mirror of
https://github.com/badges/shields.git
synced 2025-11-30 06:21:32 +03:00
Inject secrets into the services (#3652)
This is a reworking of #3410 based on some feedback @calebcartwright left on that PR. The goals of injecting the secrets are threefold: 1. Simplify testing 2. Be consistent with all of the other config (which is injected) 3. Encapsulate the sensitive auth-related code in one place so it can be studied and tested thoroughly - Rather than add more code to BaseService to handle authorization logic, it delegates that to an AuthHelper class. - When the server starts, it fetches the credentials from `config` and injects them into `BaseService.register()` which passes them to `invoke()`. - In `invoke()` the service's auth configuration is checked (`static get auth()`, much like `static get route()`). - If the auth config is present, an AuthHelper instance is created and attached to the new instance. - Then within the service, the password, basic auth config, or bearer authentication can be accessed via e.g. `this.authHelper.basicAuth` and passed to `this._requestJson()` and friends. - Everything is being done very explicitly, so it should be very clear where and how the configured secrets are being used. - Testing different configurations of services can now be done by injecting the config into `invoke()` in `.spec` files instead of mocking global state in the service tests as was done before. See the new Jira spec files for a good example of this. Ref #3393
This commit is contained in:
Paul Melnikow
GitHub
@@ -1,6 +1,5 @@
|
||||
'use strict'
|
||||
|
||||
const sinon = require('sinon')
|
||||
const serverSecrets = require('../../lib/server-secrets')
|
||||
|
||||
const sampleProjectUuid = '45afb680-d4e6-4e66-93ea-bcfa79eb8a87'
|
||||
@@ -78,53 +77,24 @@ const multipleViolations = createMockResponse({
|
||||
],
|
||||
})
|
||||
|
||||
const mockSymfonyUser = 'admin'
|
||||
const mockSymfonyToken = 'password'
|
||||
const originalUuid = serverSecrets.sl_insight_userUuid
|
||||
const originalApiToken = serverSecrets.sl_insight_apiToken
|
||||
|
||||
function setSymfonyInsightCredsToFalsy() {
|
||||
serverSecrets['sl_insight_userUuid'] = undefined
|
||||
serverSecrets['sl_insight_apiToken'] = undefined
|
||||
const user = 'admin'
|
||||
const token = 'password'
|
||||
const config = {
|
||||
private: {
|
||||
sl_insight_userUuid: user,
|
||||
sl_insight_apiToken: token,
|
||||
},
|
||||
}
|
||||
|
||||
function mockSymfonyInsightCreds() {
|
||||
// ensure that the fields exists before attempting to stub
|
||||
setSymfonyInsightCredsToFalsy()
|
||||
sinon.stub(serverSecrets, 'sl_insight_userUuid').value(mockSymfonyUser)
|
||||
sinon.stub(serverSecrets, 'sl_insight_apiToken').value(mockSymfonyToken)
|
||||
}
|
||||
|
||||
function restore() {
|
||||
sinon.restore()
|
||||
serverSecrets['sl_insight_userUuid'] = originalUuid
|
||||
serverSecrets['sl_insight_apiToken'] = originalApiToken
|
||||
}
|
||||
|
||||
function prepLiveTest() {
|
||||
// Since the service implementation will throw an error if the creds
|
||||
// are missing, we need to ensure that creds are available for each test.
|
||||
// In the case of the live tests we want to use the "real" creds if they
|
||||
// exist otherwise we need to use the same stubbed creds as all the mocked tests.
|
||||
if (!originalUuid) {
|
||||
function checkShouldSkip() {
|
||||
const noToken =
|
||||
!serverSecrets.sl_insight_userUuid || !serverSecrets.sl_insight_apiToken
|
||||
if (noToken) {
|
||||
console.warn(
|
||||
'No token provided, this test will mock Symfony Insight API responses.'
|
||||
'No Symfony credentials configured. Service tests will be skipped. Add credentials in local.yml to run these tests.'
|
||||
)
|
||||
mockSymfonyInsightCreds()
|
||||
}
|
||||
}
|
||||
|
||||
function createTest(
|
||||
t,
|
||||
title,
|
||||
{ withMockCreds = true } = { withMockCreds: true }
|
||||
) {
|
||||
const result = t.create(title)
|
||||
if (withMockCreds) {
|
||||
result.before(mockSymfonyInsightCreds)
|
||||
result.finally(restore)
|
||||
}
|
||||
return result
|
||||
return noToken
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
@@ -135,17 +105,13 @@ module.exports = {
|
||||
silverMockResponse,
|
||||
bronzeMockResponse,
|
||||
noMedalMockResponse,
|
||||
mockSymfonyUser,
|
||||
mockSymfonyToken,
|
||||
mockSymfonyInsightCreds,
|
||||
setSymfonyInsightCredsToFalsy,
|
||||
restore,
|
||||
realTokenExists: originalUuid,
|
||||
prepLiveTest,
|
||||
criticalViolation,
|
||||
majorViolation,
|
||||
minorViolation,
|
||||
infoViolation,
|
||||
multipleViolations,
|
||||
createTest,
|
||||
user,
|
||||
token,
|
||||
config,
|
||||
checkShouldSkip,
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user