chamber 2.8.0 → 2.9.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (79) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data.tar.gz.sig +1 -0
  4. data/LICENSE.txt +19 -0
  5. data/Rakefile +1 -0
  6. data/bin/chamber +1 -0
  7. data/lib/chamber.rb +1 -0
  8. data/lib/chamber/binary/heroku.rb +1 -0
  9. data/lib/chamber/binary/runner.rb +1 -0
  10. data/lib/chamber/binary/travis.rb +1 -0
  11. data/lib/chamber/commands/base.rb +1 -0
  12. data/lib/chamber/commands/comparable.rb +1 -0
  13. data/lib/chamber/commands/compare.rb +1 -0
  14. data/lib/chamber/commands/files.rb +1 -0
  15. data/lib/chamber/commands/heroku.rb +1 -0
  16. data/lib/chamber/commands/heroku/clear.rb +1 -0
  17. data/lib/chamber/commands/heroku/compare.rb +1 -0
  18. data/lib/chamber/commands/heroku/pull.rb +1 -0
  19. data/lib/chamber/commands/heroku/push.rb +1 -0
  20. data/lib/chamber/commands/initialize.rb +5 -3
  21. data/lib/chamber/commands/securable.rb +1 -0
  22. data/lib/chamber/commands/secure.rb +1 -0
  23. data/lib/chamber/commands/show.rb +1 -0
  24. data/lib/chamber/commands/travis.rb +1 -0
  25. data/lib/chamber/commands/travis/secure.rb +1 -0
  26. data/lib/chamber/configuration.rb +1 -0
  27. data/lib/chamber/context_resolver.rb +10 -7
  28. data/lib/chamber/decryption_key.rb +1 -0
  29. data/lib/chamber/encryption_methods/none.rb +17 -0
  30. data/lib/chamber/encryption_methods/public_key.rb +27 -0
  31. data/lib/chamber/encryption_methods/ssl.rb +60 -0
  32. data/lib/chamber/environmentable.rb +1 -0
  33. data/lib/chamber/errors/decryption_failure.rb +1 -0
  34. data/lib/chamber/file.rb +9 -1
  35. data/lib/chamber/file_set.rb +4 -3
  36. data/lib/chamber/filters/boolean_conversion_filter.rb +2 -1
  37. data/lib/chamber/filters/decryption_filter.rb +20 -29
  38. data/lib/chamber/filters/encryption_filter.rb +29 -14
  39. data/lib/chamber/filters/environment_filter.rb +2 -1
  40. data/lib/chamber/filters/failed_decryption_filter.rb +3 -2
  41. data/lib/chamber/filters/insecure_filter.rb +1 -0
  42. data/lib/chamber/filters/namespace_filter.rb +2 -1
  43. data/lib/chamber/filters/secure_filter.rb +2 -1
  44. data/lib/chamber/filters/translate_secure_keys_filter.rb +2 -1
  45. data/lib/chamber/instance.rb +1 -0
  46. data/lib/chamber/namespace_set.rb +4 -3
  47. data/lib/chamber/rails.rb +1 -0
  48. data/lib/chamber/rails/railtie.rb +3 -1
  49. data/lib/chamber/rubinius_fix.rb +1 -0
  50. data/lib/chamber/settings.rb +23 -18
  51. data/lib/chamber/version.rb +2 -1
  52. data/spec/lib/chamber/commands/files_spec.rb +5 -2
  53. data/spec/lib/chamber/commands/heroku/clear_spec.rb +1 -0
  54. data/spec/lib/chamber/commands/heroku/compare_spec.rb +1 -0
  55. data/spec/lib/chamber/commands/heroku/pull_spec.rb +1 -0
  56. data/spec/lib/chamber/commands/heroku/push_spec.rb +1 -0
  57. data/spec/lib/chamber/commands/secure_spec.rb +5 -2
  58. data/spec/lib/chamber/commands/show_spec.rb +1 -0
  59. data/spec/lib/chamber/context_resolver_spec.rb +8 -5
  60. data/spec/lib/chamber/file_set_spec.rb +55 -52
  61. data/spec/lib/chamber/file_spec.rb +43 -9
  62. data/spec/lib/chamber/filters/boolean_conversion_filter_spec.rb +14 -5
  63. data/spec/lib/chamber/filters/decryption_filter_spec.rb +85 -9
  64. data/spec/lib/chamber/filters/encryption_filter_spec.rb +76 -10
  65. data/spec/lib/chamber/filters/environment_filter_spec.rb +9 -2
  66. data/spec/lib/chamber/filters/failed_decryption_filter_spec.rb +7 -6
  67. data/spec/lib/chamber/filters/insecure_filter_spec.rb +12 -4
  68. data/spec/lib/chamber/filters/namespace_filter_spec.rb +33 -14
  69. data/spec/lib/chamber/filters/secure_filter_spec.rb +8 -3
  70. data/spec/lib/chamber/filters/translate_secure_keys_filter_spec.rb +10 -3
  71. data/spec/lib/chamber/namespace_set_spec.rb +6 -3
  72. data/spec/lib/chamber/settings_spec.rb +36 -25
  73. data/spec/lib/chamber_spec.rb +25 -10
  74. data/spec/rails-2-test/config/application.rb +1 -0
  75. data/spec/rails-3-test/config/application.rb +1 -0
  76. data/spec/rails-4-test/config/application.rb +1 -0
  77. metadata +35 -9
  78. metadata.gz.sig +0 -0
  79. data/LICENSE +0 -22
data/spec/lib/chamber/file_spec.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  require 'rspectacular'
2
3
  require 'chamber/file'
3
4
  require 'chamber/settings'
@@ -59,16 +60,18 @@ describe File do
59
60
  tempfile = create_tempfile_with_content '{ test: settings }'
60
61
  settings_file = File.new path: tempfile.path,
61
62
  namespaces: {
62
- environment: :development }
63
+ environment: :development,
64
+ }
63
65
 
64
- allow(Settings).to receive(:new)
66
+ allow(Settings).to receive(:new)
65
67
 
66
68
  settings_file.to_settings
67
69
 
68
70
  expect(Settings).to have_received(:new).
69
71
  with(settings: { 'test' => 'settings' },
70
72
  namespaces: {
71
- environment: :development },
73
+ environment: :development,
74
+ },
72
75
  decryption_key: nil,
73
76
  encryption_key: nil)
74
77
  end
@@ -77,7 +80,7 @@ describe File do
77
80
  tempfile = create_tempfile_with_content '{ test: <%= 1 + 1 %> }'
78
81
  settings_file = File.new path: tempfile.path
79
82
 
80
- allow(Settings).to receive(:new)
83
+ allow(Settings).to receive(:new)
81
84
 
82
85
  settings_file.to_settings
83
86
  expect(Settings).to have_received(:new).
@@ -112,9 +115,9 @@ HEREDOC
112
115
 
113
116
  settings_file.secure
114
117
 
115
- settings_file = File.new path: tempfile.path
118
+ settings_file = File.new path: tempfile.path
116
119
 
117
- expect(settings_file.to_settings.send(:raw_data)['_secure_setting']).to match Filters::EncryptionFilter::BASE64_STRING_PATTERN
120
+ expect(settings_file.to_settings.__send__(:raw_data)['_secure_setting']).to match Filters::EncryptionFilter::BASE64_STRING_PATTERN
118
121
  end
119
122
 
120
123
  it 'does not encrypt the settings contained in a file which are already secure' do
@@ -128,8 +131,8 @@ HEREDOC
128
131
 
129
132
  settings_file.secure
130
133
 
131
- settings_file = File.new path: tempfile.path
132
- raw_data = settings_file.to_settings.send(:raw_data)
134
+ settings_file = File.new path: tempfile.path
135
+ raw_data = settings_file.to_settings.__send__(:raw_data)
133
136
  secure_setting = raw_data['_secure_setting']
134
137
  other_secure_setting = raw_data['_secure_other_setting']
135
138
 
@@ -145,7 +148,7 @@ HEREDOC
145
148
  end
146
149
 
147
150
  it 'does not rewrite the entire file but only the encrypted settings' do
148
- tempfile = create_tempfile_with_content <<-HEREDOC
151
+ tempfile = create_tempfile_with_content <<-HEREDOC
149
152
  default:
150
153
  stuff: &default
151
154
  _secure_setting: hello
@@ -181,6 +184,37 @@ other:
181
184
  HEREDOC
182
185
  end
183
186
 
187
+ it 'can handle encrypting multiline strings' do
188
+ tempfile = create_tempfile_with_content <<-HEREDOC
189
+ other:
190
+ stuff:
191
+ _secure_setting: |
192
+ -----BEGIN RSA PRIVATE KEY-----
193
+ uQ431irYF7XGEwmsfNUcw++6Enjmt9MItVZJrfL4cUr84L1ccOEX9AThsxz2nkiO
194
+ GgU+HtwwueZDUZ8Pdn71+1CdVaSUeEkVaYKYuHwYVb1spGfreHQHRP90EMv3U5Ir
195
+ xs0YFwKBgAJKGol+GM1oFodg48v4QA6hlF5z49v83wU+AS2f3aMVfjkTYgAEAoCT
196
+ qoSi7wkYK3NvftVgVi8Z2+1WEzp3S590UkkHmjc5o+HfS657v2fnqkekJyinB+OH
197
+ b5tySsPxt/3Un4D9EaGhjv44GMvL54vFI1Sqc8RsF/H8lRvj5ai5
198
+ -----END RSA PRIVATE KEY-----
199
+ something_else: 'right here'
200
+ HEREDOC
201
+
202
+ settings_file = File.new path: tempfile.path,
203
+ encryption_key: './spec/spec_key.pub'
204
+
205
+ settings_file.secure
206
+
207
+ file_contents = ::File.read(tempfile.path)
208
+ secure_setting_encoded = file_contents[/ _secure_setting: (.*)$/, 1]
209
+
210
+ expect(::File.read(tempfile.path)).to eql <<-HEREDOC
211
+ other:
212
+ stuff:
213
+ _secure_setting: #{secure_setting_encoded}
214
+ something_else: 'right here'
215
+ HEREDOC
216
+ end
217
+
184
218
  it 'when rewriting the file, can handle names and values with regex special ' \
185
219
  'characters' do
186
220
 
data/spec/lib/chamber/filters/boolean_conversion_filter_spec.rb CHANGED
@@ -1,9 +1,11 @@
1
+ # frozen_string_literal: true
1
2
  require 'rspectacular'
2
3
  require 'chamber/filters/boolean_conversion_filter'
3
4
 
4
5
  module Chamber
5
6
  module Filters
6
7
  describe BooleanConversionFilter do
8
+ # rubocop:disable Lint/DuplicatedKey
7
9
  it 'can convert string boolean values into TrueClass and FalseClass even if they ' \
8
10
  'are deeply nested' do
9
11
 
@@ -18,13 +20,17 @@ describe BooleanConversionFilter do
18
20
  false_boolean: 'false',
19
21
  no_boolean: 'no',
20
22
  nilly: nil,
21
- non_boolean: 3 },
23
+ non_boolean: 3,
24
+ },
22
25
  f_boolean: 'f',
23
26
  non_boolean: Time.utc(2012, 8, 1),
24
- nilly: nil },
27
+ nilly: nil,
28
+ },
25
29
  false_boolean: 'false',
26
30
  nilly: nil,
27
- non_boolean: [1, 2, 3] })
31
+ non_boolean: [1, 2, 3],
32
+ },
33
+ )
28
34
 
29
35
  expect(filtered_data).to eql(true_boolean: true,
30
36
  boolean_group: {
@@ -35,14 +41,17 @@ describe BooleanConversionFilter do
35
41
  false_boolean: false,
36
42
  no_boolean: false,
37
43
  nilly: nil,
38
- non_boolean: 3 },
44
+ non_boolean: 3,
45
+ },
39
46
  f_boolean: false,
40
47
  non_boolean: Time.utc(2012, 8, 1),
41
- nilly: nil },
48
+ nilly: nil,
49
+ },
42
50
  false_boolean: false,
43
51
  nilly: nil,
44
52
  non_boolean: [1, 2, 3])
45
53
  end
54
+ # rubocop:enable Lint/DuplicatedKey
46
55
  end
47
56
  end
48
57
  end
data/spec/lib/chamber/filters/decryption_filter_spec.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  require 'rspectacular'
2
3
  require 'chamber/filters/decryption_filter'
3
4
 
@@ -15,11 +16,49 @@ describe DecryptionFilter do
15
16
  'S7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kK' \
16
17
  'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
17
18
  },
18
- decryption_key: './spec/spec_key')
19
+ decryption_key: './spec/spec_key',
20
+ )
19
21
 
20
22
  expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
21
23
  end
22
24
 
25
+ it 'will correct decrypt values which contain multiline strings' do
26
+ filtered_settings = DecryptionFilter.execute(
27
+ data: {
28
+ _secure_my_secure_setting: 'Q0ImhgdRmOdXEx04E3TnMoW/c6ckuce+y4kYGYWIJM6W/nBJBF' \
29
+ 'jnqcFru/6wo+TVEZxowxjxJNv8H6SuxYmahxMRl7AajTrJ/QD+' \
30
+ 'bKzbStL7D2oViB1dDNUz4GZxeNDSMU0oF9e67ih6AmnxAgI0Rl' \
31
+ 'EterOMyWOPHJIUrLquBRlIs0JyP8yermN9KWOAeLZdJlIGSyfw' \
32
+ 'EU+sWQtafJ3jiNAPqWTGJxHfQZTQHn+q4SnZPPnBPK0dZiZzqO' \
33
+ 'rtkzmVPR7SAT5Ube4CxJWhkpWpl5rPgamqVsG/P0AalMqLxuPU' \
34
+ 'XqSdOEWKkK6jerbElVyQ7FdRBLau2JXHpDZYGw8KTA==#EPCuI' \
35
+ 'el5w17aUZfpHOuFNQ==#VzcE0BIuqA7xUMYEZkWZa4kOPse95N' \
36
+ 'iow+e/FhKAlG/7uYYTmkRbxRiMLtzH1Swzyz0NHF/BJPa1rKRb' \
37
+ 'cVCGjK8v13O9zJY8UdCQYsrdQaTIOA95NIcxwLCbrYencDzZFx' \
38
+ 'YtOgioyXbW9OCPnjDe9ozkCw6prRclgJyvadvKWqBgaJkluIdi' \
39
+ 'kCDLX+Dy7fjkLtq5GqPFeFjHKwRGMLQB5dYk1VNAKgzhnSpUkJ' \
40
+ 'JZA2Z7P54NhQQ83Doypfwb16LfKFax9575XeUWZeURxl7Ric4M' \
41
+ 'rjJYrc3u5biTzToMQBITGEsComsTDpfB3FVtZhobNjzdkhEGzf' \
42
+ '6F2iRjjHDsQfaUebAPxDVFa31p5XGQN7YJDeAXYBLb16kAhv8N' \
43
+ '5DGwiukPjtUVXUfFQzaTnJWm/eIhQKFH8rkVawAr9wAeoSz7cw' \
44
+ 'WFyD+pq5QF9GlxPU5ZotNjrqO4rz/s8+bkt2XwBANTVCZrTb9g' \
45
+ 'nE9FyIqFmRZ9L8Ef43KE02wDcUnrKp3oOMSItWnY5rFJew0eAU' \
46
+ '+CHQ==',
47
+ },
48
+ decryption_key: './spec/spec_key',
49
+ )
50
+
51
+ expect(filtered_settings._secure_my_secure_setting).to eql <<-HEREDOC
52
+ -----BEGIN RSA PRIVATE KEY-----
53
+ uQ431irYF7XGEwmsfNUcw++6Enjmt9MItVZJrfL4cUr84L1ccOEX9AThsxz2nkiO
54
+ GgU+HtwwueZDUZ8Pdn71+1CdVaSUeEkVaYKYuHwYVb1spGfreHQHRP90EMv3U5Ir
55
+ xs0YFwKBgAJKGol+GM1oFodg48v4QA6hlF5z49v83wU+AS2f3aMVfjkTYgAEAoCT
56
+ qoSi7wkYK3NvftVgVi8Z2+1WEzp3S590UkkHmjc5o+HfS657v2fnqkekJyinB+OH
57
+ b5tySsPxt/3Un4D9EaGhjv44GMvL54vFI1Sqc8RsF/H8lRvj5ai5
58
+ -----END RSA PRIVATE KEY-----
59
+ HEREDOC
60
+ end
61
+
23
62
  it 'will not attempt to decrypt values which are not marked as "secure"' do
24
63
  filtered_settings = DecryptionFilter.execute(
25
64
  data: {
@@ -29,8 +68,10 @@ describe DecryptionFilter do
29
68
  'nf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZD' \
30
69
  'wS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXW' \
31
70
  'S7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kK' \
32
- 'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==' },
33
- decryption_key: './spec/spec_key')
71
+ 'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
72
+ },
73
+ decryption_key: './spec/spec_key',
74
+ )
34
75
 
35
76
  my_secure_setting = filtered_settings.my_secure_setting
36
77
 
@@ -54,7 +95,8 @@ describe DecryptionFilter do
54
95
  'WVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKT' \
55
96
  'cdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
56
97
  },
57
- decryption_key: './spec/spec_key')
98
+ decryption_key: './spec/spec_key',
99
+ )
58
100
 
59
101
  secure_setting = filtered_settings.secure_setting
60
102
 
@@ -78,7 +120,8 @@ describe DecryptionFilter do
78
120
  'WS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1k' \
79
121
  'KTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
80
122
  },
81
- decryption_key: './spec/spec_key')
123
+ decryption_key: './spec/spec_key',
124
+ )
82
125
 
83
126
  my_secure_setting = filtered_settings._secure_my_secure_setting
84
127
 
@@ -93,7 +136,8 @@ describe DecryptionFilter do
93
136
 
94
137
  it 'will not attempt to decrypt values if it guesses that they are not encrpyted' do
95
138
  filtered_settings = DecryptionFilter.execute(data: {
96
- _secure_my_secure_setting: 'hello' },
139
+ _secure_my_secure_setting: 'hello',
140
+ },
97
141
  decryption_key: './spec/spec_key')
98
142
 
99
143
  expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
@@ -134,7 +178,8 @@ describe DecryptionFilter do
134
178
  'bnjz7fU7x+d5/ighWTDsmOVyvEiqM0WasFzK+WBUfvo8tQxUym' \
135
179
  'exw/U3B7N/0R/9v6U3l6x7eeIoQ4+lnJK2ULFzVgiw==',
136
180
  },
137
- decryption_key: './spec/spec_key')
181
+ decryption_key: './spec/spec_key',
182
+ )
138
183
 
139
184
  expect(filtered_settings._secure_my_secure_setting).to be_a Integer
140
185
  expect(filtered_settings._secure_my_secure_setting).to eql 12_345
@@ -151,7 +196,8 @@ describe DecryptionFilter do
151
196
  '+Ry2k+yIGJXIOjNm96ntDxIuUbycfrqYdtopBDI5kcr0zckPWM' \
152
197
  'QRqkp7yd/XNZqyYCFGMNKNwokE6wZuGffkD/H/VPxQ==',
153
198
  },
154
- decryption_key: './spec/spec_key')
199
+ decryption_key: './spec/spec_key',
200
+ )
155
201
 
156
202
  expect(filtered_settings._secure_my_secure_setting).to eql '12345'
157
203
  end
@@ -167,10 +213,40 @@ describe DecryptionFilter do
167
213
  '8JIedOuy4JV4Y46QPvu4zCZhDgNa4dTCdOTA/oEd5+GLhuoSiC' \
168
214
  '87k/vbURwhqs1fmyXUJpUaDg3x4quTDZ6uBTG0Qu/A==',
169
215
  },
170
- decryption_key: './spec/spec_key')
216
+ decryption_key: './spec/spec_key',
217
+ )
171
218
 
172
219
  expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
173
220
  end
221
+
222
+ it 'can decrypt large encrypted data' do
223
+ filtered_settings = DecryptionFilter.execute(
224
+ data: {
225
+ _secure_my_secure_setting: 'AcMY7ALLoGZRakL3ibyo2WB438ipdMDIjsa4SCDBP2saOY63A' \
226
+ 'D3C/SZanexlYDQoYoYC0V5J5EvKHgGMDAU8qnp9LjzU5VCwJ3' \
227
+ 'SVRGz3J0c7LXgTlC585Lgy8LX+/yjYFm4D13hlMvvsoI35Bo8' \
228
+ 'EVkTSU2+0gRSjRpQJeK1o7az5+fBuNmFipevA4YfLnarnpwo2' \
229
+ 'd2oO+BqStI2QQI1UWwN2R04rvOdHoEzA6DLsdvYX+QTKDk4K5' \
230
+ 'oSKXfuMBvzOCaCGT75cmt85ZY7XZnwbKi6c4mtL1ajrCr8sQF' \
231
+ 'TA/GyG1EiYLFp1uQco0m2/S9yFf26REjax4ZE6O/ilXgT6xg=' \
232
+ '=#YAm25swWRQx4ip1RjVzpGQ==#vRGvgjErI+dATM4UOtFkkg' \
233
+ 'efFpFTvxGpHN0gRbf1VCO4K07eqAQPb46BDI67a8iNum9cBph' \
234
+ 'es7oGmuNnUvBg4JiZhKsXnolcRWdITDVh/XYNioXRmesvj4x+' \
235
+ 'tY0FVhkLV2zubRVfC7CDJgin6wRHP+bcZhICDD2YqB+XRS4ou' \
236
+ '66UeaiGA4eV4G6sPIo+DPjDM3m8JFnuRFMvGk73wthbN4MdAp' \
237
+ '9xONt5wfobJUiUR11k2iAqwhx7Wyj0imz/afI8goDTdMfQt3V' \
238
+ 'DOYqYG3y2AcYOfsOL6m0GtQRlKvtsvw+m8/ICwSGiL2Loup0j' \
239
+ '/jDGhFi1lwf4ded8aSwyS+2/Ks9C008dsJwpR1SxJ59z1KSzd' \
240
+ 'QcTcrJTnxd+2qpOVVIoaRGud2tSV+5wKXy9dWRflLsjEtBRFR' \
241
+ 'eFurTVQPodjDy+Lhs452/O/+KAJOXMKeYegCGOe8z9tLD3tel' \
242
+ 'jjTyJPeW/1FE3+tP3G3HJAV4sgoO0YwhNY1Nji56igCl3UvEP' \
243
+ 'nEQcJgu0w/+dqSreqwp6TqaqXY3lzr8vi733lti4nss=',
244
+ },
245
+ decryption_key: './spec/spec_key',
246
+ )
247
+
248
+ expect(filtered_settings._secure_my_secure_setting).to eql 'long' * 100
249
+ end
174
250
  end
175
251
  end
176
252
  end
data/spec/lib/chamber/filters/encryption_filter_spec.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  require 'rspectacular'
2
3
  require 'chamber/filters/encryption_filter'
3
4
 
@@ -7,8 +8,10 @@ describe EncryptionFilter do
7
8
  it 'will attempt to encrypt values which are marked as "secure"' do
8
9
  filtered_settings = EncryptionFilter.execute(
9
10
  data: {
10
- _secure_my_secure_setting: 'hello' },
11
- encryption_key: './spec/spec_key.pub')
11
+ _secure_my_secure_setting: 'hello',
12
+ },
13
+ encryption_key: './spec/spec_key.pub',
14
+ )
12
15
 
13
16
  expect(filtered_settings._secure_my_secure_setting).to match \
14
17
  EncryptionFilter::BASE64_STRING_PATTERN
@@ -17,8 +20,10 @@ describe EncryptionFilter do
17
20
  it 'will not attempt to encrypt values which are not marked as "secure"' do
18
21
  filtered_settings = EncryptionFilter.execute(
19
22
  data: {
20
- my_secure_setting: 'hello' },
21
- encryption_key: './spec/spec_key.pub')
23
+ my_secure_setting: 'hello',
24
+ },
25
+ encryption_key: './spec/spec_key.pub',
26
+ )
22
27
 
23
28
  expect(filtered_settings.my_secure_setting).to eql 'hello'
24
29
  end
@@ -26,8 +31,10 @@ describe EncryptionFilter do
26
31
  it 'will not attempt to encrypt values even if they are prefixed with "secure"' do
27
32
  filtered_settings = EncryptionFilter.execute(
28
33
  data: {
29
- secure_setting: 'hello' },
30
- encryption_key: './spec/spec_key.pub')
34
+ secure_setting: 'hello',
35
+ },
36
+ encryption_key: './spec/spec_key.pub',
37
+ )
31
38
 
32
39
  expect(filtered_settings.secure_setting).to eql 'hello'
33
40
  end
@@ -35,8 +42,10 @@ describe EncryptionFilter do
35
42
  it 'will attempt to encrypt values if they are not properly encoded' do
36
43
  filtered_settings = EncryptionFilter.execute(
37
44
  data: {
38
- _secure_my_secure_setting: 'fNI5\jwlBn' },
39
- encryption_key: './spec/spec_key.pub')
45
+ _secure_my_secure_setting: 'fNI5\jwlBn',
46
+ },
47
+ encryption_key: './spec/spec_key.pub',
48
+ )
40
49
 
41
50
  expect(filtered_settings._secure_my_secure_setting).to match \
42
51
  EncryptionFilter::BASE64_STRING_PATTERN
@@ -44,7 +53,8 @@ describe EncryptionFilter do
44
53
 
45
54
  it 'will attempt to encrypt values if they are numbers' do
46
55
  filtered_settings = EncryptionFilter.execute(data: {
47
- _secure_my_secure_setting: 12_345 },
56
+ _secure_my_secure_setting: 12_345,
57
+ },
48
58
  encryption_key: './spec/spec_key.pub')
49
59
 
50
60
  expect(filtered_settings._secure_my_secure_setting).to match \
@@ -62,7 +72,8 @@ describe EncryptionFilter do
62
72
  'UUnZuIE/y+P4A3wgD6G/u8hgvAW51JwVryg/im1rayGAwWYNg' \
63
73
  'upQ/5LDmjffwx7Q3fyMH2uF3CDIKRIC6U+mnM5SRMO4Dzysw==',
64
74
  },
65
- encryption_key: './spec/spec_key.pub')
75
+ encryption_key: './spec/spec_key.pub',
76
+ )
66
77
 
67
78
  my_secure_setting = filtered_settings._secure_my_secure_setting
68
79
 
@@ -75,6 +86,61 @@ describe EncryptionFilter do
75
86
  'AW51JwVryg/im1rayGAwWYNgupQ/5LDmjffwx7Q3fyMH2' \
76
87
  'uF3CDIKRIC6U+mnM5SRMO4Dzysw=='
77
88
  end
89
+
90
+ it 'can encrypt long multiline strings' do
91
+ filtered_settings = EncryptionFilter.execute(
92
+ data: {
93
+ _secure_multiline: <<-HEREDOC
94
+ -----BEGIN RSA PRIVATE KEY-----
95
+ uQ431irYF7XGEwmsfNUcw++6Enjmt9MItVZJrfL4cUr84L1ccOEX9AThsxz2nkiO
96
+ GgU+HtwwueZDUZ8Pdn71+1CdVaSUeEkVaYKYuHwYVb1spGfreHQHRP90EMv3U5Ir
97
+ xs0YFwKBgAJKGol+GM1oFodg48v4QA6hlF5z49v83wU+AS2f3aMVfjkTYgAEAoCT
98
+ qoSi7wkYK3NvftVgVi8Z2+1WEzp3S590UkkHmjc5o+HfS657v2fnqkekJyinB+OH
99
+ b5tySsPxt/3Un4D9EaGhjv44GMvL54vFI1Sqc8RsF/H8lRvj5ai5
100
+ -----END RSA PRIVATE KEY-----
101
+ HEREDOC
102
+ },
103
+ encryption_key: './spec/spec_key.pub',
104
+ )
105
+
106
+ my_secure_setting = filtered_settings._secure_multiline
107
+
108
+ expect(my_secure_setting).to match(EncryptionFilter::LARGE_DATA_STRING_PATTERN)
109
+ end
110
+
111
+ it 'will encrypt strings of 127 chars effective length' do
112
+ filtered_settings = EncryptionFilter.execute(
113
+ data: {
114
+ _secure_my_secure_setting: 'A' * 119,
115
+ },
116
+ encryption_key: './spec/spec_key.pub',
117
+ )
118
+
119
+ expect(filtered_settings._secure_my_secure_setting).to match \
120
+ EncryptionFilter::BASE64_STRING_PATTERN
121
+
122
+ filtered_settings = EncryptionFilter.execute(
123
+ data: {
124
+ _secure_my_secure_setting: 'A' * 120,
125
+ },
126
+ encryption_key: './spec/spec_key.pub',
127
+ )
128
+
129
+ expect(filtered_settings._secure_my_secure_setting).to match \
130
+ EncryptionFilter::LARGE_DATA_STRING_PATTERN
131
+ end
132
+
133
+ it 'will encrypt and decrypt strings larger than 128 chars' do
134
+ filtered_settings = EncryptionFilter.execute(
135
+ data: {
136
+ _secure_my_secure_setting: 'long' * 100,
137
+ },
138
+ encryption_key: './spec/spec_key.pub',
139
+ )
140
+
141
+ expect(filtered_settings._secure_my_secure_setting).to match \
142
+ EncryptionFilter::LARGE_DATA_STRING_PATTERN
143
+ end
78
144
  end
79
145
  end
80
146
  end
data/spec/lib/chamber/filters/environment_filter_spec.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  require 'rspectacular'
2
3
  require 'chamber/filters/environment_filter'
3
4
 
@@ -12,7 +13,10 @@ describe EnvironmentFilter do
12
13
  filtered_data = EnvironmentFilter.execute(data: {
13
14
  test_setting_group: {
14
15
  test_setting_level: {
15
- test_setting: 'value 1' } } })
16
+ test_setting: 'value 1',
17
+ },
18
+ },
19
+ })
16
20
 
17
21
  test_setting = filtered_data.test_setting_group.test_setting_level.test_setting
18
22
 
@@ -28,7 +32,10 @@ describe EnvironmentFilter do
28
32
  test_setting_group: {
29
33
  test_setting_level: {
30
34
  test_setting: 'value 1',
31
- another_setting: 'value 3' } } })
35
+ another_setting: 'value 3',
36
+ },
37
+ },
38
+ })
32
39
 
33
40
  another_setting = filtered_data.test_setting_group.test_setting_level.another_setting
34
41