roro 0.3.21 → 0.3.22

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 43e30bd9aa551984852307e9c258049546a167e89aaab22e3f8b7256cec22a23
-  data.tar.gz: 790ad729852cf34c8bbdfa6499ab325f399334d1df2c385d20e7ae5757dcd707
+  metadata.gz: d21bacda1161bc7f1cb8b57ebbca68cbe4f9647c2d02b33464c6a162f3661d31
+  data.tar.gz: d40e7d418705dd50e38e8d5a6f337d313f8cae3fadb1a37a7114c504cd8bbb46
 SHA512:
-  metadata.gz: 4de76d1807c627790a721e968e458bcff335d9a972b8b496d5a1dfc494c8b750332eae75411dc689482bb3e60fab44319fa46cc95c63547cedfa5c849e527ce5
-  data.tar.gz: b7f2647884d116fc849431070829e2806f244771580a532f57e65cabbf17d856bf209d76e425eee28e370eee90ef6d10f0ab8de10998503bc058da846387bb78
+  metadata.gz: af1f1072843ad1d6919afd41398c31ae7357a9d492bb8e811a3d9da825bef9eb1def20a5577f059655b22eceac1bc387b0760f710a257412202a61f6497d8818
+  data.tar.gz: ed48d94a0902e9123e4790b44d77249ddee40e4d122524fcfe5afe92a661ebc3903ff96cc75210e85e200eb66388033d824934b6675b976ca543aa39981ac2f5

data/.gitignore

@@ -16,10 +16,12 @@ roro/**/*.key
 !/.gitignore
 *.gem
 tmp/*
-!tmp/.keep 
+!tmp/.keep
 sandbox/*
-!sandbox/.keep 
+!sandbox/.keep
 !sandbox/greenfield
 sandbox/greenfield/*
 !sandbox/greenfield/.keep
-TUTORIAL.md
+TUTORIAL.md
+
+.idea

data/Guardfile

@@ -1,15 +1,17 @@
 options = {
-  all_on_start: false,
-  all_after_pass: false, 
+  all_on_start: true,
+  all_after_pass: false,
 }
 
 guard :minitest, options do
 
   watch(%r{^test/(.*)\/?(.*)_test\.rb$})
-  watch(%r{^test/helpers/(.*)\.rb$})          { 'test' }
-  watch(%r{^test/test_helper\.rb$})           { 'test' }
+  # watch(%r{^test/helpers/(.*)\.rb$})          { 'test' }
+  # watch(%r{^test/test_helper\.rb$})           { 'test' }
   watch(%r{^lib/roro/(.+)\.rb$})              { |m| "test/#{m[1]}_test.rb" }
-  watch(%r{^lib/roro/cli/(.+)\.rb$})          { |m| "test/cli/#{m[1]}_test.rb" }
-  watch(%r{^lib/roro/cli/(.+)\.yml$})         { |m| "test/cli" }
-  watch(%r{^lib/roro/cli/(.+)\.tt$})          { |m| "test/cli" }
+  # watch(%r{^lib/roro/(.+)\.rb$})              { "test/crypto_test.rb" }
+  # watch(%r{^lib/(.+)\.rb$})              { |m| "test/#{m[1]}_test.rb" }
+  # watch(%r{^lib/roro/cli/(.+)\.rb$})          { |m| "test/cli/#{m[1]}_test.rb" }
+  # watch(%r{^lib/roro/cli/(.+)\.yml$})         { |m| "test/cli" }
+  # watch(%r{^lib/roro/cli/(.+)\.tt$})          { |m| "test/cli" }
 end

data/lib/roro.rb

@@ -5,5 +5,14 @@ require "roro/configurator"
 require "roro/crypto"
 
 module Roro
+  module Crypto 
+    class KeyError < StandardError; end
+    class EnvironmentError < StandardError; end
+    class DataDestructionError < StandardError; end
+    class EncryptableError < StandardError; end
+    class DecryptableError < StandardError; end
+  end 
+
+  
   class Error < StandardError; end
 end

data/lib/roro/cli.rb

@@ -1,14 +1,13 @@
 
-require 'roro/cli/generate/exposed'
-require 'roro/cli/generate/keys'
-require 'roro/cli/generate/obfuscated'
-require 'roro/cli/generate/story'
+require 'roro/cli/generate/generate_exposed'
+require 'roro/cli/generate/generate_keys'
+require 'roro/cli/generate/generate_obfuscated'
+require 'roro/cli/generate/generate_story'
 require 'roro/cli/greenfield/rails'
 require 'roro/cli/rollon'
 require 'roro/cli/rollon/rails/base/base'
 require 'roro/cli/rollon/rails/database/with_mysql'
 require 'roro/cli/rollon/rails/database/with_postgresql'
-
 require 'roro/cli/rollon/ruby_gem'
 
 module Roro
@@ -24,6 +23,10 @@ module Roro
       File.dirname(__FILE__) + '/stories'
     end
     
+    def self.test_fixture_root 
+      File.dirname(__FILE__) + '/test/fixtures'
+    end 
+    
     def self.roro_environments 
       %w(development production test staging ci)
     end

data/lib/roro/cli/generate/generate_exposed.rb

@@ -0,0 +1,18 @@
+module Roro
+  class CLI < Thor
+    
+    desc "generate::exposed", "Decrypts .env.enc files for all environments or those specified."
+    map "generate::exposed" => "generate_exposed"
+
+    
+    def generate_exposed(*environments)
+      Roro::Crypto.expose(environments, './roro', '.env.enc')
+    end
+    # def generate_exposed(*args) 
+    #   environments = args.first ? [args.first] : gather_environments
+    #   environments.each do |environment|
+    #     Roro::Crypto.expose(environment, 'roro')
+    #   end
+    # end
+  end
+end

data/lib/roro/cli/generate/generate_keys.rb

@@ -0,0 +1,14 @@
+module Roro
+
+  class CLI < Thor
+    map "generate::key" => "generate_keys"
+    method_option :environment, type: :hash, default: {}, desc: "Generates a key for each argument.", banner: "development, staging"
+
+    desc "generate::keys", "Generates a key for each <environment>.env file."
+    map "generate::keys" => "generate_keys"
+
+    def generate_keys(*environments)
+      Roro::Crypto.generate_keys(environments, './roro', '.env')
+    end
+  end
+end

data/lib/roro/cli/generate/generate_obfuscated.rb

@@ -0,0 +1,34 @@
+require 'roro/crypto'
+
+module Roro
+
+  class CLI < Thor
+
+    desc "generate::obfuscated", "Encrypts .env files for safe storage."
+    map "generate::obfuscated" => "generate_obfuscated"
+
+    def generate_obfuscated(*environments)
+      Roro::Crypto.obfuscate(environments, './roro', '.env')
+    end
+
+    no_commands do
+
+      def check_for_obfuscatable(environments)
+        if environments.empty?
+          msg = "No .env files matching the
+          pattern roro/**/*.env'. Please create one."
+          raise Roro::Error.new(msg)
+        end
+      end
+
+      def check_for_keys(environments)
+        environments.each do |e|
+          unless File.exist?("roro/keys/#{e}.key")
+            msg = "No #{e} key file at roro/keys/{e}.key. Please generate one."
+            raise Roro::Error.new(msg)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/roro/crypto.rb

@@ -11,63 +11,103 @@ module Roro::Crypto
       Base64.encode64(@new_key)
     end
 
-    def write_to_file(data, filename)
-      File.open(filename, "w") { |io| io.write data }
+    def source_files(dir, pattern)
+      Dir.glob(dir + "/**/*#{pattern}")
     end
 
-    def generate_key_file(directory, environment)
-      write_to_file(generate_key, directory + "/" + environment + ".key")
+    def gather_environments(dir, ext)
+      environments = []
+      source_files(dir, ext).each do |source_file|
+        environments << source_file.split('/').last.split('.').first
+      end
+      if environments.empty? 
+        raise EnvironmentError, "No files in the #{dir} directory matching #{ext}"
+      else 
+        environments.uniq
+      end
     end
 
-    def source_files(directory=nil, extension=nil)
-      Dir.glob(directory + "/**/*#{extension}")
+    def generate_keys(keys, dir, ext)
+      (keys.empty? ? gather_environments(dir, ext) : keys).each do |key|
+        write_to_file generate_key, "#{dir}/keys/#{key}.key"
+      end
     end
 
-    def build_cipher(environment)
-      @cipher = OpenSSL::Cipher.new 'AES-128-CBC'
-      @salt = '8 octets'
-      @pass_phrase = get_key(environment)
-      @cipher.encrypt.pkcs5_keyivgen @pass_phrase, @salt
+    def expose(environments, dir, ext)
+      if environments.empty? 
+        environments = gather_environments('./roro/keys', '.key')
+      end 
+      environments.each do |environment| 
+        pattern = "#{environment}*#{ext}" 
+
+        exposable = source_files(dir, pattern)
+        if exposable.empty?
+          puts "No #{environment} files in ./roro matching #{pattern}"
+        end
+        source_files(dir, pattern).each do |file|
+          decrypt(file, environment)
+        end
+      end
     end
 
-    def encrypt(file, environment=nil)
-      environment ||= file.split('.')[-2].split('/').last
-      build_cipher(environment)
+    def obfuscate(envs, dir, ext)
+      environments = envs.empty? ? gather_environments(dir, ext) : envs
+      environments.each do |environment|
+        pattern = "#{environment}*#{ext}" 
+        get_key(environment)
+        encryptable_files = source_files(dir, pattern)
+        if encryptable_files.empty?
+          puts "No #{environment} files in ./roro matching #{pattern}"
+        end 
+        encryptable_files.each do |file|
+          encrypt(file, environment)
+        end
+      end 
+    end
+
+    def write_to_file(data, filename)
+      if File.exist?(filename)
+        raise DataDestructionError, "Existing file at #{filename}. Please remove it and try again."
+      else
+        File.open(filename, "w") { |io| io.write data }
+      end
+    end
+
+    
+    def encrypt(file, key)
+      build_cipher(key)
       encrypted = @cipher.update(File.read file) + @cipher.final
       write_to_file(Base64.encode64(encrypted), file + '.enc')
     end
-
-    def decrypt(file, environment=nil)
-      environment ||= file.split('.')[-3].split('/').last
-      build_cipher(environment)
+    
+    def decrypt(file, key)
+      build_cipher(key)
       encrypted = Base64.decode64 File.read(file)
       @cipher.decrypt.pkcs5_keyivgen @pass_phrase, @salt
       decrypted = @cipher.update(encrypted) + @cipher.final
       decrypted_file = file.split('.enc').first
       write_to_file decrypted, decrypted_file
     end
-
-    def obfuscate(env=nil, dir=nil, ext=nil)
-      ext = ext || "#{env}.env"
-      source_files(dir, ext).each { |file| encrypt(file, env) }
-    end
-
-    def expose(env=nil, dir=nil, ext=nil)
-      ext = ext || "#{env}.env.enc"
-      source_files(dir, ext).each { |file| decrypt(file, env) }
-    end
-
-    def get_key(environment, directory=nil)
+    
+    def get_key(environment, dir='roro')
       env_key = environment.upcase + '_KEY'
-      key_file = source_files('./.', "#{directory}/#{environment}.key").first
+      key_file = Dir.glob("roro/keys/#{environment}.key").first
       case
       when ENV[env_key].nil? && key_file.nil?
-        raise DeployKeyError, "No #{env_key} set."
+        raise KeyError, "No #{env_key} set. Please set one as a variable or in a file."
       when ENV[env_key]
         ENV[env_key]
       when File.exist?(key_file)
         File.read(key_file).strip
       end
     end
+    
+    private 
+    def build_cipher(environment)
+      @cipher = OpenSSL::Cipher.new 'AES-128-CBC'
+      @salt = '8 octets'
+      @pass_phrase = get_key(environment)
+      @cipher.encrypt.pkcs5_keyivgen @pass_phrase, @salt
+    end
   end
 end

data/lib/roro/templates/rails/Dockerfile.greenfield.tt

@@ -28,7 +28,7 @@ RUN gem install bundler:2.1.4
 WORKDIR ${APP_HOME}
 
 ## Create a Gemfile with just the Rails gem inside:
-RUN echo -e "source 'https://rubygems.org'\ngem 'rails'" > Gemfile
+RUN echo -e "source 'https://rubygems.org'\ngem 'rails', '6.1.3.1'" > Gemfile
 
 ## Bundle to install rails:
 RUN bundle install

data/lib/roro/version.rb

@@ -1,3 +1,3 @@
 module Roro
-  VERSION = "0.3.21"
+  VERSION = "0.3.22"
 end

data/roro.gemspec

@@ -35,6 +35,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'bundler', '~> 2.1', '>= 2.1.4'
   spec.add_development_dependency 'byebug', '~> 11.1', '>= 11.1.3'
   spec.add_development_dependency 'handsome_fencer-test', '~> 0.2.2'
+  spec.add_development_dependency 'minitest-focus'
   spec.add_development_dependency 'readline'
   spec.add_development_dependency 'mocha', '~> 1.11', '>= 1.11.2'
 

data/roro/containers/app/dotenv

@@ -0,0 +1 @@
+RORO_ENV=development

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: roro
 version: !ruby/object:Gem::Version
-  version: 0.3.21
+  version: 0.3.22
 platform: ruby
 authors:
 - schadenfred
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-06 00:00:00.000000000 Z
+date: 2021-05-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gem-release
@@ -132,6 +132,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.2.2
+- !ruby/object:Gem::Dependency
+  name: minitest-focus
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: readline
   requirement: !ruby/object:Gem::Requirement
@@ -194,11 +208,11 @@ files:
 - docker-compose.yml
 - lib/roro.rb
 - lib/roro/cli.rb
-- lib/roro/cli/generate/exposed.rb
 - lib/roro/cli/generate/generate.rb
-- lib/roro/cli/generate/keys.rb
-- lib/roro/cli/generate/obfuscated.rb
-- lib/roro/cli/generate/story.rb
+- lib/roro/cli/generate/generate_exposed.rb
+- lib/roro/cli/generate/generate_keys.rb
+- lib/roro/cli/generate/generate_obfuscated.rb
+- lib/roro/cli/generate/generate_story.rb
 - lib/roro/cli/greenfield/rails.rb
 - lib/roro/cli/rollon.rb
 - lib/roro/cli/rollon/rails/base/base.rb
@@ -253,6 +267,7 @@ files:
 - lib/roro/templates/base/roro/roro/containers/app/.keep
 - lib/roro/templates/base/roro/roro/containers/frontend/.keep
 - lib/roro/templates/base/roro/roro/docker-entrypoint.sh.tt
+- lib/roro/templates/base/roro/roro/keys/.keep
 - lib/roro/templates/rails/.circleci/.keep
 - lib/roro/templates/rails/.circleci/config.yml.tt
 - lib/roro/templates/rails/.circleci/jobs/_build.yml
@@ -279,6 +294,7 @@ files:
 - lib/roro/templates/rails/roro/containers/app/Dockerfile.tt
 - lib/roro/templates/rails/roro/containers/frontend/.keep
 - lib/roro/templates/rails/roro/docker-entrypoint.sh
+- lib/roro/templates/rails/roro/keys/.keep
 - lib/roro/templates/rails/roro/kube/.keep
 - lib/roro/templates/rails/roro/kube/certificate.yml.tt
 - lib/roro/templates/rails/roro/kube/cluster-issuer.yml.tt
@@ -310,8 +326,8 @@ files:
 - roro.gemspec
 - roro/containers/.keep
 - roro/containers/app/Dockerfile
+- roro/containers/app/dotenv
 - roro/containers/ruby_image/Dockerfile
-- roro/containers/ruby_image/ci.env.enc
 - roro/keys/.keep
 - sandbox/.keep
 - tmp/.keep

data/lib/roro/cli/generate/exposed.rb

@@ -1,14 +0,0 @@
-module Roro
-  class CLI < Thor
-    
-    desc "generate::exposed", "Generate private .env files from encrypted .env.enc files inside the roro directory."
-    map "generate::exposed" => "generate_exposed"
-    
-    def generate_exposed(*args) 
-      environments = args.first ? [args.first] : gather_environments
-      environments.each do |environment|
-        Roro::Crypto.expose(environment, 'roro')
-      end
-    end
-  end
-end

data/lib/roro/cli/generate/keys.rb

@@ -1,69 +0,0 @@
-module Roro
-
-  class CLI < Thor
-    
-    desc "generate::key", "Generate a key inside roro/keys. Takes the name of 
-      an environment as an argument to private .env files from 
-    encrypted .env.enc files inside the roro directory.
-    Expose encrypted files"
-    
-    map "generate::key" => "generate_key"
-    method_option :environment, type: :hash, default: {}, desc: "Pass a list of environment variables like so: env:var", banner: "development, staging"
-    
-    def generate_key(*args)
-      generate_key_or_keys(*args)
-    end
-
-    desc "generate::keys", "Generate keys for each environment inside roro/keys.
-      If you have .env files like 'roro/containers/app/[staging_env].env' and 
-      'roro/[circle_ci_env].env' it will generate '/roro/keys/[staging_env].key'
-      and '/roro/keys/[circle_ci_env].key'."
-    map "generate::keys" => "generate_keys"
-
-    def generate_keys(*args)
-      generate_key(*args)
-    end
-    
-    no_commands do
-
-      def generate_key_or_keys(*args)
-        environments = args.first ? [args.first] : gather_environments
-        environments.each do |environment|
-          
-          confirm_files_decrypted?(environment)
-          create_file "roro/keys/#{environment}.key", encoded_key
-        end
-      end
-
-      def encoded_key
-        @cipher = OpenSSL::Cipher.new 'AES-128-CBC'
-        @salt = '8 octets'
-        @new_key = @cipher.random_key
-        Base64.encode64(@new_key)
-      end
-
-      def gather_environments
-        environments = []
-        ['.env', '.env.enc'].each do |extension|
-          Roro::Crypto.source_files('roro', extension).each do |env_file|
-            environments << env_file.split('/').last.split(extension).last
-          end
-        end
-        environments.uniq
-      end
-
-      def confirm_files_decrypted?(environment)
-        orphan_encrypted = []
-        Roro::Crypto.source_files('.', '.env.enc').each do |file|
-          unless File.exist? file.split('.enc').first
-            orphan_encrypted << file 
-          end
-        end
-        if !orphan_encrypted.empty?
-          raise Roro::Error.new("You have an encrypted files (.env.enc) #{orphan_encrypted} that do not have corresponding decrypted files (.env). Please decrypt or remove these encrypted files before generating a new key for #{environment}.")
-        end
-        true
-      end
-    end
-  end
-end

data/lib/roro/cli/generate/obfuscated.rb

@@ -1,17 +0,0 @@
-require 'roro/crypto'
-
-module Roro
-
-  class CLI < Thor
-
-    desc "generate::obfuscated", "obfuscates any files matching the pattern ./roro/**/*.env"
-    map "generate::obfuscated" => "generate_obfuscated"
-
-    def generate_obfuscated(*args)
-      environments = args.first ? [args.first] : gather_environments
-      environments.each do |environment|
-        Roro::Crypto.obfuscate(environment, 'roro')
-      end
-    end
-  end
-end

data/roro/containers/ruby_image/ci.env.enc

@@ -1,2 +0,0 @@
-CP3WnhLldqGcoPdCRgAkzUiXdTYdd166oDCRsXDbJi+YWczgX53oaJsRNlu8
-S/cvOkds770ID3hmbcNXwfyR4A==