vault-rails 0.6.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -42,12 +42,22 @@ describe Vault::Rails do
42
42
 
43
43
  it "allows attributes to be unset" do
44
44
  person = Person.create!(ssn: "123-45-6789")
45
- person.update_attributes!(ssn: nil)
45
+ person.update!(ssn: nil)
46
46
  person.reload
47
47
 
48
48
  expect(person.ssn).to be(nil)
49
49
  end
50
50
 
51
+ it "allows dirty attributes to be unset" do
52
+ person = Person.create!(ssn: "123-45-6789")
53
+ person.ssn = nil
54
+ expect(person.ssn).to be_nil
55
+
56
+ person2 = Person.create!(ssn: "123-45-6789")
57
+ person2.assign_attributes(ssn: nil)
58
+ expect(person2.ssn).to be_nil
59
+ end
60
+
51
61
  it "allows saving without validations" do
52
62
  person = Person.new(ssn: "123-456-7890")
53
63
  person.save(validate: false)
@@ -57,7 +67,7 @@ describe Vault::Rails do
57
67
  it "allows attributes to be unset after reload" do
58
68
  person = Person.create!(ssn: "123-45-6789")
59
69
  person.reload
60
- person.update_attributes!(ssn: nil)
70
+ person.update!(ssn: nil)
61
71
  person.reload
62
72
 
63
73
  expect(person.ssn).to be(nil)
@@ -65,7 +75,7 @@ describe Vault::Rails do
65
75
 
66
76
  it "allows attributes to be blank" do
67
77
  person = Person.create!(ssn: "123-45-6789")
68
- person.update_attributes!(ssn: "")
78
+ person.update!(ssn: "")
69
79
  person.reload
70
80
 
71
81
  expect(person.ssn).to eq("")
@@ -74,7 +84,7 @@ describe Vault::Rails do
74
84
 
75
85
  it "allows attributes to be null" do
76
86
  person = Person.create!(ssn: "123-45-6789")
77
- person.update_attributes!(ssn: nil)
87
+ person.update!(ssn: nil)
78
88
  person.reload
79
89
 
80
90
  expect(person.ssn).to eq(nil)
@@ -97,6 +107,18 @@ describe Vault::Rails do
97
107
  person.name = "Cinderella"
98
108
  person.save!
99
109
  end
110
+
111
+ it "does not register a Vault attribute as necessarily being backed by a column" do
112
+ expect(Person.attribute_names).to include("ssn")
113
+ expect(Person.column_names).not_to include("ssn")
114
+ end
115
+
116
+ it "does not reload encrypted attributes on destroy" do
117
+ person = Person.create!(ssn: "123-45-6789")
118
+
119
+ expect(Vault::Rails).to_not receive(:decrypt)
120
+ person.destroy
121
+ end
100
122
  end
101
123
 
102
124
  context "lazy decrypt" do
@@ -140,16 +162,33 @@ describe Vault::Rails do
140
162
  expect(person.ssn_changed?).to be(true)
141
163
  expect(person.ssn_change).to eq(["123-45-6789", "111-11-1111"])
142
164
  expect(person.ssn_was).to eq("123-45-6789")
165
+
166
+ person.assign_attributes(ssn: "222-22-2222")
167
+
168
+ expect(person.ssn_changed?).to be(true)
169
+ expect(person.ssn_change).to eq(["123-45-6789", "222-22-2222"])
170
+ expect(person.ssn_was).to eq("123-45-6789")
143
171
  end
144
172
 
145
173
  it "allows attributes to be unset" do
146
174
  person = LazyPerson.create!(ssn: "123-45-6789")
147
- person.update_attributes!(ssn: nil)
175
+ person.update!(ssn: nil)
148
176
  person.reload
149
177
 
150
178
  expect(person.ssn).to be(nil)
151
179
  end
152
180
 
181
+ it "allows dirty attributes to be unset" do
182
+ person = LazyPerson.create!(ssn: "123-45-6789")
183
+ person.ssn = nil
184
+ expect(person.ssn).to be_nil
185
+
186
+ person2 = LazyPerson.create!(ssn: "123-45-6789")
187
+ person2.assign_attributes(ssn: nil)
188
+ expect(person2.ssn).to be_nil
189
+ end
190
+
191
+
153
192
  it "allows saving without validations" do
154
193
  person = LazyPerson.new(ssn: "123-456-7890")
155
194
  expect(person.save(validate: false)).to be(true)
@@ -159,7 +198,7 @@ describe Vault::Rails do
159
198
  it "allows attributes to be unset after reload" do
160
199
  person = LazyPerson.create!(ssn: "123-45-6789")
161
200
  person.reload
162
- person.update_attributes!(ssn: nil)
201
+ person.update!(ssn: nil)
163
202
  person.reload
164
203
 
165
204
  expect(person.ssn).to be(nil)
@@ -167,7 +206,7 @@ describe Vault::Rails do
167
206
 
168
207
  it "allows attributes to be blank" do
169
208
  person = LazyPerson.create!(ssn: "123-45-6789")
170
- person.update_attributes!(ssn: "")
209
+ person.update!(ssn: "")
171
210
  person.reload
172
211
 
173
212
  expect(person.ssn).to eq("")
@@ -190,6 +229,13 @@ describe Vault::Rails do
190
229
  person.name = "Cinderella"
191
230
  person.save!
192
231
  end
232
+
233
+ it "allows attributes to be accessed after a destroy" do
234
+ person = LazyPerson.create!(ssn: "123-45-6789")
235
+
236
+ person.destroy
237
+ expect { person.ssn }.not_to raise_error
238
+ end
193
239
  end
194
240
 
195
241
  context "lazy single decrypt" do
@@ -224,7 +270,7 @@ describe Vault::Rails do
224
270
 
225
271
  it "does not decrypt all attributes on single read" do
226
272
  person = LazySinglePerson.create!(ssn: "123-45-6789")
227
- person.update_attributes!(credit_card: "abcd-efgh-hijk-lmno")
273
+ person.update!(credit_card: "abcd-efgh-hijk-lmno")
228
274
  expect(person.credit_card).to eq("abcd-efgh-hijk-lmno")
229
275
 
230
276
  person.reload
@@ -239,7 +285,7 @@ describe Vault::Rails do
239
285
 
240
286
  it "does not decrypt all attributes on single write" do
241
287
  person = LazySinglePerson.create!(ssn: "123-45-6789")
242
- person.update_attributes!(credit_card: "abcd-efgh-hijk-lmno")
288
+ person.update!(credit_card: "abcd-efgh-hijk-lmno")
243
289
  expect(person.credit_card).to eq("abcd-efgh-hijk-lmno")
244
290
 
245
291
  person.reload
@@ -269,7 +315,7 @@ describe Vault::Rails do
269
315
 
270
316
  it "allows attributes to be unset" do
271
317
  person = LazySinglePerson.create!(ssn: "123-45-6789")
272
- person.update_attributes!(ssn: nil)
318
+ person.update!(ssn: nil)
273
319
  person.reload
274
320
 
275
321
  expect(person.ssn).to be(nil)
@@ -284,7 +330,7 @@ describe Vault::Rails do
284
330
  it "allows attributes to be unset after reload" do
285
331
  person = LazySinglePerson.create!(ssn: "123-45-6789")
286
332
  person.reload
287
- person.update_attributes!(ssn: nil)
333
+ person.update!(ssn: nil)
288
334
  person.reload
289
335
 
290
336
  expect(person.ssn).to be(nil)
@@ -292,7 +338,7 @@ describe Vault::Rails do
292
338
 
293
339
  it "allows attributes to be blank" do
294
340
  person = LazySinglePerson.create!(ssn: "123-45-6789")
295
- person.update_attributes!(ssn: "")
341
+ person.update!(ssn: "")
296
342
  person.reload
297
343
 
298
344
  expect(person.ssn).to eq("")
@@ -315,6 +361,13 @@ describe Vault::Rails do
315
361
  person.name = "Cinderella"
316
362
  person.save!
317
363
  end
364
+
365
+ it "allows attributes to be accessed after a destroy" do
366
+ person = LazyPerson.create!(ssn: "123-45-6789")
367
+
368
+ person.destroy
369
+ expect { person.ssn }.not_to raise_error
370
+ end
318
371
  end
319
372
 
320
373
  context "with custom options" do
@@ -353,7 +406,7 @@ describe Vault::Rails do
353
406
 
354
407
  it "allows attributes to be unset" do
355
408
  person = Person.create!(credit_card: "1234567890111213")
356
- person.update_attributes!(credit_card: nil)
409
+ person.update!(credit_card: nil)
357
410
  person.reload
358
411
 
359
412
  expect(person.credit_card).to be(nil)
@@ -361,7 +414,7 @@ describe Vault::Rails do
361
414
 
362
415
  it "allows attributes to be blank" do
363
416
  person = Person.create!(credit_card: "1234567890111213")
364
- person.update_attributes!(credit_card: "")
417
+ person.update!(credit_card: "")
365
418
  person.reload
366
419
 
367
420
  expect(person.credit_card).to eq("")
@@ -404,7 +457,7 @@ describe Vault::Rails do
404
457
 
405
458
  it "allows attributes to be unset" do
406
459
  person = Person.create!(non_ascii: "dás ümlaut")
407
- person.update_attributes!(non_ascii: nil)
460
+ person.update!(non_ascii: nil)
408
461
  person.reload
409
462
 
410
463
  expect(person.non_ascii).to be(nil)
@@ -412,7 +465,7 @@ describe Vault::Rails do
412
465
 
413
466
  it "allows attributes to be blank" do
414
467
  person = Person.create!(non_ascii: "dás ümlaut")
415
- person.update_attributes!(non_ascii: "")
468
+ person.update!(non_ascii: "")
416
469
  person.reload
417
470
 
418
471
  expect(person.non_ascii).to eq("")
@@ -628,6 +681,46 @@ describe Vault::Rails do
628
681
  end
629
682
  end
630
683
 
684
+ context 'with transform_secret', ent_vault: ">= 1.4" do
685
+ before(:all) do
686
+ Vault::Rails.sys.mount("transform", :transform)
687
+ Vault::Rails.client.transform.create_transformation(
688
+ "social_sec",
689
+ template: "builtin/socialsecuritynumber",
690
+ tweak_source: "internal",
691
+ type: "fpe",
692
+ allowed_roles: [Vault::Rails.application]
693
+ )
694
+ Vault::Rails.client.transform.create_role(Vault::Rails.application, transformations: ["social_sec"])
695
+ Vault::Rails.client.transform.create_role("foobar_role", transformations: ["social_sec"])
696
+ end
697
+
698
+ it "encrypts the attribute using the given transformation" do
699
+ person = Person.create!(transform_ssn: "123-45-6789")
700
+ expect(person[:transform_ssn_encrypted]).not_to eq("123-45-6789")
701
+ expect(person[:transform_ssn_encrypted]).to match(/\d{3}-\d{2}-\d{4}/)
702
+ expect(person.transform_ssn).to eq("123-45-6789")
703
+ end
704
+
705
+ it "raises an error if the format is incorrect" do
706
+ expect{ Person.create!(transform_ssn: "1234-5678-90") }.to(
707
+ raise_error(Vault::HTTPClientError, /unable to find matching expression/)
708
+ )
709
+ end
710
+
711
+ it "raises an error if the transformation does not exist" do
712
+ expect{ Person.create!(bad_transform: "nope") }.to(
713
+ raise_error(Vault::HTTPClientError, /unable to find transformation/)
714
+ )
715
+ end
716
+
717
+ it "raises an error if the provided role doesn't have the ability to use the transformation" do
718
+ expect{ Person.create!(bad_role_transform: "123-45-6789") }.to(
719
+ raise_error(Vault::HTTPClientError, /is not an allowed role for the transformation/)
720
+ )
721
+ end
722
+ end
723
+
631
724
  context 'with errors' do
632
725
  it 'raises the appropriate exception' do
633
726
  expect {
@@ -3,12 +3,31 @@ require "vault/rails"
3
3
 
4
4
  require "rspec"
5
5
 
6
+ def vault_version_string
7
+ @vault_version_string ||= `vault --version`
8
+ end
9
+
10
+ TEST_VAULT_VERSION = Gem::Version.new(vault_version_string.match(/(\d+\.\d+\.\d+)/)[1])
11
+
6
12
  RSpec.configure do |config|
7
13
  # Prohibit using the should syntax
8
14
  config.expect_with :rspec do |spec|
9
15
  spec.syntax = :expect
10
16
  end
11
17
 
18
+ # Allow tests to isolate a specific test using +focus: true+. If nothing
19
+ # is focused, then all tests are executed.
20
+ config.filter_run_when_matching :focus
21
+ config.filter_run_excluding vault: lambda { |v|
22
+ !vault_meets_requirements?(v)
23
+ }
24
+ config.filter_run_excluding ent_vault: lambda { |v|
25
+ !vault_is_enterprise? || !vault_meets_requirements?(v)
26
+ }
27
+ config.filter_run_excluding non_ent_vault: lambda { |v|
28
+ vault_is_enterprise? || !vault_meets_requirements?(v)
29
+ }
30
+
12
31
  # Allow tests to isolate a specific test using +focus: true+. If nothing
13
32
  # is focused, then all tests are executed.
14
33
  config.filter_run(focus: true)
@@ -21,4 +40,12 @@ RSpec.configure do |config|
21
40
  config.order = 'random'
22
41
  end
23
42
 
43
+ def vault_is_enterprise?
44
+ !!vault_version_string.match(/\+(?:ent|prem)/)
45
+ end
46
+
47
+ def vault_meets_requirements?(v)
48
+ Gem::Requirement.new(v).satisfied_by?(TEST_VAULT_VERSION)
49
+ end
50
+
24
51
  require File.expand_path("../dummy/config/environment.rb", __FILE__)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: vault-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.0
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Seth Vargo
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-11 00:00:00.000000000 Z
11
+ date: 2020-10-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -16,44 +16,44 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: '4.1'
19
+ version: '5.0'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: '4.1'
26
+ version: '5.0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: vault
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '0.5'
33
+ version: '0.14'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '0.5'
40
+ version: '0.14'
41
41
  - !ruby/object:Gem::Dependency
42
- name: appraisal
42
+ name: bundler
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - "~>"
45
+ - - ">="
46
46
  - !ruby/object:Gem::Version
47
- version: '2.1'
47
+ version: '0'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - "~>"
52
+ - - ">="
53
53
  - !ruby/object:Gem::Version
54
- version: '2.1'
54
+ version: '0'
55
55
  - !ruby/object:Gem::Dependency
56
- name: bundler
56
+ name: pry
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - ">="
@@ -67,7 +67,7 @@ dependencies:
67
67
  - !ruby/object:Gem::Version
68
68
  version: '0'
69
69
  - !ruby/object:Gem::Dependency
70
- name: pry
70
+ name: pry-byebug
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
73
  - - ">="
@@ -86,14 +86,14 @@ dependencies:
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: '10.0'
89
+ version: 12.3.3
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: '10.0'
96
+ version: 12.3.3
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: rspec
99
99
  requirement: !ruby/object:Gem::Requirement
@@ -112,16 +112,16 @@ dependencies:
112
112
  name: sqlite3
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
- - - ">="
115
+ - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: '0'
117
+ version: 1.3.6
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
- - - ">="
122
+ - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: '0'
124
+ version: 1.3.6
125
125
  description: Official Vault plugin for Rails
126
126
  email:
127
127
  - sethvargo@gmail.com
@@ -164,12 +164,9 @@ files:
164
164
  - spec/dummy/config/locales/en.yml
165
165
  - spec/dummy/config/routes.rb
166
166
  - spec/dummy/config/secrets.yml
167
- - spec/dummy/db/development.sqlite3
168
167
  - spec/dummy/db/migrate/20150428220101_create_people.rb
169
168
  - spec/dummy/db/schema.rb
170
- - spec/dummy/db/test.sqlite3
171
169
  - spec/dummy/lib/binary_serializer.rb
172
- - spec/dummy/log/development.log
173
170
  - spec/dummy/public/404.html
174
171
  - spec/dummy/public/422.html
175
172
  - spec/dummy/public/500.html
@@ -201,52 +198,49 @@ required_rubygems_version: !ruby/object:Gem::Requirement
201
198
  - !ruby/object:Gem::Version
202
199
  version: '0'
203
200
  requirements: []
204
- rubygems_version: 3.1.2
201
+ rubygems_version: 3.1.4
205
202
  signing_key:
206
203
  specification_version: 4
207
204
  summary: Official Vault plugin for Rails
208
205
  test_files:
209
- - spec/spec_helper.rb
210
- - spec/unit/encrypted_model_spec.rb
211
- - spec/unit/rails_spec.rb
212
- - spec/unit/vault/rails_spec.rb
213
- - spec/unit/rails/configurable_spec.rb
206
+ - spec/support/vault_server.rb
207
+ - spec/integration/rails_spec.rb
208
+ - spec/dummy/bin/bundle
209
+ - spec/dummy/bin/rake
210
+ - spec/dummy/bin/rails
211
+ - spec/dummy/db/schema.rb
212
+ - spec/dummy/db/migrate/20150428220101_create_people.rb
213
+ - spec/dummy/public/404.html
214
+ - spec/dummy/public/422.html
215
+ - spec/dummy/public/500.html
216
+ - spec/dummy/public/favicon.ico
217
+ - spec/dummy/Rakefile
218
+ - spec/dummy/config.ru
214
219
  - spec/dummy/app/models/lazy_person.rb
215
220
  - spec/dummy/app/models/lazy_single_person.rb
216
221
  - spec/dummy/app/models/person.rb
217
- - spec/dummy/bin/rake
218
- - spec/dummy/bin/bundle
219
- - spec/dummy/bin/rails
220
- - spec/dummy/config/secrets.yml
221
- - spec/dummy/config/routes.rb
222
- - spec/dummy/config/locales/en.yml
223
- - spec/dummy/config/environments/development.rb
224
- - spec/dummy/config/environments/test.rb
225
222
  - spec/dummy/config/environment.rb
223
+ - spec/dummy/config/locales/en.yml
226
224
  - spec/dummy/config/application.rb
227
- - spec/dummy/config/database.yml
225
+ - spec/dummy/config/routes.rb
228
226
  - spec/dummy/config/boot.rb
227
+ - spec/dummy/config/secrets.yml
228
+ - spec/dummy/config/environments/test.rb
229
+ - spec/dummy/config/environments/development.rb
230
+ - spec/dummy/config/initializers/inflections.rb
231
+ - spec/dummy/config/initializers/vault.rb
229
232
  - spec/dummy/config/initializers/backtrace_silencers.rb
230
- - spec/dummy/config/initializers/mime_types.rb
231
233
  - spec/dummy/config/initializers/filter_parameter_logging.rb
232
234
  - spec/dummy/config/initializers/session_store.rb
233
- - spec/dummy/config/initializers/wrap_parameters.rb
235
+ - spec/dummy/config/initializers/mime_types.rb
234
236
  - spec/dummy/config/initializers/assets.rb
237
+ - spec/dummy/config/initializers/wrap_parameters.rb
235
238
  - spec/dummy/config/initializers/cookies_serializer.rb
236
- - spec/dummy/config/initializers/vault.rb
237
- - spec/dummy/config/initializers/inflections.rb
238
- - spec/dummy/config.ru
239
- - spec/dummy/Rakefile
240
- - spec/dummy/public/favicon.ico
241
- - spec/dummy/public/422.html
242
- - spec/dummy/public/500.html
243
- - spec/dummy/public/404.html
239
+ - spec/dummy/config/database.yml
244
240
  - spec/dummy/lib/binary_serializer.rb
245
- - spec/dummy/db/schema.rb
246
- - spec/dummy/db/test.sqlite3
247
- - spec/dummy/db/migrate/20150428220101_create_people.rb
248
- - spec/dummy/db/development.sqlite3
249
- - spec/dummy/log/development.log
250
- - spec/integration/rails_spec.rb
251
- - spec/support/vault_server.rb
241
+ - spec/spec_helper.rb
242
+ - spec/unit/rails_spec.rb
243
+ - spec/unit/vault/rails_spec.rb
244
+ - spec/unit/encrypted_model_spec.rb
245
+ - spec/unit/rails/configurable_spec.rb
252
246
  - spec/lib/vault/rails/json_serializer_spec.rb