Zero downtime 2.0

.rubocop.yml

@@ -0,0 +1,11 @@
+inherit_from: .rubocop_todo.yml
+
+AllCops:
+  Exclude:
+    - 'bin/*'
+
+Style/Documentation:
+  Enabled: false
+
+Metrics/MethodLength:
+  Max: 15

.rubocop_todo.yml

@@ -0,0 +1,227 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2018-04-12 15:40:01 +0300 using RuboCop version 0.54.0.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 16
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: empty_lines, no_empty_lines
+Layout/EmptyLinesAroundBlockBody:
+  Exclude:
+    - 'spec/transcryptor/active_record/adapter_spec.rb'
+    - 'spec/transcryptor/active_record/re_encrypt_statement_spec.rb'
+    - 'spec/transcryptor/data_mapper/adapter_spec.rb'
+    - 'spec/transcryptor/instance_spec.rb'
+    - 'spec/transcryptor_spec.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: AllowForAlignment, ForceEqualSignAlignment.
+Layout/ExtraSpacing:
+  Exclude:
+    - 'lib/transcryptor/migration/specify_latest_version.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: AllowForAlignment.
+Layout/SpaceAroundOperators:
+  Exclude:
+    - 'lib/transcryptor/migration/specify_latest_version.rb'
+
+# Offense count: 2
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, EnforcedStyleForEmptyBraces.
+# SupportedStyles: space, no_space
+# SupportedStylesForEmptyBraces: space, no_space
+Layout/SpaceBeforeBlockBraces:
+  Exclude:
+    - 'spec/transcryptor/abstract_adapter_spec.rb'
+
+# Offense count: 2
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: require_no_space, require_space
+Layout/SpaceInLambdaLiteral:
+  Exclude:
+    - 'spec/transcryptor/active_record/re_encrypt_statement_spec.rb'
+
+# Offense count: 2
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, EnforcedStyleForEmptyBraces.
+# SupportedStyles: space, no_space, compact
+# SupportedStylesForEmptyBraces: space, no_space
+Layout/SpaceInsideHashLiteralBraces:
+  Exclude:
+    - 'lib/transcryptor/active_record/zero_downtime.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: space, no_space
+Layout/SpaceInsideStringInterpolation:
+  Exclude:
+    - 'lib/transcryptor/abstract_adapter.rb'
+
+# Offense count: 2
+Lint/AmbiguousBlockAssociation:
+  Exclude:
+    - 'spec/transcryptor/migration_spec.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: IgnoreEmptyBlocks, AllowUnusedKeywordArguments.
+Lint/UnusedBlockArgument:
+  Exclude:
+    - 'spec/transcryptor/instance_spec.rb'
+
+# Offense count: 12
+# Configuration parameters: CountComments, ExcludedMethods.
+Metrics/BlockLength:
+  Max: 160
+
+# Offense count: 1
+# Configuration parameters: CountComments.
+Metrics/MethodLength:
+  Max: 19
+
+# Offense count: 2
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, ProceduralMethods, FunctionalMethods, IgnoredMethods.
+# SupportedStyles: line_count_based, semantic, braces_for_chaining
+# ProceduralMethods: benchmark, bm, bmbm, create, each_with_object, measure, new, realtime, tap, with_object
+# FunctionalMethods: let, let!, subject, watch
+# IgnoredMethods: lambda, proc, it
+Style/BlockDelimiters:
+  Exclude:
+    - 'spec/transcryptor/abstract_adapter_spec.rb'
+
+# Offense count: 10
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: braces, no_braces, context_dependent
+Style/BracesAroundHashParameters:
+  Exclude:
+    - 'spec/transcryptor/abstract_adapter_spec.rb'
+    - 'spec/transcryptor/active_record/adapter_spec.rb'
+    - 'spec/transcryptor/data_mapper/adapter_spec.rb'
+    - 'spec/transcryptor/data_mapper/re_encrypt_statement_spec.rb'
+
+# Offense count: 16
+# Cop supports --auto-correct.
+# Configuration parameters: AutoCorrect, EnforcedStyle.
+# SupportedStyles: nested, compact
+Style/ClassAndModuleChildren:
+  Enabled: false
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: empty, nil, both
+Style/EmptyElse:
+  Exclude:
+    - 'lib/transcryptor/attr_encrypted/column_names.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Style/EmptyLambdaParameter:
+  Exclude:
+    - 'lib/transcryptor/instance.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Style/Encoding:
+  Exclude:
+    - 'lib/transcryptor.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Style/ExpandPathArguments:
+  Exclude:
+    - 'spec/spec_helper.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, UseHashRocketsWithSymbolValues, PreferHashRocketsForNonAlnumEndingSymbols.
+# SupportedStyles: ruby19, hash_rockets, no_mixed_keys, ruby19_no_mixed_keys
+Style/HashSyntax:
+  Exclude:
+    - 'Rakefile'
+
+# Offense count: 2
+# Cop supports --auto-correct.
+# Configuration parameters: Strict.
+Style/NumericLiterals:
+  MinDigits: 15
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Style/RedundantSelf:
+  Exclude:
+    - 'lib/transcryptor/data_mapper/re_encrypt_statement.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: implicit, explicit
+Style/RescueStandardError:
+  Exclude:
+    - 'spec/transcryptor/instance_spec.rb'
+
+# Offense count: 9
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, ConsistentQuotesInMultiline.
+# SupportedStyles: single_quotes, double_quotes
+Style/StringLiterals:
+  Exclude:
+    - 'Rakefile'
+    - 'lib/transcryptor/active_record/adapter.rb'
+    - 'spec/transcryptor/active_record/adapter_spec.rb'
+    - 'spec/transcryptor/active_record/re_encrypt_statement_spec.rb'
+    - 'spec/transcryptor/data_mapper/adapter_spec.rb'
+    - 'spec/transcryptor/instance_spec.rb'
+
+# Offense count: 10
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyleForMultiline.
+# SupportedStylesForMultiline: comma, consistent_comma, no_comma
+Style/TrailingCommaInArguments:
+  Exclude:
+    - 'spec/transcryptor/active_record/adapter_spec.rb'
+    - 'spec/transcryptor/active_record/re_encrypt_statement_spec.rb'
+    - 'spec/transcryptor/data_mapper/adapter_spec.rb'
+    - 'spec/transcryptor/data_mapper/re_encrypt_statement_spec.rb'
+    - 'spec/transcryptor/instance_spec.rb'
+
+# Offense count: 6
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyleForMultiline.
+# SupportedStylesForMultiline: comma, consistent_comma, no_comma
+Style/TrailingCommaInArrayLiteral:
+  Exclude:
+    - 'spec/transcryptor/active_record/re_encrypt_statement_spec.rb'
+
+# Offense count: 3
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyleForMultiline.
+# SupportedStylesForMultiline: comma, consistent_comma, no_comma
+Style/TrailingCommaInHashLiteral:
+  Exclude:
+    - 'lib/transcryptor/instance.rb'
+    - 'spec/transcryptor/instance_spec.rb'
+
+# Offense count: 4
+# Cop supports --auto-correct.
+# Configuration parameters: MinSize, WordRegex.
+# SupportedStyles: percent, brackets
+Style/WordArray:
+  EnforcedStyle: brackets
+
+# Offense count: 65
+# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
+# URISchemes: http, https
+Metrics/LineLength:
+  Max: 175

lib/transcryptor.rb

@@ -12,3 +12,4 @@ module Transcryptor
 require 'transcryptor/attr_encrypted'
 require 'transcryptor/encryption'
 require 'transcryptor/instance'
+require 'transcryptor/migration'

lib/transcryptor/instance.rb

@@ -78,6 +78,7 @@ def initialize_encryption_classes(attribute_name, old_opts, new_opts, transcrypt
     ]
   end
 
+  # rubocop:disable Metrics/MethodLength
   def attr_encrypted_default_options
     {
       prefix:            'encrypted_',
@@ -99,6 +100,7 @@ def attr_encrypted_default_options
       algorithm:         'aes-256-gcm',
     }.freeze
   end
+  # rubocop:enable Metrics/MethodLength
 
   def transcryptor_default_options
     {

lib/transcryptor/migration.rb

@@ -0,0 +1,126 @@
+# frozen_string_literal: true
+
+require 'transcryptor/migration/migrate_encrypted_fields'
+require 'transcryptor/migration/specify_latest_version'
+
+module Transcryptor
+  # Allows ZeroDowntime migration using version columns.
+  # Usage example:
+  # Transcryptor.draw do
+  #   define_encryption User,
+  #     field: :ssn,
+  #     options: {
+  #       key:       '67c3800d1572d9d964a6ff3bd821ed02',
+  #       algorithm: 'aes-256-gcm'
+  #     },
+  #     version: 20180401000000
+  #
+  #   define_encryption User,
+  #     field: :ssn,
+  #     options: {
+  #       key:       '0726c4d149fa59523bc47d592151584b',
+  #       algorithm: 'id-aes192-GCM'
+  #     },
+  #     version: 20180401000001
+  # end
+  class Migration
+    class << self
+      attr_accessor :migrations, :latest_versions
+
+      def draw(&block)
+        @latest_versions = {}
+
+        instance_eval(&block)
+        evaluate_latest_versions!
+        patch_models!
+      end
+
+      private
+
+      def define_encryption(model_class,
+                            field:,
+                            options:,
+                            version:)
+        @migrations ||= {}
+        @migrations[model_class] ||= {}
+        @migrations[model_class][field] ||= {}
+        @migrations[model_class][field][version] = options
+      end
+
+      def evaluate_latest_versions!
+        @migrations.each do |model_class, fields|
+          fields.each do |field, versions|
+            @migrations[model_class][field][:latest_version] ||=
+              versions.keys.max
+          end
+        end
+      end
+
+      # Generates methods for every field's version:
+      # user.ssn
+      # user.ssn_20180401000000
+      # user.ssn_20180401000001
+      # user.ssn_20180401000002
+      def patch_models!
+        migrations.each do |model_class, fields|
+          generate_versioned_fields_if_needed!(model_class, fields)
+
+          model_class.instance_eval do
+            after_find :migrate_encrypted_fields!
+            after_initialize :specify_latest_version!, if: :new_record?
+          end
+
+          model_class.class_eval do
+            include Transcryptor::Migration::MigrateEncryptedFields
+            include Transcryptor::Migration::SpecifyLatestVersion
+          end
+        end
+      end
+
+      def generate_versioned_fields_if_needed!(model_class, fields)
+        fields.each do |field, versions|
+          versions.each do |version, opts|
+            next if version == :latest_version
+
+            generate_versioned_fields!(model_class, field, version, opts)
+          end
+        end
+      end
+
+      def generate_versioned_fields!(model_class, field, version, opts)
+        versioned_field = "#{field}_#{version}".to_sym
+        model_class.instance_eval do
+          attr_encrypted versioned_field, **opts
+        end
+
+        curr_field_name = get_field_name(field, model_class)
+        vers_field_name = get_field_name(versioned_field, model_class)
+
+        redefine_versioned_fields!(
+          model_class, vers_field_name, curr_field_name
+        )
+      end
+
+      def redefine_versioned_fields!(model_class,
+                                     vers_field_name,
+                                     curr_field_name)
+        model_class.class_eval do
+          define_method(vers_field_name) { public_send(curr_field_name) }
+
+          define_method("#{vers_field_name}_iv") do
+            public_send("#{curr_field_name}_iv")
+          end
+
+          define_method("#{vers_field_name}_salt") do
+            public_send("#{curr_field_name}_salt")
+          end
+        end
+      end
+
+      def get_field_name(field, model_class)
+        opts = model_class.encrypted_attributes[field]
+        "#{opts[:prefix]}#{field}#{opts[:suffix]}"
+      end
+    end
+  end
+end