Loading app/controllers/admin/application_settings_controller.rb +1 −0 Original line number Diff line number Diff line Loading @@ -86,6 +86,7 @@ def application_setting_params params[:application_setting][:import_sources]&.delete("") params[:application_setting][:restricted_visibility_levels]&.delete("") params[:application_setting].delete(:elasticsearch_aws_secret_access_key) if params[:application_setting][:elasticsearch_aws_secret_access_key].blank? # TODO Remove domain_blacklist_raw in APIv5 (See https://gitlab.com/gitlab-org/gitlab-foss/issues/67204) params.delete(:domain_blacklist_raw) if params[:domain_blacklist_file] params.delete(:domain_blacklist_raw) if params[:domain_blacklist] Loading ee/app/views/admin/application_settings/_elasticsearch_form.html.haml +3 −2 Original line number Diff line number Diff line Loading @@ -92,9 +92,10 @@ .form-text.text-muted = _('AWS Access Key. Only required if not using role instance credentials') - secret_access_key_label = @application_setting.elasticsearch_aws_secret_access_key.present? ? _('Enter new AWS Secret Access Key') : _('AWS Secret Access Key') .form-group = f.label :elasticsearch_aws_secret_access_key, _('AWS Secret Access Key'), class: 'label-bold' = f.password_field :elasticsearch_aws_secret_access_key, value: @application_setting.elasticsearch_aws_secret_access_key, class: 'form-control' = f.label :elasticsearch_aws_secret_access_key, secret_access_key_label, class: 'label-bold' = f.password_field :elasticsearch_aws_secret_access_key, autocomplete: 'new-password', class: 'form-control' .form-text.text-muted = _('AWS Secret Access Key. Only required if not using role instance credentials') Loading ee/changelogs/unreleased/security-aws-secret-key-2937.yml 0 → 100644 +5 −0 Original line number Diff line number Diff line --- title: Hide AWS secret on Admin Integration page merge_request: author: type: security ee/spec/controllers/admin/application_settings_controller_spec.rb +14 −0 Original line number Diff line number Diff line Loading @@ -50,6 +50,20 @@ expect(ApplicationSetting.current.elasticsearch_url).to contain_exactly(settings[:elasticsearch_url]) end context 'elasticsearch_aws_secret_access_key setting is blank' do let(:settings) do { elasticsearch_aws_access_key: 'elasticsearch_aws_access_key', elasticsearch_aws_secret_access_key: '' } end it 'does not update the elasticsearch_aws_secret_access_key setting' do expect { put :update, params: { application_setting: settings } } .not_to change { ApplicationSetting.current.reload.elasticsearch_aws_secret_access_key } end end shared_examples 'settings for licensed features' do it 'does not update settings when licensed feature is not available' do stub_licensed_features(feature => false) Loading ee/spec/views/admin/application_settings/_elasticsearch_form.html.haml_spec.rb 0 → 100644 +34 −0 Original line number Diff line number Diff line # frozen_string_literal: true require 'spec_helper' describe 'admin/application_settings/_elasticsearch_form' do set(:admin) { create(:admin) } let(:page) { Capybara::Node::Simple.new(rendered) } before do assign(:application_setting, application_setting) allow(view).to receive(:current_user) { admin } allow(view).to receive(:expanded) { true } end context 'when elasticsearch_aws_secret_access_key is not set' do let(:application_setting) { build(:application_setting) } it 'has field with "AWS Secret Access Key" label and no value' do render expect(rendered).to have_field('AWS Secret Access Key', type: 'password') expect(page.find_field('AWS Secret Access Key').value).to be_blank end end context 'when elasticsearch_aws_secret_access_key is set' do let(:application_setting) { build(:application_setting, elasticsearch_aws_secret_access_key: 'elasticsearch_aws_secret_access_key') } it 'has field with "Enter new AWS Secret Access Key" label and no value' do render expect(rendered).to have_field('Enter new AWS Secret Access Key', type: 'password') expect(page.find_field('Enter new AWS Secret Access Key').value).to be_blank end end end Loading
app/controllers/admin/application_settings_controller.rb +1 −0 Original line number Diff line number Diff line Loading @@ -86,6 +86,7 @@ def application_setting_params params[:application_setting][:import_sources]&.delete("") params[:application_setting][:restricted_visibility_levels]&.delete("") params[:application_setting].delete(:elasticsearch_aws_secret_access_key) if params[:application_setting][:elasticsearch_aws_secret_access_key].blank? # TODO Remove domain_blacklist_raw in APIv5 (See https://gitlab.com/gitlab-org/gitlab-foss/issues/67204) params.delete(:domain_blacklist_raw) if params[:domain_blacklist_file] params.delete(:domain_blacklist_raw) if params[:domain_blacklist] Loading
ee/app/views/admin/application_settings/_elasticsearch_form.html.haml +3 −2 Original line number Diff line number Diff line Loading @@ -92,9 +92,10 @@ .form-text.text-muted = _('AWS Access Key. Only required if not using role instance credentials') - secret_access_key_label = @application_setting.elasticsearch_aws_secret_access_key.present? ? _('Enter new AWS Secret Access Key') : _('AWS Secret Access Key') .form-group = f.label :elasticsearch_aws_secret_access_key, _('AWS Secret Access Key'), class: 'label-bold' = f.password_field :elasticsearch_aws_secret_access_key, value: @application_setting.elasticsearch_aws_secret_access_key, class: 'form-control' = f.label :elasticsearch_aws_secret_access_key, secret_access_key_label, class: 'label-bold' = f.password_field :elasticsearch_aws_secret_access_key, autocomplete: 'new-password', class: 'form-control' .form-text.text-muted = _('AWS Secret Access Key. Only required if not using role instance credentials') Loading
ee/changelogs/unreleased/security-aws-secret-key-2937.yml 0 → 100644 +5 −0 Original line number Diff line number Diff line --- title: Hide AWS secret on Admin Integration page merge_request: author: type: security
ee/spec/controllers/admin/application_settings_controller_spec.rb +14 −0 Original line number Diff line number Diff line Loading @@ -50,6 +50,20 @@ expect(ApplicationSetting.current.elasticsearch_url).to contain_exactly(settings[:elasticsearch_url]) end context 'elasticsearch_aws_secret_access_key setting is blank' do let(:settings) do { elasticsearch_aws_access_key: 'elasticsearch_aws_access_key', elasticsearch_aws_secret_access_key: '' } end it 'does not update the elasticsearch_aws_secret_access_key setting' do expect { put :update, params: { application_setting: settings } } .not_to change { ApplicationSetting.current.reload.elasticsearch_aws_secret_access_key } end end shared_examples 'settings for licensed features' do it 'does not update settings when licensed feature is not available' do stub_licensed_features(feature => false) Loading
ee/spec/views/admin/application_settings/_elasticsearch_form.html.haml_spec.rb 0 → 100644 +34 −0 Original line number Diff line number Diff line # frozen_string_literal: true require 'spec_helper' describe 'admin/application_settings/_elasticsearch_form' do set(:admin) { create(:admin) } let(:page) { Capybara::Node::Simple.new(rendered) } before do assign(:application_setting, application_setting) allow(view).to receive(:current_user) { admin } allow(view).to receive(:expanded) { true } end context 'when elasticsearch_aws_secret_access_key is not set' do let(:application_setting) { build(:application_setting) } it 'has field with "AWS Secret Access Key" label and no value' do render expect(rendered).to have_field('AWS Secret Access Key', type: 'password') expect(page.find_field('AWS Secret Access Key').value).to be_blank end end context 'when elasticsearch_aws_secret_access_key is set' do let(:application_setting) { build(:application_setting, elasticsearch_aws_secret_access_key: 'elasticsearch_aws_secret_access_key') } it 'has field with "Enter new AWS Secret Access Key" label and no value' do render expect(rendered).to have_field('Enter new AWS Secret Access Key', type: 'password') expect(page.find_field('Enter new AWS Secret Access Key').value).to be_blank end end end
