diff options
author | Sean McGivern <sean@gitlab.com> | 2016-07-17 11:01:38 +0100 |
---|---|---|
committer | Sean McGivern <sean@gitlab.com> | 2016-08-03 15:48:47 +0100 |
commit | 379c2cbcbd1544a1f80135c491937dabb04821df (patch) | |
tree | 5556613ff3f3ed598dc893e44399c816073eeca5 /spec/initializers | |
parent | 405379bbfcb7821b3dae77e5254362f2d696bb7d (diff) | |
download | gitlab-ce-379c2cbcbd1544a1f80135c491937dabb04821df.tar.gz |
Store all secret keys in secrets.yml
Move the last secret from .secret to config/secrets.yml, and delete
.secret if it exists.
Diffstat (limited to 'spec/initializers')
-rw-r--r-- | spec/initializers/secret_token_spec.rb | 69 |
1 files changed, 36 insertions, 33 deletions
diff --git a/spec/initializers/secret_token_spec.rb b/spec/initializers/secret_token_spec.rb index 063d1cdd447..aa97a8e1d42 100644 --- a/spec/initializers/secret_token_spec.rb +++ b/spec/initializers/secret_token_spec.rb @@ -2,37 +2,36 @@ require 'spec_helper' require_relative '../../config/initializers/secret_token' describe 'create_tokens', lib: true do - let(:config) { ActiveSupport::OrderedOptions.new } let(:secrets) { ActiveSupport::OrderedOptions.new } before do allow(ENV).to receive(:[]).and_call_original allow(File).to receive(:write) - allow(Rails).to receive_message_chain(:application, :config).and_return(config) + allow(File).to receive(:delete) allow(Rails).to receive_message_chain(:application, :secrets).and_return(secrets) allow(Rails).to receive_message_chain(:root, :join) { |string| string } end - context 'setting otp_key_base' do + context 'setting secret_key_base and otp_key_base' do context 'when none of the secrets exist' do before do allow(ENV).to receive(:[]).with('SECRET_KEY_BASE').and_return(nil) allow(File).to receive(:exist?).with('.secret').and_return(false) allow(File).to receive(:exist?).with('config/secrets.yml').and_return(false) - allow(File).to receive(:write) allow(self).to receive(:warn_missing_secret) end it 'generates different secrets for secret_key_base, otp_key_base, and db_key_base' do create_tokens - keys = [config.secret_key_base, secrets.otp_key_base, secrets.db_key_base] + keys = secrets.values_at(:secret_key_base, :otp_key_base, :db_key_base) expect(keys.uniq).to eq(keys) expect(keys.map(&:length)).to all(eq(128)) end it 'warns about the secrets to add to secrets.yml' do + expect(self).to receive(:warn_missing_secret).with('secret_key_base') expect(self).to receive(:warn_missing_secret).with('otp_key_base') expect(self).to receive(:warn_missing_secret).with('db_key_base') @@ -41,25 +40,20 @@ describe 'create_tokens', lib: true do it 'writes the secrets to secrets.yml' do expect(File).to receive(:write).with('config/secrets.yml', any_args) do |filename, contents, options| - new_secrets_yml = YAML.load(contents) + new_secrets = YAML.load(contents)[Rails.env] - expect(new_secrets_yml['test']['otp_key_base']).to eq(secrets.otp_key_base) - expect(new_secrets_yml['test']['db_key_base']).to eq(secrets.db_key_base) + expect(new_secrets['secret_key_base']).to eq(secrets.secret_key_base) + expect(new_secrets['otp_key_base']).to eq(secrets.otp_key_base) + expect(new_secrets['db_key_base']).to eq(secrets.db_key_base) end create_tokens end - it 'writes the secret_key_base to .secret' do - secret_key_base = nil - - expect(File).to receive(:write).with('.secret', any_args) do |filename, contents| - secret_key_base = contents - end + it 'does not write a .secret file' do + expect(File).not_to receive(:write).with('.secret') create_tokens - - expect(secret_key_base).to eq(config.secret_key_base) end end @@ -72,8 +66,11 @@ describe 'create_tokens', lib: true do allow(File).to receive(:read).with('.secret').and_return('file_key') end - context 'when the otp_key_base secret exists' do - before { secrets.otp_key_base = 'otp_key_base' } + context 'when secret_key_base and otp_key_base exist' do + before do + secrets.secret_key_base = 'secret_key_base' + secrets.otp_key_base = 'otp_key_base' + end it 'does not write any files' do expect(File).not_to receive(:write) @@ -81,22 +78,22 @@ describe 'create_tokens', lib: true do create_tokens end - it 'does not generate any new keys' do - expect(SecureRandom).not_to receive(:hex) - - create_tokens - end - - it 'sets the the keys to the values from the environment and secrets.yml' do + it 'sets the the keys to the values from secrets.yml' do create_tokens - expect(config.secret_key_base).to eq('env_key') + expect(secrets.secret_key_base).to eq('secret_key_base') expect(secrets.otp_key_base).to eq('otp_key_base') expect(secrets.db_key_base).to eq('db_key_base') end + + it 'deletes the .secret file' do + expect(File).to receive(:delete).with('.secret') + + create_tokens + end end - context 'when the otp_key_base secret does not exist' do + context 'when secret_key_base and otp_key_base do not exist' do before do allow(File).to receive(:exist?).with('config/secrets.yml').and_return(true) allow(YAML).to receive(:load_file).with('config/secrets.yml').and_return('test' => secrets.to_h.stringify_keys) @@ -104,12 +101,12 @@ describe 'create_tokens', lib: true do end it 'uses the env secret' do - expect(SecureRandom).not_to receive(:hex) expect(File).to receive(:write) do |filename, contents, options| - new_secrets_yml = YAML.load(contents) + new_secrets = YAML.load(contents)[Rails.env] - expect(new_secrets_yml['test']['otp_key_base']).to eq('env_key') - expect(new_secrets_yml['test']['db_key_base']).to eq('db_key_base') + expect(new_secrets['secret_key_base']).to eq('env_key') + expect(new_secrets['otp_key_base']).to eq('env_key') + expect(new_secrets['db_key_base']).to eq('db_key_base') end create_tokens @@ -120,15 +117,21 @@ describe 'create_tokens', lib: true do it 'keeps the other secrets as they were' do create_tokens - expect(config.secret_key_base).to eq('env_key') expect(secrets.db_key_base).to eq('db_key_base') end - it 'warns about the missing secret' do + it 'warns about the missing secrets' do + expect(self).to receive(:warn_missing_secret).with('secret_key_base') expect(self).to receive(:warn_missing_secret).with('otp_key_base') create_tokens end + + it 'deletes the .secret file' do + expect(File).to receive(:delete).with('.secret') + + create_tokens + end end end end |