invar 0.8.0 → 0.9.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a4826c528fc5940bcc955a1fc762abc2b4800a30eb4ce5b34af0ea313dd990ab
-  data.tar.gz: f463ed247adc47ea89d7b6965cd427d21a98de125271b262541eb0703a792d62
+  metadata.gz: 2346259fc26689ffca5386f39e982de60dc9f2d9c03399f85023e05a47802f7a
+  data.tar.gz: b6e2cea0c52fd0b52eb833036844c03d3a714d83e0572dc5dcbb4ae083c61cf7
 SHA512:
-  metadata.gz: 6bbc1f4df04c3f4917a2cfcce611acde0859ccd74b412c0b9faa021770c4f01d246defb0131fc8052d0e2aeb40d904d40a043ecccb7a872f966b4a9264e812a3
-  data.tar.gz: 32a1754130909b04d488adb88b67e5efe193c2173103d9041338652026ef45a55b3e4fbaa49bed2863f8b5d0d70a257ace52b5bbff913236f4c82b4a90af06bf
+  metadata.gz: 1a9556b30d2c17fda9373551ecf6fffeaacabd35aa0e40bb883c78e8bd94642bf4bebbeea054b5f9a9681b0bb23b6ee8c30860afb732f94b9d7887e62e0c0c47
+  data.tar.gz: a80954a8dbfc4c42d3f57b94cb2830a8e598eda85cd95f37ff431a1ab2b253fa64d4c65f9aacba8cfa718f5b5f1082b05f78c0d1f97d2ae7bc58b4392c4e19f0

data/.simplecov

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+SimpleCov.start do
+   coverage_dir '.coverage'
+   enable_coverage :branch
+
+   root __dir__
+end

data/README.md

@@ -26,7 +26,8 @@ variables have some downsides:
 * Cannot be easily checked against a schema for early error detection
 * Ruby's core ENV does not accept symbols as keys (a minor nuisance, but it counts)
 
-> **Fun Fact:** Invar is named for an [alloy used in clockmaking](https://en.wikipedia.org/wiki/Invar) - it's short for "**invar**iable".
+> **Fun Fact:** Invar is named for an [alloy used in clockmaking](https://en.wikipedia.org/wiki/Invar) - it's short
+> for "**invar**iable".
 
 ### Features
 
@@ -216,6 +217,10 @@ To open the file your system's default text editor (eg. nano):
 
     bundle exec rake invar:config
 
+> **Automation tip** You can provide new content over STDIN
+>
+>     bundle exec rake invar:config < config_template.yml
+
 #### Edit Secrets File
 
 To edit the secrets file, run this and provide the file's encryption key:
@@ -223,7 +228,27 @@ To edit the secrets file, run this and provide the file's encryption key:
     bundle exec rake invar:secrets
 
 The file will be decrypted and opened in your default editor like the config file. Once you have exited the editor, it
-will be re-encrypted. Remember to save your changes!
+will be re-encrypted. **Remember to save your changes!**
+
+> **Automation tip** You can set the current encryption key in the `LOCKBOX_MASTER_KEY` environment variable:
+>
+>     LOCKBOX_MASTER_KEY=sooper_sekret_key_here bundle exec rake invar:secrets
+
+> **Automation tip** Like invar:config, you can provide new content over STDIN
+>
+>     bundle exec rake invar:secrets < secrets_template.yml
+
+#### Rotating the Secrets File Encryption Key
+
+To re-encrypt the secrets file, run this and provide the file's current encryption key:
+
+    bundle exec rake invar:rotate
+
+A new encryption key will be generated just like using `invar:init`.
+
+> **Automation tip** you can set the current encryption key in the `LOCKBOX_MASTER_KEY` environment variable:
+>
+>     LOCKBOX_MASTER_KEY=sooper_sekret_key_here bundle exec rake invar:rotate
 
 ### Code
 

data/RELEASE_NOTES.md

@@ -19,6 +19,36 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 * none
 
+## [0.9.1] - 2023-09-30
+
+### Major Changes
+
+* none
+
+### Minor Changes
+
+* none
+
+### Bugfixes
+
+* Improved handling of test-only methods when trying to access them via `#method`
+* Fixed TTY detection
+
+## [0.9.0] - 2023-09-24
+
+### Major Changes
+
+* none
+
+### Minor Changes
+
+* Added Rake task for secrets file key rotation
+* Added ability for invar:config and invar:secrets to take replacement content over `STDIN` instead of live editing
+
+### Bugfixes
+
+* none
+
 ## [0.8.0] - 2023-09-13
 
 ### Major Changes

data/lib/invar/private_file.rb

@@ -9,7 +9,7 @@ module Invar
    # Verifies a file is secure
    class PrivateFile
       extend Forwardable
-      def_delegators :@delegate_sd_obj, :stat, :to_s, :basename, :==, :chmod
+      def_delegators :@delegate_sd_obj, :stat, :to_s, :basename, :dirname, :extname, :==, :chmod, :rename, :write
 
       # Mask for limiting to the lowest three octal digits (which store permissions)
       PERMISSIONS_MASK = 0o777

data/lib/invar/rake/task/config.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require_relative 'namespaced'
+
+module Invar
+   module Rake
+      module Task
+         # Rake task handler for actions to do with configuration files
+         class ConfigFileHandler < NamespacedFileTask
+            # Creates a config file in the appropriate location
+            def create
+               config_dir.mkpath
+               file_path.write CONFIG_TEMPLATE
+               file_path.chmod 0o600
+
+               warn "Created file: #{ file_path }"
+            end
+
+            # Edits the existing config file in the appropriate location
+            def edit
+               content   = $stdin.stat.pipe? ? $stdin.read : nil
+               file_path = configs_file
+
+               if content
+                  file_path.write content
+               else
+                  system ENV.fetch('EDITOR', 'editor'), file_path.to_s, exception: true
+               end
+
+               warn "File saved to: #{ file_path }"
+            end
+
+            private
+
+            def configs_file
+               @locator.find 'config.yml'
+            rescue ::Invar::FileLocator::FileNotFoundError => e
+               warn <<~ERR
+                  Abort: #{ e.message }. Searched in: #{ @locator.search_paths.join(', ') }
+                  #{ CREATE_SUGGESTION }
+               ERR
+               exit 1
+            end
+
+            def filename
+               'config.yml'
+            end
+         end
+      end
+   end
+end

data/lib/invar/rake/task/namespaced.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require_relative '../tasks'
+
+module Invar
+   module Rake
+      module Task
+         # Abstract class for tasks that use a namespace for file searching
+         class NamespacedFileTask
+            def initialize(namespace)
+               @locator = FileLocator.new(namespace)
+            end
+
+            def file_path
+               config_dir / filename
+            end
+
+            private
+
+            def config_dir
+               @locator.search_paths.first
+            end
+         end
+      end
+   end
+end

data/lib/invar/rake/task/secrets.rb

@@ -0,0 +1,130 @@
+# frozen_string_literal: true
+
+require_relative 'namespaced'
+
+module Invar
+   module Rake
+      module Task
+         # Rake task handler for actions on the secrets file.
+         class SecretsFileHandler < NamespacedFileTask
+            # Instructions hint for how to handle secret keys.
+            SECRETS_INSTRUCTIONS = <<~INST
+               Generated key. Save this key to a secure password manager, you will need it to edit the secrets.yml file:
+            INST
+
+            SWAP_EXT = 'tmp'
+
+            # Creates a new encrypted secrets file and prints the generated encryption key to STDOUT
+            def create(content: SECRETS_TEMPLATE)
+               encryption_key = Lockbox.generate_key
+
+               write_encrypted_file(file_path,
+                                    encryption_key: encryption_key,
+                                    content:        content,
+                                    permissions:    PrivateFile::DEFAULT_PERMISSIONS)
+
+               warn SECRETS_INSTRUCTIONS
+               puts encryption_key
+            end
+
+            # Updates the file with new content.
+            #
+            # Either the content is provided over STDIN or the default editor is opened with the decrypted contents of
+            # the secrets file. After closing the editor, the file will be updated with the new encrypted contents.
+            def edit
+               content = $stdin.stat.pipe? ? $stdin.read : nil
+
+               edit_encrypted_file(secrets_file, content: content)
+
+               warn "File saved to #{ secrets_file }"
+            end
+
+            def rotate
+               file_path = secrets_file
+
+               decrypted = read_encrypted_file(file_path, encryption_key: determine_key(file_path))
+
+               swap_file = file_path.dirname / [file_path.basename, SWAP_EXT].join('.')
+               file_path.rename swap_file
+
+               begin
+                  create content: decrypted
+                  swap_file.delete
+               rescue StandardError
+                  swap_file.rename file_path.to_s
+               end
+            end
+
+            private
+
+            def secrets_file
+               @locator.find 'secrets.yml'
+            rescue ::Invar::FileLocator::FileNotFoundError => e
+               warn <<~ERR
+                  Abort: #{ e.message }. Searched in: #{ @locator.search_paths.join(', ') }
+                  #{ CREATE_SUGGESTION }
+               ERR
+               exit 1
+            end
+
+            def filename
+               'secrets.yml'
+            end
+
+            def read_encrypted_file(file_path, encryption_key:)
+               lockbox = build_lockbox(encryption_key)
+               lockbox.decrypt(file_path.binread)
+            end
+
+            def write_encrypted_file(file_path, encryption_key:, content:, permissions: nil)
+               lockbox = build_lockbox(encryption_key)
+
+               encrypted_data = lockbox.encrypt(content)
+
+               config_dir.mkpath
+               # TODO: replace File.opens with photo_path.binwrite(uri.data) once FakeFS can handle it
+               File.open(file_path.to_s, 'wb') { |f| f.write encrypted_data }
+               file_path.chmod permissions if permissions
+
+               warn "Saved file: #{ file_path }"
+            end
+
+            def edit_encrypted_file(file_path, content: nil)
+               encryption_key = determine_key(file_path)
+
+               content ||= invoke_editor(file_path, encryption_key: encryption_key)
+
+               write_encrypted_file(file_path, encryption_key: encryption_key, content: content)
+            end
+
+            def invoke_editor(file_path, encryption_key:)
+               Tempfile.create(file_path.basename.to_s) do |tmp_file|
+                  decrypted = read_encrypted_file(file_path, encryption_key: encryption_key)
+
+                  tmp_file.write(decrypted)
+                  tmp_file.rewind # rewind needed because file does not get closed after write
+                  system ENV.fetch('EDITOR', 'editor'), tmp_file.path, exception: true
+                  tmp_file.read
+               end
+            end
+
+            def determine_key(file_path)
+               encryption_key = Lockbox.master_key
+
+               if encryption_key.nil? && $stdin.tty?
+                  warn "Enter master key to decrypt #{ file_path }:"
+                  encryption_key = $stdin.noecho(&:gets).strip
+               end
+
+               encryption_key
+            end
+
+            def build_lockbox(encryption_key)
+               Lockbox.new(key: encryption_key)
+            rescue ArgumentError => e
+               raise SecretsFileEncryptionError, e
+            end
+         end
+      end
+   end
+end

data/lib/invar/rake/task/status.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require_relative 'namespaced'
+
+module Invar
+   module Rake
+      module Task
+         # Rake task handler for actions that just show information about the system
+         class StatusHandler < NamespacedFileTask
+            # Prints the current paths to be searched in
+            def show_paths
+               warn @locator.search_paths.join("\n")
+            end
+         end
+      end
+   end
+end

data/lib/invar/rake/tasks.rb

@@ -3,29 +3,24 @@
 require 'invar'
 
 require 'rake'
-require 'io/console'
 require 'tempfile'
 
+require_relative 'task/config'
+require_relative 'task/secrets'
+require_relative 'task/status'
+
 module Invar
-   # Rake task implementation.
+   # Rake task module for Invar-related tasks.
+   #
+   # The specific rake task implementations are delegated to handlers in Invar::Rake::Task
    #
-   # The actual rake tasks themselves are thinly defined in invar/rake.rb (so that the external include
-   # path is nice and short)
+   # @see Invar::Rake::Tasks.define
    module Rake
       # RakeTask builder class. Use Tasks.define to generate the needed tasks.
       class Tasks
          include ::Rake::Cloneable
          include ::Rake::DSL
 
-         # Template config YAML file
-         CONFIG_TEMPLATE = SECRETS_TEMPLATE = <<~YML
-            ---
-         YML
-
-         CREATE_SUGGESTION = <<~SUGGESTION
-            Maybe you used the wrong namespace or need to create the file with bundle exec rake invar:init?
-         SUGGESTION
-
          # Shorthand for Invar::Rake::Tasks.new.define
          #
          # @param (see #define)
@@ -51,7 +46,7 @@ module Invar
                define_init_task(app_namespace)
 
                define_config_task(app_namespace)
-               define_secrets_task(app_namespace)
+               define_secrets_tasks(app_namespace)
 
                define_info_tasks(app_namespace)
             end
@@ -62,8 +57,8 @@ module Invar
             task :init, [:mode] do |_task, args|
                mode = args.mode
 
-               config  = ::Invar::Rake::Tasks::ConfigTask.new(app_namespace)
-               secrets = ::Invar::Rake::Tasks::SecretTask.new(app_namespace)
+               config  = ::Invar::Rake::Task::ConfigFileHandler.new(app_namespace)
+               secrets = ::Invar::Rake::Task::SecretsFileHandler.new(app_namespace)
 
                case mode
                when 'config'
@@ -71,7 +66,7 @@ module Invar
                when 'secrets'
                   config = nil
                else
-                  raise "unknown mode #{ mode }. Must be one of 'config' or 'secrets'" unless mode.nil?
+                  raise ArgumentError, "unknown mode '#{ mode }'. Must be one of 'config' or 'secrets'" unless mode.nil?
                end
 
                assert_init_conditions(config&.file_path, secrets&.file_path)
@@ -84,39 +79,44 @@ module Invar
          def define_config_task(app_namespace)
             desc 'Edit the config in your default editor'
             task :configs do
-               ::Invar::Rake::Tasks::ConfigTask.new(app_namespace).edit
+               ::Invar::Rake::Task::ConfigFileHandler.new(app_namespace).edit
             end
 
             # alias
             task config: ['configs']
          end
 
-         def define_secrets_task(app_namespace)
+         def define_secrets_tasks(app_namespace)
             desc 'Edit the encrypted secrets file in your default editor'
             task :secrets do
-               ::Invar::Rake::Tasks::SecretTask.new(app_namespace).edit
+               ::Invar::Rake::Task::SecretsFileHandler.new(app_namespace).edit
             end
 
             # alias
             task secret: ['secrets']
+
+            desc 'Encrypt the secrets file with a new generated key'
+            task :rotate do
+               ::Invar::Rake::Task::SecretsFileHandler.new(app_namespace).rotate
+            end
          end
 
          def define_info_tasks(app_namespace)
             desc 'Show directories to be searched for the given namespace'
             task :paths do
-               ::Invar::Rake::Tasks::StateTask.new(app_namespace).show_paths
+               ::Invar::Rake::Task::StatusHandler.new(app_namespace).show_paths
             end
          end
 
          def assert_init_conditions(config_file, secrets_file)
             return unless config_file&.exist? || secrets_file&.exist?
 
-            msg = if !config_file&.exist?
+            msg = if !config_file.exist?
                      <<~MSG
                         Abort: Secrets file already exists (#{ secrets_file })
                         Run this to init only the config file: bundle exec rake tasks invar:init[config]
                      MSG
-                  elsif !secrets_file&.exist?
+                  elsif !secrets_file.exist?
                      <<~MSG
                         Abort: Config file already exists (#{ config_file })
                         Run this to init only the secrets file: bundle exec rake tasks invar:init[secrets]
@@ -131,163 +131,18 @@ module Invar
             warn msg
             exit 1
          end
+      end
 
-         # Tasks that use a namespace for file searching
-         class NamespacedTask
-            def initialize(namespace)
-               @locator = FileLocator.new(namespace)
-            end
-
-            def file_path
-               config_dir / filename
-            end
-
-            private
-
-            def config_dir
-               @locator.search_paths.first
-            end
-         end
-
-         # Configuration file actions.
-         class ConfigTask < NamespacedTask
-            # Creates a config file in the appropriate location
-            def create
-               raise 'File already exists' if file_path.exist?
-
-               config_dir.mkpath
-               file_path.write CONFIG_TEMPLATE
-               file_path.chmod 0o600
-
-               warn "Created file: #{ file_path }"
-            end
-
-            # Edits the existing config file in the appropriate location
-            def edit
-               configs_file = begin
-                                 @locator.find('config.yml')
-                              rescue ::Invar::FileLocator::FileNotFoundError => e
-                                 warn <<~ERR
-                                    Abort: #{ e.message }. Searched in: #{ @locator.search_paths.join(', ') }
-                                    #{ CREATE_SUGGESTION }
-                                 ERR
-                                 exit 1
-                              end
-
-               system(ENV.fetch('EDITOR', 'editor'), configs_file.to_s, exception: true)
-
-               warn "File saved to: #{ configs_file }"
-            end
-
-            private
-
-            def filename
-               'config.yml'
-            end
-         end
-
-         # Secrets file actions.
-         class SecretTask < NamespacedTask
-            # Instructions hint for how to handle secret keys.
-            SECRETS_INSTRUCTIONS = <<~INST
-               Save this key to a secure password manager. You will need it to edit the secrets.yml file.
-            INST
-
-            # Creates a new encrypted secrets file and prints the generated encryption key to STDOUT
-            def create
-               raise 'File already exists' if file_path.exist?
-
-               encryption_key = Lockbox.generate_key
-
-               write_encrypted_file(file_path,
-                                    encryption_key: encryption_key,
-                                    content:        SECRETS_TEMPLATE,
-                                    permissions:    PrivateFile::DEFAULT_PERMISSIONS)
-
-               warn "Created file: #{ file_path }"
-
-               warn SECRETS_INSTRUCTIONS
-               warn 'Generated key is:'
-               puts encryption_key
-            end
-
-            # Opens an editor for the decrypted contents of the secrets file. After closing the editor, the file will be
-            # updated with the new encrypted contents.
-            def edit
-               secrets_file = begin
-                                 @locator.find('secrets.yml')
-                              rescue ::Invar::FileLocator::FileNotFoundError => e
-                                 warn <<~ERR
-                                    Abort: #{ e.message }. Searched in: #{ @locator.search_paths.join(', ') }
-                                    #{ CREATE_SUGGESTION }
-                                 ERR
-                                 exit 1
-                              end
-
-               edit_encrypted_file(secrets_file)
-
-               warn "File saved to #{ secrets_file }"
-            end
-
-            private
-
-            def filename
-               'secrets.yml'
-            end
-
-            def write_encrypted_file(file_path, encryption_key:, content:, permissions: nil)
-               lockbox = Lockbox.new(key: encryption_key)
-
-               encrypted_data = lockbox.encrypt(content)
-
-               config_dir.mkpath
-               # TODO: replace File.opens with photo_path.binwrite(uri.data) once FakeFS can handle it
-               File.open(file_path.to_s, 'wb') { |f| f.write encrypted_data }
-               file_path.chmod permissions if permissions
-            end
-
-            def edit_encrypted_file(file_path)
-               encryption_key = determine_key(file_path)
-
-               lockbox = build_lockbox(encryption_key)
-
-               file_str = Tempfile.create(file_path.basename.to_s) do |tmp_file|
-                  decrypted = lockbox.decrypt(file_path.binread)
-
-                  tmp_file.write(decrypted)
-                  tmp_file.rewind # rewind needed because file does not get closed after write
-                  system(ENV.fetch('EDITOR', 'editor'), tmp_file.path, exception: true)
-                  tmp_file.read
-               end
-
-               write_encrypted_file(file_path, encryption_key: encryption_key, content: file_str)
-            end
-
-            def determine_key(file_path)
-               encryption_key = Lockbox.master_key
-
-               if encryption_key.nil? && $stdin.respond_to?(:noecho)
-                  warn "Enter master key to decrypt #{ file_path }:"
-                  encryption_key = $stdin.noecho(&:gets).strip
-               end
-
-               encryption_key
-            end
-
-            def build_lockbox(encryption_key)
-               Lockbox.new(key: encryption_key)
-            rescue ArgumentError => e
-               raise SecretsFileEncryptionError, e
-            end
-         end
+      # Namespace module for task handler implementations
+      module Task
+         # Template config YAML file
+         CONFIG_TEMPLATE = SECRETS_TEMPLATE = <<~YML
+            ---
+         YML
 
-         # General status tasks
-         class StateTask < NamespacedTask
-            # Prints the current paths to be searched in
-            def show_paths
-               warn @locator.search_paths.join("\n")
-            end
-         end
+         CREATE_SUGGESTION = <<~SUGGESTION
+            Maybe you used the wrong namespace or need to create the file with bundle exec rake invar:init?
+         SUGGESTION
       end
    end
 end

data/lib/invar/reality.rb

@@ -152,11 +152,9 @@ module Invar
       end
 
       def resolve_key(pathname, locator, prompt)
-         key_file = locator.find(pathname)
-
-         read_keyfile(key_file)
+         read_keyfile locator.find pathname
       rescue FileLocator::FileNotFoundError
-         if $stdin.respond_to?(:noecho)
+         if $stdin.tty?
             warn prompt
             $stdin.noecho(&:gets).strip
          else

data/lib/invar/scope.rb

@@ -25,12 +25,18 @@ module Invar
       alias / fetch
       alias [] fetch
 
-      def method_missing(symbol, *args)
-         raise ::Invar::ImmutableRealityError, ::Invar::ImmutableRealityError::PRETEND_MSG if symbol == :pretend
+      def method_missing(method_name, *args)
+         guard_test_methods method_name
 
          super
       end
 
+      def respond_to_missing?(method_name, include_all)
+         guard_test_methods method_name
+
+         super method_name, include_all
+      end
+
       # Returns a hash representation of this scope and subscopes.
       #
       # @return [Hash] a hash representation of this scope
@@ -51,6 +57,10 @@ module Invar
 
       private
 
+      def guard_test_methods(method_name)
+         raise ::Invar::ImmutableRealityError, ::Invar::ImmutableRealityError::PRETEND_MSG if method_name == :pretend
+      end
+
       def known_keys
          @data.keys.sort.collect { |k| ":#{ k }" }.join(', ')
       end

data/lib/invar/version.rb

@@ -2,5 +2,5 @@
 
 module Invar
    # Current version of the gem
-   VERSION = '0.8.0'
+   VERSION = '0.9.1'
 end

data/lib/invar.rb

@@ -1,5 +1,9 @@
 # frozen_string_literal: true
 
+# Needed for TTY input handling
+# Do not remove; it missing will not always break tests due to test environments requiring it themselves
+require 'io/console'
+
 require_relative 'invar/version'
 require_relative 'invar/errors'
 require_relative 'invar/reality'
@@ -15,12 +19,24 @@ module Invar
    end
 
    class << self
-      def method_missing(meth)
-         if [:after_load, :clear_hooks].include? meth
-            raise ::Invar::ImmutableRealityError, ::Invar::ImmutableRealityError::HOOK_MSG
-         end
+      def method_missing(method_name)
+         guard_test_hooks method_name
 
          super
       end
+
+      def respond_to_missing?(method_name, include_all)
+         guard_test_hooks method_name
+
+         super method_name, include_all
+      end
+
+      private
+
+      def guard_test_hooks(method_name)
+         return unless [:after_load, :clear_hooks].include? method_name
+
+         raise ::Invar::ImmutableRealityError, ::Invar::ImmutableRealityError::HOOK_MSG
+      end
    end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: invar
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.9.1
 platform: ruby
 authors:
 - Robin Miller
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-09-13 00:00:00.000000000 Z
+date: 2023-09-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dry-schema
@@ -51,6 +51,7 @@ files:
 - ".rspec"
 - ".rubocop.yml"
 - ".ruby-version"
+- ".simplecov"
 - CODE_OF_CONDUCT.md
 - Gemfile
 - LICENSE.txt
@@ -62,6 +63,10 @@ files:
 - lib/invar/errors.rb
 - lib/invar/file_locator.rb
 - lib/invar/private_file.rb
+- lib/invar/rake/task/config.rb
+- lib/invar/rake/task/namespaced.rb
+- lib/invar/rake/task/secrets.rb
+- lib/invar/rake/task/status.rb
 - lib/invar/rake/tasks.rb
 - lib/invar/reality.rb
 - lib/invar/scope.rb