Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
41aebaa1
Commit
41aebaa1
authored
Jun 26, 2017
by
Shinya Maeda
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Decuplin
parent
a7f114b1
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
71 additions
and
56 deletions
+71
-56
app/models/ci/variable.rb
app/models/ci/variable.rb
+2
-17
app/models/concerns/has_variable.rb
app/models/concerns/has_variable.rb
+23
-0
spec/models/ci/variable_spec.rb
spec/models/ci/variable_spec.rb
+1
-39
spec/models/concerns/has_variable_spec.rb
spec/models/concerns/has_variable_spec.rb
+45
-0
No files found.
app/models/ci/variable.rb
View file @
41aebaa1
module
Ci
module
Ci
class
Variable
<
ActiveRecord
::
Base
class
Variable
<
ActiveRecord
::
Base
extend
Ci
::
Model
extend
Ci
::
Model
include
HasVariable
belongs_to
:project
belongs_to
:project
validates
:key
,
validates
:key
,
uniqueness:
{
scope: :project_id
}
presence:
true
,
uniqueness:
{
scope: :project_id
},
length:
{
maximum:
255
},
format:
{
with:
/\A[a-zA-Z0-9_]+\z/
,
message:
"can contain only letters, digits and '_'."
}
scope
:order_key_asc
,
->
{
reorder
(
key: :asc
)
}
scope
:unprotected
,
->
{
where
(
protected:
false
)
}
scope
:unprotected
,
->
{
where
(
protected:
false
)
}
attr_encrypted
:value
,
mode: :per_attribute_iv_and_salt
,
insecure_mode:
true
,
key:
Gitlab
::
Application
.
secrets
.
db_key_base
,
algorithm:
'aes-256-cbc'
def
to_runner_variable
{
key:
key
,
value:
value
,
public:
false
}
end
end
end
end
end
app/models/concerns/has_variable.rb
0 → 100644
View file @
41aebaa1
module
HasVariable
extend
ActiveSupport
::
Concern
included
do
validates
:key
,
presence:
true
,
length:
{
maximum:
255
},
format:
{
with:
/\A[a-zA-Z0-9_]+\z/
,
message:
"can contain only letters, digits and '_'."
}
scope
:order_key_asc
,
->
{
reorder
(
key: :asc
)
}
attr_encrypted
:value
,
mode: :per_attribute_iv_and_salt
,
insecure_mode:
true
,
key:
Gitlab
::
Application
.
secrets
.
db_key_base
,
algorithm:
'aes-256-cbc'
def
to_runner_variable
{
key:
key
,
value:
value
,
public:
false
}
end
end
end
spec/models/ci/variable_spec.rb
View file @
41aebaa1
...
@@ -3,14 +3,8 @@ require 'spec_helper'
...
@@ -3,14 +3,8 @@ require 'spec_helper'
describe
Ci
::
Variable
,
models:
true
do
describe
Ci
::
Variable
,
models:
true
do
subject
{
build
(
:ci_variable
)
}
subject
{
build
(
:ci_variable
)
}
let
(
:secret_value
)
{
'secret'
}
it
{
is_expected
.
to
be_kind_of
(
HasVariable
)
}
it
{
is_expected
.
to
validate_presence_of
(
:key
)
}
it
{
is_expected
.
to
validate_uniqueness_of
(
:key
).
scoped_to
(
:project_id
)
}
it
{
is_expected
.
to
validate_uniqueness_of
(
:key
).
scoped_to
(
:project_id
)
}
it
{
is_expected
.
to
validate_length_of
(
:key
).
is_at_most
(
255
)
}
it
{
is_expected
.
to
allow_value
(
'foo'
).
for
(
:key
)
}
it
{
is_expected
.
not_to
allow_value
(
'foo bar'
).
for
(
:key
)
}
it
{
is_expected
.
not_to
allow_value
(
'foo/bar'
).
for
(
:key
)
}
describe
'.unprotected'
do
describe
'.unprotected'
do
subject
{
described_class
.
unprotected
}
subject
{
described_class
.
unprotected
}
...
@@ -33,36 +27,4 @@ describe Ci::Variable, models: true do
...
@@ -33,36 +27,4 @@ describe Ci::Variable, models: true do
end
end
end
end
end
end
describe
'#value'
do
before
do
subject
.
value
=
secret_value
end
it
'stores the encrypted value'
do
expect
(
subject
.
encrypted_value
).
not_to
be_nil
end
it
'stores an iv for value'
do
expect
(
subject
.
encrypted_value_iv
).
not_to
be_nil
end
it
'stores a salt for value'
do
expect
(
subject
.
encrypted_value_salt
).
not_to
be_nil
end
it
'fails to decrypt if iv is incorrect'
do
subject
.
encrypted_value_iv
=
SecureRandom
.
hex
subject
.
instance_variable_set
(
:@value
,
nil
)
expect
{
subject
.
value
}
.
to
raise_error
(
OpenSSL
::
Cipher
::
CipherError
,
'bad decrypt'
)
end
end
describe
'#to_runner_variable'
do
it
'returns a hash for the runner'
do
expect
(
subject
.
to_runner_variable
)
.
to
eq
(
key:
subject
.
key
,
value:
subject
.
value
,
public:
false
)
end
end
end
end
spec/models/concerns/has_variable_spec.rb
0 → 100644
View file @
41aebaa1
require
'spec_helper'
describe
HasVariable
do
subject
{
build
(
:ci_variable
)
}
let
(
:secret_value
)
{
'secret'
}
it
{
is_expected
.
to
validate_presence_of
(
:key
)
}
it
{
is_expected
.
to
validate_length_of
(
:key
).
is_at_most
(
255
)
}
it
{
is_expected
.
to
allow_value
(
'foo'
).
for
(
:key
)
}
it
{
is_expected
.
not_to
allow_value
(
'foo bar'
).
for
(
:key
)
}
it
{
is_expected
.
not_to
allow_value
(
'foo/bar'
).
for
(
:key
)
}
describe
'#value'
do
before
do
subject
.
value
=
secret_value
end
it
'stores the encrypted value'
do
expect
(
subject
.
encrypted_value
).
not_to
be_nil
end
it
'stores an iv for value'
do
expect
(
subject
.
encrypted_value_iv
).
not_to
be_nil
end
it
'stores a salt for value'
do
expect
(
subject
.
encrypted_value_salt
).
not_to
be_nil
end
it
'fails to decrypt if iv is incorrect'
do
subject
.
encrypted_value_iv
=
SecureRandom
.
hex
subject
.
instance_variable_set
(
:@value
,
nil
)
expect
{
subject
.
value
}
.
to
raise_error
(
OpenSSL
::
Cipher
::
CipherError
,
'bad decrypt'
)
end
end
describe
'#to_runner_variable'
do
it
'returns a hash for the runner'
do
expect
(
subject
.
to_runner_variable
)
.
to
eq
(
key:
subject
.
key
,
value:
subject
.
value
,
public:
false
)
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment