config 2.2.2 → 3.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fa6adc2bd8ce8b4bfbd732f11005ae7657ef8f5eb8c08b9e08d480408d344433
-  data.tar.gz: 48d8c6f90457636a2e1732df83cda5dfa2d2d4f5f8286bf7ceb8683f09831e4e
+  metadata.gz: df10a2302fd2bd1f1199e97150b44d3f58a28915533dd7579bf58ed6fb77d7dd
+  data.tar.gz: 3fe17720f82d92766fd81b6f4dfcdeea1824ca7aa8a71302d4430496cf5921a1
 SHA512:
-  metadata.gz: 32228943bbf540ef716f788fd2cde8c51161cf7a92c3d17f36a109aadf895fde2240187f04e7be17a61488602521ee646c74bdf60657c21ad382b757fd22c203
-  data.tar.gz: e148e52b0f43442c9e8a36e406622d538bcdf9e2faa7eb256376d60bcf2fd8c7c0bf5890a13077a47a0d8415d908ec63567e622f948f93086181f02c653d68b8
+  metadata.gz: b9818ca58226256e90282c8dd1e92d1cac9ad77331e31a8073e811a5be36ada096914030da47ac8df2e57a8dcfcaa0d4d20b5a58ffd934602ac9b02356b53f51
+  data.tar.gz: 680d6f2b9002d1ede073b391ff747c47fe5bf13f87689dbed1e59b3f8a3abb031449069593e8de01086b62631a43936e3f461008340ed88d23b39a35ab29a2d2

data/CHANGELOG.md

@@ -4,6 +4,43 @@
 
 ...
 
+## 3.1.1
+
+### Bug fixes
+
+* Allow the use of unsafe YAML parsing features when using psych >= 4 ([#306](https://github.com/railsconfig/config/issues/306))
+
+## 3.1.0
+
+### New features
+
+* Evaluating ERB in YAML files can now be disabled with `Config.evaluate_erb_in_yaml = false`. The default value for this option is `true` for backwards-compatibility. ([#303](https://github.com/rubyconfig/config/pull/303))
+
+## 3.0.0
+
+### BREAKING CHANGES
+
+* After upgrade behaviour of `to_h` would change and match behaviour of `to_hash`. Check [#217](https://github.com/rubyconfig/config/issues/217#issuecomment-741953382) for more details.
+* `Config::Options#load_env!` and `Config::Options#reload_env!` have been removed. If you need to reload settings after modifying the `ENV` hash, use `Config.reload!` or `Config::Options#reload!` instead.
+
+### Bug fixes
+
+* Added alias `to_h` for `to_hash` ([#277](https://github.com/railsconfig/config/issues/277))
+
+### Changes
+
+* Add `Config::Sources::EnvSource` for loading settings from flat `Hash`es with `String` keys and `String` values, such as from AWS SecretsManager ([#299](https://github.com/railsconfig/config/pull/299))
+
+## 2.2.3
+
+### Bug fixes
+
+* Revert added alias to_h for to_hash ([#277](https://github.com/railsconfig/config/issues/277))
+
+### Changes
+
+* Raise explicit error on environment variable conflicts ([#293](https://github.com/railsconfig/config/issues/293))
+
 ## 2.2.2
 
 ### Bug fixes

data/README.md

@@ -1,9 +1,9 @@
 # Config
 
-[![Gem Version](https://badge.fury.io/rb/config.svg)](http://badge.fury.io/rb/config)
+[![Version](https://img.shields.io/gem/v/config)](https://rubygems.org/gems/config)
+[![Downloads Total](https://img.shields.io/gem/dt/config)](https://rubygems.org/gems/config)
+[![Build](https://img.shields.io/github/workflow/status/rubyconfig/config/tests)](https://rubygems.org/gems/config)
 [![Tests](https://github.com/rubyconfig/config/workflows/tests/badge.svg)](https://github.com/rubyconfig/config/actions?query=branch%3Amaster)
-[![Maintainability](https://api.codeclimate.com/v1/badges/85c206c13dce7de090af/maintainability)](https://codeclimate.com/github/rubyconfig/config/maintainability)
-[![Test Coverage](https://api.codeclimate.com/v1/badges/85c206c13dce7de090af/test_coverage)](https://codeclimate.com/github/rubyconfig/config/test_coverage)
 [![Financial Contributors on Open Collective](https://opencollective.com/rubyconfig/all/badge.svg?label=backers)](https://opencollective.com/rubyconfig)
 
 ## Summary
@@ -190,8 +190,9 @@ Settings.add_source!("#{Rails.root}/config/settings/local.yml")
 Settings.reload!
 ```
 
-> Note: this is an example usage, it is easier to just use the default local files `settings.local.yml,
-settings/#{Rails.env}.local.yml and environments/#{Rails.env}.local.yml` for your developer specific settings.
+> Note: this is an example usage, it is easier to just use the default local
+> files `settings.local.yml`, `settings/#{Rails.env}.local.yml` and
+> `environments/#{Rails.env}.local.yml` for your developer specific settings.
 
 You also have the option to add a raw hash as a source. One use case might be storing settings in the database or in environment variables that overwrite what is in the YML files.
 
@@ -204,7 +205,9 @@ You may pass a hash to `prepend_source!` as well.
 
 ## Embedded Ruby (ERB)
 
-Embedded Ruby is allowed in the configuration files. Consider the two following config files.
+Embedded Ruby is allowed in the YAML configuration files. ERB will be evaluated at load time by default, and when the `evaluate_erb_in_yaml` configuration is set to `true`.
+
+Consider the two following config files.
 
 * ```#{Rails.root}/config/settings.yml```
 
@@ -265,6 +268,7 @@ After installing `Config` in Rails, you will find automatically generated file t
 ### General
 
 * `const_name` - name of the object holing you settings. Default: `'Settings'`
+* `evaluate_erb_in_yaml` - evaluate ERB in YAML config files. Set to false if the config file contains ERB that should not be evaluated at load time. Default: `true`
 
 ### Merge customization
 
@@ -419,6 +423,21 @@ ENV['Settings.section.server'] = 'google.com'
 
 It won't work with arrays, though.
 
+It is considered an error to use environment variables to simutaneously assign a "flat" value and a multi-level value to a key.
+
+```ruby
+# Raises an error when settings are loaded
+ENV['BACKEND_DATABASE'] = 'development'
+ENV['BACKEND_DATABASE_USER'] = 'postgres'
+```
+
+Instead, specify keys of equal depth in the environment variable names:
+
+```ruby
+ENV['BACKEND_DATABASE_NAME'] = 'development'
+ENV['BACKEND_DATABASE_USER'] = 'postgres'
+```
+
 ### Working with Heroku
 
 Heroku uses ENV object to store sensitive settings. You cannot upload such files to Heroku because it's ephemeral filesystem gets recreated from the git sources on each instance refresh. To use config with Heroku just set the `use_env` var to `true` as mentioned above.
@@ -464,6 +483,50 @@ Settings.section.server # => 'google.com'
 Settings.section.ssl_enabled # => false
 ```
 
+### Working with AWS Secrets Manager
+
+It is possible to parse variables stored in an AWS Secrets Manager Secret as if they were environment variables by using `Config::Sources::EnvSource`.
+
+For example, the plaintext secret might look like this:
+
+```json
+{
+  "Settings.foo": "hello",
+  "Settings.bar": "world",
+}
+```
+
+In order to load those settings, fetch the settings from AWS Secrets Manager, parse the plaintext as JSON, pass the resulting `Hash` into a new `EnvSource`, load the new source, and reload.
+
+```ruby
+# fetch secrets from AWS
+client = Aws::SecretsManager::Client.new
+response = client.get_secret_value(secret_id: "#{ENV['ENVIRONMENT']}/my_application")
+secrets = JSON.parse(response.secret_string)
+
+# load secrets into config
+secret_source = Config::Sources::EnvSource.new(secrets)
+Settings.add_source!(secret_source)
+Settings.reload!
+```
+
+In this case, the following settings will be available:
+
+```ruby
+Settings.foo # => "hello"
+Settings.bar # => "world"
+```
+
+By default, `EnvSource` will use configuration for `env_prefix`, `env_separator`, `env_converter`, and `env_parse_values`, but any of these can be overridden in the constructor.
+
+```ruby
+secret_source = Config::Sources::EnvSource.new(secrets,
+                                               prefix: 'MyConfig',
+                                               separator: '__',
+                                               converter: nil,
+                                               parse_values: false)
+```
+
 ## Contributing
 
 You are very warmly welcome to help. Please follow our [contribution guidelines](CONTRIBUTING.md)

data/lib/config/options.rb

@@ -31,42 +31,6 @@ module Config
       @config_sources.unshift(source)
     end
 
-    def reload_env!
-      return self if ENV.nil? || ENV.empty?
-
-      hash = Hash.new
-
-      ENV.each do |variable, value|
-        separator = Config.env_separator
-        prefix = (Config.env_prefix || Config.const_name).to_s.split(separator)
-
-        keys = variable.to_s.split(separator)
-
-        next if keys.shift(prefix.size) != prefix
-
-        keys.map! { |key|
-          case Config.env_converter
-            when :downcase then
-              key.downcase.to_sym
-            when nil then
-              key.to_sym
-            else
-              raise "Invalid ENV variables name converter: #{Config.env_converter}"
-          end
-        }
-
-        leaf = keys[0...-1].inject(hash) { |h, key|
-          h[key] ||= {}
-        }
-
-        leaf[keys.last] = Config.env_parse_values ? __value(value) : value
-      end
-
-      merge!(hash)
-    end
-
-    alias :load_env! :reload_env!
-
     # look through all our sources and rebuild the configuration
     def reload!
       conf = {}
@@ -91,7 +55,6 @@ module Config
       # swap out the contents of the OStruct with a hash (need to recursively convert)
       marshal_load(__convert(conf).marshal_dump)
 
-      reload_env! if Config.use_env
       validate!
 
       self
@@ -218,17 +181,5 @@ module Config
       end
       s
     end
-
-    # Try to convert string to a correct type
-    def __value(v)
-      case v
-      when 'false'
-        false
-      when 'true'
-        true
-      else
-        Integer(v) rescue Float(v) rescue v
-      end
-    end
   end
 end

data/lib/config/sources/env_source.rb

@@ -0,0 +1,73 @@
+module Config
+  module Sources
+    # Allows settings to be loaded from a "flat" hash with string keys, like ENV.
+    class EnvSource
+      attr_reader :prefix
+      attr_reader :separator
+      attr_reader :converter
+      attr_reader :parse_values
+
+      def initialize(env,
+                     prefix: Config.env_prefix || Config.const_name,
+                     separator: Config.env_separator,
+                     converter: Config.env_converter,
+                     parse_values: Config.env_parse_values)
+        @env = env
+        @prefix = prefix.to_s.split(separator)
+        @separator = separator
+        @converter = converter
+        @parse_values = parse_values
+      end
+
+      def load
+        return {} if @env.nil? || @env.empty?
+
+        hash = Hash.new
+
+        @env.each do |variable, value|
+          keys = variable.to_s.split(separator)
+
+          next if keys.shift(prefix.size) != prefix
+
+          keys.map! { |key|
+            case converter
+              when :downcase then
+                key.downcase
+              when nil then
+                key
+              else
+                raise "Invalid ENV variables name converter: #{converter}"
+            end
+          }
+
+          leaf = keys[0...-1].inject(hash) { |h, key|
+            h[key] ||= {}
+          }
+
+          unless leaf.is_a?(Hash)
+            conflicting_key = (prefix + keys[0...-1]).join(separator)
+            raise "Environment variable #{variable} conflicts with variable #{conflicting_key}"
+          end
+
+          leaf[keys.last] = parse_values ? __value(value) : value
+        end
+
+        hash
+      end
+
+      private
+
+      # Try to convert string to a correct type
+      def __value(v)
+        case v
+        when 'false'
+          false
+        when 'true'
+          true
+        else
+          Integer(v) rescue Float(v) rescue v
+        end
+      end
+    end
+  end
+end

data/lib/config/sources/yaml_source.rb

@@ -5,14 +5,20 @@ module Config
   module Sources
     class YAMLSource
       attr_accessor :path
+      attr_reader :evaluate_erb
 
-      def initialize(path)
+      def initialize(path, evaluate_erb: Config.evaluate_erb_in_yaml)
         @path = path.to_s
+        @evaluate_erb = !!evaluate_erb
       end
 
       # returns a config hash from the YML file
       def load
-        result = YAML.load(ERB.new(IO.read(@path)).result) if @path and File.exist?(@path)
+        if @path and File.exist?(@path)
+          file_contents = IO.read(@path)
+          file_contents = ERB.new(file_contents).result if evaluate_erb
+          result = YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(file_contents) : YAML.load(file_contents)
+        end
 
         result || {}
 

data/lib/config/version.rb

@@ -1,3 +1,3 @@
 module Config
-  VERSION = '2.2.2'.freeze
+  VERSION = '3.1.1'.freeze
 end

data/lib/config.rb

@@ -4,6 +4,7 @@ require 'config/configuration'
 require 'config/version'
 require 'config/sources/yaml_source'
 require 'config/sources/hash_source'
+require 'config/sources/env_source'
 require 'config/validation/schema'
 require 'deep_merge'
 
@@ -23,7 +24,8 @@ module Config
     merge_nil_values: true,
     overwrite_arrays: true,
     merge_hash_arrays: false,
-    validation_contract: nil
+    validation_contract: nil,
+    evaluate_erb_in_yaml: true
   )
 
   def self.setup
@@ -41,6 +43,8 @@ module Config
       config.add_source!(file.to_s)
     end
 
+    config.add_source!(Sources::EnvSource.new(ENV)) if Config.use_env
+
     config.load!
     config
   end

data/lib/generators/config/templates/config.rb

@@ -52,4 +52,7 @@ Config.setup do |config|
   #   required(:email).filled(format?: EMAIL_REGEX)
   # end
 
+  # Evaluate ERB in YAML config files at load time.
+  #
+  # config.evaluate_erb_in_yaml = true
 end

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: config
 version: !ruby/object:Gem::Version
-  version: 2.2.2
+  version: 3.1.1
 platform: ruby
 authors:
 - Piotr Kuczynski
 - Fred Wu
 - Jacques Crocker
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-12-08 00:00:00.000000000 Z
+date: 2022-01-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: deep_merge
@@ -116,44 +116,58 @@ dependencies:
   name: bootsnap
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: 1.4.4
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: 1.4.4
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.0.3.1
+        version: 6.1.4
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.0.3.1
+        version: 6.1.4
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.7'
+        version: '5.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.7'
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: psych
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4'
 - !ruby/object:Gem::Dependency
   name: mdl
   requirement: !ruby/object:Gem::Requirement
@@ -215,6 +229,7 @@ files:
 - lib/config/integrations/sinatra.rb
 - lib/config/options.rb
 - lib/config/rack/reloader.rb
+- lib/config/sources/env_source.rb
 - lib/config/sources/hash_source.rb
 - lib/config/sources/yaml_source.rb
 - lib/config/tasks/heroku.rake
@@ -250,8 +265,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key:
+rubygems_version: 3.1.6
+signing_key: 
 specification_version: 4
 summary: Effortless multi-environment settings in Rails, Sinatra, Pandrino and others
 test_files: []