sidekiq-field-encryptor 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (15) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +18 -0
  3. data/.rspec +2 -0
  4. data/.travis.yml +4 -0
  5. data/Gemfile +4 -0
  6. data/LICENSE.md +22 -0
  7. data/README.md +32 -0
  8. data/Rakefile +4 -0
  9. data/lib/sidekiq-field-encryptor.rb +2 -0
  10. data/lib/sidekiq-field-encryptor/encryptor.rb +64 -0
  11. data/lib/sidekiq-field-encryptor/version.rb +3 -0
  12. data/sidekiq-field-encryptor.gemspec +28 -0
  13. data/spec/sidekiq-field-encryptor/encryptor_spec.rb +75 -0
  14. data/spec/spec_helper.rb +10 -0
  15. metadata +129 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 204c8e1c027462e1fd8b44117a1e2a7953f3f793
4
+ data.tar.gz: 5d0f753a7031408d647d9508def52146c4d8609a
5
+ SHA512:
6
+ metadata.gz: 86b140ff56fc6cb4d3baf1901fb42b8f34a2bc2f0955280b497b3956c83d6505ae00df0da5057aa8d75ff7dc32952cb8b09baa24317320e03744252d80f2762f
7
+ data.tar.gz: 9904d3395415ad5c0697e86c238273a17d85dda7717f7de28e53878edf59038960b7dfba9b9c7b954b3c6dffac054f7406c0887f39bcec344927bb79da3ce563
data/.gitignore ADDED
@@ -0,0 +1,18 @@
1
+ *.gem
2
+ *.rbc
3
+ .idea
4
+ .bundle
5
+ .config
6
+ .yardoc
7
+ Gemfile.lock
8
+ InstalledFiles
9
+ _yardoc
10
+ coverage
11
+ doc/
12
+ lib/bundler/man
13
+ pkg
14
+ rdoc
15
+ spec/reports
16
+ test/tmp
17
+ test/version_tmp
18
+ tmp
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --color
2
+ --format documentation
data/.travis.yml ADDED
@@ -0,0 +1,4 @@
1
+ rvm:
2
+ - "2.1"
3
+ - 2.0.0
4
+ - jruby
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in sidekiq-field-encryptor.gemspec
4
+ gemspec
data/LICENSE.md ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2015 Aptible, Inc.
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,32 @@
1
+ # ![](https://raw.github.com/aptible/straptible/master/lib/straptible/rails/templates/public.api/icon-60px.png) Sidekiq::Field::Encryptor
2
+
3
+ [![Gem Version](https://badge.fury.io/rb/sidekiq-field-encryptor.png)](https://rubygems.org/gems/sidekiq-field-encryptor)
4
+ [![Build Status](https://travis-ci.org/aptible/sidekiq-field-encryptor.png?branch=master)](https://travis-ci.org/aptible/sidekiq-field-encryptor)
5
+ [![Dependency Status](https://gemnasium.com/aptible/sidekiq-field-encryptor.png)](https://gemnasium.com/aptible/sidekiq-field-encryptor)
6
+
7
+ TODO: Add description.
8
+
9
+ ## Installation
10
+
11
+ Add the following line to your application's Gemfile.
12
+
13
+ gem 'sidekiq-field-encryptor'
14
+
15
+ And then run `bundle install`.
16
+
17
+ ## Usage
18
+
19
+ TODO: Add usage notes.
20
+
21
+ ## Contributing
22
+
23
+ 1. Fork the project.
24
+ 1. Commit your changes, with specs.
25
+ 1. Ensure that your code passes specs (`rake spec`) and meets Aptible's Ruby style guide (`rake rubocop`).
26
+ 1. Create a new pull request on GitHub.
27
+
28
+ ## Copyright and License
29
+
30
+ MIT License, see [LICENSE](LICENSE.md) for details.
31
+
32
+ Copyright (c) 2015 [Aptible](https://www.aptible.com), Blake Pettersson, and contributors.
data/Rakefile ADDED
@@ -0,0 +1,4 @@
1
+ require 'bundler/gem_tasks'
2
+
3
+ require 'aptible/tasks'
4
+ Aptible::Tasks.load_tasks
data/lib/sidekiq-field-encryptor.rb ADDED
@@ -0,0 +1,2 @@
1
+ require 'sidekiq-field-encryptor/version'
2
+ require 'sidekiq-field-encryptor/encryptor'
data/lib/sidekiq-field-encryptor/encryptor.rb ADDED
@@ -0,0 +1,64 @@
1
+ require 'base64'
2
+ require 'encryptor'
3
+ require 'sidekiq-field-encryptor/version'
4
+
5
+ module SidekiqFieldEncryptor
6
+ class Base
7
+ def initialize(options = {})
8
+ @encryption_key = options[:encryption_key]
9
+ @encrypted_fields = options[:encrypted_fields] || {}
10
+ end
11
+
12
+ def assert_key_configured
13
+ fail 'Encryption key not configured' if @encryption_key.nil?
14
+ end
15
+
16
+ def encrypt(value)
17
+ plaintext = Marshal.dump(value)
18
+ iv = OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_iv
19
+ args = { key: @encryption_key, iv: iv }
20
+ ciphertext = ::Encryptor.encrypt(plaintext, **args)
21
+ [::Base64.encode64(ciphertext), ::Base64.encode64(iv)]
22
+ end
23
+
24
+ def decrypt(encrypted)
25
+ ciphertext, iv = encrypted.map { |value| ::Base64.decode64(value) }
26
+ args = { key: @encryption_key, iv: iv }
27
+ plaintext = ::Encryptor.decrypt(ciphertext, **args)
28
+ Marshal.load(plaintext)
29
+ end
30
+
31
+ def process_message(message)
32
+ fields = @encrypted_fields[message['class']]
33
+ return unless fields
34
+ assert_key_configured
35
+ message['args'].size.times.each do |arg_index|
36
+ to_encrypt = fields[arg_index]
37
+ next unless to_encrypt
38
+ raw_value = message['args'][arg_index]
39
+ if to_encrypt == true
40
+ message['args'][arg_index] = yield(raw_value)
41
+ elsif to_encrypt.is_a?(Array) && raw_value.is_a?(Hash)
42
+ message['args'][arg_index] = Hash[raw_value.map do |key, value|
43
+ value = yield(value) if to_encrypt.member?(key.to_s)
44
+ [key, value]
45
+ end]
46
+ end
47
+ end
48
+ end
49
+ end
50
+
51
+ class Client < Base
52
+ def call(_, message, _, _)
53
+ process_message(message) { |value| encrypt(value) }
54
+ yield
55
+ end
56
+ end
57
+
58
+ class Server < Base
59
+ def call(_, message, _)
60
+ process_message(message) { |value| decrypt(value) }
61
+ yield
62
+ end
63
+ end
64
+ end
data/lib/sidekiq-field-encryptor/version.rb ADDED
@@ -0,0 +1,3 @@
1
+ module SidekiqFieldEncryptor
2
+ VERSION = '0.1.0'
3
+ end
data/sidekiq-field-encryptor.gemspec ADDED
@@ -0,0 +1,28 @@
1
+ # encoding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+
5
+ require 'English'
6
+ require 'sidekiq-field-encryptor/version'
7
+
8
+ Gem::Specification.new do |spec|
9
+ spec.name = 'sidekiq-field-encryptor'
10
+ spec.version = SidekiqFieldEncryptor::VERSION
11
+ spec.authors = ['Blake Pettersson']
12
+ spec.email = ['blake@aptible.com']
13
+ spec.description = 'Selectively encrypt fields in Sidekiq'
14
+ spec.summary = 'Selectively encrypt fields sent into Sidekiq'
15
+ spec.homepage = 'https://github.com/aptible/sidekiq-field-encryptor'
16
+ spec.license = 'MIT'
17
+
18
+ spec.files = `git ls-files`.split($RS)
19
+ spec.test_files = spec.files.grep(%r{^spec/})
20
+ spec.require_paths = ['lib']
21
+
22
+ spec.add_dependency 'encryptor'
23
+
24
+ spec.add_development_dependency 'bundler'
25
+ spec.add_development_dependency 'aptible-tasks'
26
+ spec.add_development_dependency 'rake'
27
+ spec.add_development_dependency 'rspec'
28
+ end
data/spec/sidekiq-field-encryptor/encryptor_spec.rb ADDED
@@ -0,0 +1,75 @@
1
+ require 'spec_helper'
2
+
3
+ describe SidekiqFieldEncryptor::Client do
4
+ let(:key) { OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_key }
5
+ let(:message) do
6
+ { 'class' => 'FooJob', 'args' => [1, 2, { 'a' => 'A', 'b' => 'B' }] }
7
+ end
8
+
9
+ describe 'with no encryption key' do
10
+ it "doesn't fail when encryption isn't attempted" do
11
+ subject.call('FooJob', message, nil, nil) {}
12
+ end
13
+ it 'fails when encryption is attempted' do
14
+ client = SidekiqFieldEncryptor::Client.new(
15
+ encrypted_fields: { 'FooJob' => { 1 => true } })
16
+ expect { client.call('FooJob', message, nil, nil) {} }
17
+ .to raise_error('Encryption key not configured')
18
+ end
19
+ end
20
+
21
+ describe 'with an encryption key' do
22
+ subject do
23
+ SidekiqFieldEncryptor::Client.new(
24
+ encryption_key: key,
25
+ encrypted_fields: {
26
+ 'FooJob' => { 1 => true, 2 => %w(b d) }
27
+ })
28
+ end
29
+
30
+ it 'encrypts only fields specified by the encryption config' do
31
+ subject.call('FooJob', message, nil, nil) {}
32
+ expect(message['args'][0]).to eq(1)
33
+ expect(subject.decrypt(message['args'][1])).to eq(2)
34
+ expect(message['args'][2]['a']).to eq('A')
35
+ expect(subject.decrypt(message['args'][2]['b'])).to eq('B')
36
+ end
37
+ end
38
+ end
39
+
40
+ describe SidekiqFieldEncryptor::Server do
41
+ let(:key) { OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_key }
42
+ let(:message) do
43
+ { 'class' => 'FooJob', 'args' => [1, 2, { 'a' => 'A', 'b' => 'B' }] }
44
+ end
45
+
46
+ describe 'with no encryption key' do
47
+ it "doesn't fail when decryption isn't attempted" do
48
+ subject.call('FooJob', message, nil) {}
49
+ end
50
+ it 'fails when decryption is attempted' do
51
+ server = SidekiqFieldEncryptor::Server.new(
52
+ encrypted_fields: { 'FooJob' => { 1 => true } })
53
+ expect { server.call('FooJob', message, nil) {} }
54
+ .to raise_error('Encryption key not configured')
55
+ end
56
+ end
57
+
58
+ describe 'with an encryption key' do
59
+ subject do
60
+ SidekiqFieldEncryptor::Server.new(
61
+ encryption_key: key,
62
+ encrypted_fields: {
63
+ 'FooJob' => { 1 => true, 2 => %w(b d) }
64
+ })
65
+ end
66
+
67
+ it 'decrypts all fields specified by the encryption config' do
68
+ original_message = message.dup
69
+ message['args'][1] = subject.encrypt(message['args'][1])
70
+ message['args'][2]['b'] = subject.encrypt(message['args'][2]['b'])
71
+ subject.call('FooJob', message, nil) {}
72
+ expect(message).to eq(original_message)
73
+ end
74
+ end
75
+ end
data/spec/spec_helper.rb ADDED
@@ -0,0 +1,10 @@
1
+ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
2
+ $LOAD_PATH.unshift(File.dirname(__FILE__))
3
+
4
+ # Load shared spec files
5
+ Dir["#{File.dirname(__FILE__)}/shared/**/*.rb"].each do |file|
6
+ require file
7
+ end
8
+
9
+ # Require library up front
10
+ require 'sidekiq-field-encryptor/encryptor'
metadata ADDED
@@ -0,0 +1,129 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: sidekiq-field-encryptor
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Blake Pettersson
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2015-09-01 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: encryptor
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - '>='
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - '>='
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - '>='
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - '>='
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: aptible-tasks
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - '>='
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - '>='
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rake
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - '>='
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - '>='
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rspec
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - '>='
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - '>='
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ description: Selectively encrypt fields in Sidekiq
84
+ email:
85
+ - blake@aptible.com
86
+ executables: []
87
+ extensions: []
88
+ extra_rdoc_files: []
89
+ files:
90
+ - .gitignore
91
+ - .rspec
92
+ - .travis.yml
93
+ - Gemfile
94
+ - LICENSE.md
95
+ - README.md
96
+ - Rakefile
97
+ - lib/sidekiq-field-encryptor.rb
98
+ - lib/sidekiq-field-encryptor/encryptor.rb
99
+ - lib/sidekiq-field-encryptor/version.rb
100
+ - sidekiq-field-encryptor.gemspec
101
+ - spec/sidekiq-field-encryptor/encryptor_spec.rb
102
+ - spec/spec_helper.rb
103
+ homepage: https://github.com/aptible/sidekiq-field-encryptor
104
+ licenses:
105
+ - MIT
106
+ metadata: {}
107
+ post_install_message:
108
+ rdoc_options: []
109
+ require_paths:
110
+ - lib
111
+ required_ruby_version: !ruby/object:Gem::Requirement
112
+ requirements:
113
+ - - '>='
114
+ - !ruby/object:Gem::Version
115
+ version: '0'
116
+ required_rubygems_version: !ruby/object:Gem::Requirement
117
+ requirements:
118
+ - - '>='
119
+ - !ruby/object:Gem::Version
120
+ version: '0'
121
+ requirements: []
122
+ rubyforge_project:
123
+ rubygems_version: 2.4.5
124
+ signing_key:
125
+ specification_version: 4
126
+ summary: Selectively encrypt fields sent into Sidekiq
127
+ test_files:
128
+ - spec/sidekiq-field-encryptor/encryptor_spec.rb
129
+ - spec/spec_helper.rb