mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
7a8728a039
To edit/show encrypted file:
```
bin/rails encrypted:edit config/staging_tokens.yml.enc
bin/rails encrypted:edit config/staging_tokens.yml.enc --key config/staging.key
bin/rails encrypted:show config/staging_tokens.yml.enc
```
Also provides a backing Rails.application.encrypted API for Ruby access:
```ruby
Rails.application.encrypted("config/staging_tokens.yml.enc").read
Rails.application.encrypted("config/staging_tokens.yml.enc").config
Rails.application.encrypted("config/staging_tokens.yml.enc", key: "config/staging.key")
```
80 lines
2.4 KiB
Ruby
80 lines
2.4 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require "isolation/abstract_unit"
|
|
require "env_helpers"
|
|
require "rails/command"
|
|
require "rails/commands/encrypted/encrypted_command"
|
|
|
|
class Rails::Command::EncryptedCommandTest < ActiveSupport::TestCase
|
|
include ActiveSupport::Testing::Isolation, EnvHelpers
|
|
|
|
setup :build_app
|
|
teardown :teardown_app
|
|
|
|
test "edit without editor gives hint" do
|
|
run_edit_command("config/tokens.yml.enc", editor: "").tap do |output|
|
|
assert_match "No $EDITOR to open file in", output
|
|
assert_match "bin/rails encrypted:edit", output
|
|
end
|
|
end
|
|
|
|
test "edit encrypted file" do
|
|
# Run twice to ensure file can be reread after first edit pass.
|
|
2.times do
|
|
assert_match(/access_key_id: 123/, run_edit_command("config/tokens.yml.enc"))
|
|
end
|
|
end
|
|
|
|
test "edit command does not add master key to gitignore when already exist" do
|
|
run_edit_command("config/tokens.yml.enc")
|
|
|
|
Dir.chdir(app_path) do
|
|
assert_match "/config/master.key", File.read(".gitignore")
|
|
end
|
|
end
|
|
|
|
test "edit encrypts file with custom key" do
|
|
run_edit_command("config/tokens.yml.enc", key: "config/tokens.key")
|
|
|
|
Dir.chdir(app_path) do
|
|
assert File.exist?("config/tokens.yml.enc")
|
|
assert File.exist?("config/tokens.key")
|
|
|
|
assert_match "/config/tokens.key", File.read(".gitignore")
|
|
end
|
|
|
|
assert_match(/access_key_id: 123/, run_edit_command("config/tokens.yml.enc", key: "config/tokens.key"))
|
|
end
|
|
|
|
test "show encrypted file with custom key" do
|
|
run_edit_command("config/tokens.yml.enc", key: "config/tokens.key")
|
|
|
|
assert_match(/access_key_id: 123/, run_show_command("config/tokens.yml.enc", key: "config/tokens.key"))
|
|
end
|
|
|
|
test "won't corrupt encrypted file when passed wrong key" do
|
|
run_edit_command("config/tokens.yml.enc", key: "config/tokens.key")
|
|
|
|
assert_match "passed the wrong key",
|
|
run_edit_command("config/tokens.yml.enc", allow_failure: true)
|
|
|
|
assert_match(/access_key_id: 123/, run_show_command("config/tokens.yml.enc", key: "config/tokens.key"))
|
|
end
|
|
|
|
private
|
|
def run_edit_command(file, key: nil, editor: "cat", **options)
|
|
switch_env("EDITOR", editor) do
|
|
rails "encrypted:edit", prepare_args(file, key), **options
|
|
end
|
|
end
|
|
|
|
def run_show_command(file, key: nil)
|
|
rails "encrypted:show", prepare_args(file, key)
|
|
end
|
|
|
|
def prepare_args(file, key)
|
|
args = [ file ]
|
|
args.push("--key", key) if key
|
|
args
|
|
end
|
|
end
|