watch_list 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4e97e426ed3f34dafac855f270c178ef6219fdd3
-  data.tar.gz: f17a5fda4613c6aefc8387d92ab2ef7be2ab039d
+  metadata.gz: 0393f96cfe27b0285bfd762bdac9b0f167973a24
+  data.tar.gz: 2d8f67229c357f3c392939a2202b4b8173366780
 SHA512:
-  metadata.gz: 088cececf8fa874b876d782cc67e63f103e3af88cdea917fc1502c6bc506b325ca39092ae8a368106a56035fd09aba17eb57a17129d6c1d4e9d1be67c4e5c95a
-  data.tar.gz: 19ab595278b1f340d95c3ef410ccaa828442ba26ec1b0b85ba74ebb5267cd31aef70345fdb891a88d4a0c5a542201e5a5350e670b43f241a7e779f3291c56b7e
+  metadata.gz: 765504cd0da9408bd4739c5016309da7429208c5144c08f5cb5082091aec74540ce6dee9200e223d63d9d845b4265aad07f9e364eb1c613301c84af93d272f42
+  data.tar.gz: 2d08916d8521a9ef1b65e7ce4a64fa3ea6a1236392f4466155547f05662ddebc0f5b06d03af07ecf4cea9b9d28c557ebd59472a2ef827209a504893fcade3baf

data/README.md

@@ -26,6 +26,8 @@ Or install it yourself as:
 ## Usage
 
 ```sh
+export WATCH_LIST_API_KEY=u956-afus321g565fghr519
+
 watch_list -e -o Robotfile
 vi Robotfile
 watch_list -a --dry-run
@@ -97,3 +99,25 @@ alert_contact do
   value "alice@example.com"
 end
 ```
+
+## Encryption
+
+```sh
+git config watch-list.pass "**secret password**"
+git config watch-list.salt "nU0+G1icf70="
+# openssl rand -base64 8
+```
+
+```ruby
+monitor "http monitor" do
+  target "http://example.com"
+  interval 5
+  paused false
+  alert_contact :email, "alice@example.com"
+
+  type :http do
+    httpusername "username"
+    httppassword :secure=>"A4wjNcr8xl71wVXqsIYuYQ=="
+  end
+end
+```

data/lib/watch_list/dsl/context/alert_contact.rb

@@ -28,6 +28,6 @@ class WatchList::DSL::Context::AlertContact
 
   def value(value)
     raise %!AlertContact: "value" is invalid: #{value.inspect}! if value.nil?
-    @result[:Value] = value.to_s
+    @result[:Value] = WatchList::Secure.decrypt_if_possible(value).to_s
   end
 end

data/lib/watch_list/dsl/context/monitor/http.rb

@@ -2,12 +2,12 @@ class WatchList::DSL::Context::Monitor
   class HTTP < Type
     def httpusername(value)
       raise %!Monitor `#{@monitor_name}`: "httpusername" is invalid: #{value.inspect}! if value.nil?
-      @result[:HTTPUsername] = value.to_s
+      @result[:HTTPUsername] = WatchList::Secure.decrypt_if_possible(value).to_s
     end
 
     def httppassword(value)
       raise %!Monitor `#{@monitor_name}`: "httppassword" is invalid: #{value.inspect}! if value.nil?
-      @result[:HTTPPassword] = value.to_s
+      @result[:HTTPPassword] = WatchList::Secure.decrypt_if_possible(value).to_s
     end
   end
 end

data/lib/watch_list/dsl/context/monitor/keyword.rb

@@ -24,7 +24,7 @@ class WatchList::DSL::Context::Monitor
 
     def keywordvalue(value)
       raise %!Monitor `#{@monitor_name}`: "keywordvalue" is invalid: #{value.inspect}! if value.nil?
-      @result[:KeywordValue] = value.to_s
+      @result[:KeywordValue] = WatchList::Secure.decrypt_if_possible(value).to_s
     end
   end
 end

data/lib/watch_list/dsl/context/monitor.rb

@@ -23,7 +23,7 @@ class WatchList::DSL::Context::Monitor
 
   def target(value)
     raise %!Monitor `#{@name}`: "target" is invalid: #{value.inspect}! if value.nil?
-    @result[:URL] = value.to_s
+    @result[:URL] = WatchList::Secure.decrypt_if_possible(value).to_s
   end
 
   def interval(value)

data/lib/watch_list/dsl/converter.rb

@@ -77,6 +77,9 @@ class WatchList::DSL::Converter
       if WatchList::Monitor.const_defined?(key)
         const = WatchList::Monitor.const_get(key)
         buf << "    #{key.to_s.downcase} " + const.key(value).to_sym.inspect
+      elsif key == :HTTPPassword and WatchList::Secure.git_encryptable?
+        value = WatchList::Secure.git_encrypt(value).inspect.sub(/\A\{/, '').sub(/\}\z/, '')
+        buf << "    #{key.to_s.downcase} #{value}"
       else
         buf << "    #{key.to_s.downcase} #{value.inspect}"
       end

data/lib/watch_list/secure.rb

@@ -0,0 +1,69 @@
+class WatchList::Secure
+  CIPHER_NAME = 'AES-256-CBC'
+
+  class << self
+    def git_encrypt(data)
+      pass, salt = get_pass_salt_from_git(:validate => true)
+      {:secure => encrypt(pass, salt, data)}
+    end
+
+    def git_decrypt(data)
+      pass, salt = get_pass_salt_from_git(:validate => true)
+      decrypt(pass, salt, data.fetch(:secure))
+    end
+
+    def encrypt(pass, salt, data)
+      cipher = OpenSSL::Cipher.new(CIPHER_NAME)
+      cipher.encrypt
+      set_key_iv(pass, salt, cipher)
+      encrypted = cipher.update(data) + cipher.final
+      Base64.strict_encode64(encrypted)
+    end
+
+    def decrypt(pass, salt, encrypted)
+      encrypted = Base64.strict_decode64(encrypted)
+      cipher = OpenSSL::Cipher.new(CIPHER_NAME)
+      cipher.decrypt
+      set_key_iv(pass, salt, cipher)
+      cipher.update(encrypted) + cipher.final
+    end
+
+    def set_key_iv(pass, salt, cipher)
+      salt = Base64.strict_decode64(salt)
+      key_iv = OpenSSL::PKCS5.pbkdf2_hmac_sha1(pass, salt, 2000, cipher.key_len + cipher.iv_len)
+      key = key_iv[0, cipher.key_len]
+      iv = key_iv[cipher.key_len, cipher.iv_len]
+      cipher.key = key
+      cipher.iv = iv
+    end
+
+    def get_pass_salt_from_git(options = {})
+      pass = `git config watch-list.pass`.strip
+      salt = `git config watch-list.salt`.strip
+
+      if options[:validate]
+        raise 'cannot get "watch-list.pass" from git config' if pass.empty?
+        raise 'cannot get "watch-list.salt" from git config' if salt.empty?
+      end
+
+      [pass, salt]
+    end
+
+    def git_encryptable?
+      pass, salt = get_pass_salt_from_git
+      not pass.empty? and not salt.empty?
+    end
+
+    def encrypted_value?(value)
+      value.kind_of?(Hash) and value.has_key?(:secure)
+    end
+
+    def decrypt_if_possible(value)
+      if git_encryptable? and encrypted_value?(value)
+        git_decrypt(value)
+      else
+        value
+      end
+    end
+  end # of class methods
+end

data/lib/watch_list/version.rb

@@ -1,3 +1,3 @@
 module WatchList
-  VERSION = '0.1.1'
+  VERSION = '0.1.2'
 end

data/lib/watch_list.rb

@@ -1,4 +1,6 @@
+require 'base64'
 require 'logger'
+require 'openssl'
 require 'singleton'
 require 'tempfile'
 require 'term/ansicolor'
@@ -9,6 +11,7 @@ module WatchList; end
 require 'watch_list/utils'
 require 'watch_list/constants'
 require 'watch_list/logger'
+require 'watch_list/secure'
 
 require 'watch_list/client'
 require 'watch_list/driver'

data/spec/exporter_spec.rb

@@ -0,0 +1,149 @@
+describe 'export' do
+  it do
+    watch_list do
+      <<-RUBY
+        alert_contact do
+          type :email
+          value "#{WATCH_LIST_TEST_EMAIL}"
+        end
+
+        alert_contact do
+          type :email
+          value "#{WATCH_LIST_TEST_EMAIL2}"
+        end
+      RUBY
+    end
+
+    wait_until {|h| h[:alert_contacts].length > 1 }
+
+    expect(watch_list_client.export).to eq <<-RUBY.strip
+alert_contact do
+  type :email
+  value "#{WATCH_LIST_TEST_EMAIL}"
+end
+
+alert_contact do
+  type :email
+  value "#{WATCH_LIST_TEST_EMAIL2}"
+end
+    RUBY
+
+    watch_list do
+      <<-RUBY
+        monitor "http monitor" do
+          target "http://example.com"
+          interval 5
+          paused false
+          alert_contact :email, "#{WATCH_LIST_TEST_EMAIL}"
+          alert_contact :email, "#{WATCH_LIST_TEST_EMAIL2}"
+          type :http
+        end
+
+        alert_contact do
+          type :email
+          value "#{WATCH_LIST_TEST_EMAIL}"
+        end
+
+        alert_contact do
+          type :email
+          value "#{WATCH_LIST_TEST_EMAIL2}"
+        end
+      RUBY
+    end
+
+    wait_until {|h| h[:monitors].length > 0 }
+
+    expect(watch_list_client.export).to eq <<-RUBY.strip
+monitor "http monitor" do
+  target "http://example.com"
+  interval 5
+  paused false
+  alert_contact :email, "#{WATCH_LIST_TEST_EMAIL}"
+  alert_contact :email, "#{WATCH_LIST_TEST_EMAIL2}"
+
+  type :http
+end
+
+alert_contact do
+  type :email
+  value "#{WATCH_LIST_TEST_EMAIL}"
+end
+
+alert_contact do
+  type :email
+  value "#{WATCH_LIST_TEST_EMAIL2}"
+end
+    RUBY
+  end
+
+  context 'when with encrypt' do
+    let(:pass) { '**secret password**' }
+    let(:salt) { 'nU0+G1icf70=' }
+    let(:encrypted_password) { 'A4wjNcr8xl71wVXqsIYuYQ==' }
+
+    let(:dsl_with_secure) do
+      <<-RUBY
+monitor "http monitor" do
+  target "http://example.com"
+  interval 5
+  paused false
+  alert_contact :email, "#{WATCH_LIST_TEST_EMAIL}"
+
+  type :http do
+    httpusername "username"
+    httppassword :secure=>"#{encrypted_password}"
+  end
+end
+
+alert_contact do
+  type :email
+  value "sugawara.genki@gmail.com"
+end
+      RUBY
+    end
+
+    before do
+      system(%!git config watch-list.pass "#{pass}"!)
+      system(%!git config watch-list.salt "#{salt}"!)
+    end
+
+    after do
+      system('git config --remove-section watch-list')
+    end
+
+    it do
+      watch_list do
+        <<-RUBY
+          monitor "http monitor" do
+            target "http://example.com"
+            interval 5
+            paused false
+            alert_contact :email, "#{WATCH_LIST_TEST_EMAIL}"
+
+            type :http do
+              httpusername "username"
+              httppassword "password"
+            end
+          end
+
+          alert_contact do
+            type :email
+            value "#{WATCH_LIST_TEST_EMAIL}"
+          end
+        RUBY
+      end
+
+      wait_until {|h| h[:monitors].length > 0 }
+
+      expect(watch_list_client.export).to eq dsl_with_secure.strip
+    end
+
+    it do
+      watch_list { dsl_with_secure }
+
+      wait_until {|h| h[:monitors].length > 0 }
+
+      expect(watch_list_client.export).to eq dsl_with_secure.strip
+    end
+  end
+end

data/spec/secure_spec.rb

@@ -0,0 +1,81 @@
+describe WatchList::Secure do
+  let(:data) { '*secret data*' }
+  let(:pass) { '**secret password**' }
+  let(:salt) { 'nU0+G1icf70=' }
+  let(:encrypted_data) { 'S2aPj2Ajk11sowGJnV+00Q==' }
+
+  describe '#git_encrypt' do
+    before do
+      system(%!git config watch-list.pass "#{pass}"!)
+      system(%!git config watch-list.salt "#{salt}"!)
+    end
+
+    it do
+      expect(described_class.git_encrypt(data)).to eq(secure: encrypted_data)
+    end
+
+    after do
+      system('git config --remove-section watch-list')
+    end
+  end
+
+  describe '#git_decrypt' do
+    before do
+      system(%!git config watch-list.pass "#{pass}"!)
+      system(%!git config watch-list.salt "#{salt}"!)
+    end
+
+    it do
+      expect(described_class.git_decrypt(secure: encrypted_data)).to eq data
+    end
+
+    after do
+      system('git config --remove-section watch-list')
+    end
+  end
+
+  describe '#encrypt' do
+    it do
+      expect(described_class.encrypt(pass, salt, data)).to eq encrypted_data
+    end
+  end
+
+  describe '#decrypt' do
+    it do
+      expect(described_class.decrypt(pass, salt, encrypted_data)).to eq data
+    end
+  end
+
+  describe '#git_encryptable?' do
+    context 'when config is set' do
+      before do
+        system(%!git config watch-list.pass "#{pass}"!)
+        system(%!git config watch-list.salt "#{salt}"!)
+      end
+
+      it do
+        expect(described_class.git_encryptable?).to be_truthy
+      end
+
+      after do
+        system('git config --remove-section watch-list')
+      end
+    end
+
+    context 'when config is not set' do
+      it do
+        expect(described_class.git_encryptable?).to be_falsey
+      end
+    end
+  end
+
+  describe '#encrypted_value?' do
+    it do
+      expect(described_class.encrypted_value?(secure: nil)).to be_truthy
+    end
+
+    it do
+      expect(described_class.encrypted_value?(nil)).to be_falsey
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: watch_list
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Genki Sugawara
@@ -114,11 +114,14 @@ files:
 - lib/watch_list/exporter.rb
 - lib/watch_list/ext/string_ext.rb
 - lib/watch_list/logger.rb
+- lib/watch_list/secure.rb
 - lib/watch_list/utils.rb
 - lib/watch_list/version.rb
 - spec/alert_contact_spec.rb
+- spec/exporter_spec.rb
 - spec/monitor_spec.rb
 - spec/paused_spec.rb
+- spec/secure_spec.rb
 - spec/spec_helper.rb
 - spec/status_spec.rb
 - watch_list.gemspec
@@ -148,7 +151,9 @@ specification_version: 4
 summary: watch_list is a tool to manage Uptime Robot.
 test_files:
 - spec/alert_contact_spec.rb
+- spec/exporter_spec.rb
 - spec/monitor_spec.rb
 - spec/paused_spec.rb
+- spec/secure_spec.rb
 - spec/spec_helper.rb
 - spec/status_spec.rb