chamber 2.10.2 → 2.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9edabd92ed2fb227cb36bef070841da66a318d4e
-  data.tar.gz: 773b623a400e9135391616bd93bd9b4b07ca8b87
+  metadata.gz: 212f658524053ccae210207899aaadd11fca8dc3
+  data.tar.gz: 2ab2300b8a8a0107f7c094b79e344209f24a385a
 SHA512:
-  metadata.gz: 8986c275bcf25008895491027fff6015dd7ea0a0685e428e0b2464d62a9e5a9c96d22938a9d12469cb48c63a2de794467701e5dd7c1a1b38daa3e7bfe13d3190
-  data.tar.gz: ab14d195f86e79e1f974f38bb6a73c3b2bee9437a82fe47fbb54c0290821720df364be375cbbb8fcdb92d271c430e2e6ed17c5edd2468eb2a4e3b2a862fec7d8
+  metadata.gz: 6d90c504c34d974a5d915aa1eb63f5c5c1c6dff4cf7fda43a072b2464e04d6d11ecacf196d921a5ecb9c2521a685a6199421abcfb6dad90c62f149cba277a273
+  data.tar.gz: d9168743dc703563e8e5ef86f4fb5fce13d00a3d6a7c590a7147d0902d2f8e73df7957fb070f8ce7d5541b483a7c5f8d94bf7b350ec56ab63a8d5ef58f27f357

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2010-2016 The Kompanee, Ltd
+Copyright (c) 2010-2018 The Kompanee, Ltd
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/lib/chamber.rb

@@ -1,9 +1,12 @@
 # frozen_string_literal: true
+
 require 'chamber/rubinius_fix'
 require 'chamber/instance'
 require 'chamber/rails'
 
 module  Chamber
+  attr_writer :instance
+
   def load(options = {})
     self.instance = Instance.new(options)
   end
@@ -16,16 +19,10 @@ module  Chamber
     instance.settings
   end
 
-  protected
-
-  attr_accessor :instance
-
   def instance
     @instance ||= Instance.new({})
   end
 
-  public
-
   def method_missing(name, *args)
     return instance.public_send(name, *args) if instance.respond_to?(name)
 

data/lib/chamber/binary/heroku.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require 'thor'
 require 'chamber/commands/heroku/clear'
 require 'chamber/commands/heroku/push'

data/lib/chamber/binary/runner.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require 'thor'
 require 'chamber/rubinius_fix'
 require 'chamber/binary/travis'
@@ -46,22 +47,28 @@ class   Runner < Thor
                 desc:    'Used to quickly assign a given scenario to the chamber ' \
                          'command (eg Rails apps)'
 
-  class_option  :decryption_key,
-                type: :string,
-                desc: 'The path to or contents of the private key associated with ' \
-                      'the project (typically .chamber.pem)'
+  class_option  :decryption_keys,
+                type: :array,
+                desc: 'The path to or contents of the private key (or keys) associated ' \
+                      'with the project (typically .chamber.pem)'
+
+  class_option  :encryption_keys,
+                type: :array,
+                desc: 'The path to or contents of the public key (or keys) associated ' \
+                      'with the project (typically .chamber.pub.pem)'
 
-  class_option  :encryption_key,
-                type: :string,
-                desc: 'The path to or contents of the public key associated with ' \
-                      'the project (typically .chamber.pub.pem)'
+  ################################################################################
 
   desc 'travis SUBCOMMAND ...ARGS',   'For manipulating Travis CI environment variables'
   subcommand 'travis', Chamber::Binary::Travis
 
+  ################################################################################
+
   desc 'heroku SUBCOMMAND ...ARGS',   'For manipulating Heroku environment variables'
   subcommand 'heroku', Chamber::Binary::Heroku
 
+  ################################################################################
+
   desc 'show', 'Displays the list of settings and their values'
 
   method_option :as_env,
@@ -70,8 +77,6 @@ class   Runner < Thor
                 desc:    'Whether the displayed settings should be environment ' \
                          'variable compatible'
 
-  desc 'only_sensitive', 'Only show secured/securable settings'
-
   method_option :only_sensitive,
                 type:    :boolean,
                 aliases: '-s',
@@ -82,13 +87,20 @@ class   Runner < Thor
     puts Commands::Show.call(options.merge(shell: self))
   end
 
+  ################################################################################
+
   desc 'files', 'Lists the settings files which are parsed with the given options'
+
   def files
     puts Commands::Files.call(options.merge(shell: self))
   end
 
-  desc 'compare', 'Displays the difference between what is currently stored in the ' \
-                  'Heroku application\'s config and what Chamber knows about locally'
+  ################################################################################
+
+  desc 'compare', 'Displays the difference between the settings in the first set ' \
+                  'of namespaces and the settings in the second set.  Useful for ' \
+                  'tracking down why there may be issues in development versus test ' \
+                  'or differences between staging and production.'
 
   method_option :keys_only,
                 type:    :boolean,
@@ -110,6 +122,8 @@ class   Runner < Thor
     Commands::Compare.call(options.merge(shell: self))
   end
 
+  ################################################################################
+
   desc 'secure', 'Secures any values which appear to need to be encrypted in any of ' \
                  'the settings files which match irrespective of namespaces'
 
@@ -127,7 +141,9 @@ class   Runner < Thor
     Commands::Secure.call(options.merge(shell: self))
   end
 
-  desc 'init', 'Sets Chamber up matching best practices for secure configuration ' \
+  ################################################################################
+
+  desc 'init', 'Sets Chamber up using best practices for secure configuration ' \
                'management'
 
   def init

data/lib/chamber/binary/travis.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require 'thor'
 require 'chamber/commands/travis/secure'
 

data/lib/chamber/commands/base.rb

@@ -1,28 +1,29 @@
 # frozen_string_literal: true
+
 require 'pathname'
 require 'chamber/instance'
 
 module  Chamber
 module  Commands
 class   Base
-  def initialize(options = {})
-    self.chamber  = Chamber::Instance.new options
-    self.shell    = options[:shell]
-    self.rootpath = options[:rootpath]
-    self.dry_run  = options[:dry_run]
-  end
-
   def self.call(options = {})
     new(options).call
   end
 
-  protected
-
   attr_accessor :chamber,
                 :shell,
                 :dry_run
   attr_reader   :rootpath
 
+  def initialize(options = {})
+    self.chamber  = Chamber::Instance.new options
+    self.shell    = options[:shell]
+    self.rootpath = options[:rootpath]
+    self.dry_run  = options[:dry_run]
+  end
+
+  protected
+
   def rootpath=(other)
     @rootpath ||= Pathname.new(other)
   end

data/lib/chamber/commands/comparable.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require 'tempfile'
 
 module  Chamber

data/lib/chamber/commands/compare.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require 'chamber/instance'
 require 'chamber/commands/base'
 require 'chamber/commands/comparable'
@@ -8,6 +9,13 @@ module  Commands
 class   Compare < Chamber::Commands::Base
   include Chamber::Commands::Comparable
 
+  attr_accessor :first_settings_instance,
+                :second_settings_instance
+
+  def self.call(options = {})
+    new(options).call
+  end
+
   def initialize(options = {})
     super
 
@@ -18,15 +26,8 @@ class   Compare < Chamber::Commands::Base
     self.second_settings_instance = Chamber::Instance.new(second_settings_options)
   end
 
-  def self.call(options = {})
-    new(options).call
-  end
-
   protected
 
-  attr_accessor :first_settings_instance,
-                :second_settings_instance
-
   def first_settings_data
     settings_data(first_settings_instance)
   end

data/lib/chamber/commands/files.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require 'chamber/commands/base'
 
 module  Chamber

data/lib/chamber/commands/heroku.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require 'bundler'
 
 module  Chamber

data/lib/chamber/commands/heroku/clear.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require 'chamber/commands/base'
 require 'chamber/commands/heroku'
 
@@ -9,7 +10,7 @@ class   Clear < Chamber::Commands::Base
   include Chamber::Commands::Heroku
 
   def call
-    chamber.to_environment.keys.each do |key|
+    chamber.to_environment.each_key do |key|
       next unless configuration.match(key)
 
       if dry_run

data/lib/chamber/commands/heroku/compare.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require 'chamber/commands/securable'
 require 'chamber/commands/heroku'
 require 'chamber/commands/comparable'

data/lib/chamber/commands/heroku/pull.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require 'chamber/commands/base'
 require 'chamber/commands/heroku'
 
@@ -8,6 +9,8 @@ module  Heroku
 class   Pull < Chamber::Commands::Base
   include Chamber::Commands::Heroku
 
+  attr_accessor :target_file
+
   def initialize(options = {})
     super
 
@@ -21,10 +24,6 @@ class   Pull < Chamber::Commands::Base
       configuration
     end
   end
-
-  protected
-
-  attr_accessor :target_file
 end
 end
 end

data/lib/chamber/commands/heroku/push.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require 'chamber/commands/base'
 require 'chamber/commands/securable'
 require 'chamber/commands/heroku'

data/lib/chamber/commands/initialize.rb

@@ -1,71 +1,128 @@
 # frozen_string_literal: true
+
 require 'pathname'
 require 'fileutils'
 require 'openssl'
+require 'securerandom'
 require 'chamber/configuration'
+require 'chamber/key_pair'
 require 'chamber/commands/base'
 
 module  Chamber
 module  Commands
 class   Initialize < Chamber::Commands::Base
+  def self.call(options = {})
+    new(options).call
+  end
+
+  attr_accessor :basepath,
+                :namespaces
+
   def initialize(options = {})
     super
 
-    self.basepath = Chamber.configuration.basepath
+    self.basepath   = Chamber.configuration.basepath
+    self.namespaces = options.fetch(:namespaces, [])
   end
 
   # rubocop:disable Metrics/LineLength, Metrics/MethodLength, Metrics/AbcSize
   def call
-    shell.create_file private_key_filepath,    rsa_private_key.to_pem
-    shell.create_file protected_key_filepath,  rsa_protected_key
-    shell.create_file public_key_filepath,     rsa_public_key.to_pem
-
-    `chmod 600 #{private_key_filepath}`
-    `chmod 600 #{protected_key_filepath}`
-    `chmod 644 #{public_key_filepath}`
+    key_pairs = namespaces.map do |namespace|
+      Chamber::KeyPair.new(namespace:     namespace,
+                           key_file_path: rootpath)
+    end
+    key_pairs << Chamber::KeyPair.new(namespace:     nil,
+                                      key_file_path: rootpath)
 
-    ::FileUtils.touch gitignore_filepath
+    key_pairs.each { |key_pair| generate_key_pair(key_pair) }
 
-    unless ::File.read(gitignore_filepath) =~ /^.chamber.pem$/
-      shell.append_to_file gitignore_filepath, "\n# Private and protected key files for Chamber\n"
-      shell.append_to_file gitignore_filepath, "#{private_key_filename}\n"
-      shell.append_to_file gitignore_filepath, "#{protected_key_filename}\n"
-    end
+    append_to_gitignore
 
     shell.copy_file settings_template_filepath, settings_filepath
 
     shell.say ''
-    shell.say 'The passphrase for your encrypted private key is:', :green
+    shell.say '********************************************************************************', :green
+    shell.say '                                    Success!', :green
+    shell.say '********************************************************************************', :green
+    shell.say ''
+
+    shell.say '.chamber.pem is a DEFAULT Chamber key.', :red
+    shell.say ''
+    shell.say 'If you would like a key which is used only for things such as a certain'
+    shell.say 'environment (such as production), or your local machine, you can rerun'
+    shell.say 'the command like so:'
+    shell.say ''
+    shell.say '$ chamber init --namespaces="production my_machines_hostname"', :yellow
     shell.say ''
-    shell.say rsa_key_passphrase, :green
+
+    shell.say 'The passphrase for your encrypted private key(s) are:'
     shell.say ''
-    shell.say 'Store this securely somewhere.', :green
+
+    key_pairs.each do |key_pair|
+      shell.say "* #{key_pair.encrypted_private_key_filename}: "
+      shell.say key_pair.passphrase, :yellow
+    end
+
     shell.say ''
-    shell.say 'You can send them the file located at:', :green
+    shell.say 'Store these securely somewhere.'
     shell.say ''
-    shell.say protected_key_filepath, :green
+    shell.say 'You can send your team members any of the file(s) located at:'
+    shell.say ''
+
+    key_pairs.each do |key_pair|
+      shell.say '* '
+      shell.say key_pair.encrypted_private_key_filepath, :yellow
+    end
+
     shell.say ''
-    shell.say 'and not have to worry about sending it via a secure medium (such as', :green
-    shell.say 'email), however do not send the passphrase along with it.  Give it to', :green
-    shell.say 'your team members in person.', :green
+    shell.say 'and not have to worry about sending it via a secure medium (such as'
+    shell.say 'email), however do not send the passphrase along with it.  Give it to'
+    shell.say 'your team members in person.'
     shell.say ''
-    shell.say 'In order for them to decrypt it (for use with Chamber), they can run:', :green
+    shell.say 'In order for them to decrypt it (for use with Chamber), they can use something'
+    shell.say 'like the following (swapping out the actual key filenames if necessary):'
     shell.say ''
-    shell.say "$ cp /path/to/{#{protected_key_filename},#{private_key_filename}}", :green
-    shell.say "$ ssh-keygen -p -f /path/to/#{private_key_filename}", :green
+    shell.say "$ cp #{key_pairs[0].encrypted_private_key_filepath} #{key_pairs[0].unencrypted_private_key_filepath}", :yellow
+    shell.say "$ ssh-keygen -p -f #{key_pairs[0].unencrypted_private_key_filepath}", :yellow
     shell.say ''
-    shell.say 'Enter the passphrase when prompted and leave the new passphrase blank.', :green
+    shell.say 'Enter the passphrase when prompted and leave the new passphrase blank.'
     shell.say ''
   end
   # rubocop:enable Metrics/LineLength, Metrics/MethodLength, Metrics/AbcSize
 
-  def self.call(options = {})
-    new(options).call
+  protected
+
+  def generate_key_pair(key_pair)
+    shell.create_file key_pair.unencrypted_private_key_filepath,
+                      key_pair.unencrypted_private_key_pem,
+                      skip: true
+    shell.create_file key_pair.encrypted_private_key_filepath,
+                      key_pair.encrypted_private_key_pem,
+                      skip: true
+    shell.create_file key_pair.public_key_filepath,
+                      key_pair.public_key_pem,
+                      skip: true
+
+    `chmod 600 #{key_pair.unencrypted_private_key_filepath}`
+    `chmod 600 #{key_pair.encrypted_private_key_filepath}`
+    `chmod 644 #{key_pair.public_key_filepath}`
   end
 
-  protected
+  # rubocop:disable Style/GuardClause
+  def append_to_gitignore
+    ::FileUtils.touch gitignore_filepath
+
+    gitignore_contents = ::File.read(gitignore_filepath)
 
-  attr_accessor :basepath
+    unless gitignore_contents =~ /^\.chamber\*\.enc$/
+      shell.append_to_file gitignore_filepath, ".chamber*.enc\n"
+    end
+
+    unless gitignore_contents =~ /^\.chamber\*\.pem$/
+      shell.append_to_file gitignore_filepath, ".chamber*.pem\n"
+    end
+  end
+  # rubocop:enable Style/GuardClause
 
   def settings_template_filepath
     @settings_template_filepath ||= templates_path + 'settings.yml'
@@ -78,7 +135,7 @@ class   Initialize < Chamber::Commands::Base
   def gem_path
     @gem_path                   ||= Pathname.new(
                                       ::File.expand_path('../../../..', __FILE__),
-    )
+                                    )
   end
 
   def settings_filepath
@@ -88,51 +145,6 @@ class   Initialize < Chamber::Commands::Base
   def gitignore_filepath
     @gitignore_filepath         ||= rootpath + '.gitignore'
   end
-
-  def protected_key_filepath
-    @protected_key_filepath     ||= rootpath + protected_key_filename
-  end
-
-  def private_key_filepath
-    @private_key_filepath       ||= rootpath + private_key_filename
-  end
-
-  def public_key_filepath
-    @public_key_filepath        ||= rootpath + public_key_filename
-  end
-
-  def protected_key_filename
-    '.chamber.pem.enc'
-  end
-
-  def private_key_filename
-    '.chamber.pem'
-  end
-
-  def public_key_filename
-    '.chamber.pub.pem'
-  end
-
-  def rsa_protected_key
-    @rsa_protected_key          ||= begin
-                                      cipher = OpenSSL::Cipher.new 'AES-128-CBC'
-                                      key    = OpenSSL::PKey::RSA.new(2048)
-
-                                      key.export cipher, rsa_key_passphrase
-                                    end
-  end
-
-  def rsa_private_key
-    @rsa_private_key            ||= OpenSSL::PKey::RSA.new(2048)
-  end
-
-  def rsa_public_key
-    rsa_private_key.public_key
-  end
-
-  def rsa_key_passphrase
-    @rsa_key_passphrase ||= SecureRandom.uuid
-  end
 end
 end
 end