chamber 3.0.1 → 3.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/lib/chamber/binary/runner.rb +16 -0
- data/lib/chamber/commands/show.rb +1 -0
- data/lib/chamber/commands/unsecure.rb +38 -0
- data/lib/chamber/context_resolver.rb +2 -2
- data/lib/chamber/file.rb +38 -1
- data/lib/chamber/file_set.rb +4 -0
- data/lib/chamber/instance.rb +4 -0
- data/lib/chamber/key_pair.rb +1 -1
- data/lib/chamber/settings.rb +17 -2
- data/lib/chamber/version.rb +1 -1
- data.tar.gz.sig +0 -0
- metadata +3 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d3c926bcc85c9ee059234c9c2098bf1ae3856fe8fbd104b5fb735c9e9563b544
|
|
4
|
+
data.tar.gz: 1a95f2a3b154ac32cddb9b57634897c83e963401feb1a53445b63f92ef70ee33
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0e606a46915ca345ce0d5983fcd03a2a1befbfc01bd0bfae11db4533c2fd860caf05fe51bb1a1b5a2c5f3c636f88822b21c30cc89b7e321164ba578651412b5e
|
|
7
|
+
data.tar.gz: 86d7d2379a89dc954d8c253a22ddaa1eedca2def81f24471205dda362a8225e34d1956b57f9b8181431c0571f248276e8407dce1520fcaca769bffe95b8d754f
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
|
@@ -5,6 +5,7 @@ require 'chamber/rubinius_fix'
|
|
|
5
5
|
require 'chamber/commands/show'
|
|
6
6
|
require 'chamber/commands/files'
|
|
7
7
|
require 'chamber/commands/secure'
|
|
8
|
+
require 'chamber/commands/unsecure'
|
|
8
9
|
require 'chamber/commands/sign'
|
|
9
10
|
require 'chamber/commands/verify'
|
|
10
11
|
require 'chamber/commands/compare'
|
|
@@ -137,6 +138,21 @@ class Runner < Thor
|
|
|
137
138
|
|
|
138
139
|
################################################################################
|
|
139
140
|
|
|
141
|
+
desc 'unsecure',
|
|
142
|
+
'Decrypts all encrypted values using the current key(s)' \
|
|
143
|
+
|
|
144
|
+
method_option :dry_run,
|
|
145
|
+
type: :boolean,
|
|
146
|
+
aliases: '-d',
|
|
147
|
+
desc: 'Does not actually decrypt anything, but instead displays ' \
|
|
148
|
+
'what values would be decrypted'
|
|
149
|
+
|
|
150
|
+
def unsecure
|
|
151
|
+
Commands::Unsecure.call(**options.transform_keys(&:to_sym).merge(shell: self))
|
|
152
|
+
end
|
|
153
|
+
|
|
154
|
+
################################################################################
|
|
155
|
+
|
|
140
156
|
desc 'sign',
|
|
141
157
|
'Creates or verifies signatures for all current settings files using ' \
|
|
142
158
|
'the signature private key.'
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'chamber/commands/base'
|
|
4
|
+
require 'chamber/commands/securable'
|
|
5
|
+
|
|
6
|
+
module Chamber
|
|
7
|
+
module Commands
|
|
8
|
+
class Unsecure < Chamber::Commands::Base
|
|
9
|
+
include Chamber::Commands::Securable
|
|
10
|
+
|
|
11
|
+
def initialize(**args)
|
|
12
|
+
super(**args.merge(namespaces: ['*']))
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def call
|
|
16
|
+
disable_warnings do
|
|
17
|
+
current_settings.secure.to_environment.each_key do |key|
|
|
18
|
+
color = dry_run ? :blue : :green
|
|
19
|
+
|
|
20
|
+
shell.say_status 'decrypt', key, color
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
chamber.unsecure unless dry_run
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
private
|
|
28
|
+
|
|
29
|
+
def disable_warnings
|
|
30
|
+
$stderr = ::File.open('/dev/null', 'w')
|
|
31
|
+
|
|
32
|
+
yield
|
|
33
|
+
|
|
34
|
+
$stderr = STDERR
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
@@ -18,7 +18,7 @@ class ContextResolver
|
|
|
18
18
|
self.options = args
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
# rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize, Layout/LineLength
|
|
21
|
+
# rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize, Layout/LineLength, Lint/SelfAssignment
|
|
22
22
|
def resolve
|
|
23
23
|
options[:rootpath] ||= Pathname.pwd
|
|
24
24
|
options[:rootpath] = Pathname.new(options[:rootpath])
|
|
@@ -50,7 +50,7 @@ class ContextResolver
|
|
|
50
50
|
|
|
51
51
|
options
|
|
52
52
|
end
|
|
53
|
-
# rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize, Layout/LineLength
|
|
53
|
+
# rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize, Layout/LineLength, Lint/SelfAssignment
|
|
54
54
|
|
|
55
55
|
protected
|
|
56
56
|
|
data/lib/chamber/file.rb
CHANGED
|
@@ -49,7 +49,7 @@ class File < Pathname
|
|
|
49
49
|
self.encryption_keys = encryption_keys
|
|
50
50
|
self.signature_name = signature_name
|
|
51
51
|
|
|
52
|
-
super
|
|
52
|
+
super(path)
|
|
53
53
|
end
|
|
54
54
|
|
|
55
55
|
###
|
|
@@ -107,6 +107,43 @@ class File < Pathname
|
|
|
107
107
|
end
|
|
108
108
|
# rubocop:enable Layout/LineLength, Metrics/AbcSize
|
|
109
109
|
|
|
110
|
+
# rubocop:disable Metrics/AbcSize
|
|
111
|
+
def decrypt
|
|
112
|
+
decrypted_settings = to_settings.decrypted.to_flattened_name_hash
|
|
113
|
+
secure_settings = to_settings.encrypted.to_flattened_name_hash
|
|
114
|
+
file_contents = read
|
|
115
|
+
|
|
116
|
+
decrypted_settings.each_pair do |name_pieces, decrypted_value|
|
|
117
|
+
encrypted_value = secure_settings[name_pieces]
|
|
118
|
+
|
|
119
|
+
next unless encrypted_value.is_a?(String)
|
|
120
|
+
|
|
121
|
+
escaped_name = Regexp.escape(name_pieces.last)
|
|
122
|
+
escaped_value = Regexp.escape(encrypted_value)
|
|
123
|
+
line_pattern = /^(\s*)#{escaped_name}(\s*):(\s*)#{escaped_value}$/
|
|
124
|
+
indentation_level = file_contents
|
|
125
|
+
.match(line_pattern)
|
|
126
|
+
&.[](1)
|
|
127
|
+
&.<<(' ')
|
|
128
|
+
|
|
129
|
+
if decrypted_value.include?("\n")
|
|
130
|
+
decrypted_value = decrypted_value
|
|
131
|
+
.chomp
|
|
132
|
+
.gsub("\n", "\n#{indentation_level}")
|
|
133
|
+
.prepend("|\n#{indentation_level}")
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
file_contents
|
|
137
|
+
.sub!(
|
|
138
|
+
line_pattern,
|
|
139
|
+
"\\1#{name_pieces.last}\\2:\\3#{decrypted_value}",
|
|
140
|
+
)
|
|
141
|
+
end
|
|
142
|
+
|
|
143
|
+
write(file_contents)
|
|
144
|
+
end
|
|
145
|
+
# rubocop:enable Metrics/AbcSize
|
|
146
|
+
|
|
110
147
|
def sign
|
|
111
148
|
signature_key_contents = decryption_keys[:signature]
|
|
112
149
|
|
data/lib/chamber/file_set.rb
CHANGED
data/lib/chamber/instance.rb
CHANGED
data/lib/chamber/key_pair.rb
CHANGED
data/lib/chamber/settings.rb
CHANGED
|
@@ -286,6 +286,21 @@ class Settings
|
|
|
286
286
|
))
|
|
287
287
|
end
|
|
288
288
|
|
|
289
|
+
def decrypted
|
|
290
|
+
Settings.new(**metadata.merge(
|
|
291
|
+
settings: raw_data,
|
|
292
|
+
post_filters: [Filters::DecryptionFilter],
|
|
293
|
+
))
|
|
294
|
+
end
|
|
295
|
+
|
|
296
|
+
def encrypted
|
|
297
|
+
Settings.new(**metadata.merge(
|
|
298
|
+
settings: raw_data,
|
|
299
|
+
pre_filters: [Filters::EncryptionFilter],
|
|
300
|
+
post_filters: [],
|
|
301
|
+
))
|
|
302
|
+
end
|
|
303
|
+
|
|
289
304
|
def insecure
|
|
290
305
|
Settings.new(**metadata.merge(
|
|
291
306
|
settings: raw_data,
|
|
@@ -302,14 +317,14 @@ class Settings
|
|
|
302
317
|
# rubocop:disable Naming/MemoizedInstanceVariableName
|
|
303
318
|
def raw_data
|
|
304
319
|
@filtered_raw_data ||= pre_filters.inject(@raw_data) do |filtered_data, filter|
|
|
305
|
-
filter.execute(
|
|
320
|
+
filter.execute(data: filtered_data, **metadata)
|
|
306
321
|
end
|
|
307
322
|
end
|
|
308
323
|
# rubocop:enable Naming/MemoizedInstanceVariableName
|
|
309
324
|
|
|
310
325
|
def data
|
|
311
326
|
@data ||= post_filters.inject(raw_data) do |filtered_data, filter|
|
|
312
|
-
filter.execute(
|
|
327
|
+
filter.execute(data: filtered_data, **metadata)
|
|
313
328
|
end
|
|
314
329
|
end
|
|
315
330
|
|
data/lib/chamber/version.rb
CHANGED
data.tar.gz.sig
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: chamber
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- thekompanee
|
|
@@ -38,7 +38,7 @@ cert_chain:
|
|
|
38
38
|
Z6HMkN0PHJ6eG0Zl3/H4H8Xb+KreWlEx3sXXfZj6UscrdHAVffRQnM1E98PCqnRX
|
|
39
39
|
l5EwT4ShG/HorJMQSTY1EoBLZf54NrD5WlWcfM0CLrcvT7QM77dIqmue
|
|
40
40
|
-----END CERTIFICATE-----
|
|
41
|
-
date:
|
|
41
|
+
date: 2024-10-22 00:00:00.000000000 Z
|
|
42
42
|
dependencies:
|
|
43
43
|
- !ruby/object:Gem::Dependency
|
|
44
44
|
name: thor
|
|
@@ -155,6 +155,7 @@ files:
|
|
|
155
155
|
- lib/chamber/commands/show.rb
|
|
156
156
|
- lib/chamber/commands/sign.rb
|
|
157
157
|
- lib/chamber/commands/travis.rb
|
|
158
|
+
- lib/chamber/commands/unsecure.rb
|
|
158
159
|
- lib/chamber/commands/verify.rb
|
|
159
160
|
- lib/chamber/configuration.rb
|
|
160
161
|
- lib/chamber/context_resolver.rb
|
metadata.gz.sig
CHANGED
|
Binary file
|