Commit 41aebaa1 authored by Shinya Maeda's avatar Shinya Maeda

Decuplin

parent a7f114b1
module Ci module Ci
class Variable < ActiveRecord::Base class Variable < ActiveRecord::Base
extend Ci::Model extend Ci::Model
include HasVariable
belongs_to :project belongs_to :project
validates :key, validates :key, uniqueness: { scope: :project_id }
presence: true,
uniqueness: { scope: :project_id },
length: { maximum: 255 },
format: { with: /\A[a-zA-Z0-9_]+\z/,
message: "can contain only letters, digits and '_'." }
scope :order_key_asc, -> { reorder(key: :asc) }
scope :unprotected, -> { where(protected: false) } scope :unprotected, -> { where(protected: false) }
attr_encrypted :value,
mode: :per_attribute_iv_and_salt,
insecure_mode: true,
key: Gitlab::Application.secrets.db_key_base,
algorithm: 'aes-256-cbc'
def to_runner_variable
{ key: key, value: value, public: false }
end
end end
end end
module HasVariable
extend ActiveSupport::Concern
included do
validates :key,
presence: true,
length: { maximum: 255 },
format: { with: /\A[a-zA-Z0-9_]+\z/,
message: "can contain only letters, digits and '_'." }
scope :order_key_asc, -> { reorder(key: :asc) }
attr_encrypted :value,
mode: :per_attribute_iv_and_salt,
insecure_mode: true,
key: Gitlab::Application.secrets.db_key_base,
algorithm: 'aes-256-cbc'
def to_runner_variable
{ key: key, value: value, public: false }
end
end
end
...@@ -3,14 +3,8 @@ require 'spec_helper' ...@@ -3,14 +3,8 @@ require 'spec_helper'
describe Ci::Variable, models: true do describe Ci::Variable, models: true do
subject { build(:ci_variable) } subject { build(:ci_variable) }
let(:secret_value) { 'secret' } it { is_expected.to be_kind_of(HasVariable) }
it { is_expected.to validate_presence_of(:key) }
it { is_expected.to validate_uniqueness_of(:key).scoped_to(:project_id) } it { is_expected.to validate_uniqueness_of(:key).scoped_to(:project_id) }
it { is_expected.to validate_length_of(:key).is_at_most(255) }
it { is_expected.to allow_value('foo').for(:key) }
it { is_expected.not_to allow_value('foo bar').for(:key) }
it { is_expected.not_to allow_value('foo/bar').for(:key) }
describe '.unprotected' do describe '.unprotected' do
subject { described_class.unprotected } subject { described_class.unprotected }
...@@ -33,36 +27,4 @@ describe Ci::Variable, models: true do ...@@ -33,36 +27,4 @@ describe Ci::Variable, models: true do
end end
end end
end end
describe '#value' do
before do
subject.value = secret_value
end
it 'stores the encrypted value' do
expect(subject.encrypted_value).not_to be_nil
end
it 'stores an iv for value' do
expect(subject.encrypted_value_iv).not_to be_nil
end
it 'stores a salt for value' do
expect(subject.encrypted_value_salt).not_to be_nil
end
it 'fails to decrypt if iv is incorrect' do
subject.encrypted_value_iv = SecureRandom.hex
subject.instance_variable_set(:@value, nil)
expect { subject.value }
.to raise_error(OpenSSL::Cipher::CipherError, 'bad decrypt')
end
end
describe '#to_runner_variable' do
it 'returns a hash for the runner' do
expect(subject.to_runner_variable)
.to eq(key: subject.key, value: subject.value, public: false)
end
end
end end
require 'spec_helper'
describe HasVariable do
subject { build(:ci_variable) }
let(:secret_value) { 'secret' }
it { is_expected.to validate_presence_of(:key) }
it { is_expected.to validate_length_of(:key).is_at_most(255) }
it { is_expected.to allow_value('foo').for(:key) }
it { is_expected.not_to allow_value('foo bar').for(:key) }
it { is_expected.not_to allow_value('foo/bar').for(:key) }
describe '#value' do
before do
subject.value = secret_value
end
it 'stores the encrypted value' do
expect(subject.encrypted_value).not_to be_nil
end
it 'stores an iv for value' do
expect(subject.encrypted_value_iv).not_to be_nil
end
it 'stores a salt for value' do
expect(subject.encrypted_value_salt).not_to be_nil
end
it 'fails to decrypt if iv is incorrect' do
subject.encrypted_value_iv = SecureRandom.hex
subject.instance_variable_set(:@value, nil)
expect { subject.value }
.to raise_error(OpenSSL::Cipher::CipherError, 'bad decrypt')
end
end
describe '#to_runner_variable' do
it 'returns a hash for the runner' do
expect(subject.to_runner_variable)
.to eq(key: subject.key, value: subject.value, public: false)
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment