vault-rails 0.6.0 → 0.7.0

data/spec/integration/rails_spec.rb

@@ -42,12 +42,22 @@ describe Vault::Rails do
 
     it "allows attributes to be unset" do
       person = Person.create!(ssn: "123-45-6789")
-      person.update_attributes!(ssn: nil)
+      person.update!(ssn: nil)
       person.reload
 
       expect(person.ssn).to be(nil)
     end
 
+    it "allows dirty attributes to be unset" do
+      person = Person.create!(ssn: "123-45-6789")
+      person.ssn = nil
+      expect(person.ssn).to be_nil
+
+      person2 = Person.create!(ssn: "123-45-6789")
+      person2.assign_attributes(ssn: nil)
+      expect(person2.ssn).to be_nil
+    end
+
     it "allows saving without validations" do
       person = Person.new(ssn: "123-456-7890")
       person.save(validate: false)
@@ -57,7 +67,7 @@ describe Vault::Rails do
     it "allows attributes to be unset after reload" do
       person = Person.create!(ssn: "123-45-6789")
       person.reload
-      person.update_attributes!(ssn: nil)
+      person.update!(ssn: nil)
       person.reload
 
       expect(person.ssn).to be(nil)
@@ -65,7 +75,7 @@ describe Vault::Rails do
 
     it "allows attributes to be blank" do
       person = Person.create!(ssn: "123-45-6789")
-      person.update_attributes!(ssn: "")
+      person.update!(ssn: "")
       person.reload
 
       expect(person.ssn).to eq("")
@@ -74,7 +84,7 @@ describe Vault::Rails do
 
     it "allows attributes to be null" do
       person = Person.create!(ssn: "123-45-6789")
-      person.update_attributes!(ssn: nil)
+      person.update!(ssn: nil)
       person.reload
 
       expect(person.ssn).to eq(nil)
@@ -97,6 +107,18 @@ describe Vault::Rails do
       person.name = "Cinderella"
       person.save!
     end
+
+    it "does not register a Vault attribute as necessarily being backed by a column" do
+      expect(Person.attribute_names).to include("ssn")
+      expect(Person.column_names).not_to include("ssn")
+    end
+
+    it "does not reload encrypted attributes on destroy" do
+      person = Person.create!(ssn: "123-45-6789")
+
+      expect(Vault::Rails).to_not receive(:decrypt)
+      person.destroy
+    end
   end
 
   context "lazy decrypt" do
@@ -140,16 +162,33 @@ describe Vault::Rails do
       expect(person.ssn_changed?).to be(true)
       expect(person.ssn_change).to eq(["123-45-6789", "111-11-1111"])
       expect(person.ssn_was).to eq("123-45-6789")
+
+      person.assign_attributes(ssn: "222-22-2222")
+
+      expect(person.ssn_changed?).to be(true)
+      expect(person.ssn_change).to eq(["123-45-6789", "222-22-2222"])
+      expect(person.ssn_was).to eq("123-45-6789")
     end
 
     it "allows attributes to be unset" do
       person = LazyPerson.create!(ssn: "123-45-6789")
-      person.update_attributes!(ssn: nil)
+      person.update!(ssn: nil)
       person.reload
 
       expect(person.ssn).to be(nil)
     end
 
+    it "allows dirty attributes to be unset" do
+      person = LazyPerson.create!(ssn: "123-45-6789")
+      person.ssn = nil
+      expect(person.ssn).to be_nil
+
+      person2 = LazyPerson.create!(ssn: "123-45-6789")
+      person2.assign_attributes(ssn: nil)
+      expect(person2.ssn).to be_nil
+    end
+
+
     it "allows saving without validations" do
       person = LazyPerson.new(ssn: "123-456-7890")
       expect(person.save(validate: false)).to be(true)
@@ -159,7 +198,7 @@ describe Vault::Rails do
     it "allows attributes to be unset after reload" do
       person = LazyPerson.create!(ssn: "123-45-6789")
       person.reload
-      person.update_attributes!(ssn: nil)
+      person.update!(ssn: nil)
       person.reload
 
       expect(person.ssn).to be(nil)
@@ -167,7 +206,7 @@ describe Vault::Rails do
 
     it "allows attributes to be blank" do
       person = LazyPerson.create!(ssn: "123-45-6789")
-      person.update_attributes!(ssn: "")
+      person.update!(ssn: "")
       person.reload
 
       expect(person.ssn).to eq("")
@@ -190,6 +229,13 @@ describe Vault::Rails do
       person.name = "Cinderella"
       person.save!
     end
+
+    it "allows attributes to be accessed after a destroy" do
+      person = LazyPerson.create!(ssn: "123-45-6789")
+
+      person.destroy
+      expect { person.ssn }.not_to raise_error
+    end
   end
 
   context "lazy single decrypt" do
@@ -224,7 +270,7 @@ describe Vault::Rails do
 
     it "does not decrypt all attributes on single read" do
       person = LazySinglePerson.create!(ssn: "123-45-6789")
-      person.update_attributes!(credit_card: "abcd-efgh-hijk-lmno")
+      person.update!(credit_card: "abcd-efgh-hijk-lmno")
       expect(person.credit_card).to eq("abcd-efgh-hijk-lmno")
 
       person.reload
@@ -239,7 +285,7 @@ describe Vault::Rails do
 
     it "does not decrypt all attributes on single write" do
       person = LazySinglePerson.create!(ssn: "123-45-6789")
-      person.update_attributes!(credit_card: "abcd-efgh-hijk-lmno")
+      person.update!(credit_card: "abcd-efgh-hijk-lmno")
       expect(person.credit_card).to eq("abcd-efgh-hijk-lmno")
 
       person.reload
@@ -269,7 +315,7 @@ describe Vault::Rails do
 
     it "allows attributes to be unset" do
       person = LazySinglePerson.create!(ssn: "123-45-6789")
-      person.update_attributes!(ssn: nil)
+      person.update!(ssn: nil)
       person.reload
 
       expect(person.ssn).to be(nil)
@@ -284,7 +330,7 @@ describe Vault::Rails do
     it "allows attributes to be unset after reload" do
       person = LazySinglePerson.create!(ssn: "123-45-6789")
       person.reload
-      person.update_attributes!(ssn: nil)
+      person.update!(ssn: nil)
       person.reload
 
       expect(person.ssn).to be(nil)
@@ -292,7 +338,7 @@ describe Vault::Rails do
 
     it "allows attributes to be blank" do
       person = LazySinglePerson.create!(ssn: "123-45-6789")
-      person.update_attributes!(ssn: "")
+      person.update!(ssn: "")
       person.reload
 
       expect(person.ssn).to eq("")
@@ -315,6 +361,13 @@ describe Vault::Rails do
       person.name = "Cinderella"
       person.save!
     end
+
+    it "allows attributes to be accessed after a destroy" do
+      person = LazyPerson.create!(ssn: "123-45-6789")
+
+      person.destroy
+      expect { person.ssn }.not_to raise_error
+    end
   end
 
   context "with custom options" do
@@ -353,7 +406,7 @@ describe Vault::Rails do
 
     it "allows attributes to be unset" do
       person = Person.create!(credit_card: "1234567890111213")
-      person.update_attributes!(credit_card: nil)
+      person.update!(credit_card: nil)
       person.reload
 
       expect(person.credit_card).to be(nil)
@@ -361,7 +414,7 @@ describe Vault::Rails do
 
     it "allows attributes to be blank" do
       person = Person.create!(credit_card: "1234567890111213")
-      person.update_attributes!(credit_card: "")
+      person.update!(credit_card: "")
       person.reload
 
       expect(person.credit_card).to eq("")
@@ -404,7 +457,7 @@ describe Vault::Rails do
 
     it "allows attributes to be unset" do
       person = Person.create!(non_ascii: "dás ümlaut")
-      person.update_attributes!(non_ascii: nil)
+      person.update!(non_ascii: nil)
       person.reload
 
       expect(person.non_ascii).to be(nil)
@@ -412,7 +465,7 @@ describe Vault::Rails do
 
     it "allows attributes to be blank" do
       person = Person.create!(non_ascii: "dás ümlaut")
-      person.update_attributes!(non_ascii: "")
+      person.update!(non_ascii: "")
       person.reload
 
       expect(person.non_ascii).to eq("")
@@ -628,6 +681,46 @@ describe Vault::Rails do
     end
   end
 
+  context 'with transform_secret', ent_vault: ">= 1.4" do
+    before(:all) do
+      Vault::Rails.sys.mount("transform", :transform)
+      Vault::Rails.client.transform.create_transformation(
+        "social_sec",
+        template: "builtin/socialsecuritynumber",
+        tweak_source: "internal",
+        type: "fpe",
+        allowed_roles: [Vault::Rails.application]
+      )
+      Vault::Rails.client.transform.create_role(Vault::Rails.application, transformations: ["social_sec"])
+      Vault::Rails.client.transform.create_role("foobar_role", transformations: ["social_sec"])
+    end
+
+    it "encrypts the attribute using the given transformation" do
+      person = Person.create!(transform_ssn: "123-45-6789")
+      expect(person[:transform_ssn_encrypted]).not_to eq("123-45-6789")
+      expect(person[:transform_ssn_encrypted]).to match(/\d{3}-\d{2}-\d{4}/)
+      expect(person.transform_ssn).to eq("123-45-6789")
+    end
+
+    it "raises an error if the format is incorrect" do
+      expect{ Person.create!(transform_ssn: "1234-5678-90") }.to(
+        raise_error(Vault::HTTPClientError, /unable to find matching expression/)
+      )
+    end
+
+    it "raises an error if the transformation does not exist" do
+      expect{ Person.create!(bad_transform: "nope") }.to(
+        raise_error(Vault::HTTPClientError, /unable to find transformation/)
+      )
+    end
+
+    it "raises an error if the provided role doesn't have the ability to use the transformation" do
+      expect{ Person.create!(bad_role_transform: "123-45-6789") }.to(
+        raise_error(Vault::HTTPClientError, /is not an allowed role for the transformation/)
+      )
+    end
+  end
+
   context 'with errors' do
     it 'raises the appropriate exception' do
       expect {

data/spec/spec_helper.rb

@@ -3,12 +3,31 @@ require "vault/rails"
 
 require "rspec"
 
+def vault_version_string
+  @vault_version_string ||= `vault --version`
+end
+
+TEST_VAULT_VERSION = Gem::Version.new(vault_version_string.match(/(\d+\.\d+\.\d+)/)[1])
+
 RSpec.configure do |config|
   # Prohibit using the should syntax
   config.expect_with :rspec do |spec|
     spec.syntax = :expect
   end
 
+  # Allow tests to isolate a specific test using +focus: true+. If nothing
+  # is focused, then all tests are executed.
+  config.filter_run_when_matching :focus
+  config.filter_run_excluding vault: lambda { |v|
+    !vault_meets_requirements?(v)
+  }
+  config.filter_run_excluding ent_vault: lambda { |v|
+    !vault_is_enterprise? || !vault_meets_requirements?(v)
+  }
+  config.filter_run_excluding non_ent_vault: lambda { |v|
+    vault_is_enterprise? || !vault_meets_requirements?(v)
+  }
+
   # Allow tests to isolate a specific test using +focus: true+. If nothing
   # is focused, then all tests are executed.
   config.filter_run(focus: true)
@@ -21,4 +40,12 @@ RSpec.configure do |config|
   config.order = 'random'
 end
 
+def vault_is_enterprise?
+  !!vault_version_string.match(/\+(?:ent|prem)/)
+end
+
+def vault_meets_requirements?(v)
+  Gem::Requirement.new(v).satisfied_by?(TEST_VAULT_VERSION)
+end
+
 require File.expand_path("../dummy/config/environment.rb", __FILE__)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: vault-rails
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.7.0
 platform: ruby
 authors:
 - Seth Vargo
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-11 00:00:00.000000000 Z
+date: 2020-10-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -16,44 +16,44 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.1'
+        version: '5.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.1'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: vault
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.5'
+        version: '0.14'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.5'
+        version: '0.14'
 - !ruby/object:Gem::Dependency
-  name: appraisal
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -67,7 +67,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: pry
+  name: pry-byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -112,16 +112,16 @@ dependencies:
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.6
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.6
 description: Official Vault plugin for Rails
 email:
 - sethvargo@gmail.com
@@ -164,12 +164,9 @@ files:
 - spec/dummy/config/locales/en.yml
 - spec/dummy/config/routes.rb
 - spec/dummy/config/secrets.yml
-- spec/dummy/db/development.sqlite3
 - spec/dummy/db/migrate/20150428220101_create_people.rb
 - spec/dummy/db/schema.rb
-- spec/dummy/db/test.sqlite3
 - spec/dummy/lib/binary_serializer.rb
-- spec/dummy/log/development.log
 - spec/dummy/public/404.html
 - spec/dummy/public/422.html
 - spec/dummy/public/500.html
@@ -201,52 +198,49 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Official Vault plugin for Rails
 test_files:
-- spec/spec_helper.rb
-- spec/unit/encrypted_model_spec.rb
-- spec/unit/rails_spec.rb
-- spec/unit/vault/rails_spec.rb
-- spec/unit/rails/configurable_spec.rb
+- spec/support/vault_server.rb
+- spec/integration/rails_spec.rb
+- spec/dummy/bin/bundle
+- spec/dummy/bin/rake
+- spec/dummy/bin/rails
+- spec/dummy/db/schema.rb
+- spec/dummy/db/migrate/20150428220101_create_people.rb
+- spec/dummy/public/404.html
+- spec/dummy/public/422.html
+- spec/dummy/public/500.html
+- spec/dummy/public/favicon.ico
+- spec/dummy/Rakefile
+- spec/dummy/config.ru
 - spec/dummy/app/models/lazy_person.rb
 - spec/dummy/app/models/lazy_single_person.rb
 - spec/dummy/app/models/person.rb
-- spec/dummy/bin/rake
-- spec/dummy/bin/bundle
-- spec/dummy/bin/rails
-- spec/dummy/config/secrets.yml
-- spec/dummy/config/routes.rb
-- spec/dummy/config/locales/en.yml
-- spec/dummy/config/environments/development.rb
-- spec/dummy/config/environments/test.rb
 - spec/dummy/config/environment.rb
+- spec/dummy/config/locales/en.yml
 - spec/dummy/config/application.rb
-- spec/dummy/config/database.yml
+- spec/dummy/config/routes.rb
 - spec/dummy/config/boot.rb
+- spec/dummy/config/secrets.yml
+- spec/dummy/config/environments/test.rb
+- spec/dummy/config/environments/development.rb
+- spec/dummy/config/initializers/inflections.rb
+- spec/dummy/config/initializers/vault.rb
 - spec/dummy/config/initializers/backtrace_silencers.rb
-- spec/dummy/config/initializers/mime_types.rb
 - spec/dummy/config/initializers/filter_parameter_logging.rb
 - spec/dummy/config/initializers/session_store.rb
-- spec/dummy/config/initializers/wrap_parameters.rb
+- spec/dummy/config/initializers/mime_types.rb
 - spec/dummy/config/initializers/assets.rb
+- spec/dummy/config/initializers/wrap_parameters.rb
 - spec/dummy/config/initializers/cookies_serializer.rb
-- spec/dummy/config/initializers/vault.rb
-- spec/dummy/config/initializers/inflections.rb
-- spec/dummy/config.ru
-- spec/dummy/Rakefile
-- spec/dummy/public/favicon.ico
-- spec/dummy/public/422.html
-- spec/dummy/public/500.html
-- spec/dummy/public/404.html
+- spec/dummy/config/database.yml
 - spec/dummy/lib/binary_serializer.rb
-- spec/dummy/db/schema.rb
-- spec/dummy/db/test.sqlite3
-- spec/dummy/db/migrate/20150428220101_create_people.rb
-- spec/dummy/db/development.sqlite3
-- spec/dummy/log/development.log
-- spec/integration/rails_spec.rb
-- spec/support/vault_server.rb
+- spec/spec_helper.rb
+- spec/unit/rails_spec.rb
+- spec/unit/vault/rails_spec.rb
+- spec/unit/encrypted_model_spec.rb
+- spec/unit/rails/configurable_spec.rb
 - spec/lib/vault/rails/json_serializer_spec.rb