2017-09-12 04:06:59 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require "isolation/abstract_unit"
|
|
|
|
require "env_helpers"
|
|
|
|
require "rails/command"
|
|
|
|
require "rails/commands/credentials/credentials_command"
|
2019-07-26 09:56:49 -04:00
|
|
|
require "fileutils"
|
2019-07-26 23:37:09 -04:00
|
|
|
require "tempfile"
|
2017-09-12 04:06:59 -04:00
|
|
|
|
|
|
|
class Rails::Command::CredentialsCommandTest < ActiveSupport::TestCase
|
|
|
|
include ActiveSupport::Testing::Isolation, EnvHelpers
|
|
|
|
|
2019-08-03 18:00:16 -04:00
|
|
|
setup :build_app
|
|
|
|
teardown :teardown_app
|
2017-09-12 04:06:59 -04:00
|
|
|
|
2017-09-15 01:31:02 -04:00
|
|
|
test "edit without editor gives hint" do
|
2017-11-14 05:44:23 -05:00
|
|
|
run_edit_command(editor: "").tap do |output|
|
|
|
|
assert_match "No $EDITOR to open file in", output
|
2018-06-26 16:02:51 -04:00
|
|
|
assert_match "rails credentials:edit", output
|
2017-11-14 05:44:23 -05:00
|
|
|
end
|
2017-09-15 01:31:02 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
test "edit credentials" do
|
|
|
|
# Run twice to ensure credentials can be reread after first edit pass.
|
|
|
|
2.times do
|
|
|
|
assert_match(/access_key_id: 123/, run_edit_command)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-09-12 04:06:59 -04:00
|
|
|
test "edit command does not add master key to gitignore when already exist" do
|
|
|
|
run_edit_command
|
|
|
|
|
|
|
|
Dir.chdir(app_path) do
|
|
|
|
gitignore = File.read(".gitignore")
|
|
|
|
assert_equal 1, gitignore.scan(%r|config/master\.key|).length
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-11-29 18:01:21 -05:00
|
|
|
test "edit command does not overwrite by default if credentials already exists" do
|
|
|
|
run_edit_command(editor: "eval echo api_key: abc >")
|
|
|
|
assert_match(/api_key: abc/, run_show_command)
|
|
|
|
|
|
|
|
run_edit_command
|
|
|
|
assert_match(/api_key: abc/, run_show_command)
|
|
|
|
end
|
|
|
|
|
2018-02-08 05:49:50 -05:00
|
|
|
test "edit command does not add master key when `RAILS_MASTER_KEY` env specified" do
|
|
|
|
Dir.chdir(app_path) do
|
|
|
|
key = IO.binread("config/master.key").strip
|
|
|
|
FileUtils.rm("config/master.key")
|
|
|
|
|
|
|
|
switch_env("RAILS_MASTER_KEY", key) do
|
2018-06-24 07:57:41 -04:00
|
|
|
assert_match(/access_key_id: 123/, run_edit_command)
|
2018-02-08 05:49:50 -05:00
|
|
|
assert_not File.exist?("config/master.key")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2018-09-19 17:02:00 -04:00
|
|
|
test "edit command modifies file specified by environment option" do
|
|
|
|
assert_match(/access_key_id: 123/, run_edit_command(environment: "production"))
|
|
|
|
Dir.chdir(app_path) do
|
|
|
|
assert File.exist?("config/credentials/production.key")
|
|
|
|
assert File.exist?("config/credentials/production.yml.enc")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-03-25 03:14:51 -04:00
|
|
|
test "edit command properly expands environment option" do
|
2019-03-03 18:12:05 -05:00
|
|
|
assert_match(/access_key_id: 123/, run_edit_command(environment: "prod"))
|
|
|
|
Dir.chdir(app_path) do
|
|
|
|
assert File.exist?("config/credentials/production.key")
|
|
|
|
assert File.exist?("config/credentials/production.yml.enc")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-02-01 06:12:40 -05:00
|
|
|
test "edit command does not raise when an initializer tries to access non-existent credentials" do
|
2018-12-25 18:03:20 -05:00
|
|
|
app_file "config/initializers/raise_when_loaded.rb", <<-RUBY
|
|
|
|
Rails.application.credentials.missing_key!
|
|
|
|
RUBY
|
|
|
|
|
|
|
|
assert_match(/access_key_id: 123/, run_edit_command(environment: "qa"))
|
|
|
|
end
|
|
|
|
|
2019-03-25 03:14:51 -04:00
|
|
|
test "edit command generates template file when the file does not exist" do
|
2019-03-22 20:07:57 -04:00
|
|
|
FileUtils.rm("#{app_path}/config/credentials.yml.enc")
|
|
|
|
run_edit_command
|
|
|
|
|
|
|
|
output = run_show_command
|
|
|
|
assert_match(/access_key_id: 123/, output)
|
|
|
|
assert_match(/secret_key_base/, output)
|
|
|
|
end
|
|
|
|
|
2019-08-03 19:32:41 -04:00
|
|
|
|
|
|
|
test "show credentials" do
|
|
|
|
assert_match(/access_key_id: 123/, run_show_command)
|
2019-07-26 09:56:49 -04:00
|
|
|
end
|
|
|
|
|
2019-08-03 19:32:41 -04:00
|
|
|
test "show command raises error when require_master_key is specified and key does not exist" do
|
|
|
|
remove_file "config/master.key"
|
|
|
|
add_to_config "config.require_master_key = true"
|
2019-07-26 09:56:49 -04:00
|
|
|
|
2019-08-03 19:32:41 -04:00
|
|
|
assert_match(/Missing encryption key to decrypt file with/, run_show_command(allow_failure: true))
|
2019-07-26 09:56:49 -04:00
|
|
|
end
|
|
|
|
|
2019-08-03 19:32:41 -04:00
|
|
|
test "show command does not raise error when require_master_key is false and master key does not exist" do
|
|
|
|
remove_file "config/master.key"
|
|
|
|
add_to_config "config.require_master_key = false"
|
2019-07-26 09:56:49 -04:00
|
|
|
|
2019-08-03 19:32:41 -04:00
|
|
|
assert_match(/Missing 'config\/master\.key' to decrypt credentials/, run_show_command)
|
2019-07-26 09:56:49 -04:00
|
|
|
end
|
|
|
|
|
2019-08-03 19:32:41 -04:00
|
|
|
test "show command displays content specified by environment option" do
|
|
|
|
run_edit_command(environment: "production")
|
2019-07-26 09:56:49 -04:00
|
|
|
|
2019-08-03 19:32:41 -04:00
|
|
|
assert_match(/access_key_id: 123/, run_show_command(environment: "production"))
|
|
|
|
end
|
|
|
|
|
|
|
|
test "show command properly expands environment option" do
|
|
|
|
run_edit_command(environment: "production")
|
2019-07-26 09:56:49 -04:00
|
|
|
|
2019-08-03 19:32:41 -04:00
|
|
|
output = run_show_command(environment: "prod")
|
|
|
|
assert_match(/access_key_id: 123/, output)
|
|
|
|
assert_no_match(/secret_key_base/, output)
|
|
|
|
end
|
|
|
|
|
|
|
|
|
2019-08-03 20:19:55 -04:00
|
|
|
test "diff enroll diffing" do
|
|
|
|
assert_match("successfully enrolled", run_diff_command(enroll: true))
|
2019-08-03 19:32:41 -04:00
|
|
|
|
|
|
|
assert_equal <<~EOM, File.read(app_path(".gitattributes"))
|
2019-07-26 09:56:49 -04:00
|
|
|
config/credentials/*.yml.enc diff=rails_credentials
|
|
|
|
config/credentials.yml.enc diff=rails_credentials
|
|
|
|
EOM
|
2019-08-03 20:19:55 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
test "running edit after enrolling in diffing sets diff driver" do
|
|
|
|
run_diff_command(enroll: true)
|
|
|
|
run_edit_command
|
2019-08-03 19:32:41 -04:00
|
|
|
|
2019-07-26 09:56:49 -04:00
|
|
|
Dir.chdir(app_path) do
|
2019-08-03 18:00:16 -04:00
|
|
|
assert_equal "bin/rails credentials:diff", `git config --get 'diff.rails_credentials.textconv'`.strip
|
2019-07-26 09:56:49 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-08-03 18:00:16 -04:00
|
|
|
test "diff from git diff left file" do
|
2019-07-26 09:56:49 -04:00
|
|
|
run_edit_command(environment: "development")
|
|
|
|
|
2019-08-03 18:00:16 -04:00
|
|
|
assert_match(/access_key_id: 123/, run_diff_command("config/credentials/development.yml.enc"))
|
2019-07-26 09:56:49 -04:00
|
|
|
end
|
|
|
|
|
2019-08-03 18:00:16 -04:00
|
|
|
test "diff from git diff right file" do
|
2019-07-26 09:56:49 -04:00
|
|
|
run_edit_command(environment: "development")
|
|
|
|
|
2019-08-03 18:00:16 -04:00
|
|
|
content_path = app_path("config", "credentials", "KnAM4a_development.yml.enc")
|
|
|
|
File.write(content_path,
|
|
|
|
File.read(app_path("config", "credentials", "development.yml.enc")))
|
2019-07-26 09:56:49 -04:00
|
|
|
|
2019-08-03 18:00:16 -04:00
|
|
|
assert_match(/access_key_id: 123/, run_diff_command(content_path))
|
2019-07-26 09:56:49 -04:00
|
|
|
end
|
|
|
|
|
2019-08-03 18:00:16 -04:00
|
|
|
test "diff for main credentials" do
|
|
|
|
assert_match(/access_key_id: 123/, run_diff_command("config/credentials.yml.enc"))
|
2019-07-26 09:56:49 -04:00
|
|
|
end
|
|
|
|
|
2019-08-03 18:00:16 -04:00
|
|
|
test "diff when master key is not available" do
|
2019-07-26 09:56:49 -04:00
|
|
|
remove_file "config/master.key"
|
|
|
|
|
|
|
|
raw_content = File.read(app_path("config", "credentials.yml.enc"))
|
2019-08-03 18:00:16 -04:00
|
|
|
assert_match(raw_content, run_diff_command("config/credentials.yml.enc"))
|
2019-07-26 09:56:49 -04:00
|
|
|
end
|
|
|
|
|
2019-08-03 18:00:16 -04:00
|
|
|
test "diff returns raw encrypted content when errors occur" do
|
2019-07-26 09:56:49 -04:00
|
|
|
run_edit_command(environment: "development")
|
|
|
|
|
2019-08-03 18:00:16 -04:00
|
|
|
content_path = app_path("20190807development.yml.enc")
|
|
|
|
encrypted_content = File.read(app_path("config", "credentials", "development.yml.enc"))
|
|
|
|
File.write(content_path, encrypted_content + "ruin decryption")
|
2019-07-26 09:56:49 -04:00
|
|
|
|
2019-08-03 18:00:16 -04:00
|
|
|
assert_match(encrypted_content, run_diff_command(content_path))
|
2019-07-26 09:56:49 -04:00
|
|
|
end
|
|
|
|
|
2019-03-03 18:12:05 -05:00
|
|
|
|
2017-09-12 04:06:59 -04:00
|
|
|
private
|
2018-09-19 17:02:00 -04:00
|
|
|
def run_edit_command(editor: "cat", environment: nil, **options)
|
2017-09-12 04:06:59 -04:00
|
|
|
switch_env("EDITOR", editor) do
|
2018-09-19 17:02:00 -04:00
|
|
|
args = environment ? ["--environment", environment] : []
|
|
|
|
rails "credentials:edit", args, **options
|
2017-09-12 04:06:59 -04:00
|
|
|
end
|
|
|
|
end
|
2017-09-15 01:31:02 -04:00
|
|
|
|
2019-08-03 18:00:16 -04:00
|
|
|
def run_show_command(environment: nil, **options)
|
2018-09-19 17:02:00 -04:00
|
|
|
args = environment ? ["--environment", environment] : []
|
|
|
|
rails "credentials:show", args, **options
|
2017-09-15 01:31:02 -04:00
|
|
|
end
|
2019-08-03 18:00:16 -04:00
|
|
|
|
2019-08-03 20:19:55 -04:00
|
|
|
def run_diff_command(path = nil, enroll: nil, **options)
|
|
|
|
args = enroll ? ["--enroll"] : [path]
|
2019-08-03 19:32:41 -04:00
|
|
|
rails "credentials:diff", args, **options
|
2019-08-03 18:00:16 -04:00
|
|
|
end
|
2017-09-12 04:06:59 -04:00
|
|
|
end
|