1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
rails--rails/activesupport/test/encrypted_configuration_test.rb
Alex Ghiculescu 94d1d52c03 Allow access to nested secrets by method calls
In a new Rails app, the generated credentials file contains an example of some [nested secrets](f95c0b7e96/railties/lib/rails/generators/rails/credentials/credentials_generator.rb (L46)).

Currently you can't access them nicely the way you would top level secrets:

```
2.7.3 :001 > Rails.application.credentials.aws
 => {:access_key_id=>123, :secret_access_key=>345}
2.7.3 :002 > Rails.application.credentials.aws.access_key_id
Traceback (most recent call last):
        1: from (irb):2
NoMethodError (undefined method `access_key_id' for {:access_key_id=>123, :secret_access_key=>345}:Hash)
2.7.3 :003 > Rails.application.credentials.secret_key_base
 => "abcd..."
```

It would make secrets easier to use if you could, so this PR adds support for that. `Rails.application.credentials.aws.access_key_id` will now return `123` in the above example.
2021-04-29 14:30:43 -05:00

78 lines
2.4 KiB
Ruby

# frozen_string_literal: true
require_relative "abstract_unit"
require "active_support/encrypted_configuration"
class EncryptedConfigurationTest < ActiveSupport::TestCase
setup do
@tmpdir = Dir.mktmpdir("config-")
@credentials_config_path = File.join(@tmpdir, "credentials.yml.enc")
@credentials_key_path = File.join(@tmpdir, "master.key")
File.write(@credentials_key_path, ActiveSupport::EncryptedConfiguration.generate_key)
@credentials = ActiveSupport::EncryptedConfiguration.new(
config_path: @credentials_config_path, key_path: @credentials_key_path,
env_key: "RAILS_MASTER_KEY", raise_if_missing_key: true
)
end
teardown do
FileUtils.rm_rf @tmpdir
end
test "reading configuration by env key" do
FileUtils.rm_rf @credentials_key_path
begin
ENV["RAILS_MASTER_KEY"] = ActiveSupport::EncryptedConfiguration.generate_key
@credentials.write({ something: { good: true, bad: false } }.to_yaml)
assert @credentials[:something][:good]
assert_not @credentials.dig(:something, :bad)
assert_nil @credentials.fetch(:nothing, nil)
ensure
ENV["RAILS_MASTER_KEY"] = nil
end
end
test "reading configuration by key file" do
@credentials.write({ something: { good: true, bad: false, nested: { foo: "bar" } } }.to_yaml)
assert @credentials.something[:good]
assert_not @credentials.something[:bad]
assert @credentials.something.good
assert_not @credentials.something.bad
assert_equal "bar", @credentials.dig(:something, :nested, :foo)
assert_equal "bar", @credentials.something.nested.foo
end
test "reading comment-only configuration" do
@credentials.write("# comment")
assert_equal @credentials.config, {}
end
test "change configuration by key file" do
@credentials.write({ something: { good: true } }.to_yaml)
@credentials.change do |config_file|
config = YAML.load(config_file.read)
config_file.write config.merge(new: "things").to_yaml
end
assert @credentials.something[:good]
assert_equal "things", @credentials[:new]
end
test "raise error when writing an invalid format value" do
assert_raise(Psych::SyntaxError) do
@credentials.change do |config_file|
config_file.write "login: *login\n username: dummy"
end
end
end
test "raises key error when accessing config via bang method" do
assert_raise(KeyError) { @credentials.something! }
end
end