invar 0.6.1 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1f8761298571a16c1752a4413d4288095301381a3a3ad323ea9e0cf75c48a5f7
-  data.tar.gz: b5a573c3eb0b93e3774a504fc467f9349eb242979a900d3b6ac463d609d75257
+  metadata.gz: 62fcbaf0763469c256af4915bdae35ded8a2691c647356a24bd6e68635bf3030
+  data.tar.gz: a54dce1295a10292f208318faeefe43b0c279934154f2c6f112e5b22278126a6
 SHA512:
-  metadata.gz: a7f52110ae1fe1580047d74b957c6da15208a82faec856d795177deb3f745778ef8f79d2a05e422e54ba06b2ea581978783e773d9eafb52e23e29ca1d2948b06
-  data.tar.gz: 0c35ac70036bc6c28e1444d6136fd27621d281d0ec54ba6e2c3b26a93e393eb1ce711226c081d8fba0178497fc869aea81232059746ba7afd91cddb9117cd4c1
+  metadata.gz: 5c0d9b6ae497f3e1ca0ba6701cdc99c1b8408ceabcdfd1970b67c465576f2cd0439caf92fc6413eb40db21d7289d5f5cab495adeb3499bdeef3c3a4da43a0e2b
+  data.tar.gz: 206b350e643afabd1892db2cf393b375e7555fe85f65d56705c718757ce172d4360fb9f6c4102b70da64223ee42a9d0ef960298240bce9e755b91512f7d1406a

data/.ruby-version

@@ -1 +1 @@
-ruby-2.7.1
+ruby-2.7.8

data/Gemfile

@@ -2,5 +2,14 @@
 
 source 'https://rubygems.org'
 
+group :development do
+   gem 'bundler', '~> 2.3'
+   gem 'fakefs', '~> 2.5'
+   gem 'rake', '~> 13.0'
+   gem 'rspec', '~> 3.12'
+   gem 'simplecov', '~> 0.22'
+   gem 'yard', '~> 0.9'
+end
+
 # Specify your gem's dependencies in invar.gemspec
 gemspec

data/RELEASE_NOTES.md

@@ -13,11 +13,13 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ### Minor Changes
 
-* none
+* Tweaked file missing error messages
+* Extracted testing helper features into a separate module
+* Added support for multiple after_load hooks
 
 ### Bugfixes
 
-* none
+* No longer attempts to set secrets file permissions on every edit
 
 ## [0.6.1] - 2023-05-22
 
@@ -31,7 +33,7 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ### Bugfixes
 
-* Fixed minor logic error in permissions checking, improved testing 
+* Fixed minor logic error in permissions checking, improved testing
 
 ## [0.6.0] - 2023-05-21
 

data/invar.gemspec

@@ -31,11 +31,4 @@ Gem::Specification.new do |spec|
 
    spec.add_dependency 'dry-schema', '>= 1.0'
    spec.add_dependency 'lockbox', '>= 1.0'
-
-   spec.add_development_dependency 'bundler', '~> 2.3'
-   spec.add_development_dependency 'fakefs', '~> 1.9'
-   spec.add_development_dependency 'rake', '~> 13.0'
-   spec.add_development_dependency 'rspec', '~> 3.12'
-   spec.add_development_dependency 'simplecov', '~> 0.21'
-   spec.add_development_dependency 'yard', '~> 0.9'
 end

data/lib/invar/errors.rb

@@ -0,0 +1,51 @@
+module Invar
+
+   # Raised when no config file can be found within the search paths.
+   class MissingConfigFileError < RuntimeError
+   end
+
+   # Raised when no secrets file can be found within the search paths.
+   class MissingSecretsFileError < RuntimeError
+   end
+
+   # Raised when an error is encountered during secrets file encryption
+   class SecretsFileEncryptionError < RuntimeError
+   end
+
+   # Raised when an error is encountered during secrets file decryption
+   class SecretsFileDecryptionError < RuntimeError
+   end
+
+   # Raised when a key is defined in both the environment and the configuration file.
+   class EnvConfigCollisionError < RuntimeError
+      # Message hinting at possible solution
+      HINT = 'Either rename your config entry or remove the environment variable.'
+   end
+
+   # Raised when there are config or secrets files found at multiple locations. You can resolve this by deciding on
+   # one correct location and removing the alternate file(s).
+   class AmbiguousSourceError < RuntimeError
+      # Message hinting at possible solution
+      HINT = 'Choose 1 correct one and delete the others.'
+   end
+
+   # Raised when #pretend is called but the testing extension has not been loaded.
+   #
+   # When raised during normal operation, it may mean the application is calling #pretend directly, which is strongly
+   # discouraged. The feature is meant for testing.
+   #
+   # @see Invar#pretend
+   class ImmutableRealityError < NoMethodError
+      HINT = <<~HINT
+         Try adding this to your test suite config file:
+            require 'invar/test'
+      HINT
+
+      PRETEND_MSG = "Method 'Invar::Scope#pretend' is defined in the testing extension. #{ HINT }"
+      HOOK_MSG    = "Methods 'Invar.after_load and clear_hooks' are defined in the testing extension. #{ HINT }"
+   end
+
+   # Raised when schema validation fails
+   class SchemaValidationError < RuntimeError
+   end
+end

data/lib/invar/private_file.rb

@@ -7,13 +7,18 @@ require 'delegate'
 
 module Invar
    # Verifies a file is secure
-   class PrivateFile #< SimpleDelegator
+   class PrivateFile
       extend Forwardable
       def_delegators :@delegate_sd_obj, :stat, :to_s, :basename, :==, :chmod
 
+      # Mask for limiting to the lowest three octal digits (which store permissions)
+      PERMISSIONS_MASK = 0o777
+
       ALLOWED_USER_MODES  = [0o600, 0o400].freeze
       ALLOWED_GROUP_MODES = [0o060, 0o040, 0o000].freeze
 
+      DEFAULT_PERMISSIONS = 0o600
+
       # Allowed permissions modes for lockfile. Readable or read-writable by the user or group only
       ALLOWED_MODES = ALLOWED_USER_MODES.product(ALLOWED_GROUP_MODES).collect do |u, g|
          u | g # bitwise OR
@@ -45,9 +50,8 @@ module Invar
       #
       # @raise [FilePermissionsError] if the file has insecure permissions
       def verify_permissions!
-         permissions_mask = 0o777 # only the lowest three digits are perms, so masking
          # stat             = @delegate_sd_obj.stat
-         file_mode = stat.mode & permissions_mask
+         file_mode = stat.mode & PERMISSIONS_MASK
          # TODO: use stat.world_readable? etc instead
          return if ALLOWED_MODES.include? file_mode
 

data/lib/invar/rake/tasks.rb

@@ -199,7 +199,10 @@ module Invar
 
                encryption_key = Lockbox.generate_key
 
-               write_encrypted_file(file_path, encryption_key, SECRETS_TEMPLATE)
+               write_encrypted_file(file_path,
+                                    encryption_key: encryption_key,
+                                    content:        SECRETS_TEMPLATE,
+                                    permissions:    PrivateFile::DEFAULT_PERMISSIONS)
 
                warn "Created file: #{ file_path }"
 
@@ -232,7 +235,7 @@ module Invar
                'secrets.yml'
             end
 
-            def write_encrypted_file(file_path, encryption_key, content)
+            def write_encrypted_file(file_path, encryption_key:, content:, permissions: nil)
                lockbox = Lockbox.new(key: encryption_key)
 
                encrypted_data = lockbox.encrypt(content)
@@ -240,7 +243,7 @@ module Invar
                config_dir.mkpath
                # TODO: replace File.opens with photo_path.binwrite(uri.data) once FakeFS can handle it
                File.open(file_path.to_s, 'wb') { |f| f.write encrypted_data }
-               file_path.chmod 0o600
+               file_path.chmod permissions if permissions
             end
 
             def edit_encrypted_file(file_path)
@@ -257,7 +260,7 @@ module Invar
                   tmp_file.read
                end
 
-               write_encrypted_file(file_path, encryption_key, file_str)
+               write_encrypted_file(file_path, encryption_key: encryption_key, content: file_str)
             end
 
             def determine_key(file_path)

data/lib/invar/reality.rb

@@ -72,27 +72,21 @@ module Invar
             @configs = Scope.new(load_configs(locator))
          rescue FileLocator::FileNotFoundError
             raise MissingConfigFileError,
-                  "No config file found. Create config.yml in one of these locations: #{ search_paths }"
+                  "No Invar config file found. Create config.yml in one of these locations: #{ search_paths }"
          end
 
          begin
             @secrets = Scope.new(load_secrets(locator, decryption_keyfile || DEFAULT_KEY_FILE_NAME))
          rescue FileLocator::FileNotFoundError
             raise MissingSecretsFileError,
-                  "No secrets file found. Create encrypted secrets.yml in one of these locations: #{ search_paths }"
+                  "No Invar secrets file found. Create encrypted secrets.yml in one of these locations: #{ search_paths }"
          end
 
          freeze
-         # instance_eval(&self.class.__override_block__)
-         self.class.__override_block__&.call(self)
 
          RealityValidator.new(configs_schema, secrets_schema).validate(@configs, @secrets)
       end
 
-      class << self
-         attr_accessor :__override_block__
-      end
-
       # Fetch from one of the two base scopes: :config or :secret.
       # Plural names are also accepted (ie. :configs and :secrets).
       #
@@ -224,51 +218,4 @@ module Invar
          end
       end
    end
-
-   # Raised when no config file can be found within the search paths.
-   class MissingConfigFileError < RuntimeError
-   end
-
-   # Raised when no secrets file can be found within the search paths.
-   class MissingSecretsFileError < RuntimeError
-   end
-
-   # Raised when an error is encountered during secrets file encryption
-   class SecretsFileEncryptionError < RuntimeError
-   end
-
-   # Raised when an error is encountered during secrets file decryption
-   class SecretsFileDecryptionError < RuntimeError
-   end
-
-   # Raised when a key is defined in both the environment and the configuration file.
-   class EnvConfigCollisionError < RuntimeError
-      # Message hinting at possible solution
-      HINT = 'Either rename your config entry or remove the environment variable.'
-   end
-
-   # Raised when there are config or secrets files found at multiple locations. You can resolve this by deciding on
-   # one correct location and removing the alternate file(s).
-   class AmbiguousSourceError < RuntimeError
-      # Message hinting at possible solution
-      HINT = 'Choose 1 correct one and delete the others.'
-   end
-
-   # Raised when #pretend is called but the testing extension has not been loaded.
-   #
-   # When raised during normal operation, it may mean the application is calling #pretend directly, which is strongly
-   # discouraged. The feature is meant for testing.
-   #
-   # @see Invar#pretend
-   class ImmutableRealityError < NoMethodError
-      # Message and hint for a possible solution
-      MSG = <<~MSG
-         Method 'pretend' is defined in the testing extension. Try adding this to your test suite config file:
-            require 'invar/test'
-      MSG
-   end
-
-   # Raised when schema validation fails
-   class SchemaValidationError < RuntimeError
-   end
 end

data/lib/invar/scope.rb

@@ -7,7 +7,6 @@ module Invar
          @data = convert(data)
 
          @data.freeze
-         @data_override = {}
          freeze
       end
 
@@ -18,23 +17,27 @@ module Invar
       # @see #override
       def fetch(key)
          key = key.downcase.to_sym
-         @data_override.fetch(key, @data.fetch(key))
+         @data.fetch key
       rescue KeyError => e
-         raise KeyError, "#{ e.message }. Known keys are #{ @data.keys.sort.collect { |k| ":#{ k }" }.join(', ') }"
+         raise KeyError, "#{ e.message }. Known keys are #{ known_keys }"
       end
 
       alias / fetch
       alias [] fetch
 
-      def pretend(**)
-         raise ::Invar::ImmutableRealityError, ::Invar::ImmutableRealityError::MSG
+      def method_missing(symbol, *args)
+         if symbol == :pretend
+            raise ::Invar::ImmutableRealityError, ::Invar::ImmutableRealityError::PRETEND_MSG
+         else
+            super
+         end
       end
 
       # Returns a hash representation of this scope and subscopes.
       #
       # @return [Hash] a hash representation of this scope
       def to_h
-         @data.merge(@data_override).to_h.transform_values do |value|
+         @data.to_h.transform_values do |value|
             case value
             when Scope
                value.to_h
@@ -50,11 +53,15 @@ module Invar
 
       private
 
+      def known_keys
+         @data.keys.sort.collect { |k| ":#{ k }" }.join(', ')
+      end
+
       def convert(data)
          (data || {}).dup.each_with_object({}) do |pair, agg|
             key, value = pair
 
-            agg[key] = value.is_a?(Hash) ? Scope.new(value) : value
+            agg[key.to_s.downcase.to_sym] = value.is_a?(Hash) ? Scope.new(value) : value
          end
       end
    end

data/lib/invar/test.rb

@@ -1,16 +1,101 @@
 # frozen_string_literal: true
 
-require 'invar'
+# Specifically not calling require 'invar' here to force applications to need to include it themselves,
+# preventing the situation where test suites include application dependencies for them and breaking when
+# the app is run without the test suite
 
 module Invar
-   # Extension to the standard class
-   class Scope
-      # Overrides the given set of key-value pairs. This is intended to only be used in testing environments,
-      # where you may need contextual adjustments to suit the test situation.
-      #
-      # @param [Hash] pairs the hash of pairs to override.
-      def pretend(pairs)
-         @data_override.merge!(pairs.transform_keys(&:to_sym))
+   # Namespace module containing mixins for parts of the main gem to enable modifications and data control
+   # in automated testing, while remaining immutable in the main gem and real runtime usage.
+   module TestExtension
+      module RealityMethods
+         class << self
+            attr_accessor :__after_load_hooks__
+            RealityMethods.__after_load_hooks__ = []
+         end
+
+         def initialize(**)
+            super
+
+            # instance_eval(&self.class.__override_block__)
+            RealityMethods.__after_load_hooks__.each { |hook| hook.call(self) }
+         end
+      end
+
+      # Adds methods to the main Invar module itself for a global-access hook to be used in application init phase.
+      module LoadHook
+         def clear_hooks
+            RealityMethods.__after_load_hooks__.clear
+         end
+
+         # Block that will be run after loading from config files.
+         #
+         # It is intended to allow test suites to tweak configurations without having to duplicate the entire config file.
+         #
+         # @yieldparam the configs from the Invar
+         # @return [void]
+         def after_load(&block)
+            RealityMethods.__after_load_hooks__.push(block)
+         end
       end
+
+      # Methods mixin for the Invar::Scope class
+      module ScopeMethods
+         def initialize(data)
+            @pretend_data = {}
+            super
+         end
+
+         # Overrides the given set of key-value pairs. This is intended to only be used in testing environments,
+         # where you may need contextual adjustments to suit the test situation.
+         #
+         # @param [Hash] pairs the hash of pairs to override.
+         def pretend(pairs)
+            @pretend_data.merge! convert(pairs)
+         end
+
+         def fetch(key)
+            @pretend_data.fetch(key.downcase.to_sym) do
+               super
+            end
+         rescue KeyError => e
+            raise KeyError, "#{ e.message }. Pretend keys are: #{ pretend_keys }."
+         end
+
+         # Duplicated to refer to the override version
+         alias / fetch
+         alias [] fetch
+
+         # Returns a hash representation of this scope and subscopes.
+         #
+         # @return [Hash] a hash representation of this scope
+         def to_h
+            super.merge(@pretend_data).to_h
+         end
+
+         private
+
+         def pretend_keys
+            keys = @pretend_data.keys
+
+            if keys.empty?
+               '(none)'
+            else
+               keys.sort.collect { |k| ":#{ k }" }.join(', ')
+            end
+         end
+      end
+   end
+
+   # Extension to the base library class that provides additional methods relevant only to automated testing
+   extend TestExtension::LoadHook
+
+   # Extension to the base library class that provides additional methods relevant only to automated testing
+   class Scope
+      prepend TestExtension::ScopeMethods
+   end
+
+   class Reality
+      prepend TestExtension::RealityMethods
    end
 end

data/lib/invar/version.rb

@@ -2,5 +2,5 @@
 
 module Invar
    # Current version of the gem
-   VERSION = '0.6.1'
+   VERSION = '0.7.0'
 end

data/lib/invar.rb

@@ -1,7 +1,8 @@
 # frozen_string_literal: true
 
-require 'invar/version'
-require 'invar/reality'
+require_relative 'invar/version'
+require_relative 'invar/errors'
+require_relative 'invar/reality'
 
 # Invar is a Ruby Gem that provides a single source of truth for application configuration, secrets, and environment
 # variables.
@@ -14,13 +15,12 @@ module Invar
    end
 
    class << self
-      # Block that will be run after loading from config files and prior to freezing. It is intended to allow
-      # for test suites to tweak configurations without having to duplicate the entire config file.
-      #
-      # @yieldparam the configs from the Invar
-      # @return [void]
-      def after_load(&block)
-         ::Invar::Reality.__override_block__ = block
+      def method_missing(meth)
+         if [:after_load, :clear_hooks].include? meth
+            raise ::Invar::ImmutableRealityError, ::Invar::ImmutableRealityError::HOOK_MSG
+         else
+            super
+         end
       end
    end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: invar
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.7.0
 platform: ruby
 authors:
 - Robin Miller
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-05-22 00:00:00.000000000 Z
+date: 2023-08-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dry-schema
@@ -38,90 +38,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '1.0'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.3'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.3'
-- !ruby/object:Gem::Dependency
-  name: fakefs
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.9'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.9'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '13.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '13.0'
-- !ruby/object:Gem::Dependency
-  name: rspec
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.12'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.12'
-- !ruby/object:Gem::Dependency
-  name: simplecov
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.21'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.21'
-- !ruby/object:Gem::Dependency
-  name: yard
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.9'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.9'
 description: |
   Locates and loads config YAML files based on XDG standard with the encrypted secrets file kept separately.
   Includes useful rake tasks to make management easier. No code execution in config. Rails-independent. Gluten free.
@@ -143,6 +59,7 @@ files:
 - Rakefile
 - invar.gemspec
 - lib/invar.rb
+- lib/invar/errors.rb
 - lib/invar/file_locator.rb
 - lib/invar/private_file.rb
 - lib/invar/rake/tasks.rb
@@ -170,7 +87,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.4.10
 signing_key: 
 specification_version: 4
 summary: Single source of truth for environmental configuration.