Skip to content
Browse files

get_secure reads from secure conf first, then falls back to regular

  • Loading branch information...
1 parent 79c5bf1 commit 13d40907ce0eced627d99c3e0d11321d98905030 @jonswar committed
Showing with 29 additions and 25 deletions.
  1. +23 −19 lib/Poet/Conf.pm
  2. +6 −6 lib/Poet/t/Conf.pm
View
42 lib/Poet/Conf.pm
@@ -274,22 +274,26 @@ method set_local ($pairs) {
return $guard;
}
-{
- my $secure_conf;
+# Get key from secure conf, fallback to normal conf. Maintain separate
+# secure_conf hash for each Conf object (e.g. for testing).
+#
+my %secure_confs;
- method get_secure($key) {
- die "key required"
- unless defined($key);
- if ( defined( my $value = $self->get($key) ) ) {
- return $value;
- }
- $secure_conf ||= YAML::XS::LoadFile(
- $self->get(
- 'conf.secure_conf_file' => $self->conf_dir . "/secure.cfg"
- )
- );
- return $secure_conf->{$key};
- }
+method get_secure ($key) {
+ die "key required" unless defined($key);
+ return $self->_get_secure_conf->{$key} || $self->get($key);
+}
+
+method _get_secure_conf () {
+ if ( !$secure_confs{"$self"} ) {
+ my $secure_conf_file = $self->get(
+ 'conf.secure_conf_file' => $self->conf_dir . "/secure.cfg" );
+ $secure_confs{"$self"} =
+ ( -f $secure_conf_file )
+ ? YAML::XS::LoadFile($secure_conf_file)
+ : {};
+ }
+ return $secure_confs{"$self"};
}
method generate_dynamic_conf () {
@@ -586,10 +590,10 @@ match one of the valid options.
my $password = $conf->get_secure('secret_password');
-Get I<key> from configuration as normal, but if it doesn't exist, then look for
-it in a separate non-version-controlled secure config file. Useful for
-passwords, encryption keys, etc. that might be ok in normal config on
-development, but ought to be secure on production.
+Get I<key> from a separate, non-version-controlled, secure config file; if it
+cannot be found, then fallback to normal config. Useful for passwords,
+encryption keys, etc. that might be ok in normal config on development, but
+ought to be secure on production.
The location of the secure config file is determined by config entry
conf.secure_conf_file; it defaults to C<conf/secure.cfg>. The file is in plain
View
12 lib/Poet/t/Conf.pm
@@ -241,26 +241,26 @@ sub test_get_secure : Tests {
my $self = shift;
my $tempdir = tempdir_simple('poet-conf-XXXX');
my $secure_file = "$tempdir/supersecret.cfg";
- write_file( $secure_file, "foo: 7\nbar: 8\nbaz: 9\n" );
+ write_file( $secure_file, "foo: 7\nbar: 8\n" );
my $poet = $self->temp_env(
conf_files => {
'local.cfg' => {
layer => 'development',
'foo' => 0,
+ 'baz' => 9,
'conf.secure_conf_file' => $secure_file
}
}
);
my $conf = $poet->conf;
- my $lex = $conf->set_local( { bar => 4 } );
- is( $conf->get_secure('foo'), 0, "foo=0" );
- is( $conf->get_secure('bar'), 4, "bar=4" );
+ is( $conf->get_secure('foo'), 7, "foo=0" );
+ is( $conf->get_secure('bar'), 8, "bar=8" );
is( $conf->get_secure('baz'), 9, "baz=9" );
is( $conf->get_secure('blargh'), undef, "blargh=undef" );
- is( $conf->get('baz'), undef, "baz=undef" );
- ok( ( !grep { /baz/ } $conf->get_keys() ), "no baz in keys" );
+ is( $conf->get('bar'), undef, "bar=undef" );
+ ok( ( !grep { /bar/ } $conf->get_keys() ), "no bar in keys" );
}
1;

0 comments on commit 13d4090

Please sign in to comment.
Something went wrong with that request. Please try again.