gitlab-org--gitlab-foss/spec/models/ci/variable_spec.rb

require 'spec_helper'

describe Ci::Variable, models: true do
  subject { build(:ci_variable) }

  let(:secret_value) { 'secret' }

  it { is_expected.to validate_presence_of(:key) }
  it { is_expected.to validate_uniqueness_of(:key).scoped_to(:project_id) }
  it { is_expected.to validate_length_of(:key).is_at_most(255) }
  it { is_expected.to allow_value('foo').for(:key) }
  it { is_expected.not_to allow_value('foo bar').for(:key) }
  it { is_expected.not_to allow_value('foo/bar').for(:key) }

  describe '.unprotected' do
    subject { described_class.unprotected }

    context 'when variable is protected' do
      before do
        create(:ci_variable, :protected)
      end

      it 'returns nothing' do
        is_expected.to be_empty
      end
    end

    context 'when variable is not protected' do
      let(:variable) { create(:ci_variable, protected: false) }

      it 'returns the variable' do
        is_expected.to contain_exactly(variable)
      end
    end
  end

  describe '#value' do
    before do
      subject.value = secret_value
    end

    it 'stores the encrypted value' do
      expect(subject.encrypted_value).not_to be_nil
    end

    it 'stores an iv for value' do
      expect(subject.encrypted_value_iv).not_to be_nil
    end

    it 'stores a salt for value' do
      expect(subject.encrypted_value_salt).not_to be_nil
    end

    it 'fails to decrypt if iv is incorrect' do
      subject.encrypted_value_iv = SecureRandom.hex
      subject.instance_variable_set(:@value, nil)
      expect { subject.value }
        .to raise_error(OpenSSL::Cipher::CipherError, 'bad decrypt')
    end
  end

  describe '#to_runner_variable' do
    it 'returns a hash for the runner' do
      expect(subject.to_runner_variable)
        .to eq(key: subject.key, value: subject.value, public: false)
    end
  end
end
Groundwork for merging CI into CE 2015-08-25 21:42:46 -04:00			`require 'spec_helper'`

Tag model specs 2015-12-09 04:50:51 -05:00			`describe Ci::Variable, models: true do`
Remove rails dependent: :destroy statement Enforced by the database, and no callbacks need to be called. Combined with 7b9b2c6099 and 294a8b8a6d this resolves gitlab-org/gitlab-ce#31799 2017-05-08 15:56:37 -04:00			`subject { build(:ci_variable) }`
Groundwork for merging CI into CE 2015-08-25 21:42:46 -04:00
			`let(:secret_value) { 'secret' }`

Use :maximum instead of :within for length validators with a 0..N range Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-12-02 07:54:57 -05:00			`it { is_expected.to validate_presence_of(:key) }`
All CI offline migrations 2017-03-17 19:06:11 -04:00			`it { is_expected.to validate_uniqueness_of(:key).scoped_to(:project_id) }`
Use :maximum instead of :within for length validators with a 0..N range Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-12-02 07:54:57 -05:00			`it { is_expected.to validate_length_of(:key).is_at_most(255) }`
			`it { is_expected.to allow_value('foo').for(:key) }`
			`it { is_expected.not_to allow_value('foo bar').for(:key) }`
			`it { is_expected.not_to allow_value('foo/bar').for(:key) }`

Make sure protected can't be null; Test protected! 2017-06-01 09:48:31 -04:00			`describe '.unprotected' do`
			`subject { described_class.unprotected }`

			`context 'when variable is protected' do`
			`before do`
			`create(:ci_variable, :protected)`
			`end`

			`it 'returns nothing' do`
			`is_expected.to be_empty`
			`end`
			`end`

			`context 'when variable is not protected' do`
			`let(:variable) { create(:ci_variable, protected: false) }`

			`it 'returns the variable' do`
			`is_expected.to contain_exactly(variable)`
			`end`
			`end`
Groundwork for merging CI into CE 2015-08-25 21:42:46 -04:00			`end`

Avoid `describe`-ing symbols in specs 2016-07-11 18:12:31 -04:00			`describe '#value' do`
Make sure protected can't be null; Test protected! 2017-06-01 09:48:31 -04:00			`before do`
			`subject.value = secret_value`
			`end`

Groundwork for merging CI into CE 2015-08-25 21:42:46 -04:00			`it 'stores the encrypted value' do`
Fix commit specs 2015-09-10 09:52:52 -04:00			`expect(subject.encrypted_value).not_to be_nil`
Groundwork for merging CI into CE 2015-08-25 21:42:46 -04:00			`end`

			`it 'stores an iv for value' do`
Fix commit specs 2015-09-10 09:52:52 -04:00			`expect(subject.encrypted_value_iv).not_to be_nil`
Groundwork for merging CI into CE 2015-08-25 21:42:46 -04:00			`end`

			`it 'stores a salt for value' do`
Fix commit specs 2015-09-10 09:52:52 -04:00			`expect(subject.encrypted_value_salt).not_to be_nil`
Groundwork for merging CI into CE 2015-08-25 21:42:46 -04:00			`end`

			`it 'fails to decrypt if iv is incorrect' do`
Upgrade attr_encrypted and encryptor attr_encrypted (1.3.4 => 3.0.1) Changelog: https://github.com/attr-encrypted/attr_encrypted/blob/master/CHANGELOG.m d attr_encrypted 2.x included a vulnerability, so that major version is skipped. 3.x requires that the algorithm and mode used by each encrypted attribute is specified explicitly. `nil` is no longer a valid value for the encrypted_value_iv field, so it’s changed to a randomly generated string. 2016-05-19 14:55:25 -04:00			`subject.encrypted_value_iv = SecureRandom.hex`
Groundwork for merging CI into CE 2015-08-25 21:42:46 -04:00			`subject.instance_variable_set(:@value, nil)`
Enable Style/DotPosition Rubocop :cop: 2017-06-21 09:48:12 -04:00			`expect { subject.value }`
			`.to raise_error(OpenSSL::Cipher::CipherError, 'bad decrypt')`
Groundwork for merging CI into CE 2015-08-25 21:42:46 -04:00			`end`
			`end`
Merge secret and protected vars to variables_for(ref) Also introduce Ci::Variable#to_runner_variable to build up the hash for runner. 2017-05-26 13:46:57 -04:00
			`describe '#to_runner_variable' do`
			`it 'returns a hash for the runner' do`
			`expect(subject.to_runner_variable)`
			`.to eq(key: subject.key, value: subject.value, public: false)`
			`end`
			`end`
Groundwork for merging CI into CE 2015-08-25 21:42:46 -04:00			`end`