summaryrefslogtreecommitdiff
path: root/spec/initializers
diff options
context:
space:
mode:
authorSean McGivern <sean@gitlab.com>2016-07-17 11:01:38 +0100
committerSean McGivern <sean@gitlab.com>2016-08-03 15:48:47 +0100
commit379c2cbcbd1544a1f80135c491937dabb04821df (patch)
tree5556613ff3f3ed598dc893e44399c816073eeca5 /spec/initializers
parent405379bbfcb7821b3dae77e5254362f2d696bb7d (diff)
downloadgitlab-ce-379c2cbcbd1544a1f80135c491937dabb04821df.tar.gz
Store all secret keys in secrets.yml
Move the last secret from .secret to config/secrets.yml, and delete .secret if it exists.
Diffstat (limited to 'spec/initializers')
-rw-r--r--spec/initializers/secret_token_spec.rb69
1 files changed, 36 insertions, 33 deletions
diff --git a/spec/initializers/secret_token_spec.rb b/spec/initializers/secret_token_spec.rb
index 063d1cdd447..aa97a8e1d42 100644
--- a/spec/initializers/secret_token_spec.rb
+++ b/spec/initializers/secret_token_spec.rb
@@ -2,37 +2,36 @@ require 'spec_helper'
require_relative '../../config/initializers/secret_token'
describe 'create_tokens', lib: true do
- let(:config) { ActiveSupport::OrderedOptions.new }
let(:secrets) { ActiveSupport::OrderedOptions.new }
before do
allow(ENV).to receive(:[]).and_call_original
allow(File).to receive(:write)
- allow(Rails).to receive_message_chain(:application, :config).and_return(config)
+ allow(File).to receive(:delete)
allow(Rails).to receive_message_chain(:application, :secrets).and_return(secrets)
allow(Rails).to receive_message_chain(:root, :join) { |string| string }
end
- context 'setting otp_key_base' do
+ context 'setting secret_key_base and otp_key_base' do
context 'when none of the secrets exist' do
before do
allow(ENV).to receive(:[]).with('SECRET_KEY_BASE').and_return(nil)
allow(File).to receive(:exist?).with('.secret').and_return(false)
allow(File).to receive(:exist?).with('config/secrets.yml').and_return(false)
- allow(File).to receive(:write)
allow(self).to receive(:warn_missing_secret)
end
it 'generates different secrets for secret_key_base, otp_key_base, and db_key_base' do
create_tokens
- keys = [config.secret_key_base, secrets.otp_key_base, secrets.db_key_base]
+ keys = secrets.values_at(:secret_key_base, :otp_key_base, :db_key_base)
expect(keys.uniq).to eq(keys)
expect(keys.map(&:length)).to all(eq(128))
end
it 'warns about the secrets to add to secrets.yml' do
+ expect(self).to receive(:warn_missing_secret).with('secret_key_base')
expect(self).to receive(:warn_missing_secret).with('otp_key_base')
expect(self).to receive(:warn_missing_secret).with('db_key_base')
@@ -41,25 +40,20 @@ describe 'create_tokens', lib: true do
it 'writes the secrets to secrets.yml' do
expect(File).to receive(:write).with('config/secrets.yml', any_args) do |filename, contents, options|
- new_secrets_yml = YAML.load(contents)
+ new_secrets = YAML.load(contents)[Rails.env]
- expect(new_secrets_yml['test']['otp_key_base']).to eq(secrets.otp_key_base)
- expect(new_secrets_yml['test']['db_key_base']).to eq(secrets.db_key_base)
+ expect(new_secrets['secret_key_base']).to eq(secrets.secret_key_base)
+ expect(new_secrets['otp_key_base']).to eq(secrets.otp_key_base)
+ expect(new_secrets['db_key_base']).to eq(secrets.db_key_base)
end
create_tokens
end
- it 'writes the secret_key_base to .secret' do
- secret_key_base = nil
-
- expect(File).to receive(:write).with('.secret', any_args) do |filename, contents|
- secret_key_base = contents
- end
+ it 'does not write a .secret file' do
+ expect(File).not_to receive(:write).with('.secret')
create_tokens
-
- expect(secret_key_base).to eq(config.secret_key_base)
end
end
@@ -72,8 +66,11 @@ describe 'create_tokens', lib: true do
allow(File).to receive(:read).with('.secret').and_return('file_key')
end
- context 'when the otp_key_base secret exists' do
- before { secrets.otp_key_base = 'otp_key_base' }
+ context 'when secret_key_base and otp_key_base exist' do
+ before do
+ secrets.secret_key_base = 'secret_key_base'
+ secrets.otp_key_base = 'otp_key_base'
+ end
it 'does not write any files' do
expect(File).not_to receive(:write)
@@ -81,22 +78,22 @@ describe 'create_tokens', lib: true do
create_tokens
end
- it 'does not generate any new keys' do
- expect(SecureRandom).not_to receive(:hex)
-
- create_tokens
- end
-
- it 'sets the the keys to the values from the environment and secrets.yml' do
+ it 'sets the the keys to the values from secrets.yml' do
create_tokens
- expect(config.secret_key_base).to eq('env_key')
+ expect(secrets.secret_key_base).to eq('secret_key_base')
expect(secrets.otp_key_base).to eq('otp_key_base')
expect(secrets.db_key_base).to eq('db_key_base')
end
+
+ it 'deletes the .secret file' do
+ expect(File).to receive(:delete).with('.secret')
+
+ create_tokens
+ end
end
- context 'when the otp_key_base secret does not exist' do
+ context 'when secret_key_base and otp_key_base do not exist' do
before do
allow(File).to receive(:exist?).with('config/secrets.yml').and_return(true)
allow(YAML).to receive(:load_file).with('config/secrets.yml').and_return('test' => secrets.to_h.stringify_keys)
@@ -104,12 +101,12 @@ describe 'create_tokens', lib: true do
end
it 'uses the env secret' do
- expect(SecureRandom).not_to receive(:hex)
expect(File).to receive(:write) do |filename, contents, options|
- new_secrets_yml = YAML.load(contents)
+ new_secrets = YAML.load(contents)[Rails.env]
- expect(new_secrets_yml['test']['otp_key_base']).to eq('env_key')
- expect(new_secrets_yml['test']['db_key_base']).to eq('db_key_base')
+ expect(new_secrets['secret_key_base']).to eq('env_key')
+ expect(new_secrets['otp_key_base']).to eq('env_key')
+ expect(new_secrets['db_key_base']).to eq('db_key_base')
end
create_tokens
@@ -120,15 +117,21 @@ describe 'create_tokens', lib: true do
it 'keeps the other secrets as they were' do
create_tokens
- expect(config.secret_key_base).to eq('env_key')
expect(secrets.db_key_base).to eq('db_key_base')
end
- it 'warns about the missing secret' do
+ it 'warns about the missing secrets' do
+ expect(self).to receive(:warn_missing_secret).with('secret_key_base')
expect(self).to receive(:warn_missing_secret).with('otp_key_base')
create_tokens
end
+
+ it 'deletes the .secret file' do
+ expect(File).to receive(:delete).with('.secret')
+
+ create_tokens
+ end
end
end
end