chamber 3.0.1 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9e37ed83e4c76419880c6abbfdc967f2e82a6fc8824b868904cae1fcb26878d0
-  data.tar.gz: a61415b6fcce618cbd452a7373b22b3ea1093cb8150b12df6798021743ff02d3
+  metadata.gz: 1434b18f4453229446ae2ae6656c2bf1efe0d1aad2525266aeee1ed974a6d1d8
+  data.tar.gz: 461e8495983af2516b9968052acf26080570e319871ee9bab71b60e84f10865b
 SHA512:
-  metadata.gz: c55d1d457aa0a4d908d4be0e790dc86f10895a2d6514613e1d2d27bfb6ebbde69a7d5e4bb4f0695e6f8da1d993f7d820644b3a975b88d2d91237936c15a6c5e3
-  data.tar.gz: d0cecb00b849c518ac20f1fefd6c76029e6dbd6a54a9676b28a94529a7df5da9e8a0ef8ea2301cfc9460a627ae168bbab3f07954a48931e5c9a9dd1d60d8f087
+  metadata.gz: 53c5345034b1b4e686965450851ddf7706c4152af276cd52d908207e357c9853574d2e62b72eaca26ebf2e2e185548e9289833a536f22b492d2ba07c00ae2f62
+  data.tar.gz: a74af49b5470c0fb4ec3c21ff2797bf529d9e32e73e05f73915f9be8f09f05dd608a5a90e888640feba9cdbe2d457181c934d62885f89e0d1a830f4dc7e45e4c

data/lib/chamber/binary/runner.rb

@@ -5,6 +5,7 @@ require 'chamber/rubinius_fix'
 require 'chamber/commands/show'
 require 'chamber/commands/files'
 require 'chamber/commands/secure'
+require 'chamber/commands/unsecure'
 require 'chamber/commands/sign'
 require 'chamber/commands/verify'
 require 'chamber/commands/compare'
@@ -137,6 +138,21 @@ class   Runner < Thor
 
   ################################################################################
 
+  desc 'unsecure',
+       'Decrypts all encrypted values using the current key(s)' \
+
+  method_option :dry_run,
+                type:    :boolean,
+                aliases: '-d',
+                desc:    'Does not actually decrypt anything, but instead displays ' \
+                         'what values would be decrypted'
+
+  def unsecure
+    Commands::Unsecure.call(**options.transform_keys(&:to_sym).merge(shell: self))
+  end
+
+  ################################################################################
+
   desc 'sign',
        'Creates or verifies signatures for all current settings files using ' \
        'the signature private key.'

data/lib/chamber/commands/unsecure.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require 'chamber/commands/base'
+require 'chamber/commands/securable'
+
+module  Chamber
+module  Commands
+class   Unsecure < Chamber::Commands::Base
+  include Chamber::Commands::Securable
+
+  def initialize(**args)
+    super(**args.merge(namespaces: ['*']))
+  end
+
+  def call
+    disable_warnings do
+      current_settings.secure.to_environment.each_key do |key|
+        color = dry_run ? :blue : :green
+
+        shell.say_status 'decrypt', key, color
+      end
+    end
+
+    chamber.unsecure unless dry_run
+  end
+
+  private
+
+  def disable_warnings
+    $stderr = ::File.open('/dev/null', 'w')
+
+    yield
+
+    $stderr = STDERR
+  end
+end
+end
+end

data/lib/chamber/file.rb

@@ -107,6 +107,43 @@ class   File < Pathname
   end
   # rubocop:enable Layout/LineLength, Metrics/AbcSize
 
+  # rubocop:disable Metrics/AbcSize
+  def decrypt
+    decrypted_settings = to_settings.decrypted.to_flattened_name_hash
+    secure_settings    = to_settings.encrypted.to_flattened_name_hash
+    file_contents      = read
+
+    decrypted_settings.each_pair do |name_pieces, decrypted_value|
+      encrypted_value = secure_settings[name_pieces]
+
+      next unless encrypted_value.is_a?(String)
+
+      escaped_name      = Regexp.escape(name_pieces.last)
+      escaped_value     = Regexp.escape(encrypted_value)
+      line_pattern      = /^(\s*)#{escaped_name}(\s*):(\s*)#{escaped_value}$/
+      indentation_level = file_contents
+                            .match(line_pattern)
+                            &.[](1)
+                            &.<<('  ')
+
+      if decrypted_value.include?("\n")
+        decrypted_value = decrypted_value
+                            .chomp
+                            .gsub(/\n/, "\n#{indentation_level}")
+                            .prepend("|\n#{indentation_level}")
+      end
+
+      file_contents
+        .sub!(
+          line_pattern,
+          "\\1#{name_pieces.last}\\2:\\3#{decrypted_value}",
+        )
+    end
+
+    write(file_contents)
+  end
+  # rubocop:enable Metrics/AbcSize
+
   def sign
     signature_key_contents = decryption_keys[:signature]
 

data/lib/chamber/file_set.rb

@@ -192,6 +192,10 @@ class   FileSet
     files.each(&:secure)
   end
 
+  def unsecure
+    files.each(&:decrypt)
+  end
+
   def sign
     files.each(&:sign)
   end

data/lib/chamber/instance.rb

@@ -38,6 +38,10 @@ class   Instance
     files.secure
   end
 
+  def unsecure
+    files.unsecure
+  end
+
   def sign
     files.sign
   end

data/lib/chamber/settings.rb

@@ -286,6 +286,21 @@ class   Settings
                  ))
   end
 
+  def decrypted
+    Settings.new(**metadata.merge(
+                   settings:     raw_data,
+                   post_filters: [Filters::DecryptionFilter],
+                 ))
+  end
+
+  def encrypted
+    Settings.new(**metadata.merge(
+                   settings:     raw_data,
+                   pre_filters:  [Filters::EncryptionFilter],
+                   post_filters: [],
+                 ))
+  end
+
   def insecure
     Settings.new(**metadata.merge(
                    settings:     raw_data,

data/lib/chamber/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Chamber
-  VERSION = '3.0.1'
+  VERSION = '3.1.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: chamber
 version: !ruby/object:Gem::Version
-  version: 3.0.1
+  version: 3.1.0
 platform: ruby
 authors:
 - thekompanee
@@ -155,6 +155,7 @@ files:
 - lib/chamber/commands/show.rb
 - lib/chamber/commands/sign.rb
 - lib/chamber/commands/travis.rb
+- lib/chamber/commands/unsecure.rb
 - lib/chamber/commands/verify.rb
 - lib/chamber/configuration.rb
 - lib/chamber/context_resolver.rb