RubyGems - vault-rails - Versions diffs - 0.3.1 → 0.7.0 - Mend

vault-rails 0.3.1 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

checksums.yaml +5 -5
data/README.md +144 -11
data/Rakefile +5 -2
data/lib/vault/encrypted_model.rb +177 -59
data/lib/vault/rails.rb +77 -29
data/lib/vault/rails/configurable.rb +54 -8
data/lib/vault/rails/errors.rb +8 -0
data/lib/vault/rails/{serializer.rb → json_serializer.rb} +4 -5
data/lib/vault/rails/version.rb +1 -1
data/spec/dummy/app/models/lazy_person.rb +20 -0
data/spec/dummy/app/models/lazy_single_person.rb +18 -0
data/spec/dummy/app/models/person.rb +36 -1
data/spec/dummy/config/environments/development.rb +5 -3
data/spec/dummy/config/environments/test.rb +5 -3
data/spec/dummy/db/migrate/20150428220101_create_people.rb +7 -1
data/spec/dummy/db/schema.rb +21 -16
data/spec/integration/rails_spec.rb +397 -17
data/spec/lib/vault/rails/json_serializer_spec.rb +42 -0
data/spec/spec_helper.rb +27 -0
data/spec/unit/encrypted_model_spec.rb +9 -4
data/spec/unit/rails/configurable_spec.rb +118 -0
data/spec/unit/vault/rails_spec.rb +33 -0
metadata +55 -56
data/spec/dummy/db/development.sqlite3 +0 -0
data/spec/dummy/db/test.sqlite3 +0 -0
data/spec/dummy/log/development.log +0 -220
data/spec/dummy/log/test.log +0 -13

data/spec/lib/vault/rails/json_serializer_spec.rb ADDED

@@ -0,0 +1,42 @@
+require 'spec_helper'
+RSpec.describe Vault::Rails::JSONSerializer do
+  [
+    nil,
+    false,
+    true,
+    "",
+    "foo",
+    {},
+    { "foo" => "bar" },
+    [],
+    ["foo", "bar"],
+    0,
+    123,
+    0.0,
+    0.123,
+    0xff,
+    123e123
+  ].each do |object|
+    it "encodes and decodes #{object.inspect}" do
+      encoded = described_class.encode(object)
+      expect(encoded).to be_a(String)
+      decoded = described_class.decode(encoded)
+      expect(decoded).to eq(object)
+    end
+  end
+  describe ".decode" do
+    subject(:decoded) { described_class.decode(raw) }
+    context "with nil" do
+      let(:raw) { nil }
+      it { is_expected.to eq(nil) }
+    end
+    context "with an empty string (only possible if column has a default)" do
+      let(:raw) { "" }
+      it { is_expected.to eq(nil) }
+    end
+  end
+end

data/spec/spec_helper.rb CHANGED

@@ -3,12 +3,31 @@ require "vault/rails"
 require "rspec"
+def vault_version_string
+  @vault_version_string ||= `vault --version`
+end
+TEST_VAULT_VERSION = Gem::Version.new(vault_version_string.match(/(\d+\.\d+\.\d+)/)[1])
 RSpec.configure do |config|
   # Prohibit using the should syntax
   config.expect_with :rspec do |spec|
     spec.syntax = :expect
   end
+  # Allow tests to isolate a specific test using +focus: true+. If nothing
+  # is focused, then all tests are executed.
+  config.filter_run_when_matching :focus
+  config.filter_run_excluding vault: lambda { |v|
+    !vault_meets_requirements?(v)
+  }
+  config.filter_run_excluding ent_vault: lambda { |v|
+    !vault_is_enterprise? || !vault_meets_requirements?(v)
+  }
+  config.filter_run_excluding non_ent_vault: lambda { |v|
+    vault_is_enterprise? || !vault_meets_requirements?(v)
+  }
   # Allow tests to isolate a specific test using +focus: true+. If nothing
   # is focused, then all tests are executed.
   config.filter_run(focus: true)
@@ -21,4 +40,12 @@ RSpec.configure do |config|
   config.order = 'random'
 end
+def vault_is_enterprise?
+  !!vault_version_string.match(/\+(?:ent|prem)/)
+end
+def vault_meets_requirements?(v)
+  Gem::Requirement.new(v).satisfied_by?(TEST_VAULT_VERSION)
+end
 require File.expand_path("../dummy/config/environment.rb", __FILE__)

data/spec/unit/encrypted_model_spec.rb CHANGED

@@ -20,6 +20,12 @@ describe Vault::EncryptedModel do
       }.to raise_error(Vault::Rails::ValidationFailedError)
     end
+    it "raises an exception if a proc is passed to :context without an arity of 1" do
+      expect {
+        klass.vault_attribute(:foo, context: ->() { })
+      }.to raise_error(Vault::Rails::ValidationFailedError, /1 argument/i)
+    end
     it "defines a getter" do
       klass.vault_attribute(:foo)
       expect(klass.instance_methods).to include(:foo)
@@ -36,10 +42,9 @@ describe Vault::EncryptedModel do
     end
     it "defines dirty attribute methods" do
-      klass.vault_attribute(:foo)
-      expect(klass.instance_methods).to include(:foo_change)
-      expect(klass.instance_methods).to include(:foo_changed?)
-      expect(klass.instance_methods).to include(:foo_was)
+      expect(Person.new).to respond_to(:ssn_change)
+      expect(Person.new).to respond_to(:ssn_changed?)
+      expect(Person.new).to respond_to(:ssn_was)
     end
   end
 end

data/spec/unit/rails/configurable_spec.rb ADDED

@@ -0,0 +1,118 @@
+require "spec_helper"
+describe Vault::Rails::Configurable do
+  subject do
+    Class.new.tap do |c|
+      c.class.instance_eval do
+        include Vault::Rails::Configurable
+      end
+    end
+  end
+  describe '.application' do
+    context 'when unconfigured' do
+      it 'raises exception' do
+        expect {
+          subject.application
+        }.to raise_error(RuntimeError)
+      end
+    end
+    context 'when configured' do
+      before do
+        subject.configure do |vault|
+          vault.application = "dummy"
+        end
+      end
+      it 'returns the application' do
+        expect(subject.application).to eq "dummy"
+      end
+    end
+    context 'falls back to ENV' do
+      before do
+        ENV["VAULT_RAILS_APPLICATION"] = "envdummy"
+      end
+      after do
+        ENV.delete("VAULT_RAILS_APPLICATION")
+      end
+      it 'returns the application defined in ENV' do
+        expect(subject.application).to eq "envdummy"
+      end
+    end
+  end
+  describe '.enabled' do
+    context 'when unconfigured' do
+      it 'returns false' do
+        expect(subject.enabled?).to eq false
+      end
+    end
+    context 'when configured' do
+      it 'returns true' do
+        subject.configure do |vault|
+          vault.enabled = true
+        end
+        expect(subject.enabled?).to eq true
+      end
+      it 'returns false' do
+        subject.configure do |vault|
+          vault.enabled = false
+        end
+        expect(subject.enabled?).to eq false
+      end
+    end
+    context 'falls back to ENV' do
+      after do
+        ENV.delete("VAULT_RAILS_ENABLED")
+      end
+      it 'returns false' do
+        ENV["VAULT_RAILS_ENABLED"] = "false"
+        expect(subject.enabled?).to eq false
+      end
+      it 'returns true' do
+        ENV["VAULT_RAILS_ENABLED"] = "true"
+        expect(subject.enabled?).to eq true
+      end
+    end
+  end
+  describe '.in_memory_warnings_enabled?' do
+    context 'when unconfigured' do
+      it 'returns true' do
+        expect(subject.in_memory_warnings_enabled?).to eq true
+      end
+    end
+    context 'when configured as on' do
+      before do
+        subject.configure do |vault|
+          vault.in_memory_warnings_enabled = true
+        end
+      end
+      it 'returns true' do
+        expect(subject.in_memory_warnings_enabled?).to eq true
+      end
+    end
+    context 'when configured as off' do
+      before do
+        subject.configure do |vault|
+          vault.in_memory_warnings_enabled = false
+        end
+      end
+      it 'returns false' do
+        expect(subject.in_memory_warnings_enabled?).to eq false
+      end
+    end
+  end
+end

data/spec/unit/vault/rails_spec.rb ADDED

@@ -0,0 +1,33 @@
+require 'spec_helper'
+RSpec.describe Vault::Rails do
+  describe "#memory_key_for" do
+    input_examples = [
+      ["path", "key"],
+      ["path", "key", "context"],
+      ["a_really_long_path", "a_really_long_key"],
+      ["a_really_long_path", "a_really_long_key", "a_really_long_context"],
+    ]
+    input_examples.each do |path, key, encryption_context|
+      context "with path=#{path}, key=#{key}, context=#{encryption_context}" do
+        it "returns exactly 16 bytes as required by OpenSSL AES 128" do
+          memory_key = Vault::Rails.send(
+            :memory_key_for, path, key, context: encryption_context
+          )
+          expect(memory_key.bytesize).to eq(16)
+        end
+      end
+    end
+    it "returns unique keys for different paths, keys, and contexts" do
+      memory_keys = input_examples.map { |path, key, encryption_context|
+        Vault::Rails.send(
+          :memory_key_for, path, key, context: encryption_context
+        )
+      }
+      expect(memory_keys).to match_array(memory_keys.uniq)
+    end
+  end
+end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: vault-rails
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.7.0
 platform: ruby
 authors:
 - Seth Vargo
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-03-03 00:00:00.000000000 Z
+date: 2020-10-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -16,44 +16,44 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '5.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: vault
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.5'
+        version: '0.14'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.5'
+        version: '0.14'
 - !ruby/object:Gem::Dependency
-  name: appraisal
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -67,7 +67,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: pry
+  name: pry-byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -112,16 +112,16 @@ dependencies:
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.6
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.6
 description: Official Vault plugin for Rails
 email:
 - sethvargo@gmail.com
@@ -136,10 +136,11 @@ files:
 - lib/vault/rails.rb
 - lib/vault/rails/configurable.rb
 - lib/vault/rails/errors.rb
-- lib/vault/rails/serializer.rb
+- lib/vault/rails/json_serializer.rb
 - lib/vault/rails/version.rb
 - spec/dummy/Rakefile
 - spec/dummy/app/models/lazy_person.rb
+- spec/dummy/app/models/lazy_single_person.rb
 - spec/dummy/app/models/person.rb
 - spec/dummy/bin/bundle
 - spec/dummy/bin/rails
@@ -163,25 +164,24 @@ files:
 - spec/dummy/config/locales/en.yml
 - spec/dummy/config/routes.rb
 - spec/dummy/config/secrets.yml
-- spec/dummy/db/development.sqlite3
 - spec/dummy/db/migrate/20150428220101_create_people.rb
 - spec/dummy/db/schema.rb
-- spec/dummy/db/test.sqlite3
 - spec/dummy/lib/binary_serializer.rb
-- spec/dummy/log/development.log
-- spec/dummy/log/test.log
 - spec/dummy/public/404.html
 - spec/dummy/public/422.html
 - spec/dummy/public/500.html
 - spec/dummy/public/favicon.ico
 - spec/integration/rails_spec.rb
+- spec/lib/vault/rails/json_serializer_spec.rb
 - spec/spec_helper.rb
 - spec/support/vault_server.rb
 - spec/unit/encrypted_model_spec.rb
+- spec/unit/rails/configurable_spec.rb
 - spec/unit/rails_spec.rb
+- spec/unit/vault/rails_spec.rb
 homepage: https://github.com/hashicorp/vault-rails
 licenses:
-- MPLv3
+- MPL-2.0
 metadata: {}
 post_install_message:
 rdoc_options: []
@@ -198,50 +198,49 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.5.1
+rubygems_version: 3.1.4
 signing_key:
 specification_version: 4
 summary: Official Vault plugin for Rails
 test_files:
-- spec/dummy/app/models/lazy_person.rb
-- spec/dummy/app/models/person.rb
+- spec/support/vault_server.rb
+- spec/integration/rails_spec.rb
 - spec/dummy/bin/bundle
-- spec/dummy/bin/rails
 - spec/dummy/bin/rake
+- spec/dummy/bin/rails
+- spec/dummy/db/schema.rb
+- spec/dummy/db/migrate/20150428220101_create_people.rb
+- spec/dummy/public/404.html
+- spec/dummy/public/422.html
+- spec/dummy/public/500.html
+- spec/dummy/public/favicon.ico
+- spec/dummy/Rakefile
+- spec/dummy/config.ru
+- spec/dummy/app/models/lazy_person.rb
+- spec/dummy/app/models/lazy_single_person.rb
+- spec/dummy/app/models/person.rb
+- spec/dummy/config/environment.rb
+- spec/dummy/config/locales/en.yml
 - spec/dummy/config/application.rb
+- spec/dummy/config/routes.rb
 - spec/dummy/config/boot.rb
-- spec/dummy/config/database.yml
-- spec/dummy/config/environment.rb
-- spec/dummy/config/environments/development.rb
+- spec/dummy/config/secrets.yml
 - spec/dummy/config/environments/test.rb
-- spec/dummy/config/initializers/assets.rb
+- spec/dummy/config/environments/development.rb
+- spec/dummy/config/initializers/inflections.rb
+- spec/dummy/config/initializers/vault.rb
 - spec/dummy/config/initializers/backtrace_silencers.rb
-- spec/dummy/config/initializers/cookies_serializer.rb
 - spec/dummy/config/initializers/filter_parameter_logging.rb
-- spec/dummy/config/initializers/inflections.rb
-- spec/dummy/config/initializers/mime_types.rb
 - spec/dummy/config/initializers/session_store.rb
-- spec/dummy/config/initializers/vault.rb
+- spec/dummy/config/initializers/mime_types.rb
+- spec/dummy/config/initializers/assets.rb
 - spec/dummy/config/initializers/wrap_parameters.rb
-- spec/dummy/config/locales/en.yml
-- spec/dummy/config/routes.rb
-- spec/dummy/config/secrets.yml
-- spec/dummy/config.ru
-- spec/dummy/db/development.sqlite3
-- spec/dummy/db/migrate/20150428220101_create_people.rb
-- spec/dummy/db/schema.rb
-- spec/dummy/db/test.sqlite3
+- spec/dummy/config/initializers/cookies_serializer.rb
+- spec/dummy/config/database.yml
 - spec/dummy/lib/binary_serializer.rb
-- spec/dummy/log/development.log
-- spec/dummy/log/test.log
-- spec/dummy/public/404.html
-- spec/dummy/public/422.html
-- spec/dummy/public/500.html
-- spec/dummy/public/favicon.ico
-- spec/dummy/Rakefile
-- spec/integration/rails_spec.rb
 - spec/spec_helper.rb
-- spec/support/vault_server.rb
-- spec/unit/encrypted_model_spec.rb
 - spec/unit/rails_spec.rb
+- spec/unit/vault/rails_spec.rb
+- spec/unit/encrypted_model_spec.rb
+- spec/unit/rails/configurable_spec.rb
+- spec/lib/vault/rails/json_serializer_spec.rb