heirloom 0.9.0 → 0.10.0

data/lib/heirloom/exceptions.rb

@@ -0,0 +1,11 @@
+module Stackster
+  module Exceptions
+    class Base < RuntimeError
+      attr_accessor :message
+
+      def initialize(message="")
+        @message = message
+      end
+    end
+  end
+end

data/lib/heirloom/uploader/s3.rb

@@ -9,48 +9,59 @@ module Heirloom
       end
 
       def upload_file(args)
-        bucket = args[:bucket]
-        file = args[:file]
-        id = args[:id]
-        key_name = args[:key_name]
-        key_folder = args[:key_folder]
-        name = args[:name]
+        bucket          = args[:bucket]
+        file            = args[:file]
+        id              = args[:id]
+        key_name        = args[:key_name]
+        key_folder      = args[:key_folder]
+        name            = args[:name]
         public_readable = args[:public_readable]
 
+        body      = File.open file
         s3_bucket = s3.get_bucket bucket
 
         @logger.info "Uploading s3://#{bucket}/#{key_folder}/#{key_name}"
 
         s3_bucket.files.create :key    => "#{key_folder}/#{key_name}",
-                               :body   => File.open(file),
+                               :body   => body,
                                :public => public_readable
+        @logger.warn "File is readable by entire Internet." if public_readable
 
-        @logger.info "File is readable by the public internet." if public_readable
+        body.close
       end
 
       def add_endpoint_attributes(args)
-        bucket = args[:bucket]
-        id = args[:id]
-        name = args[:name]
-        domain = "heirloom_#{name}"
+        bucket     = args[:bucket]
+        id         = args[:id]
+        name       = args[:name]
+        key_name   = args[:key_name]
+
+        domain     = "heirloom_#{name}"
         key_folder = name
-        key_name = "#{id}.tar.gz"
+        endpoint   = endpoints[@region]
 
-        s3_endpoint = "s3://#{bucket}/#{key_folder}/#{key_name}"
-        http_endpoint = "http://#{endpoints[@region]}/#{bucket}/#{key_folder}/#{key_name}"
-        https_endpoint = "https://#{endpoints[@region]}/#{bucket}/#{key_folder}/#{key_name}"
+        path = "#{bucket}/#{key_folder}/#{key_name}"
 
-        sdb.put_attributes domain, id, { "#{@region}-s3-url" => s3_endpoint }
-        @logger.info "Adding attribute #{s3_endpoint}."
+        end_point_attributes(path).each_pair do |key, value|
+          add_endpoint_attribute domain, id, key, value
+        end
+      end
 
-        sdb.put_attributes domain, id, { "#{@region}-http-url" => http_endpoint }
-        @logger.debug "Adding attribute #{http_endpoint}."
+      private
 
-        sdb.put_attributes domain, id, { "#{@region}-https-url" => https_endpoint }
-        @logger.debug "Adding attribute #{https_endpoint}."
+      def end_point_attributes(path)
+        {
+          "#{@region}-s3-url"    => "s3://#{path}",
+          "#{@region}-http-url"  => "http://#{endpoints[@region]}/#{path}",
+          "#{@region}-https-url" => "https://#{endpoints[@region]}/#{path}"
+        }
       end
 
-      private
+      def add_endpoint_attribute(domain, id, key, value)
+        sdb.put_attributes domain, id, { key => value }
+        @logger.debug "Adding tag #{key}."
+        @logger.debug "Adding tag #{value}."
+      end
 
       def endpoints
         {

data/lib/heirloom/utils.rb

@@ -0,0 +1 @@
+require 'heirloom/utils/file'

data/lib/heirloom/utils/file.rb

@@ -0,0 +1,30 @@
+module Heirloom
+  module Utils
+    module File
+
+      def which(cmd)
+        exts = pathext ? pathext.split(';') : ['']
+        path.split(path_separator).each do |path|
+          exts.each { |ext|
+            exe = "#{path}/#{cmd}#{ext}"
+            return exe if ::File.executable? exe
+          }
+        end
+        return nil
+      end
+
+      def path_separator
+        ::File::PATH_SEPARATOR
+      end
+
+      def path
+        ENV['PATH']
+      end
+
+      def pathext
+        ENV['PATHEXT']
+      end
+
+    end
+  end
+end

data/lib/heirloom/version.rb

@@ -1,3 +1,3 @@
 module Heirloom
-  VERSION = "0.9.0"
+  VERSION = "0.10.0"
 end

data/spec/acl/s3_spec.rb

@@ -29,7 +29,7 @@ describe Heirloom do
             with("bucket", "key-folder/key.tar.gz", {"Owner"=>{"DisplayName"=>"Brett", "ID"=>"123"}, "AccessControlList"=>[{"Grantee"=>{"EmailAddress"=>"acct1@test.com"}, "Permission"=>"READ"}, {"Grantee"=>{"EmailAddress"=>"acct2@test.com"}, "Permission"=>"READ"}, {"Grantee"=>{"DisplayName"=>"Brett", "ID"=>"123"}, "Permission"=>"FULL_CONTROL"}]})
 
     @s3.allow_read_access_from_accounts :bucket     => 'bucket', 
-                                        :key_name   => 'key',
+                                        :key_name   => 'key.tar.gz',
                                         :key_folder => 'key-folder',
                                         :accounts   => ['acct1@test.com', 'acct2@test.com']
   end

data/spec/archive/authorizer_spec.rb

@@ -3,28 +3,40 @@ require 'spec_helper'
 describe Heirloom do
 
     before do
-      @config_mock = double('config')
-      @logger_mock = double('logger')
+      @config_mock = mock 'config'
+      @logger_mock = mock 'logger'
       @logger_mock.stub :info => true, :debug => true
       @config_mock.should_receive(:logger).and_return(@logger_mock)
       @authorizer = Heirloom::Authorizer.new :config => @config_mock,
                                              :name   => 'tim',
-                                             :id     => '123'
+                                             :id     => '123.tar.gz'
     end
 
     it "should authorize access to an archive in all regions" do
-      reader = double
-      s3_acl = double
-      accounts = [ "test@a.com", "a@test.com", "test@test.co", "test@test.co.uk" ]
-      @authorizer.should_receive(:reader).exactly(2).times.
-                  and_return(reader)
-      reader.should_receive(:get_bucket).exactly(2).times.
+      s3_acl_mock = mock 's3 acl'
+      reader_mock = mock 'reader mock'
+      reader_mock.stub :key_name => '123.tar.gz'
+      reader_mock.should_receive(:get_bucket).exactly(2).times.
                       and_return('the-bucket')
-      Heirloom::ACL::S3.should_receive(:new).exactly(2).
-                        times.and_return(s3_acl)
-      s3_acl.should_receive(:allow_read_access_from_accounts).
+
+      accounts = [ "test@a.com", "a@test.com", "test@test.co", "test@test.co.uk" ]
+
+      Heirloom::Reader.should_receive(:new).
+                       with(:config => @config_mock,
+                            :name   => 'tim',
+                            :id     => '123.tar.gz').
+                       and_return reader_mock
+      Heirloom::ACL::S3.should_receive(:new).
+                        with(:config => @config_mock,
+                             :region   => 'us-west-1').
+                        and_return s3_acl_mock
+      Heirloom::ACL::S3.should_receive(:new).
+                        with(:config => @config_mock,
+                             :region   => 'us-west-2').
+                        and_return s3_acl_mock
+      s3_acl_mock.should_receive(:allow_read_access_from_accounts).
              exactly(2).times.
-             with(:key_name   => '123',
+             with(:key_name   => '123.tar.gz',
                   :key_folder => 'tim',
                   :bucket     => 'the-bucket',
                   :accounts   => accounts)

data/spec/archive/destroyer_spec.rb

@@ -17,7 +17,7 @@ describe Heirloom do
       @reader_mock.should_receive(:get_bucket).
                   with(:region => 'us-west-1').
                   and_return 'bucket-us-west-1'
-
+      @reader_mock.stub :key_name => '123.tar.gz'
 
       @s3_destroyer_mock = mock 's3 destroyer'
       Heirloom::Destroyer::S3.should_receive(:new).

data/spec/archive/downloader_spec.rb

@@ -85,7 +85,7 @@ describe Heirloom do
     before do
       @s3_downloader_mock.should_receive(:download_file).
                           with(:bucket => 'bucket-us-west-1',
-                               :key    => 'tim/123.tar.gz').
+                               :key    => 'tim/123.tar.gz.gpg').
                           and_return 'encrypted_data'
       Heirloom::Cipher::Data.should_receive(:new).
                              with(:config => @config_mock).
@@ -136,10 +136,10 @@ describe Heirloom do
       end
 
       it "should return false if the decrypt_data returns false" do
-        @downloader.download(:region      => 'us-west-1',
+        @downloader.download(:region        => 'us-west-1',
                              :bucket_prefix => 'bucket',
-                             :extract     => false,
-                             :secret      => 'badsecret').should be_false
+                             :extract       => false,
+                             :secret        => 'badsecret').should be_false
       end 
 
     end

data/spec/archive/reader_spec.rb

@@ -52,7 +52,7 @@ describe Heirloom do
                 with("select * from `heirloom_tim` where itemName() = '123'").
                 and_return( { '123' => 
                               { 'us-west-1-s3-url' => 
-                                [ 's3://the-bucket/the-buck/the-key' ]  
+                                [ 's3://the-bucket/the-name/123.tar.gz' ]  
                               }
                             } )
       @reader.get_bucket(:region => 'us-west-1').should == 'the-bucket'
@@ -80,10 +80,24 @@ describe Heirloom do
                 with("select * from `heirloom_tim` where itemName() = '123'").
                 and_return( { '123' => 
                               { 'us-west-1-s3-url' => 
-                                ['s3://the-url/the-bucket/the-key'] 
+                                ['s3://the-url/the-bucket/123.tar.gz'] 
                               }
                             } )
-      @reader.get_key(:region => 'us-west-1').should == 'the-bucket/the-key'
+      @reader.get_key(:region => 'us-west-1').should == 'the-bucket/123.tar.gz'
+    end
+
+    it "should return the encrypted key name" do
+      @sdb_mock.should_receive(:select).
+                with("select * from `heirloom_tim` where itemName() = '123'").
+                and_return( { '123' => { 'encrypted' => [ 'true' ] } } )
+      @reader.key_name.should == '123.tar.gz.gpg'
+    end
+
+    it "should return the unencrypted key name" do
+      @sdb_mock.should_receive(:select).
+                with("select * from `heirloom_tim` where itemName() = '123'").
+                and_return( { '123' => { 'encrypted' => [ 'false' ] } } )
+      @reader.key_name.should == '123.tar.gz'
     end
 
     it "should return the regions the archive has been uploaded to" do
@@ -92,11 +106,11 @@ describe Heirloom do
                 with("select * from `heirloom_tim` where itemName() = '123'").
                 and_return( { '123' => 
                               { 'us-west-1-s3-url' => 
-                                ['s3://the-url-us-west-1/the-bucket/the-key'],
+                                ['s3://the-url-us-west-1/the-bucket/123.tar.gz'],
                                 'build_by' => 
                                 ['user'], 
                                 'us-east-1-s3-url' => 
-                                ['s3://the-url-us-east-1/the-bucket/the-key'] 
+                                ['s3://the-url-us-east-1/the-bucket/123.tar.gz'] 
                               }
                             } )
       @reader.regions.should == ['us-west-1', 'us-east-1']

data/spec/archive/uploader_spec.rb

@@ -3,38 +3,65 @@ require 'spec_helper'
 describe Heirloom do
 
   before do
-    @config_mock = double 'config'
-    @logger_mock = double 'logger'
-    @config_mock.should_receive(:logger).and_return(@logger_mock)
+    @config_mock = mock 'config'
+    @logger_stub = stub 'logger', :info => true
+    @config_mock.stub :logger => @logger_stub
     @uploader = Heirloom::Uploader.new :config => @config_mock,
                                        :name   => 'tim',
                                        :id     => '123'
+    @s3_mock = mock 's3'
   end
 
   it "should upload a new archive" do
-    s3_mock = mock 's3'
     Heirloom::Uploader::S3.should_receive(:new).
                            with(:config => @config_mock,
-                                :logger => @logger_mock,
+                                :logger => @logger_stub,
                                 :region => 'us-west-1').
-                           and_return s3_mock
-    s3_mock.should_receive(:upload_file).
-            with(:bucket          => 'prefix-us-west-1',
-                 :file            => '/tmp/file',
-                 :id              => '123',
-                 :key_folder      => 'tim',
-                 :key_name        => "123.tar.gz",
-                 :name            => 'tim',
-                 :public_readable => true)
-    s3_mock.should_receive(:add_endpoint_attributes).
-            with(:bucket => 'prefix-us-west-1',
-                 :id     => '123',
-                 :name   => 'tim')
-    @logger_mock.should_receive(:info)
+                           and_return @s3_mock
+    @s3_mock.should_receive(:upload_file).
+             with(:bucket          => 'prefix-us-west-1',
+                  :file            => '/tmp/file',
+                  :id              => '123',
+                  :key_folder      => 'tim',
+                  :key_name        => "123.tar.gz",
+                  :name            => 'tim',
+                  :public_readable => true)
+    @s3_mock.should_receive(:add_endpoint_attributes).
+             with(:bucket   => 'prefix-us-west-1',
+                  :id       => '123',
+                  :key_name => '123.tar.gz',
+                  :name     => 'tim')
     @uploader.upload :file            => '/tmp/file',
                      :bucket_prefix   => 'prefix',
                      :regions         => ['us-west-1'],
-                     :public_readable => true
+                     :public_readable => true,
+                     :secret          => nil
+  end
+
+  it "should upload a new archive with .gpg if secret provided" do
+    Heirloom::Uploader::S3.should_receive(:new).
+                           with(:config => @config_mock,
+                                :logger => @logger_stub,
+                                :region => 'us-west-1').
+                           and_return @s3_mock
+    @s3_mock.should_receive(:upload_file).
+             with(:bucket          => 'prefix-us-west-1',
+                  :file            => '/tmp/file',
+                  :id              => '123',
+                  :key_folder      => 'tim',
+                  :key_name        => "123.tar.gz.gpg",
+                  :name            => 'tim',
+                  :public_readable => true)
+    @s3_mock.should_receive(:add_endpoint_attributes).
+             with(:bucket   => 'prefix-us-west-1',
+                  :id       => '123',
+                  :key_name => '123.tar.gz.gpg',
+                  :name     => 'tim')
+    @uploader.upload :file            => '/tmp/file',
+                     :bucket_prefix   => 'prefix',
+                     :regions         => ['us-west-1'],
+                     :public_readable => true,
+                     :secret          => 'secret12'
   end
 
 end

data/spec/cipher/data_spec.rb

@@ -2,54 +2,71 @@ require 'spec_helper'
 
 describe Heirloom do
   before do
+    @encrypted_file_mock = mock 'encrypted mock'
+    @decrypted_file_mock = mock 'decrypted mock'
+    @encrypted_file_mock.stub :path => '/tmp/enc'
+    @decrypted_file_mock.stub :path => '/tmp/dec',
+                              :read => 'plaintext'
     @logger_mock = mock 'logger', :info => true
-    @logger_mock.stub :info => true
+    @logger_mock.stub :info  => true,
+                      :debug => true
     @config_mock = mock 'config'
     @config_mock.stub :logger => @logger_mock
     @data = Heirloom::Cipher::Data.new :config => @config_mock
   end
 
-  context "with secret given" do
-    before do
-      @aes_mock = mock 'aes'
-      OpenSSL::Cipher::AES256.should_receive(:new).
-                              with(:CBC).and_return @aes_mock
-    end
+  context "when succesful" do
+    context "with secret given" do
+      it "should decrypt the given data" do
+        @data.should_receive(:which).with('gpg').and_return true
+        Tempfile.should_receive(:new).with('archive.tar.gz.gpg').
+                 and_return @encrypted_file_mock
+        Tempfile.should_receive(:new).with('archive.tar.gz').
+                 and_return @decrypted_file_mock
+        ::File.should_receive(:open).
+               with(@encrypted_file_mock,'w')
+        $?.stub :success? => true
 
-    it "should decrypt the given data" do
-      @aes_mock.should_receive(:decrypt)
-      @aes_mock.should_receive(:key=).with Digest::SHA256.hexdigest 'mysecret'
-      @aes_mock.should_receive(:iv=).with 'firstsixteenchar'
-      @aes_mock.should_receive(:update).with('crypteddata').and_return 'cleartext'
-      @aes_mock.stub :final => 'final'
-      @data.decrypt_data(:data => 'firstsixteencharcrypteddata',
-                         :secret => 'mysecret').
-            should == 'cleartextfinal'
+        command = 'gpg --batch --yes --cipher-algo AES256 --passphrase password --output /tmp/dec /tmp/enc 2>&1'
+        @data.should_receive(:`).with(command).and_return true
+        @data.decrypt_data(:data   => 'crypted',
+                           :secret => 'password').should == 'plaintext'
+      end
     end
 
-    it "should rescue bad key error and return false" do
-      @logger_mock.should_receive(:error).
-                   with "Unable to decrypt Heirloom: 'OpenSSL::Cipher::CipherError'"
-      @aes_mock.should_receive(:decrypt)
-      @aes_mock.should_receive(:key=).with Digest::SHA256.hexdigest 'badsecret'
-      @aes_mock.should_receive(:iv=).with 'firstsixteenchar'
-      @aes_mock.should_receive(:update).with('crypteddata').and_return 'crap'
-      @aes_mock.should_receive(:final).and_raise OpenSSL::Cipher::CipherError
-      @data.decrypt_data(:data => 'firstsixteencharcrypteddata',
-                         :secret => 'badsecret').
-            should be_false
+    context "no secret given" do
+      it "should return the data if no secret given" do
+        @data.decrypt_data(:data   => 'plaintext',
+                           :secret => nil).should == 'plaintext'
+      end
     end
-
   end
 
-  context "no secret given" do
-    before do
-      @data = Heirloom::Cipher::Data.new :config => @config_mock
-    end
+  context "when unsuccesful" do
+    context "with secret given" do
+      it "should return false if gpg not in path" do
+        @logger_mock.should_receive(:error)
+        @data.should_receive(:which).with('gpg').and_return false
+        @data.decrypt_data(:data   => 'crypted',
+                           :secret => 'password').should be_false
+      end
+
+      it "should return false if decrypted fails" do
+        @logger_mock.should_receive(:error)
+        @data.should_receive(:which).with('gpg').and_return true
+        Tempfile.should_receive(:new).with('archive.tar.gz.gpg').
+                 and_return @encrypted_file_mock
+        Tempfile.should_receive(:new).with('archive.tar.gz').
+                 and_return @decrypted_file_mock
+        ::File.should_receive(:open).
+               with(@encrypted_file_mock,'w')
+        $?.stub :success? => false
 
-    it "should return the data if no secret given" do
-      @data.decrypt_data(:data   => 'plaintext',
-                         :secret => nil).should == 'plaintext'
+        command = 'gpg --batch --yes --cipher-algo AES256 --passphrase password --output /tmp/dec /tmp/enc 2>&1'
+        @data.should_receive(:`).with(command).and_return true
+        @data.decrypt_data(:data   => 'crypted',
+                           :secret => 'password').should be_false
+      end
     end
   end