Add latest changes from gitlab-org/gitlab@master

2 files changed, 249 insertions, 0 deletions

diff --git a/spec/tasks/gitlab/incoming_email_rake_spec.rb b/spec/tasks/gitlab/incoming_email_rake_spec.rb
new file mode 100644
index 00000000000..3e1cc663ddb
--- /dev/null
+++ b/spec/tasks/gitlab/incoming_email_rake_spec.rb
@@ -0,0 +1,122 @@
+# frozen_string_literal: true
+
+require 'rake_helper'
+
+RSpec.describe 'gitlab:incoming_email:secret rake tasks', :silence_stdout, feature_category: :build do
+  let(:encrypted_secret_file_dir) { Pathname.new(Dir.mktmpdir) }
+  let(:encrypted_secret_file) { encrypted_secret_file_dir.join('incoming_email.yaml.enc') }
+
+  before do
+    Rake.application.rake_require 'tasks/gitlab/incoming_email'
+    stub_env('EDITOR', 'cat')
+    stub_warn_user_is_not_gitlab
+    allow(Gitlab.config.incoming_email).to receive(:encrypted_secret_file).and_return(encrypted_secret_file)
+    allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(SecureRandom.hex(64))
+  end
+
+  after do
+    FileUtils.rm_rf(Rails.root.join('tmp/tests/incoming_email_enc'))
+  end
+
+  describe ':show' do
+    it 'displays error when file does not exist' do
+      expect { run_rake_task('gitlab:incoming_email:secret:show') }.to \
+        output(/File .* does not exist. Use `gitlab-rake gitlab:incoming_email:secret:edit` to change that./).to_stdout
+    end
+
+    it 'displays error when key does not exist' do
+      Settings.encrypted(encrypted_secret_file).write('somevalue')
+      allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(nil)
+      expect { run_rake_task('gitlab:incoming_email:secret:show') }.to \
+        output(/Missing encryption key encrypted_settings_key_base./).to_stderr
+    end
+
+    it 'displays error when key is changed' do
+      Settings.encrypted(encrypted_secret_file).write('somevalue')
+      allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(SecureRandom.hex(64))
+      expect { run_rake_task('gitlab:incoming_email:secret:show') }.to \
+        output(/Couldn't decrypt .* Perhaps you passed the wrong key?/).to_stderr
+    end
+
+    it 'outputs the unencrypted content when present' do
+      encrypted = Settings.encrypted(encrypted_secret_file)
+      encrypted.write('somevalue')
+      expect { run_rake_task('gitlab:incoming_email:secret:show') }.to output(/somevalue/).to_stdout
+    end
+  end
+
+  describe 'edit' do
+    it 'creates encrypted file' do
+      expect { run_rake_task('gitlab:incoming_email:secret:edit') }.to output(/File encrypted and saved./).to_stdout
+      expect(File.exist?(encrypted_secret_file)).to be true
+      value = Settings.encrypted(encrypted_secret_file)
+      expect(value.read).to match(/password: '123'/)
+    end
+
+    it 'displays error when key does not exist' do
+      allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(nil)
+      expect { run_rake_task('gitlab:incoming_email:secret:edit') }.to \
+        output(/Missing encryption key encrypted_settings_key_base./).to_stderr
+    end
+
+    it 'displays error when key is changed' do
+      Settings.encrypted(encrypted_secret_file).write('somevalue')
+      allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(SecureRandom.hex(64))
+      expect { run_rake_task('gitlab:incoming_email:secret:edit') }.to \
+        output(/Couldn't decrypt .* Perhaps you passed the wrong key?/).to_stderr
+    end
+
+    it 'displays error when write directory does not exist' do
+      FileUtils.rm_rf(encrypted_secret_file_dir)
+      expect { run_rake_task('gitlab:incoming_email:secret:edit') }.to \
+        output(/Directory .* does not exist./).to_stderr
+    end
+
+    it 'shows a warning when content is invalid' do
+      Settings.encrypted(encrypted_secret_file).write('somevalue')
+      expect { run_rake_task('gitlab:incoming_email:secret:edit') }.to \
+        output(/WARNING: Content was not a valid INCOMING_EMAIL secret yml file/).to_stdout
+      value = Settings.encrypted(encrypted_secret_file)
+      expect(value.read).to match(/somevalue/)
+    end
+
+    it 'displays error when $EDITOR is not set' do
+      stub_env('EDITOR', nil)
+      expect { run_rake_task('gitlab:incoming_email:secret:edit') }.to \
+        output(/No \$EDITOR specified to open file. Please provide one when running the command/).to_stderr
+    end
+  end
+
+  describe 'write' do
+    before do
+      allow($stdin).to receive(:tty?).and_return(false)
+      allow($stdin).to receive(:read).and_return('username: foo')
+    end
+
+    it 'creates encrypted file from stdin' do
+      expect { run_rake_task('gitlab:incoming_email:secret:write') }.to output(/File encrypted and saved./).to_stdout
+      expect(File.exist?(encrypted_secret_file)).to be true
+      value = Settings.encrypted(encrypted_secret_file)
+      expect(value.read).to match(/username: foo/)
+    end
+
+    it 'displays error when key does not exist' do
+      allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(nil)
+      expect { run_rake_task('gitlab:incoming_email:secret:write') }.to \
+        output(/Missing encryption key encrypted_settings_key_base./).to_stderr
+    end
+
+    it 'displays error when write directory does not exist' do
+      FileUtils.rm_rf(encrypted_secret_file_dir)
+      expect { run_rake_task('gitlab:incoming_email:secret:write') }.to output(/Directory .* does not exist./).to_stderr
+    end
+
+    it 'shows a warning when content is invalid' do
+      Settings.encrypted(encrypted_secret_file).write('somevalue')
+      expect { run_rake_task('gitlab:incoming_email:secret:edit') }.to \
+        output(/WARNING: Content was not a valid INCOMING_EMAIL secret yml file/).to_stdout
+      value = Settings.encrypted(encrypted_secret_file)
+      expect(value.read).to match(/somevalue/)
+    end
+  end
+end
diff --git a/spec/tasks/gitlab/service_desk_email_rake_spec.rb b/spec/tasks/gitlab/service_desk_email_rake_spec.rb
new file mode 100644
index 00000000000..6a1a7473f4a
--- /dev/null
+++ b/spec/tasks/gitlab/service_desk_email_rake_spec.rb
@@ -0,0 +1,127 @@
+# frozen_string_literal: true
+
+require 'rake_helper'
+
+RSpec.describe 'gitlab:service_desk_email:secret rake tasks', :silence_stdout, feature_category: :build do
+  let(:encrypted_secret_file_dir) { Pathname.new(Dir.mktmpdir) }
+  let(:encrypted_secret_file) { encrypted_secret_file_dir.join('service_desk_email.yaml.enc') }
+
+  before do
+    Rake.application.rake_require 'tasks/gitlab/service_desk_email'
+    stub_env('EDITOR', 'cat')
+    stub_warn_user_is_not_gitlab
+    FileUtils.mkdir_p('tmp/tests/service_desk_email_enc/')
+    allow(Gitlab.config.service_desk_email).to receive(:encrypted_secret_file).and_return(encrypted_secret_file)
+    allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(SecureRandom.hex(64))
+  end
+
+  after do
+    FileUtils.rm_rf(Rails.root.join('tmp/tests/service_desk_email_enc'))
+  end
+
+  describe ':show' do
+    it 'displays error when file does not exist' do
+      expect { run_rake_task('gitlab:service_desk_email:secret:show') }.to \
+        output(/File .* does not exist. Use `gitlab-rake gitlab:service_desk_email:secret:edit` to change that./) \
+        .to_stdout
+    end
+
+    it 'displays error when key does not exist' do
+      Settings.encrypted(encrypted_secret_file).write('somevalue')
+      allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(nil)
+      expect { run_rake_task('gitlab:service_desk_email:secret:show') }.to \
+        output(/Missing encryption key encrypted_settings_key_base./).to_stderr
+    end
+
+    it 'displays error when key is changed' do
+      Settings.encrypted(encrypted_secret_file).write('somevalue')
+      allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(SecureRandom.hex(64))
+      expect { run_rake_task('gitlab:service_desk_email:secret:show') }.to \
+        output(/Couldn't decrypt .* Perhaps you passed the wrong key?/).to_stderr
+    end
+
+    it 'outputs the unencrypted content when present' do
+      encrypted = Settings.encrypted(encrypted_secret_file)
+      encrypted.write('somevalue')
+      expect { run_rake_task('gitlab:service_desk_email:secret:show') }.to output(/somevalue/).to_stdout
+    end
+  end
+
+  describe 'edit' do
+    it 'creates encrypted file' do
+      expect { run_rake_task('gitlab:service_desk_email:secret:edit') }.to \
+        output(/File encrypted and saved./).to_stdout
+      expect(File.exist?(encrypted_secret_file)).to be true
+      value = Settings.encrypted(encrypted_secret_file)
+      expect(value.read).to match(/password: '123'/)
+    end
+
+    it 'displays error when key does not exist' do
+      allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(nil)
+      expect { run_rake_task('gitlab:service_desk_email:secret:edit') }.to \
+        output(/Missing encryption key encrypted_settings_key_base./).to_stderr
+    end
+
+    it 'displays error when key is changed' do
+      Settings.encrypted(encrypted_secret_file).write('somevalue')
+      allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(SecureRandom.hex(64))
+      expect { run_rake_task('gitlab:service_desk_email:secret:edit') }.to \
+        output(/Couldn't decrypt .* Perhaps you passed the wrong key?/).to_stderr
+    end
+
+    it 'displays error when write directory does not exist' do
+      FileUtils.rm_rf(encrypted_secret_file_dir)
+      expect { run_rake_task('gitlab:service_desk_email:secret:edit') }.to \
+        output(/Directory .* does not exist./).to_stderr
+    end
+
+    it 'shows a warning when content is invalid' do
+      Settings.encrypted(encrypted_secret_file).write('somevalue')
+      expect { run_rake_task('gitlab:service_desk_email:secret:edit') }.to \
+        output(/WARNING: Content was not a valid SERVICE_DESK_EMAIL secret yml file/).to_stdout
+      value = Settings.encrypted(encrypted_secret_file)
+      expect(value.read).to match(/somevalue/)
+    end
+
+    it 'displays error when $EDITOR is not set' do
+      stub_env('EDITOR', nil)
+      expect { run_rake_task('gitlab:service_desk_email:secret:edit') }.to \
+        output(/No \$EDITOR specified to open file. Please provide one when running the command/).to_stderr
+    end
+  end
+
+  describe 'write' do
+    before do
+      allow($stdin).to receive(:tty?).and_return(false)
+      allow($stdin).to receive(:read).and_return('username: foo')
+    end
+
+    it 'creates encrypted file from stdin' do
+      expect { run_rake_task('gitlab:service_desk_email:secret:write') }.to \
+        output(/File encrypted and saved./).to_stdout
+      expect(File.exist?(encrypted_secret_file)).to be true
+      value = Settings.encrypted(encrypted_secret_file)
+      expect(value.read).to match(/username: foo/)
+    end
+
+    it 'displays error when key does not exist' do
+      allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(nil)
+      expect { run_rake_task('gitlab:service_desk_email:secret:write') }.to \
+        output(/Missing encryption key encrypted_settings_key_base./).to_stderr
+    end
+
+    it 'displays error when write directory does not exist' do
+      FileUtils.rm_rf(encrypted_secret_file_dir)
+      expect { run_rake_task('gitlab:service_desk_email:secret:write') }.to \
+        output(/Directory .* does not exist./).to_stderr
+    end
+
+    it 'shows a warning when content is invalid' do
+      Settings.encrypted(encrypted_secret_file).write('somevalue')
+      expect { run_rake_task('gitlab:service_desk_email:secret:edit') }.to \
+        output(/WARNING: Content was not a valid SERVICE_DESK_EMAIL secret yml file/).to_stdout
+      value = Settings.encrypted(encrypted_secret_file)
+      expect(value.read).to match(/somevalue/)
+    end
+  end
+end