secret_config 0.6.4 → 0.9.1

data/lib/secret_config/config.rb

@@ -0,0 +1,44 @@
+module SecretConfig
+  class Config
+    extend Forwardable
+    def_delegator :registry, :configuration
+    def_delegator :registry, :refresh!
+
+    def initialize(path, registry)
+      @path     = path
+      @registry = registry
+    end
+
+    def fetch(sub_path, **options)
+      registry.fetch(join_path(sub_path), **options)
+    end
+
+    def [](sub_path)
+      registry[join_path(sub_path)]
+    end
+
+    def []=(sub_path, value)
+      registry[join_path(sub_path)] = value
+    end
+
+    def key?(sub_path)
+      registry.key?(join_path(sub_path))
+    end
+
+    def set(sub_path, value)
+      registry.set(join_path(sub_path), value)
+    end
+
+    def delete(sub_path)
+      registry.delete(join_path(sub_path))
+    end
+
+    private
+
+    attr_reader :path, :registry
+
+    def join_path(sub_path)
+      File.join(path, sub_path)
+    end
+  end
+end

data/lib/secret_config/errors.rb

@@ -10,4 +10,7 @@ module SecretConfig
 
   class ConfigurationError < Error
   end
+
+  class InvalidInterpolation < Error
+  end
 end

data/lib/secret_config/parser.rb

@@ -0,0 +1,76 @@
+module SecretConfig
+  class Parser
+    attr_reader :tree, :path, :registry, :interpolator
+
+    def initialize(path, registry, interpolate: true)
+      @path         = path
+      @registry     = registry
+      @fetch_list   = {}
+      @import_list  = {}
+      @tree         = {}
+      @interpolator = interpolate ? SettingInterpolator.new : nil
+    end
+
+    # Returns a flat path of keys and values from the provider without looking in the local path.
+    # Keys are returned with path names relative to the supplied path.
+    def parse(key, value)
+      relative_key       = relative_key?(key) ? key : key.sub("#{path}/", "")
+      value              = interpolator.parse(value) if interpolator && value.is_a?(String) && value.include?("%{")
+      tree[relative_key] = value
+    end
+
+    # Returns a flat Hash of the rendered paths.
+    def render
+      apply_imports if interpolator
+      tree
+    end
+
+    private
+
+    # def apply_fetches
+    #   tree[key] = relative_key?(fetch_key) ? registry[fetch_key] : registry.provider.fetch(fetch_key)
+    # end
+
+    # Import from the current registry as well as new fetches.
+    #
+    # Notes:
+    # - A lot of absolute key lookups can be expensive since each one is a separate call.
+    # - Imports cannot reference other imports at this time.
+    def apply_imports
+      tree.keys.each do |key|
+        next unless (key =~ /\/__import__\Z/) || (key == "__import__")
+
+        import_key = tree.delete(key)
+        key, _     = ::File.split(key)
+        key        = nil if key == "."
+
+        # binding.irb
+
+        # With a relative key, look for the values in the current registry.
+        # With an absolute key call the provider and fetch the value directly.
+
+        if relative_key?(import_key)
+          tree.keys.each do |current_key|
+            match = current_key.match(/\A#{import_key}\/(.*)/)
+            next unless match
+
+            imported_key       = key.nil? ? match[1] : ::File.join(key, match[1])
+            tree[imported_key] = tree[current_key] unless tree.key?(imported_key)
+          end
+        else
+          relative_paths = registry.send(:fetch_path, import_key)
+          relative_paths.each_pair do |relative_key, value|
+            imported_key       = key.nil? ? relative_key : ::File.join(key, relative_key)
+            tree[imported_key] = value unless tree.key?(imported_key)
+          end
+        end
+      end
+    end
+
+    # Returns [true|false] whether the supplied key is considered a relative key.
+    def relative_key?(key)
+      !key.start_with?("/")
+    end
+
+  end
+end

data/lib/secret_config/providers/file.rb

@@ -12,17 +12,30 @@ module SecretConfig
         raise(ConfigurationError, "Cannot find config file: #{file_name}") unless ::File.exist?(file_name)
       end
 
+      # Yields the key with its absolute path and corresponding string value
       def each(path, &block)
-        config = YAML.load(ERB.new(::File.new(file_name).read).result)
-
-        paths    = path.sub(%r{\A/*}, "").sub(%r{/*\Z}, "").split("/")
-        settings = config.dig(*paths)
+        settings = fetch_path(path)
 
         raise(ConfigurationError, "Path #{paths.join('/')} not found in file: #{file_name}") unless settings
 
         Utils.flatten_each(settings, path, &block)
         nil
       end
+
+      # Returns the value or `nil` if not found
+      def fetch(key)
+        values = fetch_path(path)
+        value.is_a?(Hash) ? nil : value
+      end
+
+      private
+
+      def fetch_path(path)
+        config = YAML.load(ERB.new(::File.new(file_name).read).result)
+
+        paths = path.sub(%r{\A/*}, "").sub(%r{/*\Z}, "").split("/")
+        config.dig(*paths)
+      end
     end
   end
 end

data/lib/secret_config/providers/ssm.rb

@@ -10,7 +10,13 @@ module SecretConfig
     class Ssm < Provider
       attr_reader :client, :key_id, :retry_count, :retry_max_ms, :logger
 
-      def initialize(key_id: ENV["AWS_ACCESS_KEY_ID"], key_alias: ENV["AWS_ACCESS_KEY_ALIAS"], retry_count: 10, retry_max_ms: 3_000)
+      def initialize(
+        key_id: ENV["SECRET_CONFIG_KEY_ID"],
+        key_alias: ENV["SECRET_CONFIG_KEY_ALIAS"],
+        retry_count: 25,
+        retry_max_ms: 10_000,
+        **args
+      )
         @key_id       =
           if key_alias
             key_alias =~ %r{^alias/} ? key_alias : "alias/#{key_alias}"
@@ -20,9 +26,10 @@ module SecretConfig
         @retry_count  = retry_count
         @retry_max_ms = retry_max_ms
         @logger       = SemanticLogger["Aws::SSM"] if defined?(SemanticLogger)
-        @client       = Aws::SSM::Client.new(logger: logger)
+        @client       = Aws::SSM::Client.new({logger: logger}.merge!(args))
       end
 
+      # Yields the key with its absolute path and corresponding string value
       def each(path)
         retries = 0
         token   = nil
@@ -62,7 +69,8 @@ module SecretConfig
           value:     value.to_s,
           type:      "SecureString",
           key_id:    key_id,
-          overwrite: true
+          overwrite: true,
+          tier:      "Intelligent-Tiering"
         )
       end
 

data/lib/secret_config/registry.rb

@@ -4,26 +4,31 @@ require "concurrent-ruby"
 module SecretConfig
   # Centralized configuration with values stored in AWS System Manager Parameter Store
   class Registry
-    attr_reader :provider
+    attr_reader :provider, :interpolate
     attr_accessor :path
 
-    def initialize(path: nil, provider: nil, provider_args: nil)
+    def initialize(path: nil, provider: nil, provider_args: nil, interpolate: true)
       @path = default_path(path)
       raise(UndefinedRootError, "Root must start with /") unless @path.start_with?("/")
 
       resolved_provider = default_provider(provider)
       provider_args     = nil if resolved_provider != provider
 
-      @provider = create_provider(resolved_provider, provider_args)
-      @cache    = Concurrent::Map.new
+      @provider    = create_provider(resolved_provider, provider_args)
+      @cache       = Concurrent::Map.new
+      @interpolate = interpolate
       refresh!
     end
 
     # Returns [Hash] a copy of the in memory configuration data.
-    def configuration(relative: true, filters: SecretConfig.filters)
+    #
+    # Supply the relative path to start from so that only keys and values in that
+    # path will be returned.
+    def configuration(path: nil, filters: SecretConfig.filters)
       h = {}
       cache.each_pair do |key, value|
-        key   = relative_key(key) if relative
+        next if path && !key.start_with?(path)
+
         value = filter_value(key, value, filters)
         Utils.decompose(key, value, h)
       end
@@ -32,25 +37,35 @@ module SecretConfig
 
     # Returns [String] configuration value for the supplied key, or nil when missing.
     def [](key)
-      cache[expand_key(key)]
+      value = cache[key]
+      if value.nil? && SecretConfig.check_env_var?
+        value      = env_var_override(key, value)
+        cache[key] = value unless value.nil?
+      end
+      value.nil? ? nil : value.to_s
     end
 
     # Returns [String] configuration value for the supplied key, or nil when missing.
     def key?(key)
-      cache.key?(expand_key(key))
+      cache.key?(key)
     end
 
     # Returns [String] configuration value for the supplied key
-    def fetch(key, default: :no_default_supplied, type: :string, encoding: nil)
+    # Convert the string value into an array of values by supplying a `separator`.
+    def fetch(key, default: :no_default_supplied, type: :string, encoding: nil, separator: nil)
       value = self[key]
       if value.nil?
         raise(MissingMandatoryKey, "Missing configuration value for #{path}/#{key}") if default == :no_default_supplied
 
-        value = default.respond_to?(:call) ? default.call : default
+        value = block_given? ? yield : default
       end
 
       value = convert_encoding(encoding, value) if encoding
-      type == :string ? value : convert_type(type, value)
+
+      return convert_type(type, value) unless separator
+      return value if value.is_a?(Array)
+
+      value.to_s.split(separator).collect { |element| convert_type(type, element.strip) }
     end
 
     # Set the value for a key in the centralized configuration store.
@@ -60,24 +75,24 @@ module SecretConfig
 
     # Set the value for a key in the centralized configuration store.
     def set(key, value)
-      key = expand_key(key)
-      provider.set(key, value)
+      full_key = expand_key(key)
+      provider.set(full_key, value)
       cache[key] = value
     end
 
     # Delete a key from the centralized configuration store.
     def delete(key)
-      key = expand_key(key)
-      provider.delete(key)
+      full_key = expand_key(key)
+      provider.delete(full_key)
       cache.delete(key)
     end
 
     # Refresh the in-memory cached copy of the centralized configuration information.
-    # Environment variable values will take precendence over the central store values.
+    # Environment variable values will take precedence over the central store values.
     def refresh!
       existing_keys = cache.keys
       updated_keys  = []
-      provider.each(path) do |key, value|
+      fetch_path(path).each_pair do |key, value|
         cache[key] = env_var_override(key, value)
         updated_keys << key
       end
@@ -92,21 +107,31 @@ module SecretConfig
 
     attr_reader :cache
 
+    # Returns [true|false] whether the supplied key is considered a relative key.
+    def relative_key?(key)
+      !key.start_with?("/")
+    end
+
+    # Returns a flat path of keys and values from the provider without looking in the local path.
+    # Keys are returned with path names relative to the supplied path.
+    def fetch_path(path)
+      parser = Parser.new(path, self, interpolate: interpolate)
+      provider.each(path) { |key, value| parser.parse(key, value) }
+      parser.render
+    end
+
     # Returns the value from an env var if it is present,
     # Otherwise the value is returned unchanged.
     def env_var_override(key, value)
-      env_var_name = relative_key(key).upcase.gsub("/", "_")
+      return value unless SecretConfig.check_env_var?
+
+      env_var_name = key.upcase.gsub("/", "_")
       ENV[env_var_name] || value
     end
 
     # Add the path to the path if it is a relative path.
     def expand_key(key)
-      key.start_with?("/") ? key : "#{path}/#{key}"
-    end
-
-    # Convert the key to a relative path by removing the path.
-    def relative_key(key)
-      key.start_with?("/") ? key.sub("#{path}/", "") : key
+      relative_key?(key) ? "#{path}/#{key}" : key
     end
 
     def filter_value(key, value, filters)
@@ -128,12 +153,12 @@ module SecretConfig
 
     def convert_type(type, value)
       case type
+      when :string
+        value.to_s
       when :integer
         value.to_i
       when :float
         value.to_f
-      when :string
-        value
       when :boolean
         %w[true 1 t].include?(value.to_s.downcase)
       when :symbol
@@ -159,7 +184,7 @@ module SecretConfig
 
       raise(UndefinedRootError, "Either set env var 'SECRET_CONFIG_PATH' or call SecretConfig.use") unless path
 
-      path.start_with?("/") ? path : "/#{path}"
+      relative_key?(path) ? "/#{path}" : path
     end
 
     def default_provider(provider)

data/lib/secret_config/setting_interpolator.rb

@@ -0,0 +1,45 @@
+require "date"
+require "socket"
+require "securerandom"
+# * SecretConfig Interpolations
+#
+# Expanding values inline for date, time, hostname, pid and random values.
+#   %{date}           # Current date in the format of "%Y%m%d" (CCYYMMDD)
+#   %{date:format}    # Current date in the supplied format. See strftime
+#   %{time}           # Current date and time down to ms in the format of "%Y%m%d%Y%H%M%S%L" (CCYYMMDDHHMMSSmmm)
+#   %{time:format}    # Current date and time in the supplied format. See strftime
+#   %{env:name}       # Extract value from the named environment value.
+#   %{hostname}       # Full name of this host.
+#   %{hostname:short} # Short name of this host. Everything up to the first period.
+#   %{pid}            # Process Id for this process.
+#   %{random}         # URL safe Random 32 byte value.
+#   %{random:size}    # URL safe Random value of `size` bytes.
+module SecretConfig
+  class SettingInterpolator < StringInterpolator
+    def date(format = "%Y%m%d")
+      Date.today.strftime(format)
+    end
+
+    def time(format = "%Y%m%d%H%M%S%L")
+      Time.now.strftime(format)
+    end
+
+    def env(name)
+      ENV[name]
+    end
+
+    def hostname(format = nil)
+      name = Socket.gethostname
+      name = name.split(".")[0] if format == "short"
+      name
+    end
+
+    def pid
+      $$
+    end
+
+    def random(size = 32)
+      SecureRandom.urlsafe_base64(size)
+    end
+  end
+end

data/lib/secret_config/string_interpolator.rb

@@ -0,0 +1,33 @@
+# Parse strings containing %{key:value1,value2,value3}
+# Where `key` is a method implemented by a class inheriting from this class
+#
+# The following `key`s are reserved:
+# * parse
+# * initialize
+#
+# Notes:
+# * To prevent interpolation use %%{...}
+# * %% is not touched, only %{...} is identified.
+module SecretConfig
+  class StringInterpolator
+    def initialize(pattern = nil)
+      @pattern = pattern || /%{1,2}\{([^}]+)\}/
+    end
+
+    def parse(string)
+      string.gsub(/%{1,2}\{([^}]+)\}/) do |match|
+        if match.start_with?("%%")
+          match[1..-1]
+        else
+          expr          = Regexp.last_match(1) || Regexp.last_match(2) || match.tr("%{}", "")
+          key, args_str = expr.split(":")
+          key           = key.strip.to_sym
+          arguments     = args_str&.split(",")&.map { |v| v.strip == "" ? nil : v.strip } || []
+          raise(InvalidInterpolation, "Invalid key: #{key} in string: #{match}") unless respond_to?(key)
+
+          public_send(key, *arguments)
+        end
+      end
+    end
+  end
+end