secret_config 0.5.3 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2f0d63fa6c5c401060b46f0295181765357cd8f9ec6627d005566db84b84ee36
-  data.tar.gz: d4985e50bfc36057932f30734ae16f48583eaddcee7b8d5d69a3e5721493d88a
+  metadata.gz: d00a0e1e7ae87745d69e70f1517d150b3005b5c1598da329a0db829f8d9a770f
+  data.tar.gz: 87158952204f0aaf9a029f4df3b3c97e38c64fe7b4d46b62a32c4887ce483ed7
 SHA512:
-  metadata.gz: 35e03c3cd275db6e03a3719aaae155b3a9c12f31a1f01c0d37f320a50a589a4e582139ead7befc16b52510eca57833a2be09128647b6a6666ef86b941680e6bf
-  data.tar.gz: 202df652fdaca983f8f2736df883957891043a42fe6751914175145af99a43699f0e18e6883b677a25e08b3bef48fc218294f7cc9526f8d6f355e8b4ccf837c5
+  metadata.gz: 84a4820ed6012d08553cd6659b43efe10420fcf37ce00d7bc4ea93cf16e9e0055979971cec82d45b8f78ba4476c583d438564d4ad36a81ddb21800759a2126c5
+  data.tar.gz: 4b4d6a5d9598f9fe1c6db1f9158016124258da6d6d3eac17cde7dbcd5263efb7eec74615b22371b4f196416112e48a4e2b90d93ff460e73a17b3a3e37a79a079

data/lib/secret_config/cli.rb

@@ -1,16 +1,17 @@
-require 'optparse'
-require 'fileutils'
-require 'erb'
-require 'yaml'
-require 'json'
-require 'securerandom'
-require 'irb'
+require "optparse"
+require "fileutils"
+require "erb"
+require "yaml"
+require "json"
+require "securerandom"
+require "irb"
 
 module SecretConfig
   class CLI
     attr_reader :path, :region, :provider,
                 :export, :no_filter,
-                :import, :key_id, :random_size, :prune, :overwrite,
+                :import, :key_id, :key_alias, :random_size, :prune, :overwrite,
+                :fetch_key, :delete_key, :set_key, :set_value, :delete_path,
                 :copy_path, :diff,
                 :console,
                 :show_version
@@ -26,7 +27,8 @@ module SecretConfig
       @import       = false
       @path         = nil
       @key_id       = nil
-      @region       = ENV['AWS_REGION']
+      @key_alias    = nil
+      @region       = ENV["AWS_REGION"]
       @provider     = :ssm
       @random_size  = 32
       @no_filter    = false
@@ -36,6 +38,11 @@ module SecretConfig
       @show_version = false
       @console      = false
       @diff         = false
+      @set_key      = nil
+      @set_value    = nil
+      @fetch_key    = nil
+      @delete_key   = nil
+      @delete_path  = nil
 
       if argv.empty?
         puts parser
@@ -60,6 +67,14 @@ module SecretConfig
         run_copy(copy_path, path)
       elsif diff
         run_diff(diff)
+      elsif set_key
+        run_set(set_key, set_value)
+      elsif fetch_key
+        run_fetch(fetch_key)
+      elsif delete_key
+        run_delete(delete_key)
+      elsif delete_path
+        run_delete_path(delete_path)
       else
         puts parser
       end
@@ -75,67 +90,82 @@ module SecretConfig
           secret_config [options]
         BANNER
 
-        opts.on '-e', '--export [FILE_NAME]', 'Export configuration to a file or stdout if no file_name supplied.' do |file_name|
+        opts.on "-e", "--export [FILE_NAME]", "Export configuration to a file or stdout if no file_name supplied." do |file_name|
           @export = file_name || STDOUT
         end
 
-        opts.on '-i', '--import [FILE_NAME]', 'Import configuration from a file or stdin if no file_name supplied.' do |file_name|
+        opts.on "-i", "--import [FILE_NAME]", "Import configuration from a file or stdin if no file_name supplied." do |file_name|
           @import = file_name || STDIN
         end
 
-        opts.on '--copy SOURCE_PATH', 'Import configuration from a file or stdin if no file_name supplied.' do |path|
+        opts.on "--copy SOURCE_PATH", "Import configuration from a file or stdin if no file_name supplied." do |path|
           @copy_path = path
         end
 
-        opts.on '--diff [FILE_NAME]', 'Compare configuration from a file or stdin if no file_name supplied.' do |file_name|
+        opts.on "--diff [FILE_NAME]", "Compare configuration from a file or stdin if no file_name supplied." do |file_name|
           @diff = file_name
         end
 
-        opts.on '-c', '--console', 'Start interactive console.' do
+        opts.on "-s", "--set KEY=VALUE", "Set one key to value. Example: --set mysql/database=localhost" do |param|
+          @set_key, @set_value = param.split("=")
+          unless @set_key && @set_value
+            raise(ArgumentError, "Supply key and value separated by '='. Example: --set mysql/database=localhost")
+          end
+        end
+
+        opts.on "-f", "--fetch KEY", "Fetch the value for one setting. Example: --get mysql/database. " do |key|
+          @fetch_key = key
+        end
+
+        opts.on "-d", "--delete KEY", "Delete one specific key. See --delete-path to delete all keys under a specific path " do |key|
+          @delete_key = key
+        end
+
+        opts.on "-r", "--delete-path PATH", "Recursively delete all keys under the specified path.. " do |path|
+          @delete_path = path
+        end
+
+        opts.on "-c", "--console", "Start interactive console." do
           @console = true
         end
 
-        opts.on '-p', '--path PATH', 'Path to import from / export to.' do |path|
+        opts.on "-p", "--path PATH", "Path to import from / export to." do |path|
           @path = path
         end
 
-        opts.on '--provider PROVIDER', 'Provider to use. [ssm | file]. Default: ssm' do |provider|
+        opts.on "--provider PROVIDER", "Provider to use. [ssm | file]. Default: ssm" do |provider|
           @provider = provider.to_sym
         end
 
-        opts.on '--no-filter', 'Do not filter passwords and keys.' do
+        opts.on "--no-filter", "Do not filter passwords and keys." do
           @no_filter = true
         end
 
-        opts.on '--prune', 'During import delete all existing keys for which there is no key in the import file.' do
+        opts.on "--prune", "During import delete all existing keys for which there is no key in the import file." do
           @prune = true
         end
 
-        opts.on '--key_id KEY_ID', 'Encrypt config settings with this AWS KMS key id. Default: AWS Default key.' do |key_id|
+        opts.on "--key_id KEY_ID", "Encrypt config settings with this AWS KMS key id. Default: AWS Default key." do |key_id|
           @key_id = key_id
         end
 
-        opts.on '--key_alias KEY_ALIAS', 'Encrypt config settings with this AWS KMS alias.' do |key_alias|
-          if key_alias =~ /^alias\//
-            @key_id = key_alias
-          else
-            @key_id = "alias/#{key_alias}"
-          end
+        opts.on "--key_alias KEY_ALIAS", "Encrypt config settings with this AWS KMS alias." do |key_alias|
+          @key_alias = key_alias
         end
 
-        opts.on '--region REGION', 'AWS Region to use. Default: AWS_REGION env var.' do |region|
+        opts.on "--region REGION", "AWS Region to use. Default: AWS_REGION env var." do |region|
           @region = region
         end
 
-        opts.on '--random_size INTEGER', Integer, 'Size to use when generating random values. Whenever $random is encountered during an import. Default: 32' do |region|
+        opts.on "--random_size INTEGER", Integer, "Size to use when generating random values. Whenever #{RANDOM} is encountered during an import. Default: 32" do |random_size|
           @random_size = random_size
         end
 
-        opts.on '-v', '--version', 'Display Symmetric Encryption version.' do
+        opts.on "-v", "--version", "Display Symmetric Encryption version." do
           @show_version = true
         end
 
-        opts.on('-h', '--help', 'Prints this help.') do
+        opts.on("-h", "--help", "Prints this help.") do
           puts opts
           exit
         end
@@ -148,7 +178,7 @@ module SecretConfig
       @provider_instance ||= begin
         case provider
         when :ssm
-          Providers::Ssm.new(key_id: key_id)
+          Providers::Ssm.new(key_id: key_id, key_alias: key_alias)
         else
           raise ArgumentError, "Invalid provider: #{provider}"
         end
@@ -208,9 +238,9 @@ module SecretConfig
       (file.keys + registry.keys).sort.uniq.each do |key|
         if registry.key?(key)
           if file.key?(key)
-            if file[key].to_s != registry[key].to_s
-              puts "* #{key}: #{registry[key]} => #{file[key]}"
-            end
+            value = file[key].to_s
+            # Ignore filtered values
+            puts "* #{key}: #{registry[key]} => #{file[key]}" if (value != registry[key].to_s) && (value != FILTERED)
           else
             puts "- #{key}"
           end
@@ -226,6 +256,19 @@ module SecretConfig
       IRB.start
     end
 
+    def run_delete(key)
+      provider_instance.delete(key)
+    end
+
+    def run_fetch(key)
+      value = provider_instance.fetch(key)
+      puts value if value
+    end
+
+    def run_set(key, value)
+      provider_instance.set(key, value)
+    end
+
     def current_values
       @current_values ||= Utils.flatten(fetch_config(path, filtered: false), path)
     end
@@ -247,9 +290,13 @@ module SecretConfig
         next if value.nil?
         next if current_values[key].to_s == value.to_s
 
-        if value.to_s.strip == '$random'
+        if value.to_s.strip == RANDOM
           next if current_values[key]
+
           value = random_password
+        elsif value == FILTERED
+          # Ignore filtered values
+          next
         end
         puts "Setting: #{key}"
         provider_instance.set(key, value)
@@ -258,7 +305,7 @@ module SecretConfig
 
     def fetch_config(path, filtered: true)
       registry = Registry.new(path: path, provider: provider_instance)
-      config = filtered ? registry.configuration : registry.configuration(filters: nil)
+      config   = filtered ? registry.configuration : registry.configuration(filters: nil)
       sort_hash_by_key!(config)
     end
 
@@ -274,7 +321,7 @@ module SecretConfig
       output_path = ::File.dirname(file_name_or_io)
       FileUtils.mkdir_p(output_path) unless ::File.exist?(output_path)
 
-      ::File.open(file_name_or_io, 'w') { |io| io.write(data) }
+      ::File.open(file_name_or_io, "w") { |io| io.write(data) }
     end
 
     def render(hash, format)
@@ -292,7 +339,7 @@ module SecretConfig
       config =
         case format
         when :yml
-          YAML.load(ERB.new(data).result)
+          YAML.safe_load(ERB.new(data).result)
         when :json
           JSON.parse(data)
         else
@@ -305,9 +352,9 @@ module SecretConfig
       return :yml unless file_name.is_a?(String)
 
       case File.extname(file_name).downcase
-      when '.yml', '.yaml'
+      when ".yml", ".yaml"
         :yml
-      when '.json'
+      when ".json"
         :json
       else
         raise ArgumentError, "Import/Export file name must end with '.yml' or '.json'"
@@ -325,6 +372,5 @@ module SecretConfig
       end
       h
     end
-
   end
 end

data/lib/secret_config/providers/file.rb

@@ -1,5 +1,5 @@
-require 'yaml'
-require 'erb'
+require "yaml"
+require "erb"
 
 module SecretConfig
   module Providers
@@ -13,12 +13,12 @@ module SecretConfig
       end
 
       def each(path, &block)
-        config = YAML.load(ERB.new(::File.new(file_name).read).result)
+        config = YAML.safe_load(ERB.new(::File.new(file_name).read).result)
 
-        paths    = path.sub(/\A\/*/, '').sub(/\/*\Z/, '').split("/")
+        paths    = path.sub(%r{\A/*}, "").sub(%r{/*\Z}, "").split("/")
         settings = config.dig(*paths)
 
-        raise(ConfigurationError, "Path #{paths.join("/")} not found in file: #{file_name}") unless settings
+        raise(ConfigurationError, "Path #{paths.join('/')} not found in file: #{file_name}") unless settings
 
         Utils.flatten_each(settings, path, &block)
         nil

data/lib/secret_config/providers/provider.rb

@@ -2,11 +2,19 @@ module SecretConfig
   module Providers
     # Abstract Base provider
     class Provider
-      def set(key, value)
+      def delete(_key)
         raise NotImplementedError
       end
 
-      def delete(key)
+      def each(_path)
+        raise NotImplementedError
+      end
+
+      def fetch(_key)
+        raise NotImplementedError
+      end
+
+      def set(_key, _value)
         raise NotImplementedError
       end
 

data/lib/secret_config/providers/ssm.rb

@@ -1,30 +1,55 @@
 begin
-  require 'aws-sdk-ssm'
-rescue LoadError => exc
-  raise(LoadError, "Install gem 'aws-sdk-ssm' to use AWS Parameter Store: #{exc.message}")
+  require "aws-sdk-ssm"
+rescue LoadError => e
+  raise(LoadError, "Install gem 'aws-sdk-ssm' to use AWS Parameter Store: #{e.message}")
 end
 
 module SecretConfig
   module Providers
     # Use the AWS System Manager Parameter Store for Centralized Configuration / Secrets Management
     class Ssm < Provider
-      attr_reader :client, :key_id
+      attr_reader :client, :key_id, :retry_count, :retry_max_ms, :logger
 
-      def initialize(key_id: ENV["AWS_ACCESS_KEY_ID"])
-        @key_id = key_id
-        logger  = SemanticLogger['Aws::SSM'] if defined?(SemanticLogger)
-        @client = Aws::SSM::Client.new(logger: logger)
+      def initialize(key_id: ENV["AWS_ACCESS_KEY_ID"], key_alias: ENV["AWS_ACCESS_KEY_ALIAS"], retry_count: 10, retry_max_ms: 3_000)
+        @key_id       =
+          if key_alias
+            key_alias =~ %r{^alias/} ? key_alias : "alias/#{key_alias}"
+          else
+            key_id
+          end
+        @retry_count  = retry_count
+        @retry_max_ms = retry_max_ms
+        @logger       = SemanticLogger["Aws::SSM"] if defined?(SemanticLogger)
+        @client       = Aws::SSM::Client.new(logger: logger)
       end
 
       def each(path)
-        token = nil
+        retries = 0
+        token   = nil
         loop do
-          resp = client.get_parameters_by_path(
-            path:            path,
-            recursive:       true,
-            with_decryption: true,
-            next_token:      token
-          )
+          begin
+            resp = client.get_parameters_by_path(
+              path:            path,
+              recursive:       true,
+              with_decryption: true,
+              next_token:      token
+            )
+          rescue Aws::SSM::Errors::ThrottlingException => e
+            # The free tier allows 40 calls per second.
+            # The Higher Throughput tier for additional cost is still limited to 100 calls per second.
+            # Using a random formula since this limit is normally only exceeded during a high volume restart period
+            # so we want to spread out the retries of the multiple servers.
+            retries += 1
+            if retry_limit > retries
+              sleep_seconds = rand(retry_max_ms) / 1000.0
+              logger&.info("SSM Parameter Store GetParametersByPath API Requests throttle exceeded, retry: #{retries}, sleeping #{sleep_seconds} seconds.")
+              sleep(sleep_interval)
+              retry
+            end
+            logger&.info("SSM Parameter Store GetParametersByPath API Requests throttle exceeded, retries exhausted.")
+            raise(e)
+          end
+
           resp.parameters.each { |param| yield(param.name, param.value) }
           token = resp.next_token
           break if token.nil?
@@ -41,8 +66,17 @@ module SecretConfig
         )
       end
 
+      # Deletes the key.
+      # Nothing is done if the key was not found.
       def delete(key)
         client.delete_parameter(name: key)
+      rescue Aws::SSM::Errors::ParameterNotFound
+      end
+
+      # Returns the value or `nil` if not found
+      def fetch(key)
+        client.get_parameter(name: key, with_decryption: true).parameter.value
+      rescue Aws::SSM::Errors::ParameterNotFound
       end
     end
   end

data/lib/secret_config/registry.rb

@@ -1,5 +1,5 @@
-require 'base64'
-require 'concurrent-ruby'
+require "base64"
+require "concurrent-ruby"
 
 module SecretConfig
   # Centralized configuration with values stored in AWS System Manager Parameter Store
@@ -9,7 +9,7 @@ module SecretConfig
 
     def initialize(path: nil, provider: nil, provider_args: nil)
       @path = default_path(path)
-      raise(UndefinedRootError, 'Root must start with /') unless @path.start_with?('/')
+      raise(UndefinedRootError, "Root must start with /") unless @path.start_with?("/")
 
       resolved_provider = default_provider(provider)
       provider_args     = nil if resolved_provider != provider
@@ -25,7 +25,7 @@ module SecretConfig
       cache.each_pair do |key, value|
         key   = relative_key(key) if relative
         value = filter_value(key, value, filters)
-        decompose(key, value, h)
+        Utils.decompose(key, value, h)
       end
       h
     end
@@ -95,48 +95,26 @@ module SecretConfig
     # Returns the value from an env var if it is present,
     # Otherwise the value is returned unchanged.
     def env_var_override(key, value)
-      env_var_name = relative_key(key).upcase.gsub('/', '_')
+      env_var_name = relative_key(key).upcase.gsub("/", "_")
       ENV[env_var_name] || value
     end
 
     # Add the path to the path if it is a relative path.
     def expand_key(key)
-      key.start_with?('/') ? key : "#{path}/#{key}"
+      key.start_with?("/") ? key : "#{path}/#{key}"
     end
 
     # Convert the key to a relative path by removing the path.
     def relative_key(key)
-      key.start_with?('/') ? key.sub("#{path}/", '') : key
+      key.start_with?("/") ? key.sub("#{path}/", "") : key
     end
 
     def filter_value(key, value, filters)
       return value unless filters
 
-      _, name = File.split(key)
-      filter  = filters.any? do |filter|
-        filter.is_a?(Regexp) ? name =~ filter : name == filter
-      end
-
-      filter ? '[FILTERED]' : value
-    end
-
-    def decompose(key, value, h = {})
-      path, name = File.split(key)
-      if path == '.'
-        h[key] = value
-        return h
-      end
-      last       = path.split('/').reduce(h) do |target, path|
-        if path == ''
-          target
-        elsif target.key?(path)
-          target[path]
-        else
-          target[path] = {}
-        end
-      end
-      last[name] = value
-      h
+      _, name  = File.split(key)
+      filtered = filters.any? { |filter| filter.is_a?(Regexp) ? name =~ filter : name == filter }
+      filtered ? FILTERED : value
     end
 
     def convert_encoding(encoding, value)
@@ -159,7 +137,7 @@ module SecretConfig
       when :boolean
         %w[true 1 t].include?(value.to_s.downcase)
       when :symbol
-        value.to_sym unless value.nil? || value.to_s.strip == ''
+        value.to_sym unless value.nil? || value.to_s.strip == ""
       end
     end
 
@@ -168,7 +146,7 @@ module SecretConfig
       return provider if provider.respond_to?(:each) && provider.respond_to?(:set)
 
       klass = Utils.constantize_symbol(provider)
-      args && args.size > 0 ? klass.new(**args) : klass.new
+      args && !args.empty? ? klass.new(**args) : klass.new
     end
 
     def default_path(configured_path)
@@ -177,11 +155,11 @@ module SecretConfig
 
       raise(UndefinedRootError, "Either set env var 'SECRET_CONFIG_PATH' or call SecretConfig.use") unless path
 
-      path.start_with?('/') ? path : "/#{path}"
+      path.start_with?("/") ? path : "/#{path}"
     end
 
     def default_provider(provider)
-      provider = (ENV["SECRET_CONFIG_PROVIDER"] || provider || 'file')
+      provider = (ENV["SECRET_CONFIG_PROVIDER"] || provider || "file")
 
       return provider if provider.respond_to?(:each) && provider.respond_to?(:set)
 

data/lib/secret_config/utils.rb

@@ -4,8 +4,12 @@ module SecretConfig
     # If path is supplied it is prepended to every key returned.
     def self.flatten_each(hash, path = nil, &block)
       hash.each_pair do |key, value|
-        name = path.nil? ? key : "#{path}/#{key}"
-        value.is_a?(Hash) ? flatten_each(value, name, &block) : yield(name, value)
+        if key == NODE_KEY
+          yield(path, value)
+        else
+          name = path.nil? ? key : "#{path}/#{key}"
+          value.is_a?(Hash) ? flatten_each(value, name, &block) : yield(name, value)
+        end
       end
     end
 
@@ -17,7 +21,35 @@ module SecretConfig
       h
     end
 
-    def self.constantize_symbol(symbol, namespace = 'SecretConfig::Providers')
+    # Takes a flat hash and expands the keys on each `/` into a deep hierarchy.
+    def self.hierarchical(flat_hash)
+      h = {}
+      flat_hash.each_pair { |path, value| decompose(path, value, h) }
+      h
+    end
+
+    def self.decompose(key, value, h = {})
+      full_path, name = File.split(key)
+      if full_path == "."
+        h[key] = value
+        return h
+      end
+      last       = full_path.split("/").reduce(h) do |target, path|
+        if path == ""
+          target
+        elsif target.key?(path)
+          val = target[path]
+          val = target[path] = {NODE_KEY => val} unless val.is_a?(Hash)
+          val
+        else
+          target[path] = {}
+        end
+      end
+      last[name] = value
+      h
+    end
+
+    def self.constantize_symbol(symbol, namespace = "SecretConfig::Providers")
       klass = "#{namespace}::#{camelize(symbol.to_s)}"
       begin
         Object.const_get(klass)
@@ -30,8 +62,8 @@ module SecretConfig
     def self.camelize(term)
       string = term.to_s
       string = string.sub(/^[a-z\d]*/, &:capitalize)
-      string.gsub!(/(?:_|(\/))([a-z\d]*)/i) { "#{Regexp.last_match(1)}#{Regexp.last_match(2).capitalize}" }
-      string.gsub!('/'.freeze, '::'.freeze)
+      string.gsub!(%r{(?:_|(/))([a-z\d]*)}i) { "#{Regexp.last_match(1)}#{Regexp.last_match(2).capitalize}" }
+      string.gsub!("/".freeze, "::".freeze)
       string
     end
   end

data/lib/secret_config/version.rb

@@ -1,3 +1,3 @@
 module SecretConfig
-  VERSION = '0.5.3'
+  VERSION = "0.6.0".freeze
 end

data/lib/secret_config.rb

@@ -1,19 +1,24 @@
-require 'forwardable'
-require 'secret_config/version'
-require 'secret_config/errors'
-require 'secret_config/registry'
-require 'secret_config/railtie' if defined?(Rails)
+require "forwardable"
+require "secret_config/version"
+require "secret_config/errors"
+require "secret_config/registry"
+require "secret_config/railtie" if defined?(Rails)
 
 # Centralized Configuration and Secrets Management for Ruby and Rails applications.
 module SecretConfig
+  # When a node is both a value and a hash/branch in the tree, put its value in its hash with the following key:
+  NODE_KEY = "__value__".freeze
+  FILTERED = "[FILTERED]".freeze
+  RANDOM   = "$(random)".freeze
+
   module Providers
-    autoload :File, 'secret_config/providers/file'
-    autoload :Provider, 'secret_config/providers/provider'
-    autoload :Ssm, 'secret_config/providers/ssm'
+    autoload :File, "secret_config/providers/file"
+    autoload :Provider, "secret_config/providers/provider"
+    autoload :Ssm, "secret_config/providers/ssm"
   end
 
-  autoload :CLI, 'secret_config/cli'
-  autoload :Utils, 'secret_config/utils'
+  autoload :CLI, "secret_config/cli"
+  autoload :Utils, "secret_config/utils"
 
   class << self
     extend Forwardable
@@ -62,5 +67,5 @@ module SecretConfig
   private
 
   @check_env_var = true
-  @filters       = [/password/, 'key', /secret_key/]
+  @filters       = [/password/, "key", /secret_key/]
 end

data/test/registry_test.rb

@@ -40,11 +40,11 @@ class RegistryTest < Minitest::Test
       end
 
       it 'filters passwords' do
-        assert_equal "[FILTERED]", registry.configuration.dig("mysql", "password")
+        assert_equal SecretConfig::FILTERED, registry.configuration.dig("mysql", "password")
       end
 
       it 'filters key' do
-        assert_equal "[FILTERED]", registry.configuration.dig("symmetric_encryption", "key")
+        assert_equal SecretConfig::FILTERED, registry.configuration.dig("symmetric_encryption", "key")
       end
     end
 
@@ -118,22 +118,6 @@ class RegistryTest < Minitest::Test
         assert_equal "ABCDEF1234567890ABCDEF1234567890", registry.fetch("symmetric_encryption/key", encoding: :base64)
       end
     end
-
-    private
-
-    def decompose(key, value, h = {})
-      path, name = File.split(key)
-      last       = path.split('/').reduce(h) do |target, path|
-        if path == ''
-          target
-        elsif target.key?(path)
-          target[path]
-        else
-          target[path] = {}
-        end
-      end
-      last[name] = value
-      h
-    end
   end
 end
+

data/test/utils_test.rb

@@ -0,0 +1,27 @@
+require_relative 'test_helper'
+
+class UtilsTest < Minitest::Test
+  describe SecretConfig::Utils do
+    let :flat_registry do
+      {
+        "test/my_application/mysql/database"          => "secret_config_test",
+        "test/my_application/mysql/password"          => "secret_configrules",
+        "test/my_application/mysql/username"          => "secret_config",
+        "test/my_application/mysql/host"              => "127.0.0.1",
+        "test/my_application/secrets"                 => "both_a_path_and_a_value",
+        "test/my_application/secrets/secret_key_base" => "somereallylongteststring",
+      }
+    end
+
+    let :hash_registry do
+      SecretConfig::Utils.hierarchical(flat_registry)
+    end
+
+    describe '.flatten' do
+      it 'returns a copy of the config' do
+        h = SecretConfig::Utils.flatten(hash_registry, path = nil)
+        assert_equal(flat_registry, h)
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: secret_config
 version: !ruby/object:Gem::Version
-  version: 0.5.3
+  version: 0.6.0
 platform: ruby
 authors:
 - Reid Morrison
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-10-02 00:00:00.000000000 Z
+date: 2019-10-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby
@@ -52,6 +52,7 @@ files:
 - test/registry_test.rb
 - test/secret_config_test.rb
 - test/test_helper.rb
+- test/utils_test.rb
 homepage: https://github.com/rocketjob/secret_config
 licenses:
 - Apache-2.0
@@ -81,4 +82,5 @@ test_files:
 - test/providers/file_test.rb
 - test/registry_test.rb
 - test/test_helper.rb
+- test/utils_test.rb
 - test/secret_config_test.rb