rcredstash 1.0.1 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 87738b964c912763c179803996897c9e52d431026ad9973e26891d302a0ee7d6
-  data.tar.gz: e7eee30911e02377b7bcb904d99afa57364d5406c8b38b96f3e4861c70fed636
+  metadata.gz: f5b4072a6a3800e27a23712bb59ee8df5b4ec5be248acd94dbd0711fec3f4f54
+  data.tar.gz: 9d3eafb59ea8a166a66a4a79ccf6ed3c93ddfbe110b51ca5accb61d215a79070
 SHA512:
-  metadata.gz: 215d2946ea3197dee17ff033642de2958b4628c6f5d56f496ced7cec6be0917c8f5d3611fc3bbd6a590141fcaec75c321a95b8fa15cb002fc936d589202399a3
-  data.tar.gz: d6cc7e2228276f47193f25ece54fddbaaaebc2aea7b8b7cef8bb7c512a13f243e581d74b56da343e8bd06a330e4cf681af89ce1b6e6fc20fc43c3ca2c9034dbe
+  metadata.gz: 3e011ab87a68a9022ebca726c4ee7316d2abaa39a5de721112f74199324b7fb4b5091393f70976c5947f9cf45581831bd2e5e9c035f614d838f71d793310f486
+  data.tar.gz: 5d19538fb21c39cdee4906cb447bb49846d3c7111d22afbe66d011846b688b8464c1d65ce1e0a214977f491e7c15d116098daf8a51da2b1ba4e8c5977449ff94

data/.github/workflows/ruby.yml

@@ -0,0 +1,28 @@
+name: Ruby CI
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        # Currently supported Ruby versions as of 2024-04-03.
+        # See for current status: https://www.ruby-lang.org/en/downloads/branches/
+        ruby-version: ['3.3', '3.2', '3.1']
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Ruby ${{ matrix.ruby-version }}
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby-version }}
+      - name: Install dependencies
+        run: bundle install
+      - name: Run tests
+        run: AWS_REGION=us-east-1 bundle exec rake

data/Gemfile

@@ -2,3 +2,7 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in rcredstash.gemspec
 gemspec
+
+# Needed to run tests.
+# Could be any of ox, oga, libxml, nokogiri or rexml
+gem 'rexml'

data/README.md

@@ -1,4 +1,4 @@
-# RCredStash [![Build Status](https://travis-ci.org/adorechic/rcredstash.svg?branch=master)](https://travis-ci.org/adorechic/rcredstash)
+# RCredStash ![Build Status](https://github.com/adorechic/rcredstash/actions/workflows/ruby.yml/badge.svg)
 
 RCredStash is a ruby port of [CredStash](https://github.com/fugue/credstash)
 
@@ -56,6 +56,10 @@ RCredStash uses [aws-sdk v2](https://github.com/aws/aws-sdk-ruby), so configurat
 ```ruby
 CredStash.configure do |config|
   config.table_name = 'your_dynamodb_table_name'
+
+  # Optional, if you want to modify them, like for Localstack.
+  config.dynamo_client = Aws::DynamoDB::Client.new
+  config.kms_client = Aws::KMS::Client.new
 end
 ```
 

data/lib/cred_stash/cipher_key.rb

@@ -5,7 +5,7 @@ class CredStash::CipherKey
 
   attr_reader :data_key, :hmac_key, :wrapped_key
 
-  def self.generate(client: Aws::KMS::Client.new, kms_key_id: nil,
+  def self.generate(client: CredStash.config.kms_client, kms_key_id: nil,
                     context: {})
     res = client.generate_data_key(
       key_id: kms_key_id || DEFAULT_KMS_KEY_ID,
@@ -19,7 +19,7 @@ class CredStash::CipherKey
     )
   end
 
-  def self.decrypt(wrapped_key, client: Aws::KMS::Client.new, context: {})
+  def self.decrypt(wrapped_key, client: CredStash.config.kms_client, context: {})
     res = client.decrypt(ciphertext_blob: wrapped_key, encryption_context: context)
     new(
       data_key: res.plaintext[0...32],

data/lib/cred_stash/cli.rb

@@ -3,8 +3,9 @@ require 'thor'
 module CredStash
   class CLI < Thor
     desc "get [key name]", "Show a value for key name"
+    option :version, type: :string, aliases: '-v', desc: 'Show a value for key name with their versions'
     def get(name)
-      puts CredStash.get(name)
+      puts CredStash.get(name, version: options[:version])
     end
 
     desc "put [key name]", "Put a value for key name"
@@ -17,13 +18,21 @@ module CredStash
     end
 
     desc "list", "Show all stored keys"
-    def list
-      puts CredStash.list.keys
+    option :version, type: :boolean, aliases: '-v', desc: 'Show all stored keys with their versions'
+    def list()
+      if options[:version]
+        CredStash.list_with_version.each do |hash|
+          puts "#{hash["name"]} --version: #{hash["version"]}"
+        end
+      else
+        puts CredStash.list.keys
+      end
     end
 
     desc "delete [key name]", "Delete a key"
+    option :version, type: :string, aliases: '-v', desc: 'Specify version'
     def delete(name)
-      CredStash.delete(name)
+      CredStash.delete(name, version: options[:version])
       puts "#{name} has deleted."
     end
 

data/lib/cred_stash/config.rb

@@ -10,7 +10,7 @@ module CredStash
   end
 
   class Config
-    attr_accessor :table_name, :storage
+    attr_accessor :table_name, :storage, :kms_client, :dynamo_client
 
     def initialize
       reset!
@@ -19,6 +19,8 @@ module CredStash
     def reset!
       @table_name = 'credential-store'
       @storage = :dynamodb
+      @kms_client = Aws::KMS::Client.new
+      @dynamo_client = Aws::DynamoDB::Client.new
     end
   end
 end

data/lib/cred_stash/repository/dynamo_db.rb

@@ -1,34 +1,23 @@
 module CredStash::Repository
   class DynamoDB
     def initialize(client: nil)
-      @client = client || Aws::DynamoDB::Client.new
+      @client = client || CredStash.config.dynamo_client
     end
 
-    def get(name)
-      select(name, limit: 1).first.tap do |item|
+    def get(name, version: nil)
+      select(name, limit: 1, version: version).first.tap do |item|
         unless item
-          raise CredStash::ItemNotFound, "#{name} is not found"
+          if version
+            raise CredStash::ItemNotFound, "#{name} --version: #{version} is not found"
+          else
+            raise CredStash::ItemNotFound, "#{name} is not found"
+          end
         end
       end
     end
 
-    def select(name, pluck: nil, limit: nil)
-      params = {
-        table_name: CredStash.config.table_name,
-        consistent_read: true,
-        key_condition_expression: "#name = :name",
-        expression_attribute_names: { "#name" => "name"},
-        expression_attribute_values: { ":name" => name }
-      }
-
-      if pluck
-        params[:projection_expression] = pluck
-      end
-
-      if limit
-        params[:limit] = limit
-        params[:scan_index_forward] = false
-      end
+    def select(name, pluck: nil, limit: nil, version: nil)
+      params = set_params(name, pluck: pluck, limit: limit, version: version)
 
       @client.query(params).items.map do |item|
         Item.new(
@@ -109,5 +98,31 @@ module CredStash::Repository
       end
       all_items
     end
+
+    def set_params(name, pluck: nil, limit: nil, version: nil)
+      params = {
+        table_name: CredStash.config.table_name,
+        consistent_read: true,
+        key_condition_expression: "#name = :name",
+        expression_attribute_names: { "#name" => "name" },
+        expression_attribute_values: { ":name" => name }
+      }
+      if pluck
+        params[:projection_expression] = pluck
+      end
+
+      if limit
+        params[:limit] = limit
+        params[:scan_index_forward] = false
+      end
+
+      if version
+        params[:key_condition_expression] = "#name = :name AND #version = :version"
+        params[:expression_attribute_names]["#version"] = "version"
+        params[:expression_attribute_values][":version"] = version
+      end
+
+      params
+    end
   end
 end

data/lib/cred_stash/secret.rb

@@ -29,8 +29,8 @@ class CredStash::Secret
   end
 
   class << self
-    def find(name, context: {})
-      item = repository.get(name)
+    def find(name, context: {}, version: nil)
+      item = repository.get(name, version: version)
       new(
         name: name,
         key: CredStash::CipherKey.decrypt(Base64.decode64(item.key), context: context),

data/lib/cred_stash/version.rb

@@ -1,3 +1,3 @@
 module CredStash
-  VERSION = "1.0.1"
+  VERSION = "2.0.0"
 end

data/lib/cred_stash.rb

@@ -1,7 +1,7 @@
 module CredStash
   class << self
-    def get(name, context: {}, raise_if_missing: false)
-      secret = Secret.find(name, context: context)
+    def get(name, context: {}, raise_if_missing: false, version: nil)
+      secret = Secret.find(name, context: context, version: version)
 
       if secret.falsified?
         raise "Invalid secret. #{name} has falsified"
@@ -24,10 +24,18 @@ module CredStash
       Repository.instance.list.inject({}) {|h, item| h[item.name] = item.version; h }
     end
 
-    def delete(name)
-      # TODO needs delete target version option
+    def list_with_version
+      Repository.instance.list.inject([]) do |h, item|
+        h.push({
+          "name" => item.name,
+          "version" => item.version
+        })
+      end
+    end
+
+    def delete(name, version: nil)
       repository = Repository.instance
-      item = repository.select(name).first
+      item = repository.select(name, version: version).first
       repository.delete(item)
     end
 

data/rcredstash.gemspec

@@ -23,7 +23,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'aws-sdk-dynamodb'
   spec.add_dependency 'thor'
 
-  spec.add_development_dependency "bundler", "~> 1.12"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "bundler"
+  spec.add_development_dependency "rake"
   spec.add_development_dependency "rspec", "~> 3.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rcredstash
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 2.0.0
 platform: ruby
 authors:
 - adorechic
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-04-17 00:00:00.000000000 Z
+date: 2024-04-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-kms
@@ -56,30 +56,30 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.12'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.12'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -102,9 +102,9 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ruby.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
 - Gemfile
 - README.md
 - Rakefile
@@ -128,7 +128,7 @@ homepage: https://github.com/adorechic/rcredstash
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -143,8 +143,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.4.9
+signing_key:
 specification_version: 4
 summary: A Ruby port of CredStash
 test_files: []

data/.travis.yml

@@ -1,6 +0,0 @@
-sudo: false
-language: ruby
-rvm:
-  - 2.3.1
-  - 2.2.5
-before_install: gem install bundler -v 1.12.5