From d081e00aa79079792b040af3323883f1f43830c5 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 24 Jun 2020 12:09:24 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 spec/initializers/secret_token_spec.rb | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'spec/initializers/secret_token_spec.rb')

diff --git a/spec/initializers/secret_token_spec.rb b/spec/initializers/secret_token_spec.rb
index a9360e10ee0..362371e0962 100644
--- a/spec/initializers/secret_token_spec.rb
+++ b/spec/initializers/secret_token_spec.rb
@@ -19,6 +19,30 @@ RSpec.describe 'create_tokens' do
     allow(self).to receive(:exit)
   end
 
+  describe 'ensure acknowledged secrets in any installations' do
+    let(:acknowledged_secrets) do
+      %w[secret_key_base otp_key_base db_key_base openid_connect_signing_key]
+    end
+
+    it 'does not allow to add a new secret without a proper handling' do
+      create_tokens
+
+      secrets_hash = YAML.load_file(Rails.root.join('config/secrets.yml'))
+
+      secrets_hash.each do |environment, secrets|
+        new_secrets = secrets.keys - acknowledged_secrets
+
+        expect(new_secrets).to be_empty,
+         <<~EOS
+           CAUTION:
+           It looks like you have just added new secret(s) #{new_secrets.inspect} to the secrets.yml.
+           Please read the development guide for GitLab secrets at doc/development/application_secrets.md before you proceed this change.
+           If you're absolutely sure that the change is safe, please add the new secrets to the 'acknowledged_secrets' in order to silence this warning.
+         EOS
+      end
+    end
+  end
+
   context 'setting secret keys' do
     context 'when none of the secrets exist' do
       before do
-- 
cgit v1.2.3