VladPolskiy/gitlab-foss
1
0
Fork 0
mirror of https://gitlab.com/gitlab-org/gitlab-foss.git synced 2025-08-10 01:31:45 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity
Files
2a708022d45768d45279ba8acb185bba2f6047be
gitlab-foss/spec/lib/gitlab/encryption/key_provider_spec.rb
GitLab Bot 094a8a9701 Add latest changes from gitlab-org/gitlab@master
2025-04-07 09:11:33 +00:00

83 lines
3.0 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Gitlab::Encryption::KeyProvider, feature_category: :shared do
using RSpec::Parameterized::TableSyntax
describe 'supported key providers' do
def wrap_secrets(secrets)
secrets.map do |secret|
ActiveRecord::Encryption::Key.new(secret)
end
end
def derive_secrets(secrets)
secrets.map do |secret|
ActiveRecord::Encryption::Key.new(ActiveRecord::Encryption.key_generator.derive_key_from(secret))
end
end
# rubocop:disable Layout/LineLength -- We cannot break lines when using RSpec::Parameterized::TableSyntax
where(:key_type, :expected_key_provider_class, :expected_keys) do
:db_key_base | Gitlab::Encryption::NonDerivedKeyProvider | wrap_secrets(Settings.db_key_base_keys)
:db_key_base_truncated | Gitlab::Encryption::NonDerivedKeyProvider | wrap_secrets(Settings.db_key_base_keys_32_bytes)
:db_key_base_32 | Gitlab::Encryption::NonDerivedKeyProvider | wrap_secrets(Settings.db_key_base_keys_truncated)
:active_record_encryption_primary_key | ActiveRecord::Encryption::DerivedSecretKeyProvider | derive_secrets(ActiveRecord::Encryption.config.primary_key)
:active_record_encryption_deterministic_key | ActiveRecord::Encryption::DerivedSecretKeyProvider | derive_secrets(ActiveRecord::Encryption.config.deterministic_key)
end
# rubocop:enable Layout/LineLength
with_them do
describe '.[]' do
it 'returns the expected key provider wrapper' do
expect(described_class[key_type])
.to be_a(Gitlab::Encryption::KeyProviderWrapper)
end
it 'returns the expected key provider class from the wrapper' do
expect(described_class[key_type].key_provider)
.to be_a(expected_key_provider_class)
end
end
describe 'instance methods' do
subject(:service) { described_class[key_type] }
describe '#key_provider' do
it 'instantiates the expected key provider' do
expect(service.key_provider)
.to be_a(expected_key_provider_class)
end
end
describe '#encryption_key' do
it 'returns the last key' do
expect(service.encryption_key.secret)
.to eq(expected_keys.last.secret)
end
it 'includes a public tag referencing the key' do
expect(service.encryption_key.public_tags.encrypted_data_key_id)
.to eq(service.encryption_key.id)
end
end
describe '#decryption_keys' do
it 'returns ActiveRecord::Encryption::Key keys' do
provider_keys = service.decryption_keys
expect(provider_keys)
.to all(be_a(ActiveRecord::Encryption::Key))
end
it 'returns all keys by default' do
expect(service.decryption_keys.map(&:secret))
.to eq(expected_keys.map(&:secret))
end
end
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink