cryptoform 0.4.0 → 0.5.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2c6cc60c333e671e55fbfd296176c2ced70ac3b4fcb02123e1978935ee6de35e
4
- data.tar.gz: 21c722a203ce621da18fea553a8c1723aa9c4b3357a562aa17a3c1b3d71442dc
3
+ metadata.gz: 10f63f7cfeba8e328c8e567ff7689e9f8a8d90c0fc8e1b688509acd18dd14e87
4
+ data.tar.gz: 3358b99bff63db1f3fd564fda90ba8422b8b4e9306f9be39be7f55934623a6b1
5
5
  SHA512:
6
- metadata.gz: ad46477f8340822cb0ece4cedb09f901e9bc12d35c463bb24cc55905d771b65c4fd19fc6c3cec8c8fd555581cd7b61de8b2d208f6615241d00280118960f47fb
7
- data.tar.gz: 78ae779546f83c481e1c8566c33576c6996a93be972b5d33831616bc3141e7fef6bf16b11fcfe102020ec5140918d74ec9b71c22944d2777327c4eb69894f6bd
6
+ metadata.gz: 41c5c9475491f40bfa6b47c1b528926e1c75378475c4708cb115d3bef3555de8896c79a7b630609b220e8252e0e839d9fa4f8cd32e7847d10d8f87ad3565d751
7
+ data.tar.gz: e4e005ddb04d0e7b17bd9d783d485c979d161f0f6ee2b94db98f881f7cada426af989fdcf94effb19983fbf3cd69aefbdabb3578b4ac5f900e5b27b4c3175b59
data/README.md CHANGED
@@ -1,13 +1,13 @@
1
1
  # Cryptoform
2
2
 
3
3
  Implemented as an http backend, cryptoform encypts your state using one of the providers and stores in one
4
- on the backends. Currently only [lockbox](https://github.com/ankane/lockbox) provider and file backend
4
+ on the backends. Currently only [lockbox](https://github.com/ankane/lockbox) provider and file backend
5
5
  are supported. The tool designed to be modular so other encryption providers and backends may be added
6
6
  later on.
7
7
 
8
8
  ## Why
9
9
 
10
- Even though it's strongly recommended to use S3 or some other 3rd party service to store the state, and
10
+ Even though it's strongly recommended to use S3 or some other 3rd party service to store the state, and
11
11
  using git to store it is discouraged, sometimes it's still very handy to not have any external services
12
12
  and store the state in git, encryted for better safety. For instance: you work on the project alone and
13
13
  you don't need locking(an external lock mechanism can be supported in the future) and you don't want to
@@ -15,34 +15,46 @@ bother configuring an external state store.
15
15
 
16
16
  ## Installation
17
17
 
18
+ ### Native installation
19
+
18
20
  1. Install one of supported ruby versions: 3.2 or newer
19
21
  2. In your terraform project, create 2 files:
20
-
21
- *Gemfile*:
22
- ```ruby
23
- # frozen_string_literal: true
24
22
 
25
- source "https://rubygems.org"
23
+ _Gemfile_:
24
+
25
+ ```ruby
26
+ # frozen_string_literal: true
27
+
28
+ source "https://rubygems.org"
29
+
30
+ gem "cryptoform"
31
+ ```
26
32
 
27
- gem "cryptoform"
28
- ```
29
33
  3. Run `bundle install`
30
- 4. TODO: Run `bundle exec rake cryptoform:init` and save the printed key.
31
- 5. Run `CRYPTOFORM_KEY=<key from the previous step> bundle exec cryptoform`
32
- 6. Configure your terraform backend:
33
- ```hcl
34
- terraform {
35
- backend "http" {
36
- address = "http://127.0.0.1:3000/states/state"
37
- }
38
- }
39
- ```
40
-
41
- TODO: ship in docker?
34
+ 4. Run `bundle exec cryptoform init` and follow the instructions.
35
+
36
+ ### Docker
37
+
38
+ 1. Download the script `wget https://raw.githubusercontent.com/zhulik/cryptoform/main/cryptoform`
39
+ 2. **Read it, never trust random scripts from the internet**. Adjust the scrupt if needed.
40
+ 3. Make it executable `chmod +x ./cryptoform`
41
+ 4. Run it `./cryptoform init`
42
42
 
43
43
  ## Cryptofile
44
44
 
45
- TODO: Write Cryptofile details here
45
+ ```ruby
46
+ port 3000 # Optional, default is 3000
47
+
48
+ state :state do # required, name can be different if you like
49
+ # only file is supported, state will be stored in <state name>.tfstate.enc
50
+ storage_backend :file, name: "state.tfstate.env" # required, file name can be overwriten if needed
51
+
52
+ # lockbox and diff_lockbox are supported backends, both use lockbox gem,
53
+ # but diff_lockbox only encrypts JSON scalar values making the state file
54
+ # a little bit less secure, but partially human readable and gid diff friendly.
55
+ encryption_backend :diff_lockbox, key: -> { ENV.fetch("CRYPTOFORM_KEY") } # required, `key` is also required
56
+ end
57
+ ```
46
58
 
47
59
  ## Development
48
60
 
@@ -0,0 +1,35 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "lib/cryptoform/version"
4
+
5
+ Gem::Specification.new do |spec|
6
+ spec.name = "cryptoform"
7
+ spec.version = Cryptoform::VERSION
8
+ spec.authors = ["Gleb Sinyavskiy"]
9
+ spec.email = ["zhulik.gleb@gmail.com"]
10
+
11
+ spec.summary = "Save your encypted terraform state in git."
12
+ spec.description = "Save your encypted terraform state in git."
13
+ spec.homepage = "https://github.com/zhulik/cryptoform"
14
+ spec.license = "MIT"
15
+ spec.required_ruby_version = ">= 3.2.0"
16
+
17
+ spec.metadata["homepage_uri"] = spec.homepage
18
+ spec.metadata["source_code_uri"] = spec.homepage
19
+ spec.metadata["changelog_uri"] = "https://github.com/zhulik/cryptoform/releases"
20
+
21
+ spec.files = Dir["lib/**/*.rb"] + Dir["exe/*"] + ["cryptoform.gemspec", "README.md"]
22
+ spec.bindir = "exe"
23
+ spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
24
+ spec.require_paths = ["lib"]
25
+
26
+ spec.add_dependency "base64", "~> 0.2"
27
+ spec.add_dependency "lockbox", "~> 1.3"
28
+ spec.add_dependency "rackup", "~> 2.1"
29
+ spec.add_dependency "sinatra", "~> 4.0"
30
+ spec.add_dependency "sinatra-contrib", "~> 4.0"
31
+ spec.add_dependency "thor", "~> 1.3"
32
+ spec.add_dependency "zeitwerk", "~> 2.6"
33
+
34
+ spec.metadata["rubygems_mfa_required"] = "true"
35
+ end
data/exe/cryptoform CHANGED
@@ -1,6 +1,83 @@
1
1
  #!/usr/bin/env ruby
2
2
  # frozen_string_literal: true
3
3
 
4
+ ENV["APP_ENV"] = "production"
5
+
4
6
  require "cryptoform"
5
7
 
6
- Cryptoform.run("Cryptofile")
8
+ class CryptoformCLI < Thor
9
+ CRYPTOFOFILE = "Cryptofile"
10
+ class << self
11
+ def exit_on_failure?
12
+ false
13
+ end
14
+ end
15
+
16
+ desc "server", "run cryptoform server"
17
+ option :cryptofile, type: :string, default: CRYPTOFOFILE
18
+ def server
19
+ Cryptoform.run!(File.read(options[:cryptofile]))
20
+ end
21
+
22
+ desc "validate", "validate your cryptofile"
23
+ option :cryptofile, type: :string, default: CRYPTOFOFILE
24
+ def validate
25
+ Cryptoform.load_cryptofile!(File.read(options[:cryptofile]))
26
+ puts "#{options[:cryptofile]} is valid!"
27
+ rescue Cryptoform::ConfigValidationError => e
28
+ puts "#{options[:cryptofile]} is invalid:"
29
+ puts(e.message)
30
+ end
31
+
32
+ desc "init", "initialize project"
33
+ option :cryptofile, type: :string, default: CRYPTOFOFILE
34
+ option :generate_key, type: :boolean, default: true
35
+ option :port, type: :numeric, default: 3000
36
+ option :name, type: :string, default: "state"
37
+ option :storage_backend, type: :string, default: "file"
38
+ option :encryption_backend, type: :string, default: "diff_lockbox"
39
+ option :force, type: :boolean, default: false
40
+ def init # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
41
+ if File.exist?(cryptofile_path) && !options[:force]
42
+ puts("#{cryptofile_path} already exists, is the project already initialized?")
43
+ exit(1)
44
+ end
45
+
46
+ config_generator = Cryptoform::ConfigGenerator.new(
47
+ **options.slice(:name, :port, :storage_backend, :encryption_backend).transform_keys(&:to_sym)
48
+ )
49
+ cryptofile = config_generator.generate_cryptofile
50
+ config = Cryptoform.load_cryptofile!(cryptofile)
51
+
52
+ if options[:generate_key]
53
+ key = config.config.states[options[:name].to_sym].encryption_backend.generate_key
54
+ puts("We generated a key for you, pass it to Cryptoform as \"CRYPTOFORM_KEY\" environment variable")
55
+ puts("Key: #{key}")
56
+ end
57
+
58
+ File.write(cryptofile_path, cryptofile)
59
+ puts("#{cryptofile_path} is written!")
60
+
61
+ puts("Use this to configure you terraform backend:")
62
+ puts(config_generator.generate_terraform_backend)
63
+
64
+ puts("And this to configure a terraform remote state data source:")
65
+ puts(config_generator.generate_terraform_remote_state_data_source)
66
+
67
+ puts("All done, you can start using Cryptoform. To run the server execute:")
68
+ command = "bundle exec cryptoform"
69
+ command += " --cryptofile #{cryptofile_path}" if cryptofile_path != CRYPTOFOFILE
70
+
71
+ puts(command)
72
+ end
73
+
74
+ default_command :server
75
+
76
+ no_commands do
77
+ def cryptofile_path
78
+ options[:cryptofile]
79
+ end
80
+ end
81
+ end
82
+
83
+ CryptoformCLI.start(ARGV)
@@ -1,11 +1,14 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  class Cryptoform::Config::Builder
4
+ PORTS = 1..65_535
4
5
  Config = Data.define(:port, :states)
5
6
 
6
- def initialize
7
+ def initialize(cryptofile)
7
8
  @port = 3000
8
9
  @states = {}
10
+
11
+ instance_eval(cryptofile)
9
12
  end
10
13
 
11
14
  def port(port)
@@ -22,8 +25,8 @@ class Cryptoform::Config::Builder
22
25
 
23
26
  def validate!
24
27
  @states.each_value(&:validate!)
25
-
26
- raise Cryptoform::ConfigValidationError, "port must be an integer" if @key.is_a?(Numeric)
28
+ raise Cryptoform::ConfigValidationError, "at least one state must be configured" if @states.empty?
29
+ raise Cryptoform::ConfigValidationError, "port must be an in range 0-65545" unless PORTS.include?(@port)
27
30
  end
28
31
 
29
32
  def config
@@ -8,7 +8,8 @@ class Cryptoform::Config::StateConfigBuilder
8
8
  }.freeze
9
9
 
10
10
  ENCRYPTION_BACKENDS = {
11
- lockbox: Cryptoform::EncryptionBackends::Lockbox
11
+ lockbox: Cryptoform::EncryptionBackends::Lockbox,
12
+ diff_lockbox: Cryptoform::EncryptionBackends::DiffLockbox
12
13
  }.freeze
13
14
 
14
15
  def initialize(name, &)
@@ -0,0 +1,45 @@
1
+ # frozen_string_literal: true
2
+
3
+ class Cryptoform::ConfigGenerator
4
+ def initialize(name:, port:, storage_backend:, encryption_backend:)
5
+ @name = name
6
+ @port = port
7
+ @storage_backend = storage_backend
8
+ @encryption_backend = encryption_backend
9
+ end
10
+
11
+ def generate_cryptofile
12
+ <<~RUBY
13
+ # frozen_string_literal: true
14
+
15
+ port #{@port}
16
+
17
+ state :#{@name} do
18
+ storage_backend :#{@storage_backend}
19
+ encryption_backend :#{@encryption_backend}, key: -> { ENV.fetch("CRYPTOFORM_KEY") }
20
+ end
21
+ RUBY
22
+ end
23
+
24
+ def generate_terraform_backend
25
+ <<~HCL
26
+ terraform {
27
+ backend "http" {
28
+ address = "http://127.0.0.1:#{@port}/states/#{@name}"
29
+ }
30
+ }
31
+ HCL
32
+ end
33
+
34
+ def generate_terraform_remote_state_data_source
35
+ <<~HCL
36
+ data "terraform_remote_state" "#{@name}_remote_state" {
37
+ backend = "http"
38
+
39
+ config = {
40
+ address = "http://127.0.0.1:#{@port}/states/#{@name}"
41
+ }
42
+ }
43
+ HCL
44
+ end
45
+ end
@@ -10,7 +10,11 @@ class Cryptoform::EncryptionBackends::Backend
10
10
  raise NotImplementedError
11
11
  end
12
12
 
13
- def encrypt(json)
13
+ def encrypt(object)
14
+ raise NotImplementedError
15
+ end
16
+
17
+ def generate_key
14
18
  raise NotImplementedError
15
19
  end
16
20
  end
@@ -0,0 +1,29 @@
1
+ # frozen_string_literal: true
2
+
3
+ class Cryptoform::EncryptionBackends::DiffLockbox < Cryptoform::EncryptionBackends::Lockbox
4
+ def encrypt(json)
5
+ JSON.pretty_generate(encrypt_object(json, lockbox))
6
+ end
7
+
8
+ def decrypt(ciphertext)
9
+ decrypt_object(JSON.parse(ciphertext, symbolize_names: true), lockbox)
10
+ end
11
+
12
+ private
13
+
14
+ def decrypt_object(object, box)
15
+ return object.transform_values { decrypt_object(_1, box) } if object.is_a?(Hash)
16
+ return object.map { decrypt_object(_1, box) } if object.is_a?(Array)
17
+
18
+ decrypted = box.decrypt(object)
19
+
20
+ decrypted.start_with?("{") ? JSON.parse(decrypted, symbolize_names: true)[:value] : decrypted
21
+ end
22
+
23
+ def encrypt_object(object, box)
24
+ return object.transform_values { encrypt_object(_1, box) } if object.is_a?(Hash)
25
+ return object.map { encrypt_object(_1, box) } if object.is_a?(Array)
26
+
27
+ box.encrypt({ value: object }.to_json)
28
+ end
29
+ end
@@ -1,14 +1,20 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  class Cryptoform::EncryptionBackends::Lockbox < Cryptoform::EncryptionBackends::Backend
4
- def encrypt(json)
5
- lockbox.encrypt(json.to_json)
4
+ def encrypt(object)
5
+ lockbox.encrypt(object.to_json)
6
6
  end
7
7
 
8
8
  def decrypt(ciphertext)
9
- JSON.parse(lockbox.decrypt(ciphertext))
9
+ JSON.parse(lockbox.decrypt(ciphertext), symbolize_names: true)
10
10
  end
11
11
 
12
+ def generate_key
13
+ ::Lockbox.generate_key
14
+ end
15
+
16
+ private
17
+
12
18
  def lockbox
13
19
  ::Lockbox.new(key: @params[:key].call, encode: true)
14
20
  end
@@ -1,21 +1,69 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- class Cryptoform::Server
4
- def initialize(config)
5
- @server = WEBrick::HTTPServer.new(
6
- Port: config.port,
7
- BindAddress: "0.0.0.0",
8
- AccessLog: [
9
- [$stdout, WEBrick::AccessLog::COMMON_LOG_FORMAT],
10
- [$stdout, WEBrick::AccessLog::REFERER_LOG_FORMAT]
11
- ]
3
+ class Cryptoform::Server < Sinatra::Application
4
+ set :show_exceptions, false
5
+
6
+ class Encoder
7
+ def self.encode(json)
8
+ JSON.pretty_generate(json)
9
+ end
10
+ end
11
+
12
+ set :json_encoder, Encoder
13
+
14
+ before do
15
+ content_type "application/json"
16
+ end
17
+
18
+ class << self
19
+ def run!(config, **)
20
+ Cryptoform::Server.port = config.port
21
+ Cryptoform::Server.set(:states, config.states)
22
+ super(**)
23
+ end
24
+ end
25
+
26
+ get "/" do
27
+ json(
28
+ cryptoform: {
29
+ version: Cryptoform::VERSION
30
+ }
12
31
  )
13
- trap("INT") { @server.shutdown }
32
+ end
33
+
34
+ get "/states" do
35
+ json(settings.states.transform_values { {} })
36
+ end
37
+
38
+ get "/states/:name" do
39
+ state = state_config.encryption_backend.decrypt(state_config.storage_backend.read)
40
+ json(state)
41
+ end
42
+
43
+ post "/states/:name" do
44
+ state = JSON.parse(request.body.read, symbolize_names: true)
45
+ state_config.storage_backend.write(state_config.encryption_backend.encrypt(state))
46
+ json(state)
47
+ end
14
48
 
15
- @server.mount("/", Rackup::Handler::WEBrick, Cryptoform::Application.new(config))
49
+ error Cryptoform::StateMissingError, Cryptoform::UnknownStateError do |e|
50
+ status 404
51
+ json(error: e.message)
16
52
  end
17
53
 
18
- def run
19
- @server.start
54
+ error Sinatra::NotFound do |_e|
55
+ status 404
56
+ json(error: "Not found")
57
+ end
58
+
59
+ error 500 do
60
+ json(error: "Internal server error")
61
+ end
62
+
63
+ private
64
+
65
+ def state_config
66
+ name = params[:name].to_sym
67
+ settings.states[name] || raise(Cryptoform::UnknownStateError, "state '#{name}' is not configured in Cryptofile")
20
68
  end
21
69
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Cryptoform
4
- VERSION = "0.4.0"
4
+ VERSION = "0.5.1"
5
5
  end
data/lib/cryptoform.rb CHANGED
@@ -1,13 +1,12 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "zeitwerk"
4
3
  require "logger"
5
4
 
6
5
  require "lockbox"
7
- require "webrick"
8
- require "rackup"
9
6
  require "sinatra"
10
7
  require "sinatra/json"
8
+ require "thor"
9
+ require "zeitwerk"
11
10
 
12
11
  loader = Zeitwerk::Loader.for_gem
13
12
 
@@ -17,12 +16,16 @@ module Cryptoform
17
16
  class Error < StandardError; end
18
17
  class ConfigValidationError < Cryptoform::Error; end
19
18
  class StateMissingError < Cryptoform::Error; end
19
+ class UnknownStateError < Cryptoform::Error; end
20
20
 
21
21
  class << self
22
- def run(path)
23
- config = Cryptoform::Config::Builder.new.tap { _1.instance_eval(File.read(path)) }
24
- config.validate!
25
- Cryptoform::Server.new(config.config).run
22
+ def run!(cryptofile)
23
+ config = load_cryptofile!(cryptofile)
24
+ Cryptoform::Server.run!(config.config)
25
+ end
26
+
27
+ def load_cryptofile!(cryptofile)
28
+ Cryptoform::Config::Builder.new(cryptofile).tap(&:validate!)
26
29
  end
27
30
  end
28
31
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cryptoform
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gleb Sinyavskiy
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-07-14 00:00:00.000000000 Z
11
+ date: 2024-07-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: base64
@@ -81,19 +81,19 @@ dependencies:
81
81
  - !ruby/object:Gem::Version
82
82
  version: '4.0'
83
83
  - !ruby/object:Gem::Dependency
84
- name: webrick
84
+ name: thor
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: '1.8'
89
+ version: '1.3'
90
90
  type: :runtime
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: '1.8'
96
+ version: '1.3'
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: zeitwerk
99
99
  requirement: !ruby/object:Gem::Requirement
@@ -116,32 +116,20 @@ executables:
116
116
  extensions: []
117
117
  extra_rdoc_files: []
118
118
  files:
119
- - ".overcommit.yml"
120
- - ".rspec"
121
- - ".rubocop.yml"
122
- - ".tool-versions"
123
- - CODE_OF_CONDUCT.md
124
- - Cryptofile
125
- - Gemfile
126
- - Gemfile.lock
127
- - LICENSE.txt
128
119
  - README.md
129
- - Rakefile
120
+ - cryptoform.gemspec
130
121
  - exe/cryptoform
131
122
  - lib/cryptoform.rb
132
- - lib/cryptoform/application.rb
133
123
  - lib/cryptoform/config/builder.rb
134
124
  - lib/cryptoform/config/state_config_builder.rb
125
+ - lib/cryptoform/config_generator.rb
135
126
  - lib/cryptoform/encryption_backends/backend.rb
127
+ - lib/cryptoform/encryption_backends/diff_lockbox.rb
136
128
  - lib/cryptoform/encryption_backends/lockbox.rb
137
129
  - lib/cryptoform/server.rb
138
130
  - lib/cryptoform/storage_backends/backend.rb
139
131
  - lib/cryptoform/storage_backends/file.rb
140
132
  - lib/cryptoform/version.rb
141
- - terraform/.terraform.lock.hcl
142
- - terraform/backend.tf
143
- - terraform/data.tf
144
- - terraform/providers.tf
145
133
  homepage: https://github.com/zhulik/cryptoform
146
134
  licenses:
147
135
  - MIT
@@ -165,7 +153,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
165
153
  - !ruby/object:Gem::Version
166
154
  version: '0'
167
155
  requirements: []
168
- rubygems_version: 3.5.11
156
+ rubygems_version: 3.4.19
169
157
  signing_key:
170
158
  specification_version: 4
171
159
  summary: Save your encypted terraform state in git.
data/.overcommit.yml DELETED
@@ -1,4 +0,0 @@
1
- PreCommit:
2
- RuboCop:
3
- enabled: true
4
- on_warn: fail # Treat all warnings as failures
data/.rspec DELETED
@@ -1,3 +0,0 @@
1
- --format documentation
2
- --color
3
- --require spec_helper
data/.rubocop.yml DELETED
@@ -1,59 +0,0 @@
1
- AllCops:
2
- TargetRubyVersion: 3.2
3
- NewCops: enable
4
- SuggestExtensions: true
5
-
6
- Include:
7
- - spec/**/*.rb
8
- - lib/**/*.rb
9
-
10
- Exclude:
11
- - vendor/**/*
12
-
13
- require:
14
- - rubocop-performance
15
- - rubocop-rspec
16
- - rubocop-rake
17
- - rubocop-disable_syntax
18
-
19
- Style/DisableSyntax:
20
- DisableSyntax:
21
- - endless_methods
22
-
23
- Layout/LineLength:
24
- Max: 120
25
-
26
- Metrics/BlockLength:
27
- Exclude:
28
- - spec/**/*_spec.rb
29
- - "*.gemspec"
30
-
31
- RSpec/NamedSubject:
32
- Enabled: false
33
-
34
- Style/StringLiterals:
35
- Enabled: true
36
- EnforcedStyle: double_quotes
37
-
38
- Style/StringLiteralsInInterpolation:
39
- Enabled: true
40
- EnforcedStyle: double_quotes
41
-
42
- Style/Documentation:
43
- Enabled: false
44
-
45
- Style/SymbolArray:
46
- EnforcedStyle: brackets
47
-
48
- Style/WordArray:
49
- EnforcedStyle: brackets
50
-
51
- Style/ClassAndModuleChildren:
52
- EnforcedStyle: compact
53
-
54
- Style/NumberedParametersLimit:
55
- Max: 2
56
-
57
- Naming/FileName:
58
- Exclude:
59
- - cryptoform
data/.tool-versions DELETED
@@ -1,2 +0,0 @@
1
- ruby 3.2.4
2
- terraform 1.9.2
data/CODE_OF_CONDUCT.md DELETED
@@ -1,84 +0,0 @@
1
- # Contributor Covenant Code of Conduct
2
-
3
- ## Our Pledge
4
-
5
- We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.
6
-
7
- We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
8
-
9
- ## Our Standards
10
-
11
- Examples of behavior that contributes to a positive environment for our community include:
12
-
13
- * Demonstrating empathy and kindness toward other people
14
- * Being respectful of differing opinions, viewpoints, and experiences
15
- * Giving and gracefully accepting constructive feedback
16
- * Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
17
- * Focusing on what is best not just for us as individuals, but for the overall community
18
-
19
- Examples of unacceptable behavior include:
20
-
21
- * The use of sexualized language or imagery, and sexual attention or
22
- advances of any kind
23
- * Trolling, insulting or derogatory comments, and personal or political attacks
24
- * Public or private harassment
25
- * Publishing others' private information, such as a physical or email
26
- address, without their explicit permission
27
- * Other conduct which could reasonably be considered inappropriate in a
28
- professional setting
29
-
30
- ## Enforcement Responsibilities
31
-
32
- Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.
33
-
34
- Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate.
35
-
36
- ## Scope
37
-
38
- This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
39
-
40
- ## Enforcement
41
-
42
- Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at zhulik.gleb@gmail.com. All complaints will be reviewed and investigated promptly and fairly.
43
-
44
- All community leaders are obligated to respect the privacy and security of the reporter of any incident.
45
-
46
- ## Enforcement Guidelines
47
-
48
- Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct:
49
-
50
- ### 1. Correction
51
-
52
- **Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.
53
-
54
- **Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested.
55
-
56
- ### 2. Warning
57
-
58
- **Community Impact**: A violation through a single incident or series of actions.
59
-
60
- **Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban.
61
-
62
- ### 3. Temporary Ban
63
-
64
- **Community Impact**: A serious violation of community standards, including sustained inappropriate behavior.
65
-
66
- **Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.
67
-
68
- ### 4. Permanent Ban
69
-
70
- **Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.
71
-
72
- **Consequence**: A permanent ban from any sort of public interaction within the community.
73
-
74
- ## Attribution
75
-
76
- This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.0,
77
- available at https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
78
-
79
- Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity).
80
-
81
- [homepage]: https://www.contributor-covenant.org
82
-
83
- For answers to common questions about this code of conduct, see the FAQ at
84
- https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations.
data/Cryptofile DELETED
@@ -1,8 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- port 3000
4
-
5
- state :state do
6
- storage_backend :file
7
- encryption_backend :lockbox, key: -> { ENV.fetch("CRYPTOFORM_KEY") }
8
- end
data/Gemfile DELETED
@@ -1,18 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- source "https://rubygems.org"
4
-
5
- # Specify your gem's dependencies in cryptoform.gemspec
6
- gemspec
7
-
8
- gem "overcommit"
9
- gem "rake"
10
- gem "rspec"
11
- gem "simplecov"
12
- gem "solargraph"
13
-
14
- gem "rubocop"
15
- gem "rubocop-performance"
16
- gem "rubocop-rake"
17
- gem "rubocop-rspec"
18
- gem 'rubocop-disable_syntax'
data/Gemfile.lock DELETED
@@ -1,165 +0,0 @@
1
- PATH
2
- remote: .
3
- specs:
4
- cryptoform (0.4.0)
5
- base64 (~> 0.2)
6
- lockbox (~> 1.3)
7
- rackup (~> 2.1)
8
- sinatra (~> 4.0)
9
- sinatra-contrib (~> 4.0)
10
- webrick (~> 1.8)
11
- zeitwerk (~> 2.6)
12
-
13
- GEM
14
- remote: https://rubygems.org/
15
- specs:
16
- ast (2.4.2)
17
- backport (1.2.0)
18
- base64 (0.2.0)
19
- benchmark (0.3.0)
20
- childprocess (5.0.0)
21
- diff-lcs (1.5.1)
22
- docile (1.4.0)
23
- e2mmap (0.1.0)
24
- iniparse (1.5.0)
25
- jaro_winkler (1.6.0)
26
- json (2.7.2)
27
- kramdown (2.4.0)
28
- rexml
29
- kramdown-parser-gfm (1.1.0)
30
- kramdown (~> 2.0)
31
- language_server-protocol (3.17.0.3)
32
- lockbox (1.3.3)
33
- mini_portile2 (2.8.7)
34
- multi_json (1.15.0)
35
- mustermann (3.0.0)
36
- ruby2_keywords (~> 0.0.1)
37
- nokogiri (1.16.6)
38
- mini_portile2 (~> 2.8.2)
39
- racc (~> 1.4)
40
- nokogiri (1.16.6-x86_64-linux)
41
- racc (~> 1.4)
42
- overcommit (0.63.0)
43
- childprocess (>= 0.6.3, < 6)
44
- iniparse (~> 1.4)
45
- rexml (~> 3.2)
46
- parallel (1.25.1)
47
- parser (3.3.4.0)
48
- ast (~> 2.4.1)
49
- racc
50
- racc (1.8.0)
51
- rack (3.1.7)
52
- rack-protection (4.0.0)
53
- base64 (>= 0.1.0)
54
- rack (>= 3.0.0, < 4)
55
- rack-session (2.0.0)
56
- rack (>= 3.0.0)
57
- rackup (2.1.0)
58
- rack (>= 3)
59
- webrick (~> 1.8)
60
- rainbow (3.1.1)
61
- rake (13.2.1)
62
- rbs (2.8.4)
63
- regexp_parser (2.9.2)
64
- reverse_markdown (2.1.1)
65
- nokogiri
66
- rexml (3.3.1)
67
- strscan
68
- rspec (3.13.0)
69
- rspec-core (~> 3.13.0)
70
- rspec-expectations (~> 3.13.0)
71
- rspec-mocks (~> 3.13.0)
72
- rspec-core (3.13.0)
73
- rspec-support (~> 3.13.0)
74
- rspec-expectations (3.13.1)
75
- diff-lcs (>= 1.2.0, < 2.0)
76
- rspec-support (~> 3.13.0)
77
- rspec-mocks (3.13.1)
78
- diff-lcs (>= 1.2.0, < 2.0)
79
- rspec-support (~> 3.13.0)
80
- rspec-support (3.13.1)
81
- rubocop (1.65.0)
82
- json (~> 2.3)
83
- language_server-protocol (>= 3.17.0)
84
- parallel (~> 1.10)
85
- parser (>= 3.3.0.2)
86
- rainbow (>= 2.2.2, < 4.0)
87
- regexp_parser (>= 2.4, < 3.0)
88
- rexml (>= 3.2.5, < 4.0)
89
- rubocop-ast (>= 1.31.1, < 2.0)
90
- ruby-progressbar (~> 1.7)
91
- unicode-display_width (>= 2.4.0, < 3.0)
92
- rubocop-ast (1.31.3)
93
- parser (>= 3.3.1.0)
94
- rubocop-disable_syntax (0.1.1)
95
- rubocop (>= 1.50)
96
- rubocop-performance (1.21.1)
97
- rubocop (>= 1.48.1, < 2.0)
98
- rubocop-ast (>= 1.31.1, < 2.0)
99
- rubocop-rake (0.6.0)
100
- rubocop (~> 1.0)
101
- rubocop-rspec (3.0.3)
102
- rubocop (~> 1.61)
103
- ruby-progressbar (1.13.0)
104
- ruby2_keywords (0.0.5)
105
- simplecov (0.22.0)
106
- docile (~> 1.1)
107
- simplecov-html (~> 0.11)
108
- simplecov_json_formatter (~> 0.1)
109
- simplecov-html (0.12.3)
110
- simplecov_json_formatter (0.1.4)
111
- sinatra (4.0.0)
112
- mustermann (~> 3.0)
113
- rack (>= 3.0.0, < 4)
114
- rack-protection (= 4.0.0)
115
- rack-session (>= 2.0.0, < 3)
116
- tilt (~> 2.0)
117
- sinatra-contrib (4.0.0)
118
- multi_json (>= 0.0.2)
119
- mustermann (~> 3.0)
120
- rack-protection (= 4.0.0)
121
- sinatra (= 4.0.0)
122
- tilt (~> 2.0)
123
- solargraph (0.50.0)
124
- backport (~> 1.2)
125
- benchmark
126
- bundler (~> 2.0)
127
- diff-lcs (~> 1.4)
128
- e2mmap
129
- jaro_winkler (~> 1.5)
130
- kramdown (~> 2.3)
131
- kramdown-parser-gfm (~> 1.1)
132
- parser (~> 3.0)
133
- rbs (~> 2.0)
134
- reverse_markdown (~> 2.0)
135
- rubocop (~> 1.38)
136
- thor (~> 1.0)
137
- tilt (~> 2.0)
138
- yard (~> 0.9, >= 0.9.24)
139
- strscan (3.1.0)
140
- thor (1.3.1)
141
- tilt (2.4.0)
142
- unicode-display_width (2.5.0)
143
- webrick (1.8.1)
144
- yard (0.9.36)
145
- zeitwerk (2.6.16)
146
-
147
- PLATFORMS
148
- ruby
149
- x86_64-linux
150
-
151
- DEPENDENCIES
152
- cryptoform!
153
- overcommit
154
- rake
155
- rspec
156
- rubocop
157
- rubocop-disable_syntax
158
- rubocop-performance
159
- rubocop-rake
160
- rubocop-rspec
161
- simplecov
162
- solargraph
163
-
164
- BUNDLED WITH
165
- 2.5.11
data/LICENSE.txt DELETED
@@ -1,21 +0,0 @@
1
- The MIT License (MIT)
2
-
3
- Copyright (c) 2024 Gleb Sinyavskiy
4
-
5
- Permission is hereby granted, free of charge, to any person obtaining a copy
6
- of this software and associated documentation files (the "Software"), to deal
7
- in the Software without restriction, including without limitation the rights
8
- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
- copies of the Software, and to permit persons to whom the Software is
10
- furnished to do so, subject to the following conditions:
11
-
12
- The above copyright notice and this permission notice shall be included in
13
- all copies or substantial portions of the Software.
14
-
15
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
- THE SOFTWARE.
data/Rakefile DELETED
@@ -1,12 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "bundler/gem_tasks"
4
- require "rspec/core/rake_task"
5
-
6
- RSpec::Core::RakeTask.new(:spec)
7
-
8
- require "rubocop/rake_task"
9
-
10
- RuboCop::RakeTask.new
11
-
12
- task default: %i[spec rubocop]
@@ -1,38 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class Cryptoform::Application < Sinatra::Application
4
- set :show_exceptions, false
5
-
6
- def initialize(config)
7
- super
8
- @states = config.states
9
- end
10
-
11
- get "/states/:name" do
12
- state = state_config.encryption_backend.decrypt(state_config.storage_backend.read)
13
- json(state)
14
- end
15
-
16
- post "/states/:name" do
17
- state = JSON.parse(request.body.read)
18
- state_config.storage_backend.write(state_config.encryption_backend.encrypt(state))
19
- json(state)
20
- end
21
-
22
- error Cryptoform::StateMissingError do |e|
23
- status 404
24
- json(error: e.message)
25
- end
26
-
27
- error Sinatra::NotFound do |e|
28
- status 404
29
- json(error: e.message)
30
- end
31
-
32
- private
33
-
34
- def state_config
35
- name = params[:name].to_sym
36
- @states[name] || raise(Sinatra::NotFound, "state #{name} is not configured in Cryptofile")
37
- end
38
- end
@@ -1,21 +0,0 @@
1
- # This file is maintained automatically by "terraform init".
2
- # Manual edits may be lost in future updates.
3
-
4
- provider "registry.terraform.io/hashicorp/random" {
5
- version = "3.6.2"
6
- hashes = [
7
- "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=",
8
- "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec",
9
- "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53",
10
- "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114",
11
- "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad",
12
- "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b",
13
- "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916",
14
- "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6",
15
- "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
16
- "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150",
17
- "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544",
18
- "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7",
19
- "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af",
20
- ]
21
- }
data/terraform/backend.tf DELETED
@@ -1,5 +0,0 @@
1
- terraform {
2
- backend "http" {
3
- address = "http://127.0.0.1:3000/states/state"
4
- }
5
- }
data/terraform/data.tf DELETED
@@ -1,3 +0,0 @@
1
- resource "random_password" "password" {
2
- length = 20
3
- }
@@ -1,3 +0,0 @@
1
- terraform {
2
- required_version = "1.9.2"
3
- }