Don't write encrypted file unless credentials have been modified

svoop · Oct 30, 2023 · 31449ac · 31449ac
1 parent f704e85
commit 31449ac
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,10 @@
 
 * Fall back to `APP_ENV` instead of `RACK_ENV`
 
+#### Fixes
+
+* Don't re-encrypt if credentials haven't been modified
+
 ## 0.1.0
 
 #### Initial Implementation

diff --git a/lib/dry/credentials/extension.rb b/lib/dry/credentials/extension.rb
@@ -36,13 +36,15 @@ def reload!
       def edit!(env=nil)
         helpers = Dry::Credentials::Helpers.new(self, env)
         create = helpers.create?
-        yaml = helpers.read_yaml
+        yaml = read_yaml = helpers.read_yaml
         begin
           yaml = helpers.edit_yaml yaml
         end until helpers.yaml_valid? yaml
-        helpers.write_yaml yaml
-        puts [helpers.key_ev, ENV[helpers.key_ev]].join('=') if create
-        reload!
+        unless yaml == read_yaml
+          helpers.write_yaml yaml
+          puts [helpers.key_ev, ENV[helpers.key_ev]].join('=') if create
+          reload!
+        end
       end
 
       # Query settings

diff --git a/spec/lib/dry/credentials/extension_spec.rb b/spec/lib/dry/credentials/extension_spec.rb
@@ -85,16 +85,35 @@
     it "updates the encrypted file and reloads the credentials" do
       Dir.mktmpdir do |tmp_dir|
         FileUtils.cp(fixtures_path.join('encrypted', 'test.yml.enc'), tmp_dir)
+        original_mtime = File.mtime("#{tmp_dir}/test.yml.enc")
+        sleep 0.1
         subject.credentials do
           env 'test'
           dir tmp_dir
         end
         ENV['EDITOR'] = 'echo "added_root: ADDED ROOT" >>'
         _{ subject.credentials.edit! }.must_be_silent
         _(File.exist?("#{tmp_dir}/test.yml.enc")).must_equal true
+        _(File.mtime("#{tmp_dir}/test.yml.enc")).wont_equal original_mtime
         _(subject.credentials.added_root).must_equal 'ADDED ROOT'
         _(subject.credentials.one_root).must_equal 'ONE ROOT'
       end
     end
+
+    it "doesn't update the encrypted file if no changes were made" do
+      Dir.mktmpdir do |tmp_dir|
+        FileUtils.cp(fixtures_path.join('encrypted', 'test.yml.enc'), tmp_dir)
+        original_mtime = File.mtime("#{tmp_dir}/test.yml.enc")
+        sleep 0.1
+        subject.credentials do
+          env 'test'
+          dir tmp_dir
+        end
+        ENV['EDITOR'] = 'true'
+        _{ subject.credentials.edit! }.must_be_silent
+        _(File.exist?("#{tmp_dir}/test.yml.enc")).must_equal true
+        _(File.mtime("#{tmp_dir}/test.yml.enc")).must_equal original_mtime
+      end
+    end
   end
 end