chamber 2.8.0 → 2.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +1 -0
- data/LICENSE.txt +19 -0
- data/Rakefile +1 -0
- data/bin/chamber +1 -0
- data/lib/chamber.rb +1 -0
- data/lib/chamber/binary/heroku.rb +1 -0
- data/lib/chamber/binary/runner.rb +1 -0
- data/lib/chamber/binary/travis.rb +1 -0
- data/lib/chamber/commands/base.rb +1 -0
- data/lib/chamber/commands/comparable.rb +1 -0
- data/lib/chamber/commands/compare.rb +1 -0
- data/lib/chamber/commands/files.rb +1 -0
- data/lib/chamber/commands/heroku.rb +1 -0
- data/lib/chamber/commands/heroku/clear.rb +1 -0
- data/lib/chamber/commands/heroku/compare.rb +1 -0
- data/lib/chamber/commands/heroku/pull.rb +1 -0
- data/lib/chamber/commands/heroku/push.rb +1 -0
- data/lib/chamber/commands/initialize.rb +5 -3
- data/lib/chamber/commands/securable.rb +1 -0
- data/lib/chamber/commands/secure.rb +1 -0
- data/lib/chamber/commands/show.rb +1 -0
- data/lib/chamber/commands/travis.rb +1 -0
- data/lib/chamber/commands/travis/secure.rb +1 -0
- data/lib/chamber/configuration.rb +1 -0
- data/lib/chamber/context_resolver.rb +10 -7
- data/lib/chamber/decryption_key.rb +1 -0
- data/lib/chamber/encryption_methods/none.rb +17 -0
- data/lib/chamber/encryption_methods/public_key.rb +27 -0
- data/lib/chamber/encryption_methods/ssl.rb +60 -0
- data/lib/chamber/environmentable.rb +1 -0
- data/lib/chamber/errors/decryption_failure.rb +1 -0
- data/lib/chamber/file.rb +9 -1
- data/lib/chamber/file_set.rb +4 -3
- data/lib/chamber/filters/boolean_conversion_filter.rb +2 -1
- data/lib/chamber/filters/decryption_filter.rb +20 -29
- data/lib/chamber/filters/encryption_filter.rb +29 -14
- data/lib/chamber/filters/environment_filter.rb +2 -1
- data/lib/chamber/filters/failed_decryption_filter.rb +3 -2
- data/lib/chamber/filters/insecure_filter.rb +1 -0
- data/lib/chamber/filters/namespace_filter.rb +2 -1
- data/lib/chamber/filters/secure_filter.rb +2 -1
- data/lib/chamber/filters/translate_secure_keys_filter.rb +2 -1
- data/lib/chamber/instance.rb +1 -0
- data/lib/chamber/namespace_set.rb +4 -3
- data/lib/chamber/rails.rb +1 -0
- data/lib/chamber/rails/railtie.rb +3 -1
- data/lib/chamber/rubinius_fix.rb +1 -0
- data/lib/chamber/settings.rb +23 -18
- data/lib/chamber/version.rb +2 -1
- data/spec/lib/chamber/commands/files_spec.rb +5 -2
- data/spec/lib/chamber/commands/heroku/clear_spec.rb +1 -0
- data/spec/lib/chamber/commands/heroku/compare_spec.rb +1 -0
- data/spec/lib/chamber/commands/heroku/pull_spec.rb +1 -0
- data/spec/lib/chamber/commands/heroku/push_spec.rb +1 -0
- data/spec/lib/chamber/commands/secure_spec.rb +5 -2
- data/spec/lib/chamber/commands/show_spec.rb +1 -0
- data/spec/lib/chamber/context_resolver_spec.rb +8 -5
- data/spec/lib/chamber/file_set_spec.rb +55 -52
- data/spec/lib/chamber/file_spec.rb +43 -9
- data/spec/lib/chamber/filters/boolean_conversion_filter_spec.rb +14 -5
- data/spec/lib/chamber/filters/decryption_filter_spec.rb +85 -9
- data/spec/lib/chamber/filters/encryption_filter_spec.rb +76 -10
- data/spec/lib/chamber/filters/environment_filter_spec.rb +9 -2
- data/spec/lib/chamber/filters/failed_decryption_filter_spec.rb +7 -6
- data/spec/lib/chamber/filters/insecure_filter_spec.rb +12 -4
- data/spec/lib/chamber/filters/namespace_filter_spec.rb +33 -14
- data/spec/lib/chamber/filters/secure_filter_spec.rb +8 -3
- data/spec/lib/chamber/filters/translate_secure_keys_filter_spec.rb +10 -3
- data/spec/lib/chamber/namespace_set_spec.rb +6 -3
- data/spec/lib/chamber/settings_spec.rb +36 -25
- data/spec/lib/chamber_spec.rb +25 -10
- data/spec/rails-2-test/config/application.rb +1 -0
- data/spec/rails-3-test/config/application.rb +1 -0
- data/spec/rails-4-test/config/application.rb +1 -0
- metadata +35 -9
- metadata.gz.sig +0 -0
- data/LICENSE +0 -22
@@ -1,3 +1,4 @@
|
|
1
|
+
# frozen_string_literal: true
|
1
2
|
require 'rspectacular'
|
2
3
|
require 'chamber/file'
|
3
4
|
require 'chamber/settings'
|
@@ -59,16 +60,18 @@ describe File do
|
|
59
60
|
tempfile = create_tempfile_with_content '{ test: settings }'
|
60
61
|
settings_file = File.new path: tempfile.path,
|
61
62
|
namespaces: {
|
62
|
-
environment: :development
|
63
|
+
environment: :development,
|
64
|
+
}
|
63
65
|
|
64
|
-
allow(Settings).to
|
66
|
+
allow(Settings).to receive(:new)
|
65
67
|
|
66
68
|
settings_file.to_settings
|
67
69
|
|
68
70
|
expect(Settings).to have_received(:new).
|
69
71
|
with(settings: { 'test' => 'settings' },
|
70
72
|
namespaces: {
|
71
|
-
environment: :development
|
73
|
+
environment: :development,
|
74
|
+
},
|
72
75
|
decryption_key: nil,
|
73
76
|
encryption_key: nil)
|
74
77
|
end
|
@@ -77,7 +80,7 @@ describe File do
|
|
77
80
|
tempfile = create_tempfile_with_content '{ test: <%= 1 + 1 %> }'
|
78
81
|
settings_file = File.new path: tempfile.path
|
79
82
|
|
80
|
-
allow(Settings).to
|
83
|
+
allow(Settings).to receive(:new)
|
81
84
|
|
82
85
|
settings_file.to_settings
|
83
86
|
expect(Settings).to have_received(:new).
|
@@ -112,9 +115,9 @@ HEREDOC
|
|
112
115
|
|
113
116
|
settings_file.secure
|
114
117
|
|
115
|
-
settings_file = File.new
|
118
|
+
settings_file = File.new path: tempfile.path
|
116
119
|
|
117
|
-
expect(settings_file.to_settings.
|
120
|
+
expect(settings_file.to_settings.__send__(:raw_data)['_secure_setting']).to match Filters::EncryptionFilter::BASE64_STRING_PATTERN
|
118
121
|
end
|
119
122
|
|
120
123
|
it 'does not encrypt the settings contained in a file which are already secure' do
|
@@ -128,8 +131,8 @@ HEREDOC
|
|
128
131
|
|
129
132
|
settings_file.secure
|
130
133
|
|
131
|
-
settings_file = File.new
|
132
|
-
raw_data = settings_file.to_settings.
|
134
|
+
settings_file = File.new path: tempfile.path
|
135
|
+
raw_data = settings_file.to_settings.__send__(:raw_data)
|
133
136
|
secure_setting = raw_data['_secure_setting']
|
134
137
|
other_secure_setting = raw_data['_secure_other_setting']
|
135
138
|
|
@@ -145,7 +148,7 @@ HEREDOC
|
|
145
148
|
end
|
146
149
|
|
147
150
|
it 'does not rewrite the entire file but only the encrypted settings' do
|
148
|
-
tempfile
|
151
|
+
tempfile = create_tempfile_with_content <<-HEREDOC
|
149
152
|
default:
|
150
153
|
stuff: &default
|
151
154
|
_secure_setting: hello
|
@@ -181,6 +184,37 @@ other:
|
|
181
184
|
HEREDOC
|
182
185
|
end
|
183
186
|
|
187
|
+
it 'can handle encrypting multiline strings' do
|
188
|
+
tempfile = create_tempfile_with_content <<-HEREDOC
|
189
|
+
other:
|
190
|
+
stuff:
|
191
|
+
_secure_setting: |
|
192
|
+
-----BEGIN RSA PRIVATE KEY-----
|
193
|
+
uQ431irYF7XGEwmsfNUcw++6Enjmt9MItVZJrfL4cUr84L1ccOEX9AThsxz2nkiO
|
194
|
+
GgU+HtwwueZDUZ8Pdn71+1CdVaSUeEkVaYKYuHwYVb1spGfreHQHRP90EMv3U5Ir
|
195
|
+
xs0YFwKBgAJKGol+GM1oFodg48v4QA6hlF5z49v83wU+AS2f3aMVfjkTYgAEAoCT
|
196
|
+
qoSi7wkYK3NvftVgVi8Z2+1WEzp3S590UkkHmjc5o+HfS657v2fnqkekJyinB+OH
|
197
|
+
b5tySsPxt/3Un4D9EaGhjv44GMvL54vFI1Sqc8RsF/H8lRvj5ai5
|
198
|
+
-----END RSA PRIVATE KEY-----
|
199
|
+
something_else: 'right here'
|
200
|
+
HEREDOC
|
201
|
+
|
202
|
+
settings_file = File.new path: tempfile.path,
|
203
|
+
encryption_key: './spec/spec_key.pub'
|
204
|
+
|
205
|
+
settings_file.secure
|
206
|
+
|
207
|
+
file_contents = ::File.read(tempfile.path)
|
208
|
+
secure_setting_encoded = file_contents[/ _secure_setting: (.*)$/, 1]
|
209
|
+
|
210
|
+
expect(::File.read(tempfile.path)).to eql <<-HEREDOC
|
211
|
+
other:
|
212
|
+
stuff:
|
213
|
+
_secure_setting: #{secure_setting_encoded}
|
214
|
+
something_else: 'right here'
|
215
|
+
HEREDOC
|
216
|
+
end
|
217
|
+
|
184
218
|
it 'when rewriting the file, can handle names and values with regex special ' \
|
185
219
|
'characters' do
|
186
220
|
|
@@ -1,9 +1,11 @@
|
|
1
|
+
# frozen_string_literal: true
|
1
2
|
require 'rspectacular'
|
2
3
|
require 'chamber/filters/boolean_conversion_filter'
|
3
4
|
|
4
5
|
module Chamber
|
5
6
|
module Filters
|
6
7
|
describe BooleanConversionFilter do
|
8
|
+
# rubocop:disable Lint/DuplicatedKey
|
7
9
|
it 'can convert string boolean values into TrueClass and FalseClass even if they ' \
|
8
10
|
'are deeply nested' do
|
9
11
|
|
@@ -18,13 +20,17 @@ describe BooleanConversionFilter do
|
|
18
20
|
false_boolean: 'false',
|
19
21
|
no_boolean: 'no',
|
20
22
|
nilly: nil,
|
21
|
-
non_boolean: 3
|
23
|
+
non_boolean: 3,
|
24
|
+
},
|
22
25
|
f_boolean: 'f',
|
23
26
|
non_boolean: Time.utc(2012, 8, 1),
|
24
|
-
nilly: nil
|
27
|
+
nilly: nil,
|
28
|
+
},
|
25
29
|
false_boolean: 'false',
|
26
30
|
nilly: nil,
|
27
|
-
non_boolean: [1, 2, 3]
|
31
|
+
non_boolean: [1, 2, 3],
|
32
|
+
},
|
33
|
+
)
|
28
34
|
|
29
35
|
expect(filtered_data).to eql(true_boolean: true,
|
30
36
|
boolean_group: {
|
@@ -35,14 +41,17 @@ describe BooleanConversionFilter do
|
|
35
41
|
false_boolean: false,
|
36
42
|
no_boolean: false,
|
37
43
|
nilly: nil,
|
38
|
-
non_boolean: 3
|
44
|
+
non_boolean: 3,
|
45
|
+
},
|
39
46
|
f_boolean: false,
|
40
47
|
non_boolean: Time.utc(2012, 8, 1),
|
41
|
-
nilly: nil
|
48
|
+
nilly: nil,
|
49
|
+
},
|
42
50
|
false_boolean: false,
|
43
51
|
nilly: nil,
|
44
52
|
non_boolean: [1, 2, 3])
|
45
53
|
end
|
54
|
+
# rubocop:enable Lint/DuplicatedKey
|
46
55
|
end
|
47
56
|
end
|
48
57
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# frozen_string_literal: true
|
1
2
|
require 'rspectacular'
|
2
3
|
require 'chamber/filters/decryption_filter'
|
3
4
|
|
@@ -15,11 +16,49 @@ describe DecryptionFilter do
|
|
15
16
|
'S7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kK' \
|
16
17
|
'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
|
17
18
|
},
|
18
|
-
decryption_key: './spec/spec_key'
|
19
|
+
decryption_key: './spec/spec_key',
|
20
|
+
)
|
19
21
|
|
20
22
|
expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
|
21
23
|
end
|
22
24
|
|
25
|
+
it 'will correct decrypt values which contain multiline strings' do
|
26
|
+
filtered_settings = DecryptionFilter.execute(
|
27
|
+
data: {
|
28
|
+
_secure_my_secure_setting: 'Q0ImhgdRmOdXEx04E3TnMoW/c6ckuce+y4kYGYWIJM6W/nBJBF' \
|
29
|
+
'jnqcFru/6wo+TVEZxowxjxJNv8H6SuxYmahxMRl7AajTrJ/QD+' \
|
30
|
+
'bKzbStL7D2oViB1dDNUz4GZxeNDSMU0oF9e67ih6AmnxAgI0Rl' \
|
31
|
+
'EterOMyWOPHJIUrLquBRlIs0JyP8yermN9KWOAeLZdJlIGSyfw' \
|
32
|
+
'EU+sWQtafJ3jiNAPqWTGJxHfQZTQHn+q4SnZPPnBPK0dZiZzqO' \
|
33
|
+
'rtkzmVPR7SAT5Ube4CxJWhkpWpl5rPgamqVsG/P0AalMqLxuPU' \
|
34
|
+
'XqSdOEWKkK6jerbElVyQ7FdRBLau2JXHpDZYGw8KTA==#EPCuI' \
|
35
|
+
'el5w17aUZfpHOuFNQ==#VzcE0BIuqA7xUMYEZkWZa4kOPse95N' \
|
36
|
+
'iow+e/FhKAlG/7uYYTmkRbxRiMLtzH1Swzyz0NHF/BJPa1rKRb' \
|
37
|
+
'cVCGjK8v13O9zJY8UdCQYsrdQaTIOA95NIcxwLCbrYencDzZFx' \
|
38
|
+
'YtOgioyXbW9OCPnjDe9ozkCw6prRclgJyvadvKWqBgaJkluIdi' \
|
39
|
+
'kCDLX+Dy7fjkLtq5GqPFeFjHKwRGMLQB5dYk1VNAKgzhnSpUkJ' \
|
40
|
+
'JZA2Z7P54NhQQ83Doypfwb16LfKFax9575XeUWZeURxl7Ric4M' \
|
41
|
+
'rjJYrc3u5biTzToMQBITGEsComsTDpfB3FVtZhobNjzdkhEGzf' \
|
42
|
+
'6F2iRjjHDsQfaUebAPxDVFa31p5XGQN7YJDeAXYBLb16kAhv8N' \
|
43
|
+
'5DGwiukPjtUVXUfFQzaTnJWm/eIhQKFH8rkVawAr9wAeoSz7cw' \
|
44
|
+
'WFyD+pq5QF9GlxPU5ZotNjrqO4rz/s8+bkt2XwBANTVCZrTb9g' \
|
45
|
+
'nE9FyIqFmRZ9L8Ef43KE02wDcUnrKp3oOMSItWnY5rFJew0eAU' \
|
46
|
+
'+CHQ==',
|
47
|
+
},
|
48
|
+
decryption_key: './spec/spec_key',
|
49
|
+
)
|
50
|
+
|
51
|
+
expect(filtered_settings._secure_my_secure_setting).to eql <<-HEREDOC
|
52
|
+
-----BEGIN RSA PRIVATE KEY-----
|
53
|
+
uQ431irYF7XGEwmsfNUcw++6Enjmt9MItVZJrfL4cUr84L1ccOEX9AThsxz2nkiO
|
54
|
+
GgU+HtwwueZDUZ8Pdn71+1CdVaSUeEkVaYKYuHwYVb1spGfreHQHRP90EMv3U5Ir
|
55
|
+
xs0YFwKBgAJKGol+GM1oFodg48v4QA6hlF5z49v83wU+AS2f3aMVfjkTYgAEAoCT
|
56
|
+
qoSi7wkYK3NvftVgVi8Z2+1WEzp3S590UkkHmjc5o+HfS657v2fnqkekJyinB+OH
|
57
|
+
b5tySsPxt/3Un4D9EaGhjv44GMvL54vFI1Sqc8RsF/H8lRvj5ai5
|
58
|
+
-----END RSA PRIVATE KEY-----
|
59
|
+
HEREDOC
|
60
|
+
end
|
61
|
+
|
23
62
|
it 'will not attempt to decrypt values which are not marked as "secure"' do
|
24
63
|
filtered_settings = DecryptionFilter.execute(
|
25
64
|
data: {
|
@@ -29,8 +68,10 @@ describe DecryptionFilter do
|
|
29
68
|
'nf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZD' \
|
30
69
|
'wS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXW' \
|
31
70
|
'S7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kK' \
|
32
|
-
'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
|
33
|
-
|
71
|
+
'TcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
|
72
|
+
},
|
73
|
+
decryption_key: './spec/spec_key',
|
74
|
+
)
|
34
75
|
|
35
76
|
my_secure_setting = filtered_settings.my_secure_setting
|
36
77
|
|
@@ -54,7 +95,8 @@ describe DecryptionFilter do
|
|
54
95
|
'WVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKT' \
|
55
96
|
'cdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
|
56
97
|
},
|
57
|
-
decryption_key: './spec/spec_key'
|
98
|
+
decryption_key: './spec/spec_key',
|
99
|
+
)
|
58
100
|
|
59
101
|
secure_setting = filtered_settings.secure_setting
|
60
102
|
|
@@ -78,7 +120,8 @@ describe DecryptionFilter do
|
|
78
120
|
'WS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1k' \
|
79
121
|
'KTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
|
80
122
|
},
|
81
|
-
decryption_key: './spec/spec_key'
|
123
|
+
decryption_key: './spec/spec_key',
|
124
|
+
)
|
82
125
|
|
83
126
|
my_secure_setting = filtered_settings._secure_my_secure_setting
|
84
127
|
|
@@ -93,7 +136,8 @@ describe DecryptionFilter do
|
|
93
136
|
|
94
137
|
it 'will not attempt to decrypt values if it guesses that they are not encrpyted' do
|
95
138
|
filtered_settings = DecryptionFilter.execute(data: {
|
96
|
-
_secure_my_secure_setting: 'hello'
|
139
|
+
_secure_my_secure_setting: 'hello',
|
140
|
+
},
|
97
141
|
decryption_key: './spec/spec_key')
|
98
142
|
|
99
143
|
expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
|
@@ -134,7 +178,8 @@ describe DecryptionFilter do
|
|
134
178
|
'bnjz7fU7x+d5/ighWTDsmOVyvEiqM0WasFzK+WBUfvo8tQxUym' \
|
135
179
|
'exw/U3B7N/0R/9v6U3l6x7eeIoQ4+lnJK2ULFzVgiw==',
|
136
180
|
},
|
137
|
-
decryption_key: './spec/spec_key'
|
181
|
+
decryption_key: './spec/spec_key',
|
182
|
+
)
|
138
183
|
|
139
184
|
expect(filtered_settings._secure_my_secure_setting).to be_a Integer
|
140
185
|
expect(filtered_settings._secure_my_secure_setting).to eql 12_345
|
@@ -151,7 +196,8 @@ describe DecryptionFilter do
|
|
151
196
|
'+Ry2k+yIGJXIOjNm96ntDxIuUbycfrqYdtopBDI5kcr0zckPWM' \
|
152
197
|
'QRqkp7yd/XNZqyYCFGMNKNwokE6wZuGffkD/H/VPxQ==',
|
153
198
|
},
|
154
|
-
decryption_key: './spec/spec_key'
|
199
|
+
decryption_key: './spec/spec_key',
|
200
|
+
)
|
155
201
|
|
156
202
|
expect(filtered_settings._secure_my_secure_setting).to eql '12345'
|
157
203
|
end
|
@@ -167,10 +213,40 @@ describe DecryptionFilter do
|
|
167
213
|
'8JIedOuy4JV4Y46QPvu4zCZhDgNa4dTCdOTA/oEd5+GLhuoSiC' \
|
168
214
|
'87k/vbURwhqs1fmyXUJpUaDg3x4quTDZ6uBTG0Qu/A==',
|
169
215
|
},
|
170
|
-
decryption_key: './spec/spec_key'
|
216
|
+
decryption_key: './spec/spec_key',
|
217
|
+
)
|
171
218
|
|
172
219
|
expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
|
173
220
|
end
|
221
|
+
|
222
|
+
it 'can decrypt large encrypted data' do
|
223
|
+
filtered_settings = DecryptionFilter.execute(
|
224
|
+
data: {
|
225
|
+
_secure_my_secure_setting: 'AcMY7ALLoGZRakL3ibyo2WB438ipdMDIjsa4SCDBP2saOY63A' \
|
226
|
+
'D3C/SZanexlYDQoYoYC0V5J5EvKHgGMDAU8qnp9LjzU5VCwJ3' \
|
227
|
+
'SVRGz3J0c7LXgTlC585Lgy8LX+/yjYFm4D13hlMvvsoI35Bo8' \
|
228
|
+
'EVkTSU2+0gRSjRpQJeK1o7az5+fBuNmFipevA4YfLnarnpwo2' \
|
229
|
+
'd2oO+BqStI2QQI1UWwN2R04rvOdHoEzA6DLsdvYX+QTKDk4K5' \
|
230
|
+
'oSKXfuMBvzOCaCGT75cmt85ZY7XZnwbKi6c4mtL1ajrCr8sQF' \
|
231
|
+
'TA/GyG1EiYLFp1uQco0m2/S9yFf26REjax4ZE6O/ilXgT6xg=' \
|
232
|
+
'=#YAm25swWRQx4ip1RjVzpGQ==#vRGvgjErI+dATM4UOtFkkg' \
|
233
|
+
'efFpFTvxGpHN0gRbf1VCO4K07eqAQPb46BDI67a8iNum9cBph' \
|
234
|
+
'es7oGmuNnUvBg4JiZhKsXnolcRWdITDVh/XYNioXRmesvj4x+' \
|
235
|
+
'tY0FVhkLV2zubRVfC7CDJgin6wRHP+bcZhICDD2YqB+XRS4ou' \
|
236
|
+
'66UeaiGA4eV4G6sPIo+DPjDM3m8JFnuRFMvGk73wthbN4MdAp' \
|
237
|
+
'9xONt5wfobJUiUR11k2iAqwhx7Wyj0imz/afI8goDTdMfQt3V' \
|
238
|
+
'DOYqYG3y2AcYOfsOL6m0GtQRlKvtsvw+m8/ICwSGiL2Loup0j' \
|
239
|
+
'/jDGhFi1lwf4ded8aSwyS+2/Ks9C008dsJwpR1SxJ59z1KSzd' \
|
240
|
+
'QcTcrJTnxd+2qpOVVIoaRGud2tSV+5wKXy9dWRflLsjEtBRFR' \
|
241
|
+
'eFurTVQPodjDy+Lhs452/O/+KAJOXMKeYegCGOe8z9tLD3tel' \
|
242
|
+
'jjTyJPeW/1FE3+tP3G3HJAV4sgoO0YwhNY1Nji56igCl3UvEP' \
|
243
|
+
'nEQcJgu0w/+dqSreqwp6TqaqXY3lzr8vi733lti4nss=',
|
244
|
+
},
|
245
|
+
decryption_key: './spec/spec_key',
|
246
|
+
)
|
247
|
+
|
248
|
+
expect(filtered_settings._secure_my_secure_setting).to eql 'long' * 100
|
249
|
+
end
|
174
250
|
end
|
175
251
|
end
|
176
252
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# frozen_string_literal: true
|
1
2
|
require 'rspectacular'
|
2
3
|
require 'chamber/filters/encryption_filter'
|
3
4
|
|
@@ -7,8 +8,10 @@ describe EncryptionFilter do
|
|
7
8
|
it 'will attempt to encrypt values which are marked as "secure"' do
|
8
9
|
filtered_settings = EncryptionFilter.execute(
|
9
10
|
data: {
|
10
|
-
_secure_my_secure_setting: 'hello'
|
11
|
-
|
11
|
+
_secure_my_secure_setting: 'hello',
|
12
|
+
},
|
13
|
+
encryption_key: './spec/spec_key.pub',
|
14
|
+
)
|
12
15
|
|
13
16
|
expect(filtered_settings._secure_my_secure_setting).to match \
|
14
17
|
EncryptionFilter::BASE64_STRING_PATTERN
|
@@ -17,8 +20,10 @@ describe EncryptionFilter do
|
|
17
20
|
it 'will not attempt to encrypt values which are not marked as "secure"' do
|
18
21
|
filtered_settings = EncryptionFilter.execute(
|
19
22
|
data: {
|
20
|
-
my_secure_setting: 'hello'
|
21
|
-
|
23
|
+
my_secure_setting: 'hello',
|
24
|
+
},
|
25
|
+
encryption_key: './spec/spec_key.pub',
|
26
|
+
)
|
22
27
|
|
23
28
|
expect(filtered_settings.my_secure_setting).to eql 'hello'
|
24
29
|
end
|
@@ -26,8 +31,10 @@ describe EncryptionFilter do
|
|
26
31
|
it 'will not attempt to encrypt values even if they are prefixed with "secure"' do
|
27
32
|
filtered_settings = EncryptionFilter.execute(
|
28
33
|
data: {
|
29
|
-
secure_setting: 'hello'
|
30
|
-
|
34
|
+
secure_setting: 'hello',
|
35
|
+
},
|
36
|
+
encryption_key: './spec/spec_key.pub',
|
37
|
+
)
|
31
38
|
|
32
39
|
expect(filtered_settings.secure_setting).to eql 'hello'
|
33
40
|
end
|
@@ -35,8 +42,10 @@ describe EncryptionFilter do
|
|
35
42
|
it 'will attempt to encrypt values if they are not properly encoded' do
|
36
43
|
filtered_settings = EncryptionFilter.execute(
|
37
44
|
data: {
|
38
|
-
_secure_my_secure_setting: 'fNI5\jwlBn'
|
39
|
-
|
45
|
+
_secure_my_secure_setting: 'fNI5\jwlBn',
|
46
|
+
},
|
47
|
+
encryption_key: './spec/spec_key.pub',
|
48
|
+
)
|
40
49
|
|
41
50
|
expect(filtered_settings._secure_my_secure_setting).to match \
|
42
51
|
EncryptionFilter::BASE64_STRING_PATTERN
|
@@ -44,7 +53,8 @@ describe EncryptionFilter do
|
|
44
53
|
|
45
54
|
it 'will attempt to encrypt values if they are numbers' do
|
46
55
|
filtered_settings = EncryptionFilter.execute(data: {
|
47
|
-
_secure_my_secure_setting: 12_345
|
56
|
+
_secure_my_secure_setting: 12_345,
|
57
|
+
},
|
48
58
|
encryption_key: './spec/spec_key.pub')
|
49
59
|
|
50
60
|
expect(filtered_settings._secure_my_secure_setting).to match \
|
@@ -62,7 +72,8 @@ describe EncryptionFilter do
|
|
62
72
|
'UUnZuIE/y+P4A3wgD6G/u8hgvAW51JwVryg/im1rayGAwWYNg' \
|
63
73
|
'upQ/5LDmjffwx7Q3fyMH2uF3CDIKRIC6U+mnM5SRMO4Dzysw==',
|
64
74
|
},
|
65
|
-
encryption_key: './spec/spec_key.pub'
|
75
|
+
encryption_key: './spec/spec_key.pub',
|
76
|
+
)
|
66
77
|
|
67
78
|
my_secure_setting = filtered_settings._secure_my_secure_setting
|
68
79
|
|
@@ -75,6 +86,61 @@ describe EncryptionFilter do
|
|
75
86
|
'AW51JwVryg/im1rayGAwWYNgupQ/5LDmjffwx7Q3fyMH2' \
|
76
87
|
'uF3CDIKRIC6U+mnM5SRMO4Dzysw=='
|
77
88
|
end
|
89
|
+
|
90
|
+
it 'can encrypt long multiline strings' do
|
91
|
+
filtered_settings = EncryptionFilter.execute(
|
92
|
+
data: {
|
93
|
+
_secure_multiline: <<-HEREDOC
|
94
|
+
-----BEGIN RSA PRIVATE KEY-----
|
95
|
+
uQ431irYF7XGEwmsfNUcw++6Enjmt9MItVZJrfL4cUr84L1ccOEX9AThsxz2nkiO
|
96
|
+
GgU+HtwwueZDUZ8Pdn71+1CdVaSUeEkVaYKYuHwYVb1spGfreHQHRP90EMv3U5Ir
|
97
|
+
xs0YFwKBgAJKGol+GM1oFodg48v4QA6hlF5z49v83wU+AS2f3aMVfjkTYgAEAoCT
|
98
|
+
qoSi7wkYK3NvftVgVi8Z2+1WEzp3S590UkkHmjc5o+HfS657v2fnqkekJyinB+OH
|
99
|
+
b5tySsPxt/3Un4D9EaGhjv44GMvL54vFI1Sqc8RsF/H8lRvj5ai5
|
100
|
+
-----END RSA PRIVATE KEY-----
|
101
|
+
HEREDOC
|
102
|
+
},
|
103
|
+
encryption_key: './spec/spec_key.pub',
|
104
|
+
)
|
105
|
+
|
106
|
+
my_secure_setting = filtered_settings._secure_multiline
|
107
|
+
|
108
|
+
expect(my_secure_setting).to match(EncryptionFilter::LARGE_DATA_STRING_PATTERN)
|
109
|
+
end
|
110
|
+
|
111
|
+
it 'will encrypt strings of 127 chars effective length' do
|
112
|
+
filtered_settings = EncryptionFilter.execute(
|
113
|
+
data: {
|
114
|
+
_secure_my_secure_setting: 'A' * 119,
|
115
|
+
},
|
116
|
+
encryption_key: './spec/spec_key.pub',
|
117
|
+
)
|
118
|
+
|
119
|
+
expect(filtered_settings._secure_my_secure_setting).to match \
|
120
|
+
EncryptionFilter::BASE64_STRING_PATTERN
|
121
|
+
|
122
|
+
filtered_settings = EncryptionFilter.execute(
|
123
|
+
data: {
|
124
|
+
_secure_my_secure_setting: 'A' * 120,
|
125
|
+
},
|
126
|
+
encryption_key: './spec/spec_key.pub',
|
127
|
+
)
|
128
|
+
|
129
|
+
expect(filtered_settings._secure_my_secure_setting).to match \
|
130
|
+
EncryptionFilter::LARGE_DATA_STRING_PATTERN
|
131
|
+
end
|
132
|
+
|
133
|
+
it 'will encrypt and decrypt strings larger than 128 chars' do
|
134
|
+
filtered_settings = EncryptionFilter.execute(
|
135
|
+
data: {
|
136
|
+
_secure_my_secure_setting: 'long' * 100,
|
137
|
+
},
|
138
|
+
encryption_key: './spec/spec_key.pub',
|
139
|
+
)
|
140
|
+
|
141
|
+
expect(filtered_settings._secure_my_secure_setting).to match \
|
142
|
+
EncryptionFilter::LARGE_DATA_STRING_PATTERN
|
143
|
+
end
|
78
144
|
end
|
79
145
|
end
|
80
146
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# frozen_string_literal: true
|
1
2
|
require 'rspectacular'
|
2
3
|
require 'chamber/filters/environment_filter'
|
3
4
|
|
@@ -12,7 +13,10 @@ describe EnvironmentFilter do
|
|
12
13
|
filtered_data = EnvironmentFilter.execute(data: {
|
13
14
|
test_setting_group: {
|
14
15
|
test_setting_level: {
|
15
|
-
test_setting: 'value 1'
|
16
|
+
test_setting: 'value 1',
|
17
|
+
},
|
18
|
+
},
|
19
|
+
})
|
16
20
|
|
17
21
|
test_setting = filtered_data.test_setting_group.test_setting_level.test_setting
|
18
22
|
|
@@ -28,7 +32,10 @@ describe EnvironmentFilter do
|
|
28
32
|
test_setting_group: {
|
29
33
|
test_setting_level: {
|
30
34
|
test_setting: 'value 1',
|
31
|
-
another_setting: 'value 3'
|
35
|
+
another_setting: 'value 3',
|
36
|
+
},
|
37
|
+
},
|
38
|
+
})
|
32
39
|
|
33
40
|
another_setting = filtered_data.test_setting_group.test_setting_level.another_setting
|
34
41
|
|