Add EncryptedEnvironmentVariable

dhardiman · Jan 22, 2024 · 79fa21a · 79fa21a
1 parent 47b0a31
commit 79fa21a
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 9 deletions.
diff --git a/Sources/Config/ConfigurationFile.swift b/Sources/Config/ConfigurationFile.swift
@@ -100,7 +100,7 @@ func parseNextProperty(properties: [String: Property], pair: (key: String, value
     var copy = properties
     if let typeHint = PropertyType(rawValue: typeHintValue) {
         switch typeHint {
-        case .string, .url, .encrypted, .encryptionKey, .colour, .image, .regex, .environmentVariable:
+        case .string, .url, .encrypted, .encryptionKey, .colour, .image, .regex, .environmentVariable, .encryptedEnvironmentVariable:
             copy[pair.key] = ConfigurationProperty<String>(key: pair.key, typeHint: typeHintValue, dict: dict, patterns: patterns)
         case .optionalString:
             copy[pair.key] = ConfigurationProperty<String?>(key: pair.key, typeHint: typeHintValue, dict: dict, patterns: patterns)

diff --git a/Sources/Config/Property.swift b/Sources/Config/Property.swift
@@ -71,10 +71,11 @@ enum PropertyType: String {
     case dynamicColour = "DynamicColour"
     case dynamicColourReference = "DynamicColourReference"
     case environmentVariable = "EnvironmentVariable"
+    case encryptedEnvironmentVariable = "EncryptedEnvironmentVariable"
 
     var typeName: String {
         switch self {
-        case .encrypted, .encryptionKey:
+        case .encrypted, .encryptionKey, .encryptedEnvironmentVariable:
             return "[UInt8]"
         case .dictionary:
             return "[String: Any]"
@@ -154,17 +155,28 @@ enum PropertyType: String {
         case .dynamicColourReference:
             return dynamicColourReferenceValue(for: value as? [String: String])
         case .environmentVariable:
-            guard let environmentVariable = value as? String,
-                  let rawValue = getenv(environmentVariable),
-                  let stringValue = String(utf8String: rawValue) else {
-                fatalError("Missing environment variable \(value)")
+            return "#\"\(environmentVariable(for: value as? String))\"#"
+        case .encryptedEnvironmentVariable:
+            let valueString = environmentVariable(for: value as? String)
+            guard let key = key else { fatalError("No encryption key present to encrypt value") }
+            guard let encryptedString = valueString.encrypt(key: Array(key.utf8), iv: Array(iv.hash.utf8)) else {
+                fatalError("Unable to encrypt \(value) with key")
             }
-            return "#\"\(stringValue)\"#"
+            return byteArrayOutput(from: encryptedString)
         default:
             return "\(value)"
         }
     }
 
+    private func environmentVariable(for value: String?) -> String {
+        guard let environmentVariableName = value,
+              let rawValue = getenv(environmentVariableName),
+              let stringValue = String(utf8String: rawValue) else {
+            fatalError("Missing environment variable \(value ?? "")")
+        }
+        return stringValue
+    }
+
     private func colourValue(for value: String?) -> String {
         guard let value = value else { return "No colour provided" }
         let string = value.replacingOccurrences(of: "#", with: "")

diff --git a/Tests/ConfigTests/ConfigurationPropertyTests.swift b/Tests/ConfigTests/ConfigurationPropertyTests.swift
@@ -348,14 +348,24 @@ class ConfigurationPropertyTests: XCTestCase {
     }
 
     func testItCanWriteAnEnvironmentVariableProperty() throws {
-        // Set an environment variable using the libc API
-        setenv("SOMETHING", "testValue", 1)
+        when(environmentVariableNamed: "SOMETHING", hasValue: "testValue")
         let property = ConfigurationProperty<String>(key: "test", typeHint: "EnvironmentVariable", dict: ["defaultValue": "SOMETHING"])
         let expectedValue = ##"    static let test: String = #"testValue"#"##
         let actualValue = try whenTheDeclarationIsWritten(for: property)
         expect(actualValue).to(equal(expectedValue))
     }
 
+    func testItCanWriteAnEncryptedEnvironmentVariableProperty() throws {
+        // Note: this test doesn't test the encryption itself, that test will be written elsewhere
+        when(environmentVariableNamed: "SOMETHING_SECRET", hasValue: "secretValue")
+        let property = ConfigurationProperty<String>(key: "test",
+                                                     typeHint: "EncryptedEnvironmentVariable",
+                                                     dict: ["defaultValue": "SOMETHING_SECRET"])
+        let expectedValue = "    static let test: [UInt8] = ["
+        let actualValue = try whenTheDeclarationIsWritten(for: property, encryptionKey: "testKey")
+        expect(actualValue).to(beginWith(expectedValue))
+    }
+
     func testItCanUseCommonPatternsForOverrides() throws {
         let dict: [String: Any] = [
             "defaultValue": "test value",
@@ -368,4 +378,9 @@ class ConfigurationPropertyTests: XCTestCase {
         let actualValue = try whenTheDeclarationIsWritten(for: property, scheme: "gary")
         expect(actualValue).to(equal(expectedValue))
     }
+
+    private func when(environmentVariableNamed environmentVariableName: String, hasValue value: String) {
+        // Set an environment variable using the libc API
+        setenv(environmentVariableName, value, 1)
+    }
 }