chamber 2.4.0 → 2.7.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (60) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +16 -930
  3. data/Rakefile +6 -0
  4. data/lib/chamber.rb +11 -7
  5. data/lib/chamber/binary/heroku.rb +45 -25
  6. data/lib/chamber/binary/runner.rb +82 -44
  7. data/lib/chamber/binary/travis.rb +14 -8
  8. data/lib/chamber/commands/base.rb +1 -2
  9. data/lib/chamber/commands/comparable.rb +0 -1
  10. data/lib/chamber/commands/compare.rb +1 -1
  11. data/lib/chamber/commands/files.rb +0 -1
  12. data/lib/chamber/commands/heroku.rb +2 -3
  13. data/lib/chamber/commands/heroku/push.rb +1 -1
  14. data/lib/chamber/commands/initialize.rb +69 -12
  15. data/lib/chamber/commands/securable.rb +9 -4
  16. data/lib/chamber/commands/secure.rb +1 -1
  17. data/lib/chamber/commands/show.rb +20 -4
  18. data/lib/chamber/commands/travis.rb +0 -1
  19. data/lib/chamber/configuration.rb +5 -5
  20. data/lib/chamber/context_resolver.rb +12 -12
  21. data/lib/chamber/decryption_key.rb +51 -0
  22. data/lib/chamber/environmentable.rb +4 -1
  23. data/lib/chamber/errors/decryption_failure.rb +6 -0
  24. data/lib/chamber/file.rb +7 -8
  25. data/lib/chamber/file_set.rb +23 -22
  26. data/lib/chamber/filters/boolean_conversion_filter.rb +1 -2
  27. data/lib/chamber/filters/decryption_filter.rb +42 -25
  28. data/lib/chamber/filters/encryption_filter.rb +7 -5
  29. data/lib/chamber/filters/environment_filter.rb +7 -7
  30. data/lib/chamber/filters/failed_decryption_filter.rb +41 -0
  31. data/lib/chamber/filters/namespace_filter.rb +1 -1
  32. data/lib/chamber/filters/secure_filter.rb +3 -5
  33. data/lib/chamber/filters/translate_secure_keys_filter.rb +5 -24
  34. data/lib/chamber/namespace_set.rb +6 -6
  35. data/lib/chamber/rails.rb +1 -3
  36. data/lib/chamber/rails/railtie.rb +6 -3
  37. data/lib/chamber/settings.rb +34 -32
  38. data/lib/chamber/version.rb +1 -1
  39. data/spec/fixtures/settings.yml +1 -0
  40. data/spec/lib/chamber/commands/files_spec.rb +4 -2
  41. data/spec/lib/chamber/commands/secure_spec.rb +8 -5
  42. data/spec/lib/chamber/commands/show_spec.rb +18 -3
  43. data/spec/lib/chamber/context_resolver_spec.rb +38 -18
  44. data/spec/lib/chamber/file_set_spec.rb +73 -52
  45. data/spec/lib/chamber/file_spec.rb +37 -23
  46. data/spec/lib/chamber/filters/boolean_conversion_filter_spec.rb +35 -33
  47. data/spec/lib/chamber/filters/decryption_filter_spec.rb +142 -21
  48. data/spec/lib/chamber/filters/encryption_filter_spec.rb +51 -19
  49. data/spec/lib/chamber/filters/environment_filter_spec.rb +12 -6
  50. data/spec/lib/chamber/filters/failed_decryption_filter_spec.rb +53 -0
  51. data/spec/lib/chamber/filters/insecure_filter_spec.rb +38 -18
  52. data/spec/lib/chamber/filters/namespace_filter_spec.rb +38 -38
  53. data/spec/lib/chamber/filters/secure_filter_spec.rb +10 -10
  54. data/spec/lib/chamber/filters/translate_secure_keys_filter_spec.rb +9 -6
  55. data/spec/lib/chamber/namespace_set_spec.rb +7 -5
  56. data/spec/lib/chamber/settings_spec.rb +168 -79
  57. data/spec/lib/chamber_spec.rb +72 -71
  58. metadata +22 -21
  59. data/lib/chamber/errors/undecryptable_value_error.rb +0 -6
  60. data/templates/settings.yml +0 -14
data/spec/lib/chamber/filters/boolean_conversion_filter_spec.rb CHANGED
@@ -4,42 +4,44 @@ require 'chamber/filters/boolean_conversion_filter'
4
4
  module Chamber
5
5
  module Filters
6
6
  describe BooleanConversionFilter do
7
- it 'can convert string boolean values into TrueClass and FalseClass even if they are deeply nested' do
7
+ it 'can convert string boolean values into TrueClass and FalseClass even if they ' \
8
+ 'are deeply nested' do
9
+
8
10
  filtered_data = BooleanConversionFilter.execute(
9
11
  data: {
10
- true_boolean: 'true',
11
- boolean_group: {
12
- yes_boolean: 'yes',
13
- t_boolean: 't',
14
- non_boolean: 'hello',
15
- sub_boolean_group: {
16
- false_boolean: 'false',
17
- no_boolean: 'no',
18
- nilly: nil,
19
- non_boolean: 3, },
20
- f_boolean: 'f',
21
- non_boolean: Time.utc(2012, 8, 1),
22
- nilly: nil, },
23
- false_boolean: 'false',
24
- nilly: nil,
25
- non_boolean: [1, 2, 3] })
12
+ true_boolean: 'true',
13
+ boolean_group: {
14
+ yes_boolean: 'yes',
15
+ t_boolean: 't',
16
+ non_boolean: 'hello',
17
+ sub_boolean_group: {
18
+ false_boolean: 'false',
19
+ no_boolean: 'no',
20
+ nilly: nil,
21
+ non_boolean: 3 },
22
+ f_boolean: 'f',
23
+ non_boolean: Time.utc(2012, 8, 1),
24
+ nilly: nil },
25
+ false_boolean: 'false',
26
+ nilly: nil,
27
+ non_boolean: [1, 2, 3] })
26
28
 
27
- expect(filtered_data).to eql( true_boolean: true,
28
- boolean_group: {
29
- yes_boolean: true,
30
- t_boolean: true,
31
- non_boolean: 'hello',
32
- sub_boolean_group: {
33
- false_boolean: false,
34
- no_boolean: false,
35
- nilly: nil,
36
- non_boolean: 3, },
37
- f_boolean: false,
38
- non_boolean: Time.utc(2012, 8, 1),
39
- nilly: nil, },
40
- false_boolean: false,
41
- nilly: nil,
42
- non_boolean: [1, 2, 3] )
29
+ expect(filtered_data).to eql(true_boolean: true,
30
+ boolean_group: {
31
+ yes_boolean: true,
32
+ t_boolean: true,
33
+ non_boolean: 'hello',
34
+ sub_boolean_group: {
35
+ false_boolean: false,
36
+ no_boolean: false,
37
+ nilly: nil,
38
+ non_boolean: 3 },
39
+ f_boolean: false,
40
+ non_boolean: Time.utc(2012, 8, 1),
41
+ nilly: nil },
42
+ false_boolean: false,
43
+ nilly: nil,
44
+ non_boolean: [1, 2, 3])
43
45
  end
44
46
  end
45
47
  end
data/spec/lib/chamber/filters/decryption_filter_spec.rb CHANGED
@@ -5,50 +5,171 @@ module Chamber
5
5
  module Filters
6
6
  describe DecryptionFilter do
7
7
  it 'will attempt to decrypt values which are marked as "secure"' do
8
- filtered_settings = DecryptionFilter.execute( data: {
9
- _secure_my_secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==' },
10
- decryption_key: './spec/spec_key' )
8
+ filtered_settings = DecryptionFilter.execute(
9
+ data: {
10
+ _secure_my_secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4m' \
11
+ 'psspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ5' \
12
+ '7m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXz' \
13
+ 'nf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZD' \
14
+ 'wS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXW' \
15
+ 'S7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kK' \
16
+ 'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
17
+ },
18
+ decryption_key: './spec/spec_key')
11
19
 
12
20
  expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
13
21
  end
14
22
 
15
23
  it 'will not attempt to decrypt values which are not marked as "secure"' do
16
- filtered_settings = DecryptionFilter.execute( data: {
17
- my_secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==' },
18
- decryption_key: './spec/spec_key' )
24
+ filtered_settings = DecryptionFilter.execute(
25
+ data: {
26
+ my_secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4m' \
27
+ 'psspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ5' \
28
+ '7m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXz' \
29
+ 'nf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZD' \
30
+ 'wS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXW' \
31
+ 'S7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kK' \
32
+ 'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==' },
33
+ decryption_key: './spec/spec_key')
19
34
 
20
- expect(filtered_settings.my_secure_setting).to eql 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
35
+ my_secure_setting = filtered_settings.my_secure_setting
36
+
37
+ expect(my_secure_setting).to eql 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYT' \
38
+ 'haV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJU' \
39
+ 'd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4L' \
40
+ 'DGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9Dj' \
41
+ 'kBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lr' \
42
+ 'mQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBf' \
43
+ 'v5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1' \
44
+ '+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
21
45
  end
22
46
 
23
47
  it 'will not attempt to decrypt values even if they are prefixed with "secure"' do
24
- filtered_settings = DecryptionFilter.execute( data: {
25
- secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==' },
26
- decryption_key: './spec/spec_key' )
48
+ filtered_settings = DecryptionFilter.execute(
49
+ data: {
50
+ secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBt' \
51
+ 'mjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/em' \
52
+ 'EAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9Djk' \
53
+ 'Bb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxs' \
54
+ 'WVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKT' \
55
+ 'cdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
56
+ },
57
+ decryption_key: './spec/spec_key')
58
+
59
+ secure_setting = filtered_settings.secure_setting
27
60
 
28
- expect(filtered_settings.secure_setting).to eql 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
61
+ expect(secure_setting).to eql 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4m' \
62
+ 'psspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ5' \
63
+ '7m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXz' \
64
+ 'nf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZD' \
65
+ 'wS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXW' \
66
+ 'S7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kK' \
67
+ 'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
29
68
  end
30
69
 
31
70
  it 'will not attempt to decrypt values even if they are not properly encoded' do
32
- filtered_settings = DecryptionFilter.execute( data: {
33
- _secure_my_secure_setting: 'cJbFe0NI5\wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==' },
34
- decryption_key: './spec/spec_key' )
71
+ filtered_settings = DecryptionFilter.execute(
72
+ data: {
73
+ _secure_my_secure_setting: 'cJbFe0NI5\wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4' \
74
+ 'mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ' \
75
+ '57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfX' \
76
+ 'znf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZ' \
77
+ 'DwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNX' \
78
+ 'WS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1k' \
79
+ 'KTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
80
+ },
81
+ decryption_key: './spec/spec_key')
35
82
 
36
- expect(filtered_settings._secure_my_secure_setting).to eql 'cJbFe0NI5\wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
83
+ my_secure_setting = filtered_settings._secure_my_secure_setting
84
+
85
+ expect(my_secure_setting).to eql 'cJbFe0NI5\wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4' \
86
+ 'mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ' \
87
+ '57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfX' \
88
+ 'znf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZ' \
89
+ 'DwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNX' \
90
+ 'WS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1k' \
91
+ 'KTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
37
92
  end
38
93
 
39
94
  it 'will not attempt to decrypt values if it guesses that they are not encrpyted' do
40
- filtered_settings = DecryptionFilter.execute( data: {
41
- _secure_my_secure_setting: 'hello' },
42
- decryption_key: './spec/spec_key' )
95
+ filtered_settings = DecryptionFilter.execute(data: {
96
+ _secure_my_secure_setting: 'hello' },
97
+ decryption_key: './spec/spec_key')
43
98
 
44
99
  expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
45
100
  end
46
101
 
47
102
  it 'simply returns the encrypted string if there is no decryption key' do
48
- filtered_settings = DecryptionFilter.execute( data: {
49
- _secure_my_secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==' })
103
+ filtered_settings = DecryptionFilter.execute(
104
+ data: {
105
+ _secure_my_secure_setting: 'cJbFe0NI5\wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4' \
106
+ 'mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ' \
107
+ '57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfX' \
108
+ 'znf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZ' \
109
+ 'DwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNX' \
110
+ 'WS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1k' \
111
+ 'KTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
112
+ },
113
+ )
114
+
115
+ my_secure_setting = filtered_settings._secure_my_secure_setting
116
+
117
+ expect(my_secure_setting).to eql 'cJbFe0NI5\wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4' \
118
+ 'mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ' \
119
+ '57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfX' \
120
+ 'znf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZ' \
121
+ 'DwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNX' \
122
+ 'WS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1k' \
123
+ 'KTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
124
+ end
125
+
126
+ it 'can decrypt a complex object' do
127
+ filtered_settings = DecryptionFilter.execute(
128
+ data: {
129
+ _secure_my_secure_setting: 'rF1MIcLX/Q88gjpHTifI27fJHopDKVTJRvOwF2MZ8kVIrvBhFg' \
130
+ 'LOyQ7JEBiWNBh1yUtR6PeKlB+h44sIL3yKMcZyccX73Mo+CiWx' \
131
+ 'mnjtK4I1QxcJL8OSLa8GQPlSBxoBCykWqerwN0b2oS/jv8umB2' \
132
+ 'j2RyANFYklD3mAxn1LsoTuFPAif+SCLRIGafcHkOywM32qn6Hh' \
133
+ 'UpeBChX81JhJpip1gdJmRTGEZjKfR93h1shW0LqLLbdQUwYPOP' \
134
+ 'bnjz7fU7x+d5/ighWTDsmOVyvEiqM0WasFzK+WBUfvo8tQxUym' \
135
+ 'exw/U3B7N/0R/9v6U3l6x7eeIoQ4+lnJK2ULFzVgiw==',
136
+ },
137
+ decryption_key: './spec/spec_key')
50
138
 
51
- expect(filtered_settings._secure_my_secure_setting).to eql 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
139
+ expect(filtered_settings._secure_my_secure_setting).to be_a Integer
140
+ expect(filtered_settings._secure_my_secure_setting).to eql 12_345
141
+ end
142
+
143
+ it 'can decrypt a number that has not been yamlled' do
144
+ filtered_settings = DecryptionFilter.execute(
145
+ data: {
146
+ _secure_my_secure_setting: 'Ieh5poOpcirj1jihkh1eENaCrF8ECQSLOigM4ApTZ8hp4vrL3N' \
147
+ 'KWp3djEkQz0QceopgN8TBJOEj1lqfGGL3Ar5L0SGrIsHt6KOil' \
148
+ 'erEXXH4/e2+s8JFWpdfjCxgn12fv1jqXxNyuMUlYRBD7R+oRNV' \
149
+ 'A5nNpnwiSE7IOBjUEZyzlQUrePVku5CtOs0hfGe+79n6D8zFGT' \
150
+ 'px7UjZg4QVXyHISBM2hAaDOZ0dfxVqbzmvN3B68xbuIty5vyv1' \
151
+ '+Ry2k+yIGJXIOjNm96ntDxIuUbycfrqYdtopBDI5kcr0zckPWM' \
152
+ 'QRqkp7yd/XNZqyYCFGMNKNwokE6wZuGffkD/H/VPxQ==',
153
+ },
154
+ decryption_key: './spec/spec_key')
155
+
156
+ expect(filtered_settings._secure_my_secure_setting).to eql '12345'
157
+ end
158
+
159
+ it 'can decrypt a string that has not been yamlled' do
160
+ filtered_settings = DecryptionFilter.execute(
161
+ data: {
162
+ _secure_my_secure_setting: 'V2ifd6KwfGK8zW7K87ypHiA89UvVqsAX3961dR/B5ensruVFi5' \
163
+ 'KydFR1KxPQHxInhVl4GIvpBCwczK1mMZ61NGVISK04tg90R52/' \
164
+ 'ue0s4V9v01h1wTnahrkRGFyKk4iiQwsluuXGaW4gBFayaKOs77' \
165
+ 'HL/fMBY985akz8lv/8secg2U66YWeIHblJ2OKdNELaEFZKXWyw' \
166
+ 'PxXEMPckAnbJB6liwFNjbY1y0WH6oiP/OzoiOGzGeuUr2P8IfW' \
167
+ '8JIedOuy4JV4Y46QPvu4zCZhDgNa4dTCdOTA/oEd5+GLhuoSiC' \
168
+ '87k/vbURwhqs1fmyXUJpUaDg3x4quTDZ6uBTG0Qu/A==',
169
+ },
170
+ decryption_key: './spec/spec_key')
171
+
172
+ expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
52
173
  end
53
174
  end
54
175
  end
data/spec/lib/chamber/filters/encryption_filter_spec.rb CHANGED
@@ -5,43 +5,75 @@ module Chamber
5
5
  module Filters
6
6
  describe EncryptionFilter do
7
7
  it 'will attempt to encrypt values which are marked as "secure"' do
8
- filtered_settings = EncryptionFilter.execute( data: {
9
- _secure_my_secure_setting: 'hello' },
10
- encryption_key: './spec/spec_key.pub' )
8
+ filtered_settings = EncryptionFilter.execute(
9
+ data: {
10
+ _secure_my_secure_setting: 'hello' },
11
+ encryption_key: './spec/spec_key.pub')
11
12
 
12
- expect(filtered_settings._secure_my_secure_setting).to match EncryptionFilter::BASE64_STRING_PATTERN
13
+ expect(filtered_settings._secure_my_secure_setting).to match \
14
+ EncryptionFilter::BASE64_STRING_PATTERN
13
15
  end
14
16
 
15
17
  it 'will not attempt to encrypt values which are not marked as "secure"' do
16
- filtered_settings = EncryptionFilter.execute( data: {
17
- my_secure_setting: 'hello' },
18
- encryption_key: './spec/spec_key.pub' )
18
+ filtered_settings = EncryptionFilter.execute(
19
+ data: {
20
+ my_secure_setting: 'hello' },
21
+ encryption_key: './spec/spec_key.pub')
19
22
 
20
23
  expect(filtered_settings.my_secure_setting).to eql 'hello'
21
24
  end
22
25
 
23
26
  it 'will not attempt to encrypt values even if they are prefixed with "secure"' do
24
- filtered_settings = EncryptionFilter.execute( data: {
25
- secure_setting: 'hello' },
26
- encryption_key: './spec/spec_key.pub' )
27
+ filtered_settings = EncryptionFilter.execute(
28
+ data: {
29
+ secure_setting: 'hello' },
30
+ encryption_key: './spec/spec_key.pub')
27
31
 
28
32
  expect(filtered_settings.secure_setting).to eql 'hello'
29
33
  end
30
34
 
31
35
  it 'will attempt to encrypt values if they are not properly encoded' do
32
- filtered_settings = EncryptionFilter.execute( data: {
33
- _secure_my_secure_setting: 'fNI5\jwlBn' },
34
- encryption_key: './spec/spec_key.pub' )
36
+ filtered_settings = EncryptionFilter.execute(
37
+ data: {
38
+ _secure_my_secure_setting: 'fNI5\jwlBn' },
39
+ encryption_key: './spec/spec_key.pub')
35
40
 
36
- expect(filtered_settings._secure_my_secure_setting).to match EncryptionFilter::BASE64_STRING_PATTERN
41
+ expect(filtered_settings._secure_my_secure_setting).to match \
42
+ EncryptionFilter::BASE64_STRING_PATTERN
37
43
  end
38
44
 
39
- it 'will not attempt to encrypt values if it guesses that they are already encrpyted' do
40
- filtered_settings = EncryptionFilter.execute( data: {
41
- _secure_my_secure_setting: 'fNI5wlBniNhEU4396pmhWwx+A09bRAMJOUASuP7PzprewBX8CXYqL+v/uXOJpIRCLDjwe8quuC+j9iLcPU7HBRMr054gGxeqZexbLevXcPk7SrMis3qeEKmnAuarQGXe7ZAntidMY9Lx4pqSkhYXwQnI48d2Dh44qfaS9w2OrehSkpdFRnuxQeOpCKO/bleB0J88WGkytCohyHCRIpbaEjEC3UD52pnqMeu/ClNm+PBgE6Ci94pu5UUnZuIE/y+P4A3wgD6G/u8hgvAW51JwVryg/im1rayGAwWYNgupQ/5LDmjffwx7Q3fyMH2uF3CDIKRIC6U+mnM5SRMO4Dzysw==' },
42
- encryption_key: './spec/spec_key.pub' )
45
+ it 'will attempt to encrypt values if they are numbers' do
46
+ filtered_settings = EncryptionFilter.execute(data: {
47
+ _secure_my_secure_setting: 12_345 },
48
+ encryption_key: './spec/spec_key.pub')
43
49
 
44
- expect(filtered_settings._secure_my_secure_setting).to eql 'fNI5wlBniNhEU4396pmhWwx+A09bRAMJOUASuP7PzprewBX8CXYqL+v/uXOJpIRCLDjwe8quuC+j9iLcPU7HBRMr054gGxeqZexbLevXcPk7SrMis3qeEKmnAuarQGXe7ZAntidMY9Lx4pqSkhYXwQnI48d2Dh44qfaS9w2OrehSkpdFRnuxQeOpCKO/bleB0J88WGkytCohyHCRIpbaEjEC3UD52pnqMeu/ClNm+PBgE6Ci94pu5UUnZuIE/y+P4A3wgD6G/u8hgvAW51JwVryg/im1rayGAwWYNgupQ/5LDmjffwx7Q3fyMH2uF3CDIKRIC6U+mnM5SRMO4Dzysw=='
50
+ expect(filtered_settings._secure_my_secure_setting).to match \
51
+ EncryptionFilter::BASE64_STRING_PATTERN
52
+ end
53
+
54
+ it 'will not attempt to encrypt values if it guesses that they are already encrypted' do
55
+ filtered_settings = EncryptionFilter.execute(
56
+ data: {
57
+ _secure_my_secure_setting: 'fNI5wlBniNhEU4396pmhWwx+A09bRAMJOUASuP7PzprewBX8C' \
58
+ 'XYqL+v/uXOJpIRCLDjwe8quuC+j9iLcPU7HBRMr054gGxeqZe' \
59
+ 'xbLevXcPk7SrMis3qeEKmnAuarQGXe7ZAntidMY9Lx4pqSkhY' \
60
+ 'XwQnI48d2Dh44qfaS9w2OrehSkpdFRnuxQeOpCKO/bleB0J88' \
61
+ 'WGkytCohyHCRIpbaEjEC3UD52pnqMeu/ClNm+PBgE6Ci94pu5' \
62
+ 'UUnZuIE/y+P4A3wgD6G/u8hgvAW51JwVryg/im1rayGAwWYNg' \
63
+ 'upQ/5LDmjffwx7Q3fyMH2uF3CDIKRIC6U+mnM5SRMO4Dzysw==',
64
+ },
65
+ encryption_key: './spec/spec_key.pub')
66
+
67
+ my_secure_setting = filtered_settings._secure_my_secure_setting
68
+
69
+ expect(my_secure_setting).to eql 'fNI5wlBniNhEU4396pmhWwx+A09bRAMJOUASuP7Pzprew' \
70
+ 'BX8CXYqL+v/uXOJpIRCLDjwe8quuC+j9iLcPU7HBRMr05' \
71
+ '4gGxeqZexbLevXcPk7SrMis3qeEKmnAuarQGXe7ZAntid' \
72
+ 'MY9Lx4pqSkhYXwQnI48d2Dh44qfaS9w2OrehSkpdFRnux' \
73
+ 'QeOpCKO/bleB0J88WGkytCohyHCRIpbaEjEC3UD52pnqM' \
74
+ 'eu/ClNm+PBgE6Ci94pu5UUnZuIE/y+P4A3wgD6G/u8hgv' \
75
+ 'AW51JwVryg/im1rayGAwWYNgupQ/5LDmjffwx7Q3fyMH2' \
76
+ 'uF3CDIKRIC6U+mnM5SRMO4Dzysw=='
45
77
  end
46
78
  end
47
79
  end
data/spec/lib/chamber/filters/environment_filter_spec.rb CHANGED
@@ -4,15 +4,19 @@ require 'chamber/filters/environment_filter'
4
4
  module Chamber
5
5
  module Filters
6
6
  describe EnvironmentFilter do
7
- it 'can extract data from the environment if an existing variable matches the composite key' do
7
+ it 'can extract data from the environment if an existing variable matches the ' \
8
+ 'composite key' do
9
+
8
10
  ENV['TEST_SETTING_GROUP_TEST_SETTING_LEVEL_TEST_SETTING'] = 'value 2'
9
11
 
10
12
  filtered_data = EnvironmentFilter.execute(data: {
11
13
  test_setting_group: {
12
14
  test_setting_level: {
13
- test_setting: 'value 1' }}})
15
+ test_setting: 'value 1' } } })
16
+
17
+ test_setting = filtered_data.test_setting_group.test_setting_level.test_setting
14
18
 
15
- expect(filtered_data.test_setting_group.test_setting_level.test_setting).to eql 'value 2'
19
+ expect(test_setting).to eql 'value 2'
16
20
 
17
21
  ENV.delete('TEST_SETTING_GROUP_TEST_SETTING_LEVEL_TEST_SETTING')
18
22
  end
@@ -23,10 +27,12 @@ describe EnvironmentFilter do
23
27
  filtered_data = EnvironmentFilter.execute(data: {
24
28
  test_setting_group: {
25
29
  test_setting_level: {
26
- test_setting: 'value 1',
27
- another_setting: 'value 3', }}})
30
+ test_setting: 'value 1',
31
+ another_setting: 'value 3' } } })
32
+
33
+ another_setting = filtered_data.test_setting_group.test_setting_level.another_setting
28
34
 
29
- expect(filtered_data.test_setting_group.test_setting_level.another_setting).to eql 'value 3'
35
+ expect(another_setting).to eql 'value 3'
30
36
 
31
37
  ENV.delete('TEST_SETTING_GROUP_TEST_SETTING_LEVEL_TEST_SETTING')
32
38
  end
data/spec/lib/chamber/filters/failed_decryption_filter_spec.rb ADDED
@@ -0,0 +1,53 @@
1
+ require 'rspectacular'
2
+ require 'chamber/filters/failed_decryption_filter'
3
+
4
+ module Chamber
5
+ module Filters
6
+ describe FailedDecryptionFilter do
7
+ it 'raises an exception if any of the settings are not decrypted' do
8
+ expect do
9
+ FailedDecryptionFilter.execute(
10
+ data: {
11
+ _secure_my_secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4m' \
12
+ 'psspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ5' \
13
+ '7m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXz' \
14
+ 'nf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZD' \
15
+ 'wS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXW' \
16
+ 'S7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kK' \
17
+ 'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
18
+ },
19
+ )
20
+ end.
21
+ to raise_error Chamber::Errors::DecryptionFailure
22
+ end
23
+
24
+ it 'does not raise an exception if it is not a secure key' do
25
+ expect do
26
+ FailedDecryptionFilter.execute(
27
+ data: {
28
+ my_secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4m' \
29
+ 'psspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ5' \
30
+ '7m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXz' \
31
+ 'nf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZD' \
32
+ 'wS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXW' \
33
+ 'S7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kK' \
34
+ 'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
35
+ },
36
+ )
37
+ end.
38
+ not_to raise_error
39
+ end
40
+
41
+ it 'does not raise an exception if it is not a secure value' do
42
+ expect do
43
+ FailedDecryptionFilter.execute(
44
+ data: {
45
+ _secure_my_secure_setting: 'hello',
46
+ },
47
+ )
48
+ end.
49
+ not_to raise_error
50
+ end
51
+ end
52
+ end
53
+ end