Commit bbab7fd9 authored by Stan Hu's avatar Stan Hu

Coerce string object storage options to booleans

Admins that accidentally configure `use_iam_profile` or `path_style`
with string values (e.g. `"true"`) instead of boolean values would see
obscure unmarshaling errors in Workhorse. To avoid this trouble, coerce
these string values o boolean values.

Closes https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5588
parent 0d661320
---
title: Coerce string object storage options to booleans
merge_request: 39901
author:
type: fixed
......@@ -34,11 +34,11 @@ module ObjectStorage
end
def use_iam_profile?
credentials.fetch(:use_iam_profile, false)
Gitlab::Utils.to_boolean(credentials[:use_iam_profile], default: false)
end
def use_path_style?
credentials.fetch(:path_style, false)
Gitlab::Utils.to_boolean(credentials[:path_style], default: false)
end
def server_side_encryption
......
# frozen_string_literal: true
require 'fast_spec_helper'
require 'rspec-parameterized'
RSpec.describe ObjectStorage::Config do
using RSpec::Parameterized::TableSyntax
let(:region) { 'us-east-1' }
let(:bucket_name) { 'test-bucket' }
let(:path_style) { false }
let(:use_iam_profile) { false }
let(:credentials) do
{
provider: 'AWS',
aws_access_key_id: 'AWS_ACCESS_KEY_ID',
aws_secret_access_key: 'AWS_SECRET_ACCESS_KEY',
region: region,
path_style: path_style,
use_iam_profile: use_iam_profile
region: region
}
end
......@@ -52,6 +51,14 @@ RSpec.describe ObjectStorage::Config do
it { expect(subject.bucket).to eq(bucket_name) }
end
describe '#use_iam_profile' do
it { expect(subject.use_iam_profile?).to be false }
end
describe '#use_path_style' do
it { expect(subject.use_path_style?).to be false }
end
context 'with unconsolidated settings' do
describe 'consolidated_settings? returns false' do
it { expect(subject.consolidated_settings?).to be false }
......@@ -68,25 +75,47 @@ RSpec.describe ObjectStorage::Config do
end
end
context 'with IAM profile in use' do
let(:use_iam_profile) { true }
it '#use_iam_profile? returns true' do
expect(subject.use_iam_profile?).to be true
context 'with IAM profile configured' do
where(:value, :expected) do
true | true
"true" | true
"yes" | true
false | false
"false" | false
"no" | false
nil | false
end
with_them do
before do
credentials[:use_iam_profile] = value
end
context 'with IAM profile not in use' do
it '#use_iam_profile? returns false' do
expect(subject.use_iam_profile?).to be false
it 'coerces the value to a boolean' do
expect(subject.use_iam_profile?).to be expected
end
end
end
context 'with path style' do
let(:path_style) { true }
context 'with path style configured' do
where(:value, :expected) do
true | true
"true" | true
"yes" | true
false | false
"false" | false
"no" | false
nil | false
end
it '#use_path_style? returns true' do
expect(subject.use_path_style?).to be true
with_them do
before do
credentials[:path_style] = value
end
it 'coerces the value to a boolean' do
expect(subject.use_path_style?).to be expected
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment