Deprecate encrypted secrets in favor of credentials.

Allow edits of existing encrypted secrets generated on Rails 5.1, but refer to credentials when attempting to setup. This also removes the need for any of the setup code, so the generator can be ripped out altogether.
author: Kasper Timm Hansen <kaspth@gmail.com> 2017-11-12 17:32:52 +0100
committer: Kasper Timm Hansen <kaspth@gmail.com> 2017-11-12 17:50:09 +0100
commit: bb30f05f3858f97791f0e1530e625b7ea2c6c5e2 (patch)
tree: 366b5f34a3612d3234e721a7690702d3748e595b /railties/test
parent: 99f4d6e744285a1a634e6ba46cd500560573985c (diff)
download: rails-bb30f05f3858f97791f0e1530e625b7ea2c6c5e2.tar.gz
rails-bb30f05f3858f97791f0e1530e625b7ea2c6c5e2.tar.bz2
rails-bb30f05f3858f97791f0e1530e625b7ea2c6c5e2.zip
3 files changed, 41 insertions, 68 deletions
diff --git a/railties/test/commands/secrets_test.rb b/railties/test/commands/secrets_test.rb
index 66a81826e3..6b9f284a0c 100644
--- a/railties/test/commands/secrets_test.rb
+++ b/railties/test/commands/secrets_test.rb
@@ -8,21 +8,38 @@ require "rails/commands/secrets/secrets_command"
 class Rails::Command::SecretsCommandTest < ActiveSupport::TestCase
   include ActiveSupport::Testing::Isolation, EnvHelpers
 
-  def setup
-    build_app
+  setup :build_app
+  teardown :teardown_app
+
+  test "edit without editor gives hint" do
+    assert_match "No $EDITOR to open decrypted secrets in", run_edit_command(editor: "")
   end
 
-  def teardown
-    teardown_app
+  test "encrypted secrets are deprecated when using credentials" do
+    assert_match "Encrypted secrets is deprecated", run_setup_command
+    assert_equal 1, $?.exitstatus
+    assert_not File.exist?("config/secrets.yml.enc")
   end
 
-  test "edit without editor gives hint" do
-    assert_match "No $EDITOR to open decrypted secrets in", run_edit_command(editor: "")
+  test "encrypted secrets are deprecated when running edit without setup" do
+    assert_match "Encrypted secrets is deprecated", run_setup_command
+    assert_equal 1, $?.exitstatus
+    assert_not File.exist?("config/secrets.yml.enc")
+  end
+
+  test "encrypted secrets are deprecated for 5.1 config/secrets.yml apps" do
+    Dir.chdir(app_path) do
+      FileUtils.rm("config/credentials.yml.enc")
+      FileUtils.touch("config/secrets.yml")
+
+      assert_match "Encrypted secrets is deprecated", run_setup_command
+      assert_equal 1, $?.exitstatus
+      assert_not File.exist?("config/secrets.yml.enc")
+    end
   end
 
   test "edit secrets" do
-    # Runs setup before first edit.
-    assert_match(/Adding config\/secrets\.yml\.key to store the encryption key/, run_edit_command)
+    prevent_deprecation
 
     # Run twice to ensure encrypted secrets can be reread after first edit pass.
     2.times do
@@ -31,22 +48,30 @@ class Rails::Command::SecretsCommandTest < ActiveSupport::TestCase
   end
 
   test "show secrets" do
-    run_setup_command
+    prevent_deprecation
+
     assert_match(/external_api_key: 1466aac22e6a869134be3d09b9e89232fc2c2289/, run_show_command)
   end
 
   private
+    def prevent_deprecation
+      Dir.chdir(app_path) do
+        File.write("config/secrets.yml.key", "f731758c639da2604dfb6bf3d1025de8")
+        File.write("config/secrets.yml.enc", "sEB0mHxDbeP1/KdnMk00wyzPFACl9K6t0cZWn5/Mfx/YbTHvnI07vrneqHg9kaH3wOS7L6pIQteu1P077OtE4BSx/ZRc/sgQPHyWu/tXsrfHqnPNpayOF/XZqizE91JacSFItNMWpuPsp9ynbzz+7cGhoB1S4aPNIU6u0doMrzdngDbijsaAFJmsHIQh6t/QHoJx--8aMoE0PvUWmw1Iqz--ldFqnM/K0g9k17M8PKoN/Q==")
+      end
+    end
+
     def run_edit_command(editor: "cat")
       switch_env("EDITOR", editor) do
-        rails "secrets:edit"
+        rails "secrets:edit", allow_failure: true
       end
     end
 
     def run_show_command
-      rails "secrets:show"
+      rails "secrets:show", allow_failure: true
     end
 
     def run_setup_command
-      rails "secrets:setup"
+      rails "secrets:setup", allow_failure: true
     end
 end
diff --git a/railties/test/generators/encrypted_secrets_generator_test.rb b/railties/test/generators/encrypted_secrets_generator_test.rb
deleted file mode 100644
index eacb5166c0..0000000000
--- a/railties/test/generators/encrypted_secrets_generator_test.rb
+++ /dev/null
@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-
-require "generators/generators_test_helper"
-require "rails/generators/rails/encrypted_secrets/encrypted_secrets_generator"
-
-class EncryptedSecretsGeneratorTest < Rails::Generators::TestCase
-  include GeneratorsTestHelper
-
-  def setup
-    super
-    cd destination_root
-  end
-
-  def test_generates_key_file_and_encrypted_secrets_file
-    run_generator
-
-    assert_file "config/secrets.yml.key", /\w+/
-
-    assert File.exist?("config/secrets.yml.enc")
-    assert_no_match(/# production:\n#   external_api_key: \w+/, IO.binread("config/secrets.yml.enc"))
-    assert_match(/# production:\n#   external_api_key: \w+/, Rails::Secrets.read)
-  end
-
-  def test_appends_to_gitignore
-    FileUtils.touch(".gitignore")
-
-    run_generator
-
-    assert_file ".gitignore", /config\/secrets.yml.key/, /(?!config\/secrets.yml.enc)/
-  end
-
-  def test_warns_when_ignore_is_missing
-    assert_match(/Add this to your ignore file/i, run_generator)
-  end
-
-  def test_doesnt_generate_a_new_key_file_if_already_opted_in_to_encrypted_secrets
-    FileUtils.mkdir("config")
-    File.open("config/secrets.yml.enc", "w") { |f| f.puts "already secrety" }
-
-    run_generator
-
-    assert_no_file "config/secrets.yml.key"
-  end
-end
diff --git a/railties/test/secrets_test.rb b/railties/test/secrets_test.rb
index 888fee173a..06877bc76a 100644
--- a/railties/test/secrets_test.rb
+++ b/railties/test/secrets_test.rb
@@ -1,20 +1,13 @@
 # frozen_string_literal: true
 
 require "isolation/abstract_unit"
-require "rails/generators"
-require "rails/generators/rails/encrypted_secrets/encrypted_secrets_generator"
 require "rails/secrets"
 
 class Rails::SecretsTest < ActiveSupport::TestCase
   include ActiveSupport::Testing::Isolation
 
-  def setup
-    build_app
-  end
-
-  def teardown
-    teardown_app
-  end
+  setup :build_app
+  teardown :teardown_app
 
   test "setting read to false skips parsing" do
     run_secrets_generator do
@@ -172,9 +165,8 @@ class Rails::SecretsTest < ActiveSupport::TestCase
   private
     def run_secrets_generator
       Dir.chdir(app_path) do
-        capture(:stdout) do
-          Rails::Generators::EncryptedSecretsGenerator.start
-        end
+        File.write("config/secrets.yml.key", "f731758c639da2604dfb6bf3d1025de8")
+        File.write("config/secrets.yml.enc", "sEB0mHxDbeP1/KdnMk00wyzPFACl9K6t0cZWn5/Mfx/YbTHvnI07vrneqHg9kaH3wOS7L6pIQteu1P077OtE4BSx/ZRc/sgQPHyWu/tXsrfHqnPNpayOF/XZqizE91JacSFItNMWpuPsp9ynbzz+7cGhoB1S4aPNIU6u0doMrzdngDbijsaAFJmsHIQh6t/QHoJx--8aMoE0PvUWmw1Iqz--ldFqnM/K0g9k17M8PKoN/Q==")
 
         add_to_config <<-RUBY
           config.read_encrypted_secrets = true
author	Kasper Timm Hansen <kaspth@gmail.com>	2017-11-12 17:32:52 +0100
committer	Kasper Timm Hansen <kaspth@gmail.com>	2017-11-12 17:50:09 +0100
commit	bb30f05f3858f97791f0e1530e625b7ea2c6c5e2 (patch)
tree	366b5f34a3612d3234e721a7690702d3748e595b /railties/test
parent	99f4d6e744285a1a634e6ba46cd500560573985c (diff)
download	rails-bb30f05f3858f97791f0e1530e625b7ea2c6c5e2.tar.gz rails-bb30f05f3858f97791f0e1530e625b7ea2c6c5e2.tar.bz2 rails-bb30f05f3858f97791f0e1530e625b7ea2c6c5e2.zip