summaryrefslogtreecommitdiff
path: root/spec/initializers/secret_token_spec.rb
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-07-20 12:26:25 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2020-07-20 12:26:25 +0000
commita09983ae35713f5a2bbb100981116d31ce99826e (patch)
tree2ee2af7bd104d57086db360a7e6d8c9d5d43667a /spec/initializers/secret_token_spec.rb
parent18c5ab32b738c0b6ecb4d0df3994000482f34bd8 (diff)
downloadgitlab-ce-a09983ae35713f5a2bbb100981116d31ce99826e.tar.gz
Add latest changes from gitlab-org/gitlab@13-2-stable-ee
Diffstat (limited to 'spec/initializers/secret_token_spec.rb')
-rw-r--r--spec/initializers/secret_token_spec.rb26
1 files changed, 25 insertions, 1 deletions
diff --git a/spec/initializers/secret_token_spec.rb b/spec/initializers/secret_token_spec.rb
index b7979144c72..362371e0962 100644
--- a/spec/initializers/secret_token_spec.rb
+++ b/spec/initializers/secret_token_spec.rb
@@ -3,7 +3,7 @@
require 'spec_helper'
require_relative '../../config/initializers/01_secret_token'
-describe 'create_tokens' do
+RSpec.describe 'create_tokens' do
include StubENV
let(:secrets) { ActiveSupport::OrderedOptions.new }
@@ -19,6 +19,30 @@ describe 'create_tokens' do
allow(self).to receive(:exit)
end
+ describe 'ensure acknowledged secrets in any installations' do
+ let(:acknowledged_secrets) do
+ %w[secret_key_base otp_key_base db_key_base openid_connect_signing_key]
+ end
+
+ it 'does not allow to add a new secret without a proper handling' do
+ create_tokens
+
+ secrets_hash = YAML.load_file(Rails.root.join('config/secrets.yml'))
+
+ secrets_hash.each do |environment, secrets|
+ new_secrets = secrets.keys - acknowledged_secrets
+
+ expect(new_secrets).to be_empty,
+ <<~EOS
+ CAUTION:
+ It looks like you have just added new secret(s) #{new_secrets.inspect} to the secrets.yml.
+ Please read the development guide for GitLab secrets at doc/development/application_secrets.md before you proceed this change.
+ If you're absolutely sure that the change is safe, please add the new secrets to the 'acknowledged_secrets' in order to silence this warning.
+ EOS
+ end
+ end
+ end
+
context 'setting secret keys' do
context 'when none of the secrets exist' do
before do