Commit 68ee6948 authored by Changzheng Liu's avatar Changzheng Liu Committed by Stan Hu

Only send AWS Credentials ENV to indexer when AWS config is enabled

parent 06e0d9ea
---
title: Only send AWS Credentials ENV to indexer when AWS config is enabled
merge_request: 37865
author:
type: fixed
...@@ -110,7 +110,9 @@ module Gitlab ...@@ -110,7 +110,9 @@ module Gitlab
} }
# Set AWS environment variables for IAM role authentication if present # Set AWS environment variables for IAM role authentication if present
if Gitlab::CurrentSettings.elasticsearch_config[:aws]
vars = build_aws_credentials_env(vars) vars = build_aws_credentials_env(vars)
end
# Users can override default SSL certificate path via SSL_CERT_FILE SSL_CERT_DIR # Users can override default SSL certificate path via SSL_CERT_FILE SSL_CERT_DIR
vars.merge(ENV.slice('SSL_CERT_FILE', 'SSL_CERT_DIR')) vars.merge(ENV.slice('SSL_CERT_FILE', 'SSL_CERT_DIR'))
......
...@@ -345,6 +345,19 @@ RSpec.describe Gitlab::Elastic::Indexer do ...@@ -345,6 +345,19 @@ RSpec.describe Gitlab::Elastic::Indexer do
allow(Gitlab::Elastic::Client).to receive(:aws_credential_provider).and_return(credentials) allow(Gitlab::Elastic::Client).to receive(:aws_credential_provider).and_return(credentials)
end end
context 'when AWS config is not enabled' do
it 'credentials env vars will not be included' do
expect(subject).not_to include('AWS_ACCESS_KEY_ID')
expect(subject).not_to include('AWS_SECRET_ACCESS_KEY')
expect(subject).not_to include('AWS_SESSION_TOKEN')
end
end
context 'when AWS config is enabled' do
before do
stub_application_setting(elasticsearch_aws: true)
end
it 'credentials env vars will be included' do it 'credentials env vars will be included' do
expect(subject).to include({ expect(subject).to include({
'AWS_ACCESS_KEY_ID' => access_key_id, 'AWS_ACCESS_KEY_ID' => access_key_id,
...@@ -353,6 +366,7 @@ RSpec.describe Gitlab::Elastic::Indexer do ...@@ -353,6 +366,7 @@ RSpec.describe Gitlab::Elastic::Indexer do
}) })
end end
end end
end
def expect_popen def expect_popen
expect(Gitlab::Popen).to receive(:popen) expect(Gitlab::Popen).to receive(:popen)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment