dice_bag 1.3.2 → 1.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5a746ff933e6fc286fb83e0773837318e7c5474305f134522becee1a7633062a
-  data.tar.gz: 2ef5740432f756bb865e9fd4b6ba16f4959ad9e907c8acbabb7f25cab78a50f4
+  metadata.gz: aad1fdaa143ede5c607a8ea0c451252da996e6d783a895ed742ee6c6b82b1001
+  data.tar.gz: 52802ac8af7acc21bcddcb86b246860bb05e9274be8bef54c9ccedffadfe670d
 SHA512:
-  metadata.gz: bdefa0ab34fafe43c4be1c1e0de92ef4623ace5004bbb271c5da49a0c245299e3422c5d110411227654c1854485f6b561433527641f5e3bdd97bb46fb963a498
-  data.tar.gz: c3904fd8f758752bbb2ebd572f7a0b99814ed91c5d52ffc0dc35a020d7e6ae41bd2fc5d4d0b01400d86a92aeab11a01a37e56fb3fdf23feb02ce409c45c6ff81
+  metadata.gz: 91dd8e76e891b52d9bb836f6b0da7a453f4f0aa182d63a0f2082e09260f6dd495d799ba62700f259d225233f676d2b6a8677981bf2de7653b8554b4fb911f030
+  data.tar.gz: d1947a678fef6d5f1c3855cead618c181593ac0a87f54fd6932609ba914ee904357d7acd450dd9b7fcea3c98ecc3351b43b426df890e6017357f54d1a1e2d601

data/CHANGELOG.md

@@ -0,0 +1,81 @@
+# 1.5.0
+* Add ability to generate and verify x509 certificates.
+
+# 1.4.1
+* Bundle extra files in the gem (MIT-LICENSE etc.).
+
+# 1.4.0
+* Allow thor 0.x and 1.x.
+
+# 1.3.4
+* Remove extra spaces from the database templates.
+
+# 1.3.3
+* Address a deprecation warning when using Rails 6.0.
+
+# 1.3.2
+* Gem specifies MIT license.
+
+# 1.3.1
+* Fix adapter name in the database.yml.dice template for PostgreSQL.
+
+# 1.3.0
+* Detect pg gem and generate database.yml.dice for PostgreSQL.
+
+# 1.2.3
+* Fix: Add missing newline after ruby warning message.
+
+# 1.2.2
+* Remove trailing space from the message generated by `<%= warning.as_yaml_comment %>`.
+
+# 1.2.1
+* Replaces `starts_with?` with `start_with?` to remove Rails dependency.
+
+# 1.2.0
+* Adds a `config:generate_from_gems` task to generate the templates from the specified gems only
+
+# 1.1.1
+* Updates the database.yml.dice file to not provide settings for test and development when
+ building in production.
+
+# 1.1.0
+* Removed the template for Newrelic.
+
+# 1.0.0
+* `config:generate_all` task allows user to choose an appropriate action when source and local templates are different.
+* `config:generate_all:force` allows user to generate templates in 'force mode' (replacing local templates with the source).
+
+# 0.9.0
+* Feature: Adding a bang (!) at the end of method names, will raise when the variable
+ is not found in production.
+* New relic template to use SSL by default
+
+# 0.8.0
+* Fix Template generation fails if the target directory is missing
+* Document that configuration files must not be loaded in Rails config/application.rb
+* Don't overwrite config files if user responds 'No' instead of just 'N'.
+* Omit .dice files in Bundler path or in dot-prefixed directories
+
+# 0.7.1
+* The ensure_is_private_key method now additionally supports RSA keys without spaces.
+
+# 0.7.0
+* New ensure_is_private_key helper method to process RSA private keys.
+* New config:deploy rake task to use for deployments, which overwrites config files without prompting.
+
+# 0.6.0
+* **Breaking change:** Only templates with the '.dice' extension are processed.
+* **Breaking change:** Local override via the '.local' extension has been removed.
+* Templates are processed in all directories.
+
+# 0.5.0
+* Generated templates should be committed to source control.
+* New '.dice' extension for templates.
+* Better testing infrastructure.
+* Plugins and rake task can specify custom location for templates.
+
+# 0.4.1
+* Fix: Templates are generated in 'config' directory for Rails projects.
+
+# 0.4.0
+* Initial open source release.

data/MIT-LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2012-2020 Medidata Solutions Worldwide
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,174 @@
+# DiceBag
+
+[![Build Status](https://travis-ci.org/mdsol/dice_bag.svg?branch=develop)](https://travis-ci.org/mdsol/dice_bag)
+[![Code Climate](https://codeclimate.com/github/mdsol/dice_bag.png)](https://codeclimate.com/github/mdsol/dice_bag)
+
+DiceBag is a library of rake tasks for configuring web apps in the style of [The
+Twelve-Factor App][1]. Configuration values are picked up from the environment
+and used to populate configuration files from templates. Pre-packaged templates
+for common configuration files are provided.
+
+Although Rails already supports ERB syntax for its YML configuration files, DiceBag will generate a final
+static file that will work without keeping your deployment environment variables in sync with your
+production environment variables. For security reasons, these environments may sometimes differ.
+
+Also DiceBag will work with any kind of text files, not only YML files. It can be very useful for
+ruby initializer files for instance.
+
+[1]: http://www.12factor.net/
+
+## Installation
+
+Add the following to your `Gemfile`:
+
+```ruby
+gem 'dice_bag'
+```
+
+If you are using these tasks outside of a Rails project, add the following to
+your `Rakefile` or wherever your local rake tasks are defined:
+
+```ruby
+require 'dice_bag/tasks'
+```
+
+Run the following command to see the new tasks:
+
+```
+[bundle exec] rake -T | grep "rake config"
+```
+
+## Create configuration files from templates
+
+When the rake "config" task is run, configuration files are populated for all
+ERB template files in the project that have a ".dice" extension. Configuration
+values from the environment are made available to the templates through the
+`configured` object.
+
+For example, take a "database.yml.dice" file containing this template:
+
+```erb
+development:
+  database: development
+  username: <%= configured.database_username || 'root' %>
+  password: <%= configured.database_password %>
+```
+
+Then running the following command:
+
+```
+DATABASE_USERNAME=alice DATABASE_PASSWORD=xyzzy [bundle exec] rake config
+```
+
+will generate a "database.yml" file with the following contents:
+
+```yaml
+development:
+  database: development
+  username: alice
+  password: xyzzy
+```
+
+See the [feature documentation][features] for further examples and
+functionality.
+
+[features]: https://www.relishapp.com/mdsol/dice-bag/docs
+
+As discussed in [The Twelve-Factor App section on configuration][2], do not
+commit your generated configuration files to source control. Instead, commit the
+templates to source control and then regenerate the configuration files at
+deployment time by running the rake `config:deploy` task.
+
+[2]: http://www.12factor.net/config
+
+
+### Ensuring variables are set in production
+
+It is a common pattern to use default information for development but to not
+ allow defaults in production, instead we want to always set up the environment variables
+in production.
+
+It is very easy to discover what variables have not been set in production using a bang after
+the variable name, for instance:
+```
+secret_key: <%= configured.secret_key_base! || 'any text is ok' %>
+```
+Will raise an explanatory error if we are using Rails, we are in production and the
+ variable SECRET_KEY_BASE is not set. In other environments will not care about it
+not being set and will use the default.
+
+
+### Generating the templates of given gems only
+
+`config:generate_all` will generate all the templates it can find. Since sometimes this behavior
+is not desirable you can use the `config:generate_from_gems` task to specify gem names:
+
+```
+[bundle exec] rake config:generate_from_gems gem1 gem2 gemN
+```
+
+will generate only the templates provided by `gem1`, `gem2` and `gemN`.
+
+To force-generate set the `DICEBAG_FORCE` environment variable to any value when running the task.
+
+
+## Generating the pre-packaged templates
+
+If the corresponding gems are installed, the following pre-packaged templates are provided:
+
+* mysql2 or pg: `database.yml.dice` for [Rails](https://github.com/rails/rails/)
+* aws-sdk: `aws.yml.dice`
+* dalli: `dalli.yml.dice`
+
+Run the following command to generate them:
+
+```
+[bundle exec] rake config:generate_all
+```
+
+This command provides options to compare changes between source and local templates, so new additions to the source templates can be safely added while preserving any project specific customization to local templates.
+
+Alternatively, to force generate templates (replacing existing local templates with the source), run the following:
+
+```
+[bundle exec] rake config:generate_all:force
+```
+
+
+As with your own templates, you should commit these pre-packaged templates to
+source control.
+
+You can customize these pre-packaged template to your needs but if the change is
+a generic fix or extension, please consider contributing it back to this project
+so that everyone benefits.
+
+### Defining your own pre-packaged templates
+
+If you want DiceBag to generate your own pre-packaged templates when you run the
+rake "config:generate_all" task, you can create a plug-in. Read the
+[templates.md](./templates.md) file to learn how to do this.
+
+## Troubleshooting
+
+### rake config fails in Rails project with file not found
+
+Due to rake running ``` config/application.rb ``` before kicking off a task,
+if ``` config/application.rb ``` loads any configuration files that dice_bag
+ must generate a 'file not found' error may occur.  Makes sense that a file
+  ``` rake config:generate_all ``` needs to create, does not exist before it has ran.
+
+Solution: Move any config loading that depends on files generated by dice_bag out of `application.rb` and into `config/initializers/*`.  Since the commands
+`rails server` or `rails console` etc. always run the initializers, moving the logic
+ here should be a safe bet.
+
+## Contributors
+
+* [Andrew Smith](https://github.com/asmith-mdsol)
+* [Jordi Carres](https://github.com/jcarres-mdsol)
+* [Dan Hoizner](https://github.com/dhoizner-mdsol)
+* [Aaron Weiner](https://github.com/HonoreDB)
+* [Luke Greene](https://github.com/lgreene-mdsol)
+* [Johnny Lo](https://github.com/jlo188)
+* [Connor Ross](https://github.com/cross311)
+* [Mathieu Jobin](https://github.com/mjobin-mdsol)
+

data/lib/dice_bag/private_key.rb

@@ -10,7 +10,7 @@ module DiceBag
       require "openssl"
 
       begin
-        OpenSSL::PKey::RSA.new @private_key
+        rsa_object
         true
       rescue => e
         puts "#{e.message}\n#{e.backtrace}"
@@ -25,6 +25,14 @@ module DiceBag
       @private_key = [HEADER, body, FOOTER].flatten.join("\n")
     end
 
+    def public_key
+      rsa_object.public_key
+    end
+
+    def rsa_object
+      @rsa_object ||= OpenSSL::PKey::RSA.new(@private_key)
+    end
+
     private
 
     HEADER = "-----BEGIN RSA PRIVATE KEY-----".freeze

data/lib/dice_bag/project.rb

@@ -3,9 +3,12 @@ module DiceBag
   class Project
     DEFAULT_NAME = "project"
 
+    # TODO: how to find the name of the project in non Rails apps?
     def self.name
-      # TODO: how to do find the name of the project in no-rails environments?
-      defined?(Rails) ? Rails.application.class.parent_name.downcase : DEFAULT_NAME
+      return DEFAULT_NAME unless defined?(Rails)
+
+      parent_name_method = Module.respond_to?(:module_parent_name) ? :module_parent_name : :parent_name
+      Rails.application.class.send(parent_name_method).downcase
     end
 
     def self.config_files(filename)

data/lib/dice_bag/template_helpers.rb

@@ -17,5 +17,57 @@ module DiceBag
         raise "The private key provided is invalid"
       end
     end
+
+    # Generates https://en.wikipedia.org/wiki/X.509 certificate, commonly used in authentication services
+    def generate_509_certificate(private_key, root_ca: nil, root_key: nil)
+      root_key ||= OpenSSL::PKey::RSA.new(2048) # the CA's public/private key
+      root_ca ||= default_root_ca(root_key)
+
+      cert = OpenSSL::X509::Certificate.new
+      cert.version = 2
+      cert.serial = 2
+      cert.subject = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Ruby certificate")
+      cert.issuer = root_ca.subject # root CA is the issuer
+      cert.public_key = PrivateKey.new(private_key.dup).public_key
+      cert.not_before = Time.now
+      cert.not_after = cert.not_before + 1 * 365 * 24 * 60 * 60 # 1 years validity
+      ef = OpenSSL::X509::ExtensionFactory.new
+      ef.subject_certificate = cert
+      ef.issuer_certificate = root_ca
+      cert.add_extension(ef.create_extension("keyUsage", "digitalSignature", true))
+      cert.add_extension(ef.create_extension("subjectKeyIdentifier", "hash", false))
+      cert.sign(root_key, OpenSSL::Digest::SHA256.new)
+      cert
+    end
+
+    # raw_cert: DER or PEM encoded certificate
+    def ensure_is_509_certificate(raw_cert)
+      certificate = OpenSSL::X509::Certificate.new(raw_cert)
+    rescue OpenSSL::X509::CertificateError
+      false
+    end
+
+    def default_root_ca(root_key)
+      @default_root_ca ||= generate_root_ca(root_key)
+    end
+
+    def generate_root_ca(root_key)
+      root_ca = OpenSSL::X509::Certificate.new
+      root_ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate
+      root_ca.serial = 1 # considered a security flaw for real certificates
+      root_ca.subject = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Ruby CA")
+      root_ca.issuer = root_ca.subject # root CA's are "self-signed"
+      root_ca.public_key = root_key.public_key
+      root_ca.not_before = Time.now
+      root_ca.not_after = root_ca.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity
+      ef = OpenSSL::X509::ExtensionFactory.new
+      ef.subject_certificate = root_ca
+      ef.issuer_certificate = root_ca
+      root_ca.add_extension(ef.create_extension("basicConstraints", "CA:TRUE", true))
+      root_ca.add_extension(ef.create_extension("keyUsage", "keyCertSign, cRLSign", true))
+      root_ca.add_extension(ef.create_extension("subjectKeyIdentifier", "hash", false))
+      root_ca.add_extension(ef.create_extension("authorityKeyIdentifier", "keyid:always", false))
+      root_ca.sign(root_key, OpenSSL::Digest::SHA256.new)
+    end
   end
 end

data/lib/dice_bag/templates/databases/mysql.yml.dice

@@ -12,8 +12,8 @@
   port: <%= configured[env].database_port || 3306 %>
   pool: <%= configured[env].database_pool || 5 %>
   timeout: <%= configured[env].database_timeout || 5000 %>
-  encoding:  <%= configured[env].database_encoding || 'utf8' %>
-  reconnect:  <%= configured[env].database_reconnect || false %>
+  encoding: <%= configured[env].database_encoding || 'utf8' %>
+  reconnect: <%= configured[env].database_reconnect || false %>
   <% db_cert = configured[env].database_ssl_cert %>
   <%= db_cert ? "sslca: #{db_cert}" : '' %>
 <% end %>

data/lib/dice_bag/templates/databases/postgres.yml.dice

@@ -12,8 +12,8 @@
   port: <%= configured[env].database_port || 5432 %>
   pool: <%= configured[env].database_pool || 5 %>
   timeout: <%= configured[env].database_timeout || 5000 %>
-  encoding:  <%= configured[env].database_encoding || 'unicode' %>
-  reconnect:  <%= configured[env].database_reconnect || false %>
+  encoding: <%= configured[env].database_encoding || 'unicode' %>
+  reconnect: <%= configured[env].database_reconnect || false %>
   <% db_cert = configured[env].database_ssl_cert %>
   <%= db_cert ? "sslca: #{db_cert}" : '' %>
 <% end %>

data/lib/dice_bag/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module DiceBag
-  VERSION = "1.3.2"
+  VERSION = "1.5.0"
 end

data/spec/command_spec.rb

@@ -8,5 +8,33 @@ describe DiceBag::Project do
     it "should give me a default name for non Rails apps" do
       expect(project.name).to eq(DiceBag::Project::DEFAULT_NAME)
     end
+
+    context "Rails app" do
+      let(:name) { "HelloService" }
+      let(:rails) { Class.new }
+      before { stub_const("Rails", rails) }
+
+      describe "Rails < 6.1" do
+        before do
+          allow(Module).to receive(:parent_name).and_return(name)
+          allow(rails).to receive_message_chain(:application, :class, :parent_name).and_return(name)
+        end
+
+        it "uses the :parent_name method" do
+          expect(project.name).to eq("helloservice")
+        end
+      end
+
+      describe "Rails >= 6.1" do
+        before do
+          allow(Module).to receive(:module_parent_name).and_return(name)
+          allow(rails).to receive_message_chain(:application, :class, :module_parent_name).and_return(name)
+        end
+
+        it "uses the :module_parent_name method" do
+          expect(project.name).to eq("helloservice")
+        end
+      end
+    end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dice_bag
 version: !ruby/object:Gem::Version
-  version: 1.3.2
+  version: 1.5.0
 platform: ruby
 authors:
 - Andrew Smith
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-08 00:00:00.000000000 Z
+date: 2020-11-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -29,16 +29,16 @@ dependencies:
   name: thor
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0.0'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0.0'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: diff-lcs
   requirement: !ruby/object:Gem::Requirement
@@ -103,6 +103,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- CHANGELOG.md
+- MIT-LICENSE
+- README.md
 - lib/dice_bag.rb
 - lib/dice_bag/available_templates.rb
 - lib/dice_bag/command.rb
@@ -128,10 +131,12 @@ files:
 - spec/command_spec.rb
 - spec/configuration_spec.rb
 - spec/spec_helper.rb
-homepage: https://github.com/mdsol/dice_bag
+homepage: 
 licenses:
 - MIT
-metadata: {}
+metadata:
+  homepage_uri: https://github.com/mdsol/dice_bag
+  changelog_uri: https://github.com/mdsol/dice_bag/blob/develop/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -140,21 +145,20 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: '2.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.6
 signing_key: 
 specification_version: 4
 summary: Dice Bag is a library of rake tasks for configuring web apps in the style
   of The Twelve-Factor App. It also provides continuous integration tasks that rely
   on the configuration tasks.
 test_files:
-- spec/spec_helper.rb
 - spec/configuration_spec.rb
+- spec/spec_helper.rb
 - spec/command_spec.rb