blob: 6a1a7473f4a27299b3fe57c0e3ec36373fd2c09d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
# frozen_string_literal: true
require 'rake_helper'
RSpec.describe 'gitlab:service_desk_email:secret rake tasks', :silence_stdout, feature_category: :build do
let(:encrypted_secret_file_dir) { Pathname.new(Dir.mktmpdir) }
let(:encrypted_secret_file) { encrypted_secret_file_dir.join('service_desk_email.yaml.enc') }
before do
Rake.application.rake_require 'tasks/gitlab/service_desk_email'
stub_env('EDITOR', 'cat')
stub_warn_user_is_not_gitlab
FileUtils.mkdir_p('tmp/tests/service_desk_email_enc/')
allow(Gitlab.config.service_desk_email).to receive(:encrypted_secret_file).and_return(encrypted_secret_file)
allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(SecureRandom.hex(64))
end
after do
FileUtils.rm_rf(Rails.root.join('tmp/tests/service_desk_email_enc'))
end
describe ':show' do
it 'displays error when file does not exist' do
expect { run_rake_task('gitlab:service_desk_email:secret:show') }.to \
output(/File .* does not exist. Use `gitlab-rake gitlab:service_desk_email:secret:edit` to change that./) \
.to_stdout
end
it 'displays error when key does not exist' do
Settings.encrypted(encrypted_secret_file).write('somevalue')
allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(nil)
expect { run_rake_task('gitlab:service_desk_email:secret:show') }.to \
output(/Missing encryption key encrypted_settings_key_base./).to_stderr
end
it 'displays error when key is changed' do
Settings.encrypted(encrypted_secret_file).write('somevalue')
allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(SecureRandom.hex(64))
expect { run_rake_task('gitlab:service_desk_email:secret:show') }.to \
output(/Couldn't decrypt .* Perhaps you passed the wrong key?/).to_stderr
end
it 'outputs the unencrypted content when present' do
encrypted = Settings.encrypted(encrypted_secret_file)
encrypted.write('somevalue')
expect { run_rake_task('gitlab:service_desk_email:secret:show') }.to output(/somevalue/).to_stdout
end
end
describe 'edit' do
it 'creates encrypted file' do
expect { run_rake_task('gitlab:service_desk_email:secret:edit') }.to \
output(/File encrypted and saved./).to_stdout
expect(File.exist?(encrypted_secret_file)).to be true
value = Settings.encrypted(encrypted_secret_file)
expect(value.read).to match(/password: '123'/)
end
it 'displays error when key does not exist' do
allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(nil)
expect { run_rake_task('gitlab:service_desk_email:secret:edit') }.to \
output(/Missing encryption key encrypted_settings_key_base./).to_stderr
end
it 'displays error when key is changed' do
Settings.encrypted(encrypted_secret_file).write('somevalue')
allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(SecureRandom.hex(64))
expect { run_rake_task('gitlab:service_desk_email:secret:edit') }.to \
output(/Couldn't decrypt .* Perhaps you passed the wrong key?/).to_stderr
end
it 'displays error when write directory does not exist' do
FileUtils.rm_rf(encrypted_secret_file_dir)
expect { run_rake_task('gitlab:service_desk_email:secret:edit') }.to \
output(/Directory .* does not exist./).to_stderr
end
it 'shows a warning when content is invalid' do
Settings.encrypted(encrypted_secret_file).write('somevalue')
expect { run_rake_task('gitlab:service_desk_email:secret:edit') }.to \
output(/WARNING: Content was not a valid SERVICE_DESK_EMAIL secret yml file/).to_stdout
value = Settings.encrypted(encrypted_secret_file)
expect(value.read).to match(/somevalue/)
end
it 'displays error when $EDITOR is not set' do
stub_env('EDITOR', nil)
expect { run_rake_task('gitlab:service_desk_email:secret:edit') }.to \
output(/No \$EDITOR specified to open file. Please provide one when running the command/).to_stderr
end
end
describe 'write' do
before do
allow($stdin).to receive(:tty?).and_return(false)
allow($stdin).to receive(:read).and_return('username: foo')
end
it 'creates encrypted file from stdin' do
expect { run_rake_task('gitlab:service_desk_email:secret:write') }.to \
output(/File encrypted and saved./).to_stdout
expect(File.exist?(encrypted_secret_file)).to be true
value = Settings.encrypted(encrypted_secret_file)
expect(value.read).to match(/username: foo/)
end
it 'displays error when key does not exist' do
allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(nil)
expect { run_rake_task('gitlab:service_desk_email:secret:write') }.to \
output(/Missing encryption key encrypted_settings_key_base./).to_stderr
end
it 'displays error when write directory does not exist' do
FileUtils.rm_rf(encrypted_secret_file_dir)
expect { run_rake_task('gitlab:service_desk_email:secret:write') }.to \
output(/Directory .* does not exist./).to_stderr
end
it 'shows a warning when content is invalid' do
Settings.encrypted(encrypted_secret_file).write('somevalue')
expect { run_rake_task('gitlab:service_desk_email:secret:edit') }.to \
output(/WARNING: Content was not a valid SERVICE_DESK_EMAIL secret yml file/).to_stdout
value = Settings.encrypted(encrypted_secret_file)
expect(value.read).to match(/somevalue/)
end
end
end
|