blob: bfad25be4fd96e5d1fa7ad367f37b3b841ea0f3c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'gitlab:redis:secret rake tasks', :silence_stdout, feature_category: :build do
let(:redis_secret_file) { 'tmp/tests/redisenc/redis_secret.yaml.enc' }
before do
Rake.application.rake_require 'tasks/gitlab/redis'
stub_env('EDITOR', 'cat')
stub_warn_user_is_not_gitlab
FileUtils.mkdir_p('tmp/tests/redisenc/')
allow(::Gitlab::Runtime).to receive(:rake?).and_return(true)
allow_next_instance_of(Gitlab::Redis::Cache) do |instance|
allow(instance).to receive(:secret_file).and_return(redis_secret_file)
end
allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(SecureRandom.hex(64))
end
after do
FileUtils.rm_rf(Rails.root.join('tmp/tests/redisenc'))
end
describe ':show' do
it 'displays error when file does not exist' do
expect do
run_rake_task('gitlab:redis:secret:show')
end.to output(/File .* does not exist. Use `gitlab-rake gitlab:redis:secret:edit` to change that./).to_stdout
end
it 'displays error when key does not exist' do
Settings.encrypted(redis_secret_file).write('somevalue')
allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(nil)
expect do
run_rake_task('gitlab:redis:secret:show')
end.to output(/Missing encryption key encrypted_settings_key_base./).to_stderr
end
it 'displays error when key is changed' do
Settings.encrypted(redis_secret_file).write('somevalue')
allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(SecureRandom.hex(64))
expect do
run_rake_task('gitlab:redis:secret:show')
end.to output(/Couldn't decrypt .* Perhaps you passed the wrong key?/).to_stderr
end
it 'outputs the unencrypted content when present' do
encrypted = Settings.encrypted(redis_secret_file)
encrypted.write('somevalue')
expect { run_rake_task('gitlab:redis:secret:show') }.to output(/somevalue/).to_stdout
end
end
describe 'edit' do
it 'creates encrypted file' do
expect { run_rake_task('gitlab:redis:secret:edit') }.to output(/File encrypted and saved./).to_stdout
expect(File.exist?(redis_secret_file)).to be true
value = Settings.encrypted(redis_secret_file)
expect(value.read).to match(/password: '123'/)
end
it 'displays error when key does not exist' do
allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(nil)
expect do
run_rake_task('gitlab:redis:secret:edit')
end.to output(/Missing encryption key encrypted_settings_key_base./).to_stderr
end
it 'displays error when key is changed' do
Settings.encrypted(redis_secret_file).write('somevalue')
allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(SecureRandom.hex(64))
expect do
run_rake_task('gitlab:redis:secret:edit')
end.to output(/Couldn't decrypt .* Perhaps you passed the wrong key?/).to_stderr
end
it 'displays error when write directory does not exist' do
FileUtils.rm_rf(Rails.root.join('tmp/tests/redisenc'))
expect { run_rake_task('gitlab:redis:secret:edit') }.to output(/Directory .* does not exist./).to_stderr
end
it 'shows a warning when content is invalid' do
Settings.encrypted(redis_secret_file).write('somevalue')
expect do
run_rake_task('gitlab:redis:secret:edit')
end.to output(/WARNING: Content was not a valid Redis secret yml file/).to_stdout
value = Settings.encrypted(redis_secret_file)
expect(value.read).to match(/somevalue/)
end
it 'displays error when $EDITOR is not set' do
stub_env('EDITOR', nil)
expect do
run_rake_task('gitlab:redis:secret:edit')
end.to output(/No \$EDITOR specified to open file. Please provide one when running the command/).to_stderr
end
end
describe 'write' do
before do
allow($stdin).to receive(:tty?).and_return(false)
allow($stdin).to receive(:read).and_return('testvalue')
end
it 'creates encrypted file from stdin' do
expect { run_rake_task('gitlab:redis:secret:write') }.to output(/File encrypted and saved./).to_stdout
expect(File.exist?(redis_secret_file)).to be true
value = Settings.encrypted(redis_secret_file)
expect(value.read).to match(/testvalue/)
end
it 'displays error when key does not exist' do
allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(nil)
expect do
run_rake_task('gitlab:redis:secret:write')
end.to output(/Missing encryption key encrypted_settings_key_base./).to_stderr
end
it 'displays error when write directory does not exist' do
FileUtils.rm_rf('tmp/tests/redisenc/')
expect { run_rake_task('gitlab:redis:secret:write') }.to output(/Directory .* does not exist./).to_stderr
end
it 'shows a warning when content is invalid' do
Settings.encrypted(redis_secret_file).write('somevalue')
expect do
run_rake_task('gitlab:redis:secret:edit')
end.to output(/WARNING: Content was not a valid Redis secret yml file/).to_stdout
expect(Settings.encrypted(redis_secret_file).read).to match(/somevalue/)
end
end
context 'when an instance class is specified' do
before do
allow_next_instance_of(Gitlab::Redis::SharedState) do |instance|
allow(instance).to receive(:secret_file).and_return(redis_secret_file)
end
end
context 'when actual name is used' do
it 'uses the correct Redis class' do
expect(Gitlab::Redis::SharedState).to receive(:encrypted_secrets).and_call_original
run_rake_task('gitlab:redis:secret:edit', 'SharedState')
end
end
context 'when name in lowercase is used' do
it 'uses the correct Redis class' do
expect(Gitlab::Redis::SharedState).to receive(:encrypted_secrets).and_call_original
run_rake_task('gitlab:redis:secret:edit', 'sharedstate')
end
end
context 'when name with underscores is used' do
it 'uses the correct Redis class' do
expect(Gitlab::Redis::SharedState).to receive(:encrypted_secrets).and_call_original
run_rake_task('gitlab:redis:secret:edit', 'shared_state')
end
end
context 'when name with hyphens is used' do
it 'uses the correct Redis class' do
expect(Gitlab::Redis::SharedState).to receive(:encrypted_secrets).and_call_original
run_rake_task('gitlab:redis:secret:edit', 'shared-state')
end
end
context 'when name with spaces is used' do
it 'uses the correct Redis class' do
expect(Gitlab::Redis::SharedState).to receive(:encrypted_secrets).and_call_original
run_rake_task('gitlab:redis:secret:edit', 'shared state')
end
end
context 'when an invalid name is used' do
it 'raises error' do
expect do
run_rake_task('gitlab:redis:secret:edit', 'foobar')
end.to raise_error(/Specified instance name foobar does not exist./)
end
end
end
end
|