Modify to also encrypt if it's production, to smooth the transition

7ac8e894 · Ethan Urie · 126db264 · 7ac8e894 · 7ac8e894
Commit 7ac8e894 authored Dec 10, 2021 by Ethan Urie
Hide whitespace changes
Inline Side-by-side

Showing with 35 additions and 9 deletions

lib/gitlab/spamcheck/client.rb lib/gitlab/spamcheck/client.rb +2 -2

spec/lib/gitlab/spamcheck/client_spec.rb spec/lib/gitlab/spamcheck/client_spec.rb +33 -7

No files found.
--- a/lib/gitlab/spamcheck/client.rb
+++ b/lib/gitlab/spamcheck/client.rb
@@ -21,7 +21,7 @@ module Gitlab
        update: ::Spamcheck::Action::UPDATE
      }.freeze

-      URL_SCHEME_REGEX = %r{^grpc://|^tls://}
+      URL_SCHEME_REGEX = %r{^grpc://|^tls://}.freeze

      def initialize
        @endpoint_url = Gitlab::CurrentSettings.current_application_settings.spam_check_endpoint_url
@@ -99,7 +99,7 @@ module Gitlab
      end

      def client_creds(url)
-        if URI(url).scheme == 'tls'
+        if URI(url).scheme == 'tls' || Rails.env.production?
          GRPC::Core::ChannelCredentials.new(::Gitlab::X509::Certificate.ca_certs_bundle)
        else
          :this_channel_is_insecure

--- a/spec/lib/gitlab/spamcheck/client_spec.rb
+++ b/spec/lib/gitlab/spamcheck/client_spec.rb
@@ -33,11 +33,7 @@ RSpec.describe Gitlab::Spamcheck::Client do
  end

  describe 'url scheme' do
-    before do
-      allow_next_instance_of(::Spamcheck::SpamcheckService::Stub) do |instance|
-        allow(instance).to receive(:check_for_spam_issue).and_return(response)
-      end
-    end
+    let(:stub) { double(:spamcheck_stub, check_for_spam_issue: response) }

    context 'is tls  ' do
      let(:endpoint) { 'tls://spamcheck.example.com'}
@@ -45,7 +41,7 @@ RSpec.describe Gitlab::Spamcheck::Client do
      it 'uses secure connection' do
        expect(Spamcheck::SpamcheckService::Stub).to receive(:new).with(endpoint.sub(%r{^tls://}, ''),
                                                                               instance_of(GRPC::Core::ChannelCredentials),
-                                                                               anything)
+                                                                               anything).and_return(stub)
        subject
      end
    end
@@ -54,7 +50,37 @@ RSpec.describe Gitlab::Spamcheck::Client do
      it 'uses insecure connection' do
        expect(Spamcheck::SpamcheckService::Stub).to receive(:new).with(endpoint.sub(%r{^grpc://}, ''),
                                                                               :this_channel_is_insecure,
-                                                                               anything)
+                                                                               anything).and_return(stub)
+        subject
+      end
+    end
+  end
+
+  describe "Rails environment" do
+    let(:stub) { double(:spamcheck_stub, check_for_spam_issue: response) }
+
+    context "production" do
+      before do
+        allow(Rails.env).to receive(:production?).and_return(true)
+      end
+
+      it 'uses secure connection' do
+        expect(Spamcheck::SpamcheckService::Stub).to receive(:new).with(endpoint.sub(%r{^grpc://}, ''),
+                                                                        instance_of(GRPC::Core::ChannelCredentials),
+                                                                        anything).and_return(stub)
+        subject
+      end
+    end
+
+    context "not production" do
+      before do
+        allow(Rails.env).to receive(:production?).and_return(false)
+      end
+
+      it 'uses insecure connection' do
+        expect(Spamcheck::SpamcheckService::Stub).to receive(:new).with(endpoint.sub(%r{^grpc://}, ''),
+                                                                        :this_channel_is_insecure,
+                                                                        anything).and_return(stub)
        subject
      end
    end