diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-01 00:09:16 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-01 00:09:16 +0300 |
commit | 2ddcd634fc74d894b243694582fdf58cf5fb3c2a (patch) | |
tree | 632d56475fca27be71f240dc54e82de1b2d55ce9 /spec/initializers/secret_token_spec.rb | |
parent | ace0df53d3ed38344b470727d430484d24eeb798 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/initializers/secret_token_spec.rb')
-rw-r--r-- | spec/initializers/secret_token_spec.rb | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/spec/initializers/secret_token_spec.rb b/spec/initializers/secret_token_spec.rb index 51a14aca4ad..ab16dbad3fc 100644 --- a/spec/initializers/secret_token_spec.rb +++ b/spec/initializers/secret_token_spec.rb @@ -24,7 +24,7 @@ RSpec.describe 'create_tokens' do describe 'ensure acknowledged secrets in any installations' do let(:acknowledged_secrets) do - %w[secret_key_base otp_key_base db_key_base openid_connect_signing_key] + %w[secret_key_base otp_key_base db_key_base openid_connect_signing_key encrypted_settings_key_base rotated_encrypted_settings_key_base] end it 'does not allow to add a new secret without a proper handling' do @@ -90,6 +90,7 @@ RSpec.describe 'create_tokens' do expect(new_secrets['otp_key_base']).to eq(secrets.otp_key_base) expect(new_secrets['db_key_base']).to eq(secrets.db_key_base) expect(new_secrets['openid_connect_signing_key']).to eq(secrets.openid_connect_signing_key) + expect(new_secrets['encrypted_settings_key_base']).to eq(secrets.encrypted_settings_key_base) end create_tokens @@ -106,6 +107,7 @@ RSpec.describe 'create_tokens' do before do secrets.db_key_base = 'db_key_base' secrets.openid_connect_signing_key = 'openid_connect_signing_key' + secrets.encrypted_settings_key_base = 'encrypted_settings_key_base' allow(File).to receive(:exist?).with('.secret').and_return(true) stub_file_read('.secret', content: 'file_key') @@ -158,6 +160,7 @@ RSpec.describe 'create_tokens' do expect(secrets.otp_key_base).to eq('otp_key_base') expect(secrets.db_key_base).to eq('db_key_base') expect(secrets.openid_connect_signing_key).to eq('openid_connect_signing_key') + expect(secrets.encrypted_settings_key_base).to eq('encrypted_settings_key_base') end it 'deletes the .secret file' do @@ -208,12 +211,34 @@ RSpec.describe 'create_tokens' do create_tokens end end + + context 'when rotated_encrypted_settings_key_base does not exist' do + before do + secrets.secret_key_base = 'secret_key_base' + secrets.otp_key_base = 'otp_key_base' + secrets.openid_connect_signing_key = 'openid_connect_signing_key' + secrets.encrypted_settings_key_base = 'encrypted_settings_key_base' + end + + it 'does not warn about the missing secrets' do + expect(self).not_to receive(:warn_missing_secret).with('rotated_encrypted_settings_key_base') + + create_tokens + end + + it 'does not update secrets.yml' do + expect(File).not_to receive(:write) + + create_tokens + end + end end context 'when db_key_base is blank but exists in secrets.yml' do before do secrets.otp_key_base = 'otp_key_base' secrets.secret_key_base = 'secret_key_base' + secrets.encrypted_settings_key_base = 'encrypted_settings_key_base' yaml_secrets = secrets.to_h.stringify_keys.merge('db_key_base' => '<%= an_erb_expression %>') allow(File).to receive(:exist?).with('.secret').and_return(false) |