settings = DecryptionFilter.execute(
145
+ data: {
146
+ _secure_my_secure_setting: 'Ieh5poOpcirj1jihkh1eENaCrF8ECQSLOigM4ApTZ8hp4vrL3N' \
147
+ 'KWp3djEkQz0QceopgN8TBJOEj1lqfGGL3Ar5L0SGrIsHt6KOil' \
148
+ 'erEXXH4/e2+s8JFWpdfjCxgn12fv1jqXxNyuMUlYRBD7R+oRNV' \
149
+ 'A5nNpnwiSE7IOBjUEZyzlQUrePVku5CtOs0hfGe+79n6D8zFGT' \
150
+ 'px7UjZg4QVXyHISBM2hAaDOZ0dfxVqbzmvN3B68xbuIty5vyv1' \
151
+ '+Ry2k+yIGJXIOjNm96ntDxIuUbycfrqYdtopBDI5kcr0zckPWM' \
152
+ 'QRqkp7yd/XNZqyYCFGMNKNwokE6wZuGffkD/H/VPxQ==',
153
+ },
154
+ decryption_key: './spec/spec_key')
155
+
156
+ expect(filtered_settings._secure_my_secure_setting).to eql '12345'
157
+ end
158
+
159
+ it 'can decrypt a string that has not been yamlled' do
160
+ filtered_settings = DecryptionFilter.execute(
161
+ data: {
162
+ _secure_my_secure_setting: 'V2ifd6KwfGK8zW7K87ypHiA89UvVqsAX3961dR/B5ensruVFi5' \
163
+ 'KydFR1KxPQHxInhVl4GIvpBCwczK1mMZ61NGVISK04tg90R52/' \
164
+ 'ue0s4V9v01h1wTnahrkRGFyKk4iiQwsluuXGaW4gBFayaKOs77' \
165
+ 'HL/fMBY985akz8lv/8secg2U66YWeIHblJ2OKdNELaEFZKXWyw' \
166
+ 'PxXEMPckAnbJB6liwFNjbY1y0WH6oiP/OzoiOGzGeuUr2P8IfW' \
167
+ '8JIedOuy4JV4Y46QPvu4zCZhDgNa4dTCdOTA/oEd5+GLhuoSiC' \
168
+ '87k/vbURwhqs1fmyXUJpUaDg3x4quTDZ6uBTG0Qu/A==',
169
+ },
170
+ decryption_key: './spec/spec_key')
171
+
172
+ expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
52
173
  end
53
174
  end
54
175
  end
@@ -5,43 +5,75 @@ module Chamber
5
5
  module Filters
6
6
  describe EncryptionFilter do
7
7
  it 'will attempt to encrypt values which are marked as "secure"' do
8
- filtered_settings = EncryptionFilter.execute( data: {
9
- _secure_my_secure_setting: 'hello' },
10
- encryption_key: './spec/spec_key.pub' )
8
+ filtered_settings = EncryptionFilter.execute(
9
+ data: {
10
+ _secure_my_secure_setting: 'hello' },
11
+ encryption_key: './spec/spec_key.pub')
11
12
 
12
- expect(filtered_settings._secure_my_secure_setting).to match EncryptionFilter::BASE64_STRING_PATTERN
13
+ expect(filtered_settings._secure_my_secure_setting).to match \
14
+ EncryptionFilter::BASE64_STRING_PATTERN
13
15
  end
14
16
 
15
17
  it 'will not attempt to encrypt values which are not marked as "secure"' do
16
- filtered_settings = EncryptionFilter.execute( data: {
17
- my_secure_setting: 'hello' },
18
- encryption_key: './spec/spec_key.pub' )
18
+ filtered_settings = EncryptionFilter.execute(
19
+ data: {
20
+ my_secure_setting: 'hello' },
21
+ encryption_key: './spec/spec_key.pub')
19
22
 
20
23
  expect(filtered_settings.my_secure_setting).to eql 'hello'
21
24
  end
22
25
 
23
26
  it 'will not attempt to encrypt values even if they are prefixed with "secure"' do
24
- filtered_settings = EncryptionFilter.execute( data: {
25
- secure_setting: 'hello' },
26
- encryption_key: './spec/spec_key.pub' )
27
+ filtered_settings = EncryptionFilter.execute(
28
+ data: {
29
+ secure_setting: 'hello' },
30
+ encryption_key: './spec/spec_key.pub')
27
31
 
28
32
  expect(filtered_settings.secure_setting).to eql 'hello'
29
33
  end
30
34
 
31
35
  it 'will attempt to encrypt values if they are not properly encoded' do
32
- filtered_settings = EncryptionFilter.execute( data: {
33
- _secure_my_secure_setting: 'fNI5\jwlBn' },
34
- encryption_key: './spec/spec_key.pub' )
36
+ filtered_settings = EncryptionFilter.execute(
37
+ data: {
38
+ _secure_my_secure_setting: 'fNI5\jwlBn' },
39
+ encryption_key: './spec/spec_key.pub')
35
40
 
36
- expect(filtered_settings._secure_my_secure_setting).to match EncryptionFilter::BASE64_STRING_PATTERN
41
+ expect(filtered_settings._secure_my_secure_setting).to match \
42
+ EncryptionFilter::BASE64_STRING_PATTERN
37
43
  end
38
44
 
39
- it 'will not attempt to encrypt values if it guesses that they are already encrpyted' do
40
- filtered_settings = EncryptionFilter.execute( data: {
41
- _secure_my_secure_setting: 'fNI5wlBniNhEU4396pmhWwx+A09bRAMJOUASuP7PzprewBX8CXYqL+v/uXOJpIRCLDjwe8quuC+j9iLcPU7HBRMr054gGxeqZexbLevXcPk7SrMis3qeEKmnAuarQGXe7ZAntidMY9Lx4pqSkhYXwQnI48d2Dh44qfaS9w2OrehSkpdFRnuxQeOpCKO/bleB0J88WGkytCohyHCRIpbaEjEC3UD52pnqMeu/ClNm+PBgE6Ci94pu5UUnZuIE/y+P4A3wgD6G/u8hgvAW51JwVryg/im1rayGAwWYNgupQ/5LDmjffwx7Q3fyMH2uF3CDIKRIC6U+mnM5SRMO4Dzysw==' },
42
- encryption_key: './spec/spec_key.pub' )
45
+ it 'will attempt to encrypt values if they are numbers' do
46
+ filtered_settings = EncryptionFilter.execute(data: {
47
+ _secure_my_secure_setting: 12_345 },
48
+ encryption_key: './spec/spec_key.pub')
43
49
 
44
- expect(filtered_settings._secure_my_secure_setting).to eql 'fNI5wlBniNhEU4396pmhWwx+A09bRAMJOUASuP7PzprewBX8CXYqL+v/uXOJpIRCLDjwe8quuC+j9iLcPU7HBRMr054gGxeqZexbLevXcPk7SrMis3qeEKmnAuarQGXe7ZAntidMY9Lx4pqSkhYXwQnI48d2Dh44qfaS9w2OrehSkpdFRnuxQeOpCKO/bleB0J88WGkytCohyHCRIpbaEjEC3UD52pnqMeu/ClNm+PBgE6Ci94pu5UUnZuIE/y+P4A3wgD6G/u8hgvAW51JwVryg/im1rayGAwWYNgupQ/5LDmjffwx7Q3fyMH2uF3CDIKRIC6U+mnM5SRMO4Dzysw=='
50
+ expect(filtered_settings._secure_my_secure_setting).to match \
51
+ EncryptionFilter::BASE64_STRING_PATTERN
52
+ end
53
+
54
+ it 'will not attempt to encrypt values if it guesses that they are already encrypted' do
55
+ filtered_settings = EncryptionFilter.execute(
56
+ data: {
57
+ _secure_my_secure_setting: 'fNI5wlBniNhEU4396pmhWwx+A09bRAMJOUASuP7PzprewBX8C' \
58
+ 'XYqL+v/uXOJpIRCLDjwe8quuC+j9iLcPU7HBRMr054gGxeqZe' \
59
+ 'xbLevXcPk7SrMis3qeEKmnAuarQGXe7ZAntidMY9Lx4pqSkhY' \
60
+ 'XwQnI48d2Dh44qfaS9w2OrehSkpdFRnuxQeOpCKO/bleB0J88' \
61
+ 'WGkytCohyHCRIpbaEjEC3UD52pnqMeu/ClNm+PBgE6Ci94pu5' \
62
+ 'UUnZuIE/y+P4A3wgD6G/u8hgvAW51JwVryg/im1rayGAwWYNg' \
63
+ 'upQ/5LDmjffwx7Q3fyMH2uF3CDIKRIC6U+mnM5SRMO4Dzysw==',
64
+ },
65
+ encryption_key: './spec/spec_key.pub')
66
+
67
+ my_secure_setting = filtered_settings._secure_my_secure_setting
68
+
69
+ expect(my_secure_setting).to eql 'fNI5wlBniNhEU4396pmhWwx+A09bRAMJOUASuP7Pzprew' \
70
+ 'BX8CXYqL+v/uXOJpIRCLDjwe8quuC+j9iLcPU7HBRMr05' \
71
+ '4gGxeqZexbLevXcPk7SrMis3qeEKmnAuarQGXe7ZAntid' \
72
+ 'MY9Lx4pqSkhYXwQnI48d2Dh44qfaS9w2OrehSkpdFRnux' \
73
+ 'QeOpCKO/bleB0J88WGkytCohyHCRIpbaEjEC3UD52pnqM' \
74
+ 'eu/ClNm+PBgE6Ci94pu5UUnZuIE/y+P4A3wgD6G/u8hgv' \
75
+ 'AW51JwVryg/im1rayGAwWYNgupQ/5LDmjffwx7Q3fyMH2' \
76
+ 'uF3CDIKRIC6U+mnM5SRMO4Dzysw=='
45
77
  end
46
78
  end
47
79
  end
@@ -4,15 +4,19 @@ require 'chamber/filters/environment_filter'
4
4
  module Chamber
5
5
  module Filters
6
6
  describe EnvironmentFilter do
7
- it 'can extract data from the environment if an existing variable matches the composite key' do
7
+ it 'can extract data from the environment if an existing variable matches the ' \
8
+ 'composite key' do
9
+
8
10
  ENV['TEST_SETTING_GROUP_TEST_SETTING_LEVEL_TEST_SETTING'] = 'value 2'
9
11
 
10
12
  filtered_data = EnvironmentFilter.execute(data: {
11
13
  test_setting_group: {
12
14
  test_setting_level: {
13
- test_setting: 'value 1' }}})
15
+ test_setting: 'value 1' } } })
16
+
17
+ test_setting = filtered_data.test_setting_group.test_setting_level.test_setting
14
18
 
15
- expect(filtered_data.test_setting_group.test_setting_level.test_setting).to eql 'value 2'
19
+ expect(test_setting).to eql 'value 2'
16
20
 
17
21
  ENV.delete('TEST_SETTING_GROUP_TEST_SETTING_LEVEL_TEST_SETTING')
18
22
  end
@@ -23,10 +27,12 @@ describe EnvironmentFilter do
23
27
  filtered_data = EnvironmentFilter.execute(data: {
24
28
  test_setting_group: {
25
29
  test_setting_level: {
26
- test_setting: 'value 1',
27
- another_setting: 'value 3', }}})
30
+ test_setting: 'value 1',
31
+ another_setting: 'value 3' } } })
32
+
33
+ another_setting = filtered_data.test_setting_group.test_setting_level.another_setting
28
34
 
29
- expect(filtered_data.test_setting_group.test_setting_level.another_setting).to eql 'value 3'
35
+ expect(another_setting).to eql 'value 3'
30
36
 
31
37
  ENV.delete('TEST_SETTING_GROUP_TEST_SETTING_LEVEL_TEST_SETTING')
32
38
  end
@@ -0,0 +1,53 @@
1
+ require 'rspectacular'
2
+ require 'chamber/filters/failed_decryption_filter'
3
+
4
+ module Chamber
5
+ module Filters
6
+ describe FailedDecryptionFilter do
7
+ it 'raises an exception if any of the settings are not decrypted' do
8
+ expect do
9
+ FailedDecryptionFilter.execute(
10
+ data: {
11
+ _secure_my_secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4m' \
12
+ 'psspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ5' \
13
+ '7m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXz' \
14
+ 'nf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZD' \
15
+ 'wS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXW' \
16
+ 'S7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kK' \
17
+ 'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
18
+ },
19
+ )
20
+ end.
21
+ to raise_error Chamber::Errors::DecryptionFailure
22
+ end
23
+
24
+ it 'does not raise an exception if it is not a secure key' do
25
+ expect do
26
+ FailedDecryptionFilter.execute(
27
+ data: {
28
+ my_secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4m' \
29
+ 'psspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ5' \
30
+ '7m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXz' \
31
+ 'nf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZD' \
32
+ 'wS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXW' \
33
+ 'S7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kK' \
34
+ 'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
35
+ },
36
+ )
37
+ end.
38
+ not_to raise_error
39
+ end
40
+
41
+ it 'does not raise an exception if it is not a secure value' do
42
+ expect do
43
+ FailedDecryptionFilter.execute(
44
+ data: {
45
+ _secure_my_secure_setting: 'hello',
46
+ },
47
+ )
48
+ end.
49
+ not_to raise_error
50
+ end
51
+ end
52
+ end
53
+ end