0
0
mirror of https://github.com/renovatebot/renovate.git synced 2024-12-22 05:28:35 +00:00
renovatebot_renovate/lib/config/secrets.spec.ts
2023-11-07 15:50:29 +00:00

184 lines
5.7 KiB
TypeScript

import {
CONFIG_SECRETS_INVALID,
CONFIG_VALIDATION,
} from '../constants/error-messages';
import { getConfig } from './defaults';
import { applySecretsToConfig, validateConfigSecrets } from './secrets';
describe('config/secrets', () => {
describe('validateConfigSecrets(config)', () => {
it('works with default config', () => {
expect(() => validateConfigSecrets(getConfig())).not.toThrow();
});
it('returns if no secrets', () => {
expect(validateConfigSecrets({})).toBeUndefined();
});
it('throws if secrets is not an object', () => {
expect(() => validateConfigSecrets({ secrets: 'hello' } as any)).toThrow(
CONFIG_SECRETS_INVALID,
);
});
it('throws for invalid secret names', () => {
expect(() =>
validateConfigSecrets({ secrets: { '123': 'abc' } }),
).toThrow(CONFIG_SECRETS_INVALID);
});
it('throws for non-string secret', () => {
expect(() =>
validateConfigSecrets({ secrets: { abc: 123 } } as any),
).toThrow(CONFIG_SECRETS_INVALID);
});
it('throws for secrets inside repositories', () => {
expect(() =>
validateConfigSecrets({
repositories: [
{ repository: 'abc/def', secrets: { abc: 123 } },
] as any,
}),
).toThrow(CONFIG_SECRETS_INVALID);
});
});
describe('applySecretsToConfig(config)', () => {
it('works with default config', () => {
expect(() => applySecretsToConfig(getConfig())).not.toThrow();
});
it('throws if disallowed field is used', () => {
const config = {
prTitle: '{{ secrets.ARTIFACTORY_TOKEN }}',
secrets: {
ARTIFACTORY_TOKEN: '123test==',
},
};
expect(() => applySecretsToConfig(config)).toThrow(CONFIG_VALIDATION);
});
it('throws if an unknown secret is used', () => {
const config = {
npmToken: '{{ secrets.ARTIFACTORY_TOKEN }}',
};
expect(() => applySecretsToConfig(config)).toThrow(CONFIG_VALIDATION);
});
it('replaces secrets in the top level', () => {
const config = {
secrets: { ARTIFACTORY_TOKEN: '123test==' },
npmToken: '{{ secrets.ARTIFACTORY_TOKEN }}',
};
const res = applySecretsToConfig(config);
expect(res).toStrictEqual({
npmToken: '123test==',
});
expect(Object.keys(res)).not.toContain('secrets');
});
it('replaces secrets in a subobject', () => {
const config = {
secrets: { ARTIFACTORY_TOKEN: '123test==' },
npm: { npmToken: '{{ secrets.ARTIFACTORY_TOKEN }}' },
};
const res = applySecretsToConfig(config);
expect(res).toStrictEqual({
npm: {
npmToken: '123test==',
},
});
expect(Object.keys(res)).not.toContain('secrets');
});
it('replaces secrets in a array of objects', () => {
const config = {
secrets: { ARTIFACTORY_TOKEN: '123test==' },
hostRules: [
{ hostType: 'npm', token: '{{ secrets.ARTIFACTORY_TOKEN }}' },
],
};
const res = applySecretsToConfig(config);
expect(res).toStrictEqual({
hostRules: [{ hostType: 'npm', token: '123test==' }],
});
expect(Object.keys(res)).not.toContain('secrets');
});
it('replaces secrets in a array of strings', () => {
const config = {
secrets: { SECRET_MANAGER: 'npm' },
allowedManagers: ['{{ secrets.SECRET_MANAGER }}'],
};
const res = applySecretsToConfig(config);
expect(res).toStrictEqual({
allowedManagers: ['npm'],
});
expect(Object.keys(res)).not.toContain('secrets');
});
it('replaces secrets in a array of objects without deleting them', () => {
const config = {
secrets: { ARTIFACTORY_TOKEN: '123test==' },
hostRules: [
{ hostType: 'npm', token: '{{ secrets.ARTIFACTORY_TOKEN }}' },
],
};
const res = applySecretsToConfig(config, config.secrets, false);
expect(res).toStrictEqual({
secrets: { ARTIFACTORY_TOKEN: '123test==' },
hostRules: [{ hostType: 'npm', token: '123test==' }],
});
expect(Object.keys(res)).toContain('secrets');
});
it('replaces secrets in a array of strings without deleting them', () => {
const config = {
secrets: { SECRET_MANAGER: 'npm' },
allowedManagers: ['{{ secrets.SECRET_MANAGER }}'],
};
const res = applySecretsToConfig(config, config.secrets, false);
expect(res).toStrictEqual({
secrets: { SECRET_MANAGER: 'npm' },
allowedManagers: ['npm'],
});
expect(Object.keys(res)).toContain('secrets');
});
it('{} as secrets will result in an error', () => {
const config = {
secrets: { SECRET_MANAGER: 'npm' },
allowedManagers: ['{{ secrets.SECRET_MANAGER }}'],
};
expect(() => applySecretsToConfig(config, {}, false)).toThrow(
CONFIG_VALIDATION,
);
});
it('undefined as secrets will result replace the secret', () => {
const config = {
secrets: { SECRET_MANAGER: 'npm' },
allowedManagers: ['{{ secrets.SECRET_MANAGER }}'],
};
const res = applySecretsToConfig(config, undefined, false);
expect(res).toStrictEqual({
secrets: { SECRET_MANAGER: 'npm' },
allowedManagers: ['npm'],
});
expect(Object.keys(res)).toContain('secrets');
});
it('null as secrets will result in an error', () => {
const config = {
secrets: { SECRET_MANAGER: 'npm' },
allowedManagers: ['{{ secrets.SECRET_MANAGER }}'],
};
// TODO fix me? #22198
expect(() => applySecretsToConfig(config, null as never, false)).toThrow(
CONFIG_VALIDATION,
);
});
});
});