chamber 3.0.1 → 3.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/lib/chamber/binary/runner.rb +16 -0
- data/lib/chamber/commands/show.rb +1 -0
- data/lib/chamber/commands/unsecure.rb +38 -0
- data/lib/chamber/context_resolver.rb +2 -2
- data/lib/chamber/file.rb +38 -1
- data/lib/chamber/file_set.rb +4 -0
- data/lib/chamber/instance.rb +4 -0
- data/lib/chamber/key_pair.rb +1 -1
- data/lib/chamber/settings.rb +17 -2
- data/lib/chamber/version.rb +1 -1
- data.tar.gz.sig +0 -0
- metadata +3 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d3c926bcc85c9ee059234c9c2098bf1ae3856fe8fbd104b5fb735c9e9563b544
|
|
4
|
+
data.tar.gz: 1a95f2a3b154ac32cddb9b57634897c83e963401feb1a53445b63f92ef70ee33
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0e606a46915ca345ce0d5983fcd03a2a1befbfc01bd0bfae11db4533c2fd860caf05fe51bb1a1b5a2c5f3c636f88822b21c30cc89b7e321164ba578651412b5e
|
|
7
|
+
data.tar.gz: 86d7d2379a89dc954d8c253a22ddaa1eedca2def81f24471205dda362a8225e34d1956b57f9b8181431c0571f248276e8407dce1520fcaca769bffe95b8d754f
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
|
@@ -5,6 +5,7 @@ require 'chamber/rubinius_fix'
|
|
|
5
5
|
require 'chamber/commands/show'
|
|
6
6
|
require 'chamber/commands/files'
|
|
7
7
|
require 'chamber/commands/secure'
|
|
8
|
+
require 'chamber/commands/unsecure'
|
|
8
9
|
require 'chamber/commands/sign'
|
|
9
10
|
require 'chamber/commands/verify'
|
|
10
11
|
require 'chamber/commands/compare'
|
|
@@ -137,6 +138,21 @@ class Runner < Thor
|
|
|
137
138
|
|
|
138
139
|
################################################################################
|
|
139
140
|
|
|
141
|
+
desc 'unsecure',
|
|
142
|
+
'Decrypts all encrypted values using the current key(s)' \
|
|
143
|
+
|
|
144
|
+
method_option :dry_run,
|
|
145
|
+
type: :boolean,
|
|
146
|
+
aliases: '-d',
|
|
147
|
+
desc: 'Does not actually decrypt anything, but instead displays ' \
|
|
148
|
+
'what values would be decrypted'
|
|
149
|
+
|
|
150
|
+
def unsecure
|
|
151
|
+
Commands::Unsecure.call(**options.transform_keys(&:to_sym).merge(shell: self))
|
|
152
|
+
end
|
|
153
|
+
|
|
154
|
+
################################################################################
|
|
155
|
+
|
|
140
156
|
desc 'sign',
|
|
141
157
|
'Creates or verifies signatures for all current settings files using ' \
|
|
142
158
|
'the signature private key.'
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'chamber/commands/base'
|
|
4
|
+
require 'chamber/commands/securable'
|
|
5
|
+
|
|
6
|
+
module Chamber
|
|
7
|
+
module Commands
|
|
8
|
+
class Unsecure < Chamber::Commands::Base
|
|
9
|
+
include Chamber::Commands::Securable
|
|
10
|
+
|
|
11
|
+
def initialize(**args)
|
|
12
|
+
super(**args.merge(namespaces: ['*']))
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def call
|
|
16
|
+
disable_warnings do
|
|
17
|
+
current_settings.secure.to_environment.each_key do |key|
|
|
18
|
+
color = dry_run ? :blue : :green
|
|
19
|
+
|
|
20
|
+
shell.say_status 'decrypt', key, color
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
chamber.unsecure unless dry_run
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
private
|
|
28
|
+
|
|
29
|
+
def disable_warnings
|
|
30
|
+
$stderr = ::File.open('/dev/null', 'w')
|
|
31
|
+
|
|
32
|
+
yield
|
|
33
|
+
|
|
34
|
+
$stderr = STDERR
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
@@ -18,7 +18,7 @@ class ContextResolver
|
|
|
18
18
|
self.options = args
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
# rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize, Layout/LineLength
|
|
21
|
+
# rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize, Layout/LineLength, Lint/SelfAssignment
|
|
22
22
|
def resolve
|
|
23
23
|
options[:rootpath] ||= Pathname.pwd
|
|
24
24
|
options[:rootpath] = Pathname.new(options[:rootpath])
|
|
@@ -50,7 +50,7 @@ class ContextResolver
|
|
|
50
50
|
|
|
51
51
|
options
|
|
52
52
|
end
|
|
53
|
-
# rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize, Layout/LineLength
|
|
53
|
+
# rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize, Layout/LineLength, Lint/SelfAssignment
|
|
54
54
|
|
|
55
55
|
protected
|
|
56
56
|
|
data/lib/chamber/file.rb
CHANGED
|
@@ -49,7 +49,7 @@ class File < Pathname
|
|
|
49
49
|
self.encryption_keys = encryption_keys
|
|
50
50
|
self.signature_name = signature_name
|
|
51
51
|
|
|
52
|
-
super
|
|
52
|
+
super(path)
|
|
53
53
|
end
|
|
54
54
|
|
|
55
55
|
###
|
|
@@ -107,6 +107,43 @@ class File < Pathname
|
|
|
107
107
|
end
|
|
108
108
|
# rubocop:enable Layout/LineLength, Metrics/AbcSize
|
|
109
109
|
|
|
110
|
+
# rubocop:disable Metrics/AbcSize
|
|
111
|
+
def decrypt
|
|
112
|
+
decrypted_settings = to_settings.decrypted.to_flattened_name_hash
|
|
113
|
+
secure_settings = to_settings.encrypted.to_flattened_name_hash
|
|
114
|
+
file_contents = read
|
|
115
|
+
|
|
116
|
+
decrypted_settings.each_pair do |name_pieces, decrypted_value|
|
|
117
|
+
encrypted_value = secure_settings[name_pieces]
|
|
118
|
+
|
|
119
|
+
next unless encrypted_value.is_a?(String)
|
|
120
|
+
|
|
121
|
+
escaped_name = Regexp.escape(name_pieces.last)
|
|
122
|
+
escaped_value = Regexp.escape(encrypted_value)
|
|
123
|
+
line_pattern = /^(\s*)#{escaped_name}(\s*):(\s*)#{escaped_value}$/
|
|
124
|
+
indentation_level = file_contents
|
|
125
|
+
.match(line_pattern)
|
|
126
|
+
&.[](1)
|
|
127
|
+
&.<<(' ')
|
|
128
|
+
|
|
129
|
+
if decrypted_value.include?("\n")
|
|
130
|
+
decrypted_value = decrypted_value
|
|
131
|
+
.chomp
|
|
132
|
+
.gsub("\n", "\n#{indentation_level}")
|
|
133
|
+
.prepend("|\n#{indentation_level}")
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
file_contents
|
|
137
|
+
.sub!(
|
|
138
|
+
line_pattern,
|
|
139
|
+
"\\1#{name_pieces.last}\\2:\\3#{decrypted_value}",
|
|
140
|
+
)
|
|
141
|
+
end
|
|
142
|
+
|
|
143
|
+
write(file_contents)
|
|
144
|
+
end
|
|
145
|
+
# rubocop:enable Metrics/AbcSize
|
|
146
|
+
|
|
110
147
|
def sign
|
|
111
148
|
signature_key_contents = decryption_keys[:signature]
|
|
112
149
|
|
data/lib/chamber/file_set.rb
CHANGED
data/lib/chamber/instance.rb
CHANGED
data/lib/chamber/key_pair.rb
CHANGED
data/lib/chamber/settings.rb
CHANGED
|
@@ -286,6 +286,21 @@ class Settings
|
|
|
286
286
|
))
|
|
287
287
|
end
|
|
288
288
|
|
|
289
|
+
def decrypted
|
|
290
|
+
Settings.new(**metadata.merge(
|
|
291
|
+
settings: raw_data,
|
|
292
|
+
post_filters: [Filters::DecryptionFilter],
|
|
293
|
+
))
|
|
294
|
+
end
|
|
295
|
+
|
|
296
|
+
def encrypted
|
|
297
|
+
Settings.new(**metadata.merge(
|
|
298
|
+
settings: raw_data,
|
|
299
|
+
pre_filters: [Filters::EncryptionFilter],
|
|
300
|
+
post_filters: [],
|
|
301
|
+
))
|
|
302
|
+
end
|
|
303
|
+
|
|
289
304
|
def insecure
|
|
290
305
|
Settings.new(**metadata.merge(
|
|
291
306
|
settings: raw_data,
|
|
@@ -302,14 +317,14 @@ class Settings
|
|
|
302
317
|
# rubocop:disable Naming/MemoizedInstanceVariableName
|
|
303
318
|
def raw_data
|
|
304
319
|
@filtered_raw_data ||= pre_filters.inject(@raw_data) do |filtered_data, filter|
|
|
305
|
-
filter.execute(
|
|
320
|
+
filter.execute(data: filtered_data, **metadata)
|
|
306
321
|
end
|
|
307
322
|
end
|
|
308
323
|
# rubocop:enable Naming/MemoizedInstanceVariableName
|
|
309
324
|
|
|
310
325
|
def data
|
|
311
326
|
@data ||= post_filters.inject(raw_data) do |filtered_data, filter|
|
|
312
|
-
filter.execute(
|
|
327
|
+
filter.execute(data: filtered_data, **metadata)
|
|
313
328
|
end
|
|
314
329
|
end
|
|
315
330
|
|
data/lib/chamber/version.rb
CHANGED
data.tar.gz.sig
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: chamber
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- thekompanee
|
|
@@ -38,7 +38,7 @@ cert_chain:
|
|
|
38
38
|
Z6HMkN0PHJ6eG0Zl3/H4H8Xb+KreWlEx3sXXfZj6UscrdHAVffRQnM1E98PCqnRX
|
|
39
39
|
l5EwT4ShG/HorJMQSTY1EoBLZf54NrD5WlWcfM0CLrcvT7QM77dIqmue
|
|
40
40
|
-----END CERTIFICATE-----
|
|
41
|
-
date:
|
|
41
|
+
date: 2024-10-22 00:00:00.000000000 Z
|
|
42
42
|
dependencies:
|
|
43
43
|
- !ruby/object:Gem::Dependency
|
|
44
44
|
name: thor
|
|
@@ -155,6 +155,7 @@ files:
|
|
|
155
155
|
- lib/chamber/commands/show.rb
|
|
156
156
|
- lib/chamber/commands/sign.rb
|
|
157
157
|
- lib/chamber/commands/travis.rb
|
|
158
|
+
- lib/chamber/commands/unsecure.rb
|
|
158
159
|
- lib/chamber/commands/verify.rb
|
|
159
160
|
- lib/chamber/configuration.rb
|
|
160
161
|
- lib/chamber/context_resolver.rb
|
metadata.gz.sig
CHANGED
|
Binary file
|