RubyGems - chamber - Versions diffs - 2.8.0 → 2.9.0 - Mend

chamber 2.8.0 → 2.9.0

Files changed (79) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +1 -0
data/LICENSE.txt +19 -0
data/Rakefile +1 -0
data/bin/chamber +1 -0
data/lib/chamber.rb +1 -0
data/lib/chamber/binary/heroku.rb +1 -0
data/lib/chamber/binary/runner.rb +1 -0
data/lib/chamber/binary/travis.rb +1 -0
data/lib/chamber/commands/base.rb +1 -0
data/lib/chamber/commands/comparable.rb +1 -0
data/lib/chamber/commands/compare.rb +1 -0
data/lib/chamber/commands/files.rb +1 -0
data/lib/chamber/commands/heroku.rb +1 -0
data/lib/chamber/commands/heroku/clear.rb +1 -0
data/lib/chamber/commands/heroku/compare.rb +1 -0
data/lib/chamber/commands/heroku/pull.rb +1 -0
data/lib/chamber/commands/heroku/push.rb +1 -0
data/lib/chamber/commands/initialize.rb +5 -3
data/lib/chamber/commands/securable.rb +1 -0
data/lib/chamber/commands/secure.rb +1 -0
data/lib/chamber/commands/show.rb +1 -0
data/lib/chamber/commands/travis.rb +1 -0
data/lib/chamber/commands/travis/secure.rb +1 -0
data/lib/chamber/configuration.rb +1 -0
data/lib/chamber/context_resolver.rb +10 -7
data/lib/chamber/decryption_key.rb +1 -0
data/lib/chamber/encryption_methods/none.rb +17 -0
data/lib/chamber/encryption_methods/public_key.rb +27 -0
data/lib/chamber/encryption_methods/ssl.rb +60 -0
data/lib/chamber/environmentable.rb +1 -0
data/lib/chamber/errors/decryption_failure.rb +1 -0
data/lib/chamber/file.rb +9 -1
data/lib/chamber/file_set.rb +4 -3
data/lib/chamber/filters/boolean_conversion_filter.rb +2 -1
data/lib/chamber/filters/decryption_filter.rb +20 -29
data/lib/chamber/filters/encryption_filter.rb +29 -14
data/lib/chamber/filters/environment_filter.rb +2 -1
data/lib/chamber/filters/failed_decryption_filter.rb +3 -2
data/lib/chamber/filters/insecure_filter.rb +1 -0
data/lib/chamber/filters/namespace_filter.rb +2 -1
data/lib/chamber/filters/secure_filter.rb +2 -1
data/lib/chamber/filters/translate_secure_keys_filter.rb +2 -1
data/lib/chamber/instance.rb +1 -0
data/lib/chamber/namespace_set.rb +4 -3
data/lib/chamber/rails.rb +1 -0
data/lib/chamber/rails/railtie.rb +3 -1
data/lib/chamber/rubinius_fix.rb +1 -0
data/lib/chamber/settings.rb +23 -18
data/lib/chamber/version.rb +2 -1
data/spec/lib/chamber/commands/files_spec.rb +5 -2
data/spec/lib/chamber/commands/heroku/clear_spec.rb +1 -0
data/spec/lib/chamber/commands/heroku/compare_spec.rb +1 -0
data/spec/lib/chamber/commands/heroku/pull_spec.rb +1 -0
data/spec/lib/chamber/commands/heroku/push_spec.rb +1 -0
data/spec/lib/chamber/commands/secure_spec.rb +5 -2
data/spec/lib/chamber/commands/show_spec.rb +1 -0
data/spec/lib/chamber/context_resolver_spec.rb +8 -5
data/spec/lib/chamber/file_set_spec.rb +55 -52
data/spec/lib/chamber/file_spec.rb +43 -9
data/spec/lib/chamber/filters/boolean_conversion_filter_spec.rb +14 -5
data/spec/lib/chamber/filters/decryption_filter_spec.rb +85 -9
data/spec/lib/chamber/filters/encryption_filter_spec.rb +76 -10
data/spec/lib/chamber/filters/environment_filter_spec.rb +9 -2
data/spec/lib/chamber/filters/failed_decryption_filter_spec.rb +7 -6
data/spec/lib/chamber/filters/insecure_filter_spec.rb +12 -4
data/spec/lib/chamber/filters/namespace_filter_spec.rb +33 -14
data/spec/lib/chamber/filters/secure_filter_spec.rb +8 -3
data/spec/lib/chamber/filters/translate_secure_keys_filter_spec.rb +10 -3
data/spec/lib/chamber/namespace_set_spec.rb +6 -3
data/spec/lib/chamber/settings_spec.rb +36 -25
data/spec/lib/chamber_spec.rb +25 -10
data/spec/rails-2-test/config/application.rb +1 -0
data/spec/rails-3-test/config/application.rb +1 -0
data/spec/rails-4-test/config/application.rb +1 -0
metadata +35 -9
metadata.gz.sig +0 -0
data/LICENSE +0 -22

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4f7dbdffb12b7b5622f0599bd110ce6ff1ff5316
-  data.tar.gz: 16f1879d1d7bafadd27f9e573b420cceeb18abfb
+  metadata.gz: 70d5a99fb72440e64e3ef88a6ab33a3304466b19
+  data.tar.gz: a9e604aa036a20152fa0be993ccfcd69e47406de
 SHA512:
-  metadata.gz: cd5da56e5554973ac39e4615ec410f12e3771069182c65081a90f9a2b41476f06db63c853d373810336ebe097e2cd83a46215972e2f8c808ad5669514391dea4
-  data.tar.gz: cea1cd1f08b84475c92ea6391755f58e0621eccf3dd08d4a54acd9c8125705ee78fc5ff874d508767ddafb2f125281a62b6e6c3cea8e75c7a01947ab4b715cf6
+  metadata.gz: b6bafc0df4003a0f5dc2ef004bbb874b4489166e8000f8be0caa92e2edb09197b7716a0080d7941fe482721e996110f51baff07ca167af5f4907349b9b8e80d8
+  data.tar.gz: 50985ca6d2a0716b1256a0e09df31d9501df5e26119be403b99ebaa7b67b327832236fc47616272579bce02abb3d9b703af8af68b24cbf8463216c87f0a98a2f

checksums.yaml.gz.sig ADDED

Binary file

data.tar.gz.sig ADDED

	@@ -0,0 +1 @@
1	+ UM��K]��@��jb}��TχN)�)�l�X��]�Ժ�ha��V�u�0h�J�&��$� ��]I~{cU��±��-�9rA��l�J�r_kV%\|��KH��}oM�?�H0a�v%CC!�

data/LICENSE.txt ADDED

@@ -0,0 +1,19 @@
+Copyright (c) 2010-2016 The Kompanee, Ltd
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/Rakefile CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'

data/bin/chamber CHANGED

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 require 'chamber'
 require 'chamber/binary/runner'

data/lib/chamber.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'chamber/rubinius_fix'
 require 'chamber/instance'
 require 'chamber/rails'

data/lib/chamber/binary/heroku.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'thor'
 require 'chamber/commands/heroku/clear'
 require 'chamber/commands/heroku/push'

data/lib/chamber/binary/runner.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'thor'
 require 'chamber/rubinius_fix'
 require 'chamber/binary/travis'

data/lib/chamber/binary/travis.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'thor'
 require 'chamber/commands/travis/secure'

data/lib/chamber/commands/base.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'pathname'
 require 'chamber/instance'

data/lib/chamber/commands/comparable.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'tempfile'
 module  Chamber

data/lib/chamber/commands/compare.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'chamber/instance'
 require 'chamber/commands/base'
 require 'chamber/commands/comparable'

data/lib/chamber/commands/files.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'chamber/commands/base'
 module  Chamber

data/lib/chamber/commands/heroku.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'bundler'
 module  Chamber

data/lib/chamber/commands/heroku/clear.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'chamber/commands/base'
 require 'chamber/commands/heroku'

data/lib/chamber/commands/heroku/compare.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'chamber/commands/securable'
 require 'chamber/commands/heroku'
 require 'chamber/commands/comparable'

data/lib/chamber/commands/heroku/pull.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'chamber/commands/base'
 require 'chamber/commands/heroku'

data/lib/chamber/commands/heroku/push.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'chamber/commands/base'
 require 'chamber/commands/securable'
 require 'chamber/commands/heroku'

data/lib/chamber/commands/initialize.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'pathname'
 require 'fileutils'
 require 'openssl'
@@ -25,7 +26,7 @@ class   Initialize < Chamber::Commands::Base
     ::FileUtils.touch gitignore_filepath
-    unless ::File.read(gitignore_filepath).match(/^.chamber.pem$/)
+    unless ::File.read(gitignore_filepath) =~ /^.chamber.pem$/
       shell.append_to_file gitignore_filepath, "\n# Private and protected key files for Chamber\n"
       shell.append_to_file gitignore_filepath, "#{private_key_filename}\n"
       shell.append_to_file gitignore_filepath, "#{protected_key_filename}\n"
@@ -76,7 +77,8 @@ class   Initialize < Chamber::Commands::Base
   def gem_path
     @gem_path                   ||= Pathname.new(
-                                      ::File.expand_path('../../../..', __FILE__))
+                                      ::File.expand_path('../../../..', __FILE__),
+    )
   end
   def settings_filepath
@@ -129,7 +131,7 @@ class   Initialize < Chamber::Commands::Base
   end
   def rsa_key_passphrase
-    @rsa_key_passphrase         ||= SecureRandom.uuid
+    @rsa_key_passphrase ||= SecureRandom.uuid
   end
 end
 end

data/lib/chamber/commands/securable.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'shellwords'
 require 'chamber/instance'

data/lib/chamber/commands/secure.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'chamber/commands/base'
 module  Chamber

data/lib/chamber/commands/show.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'pp'
 require 'chamber/commands/base'

data/lib/chamber/commands/travis.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'bundler'
 module  Chamber

data/lib/chamber/commands/travis/secure.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'chamber/commands/base'
 require 'chamber/commands/travis'
 require 'chamber/commands/securable'

data/lib/chamber/configuration.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'chamber/context_resolver'
 module  Chamber

data/lib/chamber/context_resolver.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'pathname'
 require 'socket'
 require 'hashie/mash'
@@ -36,19 +37,21 @@ class   ContextResolver
       if options[:namespaces] == []
         require options[:rootpath].join('config', 'application').to_s
-        options[:namespaces]   = [
-          ::Rails.env,
-          Socket.gethostname,
-        ]
+        options[:namespaces] = [
+                                 ::Rails.env,
+                                 Socket.gethostname,
+                               ]
       end
     else
-      options[:basepath]     ||= options[:rootpath]
+      options[:basepath] ||= options[:rootpath]
     end
     options[:basepath]         = Pathname.new(options[:basepath])
-    options[:files]          ||= [options[:basepath] + 'settings*.yml',
-                                  options[:basepath] + 'settings']
+    options[:files]          ||= [
+                                   options[:basepath] + 'settings*.yml',
+                                   options[:basepath] + 'settings',
+                                 ]
     options
   rescue LoadError

data/lib/chamber/decryption_key.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'stringio'
 module  Chamber

data/lib/chamber/encryption_methods/none.rb ADDED

@@ -0,0 +1,17 @@
+module  Chamber
+module  EncryptionMethods
+class   None
+  def self.encrypt(_key, value, _encryption_key)
+    value
+  end
+  def self.decrypt(key, value, _decryption_key)
+    warn "WARNING: It appears that you would like to keep your information for #{key} " \
+         "secure, however the value for that setting does not appear to be encrypted. " \
+         "Make sure you run 'chamber secure' before committing."
+    value
+  end
+end
+end
+end

data/lib/chamber/encryption_methods/public_key.rb ADDED

@@ -0,0 +1,27 @@
+module  Chamber
+module  EncryptionMethods
+class   PublicKey
+  def self.encrypt(_key, value, encryption_key)
+    value = YAML.dump(value)
+    encrypted_string = encryption_key.public_encrypt(value)
+    Base64.strict_encode64(encrypted_string)
+  end
+  def self.decrypt(_key, value, decryption_key)
+    if decryption_key.nil?
+      value
+    else
+      decoded_string    = Base64.strict_decode64(value)
+      unencrypted_value = decryption_key.private_decrypt(decoded_string)
+      begin
+        _unserialized_value = YAML.load(unencrypted_value)
+      rescue TypeError
+        unencrypted_value
+      end
+    end
+  end
+end
+end
+end

data/lib/chamber/encryption_methods/ssl.rb ADDED

@@ -0,0 +1,60 @@
+module  Chamber
+module  EncryptionMethods
+class   Ssl
+  LARGE_DATA_STRING_PATTERN = %r{\A([A-Za-z0-9\+\/#]*\={0,2})#([A-Za-z0-9\+\/#]*\={0,2})#([A-Za-z0-9\+\/#]*\={0,2})\z} # rubocop:disable Metrics/LineLength
+  def self.encrypt(_key, value, encryption_key)
+    value = YAML.dump(value)
+    cipher = OpenSSL::Cipher::Cipher.new('AES-128-CBC')
+    cipher.encrypt
+    symmetric_key = cipher.random_key
+    iv = cipher.random_iv
+    # encrypt all data with this key and iv
+    encrypted_data = cipher.update(value) + cipher.final
+    # encrypt the key with the public key
+    encrypted_key = encryption_key.public_encrypt(symmetric_key)
+    # assemble the resulting Base64 encoded data, the key
+    Base64.strict_encode64(encrypted_key) + '#' +
+    Base64.strict_encode64(iv) + '#' +
+    Base64.strict_encode64(encrypted_data)
+  end
+  def self.decrypt(key, value, decryption_key)
+    if decryption_key.nil?
+      value
+    else
+      key, iv, decoded_string = value.
+                                  match(LARGE_DATA_STRING_PATTERN).
+                                  captures.
+                                  map do |part|
+                                    Base64.strict_decode64(part)
+                                  end
+      key = decryption_key.private_decrypt(key)
+      cipher_dec = OpenSSL::Cipher::Cipher.new('AES-128-CBC')
+      cipher_dec.decrypt
+      cipher_dec.key = key
+      cipher_dec.iv = iv
+      begin
+        unencrypted_value = cipher_dec.update(decoded_string) + cipher_dec.final
+      rescue OpenSSL::Cipher::CipherError
+        raise Chamber::Errors::DecryptionFailure,
+              'A decryption error occurred. It was probably due to invalid key data.'
+      end
+      begin
+        _unserialized_value = YAML.load(unencrypted_value)
+      rescue TypeError
+        unencrypted_value
+      end
+    end
+  end
+end
+end
+end

data/lib/chamber/environmentable.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'hashie/mash'
 module  Chamber

data/lib/chamber/errors/decryption_failure.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module  Chamber
 module  Errors
 class   DecryptionFailure < RuntimeError

data/lib/chamber/file.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'pathname'
 require 'yaml'
 require 'erb'
@@ -83,7 +84,14 @@ class   File < Pathname
       file_contents.
         sub!(
           /^(\s*)_secure_#{escaped_name}(\s*):(\s*)['"]?#{escaped_value}['"]?$/,
-          "\\1_secure_#{name_pieces.last}\\2:\\3#{secure_value}")
+          "\\1_secure_#{name_pieces.last}\\2:\\3#{secure_value}",
+        )
+      file_contents.
+        sub!(
+          /^(\s*)_secure_#{escaped_name}(\s*):(\s*)\|((?:\n\1\s{2}.*)+)/,
+          "\\1_secure_#{name_pieces.last}\\2:\\3#{secure_value}",
+        )
     end
     write(file_contents)

data/lib/chamber/file_set.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'pathname'
 require 'chamber/namespace_set'
 require 'chamber/file'
@@ -163,7 +164,7 @@ class   FileSet
   #   # => <Chamber::Settings>
   #
   def to_settings
-    files.reduce(Settings.new) do |settings, file|
+    files.inject(Settings.new) do |settings, file|
       settings.merge(file.to_settings).tap do |merged|
         yield merged if block_given?
       end
@@ -207,7 +208,7 @@ class   FileSet
   # duplicates removed.
   #
   def files
-    @files ||= lambda do
+    @files ||= lambda {
       sorted_relevant_files = []
       file_globs.each do |glob|
@@ -225,7 +226,7 @@ class   FileSet
       end
       sorted_relevant_files.uniq
-    end.call
+    }.call
   end
   private

data/lib/chamber/filters/boolean_conversion_filter.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module  Chamber
 module  Filters
 class   BooleanConversionFilter
@@ -6,7 +7,7 @@ class   BooleanConversionFilter
   end
   def self.execute(options = {})
-    new(options).send(:execute)
+    new(options).__send__(:execute)
   end
   protected

data/lib/chamber/filters/decryption_filter.rb CHANGED

@@ -1,14 +1,19 @@
+# frozen_string_literal: true
 require 'openssl'
 require 'base64'
 require 'hashie/mash'
 require 'yaml'
+require 'chamber/encryption_methods/public_key'
+require 'chamber/encryption_methods/ssl'
+require 'chamber/encryption_methods/none'
 require 'chamber/errors/decryption_failure'
 module  Chamber
 module  Filters
 class   DecryptionFilter
-  SECURE_KEY_TOKEN      = /\A_secure_/
-  BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9\+/]{342}==\z}
+  SECURE_KEY_TOKEN          = /\A_secure_/
+  BASE64_STRING_PATTERN     = %r{\A[A-Za-z0-9\+/]{342}==\z}
+  LARGE_DATA_STRING_PATTERN = %r{\A([A-Za-z0-9\+\/#]*\={0,2})#([A-Za-z0-9\+\/#]*\={0,2})#([A-Za-z0-9\+\/#]*\={0,2})\z} # rubocop:disable Metrics/LineLength
   def initialize(options = {})
     self.decryption_key = options.fetch(:decryption_key, nil)
@@ -16,7 +21,7 @@ class   DecryptionFilter
   end
   def self.execute(options = {})
-    new(options).send(:execute)
+    new(options).__send__(:execute)
   end
   protected
@@ -30,8 +35,8 @@ class   DecryptionFilter
     raw_data.each_pair do |key, value|
       settings[key] = if value.respond_to? :each_pair
                         execute(value)
-                      elsif key.match(SECURE_KEY_TOKEN) && value.respond_to?(:match)
-                        read_or_decrypt(key, value)
+                      elsif key.match(SECURE_KEY_TOKEN)
+                        decryption_method(value).decrypt(key, value, decryption_key)
                       else
                         value
                       end
@@ -54,31 +59,17 @@ class   DecryptionFilter
   private
-  def read_or_decrypt(key, value)
-    if value.match(BASE64_STRING_PATTERN)
-      decrypt(value)
-    else
-      warn 'WARNING: It appears that you would like to keep your ' \
-           "information for #{key} secure, however the value for that " \
-           'setting does not appear to be encrypted. Make sure you run ' \
-           "'chamber secure' before committing."
-      value
-    end
-  end
-  def decrypt(value)
-    if decryption_key.nil?
-      value
-    else
-      decoded_string    = Base64.strict_decode64(value)
-      unencrypted_value = decryption_key.private_decrypt(decoded_string)
-      begin
-        _unserialized_value = YAML.load(unencrypted_value)
-      rescue TypeError
-        unencrypted_value
+  def decryption_method(value)
+    if value.respond_to?(:match)
+      if value.match(BASE64_STRING_PATTERN)
+        EncryptionMethods::PublicKey
+      elsif value.match(LARGE_DATA_STRING_PATTERN)
+        EncryptionMethods::Ssl
+      else
+        EncryptionMethods::None
       end
+    else
+      EncryptionMethods::None
     end
   end
 end