chamber 2.8.0 → 2.9.0

data/spec/lib/chamber/file_spec.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'rspectacular'
 require 'chamber/file'
 require 'chamber/settings'
@@ -59,16 +60,18 @@ describe  File do
     tempfile      = create_tempfile_with_content '{ test: settings }'
     settings_file = File.new  path:       tempfile.path,
                               namespaces: {
-                                environment: :development }
+                                environment: :development,
+                              }
 
-    allow(Settings).to  receive(:new)
+    allow(Settings).to receive(:new)
 
     settings_file.to_settings
 
     expect(Settings).to have_received(:new).
                         with(settings:       { 'test' => 'settings' },
                              namespaces:     {
-                               environment: :development },
+                               environment: :development,
+                             },
                              decryption_key: nil,
                              encryption_key: nil)
   end
@@ -77,7 +80,7 @@ describe  File do
     tempfile      = create_tempfile_with_content '{ test: <%= 1 + 1 %> }'
     settings_file = File.new  path: tempfile.path
 
-    allow(Settings).to      receive(:new)
+    allow(Settings).to receive(:new)
 
     settings_file.to_settings
     expect(Settings).to have_received(:new).
@@ -112,9 +115,9 @@ HEREDOC
 
     settings_file.secure
 
-    settings_file = File.new  path:           tempfile.path
+    settings_file = File.new path:           tempfile.path
 
-    expect(settings_file.to_settings.send(:raw_data)['_secure_setting']).to match Filters::EncryptionFilter::BASE64_STRING_PATTERN
+    expect(settings_file.to_settings.__send__(:raw_data)['_secure_setting']).to match Filters::EncryptionFilter::BASE64_STRING_PATTERN
   end
 
   it 'does not encrypt the settings contained in a file which are already secure' do
@@ -128,8 +131,8 @@ HEREDOC
 
     settings_file.secure
 
-    settings_file        = File.new  path:           tempfile.path
-    raw_data             = settings_file.to_settings.send(:raw_data)
+    settings_file        = File.new path: tempfile.path
+    raw_data             = settings_file.to_settings.__send__(:raw_data)
     secure_setting       = raw_data['_secure_setting']
     other_secure_setting = raw_data['_secure_other_setting']
 
@@ -145,7 +148,7 @@ HEREDOC
   end
 
   it 'does not rewrite the entire file but only the encrypted settings' do
-    tempfile      = create_tempfile_with_content <<-HEREDOC
+    tempfile = create_tempfile_with_content <<-HEREDOC
 default:
   stuff: &default
     _secure_setting:       hello
@@ -181,6 +184,37 @@ other:
 HEREDOC
   end
 
+  it 'can handle encrypting multiline strings' do
+    tempfile = create_tempfile_with_content <<-HEREDOC
+other:
+  stuff:
+    _secure_setting: |
+      -----BEGIN RSA PRIVATE KEY-----
+      uQ431irYF7XGEwmsfNUcw++6Enjmt9MItVZJrfL4cUr84L1ccOEX9AThsxz2nkiO
+      GgU+HtwwueZDUZ8Pdn71+1CdVaSUeEkVaYKYuHwYVb1spGfreHQHRP90EMv3U5Ir
+      xs0YFwKBgAJKGol+GM1oFodg48v4QA6hlF5z49v83wU+AS2f3aMVfjkTYgAEAoCT
+      qoSi7wkYK3NvftVgVi8Z2+1WEzp3S590UkkHmjc5o+HfS657v2fnqkekJyinB+OH
+      b5tySsPxt/3Un4D9EaGhjv44GMvL54vFI1Sqc8RsF/H8lRvj5ai5
+      -----END RSA PRIVATE KEY-----
+    something_else:  'right here'
+HEREDOC
+
+    settings_file = File.new  path:           tempfile.path,
+                              encryption_key: './spec/spec_key.pub'
+
+    settings_file.secure
+
+    file_contents          = ::File.read(tempfile.path)
+    secure_setting_encoded = file_contents[/    _secure_setting: (.*)$/, 1]
+
+    expect(::File.read(tempfile.path)).to eql <<-HEREDOC
+other:
+  stuff:
+    _secure_setting: #{secure_setting_encoded}
+    something_else:  'right here'
+HEREDOC
+  end
+
   it 'when rewriting the file, can handle names and values with regex special ' \
      'characters' do
 

data/spec/lib/chamber/filters/boolean_conversion_filter_spec.rb

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
 require 'rspectacular'
 require 'chamber/filters/boolean_conversion_filter'
 
 module    Chamber
 module    Filters
 describe  BooleanConversionFilter do
+  # rubocop:disable Lint/DuplicatedKey
   it 'can convert string boolean values into TrueClass and FalseClass even if they ' \
      'are deeply nested' do
 
@@ -18,13 +20,17 @@ describe  BooleanConversionFilter do
                                                     false_boolean: 'false',
                                                     no_boolean:    'no',
                                                     nilly:         nil,
-                                                    non_boolean:   3 },
+                                                    non_boolean:   3,
+                                                  },
                                                   f_boolean:         'f',
                                                   non_boolean:       Time.utc(2012, 8, 1),
-                                                  nilly:             nil },
+                                                  nilly:             nil,
+                                                },
                                                 false_boolean: 'false',
                                                 nilly:         nil,
-                                                non_boolean:   [1, 2, 3] })
+                                                non_boolean:   [1, 2, 3],
+                                              },
+    )
 
     expect(filtered_data).to eql(true_boolean:  true,
                                  boolean_group: {
@@ -35,14 +41,17 @@ describe  BooleanConversionFilter do
                                      false_boolean: false,
                                      no_boolean:    false,
                                      nilly:         nil,
-                                     non_boolean:   3 },
+                                     non_boolean:   3,
+                                   },
                                    f_boolean:         false,
                                    non_boolean:       Time.utc(2012, 8, 1),
-                                   nilly:             nil },
+                                   nilly:             nil,
+                                 },
                                  false_boolean: false,
                                  nilly:         nil,
                                  non_boolean:   [1, 2, 3])
   end
+  # rubocop:enable Lint/DuplicatedKey
 end
 end
 end

data/spec/lib/chamber/filters/decryption_filter_spec.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'rspectacular'
 require 'chamber/filters/decryption_filter'
 
@@ -15,11 +16,49 @@ describe  DecryptionFilter do
                                    'S7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kK' \
                                    'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
       },
-      decryption_key: './spec/spec_key')
+      decryption_key: './spec/spec_key',
+    )
 
     expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
   end
 
+  it 'will correct decrypt values which contain multiline strings' do
+    filtered_settings = DecryptionFilter.execute(
+      data:           {
+        _secure_my_secure_setting: 'Q0ImhgdRmOdXEx04E3TnMoW/c6ckuce+y4kYGYWIJM6W/nBJBF' \
+                                   'jnqcFru/6wo+TVEZxowxjxJNv8H6SuxYmahxMRl7AajTrJ/QD+' \
+                                   'bKzbStL7D2oViB1dDNUz4GZxeNDSMU0oF9e67ih6AmnxAgI0Rl' \
+                                   'EterOMyWOPHJIUrLquBRlIs0JyP8yermN9KWOAeLZdJlIGSyfw' \
+                                   'EU+sWQtafJ3jiNAPqWTGJxHfQZTQHn+q4SnZPPnBPK0dZiZzqO' \
+                                   'rtkzmVPR7SAT5Ube4CxJWhkpWpl5rPgamqVsG/P0AalMqLxuPU' \
+                                   'XqSdOEWKkK6jerbElVyQ7FdRBLau2JXHpDZYGw8KTA==#EPCuI' \
+                                   'el5w17aUZfpHOuFNQ==#VzcE0BIuqA7xUMYEZkWZa4kOPse95N' \
+                                   'iow+e/FhKAlG/7uYYTmkRbxRiMLtzH1Swzyz0NHF/BJPa1rKRb' \
+                                   'cVCGjK8v13O9zJY8UdCQYsrdQaTIOA95NIcxwLCbrYencDzZFx' \
+                                   'YtOgioyXbW9OCPnjDe9ozkCw6prRclgJyvadvKWqBgaJkluIdi' \
+                                   'kCDLX+Dy7fjkLtq5GqPFeFjHKwRGMLQB5dYk1VNAKgzhnSpUkJ' \
+                                   'JZA2Z7P54NhQQ83Doypfwb16LfKFax9575XeUWZeURxl7Ric4M' \
+                                   'rjJYrc3u5biTzToMQBITGEsComsTDpfB3FVtZhobNjzdkhEGzf' \
+                                   '6F2iRjjHDsQfaUebAPxDVFa31p5XGQN7YJDeAXYBLb16kAhv8N' \
+                                   '5DGwiukPjtUVXUfFQzaTnJWm/eIhQKFH8rkVawAr9wAeoSz7cw' \
+                                   'WFyD+pq5QF9GlxPU5ZotNjrqO4rz/s8+bkt2XwBANTVCZrTb9g' \
+                                   'nE9FyIqFmRZ9L8Ef43KE02wDcUnrKp3oOMSItWnY5rFJew0eAU' \
+                                   '+CHQ==',
+      },
+      decryption_key: './spec/spec_key',
+    )
+
+    expect(filtered_settings._secure_my_secure_setting).to eql <<-HEREDOC
+-----BEGIN RSA PRIVATE KEY-----
+uQ431irYF7XGEwmsfNUcw++6Enjmt9MItVZJrfL4cUr84L1ccOEX9AThsxz2nkiO
+GgU+HtwwueZDUZ8Pdn71+1CdVaSUeEkVaYKYuHwYVb1spGfreHQHRP90EMv3U5Ir
+xs0YFwKBgAJKGol+GM1oFodg48v4QA6hlF5z49v83wU+AS2f3aMVfjkTYgAEAoCT
+qoSi7wkYK3NvftVgVi8Z2+1WEzp3S590UkkHmjc5o+HfS657v2fnqkekJyinB+OH
+b5tySsPxt/3Un4D9EaGhjv44GMvL54vFI1Sqc8RsF/H8lRvj5ai5
+-----END RSA PRIVATE KEY-----
+    HEREDOC
+  end
+
   it 'will not attempt to decrypt values which are not marked as "secure"' do
     filtered_settings = DecryptionFilter.execute(
       data:           {
@@ -29,8 +68,10 @@ describe  DecryptionFilter do
                            'nf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZD' \
                            'wS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXW' \
                            'S7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kK' \
-                           'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==' },
-      decryption_key: './spec/spec_key')
+                           'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
+      },
+      decryption_key: './spec/spec_key',
+    )
 
     my_secure_setting = filtered_settings.my_secure_setting
 
@@ -54,7 +95,8 @@ describe  DecryptionFilter do
                         'WVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKT' \
                         'cdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
       },
-      decryption_key: './spec/spec_key')
+      decryption_key: './spec/spec_key',
+    )
 
     secure_setting = filtered_settings.secure_setting
 
@@ -78,7 +120,8 @@ describe  DecryptionFilter do
                                    'WS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1k' \
                                    'KTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
       },
-      decryption_key: './spec/spec_key')
+      decryption_key: './spec/spec_key',
+    )
 
     my_secure_setting = filtered_settings._secure_my_secure_setting
 
@@ -93,7 +136,8 @@ describe  DecryptionFilter do
 
   it 'will not attempt to decrypt values if it guesses that they are not encrpyted' do
     filtered_settings = DecryptionFilter.execute(data:           {
-                                                   _secure_my_secure_setting: 'hello' },
+                                                   _secure_my_secure_setting: 'hello',
+                                                 },
                                                  decryption_key: './spec/spec_key')
 
     expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
@@ -134,7 +178,8 @@ describe  DecryptionFilter do
                                    'bnjz7fU7x+d5/ighWTDsmOVyvEiqM0WasFzK+WBUfvo8tQxUym' \
                                    'exw/U3B7N/0R/9v6U3l6x7eeIoQ4+lnJK2ULFzVgiw==',
       },
-      decryption_key: './spec/spec_key')
+      decryption_key: './spec/spec_key',
+    )
 
     expect(filtered_settings._secure_my_secure_setting).to be_a Integer
     expect(filtered_settings._secure_my_secure_setting).to eql  12_345
@@ -151,7 +196,8 @@ describe  DecryptionFilter do
                                    '+Ry2k+yIGJXIOjNm96ntDxIuUbycfrqYdtopBDI5kcr0zckPWM' \
                                    'QRqkp7yd/XNZqyYCFGMNKNwokE6wZuGffkD/H/VPxQ==',
       },
-      decryption_key: './spec/spec_key')
+      decryption_key: './spec/spec_key',
+    )
 
     expect(filtered_settings._secure_my_secure_setting).to eql '12345'
   end
@@ -167,10 +213,40 @@ describe  DecryptionFilter do
                                    '8JIedOuy4JV4Y46QPvu4zCZhDgNa4dTCdOTA/oEd5+GLhuoSiC' \
                                    '87k/vbURwhqs1fmyXUJpUaDg3x4quTDZ6uBTG0Qu/A==',
       },
-      decryption_key: './spec/spec_key')
+      decryption_key: './spec/spec_key',
+    )
 
     expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
   end
+
+  it 'can decrypt large encrypted data' do
+    filtered_settings = DecryptionFilter.execute(
+        data:           {
+          _secure_my_secure_setting: 'AcMY7ALLoGZRakL3ibyo2WB438ipdMDIjsa4SCDBP2saOY63A' \
+                                     'D3C/SZanexlYDQoYoYC0V5J5EvKHgGMDAU8qnp9LjzU5VCwJ3' \
+                                     'SVRGz3J0c7LXgTlC585Lgy8LX+/yjYFm4D13hlMvvsoI35Bo8' \
+                                     'EVkTSU2+0gRSjRpQJeK1o7az5+fBuNmFipevA4YfLnarnpwo2' \
+                                     'd2oO+BqStI2QQI1UWwN2R04rvOdHoEzA6DLsdvYX+QTKDk4K5' \
+                                     'oSKXfuMBvzOCaCGT75cmt85ZY7XZnwbKi6c4mtL1ajrCr8sQF' \
+                                     'TA/GyG1EiYLFp1uQco0m2/S9yFf26REjax4ZE6O/ilXgT6xg=' \
+                                     '=#YAm25swWRQx4ip1RjVzpGQ==#vRGvgjErI+dATM4UOtFkkg' \
+                                     'efFpFTvxGpHN0gRbf1VCO4K07eqAQPb46BDI67a8iNum9cBph' \
+                                     'es7oGmuNnUvBg4JiZhKsXnolcRWdITDVh/XYNioXRmesvj4x+' \
+                                     'tY0FVhkLV2zubRVfC7CDJgin6wRHP+bcZhICDD2YqB+XRS4ou' \
+                                     '66UeaiGA4eV4G6sPIo+DPjDM3m8JFnuRFMvGk73wthbN4MdAp' \
+                                     '9xONt5wfobJUiUR11k2iAqwhx7Wyj0imz/afI8goDTdMfQt3V' \
+                                     'DOYqYG3y2AcYOfsOL6m0GtQRlKvtsvw+m8/ICwSGiL2Loup0j' \
+                                     '/jDGhFi1lwf4ded8aSwyS+2/Ks9C008dsJwpR1SxJ59z1KSzd' \
+                                     'QcTcrJTnxd+2qpOVVIoaRGud2tSV+5wKXy9dWRflLsjEtBRFR' \
+                                     'eFurTVQPodjDy+Lhs452/O/+KAJOXMKeYegCGOe8z9tLD3tel' \
+                                     'jjTyJPeW/1FE3+tP3G3HJAV4sgoO0YwhNY1Nji56igCl3UvEP' \
+                                     'nEQcJgu0w/+dqSreqwp6TqaqXY3lzr8vi733lti4nss=',
+        },
+        decryption_key: './spec/spec_key',
+    )
+
+    expect(filtered_settings._secure_my_secure_setting).to eql 'long' * 100
+  end
 end
 end
 end

data/spec/lib/chamber/filters/encryption_filter_spec.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'rspectacular'
 require 'chamber/filters/encryption_filter'
 
@@ -7,8 +8,10 @@ describe  EncryptionFilter do
   it 'will attempt to encrypt values which are marked as "secure"' do
     filtered_settings = EncryptionFilter.execute(
       data:           {
-        _secure_my_secure_setting: 'hello' },
-      encryption_key: './spec/spec_key.pub')
+        _secure_my_secure_setting: 'hello',
+      },
+      encryption_key: './spec/spec_key.pub',
+    )
 
     expect(filtered_settings._secure_my_secure_setting).to match \
       EncryptionFilter::BASE64_STRING_PATTERN
@@ -17,8 +20,10 @@ describe  EncryptionFilter do
   it 'will not attempt to encrypt values which are not marked as "secure"' do
     filtered_settings = EncryptionFilter.execute(
       data:           {
-        my_secure_setting: 'hello' },
-      encryption_key: './spec/spec_key.pub')
+        my_secure_setting: 'hello',
+      },
+      encryption_key: './spec/spec_key.pub',
+    )
 
     expect(filtered_settings.my_secure_setting).to eql 'hello'
   end
@@ -26,8 +31,10 @@ describe  EncryptionFilter do
   it 'will not attempt to encrypt values even if they are prefixed with "secure"' do
     filtered_settings = EncryptionFilter.execute(
       data:           {
-        secure_setting: 'hello' },
-      encryption_key: './spec/spec_key.pub')
+        secure_setting: 'hello',
+      },
+      encryption_key: './spec/spec_key.pub',
+    )
 
     expect(filtered_settings.secure_setting).to eql 'hello'
   end
@@ -35,8 +42,10 @@ describe  EncryptionFilter do
   it 'will attempt to encrypt values if they are not properly encoded' do
     filtered_settings = EncryptionFilter.execute(
       data:           {
-        _secure_my_secure_setting: 'fNI5\jwlBn' },
-      encryption_key: './spec/spec_key.pub')
+        _secure_my_secure_setting: 'fNI5\jwlBn',
+      },
+      encryption_key: './spec/spec_key.pub',
+    )
 
     expect(filtered_settings._secure_my_secure_setting).to match \
       EncryptionFilter::BASE64_STRING_PATTERN
@@ -44,7 +53,8 @@ describe  EncryptionFilter do
 
   it 'will attempt to encrypt values if they are numbers' do
     filtered_settings = EncryptionFilter.execute(data:           {
-                                                   _secure_my_secure_setting: 12_345 },
+                                                   _secure_my_secure_setting: 12_345,
+                                                 },
                                                  encryption_key: './spec/spec_key.pub')
 
     expect(filtered_settings._secure_my_secure_setting).to match \
@@ -62,7 +72,8 @@ describe  EncryptionFilter do
                                    'UUnZuIE/y+P4A3wgD6G/u8hgvAW51JwVryg/im1rayGAwWYNg' \
                                    'upQ/5LDmjffwx7Q3fyMH2uF3CDIKRIC6U+mnM5SRMO4Dzysw==',
       },
-      encryption_key: './spec/spec_key.pub')
+      encryption_key: './spec/spec_key.pub',
+    )
 
     my_secure_setting = filtered_settings._secure_my_secure_setting
 
@@ -75,6 +86,61 @@ describe  EncryptionFilter do
                                      'AW51JwVryg/im1rayGAwWYNgupQ/5LDmjffwx7Q3fyMH2' \
                                      'uF3CDIKRIC6U+mnM5SRMO4Dzysw=='
   end
+
+  it 'can encrypt long multiline strings' do
+    filtered_settings = EncryptionFilter.execute(
+      data:           {
+        _secure_multiline: <<-HEREDOC
+-----BEGIN RSA PRIVATE KEY-----
+uQ431irYF7XGEwmsfNUcw++6Enjmt9MItVZJrfL4cUr84L1ccOEX9AThsxz2nkiO
+GgU+HtwwueZDUZ8Pdn71+1CdVaSUeEkVaYKYuHwYVb1spGfreHQHRP90EMv3U5Ir
+xs0YFwKBgAJKGol+GM1oFodg48v4QA6hlF5z49v83wU+AS2f3aMVfjkTYgAEAoCT
+qoSi7wkYK3NvftVgVi8Z2+1WEzp3S590UkkHmjc5o+HfS657v2fnqkekJyinB+OH
+b5tySsPxt/3Un4D9EaGhjv44GMvL54vFI1Sqc8RsF/H8lRvj5ai5
+-----END RSA PRIVATE KEY-----
+        HEREDOC
+      },
+      encryption_key: './spec/spec_key.pub',
+    )
+
+    my_secure_setting = filtered_settings._secure_multiline
+
+    expect(my_secure_setting).to match(EncryptionFilter::LARGE_DATA_STRING_PATTERN)
+  end
+
+  it 'will encrypt strings of 127 chars effective length' do
+    filtered_settings = EncryptionFilter.execute(
+        data:           {
+          _secure_my_secure_setting: 'A' * 119,
+        },
+        encryption_key: './spec/spec_key.pub',
+    )
+
+    expect(filtered_settings._secure_my_secure_setting).to match \
+      EncryptionFilter::BASE64_STRING_PATTERN
+
+    filtered_settings = EncryptionFilter.execute(
+        data:           {
+          _secure_my_secure_setting: 'A' * 120,
+        },
+        encryption_key: './spec/spec_key.pub',
+    )
+
+    expect(filtered_settings._secure_my_secure_setting).to match \
+      EncryptionFilter::LARGE_DATA_STRING_PATTERN
+  end
+
+  it 'will encrypt and decrypt strings larger than 128 chars' do
+    filtered_settings = EncryptionFilter.execute(
+        data:           {
+          _secure_my_secure_setting: 'long' * 100,
+        },
+        encryption_key: './spec/spec_key.pub',
+    )
+
+    expect(filtered_settings._secure_my_secure_setting).to match \
+      EncryptionFilter::LARGE_DATA_STRING_PATTERN
+  end
 end
 end
 end

data/spec/lib/chamber/filters/environment_filter_spec.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'rspectacular'
 require 'chamber/filters/environment_filter'
 
@@ -12,7 +13,10 @@ describe  EnvironmentFilter do
     filtered_data = EnvironmentFilter.execute(data: {
                                                 test_setting_group: {
                                                   test_setting_level: {
-                                                    test_setting: 'value 1' } } })
+                                                    test_setting: 'value 1',
+                                                  },
+                                                },
+                                              })
 
     test_setting  = filtered_data.test_setting_group.test_setting_level.test_setting
 
@@ -28,7 +32,10 @@ describe  EnvironmentFilter do
                                                 test_setting_group: {
                                                   test_setting_level: {
                                                     test_setting:    'value 1',
-                                                    another_setting: 'value 3' } } })
+                                                    another_setting: 'value 3',
+                                                  },
+                                                },
+                                              })
 
     another_setting = filtered_data.test_setting_group.test_setting_level.another_setting