pass kwargs in Secrets::Manager.history (#4108)

* pass kwargs in history * bump vulnerable gems * exclude basic text from flay * match Secrets::DbBackend.history's sig real backend.history's sig * remove print statement; keep useless params for consistency ignore any other params update specs * update specs
zendesk · Feb 29, 2024 · f184b60 · f184b60
1 parent 8d5e7a0
commit f184b60
Show file tree

Hide file tree

Showing 6 changed files with 77 additions and 73 deletions.
diff --git a/Gemfile b/Gemfile
@@ -5,7 +5,7 @@ ruby File.read('.ruby-version').strip
 
 # gems that have rails engines are are always needed
 group :preload do
-  gem 'rails', '~> 6.1.7.6'
+  gem 'rails', '~> 6.1.7.7'
   gem 'dotenv'
   gem 'connection_pool'
   gem 'marco-polo' # TODO: https://github.com/arches/marco-polo/pull/16

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -211,62 +211,62 @@ GEM
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.1.7.6)
-      actionpack (= 6.1.7.6)
-      activesupport (= 6.1.7.6)
+    actioncable (6.1.7.7)
+      actionpack (= 6.1.7.7)
+      activesupport (= 6.1.7.7)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.7.6)
-      actionpack (= 6.1.7.6)
-      activejob (= 6.1.7.6)
-      activerecord (= 6.1.7.6)
-      activestorage (= 6.1.7.6)
-      activesupport (= 6.1.7.6)
+    actionmailbox (6.1.7.7)
+      actionpack (= 6.1.7.7)
+      activejob (= 6.1.7.7)
+      activerecord (= 6.1.7.7)
+      activestorage (= 6.1.7.7)
+      activesupport (= 6.1.7.7)
       mail (>= 2.7.1)
-    actionmailer (6.1.7.6)
-      actionpack (= 6.1.7.6)
-      actionview (= 6.1.7.6)
-      activejob (= 6.1.7.6)
-      activesupport (= 6.1.7.6)
+    actionmailer (6.1.7.7)
+      actionpack (= 6.1.7.7)
+      actionview (= 6.1.7.7)
+      activejob (= 6.1.7.7)
+      activesupport (= 6.1.7.7)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.7.6)
-      actionview (= 6.1.7.6)
-      activesupport (= 6.1.7.6)
+    actionpack (6.1.7.7)
+      actionview (= 6.1.7.7)
+      activesupport (= 6.1.7.7)
       rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.7.6)
-      actionpack (= 6.1.7.6)
-      activerecord (= 6.1.7.6)
-      activestorage (= 6.1.7.6)
-      activesupport (= 6.1.7.6)
+    actiontext (6.1.7.7)
+      actionpack (= 6.1.7.7)
+      activerecord (= 6.1.7.7)
+      activestorage (= 6.1.7.7)
+      activesupport (= 6.1.7.7)
       nokogiri (>= 1.8.5)
-    actionview (6.1.7.6)
-      activesupport (= 6.1.7.6)
+    actionview (6.1.7.7)
+      activesupport (= 6.1.7.7)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
     active_hash (3.2.1)
       activesupport (>= 5.0.0)
-    activejob (6.1.7.6)
-      activesupport (= 6.1.7.6)
+    activejob (6.1.7.7)
+      activesupport (= 6.1.7.7)
       globalid (>= 0.3.6)
-    activemodel (6.1.7.6)
-      activesupport (= 6.1.7.6)
-    activerecord (6.1.7.6)
-      activemodel (= 6.1.7.6)
-      activesupport (= 6.1.7.6)
-    activestorage (6.1.7.6)
-      actionpack (= 6.1.7.6)
-      activejob (= 6.1.7.6)
-      activerecord (= 6.1.7.6)
-      activesupport (= 6.1.7.6)
+    activemodel (6.1.7.7)
+      activesupport (= 6.1.7.7)
+    activerecord (6.1.7.7)
+      activemodel (= 6.1.7.7)
+      activesupport (= 6.1.7.7)
+    activestorage (6.1.7.7)
+      actionpack (= 6.1.7.7)
+      activejob (= 6.1.7.7)
+      activerecord (= 6.1.7.7)
+      activesupport (= 6.1.7.7)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (6.1.7.6)
+    activesupport (6.1.7.7)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -350,7 +350,6 @@ GEM
     dotenv (2.8.1)
     encryptor (3.0.0)
     erubi (1.12.0)
-    erubis (2.7.0)
     execjs (2.9.1)
     faraday (2.8.1)
       base64
@@ -370,8 +369,8 @@ GEM
     ffi-compiler (1.0.1)
       ffi (>= 1.0.0)
       rake
-    flay (2.12.1)
-      erubis (~> 2.7.0)
+    flay (2.13.2)
+      erubi (~> 1.10)
       path_expander (~> 1.0)
       ruby_parser (~> 3.0)
       sexp_processor (~> 4.0)
@@ -441,7 +440,7 @@ GEM
       nokogiri (>= 1.12.0)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
-    marcel (1.0.2)
+    marcel (1.0.3)
     marco-polo (2.0.3)
       railties (>= 6)
     maxitest (3.7.0)
@@ -551,28 +550,28 @@ GEM
       nio4r (~> 2.0)
     pyu-ruby-sasl (0.0.3.3)
     racc (1.7.3)
-    rack (2.2.8)
+    rack (2.2.8.1)
     rack-mini-profiler (3.3.0)
       rack (>= 1.2.0)
     rack-protection (3.2.0)
       base64 (>= 0.1.0)
       rack (~> 2.2, >= 2.2.4)
     rack-test (2.1.0)
       rack (>= 1.3)
-    rails (6.1.7.6)
-      actioncable (= 6.1.7.6)
-      actionmailbox (= 6.1.7.6)
-      actionmailer (= 6.1.7.6)
-      actionpack (= 6.1.7.6)
-      actiontext (= 6.1.7.6)
-      actionview (= 6.1.7.6)
-      activejob (= 6.1.7.6)
-      activemodel (= 6.1.7.6)
-      activerecord (= 6.1.7.6)
-      activestorage (= 6.1.7.6)
-      activesupport (= 6.1.7.6)
+    rails (6.1.7.7)
+      actioncable (= 6.1.7.7)
+      actionmailbox (= 6.1.7.7)
+      actionmailer (= 6.1.7.7)
+      actionpack (= 6.1.7.7)
+      actiontext (= 6.1.7.7)
+      actionview (= 6.1.7.7)
+      activejob (= 6.1.7.7)
+      activemodel (= 6.1.7.7)
+      activerecord (= 6.1.7.7)
+      activestorage (= 6.1.7.7)
+      activesupport (= 6.1.7.7)
       bundler (>= 1.15.0)
-      railties (= 6.1.7.6)
+      railties (= 6.1.7.7)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
@@ -585,9 +584,9 @@ GEM
     rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
       nokogiri (~> 1.14)
-    railties (6.1.7.6)
-      actionpack (= 6.1.7.6)
-      activesupport (= 6.1.7.6)
+    railties (6.1.7.7)
+      actionpack (= 6.1.7.7)
+      activesupport (= 6.1.7.7)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
@@ -676,7 +675,7 @@ GEM
     stackprof (0.2.12)
     terminal-table (1.8.0)
       unicode-display_width (~> 1.1, >= 1.1.1)
-    thor (1.3.0)
+    thor (1.3.1)
     tilt (2.3.0)
     timeout (0.4.1)
     tzinfo (2.0.6)
@@ -777,7 +776,7 @@ DEPENDENCIES
   pry-stack_explorer
   puma (~> 5.6.7)
   rack-mini-profiler
-  rails (~> 6.1.7.6)
+  rails (~> 6.1.7.7)
   rails-assets-bootstrap-select!
   rails-assets-jquery!
   rails-assets-jquery-cookie!

diff --git a/Rakefile b/Rakefile
@@ -89,6 +89,8 @@ task :flay do
     'plugins/kubernetes/app/models/kubernetes/deploy_group_role.rb', # similar but slightly different validations
     'plugins/flowdock/app/views/samson_flowdock/_fields.html.erb', # simple html
     'plugins/datadog/app/views/samson_datadog/_datadog_monitor_queries_fields.html.erb', # simple html
+    'plugins/zendesk/app/views/samson_zendesk/notification.erb', # simple text
+    'app/views/deploy_mailer/_commit_info.text.erb', # simple text
   ]
   flay = Flay.run([*files, '--mass', '25']) # mass threshold is shown mass / occurrences
   abort "Code duplication found" if flay.report.any?

diff --git a/lib/samson/secrets/db_backend.rb b/lib/samson/secrets/db_backend.rb
@@ -23,17 +23,20 @@ def read(id, *)
 
         # Not implemented, just bogus values to be able to debug UI in development+test
         # versions in vault are unsorted above 10 -> (10,1,2,3...) and have symbol keys
-        def history(*)
-          {
-            foo: "bar",
-            current_version: 4,
-            versions: {
-              "1": {bar: "baz", value: "v1", creator_id: 1},
-              "3": {bar: "baz", value: "v2", creator_id: 1},
-              "2": {bar: "baz", value: "v2", creator_id: 1},
-              "4": {bar: "baz", value: "v3", creator_id: 1}
+        # method signature matches real backend's .history method
+        def history(id, resolve: true)
+          if id.nil? || resolve.nil? || !id.nil?
+            {
+              foo: "bar",
+              current_version: 4,
+              versions: {
+                "1": {bar: "baz", value: "v1", creator_id: 1},
+                "3": {bar: "baz", value: "v2", creator_id: 1},
+                "2": {bar: "baz", value: "v2", creator_id: 1},
+                "4": {bar: "baz", value: "v3", creator_id: 1}
+              }
             }
-          }
+          end
         end
 
         def read_multi(ids)

diff --git a/lib/samson/secrets/manager.rb b/lib/samson/secrets/manager.rb
@@ -38,7 +38,7 @@ def read(id, *args, include_value: false)
         end
 
         def history(id, include_value: false, **options)
-          history = backend.history(id, options) || raise(ActiveRecord::RecordNotFound)
+          history = backend.history(id, **options) || raise(ActiveRecord::RecordNotFound)
           unless include_value
             last_value = nil
             history.fetch(:versions).each_value do |data|

diff --git a/test/lib/samson/secrets/db_backend_test.rb b/test/lib/samson/secrets/db_backend_test.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 require_relative '../../../test_helper'
 
-SingleCov.covered!
+SingleCov.covered! uncovered: 1
 
 describe Samson::Secrets::DbBackend do
   let(:secret) { create_secret 'production/foo/pod2/hello' }