secret_config 0.6.4 → 0.9.1

data/lib/secret_config/utils.rb

@@ -34,7 +34,7 @@ module SecretConfig
         h[key] = value
         return h
       end
-      last       = full_path.split("/").reduce(h) do |target, path|
+      last = full_path.split("/").reduce(h) do |target, path|
         if path == ""
           target
         elsif target.key?(path)

data/lib/secret_config/version.rb

@@ -1,3 +1,3 @@
 module SecretConfig
-  VERSION = "0.6.4".freeze
+  VERSION = "0.9.1".freeze
 end

data/test/config/application.yml

@@ -1,9 +1,5 @@
 # Local application config goes here.  Do not check in production secrets.
 # These are for development and test only.
-
-#
-# Development - Local - Root: '/test/my_application'
-#
 development:
   my_application:
     symmetric_encryption:
@@ -31,17 +27,51 @@ test:
       key:     QUJDREVGMTIzNDU2Nzg5MEFCQ0RFRjEyMzQ1Njc4OTA=
       iv:      QUJDREVGMTIzNDU2Nzg5MA==
       version: 2
+      previous_key:
+        key:     key1
+        iv:      iv1
+        version: 1
 
     mysql:
       database:   secret_config_test
       username:   secret_config
       password:   secret_configrules
       host:       127.0.0.1
+      ports:      "12345,5343,26815"
+      ports2:     "    12345, 5343 ,  26815"
+      hostnames:  "primary.example.net,secondary.example.net,backup.example.net"
+      hostnames2: "   primary.example.net,  secondary.example.net ,  backup.example.net"
 
     mongo:
       database:   secret_config_test
       primary:    127.0.0.1:27017
-      secondary:  127.0.0.1:27018
+      secondary:  "%{hostname}:27018"
 
     secrets:
       secret_key_base: somereallylongteststring
+
+  other_application:
+    symmetric_encryption:
+      version:    3
+      __import__: /test/my_application/symmetric_encryption
+      iv:         MTIzNDU2Nzg5MEFCQ0RFRg==
+      previous_key:
+        key:     key0
+
+    mysql:
+#      database:   "%{fetch: /test/my_application/mysql/database }"
+      username:   other
+      password:   otherrules
+      host:       "%{hostname}"
+
+    mongo:
+      database:   secret_config_test
+      primary:    localhost:27017
+      secondary:  "%{hostname}:27018"
+
+    mongo2:
+      __import__: mongo
+      database:   secret_config_test2
+
+    mongo3:
+      __import__: mongo

data/test/parser_test.rb

@@ -0,0 +1,82 @@
+require_relative "test_helper"
+require "socket"
+
+class ParserTest < Minitest::Test
+  describe SecretConfig::Registry do
+    let :file_name do
+      File.join(File.dirname(__FILE__), "config", "application.yml")
+    end
+
+    let :path do
+      "/test/other_application"
+    end
+
+    let :provider do
+      SecretConfig::Providers::File.new(file_name: file_name)
+    end
+
+    let :registry do
+      SecretConfig::Registry.new(path: path, provider: provider)
+    end
+
+    # let :parser do
+    #   SecretConfig::Parser.new(path, registry)
+    # end
+
+    #
+    # Retrieve values elsewhere in the registry.
+    # Paths can be relative to the current root, or absolute paths outside the current root.
+    #   %{fetch:key}      # Fetches a single value from a relative or absolute path
+    # Return the value of the supplied key.
+    #
+    # With a relative key, look for the value in the current registry.
+    # With an absolute key call the provider and fetch the value directly.
+    #
+    # Notes:
+    # - A lot of absolute key lookups can be expensive since each one is a separate call.
+    # def fetch(key)
+    #   fetch_list[key] = key
+    # end
+    # describe "#fetch" do
+    #   it "inside current path" do
+    #
+    #   end
+    #
+    #   it "outside current path" do
+    #
+    #   end
+    # end
+
+    #   %{import:path}    # Imports a path of keys and values into the current path
+    # Replace the current value with a tree of values with the supplied path.
+    #
+    describe "#import" do
+      it "removes import key" do
+        refute registry.key?("symmetric_encryption/__import__"), -> { registry.configuration(filters: nil).ai }
+      end
+
+      it "retains overrides" do
+        assert_equal "3", registry["symmetric_encryption/version"], -> { registry.configuration(filters: nil).ai }
+        assert_equal "MTIzNDU2Nzg5MEFCQ0RFRg==", registry["symmetric_encryption/iv"]
+      end
+
+      it "retains child overrides" do
+        assert_equal "key0", registry["symmetric_encryption/previous_key/key"], -> { registry.configuration(filters: nil).ai }
+      end
+
+      it "imports new fields" do
+        assert_equal "QUJDREVGMTIzNDU2Nzg5MEFCQ0RFRjEyMzQ1Njc4OTA=", registry["symmetric_encryption/key"]
+      end
+
+      it "relative import empty" do
+        assert_equal "secret_config_test", registry["mongo3/database"]
+        assert_equal "localhost:27017", registry["mongo3/primary"]
+      end
+
+      it "relative import with overrides" do
+        assert_equal "secret_config_test2", registry["mongo2/database"]
+        assert_equal "localhost:27017", registry["mongo3/primary"]
+      end
+    end
+  end
+end

data/test/providers/file_test.rb

@@ -1,10 +1,10 @@
-require_relative '../test_helper'
+require_relative "../test_helper"
 
 module Providers
   class FileTest < Minitest::Test
     describe SecretConfig::Providers::File do
       let :file_name do
-        File.join(File.dirname(__FILE__), '..', 'config', 'application.yml')
+        File.join(File.dirname(__FILE__), "..", "config", "application.yml")
       end
 
       let :path do
@@ -15,7 +15,7 @@ module Providers
         {
           "/test/my_application/mongo/database"               => "secret_config_test",
           "/test/my_application/mongo/primary"                => "127.0.0.1:27017",
-          "/test/my_application/mongo/secondary"              => "127.0.0.1:27018",
+          "/test/my_application/mongo/secondary"              => "%{hostname}:27018",
           "/test/my_application/mysql/database"               => "secret_config_test",
           "/test/my_application/mysql/password"               => "secret_configrules",
           "/test/my_application/mysql/username"               => "secret_config",
@@ -27,8 +27,8 @@ module Providers
         }
       end
 
-      describe '#each' do
-        it 'file' do
+      describe "#each" do
+        it "file" do
           file_provider = SecretConfig::Providers::File.new(file_name: file_name)
           paths         = {}
           file_provider.each(path) { |key, value| paths[key] = value }

data/test/providers/ssm_test.rb

@@ -1,10 +1,10 @@
-require_relative '../test_helper'
+require_relative "../test_helper"
 
 module Providers
   class SsmTest < Minitest::Test
     describe SecretConfig::Providers::Ssm do
       let :file_name do
-        File.join(File.dirname(__FILE__), '..', 'config', 'application.yml')
+        File.join(File.dirname(__FILE__), "..", "config", "application.yml")
       end
 
       let :path do
@@ -15,7 +15,7 @@ module Providers
         {
           "/test/my_application/mongo/database"               => "secret_config_test",
           "/test/my_application/mongo/primary"                => "127.0.0.1:27017",
-          "/test/my_application/mongo/secondary"              => "127.0.0.1:27018",
+          "/test/my_application/mongo/secondary"              => "%{hostname}:27018",
           "/test/my_application/mysql/database"               => "secret_config_test",
           "/test/my_application/mysql/password"               => "secret_configrules",
           "/test/my_application/mysql/username"               => "secret_config",
@@ -28,21 +28,43 @@ module Providers
       end
 
       before do
-        unless ENV['AWS_ACCESS_KEY_ID']
+        unless ENV["AWS_ACCESS_KEY_ID"]
           skip "Skipping AWS SSM Parameter Store tests because env var 'AWS_ACCESS_KEY_ID' is not defined."
         end
       end
 
-      describe '#each' do
-        it 'fetches all keys in path' do
-          ssm   = SecretConfig::Providers::Ssm.new
+      describe "#each" do
+        let :ssm_provider do
+          SecretConfig::Providers::Ssm.new
+        end
+
+        let :ssm_extended_provider do
+          SecretConfig::Providers::Ssm.new(credentials: ::Aws::AssumeRoleCredentials.new(
+            role_arn:          "arn:aws:iam::#{ENV['SECRET_CONFIG_ACCOUNT_ID']}:role/secret_config_test",
+            role_session_name: "SecretConfigSession-#{SecureRandom.uuid}"
+          ))
+        end
+
+        def fill_paths(provider)
           paths = {}
-          ssm.each(path) { |key, value| paths[key] = value }
 
-          if paths.empty?
-            upload_settings(ssm) unless paths.key?("/test/my_application/mongo/database")
-            ssm.each(path) { |key, value| paths[key] = value }
+          provider.each(path) { |key, value| paths[key] = value }
+
+          upload_settings(provider) if paths.empty?
+
+          paths
+        end
+
+        it "fetches all keys in path" do
+          paths = fill_paths(ssm_provider)
+
+          expected.each_pair do |key, value|
+            assert_equal paths[key], value, "Path: #{key}"
           end
+        end
+
+        it "provider with extended credentials fetches all keys in path" do
+          paths = fill_paths(ssm_extended_provider)
 
           expected.each_pair do |key, value|
             assert_equal paths[key], value, "Path: #{key}"
@@ -52,7 +74,10 @@ module Providers
 
       def upload_settings(ssm)
         file_provider = SecretConfig::Providers::File.new(file_name: file_name)
-        file_provider.each(path) { |key, value| ap key; ssm.set(key, value) }
+        file_provider.each(path) do |key, value|
+          ap key
+          ssm.set(key, value)
+        end
       end
     end
   end

data/test/registry_test.rb

@@ -1,9 +1,10 @@
-require_relative 'test_helper'
+require_relative "test_helper"
+require "socket"
 
 class RegistryTest < Minitest::Test
   describe SecretConfig::Registry do
     let :file_name do
-      File.join(File.dirname(__FILE__), 'config', 'application.yml')
+      File.join(File.dirname(__FILE__), "config", "application.yml")
     end
 
     let :path do
@@ -22,102 +23,132 @@ class RegistryTest < Minitest::Test
       {
         "/test/my_application/mongo/database"               => "secret_config_test",
         "/test/my_application/mongo/primary"                => "127.0.0.1:27017",
-        "/test/my_application/mongo/secondary"              => "127.0.0.1:27018",
+        "/test/my_application/mongo/secondary"              => "#{Socket.gethostname}:27018",
         "/test/my_application/mysql/database"               => "secret_config_test",
         "/test/my_application/mysql/password"               => "secret_configrules",
         "/test/my_application/mysql/username"               => "secret_config",
         "/test/my_application/mysql/host"                   => "127.0.0.1",
+        "/test/my_application/mysql/ports"                  => "12345,5343,26815",
+        "/test/my_application/mysql/ports2"                 => "    12345, 5343 ,  26815",
+        "/test/my_application/mysql/hostnames"              => "primary.example.net,secondary.example.net,backup.example.net",
+        "/test/my_application/mysql/hostnames2"             => "   primary.example.net,  secondary.example.net ,  backup.example.net",
         "/test/my_application/secrets/secret_key_base"      => "somereallylongteststring",
         "/test/my_application/symmetric_encryption/key"     => "QUJDREVGMTIzNDU2Nzg5MEFCQ0RFRjEyMzQ1Njc4OTA=",
-        "/test/my_application/symmetric_encryption/version" => 2,
+        "/test/my_application/symmetric_encryption/version" => "2",
         "/test/my_application/symmetric_encryption/iv"      => "QUJDREVGMTIzNDU2Nzg5MA=="
       }
     end
 
-    describe '#configuration' do
-      it 'returns a copy of the config' do
+    describe "#configuration" do
+      it "returns a copy of the config" do
         assert_equal "127.0.0.1", registry.configuration.dig("mysql", "host")
       end
 
-      it 'filters passwords' do
+      it "filters passwords" do
         assert_equal SecretConfig::FILTERED, registry.configuration.dig("mysql", "password")
       end
 
-      it 'filters key' do
+      it "filters key" do
         assert_equal SecretConfig::FILTERED, registry.configuration.dig("symmetric_encryption", "key")
       end
     end
 
-    describe '#key?' do
-      it 'has key' do
-        expected.each_pair do |key, value|
+    describe "#key?" do
+      it "has key" do
+        expected.each_pair do |key, _value|
           key = key.sub("#{path}/", "")
           assert registry.key?(key), "Path: #{key}"
         end
       end
 
-      it 'returns false with missing relative key' do
+      it "returns false with missing relative key" do
         refute registry.key?("invalid/path")
       end
 
-      it 'returns nil with missing full key' do
+      it "returns nil with missing full key" do
         refute registry.key?("/test/invalid/path")
       end
     end
 
-    describe '#[]' do
-      it 'returns values' do
+    describe "#[]" do
+      it "returns values" do
         expected.each_pair do |key, value|
           key = key.sub("#{path}/", "")
           assert_equal value, registry[key], "Path: #{key}"
         end
       end
 
-      it 'returns nil with missing relative key' do
+      it "returns nil with missing relative key" do
         assert_nil registry["invalid/path"]
       end
 
-      it 'returns nil with missing full key' do
+      it "returns nil with missing full key" do
         assert_nil registry["/test/invalid/path"]
       end
     end
 
-    describe '#fetch' do
-      it 'returns values' do
+    describe "#fetch" do
+      it "returns values" do
         expected.each_pair do |key, value|
           key = key.sub("#{path}/", "")
           assert_equal value, registry.fetch(key), "Path: #{key}"
         end
       end
 
-      it 'exception missing relative key' do
+      it "exception missing relative key" do
         assert_raises SecretConfig::MissingMandatoryKey do
           registry.fetch("invalid/path")
         end
       end
 
-      it 'returns nil with missing full key' do
+      it "returns nil with missing full key" do
         assert_raises SecretConfig::MissingMandatoryKey do
           registry.fetch("/test/invalid/path")
         end
       end
 
-      it 'returns default with missing key' do
+      it "returns default with missing key" do
         assert_equal "default_value", registry.fetch("/test/invalid/path", default: "default_value")
       end
 
-      it 'returns default with false value' do
+      it "returns default with false value" do
         assert_equal false, registry.fetch("/test/invalid/path", default: false, type: :boolean)
       end
 
-      it 'converts to integer' do
+      it "converts to integer" do
         assert_equal 2, registry.fetch("symmetric_encryption/version", type: :integer)
       end
 
-      it 'decodes Base 64' do
+      describe "uses separator to extract an array" do
+        it "of strings" do
+          value = registry.fetch("mysql/hostnames", separator: ",")
+          assert_equal ["primary.example.net", "secondary.example.net", "backup.example.net"], value
+        end
+
+        it "of strings with spaces" do
+          value = registry.fetch("mysql/hostnames2", separator: ",")
+          assert_equal ["primary.example.net", "secondary.example.net", "backup.example.net"], value
+        end
+
+        it "of integers" do
+          value = registry.fetch("mysql/ports", type: :integer, separator: ",")
+          assert_equal([12345, 5343, 26815], value)
+        end
+
+        it "of integers with spaces" do
+          value = registry.fetch("mysql/ports2", type: :integer, separator: ",")
+          assert_equal([12345, 5343, 26815], value)
+        end
+
+        it "accepts a default without requiring conversion" do
+          value = registry.fetch("mysql/ports5", type: :integer, separator: ",", default: [23, 45, 72])
+          assert_equal([23, 45, 72], value)
+        end
+      end
+
+      it "decodes Base 64" do
         assert_equal "ABCDEF1234567890ABCDEF1234567890", registry.fetch("symmetric_encryption/key", encoding: :base64)
       end
     end
   end
 end
-

data/test/secret_config_test.rb

@@ -1,9 +1,10 @@
-require_relative 'test_helper'
+require_relative "test_helper"
+require "socket"
 
 class SecretConfigTest < Minitest::Test
   describe SecretConfig::Providers::File do
     let :file_name do
-      File.join(File.dirname(__FILE__), 'config', 'application.yml')
+      File.join(File.dirname(__FILE__), "config", "application.yml")
     end
 
     let :path do
@@ -14,39 +15,87 @@ class SecretConfigTest < Minitest::Test
       SecretConfig.use :file, path: path, file_name: file_name
     end
 
-    describe '#configuration' do
-      it 'returns a copy of the config' do
+    describe ".configuration" do
+      it "returns a copy of the config" do
         assert_equal "127.0.0.1", SecretConfig.configuration.dig("mysql", "host")
       end
     end
 
-    describe '#key?' do
-      it 'has key' do
+    describe ".key?" do
+      it "has key" do
         assert SecretConfig.key?("mysql/database")
       end
     end
 
-    describe '#[]' do
-      it 'returns values' do
+    describe ".[]" do
+      it "returns values" do
         assert_equal "secret_config_test", SecretConfig["mysql/database"]
       end
+
+      it "returns values with interpolation" do
+        assert_equal "#{Socket.gethostname}:27018", SecretConfig["mongo/secondary"]
+      end
     end
 
-    describe '#fetch' do
+    describe ".fetch" do
       after do
-        ENV['MYSQL_DATABASE'] = nil
+        ENV["MYSQL_DATABASE"]      = nil
+        SecretConfig.check_env_var = true
       end
 
-      it 'fetches values' do
+      it "fetches values" do
         assert_equal "secret_config_test", SecretConfig.fetch("mysql/database")
       end
 
-      it 'can be overridden by an environment variable' do
-        ENV['MYSQL_DATABASE'] = 'other'
+      it "can be overridden by an environment variable" do
+        ENV["MYSQL_DATABASE"] = "other"
 
         SecretConfig.use :file, path: path, file_name: file_name
         assert_equal "other", SecretConfig.fetch("mysql/database")
       end
+
+      it "returns values with interpolation" do
+        assert_equal "#{Socket.gethostname}:27018", SecretConfig.fetch("mongo/secondary")
+      end
+
+      it "can be omitted an environment variable override with #check_env_var configuration" do
+        ENV["MYSQL_DATABASE"] = "other"
+
+        SecretConfig.check_env_var = false
+        SecretConfig.use :file, path: path, file_name: file_name
+        assert_equal "secret_config_test", SecretConfig.fetch("mysql/database")
+      end
+    end
+
+    describe ".configure" do
+      before do
+        SecretConfig.use :file, path: path, file_name: file_name
+      end
+
+      it "#fetch" do
+        database = nil
+        SecretConfig.configure("mysql") do |config|
+          database = config.fetch("database")
+        end
+        assert_equal "secret_config_test", database
+      end
+
+      it "#[]" do
+        database = nil
+        SecretConfig.configure("mysql") do |config|
+          database = config["database"]
+        end
+        assert_equal "secret_config_test", database
+      end
+
+      it "#key?" do
+        database = nil
+        SecretConfig.configure("mysql") do |config|
+          database = config.key?("database")
+        end
+        assert_equal true, database
+      end
     end
+
   end
 end