chamber 2.3.1 → 2.3.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +18 -11
- data/bin/chamber +1 -0
- data/lib/chamber/commands/base.rb +1 -0
- data/lib/chamber/commands/initialize.rb +2 -0
- data/lib/chamber/context_resolver.rb +1 -0
- data/lib/chamber/file.rb +5 -2
- data/lib/chamber/file_set.rb +1 -0
- data/lib/chamber/rubinius_fix.rb +3 -1
- data/lib/chamber/version.rb +1 -1
- data/spec/lib/chamber/file_spec.rb +20 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f0a6b77f9bb4f79a5aa98dd6986a1bf9c55a4745
|
|
4
|
+
data.tar.gz: 65fd0c813eff8f0771d33dffb354c9defcd06c5d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c75a2ac2c75c2d3f342b2926d4784a536fd11119aef5e5142950b0ce676fa60b6b1ea8fc4a003d8f1c0fed6f1f23f8d6ea1680070d27ce526375267177c0cc0a
|
|
7
|
+
data.tar.gz: 074b2e34a9c5de417cb3d26f087e1ae17eac011a1b2bfd0088988832fd8c92c978f70323fa3a2afe92bef59f75da986017d863d6e6edcd8aa47bb4057a64a4c8
|
data/README.md
CHANGED
|
@@ -16,9 +16,9 @@ we (and assumed others) needed.
|
|
|
16
16
|
|
|
17
17
|
1. Thou shalt be configurable, but use conventions so that configuration isn't
|
|
18
18
|
necessary
|
|
19
|
-
1. Thou shalt
|
|
19
|
+
1. Thou shalt seamlessly work with Heroku or other deployment platforms, where custom
|
|
20
20
|
settings must be stored in environment variables
|
|
21
|
-
1. Thou shalt
|
|
21
|
+
1. Thou shalt seamlessly work with Travis CI and other cloud CI platforms
|
|
22
22
|
1. Thou shalt not force users to use arcane
|
|
23
23
|
long_variable_names_just_to_keep_their_settings_organized
|
|
24
24
|
1. Thou shalt not require users keep a separate repo or cloud share sync just to
|
|
@@ -131,7 +131,7 @@ Either you have to use a separate private repo, or you have to use something
|
|
|
131
131
|
like a Dropbox share. In either case, you'd then symlink the files from their
|
|
132
132
|
locations into your application. What. A. Pain.
|
|
133
133
|
|
|
134
|
-
Chamber uses public/private encryption keys to
|
|
134
|
+
Chamber uses public/private encryption keys to seamlessly store any of your
|
|
135
135
|
configuration values as encrypted text. The only file that needs to be synced
|
|
136
136
|
*once* between developers is the private key. And even that file would only be
|
|
137
137
|
needed by the users deploying the application. If you're deploying via CI,
|
|
@@ -143,7 +143,8 @@ After running `chamber init` as described above, the hard work is done. From
|
|
|
143
143
|
here on out, Chamber makes working with secure settings almost an afterthought.
|
|
144
144
|
|
|
145
145
|
When you create your configuration YAML file (or add a new setting to an
|
|
146
|
-
existing one), you can
|
|
146
|
+
existing one), you can add a secure key by prefixing the key name with
|
|
147
|
+
`_secure_`, like so:
|
|
147
148
|
|
|
148
149
|
```yaml
|
|
149
150
|
# settings.yml
|
|
@@ -151,9 +152,14 @@ existing one), you can format your secure keys like so:
|
|
|
151
152
|
_secure_my_secure_key_name: 'my secure value'
|
|
152
153
|
```
|
|
153
154
|
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
155
|
+
To encrypt the secret with your key pair, use the `chamber secure` command:
|
|
156
|
+
|
|
157
|
+
```sh
|
|
158
|
+
$ chamber secure
|
|
159
|
+
```
|
|
160
|
+
|
|
161
|
+
This will replace the plaintext secret with an encrypted version, looking
|
|
162
|
+
something like this:
|
|
157
163
|
|
|
158
164
|
```yaml
|
|
159
165
|
# settings.yml
|
|
@@ -161,8 +167,9 @@ public/private keys you generated above into something like:
|
|
|
161
167
|
_secure_my_secure_key_name: 8239f293r9283r9823r92hf9823hf9uehfksdhviwuehf923uhrehf9238
|
|
162
168
|
```
|
|
163
169
|
|
|
164
|
-
|
|
165
|
-
the private key in
|
|
170
|
+
Now, only users with the private key file can access the secret value. Once
|
|
171
|
+
the private key is in your application's root directory, you can access the
|
|
172
|
+
secret by name:
|
|
166
173
|
|
|
167
174
|
```ruby
|
|
168
175
|
Chamber.env.my_secure_key_name
|
|
@@ -211,7 +218,7 @@ information on Heroku.
|
|
|
211
218
|
|
|
212
219
|
To solve this problem, Heroku allows you to set environment variables in your
|
|
213
220
|
application. Unfortunately this has the nasty side effect of being a pain to
|
|
214
|
-
deal with. For one, you have to deal with environment variables with
|
|
221
|
+
deal with. For one, you have to deal with environment variables with unwieldy
|
|
215
222
|
names (eg `MY_THIRD_PARTY_SERVICE_DEV_API_KEY`). For another, it makes the
|
|
216
223
|
organization of those variables difficult.
|
|
217
224
|
|
|
@@ -822,7 +829,7 @@ if Chamber.env.my_feature.enabled == 'true'
|
|
|
822
829
|
end
|
|
823
830
|
```
|
|
824
831
|
|
|
825
|
-
but that looks awful and isn't very
|
|
832
|
+
but that looks awful and isn't very idiomatic.
|
|
826
833
|
|
|
827
834
|
To solve this problem, Chamber reviews all of your settings values and, if they
|
|
828
835
|
are any of the following exact strings (case insensitive):
|
data/bin/chamber
CHANGED
data/lib/chamber/file.rb
CHANGED
|
@@ -76,11 +76,14 @@ class File < Pathname
|
|
|
76
76
|
file_contents = self.read
|
|
77
77
|
|
|
78
78
|
insecure_settings.each_pair do |name_pieces, value|
|
|
79
|
-
secure_value
|
|
79
|
+
secure_value = secure_settings[name_pieces]
|
|
80
|
+
|
|
81
|
+
escaped_name = Regexp.escape(name_pieces.last)
|
|
82
|
+
escaped_value = Regexp.escape(value)
|
|
80
83
|
|
|
81
84
|
file_contents.
|
|
82
85
|
sub!(
|
|
83
|
-
/^(\s*)_secure_#{
|
|
86
|
+
/^(\s*)_secure_#{escaped_name}(\s*):(\s*)['"]?#{escaped_value}['"]?$/,
|
|
84
87
|
"\\1_secure_#{name_pieces.last}\\2:\\3#{secure_value}")
|
|
85
88
|
end
|
|
86
89
|
|
data/lib/chamber/file_set.rb
CHANGED
data/lib/chamber/rubinius_fix.rb
CHANGED
data/lib/chamber/version.rb
CHANGED
|
@@ -167,6 +167,26 @@ other:
|
|
|
167
167
|
<<: *default
|
|
168
168
|
_secure_another_setting: #{secure_another_setting_encoded}
|
|
169
169
|
regular_setting: <%= 1 + 1 %>
|
|
170
|
+
HEREDOC
|
|
171
|
+
end
|
|
172
|
+
|
|
173
|
+
it 'when rewriting the file, can handle names and values with regex special characters' do
|
|
174
|
+
tempfile = create_tempfile_with_content <<-HEREDOC
|
|
175
|
+
stuff:
|
|
176
|
+
_secure_another+_setting: "Thanks for +all the fish"
|
|
177
|
+
HEREDOC
|
|
178
|
+
|
|
179
|
+
settings_file = File.new path: tempfile.path,
|
|
180
|
+
encryption_key: './spec/spec_key.pub'
|
|
181
|
+
|
|
182
|
+
settings_file.secure
|
|
183
|
+
|
|
184
|
+
file_contents = ::File.read(tempfile.path)
|
|
185
|
+
secure_another_setting_encoded = file_contents[/ _secure_another\+_setting: ([A-Za-z0-9\+\/]{342}==)$/, 1]
|
|
186
|
+
|
|
187
|
+
expect(::File.read(tempfile.path)).to eql <<-HEREDOC
|
|
188
|
+
stuff:
|
|
189
|
+
_secure_another+_setting: #{secure_another_setting_encoded}
|
|
170
190
|
HEREDOC
|
|
171
191
|
end
|
|
172
192
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: chamber
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.3.
|
|
4
|
+
version: 2.3.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- stevenhallen
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2014-
|
|
14
|
+
date: 2014-08-08 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: thor
|
|
@@ -193,7 +193,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
193
193
|
version: '0'
|
|
194
194
|
requirements: []
|
|
195
195
|
rubyforge_project: chamber
|
|
196
|
-
rubygems_version: 2.
|
|
196
|
+
rubygems_version: 2.2.2
|
|
197
197
|
signing_key:
|
|
198
198
|
specification_version: 4
|
|
199
199
|
summary: A surprisingly configurable convention-based approach to managing your application's
|